[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*


oval:org.secpod.oval:def:603184
Tobias Schneider discovered that libspring-ldap-java, a Java library for Spring-based applications using the Lightweight Directory Access Protocol, would under some circumstances allow authentication with a correct username but an arbitrary password.

oval:org.secpod.oval:def:2001572
rubyzip gem rubyzip version 1.2.1 and earlier contains a Directory Traversal vulnerability in Zip::File component that can result in write arbitrary files to the filesystem. This attack appear to be exploitable via If a site allows uploading of .zip files , an attacker can upload a malicious file th ...

oval:org.secpod.oval:def:603244
Josef Gajdusek discovered that OpenOCD, a JTAG debugger for ARM and MIPS, was vulnerable to Cross Protocol Scripting attacks. An attacker could craft a HTML page that, when visited by a victim running OpenOCD, could execute arbitrary commands on the victims host. This fix also sets the OpenOCD defau ...

oval:org.secpod.oval:def:53233
Josef Gajdusek discovered that OpenOCD, a JTAG debugger for ARM and MIPS, was vulnerable to Cross Protocol Scripting attacks. An attacker could craft a HTML page that, when visited by a victim running OpenOCD, could execute arbitrary commands on the victims host. This fix also sets the OpenOCD defau ...

oval:org.secpod.oval:def:602485
Several vulnerabilities were discovered in tardiff, a tarball comparison tool. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2015-0857 Rainer Mueller and Florian Weimer discovered that tardiff is prone to shell command injections via shell meta-characters in ...

oval:org.secpod.oval:def:52443
tiff: Tag Image File Format library Details: USN-2553-1 fixed vulnerabilities in LibTIFF. One of the security fixes caused a regression when saving certain TIFF files with a Predictor tag. The problematic patch has been temporarily backed out until a more complete fix is available. We apologize for ...

oval:org.secpod.oval:def:51993
firefox: Mozilla Open Source web browser Details: USN-3544-1 fixed vulnerabilities in Firefox. The update caused a web compatibility regression and a tab crash during printing in some circumstances. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3544-1 cause ...

oval:org.secpod.oval:def:51946
firefox: Mozilla Open Source web browser Details: USN-3477-1 fixed vulnerabilities in Firefox. The update caused search suggestions to not be displayed when performing Google searches from the search bar. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3477-1 ...

oval:org.secpod.oval:def:52495
strongswan: IPsec VPN solution strongSwan could be made to expose sensitive information over the network.

oval:org.secpod.oval:def:602087
It was discovered that the fix for CVE-2013-4422 in quassel, a distributed IRC client, was incomplete. This could allow remote attackers to inject SQL queries after a database reconnection .

oval:org.secpod.oval:def:24884
Alexander E. Patrakov discovered an issue in strongSwan, an IKE/IPsec suite used to establish IPsec protected links. When an IKEv2 client authenticates the server with certificates and the client authenticates itself to the server using pre-shared key or EAP, the constraints on the server certificat ...

oval:org.secpod.oval:def:602090
Kostya Kortchinsky of the Google Security Team discovered a flaw in the DER parser used to decode SSL/TLS certificates in suricata. A remote attacker can take advantage of this flaw to cause suricata to crash.

oval:org.secpod.oval:def:2001518
In Mercurial before 4.4.1, it is possible that a specially malformed repository can cause Git subrepositories to run arbitrary code in the form of a .git/hooks/post-update script checked into the repository. Typical use of Mercurial prevents construction of such repositories, but they can be created ...

oval:org.secpod.oval:def:603505
Michael Kaczmarczik discovered a vulnerability in the web interface template editing function of Sympa, a mailing list manager. Owner and listmasters could use this flaw to create or modify arbitrary files in the server with privileges of sympa user or owner view list config files even if edit_list. ...

oval:org.secpod.oval:def:602379
Alexander Izmailov discovered that didiwiki, a wiki implementation, failed to correctly validate user-supplied input, thus allowing a malicious user to access any part of the filesystem.

oval:org.secpod.oval:def:47283
The host is installed with 7-zip before 18.0 and is prone to multiple memory corruption vulnerabilities. A flaw is present in the application, which fails to handle a crafted RAR archive. Successful exploitation could allow remote attackers to crash the service.

oval:org.secpod.oval:def:50303
The host is missing a security update according to Apple advisory, APPLE-SA-2019-1-22-2. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle unspecified vectors. Successful exploitation could allow attackers to cause memory ...

oval:org.secpod.oval:def:54409
rssh: Restricted shell allowing scp, sftp, cvs, svn, rsync or rdist rssh could be made to run arbitrary commands if it received specially crafted input.

oval:org.secpod.oval:def:54107
gpac: GPAC Project on Advanced Content GPAC could be made to crash or run programs as your login if it opened a specially crafted file.

oval:org.secpod.oval:def:33739
quagga: BGP/OSPF/RIP routing daemon Quagga could be made to crash or run programs if it received specially crafted network traffic.

oval:org.secpod.oval:def:1502089
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502088
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:603237
Philip Huppert discovered the Shibboleth service provider is vulnerable to impersonation attacks and information disclosure due to mishandling of DTDs in the XMLTooling XML parsing library. For additional details please refer to the upstream advisory at https://shibboleth.net/community/advisories/se ...

oval:org.secpod.oval:def:1801276
CVE-2018-19968: Local file inclusion through transformation feature.¶ A flaw has been found where an attacker can exploit phpMyAdmin to leak the contents of a local file. The attacker must have access to the phpMyAdmin Configuration Storage tables, although these can easily be created in any da ...

oval:org.secpod.oval:def:1801558
A vulnerability was found in popd. It can be tricked to free a user supplied address in the following way: $ popd +-111111 This could be used to bypass restricted shells on some environments to cause use-after-free.

oval:org.secpod.oval:def:1800881
A number of security vulnerabilities in the Graphite 2 library including out-of-bounds reads, buffer overflow reads and writes, and the use of uninitialized memory. These issues were addressed in Graphite 2 version 1.3.10.

oval:org.secpod.oval:def:115202
The kernel meta package

oval:org.secpod.oval:def:51895
bind9: Internet Domain Name Server Details: USN-3346-1 fixed vulnerabilities in Bind. The fix for CVE-2017-3142 introduced a regression in the ability to receive an AXFR or IXFR in the case where TSIG is used and not every message is signed. This update fixes the problem. In addition, this update ad ...

oval:org.secpod.oval:def:603475
Multiple vulnerabilities have been found in the Symfony PHP framework which could lead to open redirects, cross-site request forgery, information disclosure, session fixation or denial of service.

oval:org.secpod.oval:def:53386
Multiple vulnerabilities have been found in the Symfony PHP framework which could lead to open redirects, cross-site request forgery, information disclosure, session fixation or denial of service.

oval:org.secpod.oval:def:603265
Lalith Rallabhandi discovered that OmniAuth, a Ruby library for implementing multi-provider authentication in web applications, mishandled and leaked sensitive information. An attacker with access to the callback environment, such as in the case of a crafted web application, can request authenticati ...

oval:org.secpod.oval:def:53247
Lalith Rallabhandi discovered that OmniAuth, a Ruby library for implementing multi-provider authentication in web applications, mishandled and leaked sensitive information. An attacker with access to the callback environment, such as in the case of a crafted web application, can request authenticati ...

oval:org.secpod.oval:def:1600953
It was found that a specially crafted search query could lead to excessive CPU consumption in the do_search function. An unauthenticated attacker could use this flaw to provoke a denial of service.

oval:org.secpod.oval:def:602189
Several vulnerabilities have been found in Wordpress, the popular blogging engine. CVE-2015-3429 The file example.html in the Genericicons icon font package and twentyfifteen Wordpress theme allowed for cross site scripting. CVE-2015-5622 The robustness of the shortcodes HTML tags filter has been im ...

oval:org.secpod.oval:def:602186
The security update for wordpress in DSA 3328 contained a regression. The patch for issue CVE-2015-5622 was faulty. A new package version has been released that backs this patch out pending resolution of the problem.

oval:org.secpod.oval:def:1800992
Memcached version 1.5.5 contains an Insufficient Control of Network Message Volume vulnerability in the UDP support of the memcached server that can result in denial of service via network flood . This attack appear to be exploitable via network connectivity to port 11211 UDP. Fixed In Version:&par ...

oval:org.secpod.oval:def:1800996
Memcached version 1.5.5 contains an Insufficient Control of Network Message Volume vulnerability in the UDP support of the memcached server that can result in denial of service via network flood . This attack appear to be exploitable via network connectivity to port 11211 UDP. Fixed In Version:&par ...

oval:org.secpod.oval:def:1800997
Memcached version 1.5.5 contains an Insufficient Control of Network Message Volume vulnerability in the UDP support of the memcached server that can result in denial of service via network flood . This attack appear to be exploitable via network connectivity to port 11211 UDP. Fixed In Version:&par ...

oval:org.secpod.oval:def:1800885
CVE-2016-2120: Crafted zone record can cause a denial of service Affects: PowerDNS Authoritative Server up to and including 3.4.10, 4.0.1Not affected: PowerDNS Authoritative Server 3.4.11, 4.0.2 Reference Patches CVE-2016-7068: Crafted queries can cause abnormal CPU usage Affects: PowerDNS Authorita ...

oval:org.secpod.oval:def:1800859
A vulnerability exists in Mosquitto versions 0.15 to 1.4.11. Pattern based ACLs can be bypassed by clients that set their username/client id to # or +. This allows locally or remotely connected clients to access MQTT topics that they do have the rights to. The same issue may be present in third part ...

oval:org.secpod.oval:def:1800943
CVE-2018-6758: The uwsgi_expand_path function in core/utils.c in Unbit uWSGI through 2.0.15 has a stack-based buffer overflow via a large directory length.

oval:org.secpod.oval:def:1800949
CVE-2018-6758: The uwsgi_expand_path function in core/utils.c in Unbit uWSGI through 2.0.15 has a stack-based buffer overflow via a large directory length.

oval:org.secpod.oval:def:1800951
CVE-2018-7490: uwsgi before 2.0.17 mishandles a DOCUMENT_ROOT check during use of the --php-docroot option, allowing directory traversal. Fixed In Version:¶ uwsgi 2.0.17

oval:org.secpod.oval:def:1800923
CVE-2018-6758: The uwsgi_expand_path function in core/utils.c in Unbit uWSGI through 2.0.15 has a stack-based buffer overflow via a large directory length.

oval:org.secpod.oval:def:1801080
CVE-2018-14349: Heap Overflow in imap/command.c¶ Fixed In Version:¶ mutt 1.10.1

oval:org.secpod.oval:def:1801082
CVE-2018-14349: Heap Overflow in imap/command.c¶ Fixed In Version:¶ mutt 1.10.1

oval:org.secpod.oval:def:1801083
CVE-2018-14349: Heap Overflow in imap/command.c¶ Fixed In Version:¶ mutt 1.10.1

oval:org.secpod.oval:def:1801084
CVE-2018-14349: Heap Overflow in imap/command.c¶ Fixed In Version:¶ mutt 1.10.1

oval:org.secpod.oval:def:1801093
CVE-2017-18187: Bounds-check bypass via integer overflow in ssl_srv.c:ssl_parse_client_psk_identity¶ In ARM mbed TLS before 2.7.0, there is a bounds-check bypass through an integer overflow in PSK identity parsing in the ssl_parse_client_psk_identity function in library/ssl_srv.c. Fixed In Vers ...

oval:org.secpod.oval:def:1801085
CVE-2017-18187: Bounds-check bypass via integer overflow in ssl_srv.c:ssl_parse_client_psk_identity¶ In ARM mbed TLS before 2.7.0, there is a bounds-check bypass through an integer overflow in PSK identity parsing in the ssl_parse_client_psk_identity function in library/ssl_srv.c. Fixed In Vers ...

oval:org.secpod.oval:def:1600811
Privilege escalation flaws were found in the initialization scripts of PostgreSQL. A remote attacker with access to the postgres user account could use these flaws to obtain root access on the server machine.Invalid json_populate_recordset or jsonb_populate_recordset function calls in PostgreSQL can ...

oval:org.secpod.oval:def:1600812
Privilege escalation flaws were found in the initialization scripts of PostgreSQL. A remote attacker with access to the postgres user account could use these flaws to obtain root access on the server machine.INSERT ... ON CONFLICT DO UPDATE commands in PostgreSQL disclose table contents that the inv ...

oval:org.secpod.oval:def:1800286
CVE-2017-12172: Start scripts permit database administrator to modify root-owned files CVE-2017-15098: Memory disclosure in JSON functions CVE-2017-15099: INSERT ... ON CONFLICT DO UPDATE fails to enforce SELECT privileges Fixed In: postgresql 9.2.24, postgresql 9.3.20, postgresql 9.4.15, postgresql ...

oval:org.secpod.oval:def:1800769
CVE-2017-12172: Start scripts permit database administrator to modify root-owned files CVE-2017-15098: Memory disclosure in JSON functions CVE-2017-15099: INSERT ... ON CONFLICT DO UPDATE fails to enforce SELECT privileges Fixed In postgresql 9.2.24, postgresql 9.3.20, postgresql 9.4.15, postgresql ...

oval:org.secpod.oval:def:1800777
CVE-2017-12172: Start scripts permit database administrator to modify root-owned files CVE-2017-15098: Memory disclosure in JSON functions CVE-2017-15099: INSERT ... ON CONFLICT DO UPDATE fails to enforce SELECT privileges Fixed In: postgresql 9.2.24, postgresql 9.3.20, postgresql 9.4.15, postgresql ...

oval:org.secpod.oval:def:33747
The host is installed with PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7 or 9.4.x before 9.4.2 and is prone to a double free vulnerability. A flaw is present in the application, which fails to properly handle session shutdown sequence. Successful exploitation ...

oval:org.secpod.oval:def:1800108
CVE-2017-5470: Memory safety bugs CVE-2017-5472: Use-after-free using destroyed node when regenerating trees CVE-2017-7749: Use-after-free during docshell reloading CVE-2017-7750: Use-after-free with track elements CVE-2017-7751: Use-after-free with content viewer listeners CVE-2017-7752: Use-after- ...

oval:org.secpod.oval:def:602558
Yves Younan of Cisco Talos discovered several vulnerabilities in the MXit protocol support in pidgin, a multi-protocol instant messaging client. A remote attacker can take advantage of these flaws to cause a denial of service , overwrite files, information disclosure, or potentially to execute arbit ...

oval:org.secpod.oval:def:1800545
An out-of-bounds write vulnerability was found in purple_markup_unescape_entity. It can be triggered by sending invalid XMLentities separated by whitespace, eg "ஸ". In default installation, this can get called only when receiving data from a server. Fixed In Version pidgin 2.12.0

oval:org.secpod.oval:def:602812
It was discovered a vulnerability in Pidgin, a multi-protocol instant messaging client. A server controlled by an attacker can send an invalid XML that can trigger an out-of-bound memory access. This might lead to a crash or, in some extreme cases, to remote code execution in the client-side.

oval:org.secpod.oval:def:1800857
An out-of-bounds write vulnerability was found in purple_markup_unescape_entity. It can be triggered by sending invalid XML entities separated by whitespace, eg "ஸ". In default installation, this can get called only when receiving data from a server. Fixed In Version: pidgin 2.12.0

oval:org.secpod.oval:def:43534
The host is installed with Wireshark 2.4.0 to 2.4.3 or 2.2.0 to 2.2.11 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to properly handle exceptional conditions. Successful exploitation allows attackers to cause an application crash.

oval:org.secpod.oval:def:43533
The host is installed with Wireshark 2.4.0 to 2.4.3 or 2.2.0 to 2.2.11 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to properly handle the WCP dissector issue. Successful exploitation allows attackers to cause an application crash.

oval:org.secpod.oval:def:43532
The host is installed with Wireshark 2.4.0 to 2.4.3 or 2.2.0 to 2.2.11 and is prone to multiple denial of service vulnerabilities. The flaws are present in the application, which fails to properly handle the JSON, XML, NTP, XMPP, and GDB dissector issues. Successful exploitation allows attackers to ...

oval:org.secpod.oval:def:1800393
Buffer overflow in the DecodeAdpcmImaQT function in modules/codec/adpcm.c in VideoLAN VLC media player before 2.2.4 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted QuickTime IMA file.

oval:org.secpod.oval:def:602530
Patrick Coleman discovered that missing input sanitising in the ADPCM decoder of the VLC media player may result in the execution of arbitrary code if a malformed media file is opened.

oval:org.secpod.oval:def:2000552
In OpenCV 3.3.1, a heap-based buffer overflow happens in cv::Jpeg2KDecoder::readComponent8u in modules/imgcodecs/src/grfmt_jpeg2000.cpp when parsing a crafted image file.

oval:org.secpod.oval:def:2000469
In opencv/modules/imgcodecs/src/grfmt_pxm.cpp, function ReadNumber did not checkout the input length, which lead to integer overflow. If the image is from remote, may lead to remote code execution or denial of service. This affects Opencv 3.3 and earlier.

oval:org.secpod.oval:def:2000343
OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds write error in the function FillColorRow4 in utils.cpp when reading an image file by using cv::imread.

oval:org.secpod.oval:def:2001626
OpenCV (Open Source Computer Vision Library) through 3.3 has an invalid write in the cv::RLByteStream::getBytes function in modules/imgcodecs/src/bitstrm.cpp when reading an image file by using cv::imread, as demonstrated by the 2-opencv-heapoverflow-fseek test case.

oval:org.secpod.oval:def:2001544
OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds read error in the function icvCvt_BGRA2BGR_8u_C4C3R when reading an image file by using cv::imread

oval:org.secpod.oval:def:2000380
OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds read error in the function icvCvt_BGRA2BGR_8u_C4C3R when reading an image file by using cv::imread

oval:org.secpod.oval:def:2000575
OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds read error in the function icvCvt_BGRA2BGR_8u_C4C3R when reading an image file by using cv::imread

oval:org.secpod.oval:def:1600989
do_bid_note in readelf.c in libmagic.a has a stack-based buffer over-read, related to file_printf and file_vprintf. do_core_note in readelf.c in libmagic.a has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360 . do_core_note in readelf.c in libm ...

oval:org.secpod.oval:def:1801178
CVE-2017-15232: libjpeg-turbo 1.5.2 has a NULL Pointer Dereference in jdpostct.c and jquant1.c via a crafted JPEG file.

oval:org.secpod.oval:def:1801180
CVE-2017-15232: libjpeg-turbo 1.5.2 has a NULL Pointer Dereference in jdpostct.c and jquant1.c via a crafted JPEG file.

oval:org.secpod.oval:def:1801181
CVE-2017-15232: libjpeg-turbo 1.5.2 has a NULL Pointer Dereference in jdpostct.c and jquant1.c via a crafted JPEG file.

oval:org.secpod.oval:def:1801182
CVE-2018-1152: libjpeg-turbo 1.5.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted BMP image.

oval:org.secpod.oval:def:1801354
CVE-2018-20363: LibRaw::raw2image in libraw_cxx.cpp in LibRaw 0.19.1 has a NULL pointer dereference.

oval:org.secpod.oval:def:1600975
_XcursorThemeInherits in library.c in libXcursor allows remote attackers to cause denial of service or potentially code execution via a one-byte heap overflow

oval:org.secpod.oval:def:54402
advancecomp: collection of recompression utilities AdvanceCOMP could be made to run arbitrary code if it opened a specially crafted file.

oval:org.secpod.oval:def:54573
aria2: High speed command-line download utility aria2 stores authentication information in plain text.

oval:org.secpod.oval:def:54589
python-gnupg: Python wrapper for the GNU Privacy Guard Several security issues were fixed in python-gnupg

oval:org.secpod.oval:def:1600865
Authentication bypass in transport.pytransport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed befor ...

oval:org.secpod.oval:def:1800913
CVE-2016-10195: dns remote stack over read vulnerability; Fixed in libevent 2.1.6

oval:org.secpod.oval:def:1600951
There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot.h. A crafted input will lead to a remote denial of service attack.The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler allows remote attackers to cause a denial of service via a crafted PDF file, a ...

oval:org.secpod.oval:def:1801285
GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service by modifying a file that is supposed to be archived by a different user"s process .

oval:org.secpod.oval:def:1801286
GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service by modifying a file that is supposed to be archived by a different user"s process .

oval:org.secpod.oval:def:1801289
GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service by modifying a file that is supposed to be archived by a different user"s process .

oval:org.secpod.oval:def:24486
The host is installed with Google Chrome before 43.0.2357.65 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to handle stop action for an audio track. Successful exploitation could allow attackers to cause a denial of service (heap memory corruption ...

oval:org.secpod.oval:def:24487
The host is installed with Google Chrome before 43.0.2357.65 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to handle a crafted document. Successful exploitation could allow attackers to cause a denial of service or possibly have unspecified other ...

oval:org.secpod.oval:def:24489
The host is installed with Google Chrome before 43.0.2357.65 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to handle crafted JavaScript code that appends a child to a SCRIPT element, related to the insert and executeReparentTask functions. Success ...

oval:org.secpod.oval:def:24461
The host is installed with Google Chrome before 42.0.2311.135 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to handle a MutationObserver object that is not currently registered. Successful exploitation could allow attackers to cause a denial of se ...

oval:org.secpod.oval:def:24462
The host is installed with Google Chrome before 42.0.2311.135 and is prone to multiple unspecified vulnerabilities. The flaws are present in the application, which fails to handle unknown vectors. Successful exploitation could allow attackers to cause a denial of service or possibly have other impac ...

oval:org.secpod.oval:def:24463
The host is missing a high severity security update according to Google advisory. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle unknown vectors. Successful exploitation could allow attackers to execute arbitrary code or crash ...

oval:org.secpod.oval:def:24494
The host is installed with Google Chrome before 43.0.2357.65 and is prone to multiple use-after-free vulnerabilities. The flaws are present in the application, which fails to handle a crafted JavaScript code that executes upon completion of a getUserMedia request. Successful exploitation could allow ...

oval:org.secpod.oval:def:24495
The host is installed with Google Chrome before 43.0.2357.65 and is prone to multiple unspecified vulnerabilities. The flaws are present in the application, which fails to handle unknown vectors. Successful exploitation could allow attackers to cause a denial of service or possibly have other impact ...

oval:org.secpod.oval:def:24499
The host is installed with Google Chrome before 43.0.2357.65 and is prone to a denial of service vulnerability. A flaw is present in the application, which does not initialize a certain width field. Successful exploitation could allow attackers to cause a denial of service or possibly have unspecifi ...

oval:org.secpod.oval:def:24490
The host is installed with Google Chrome before 43.0.2357.65 and is prone to a security bypass vulnerability. A flaw is present in the application, which enables the inheritance of the designMode attribute. Successful exploitation could allow attackers to bypass the Same Origin Policy.

oval:org.secpod.oval:def:24491
The host is installed with Google Chrome before 43.0.2357.65 and is prone to a denial of service vulnerability. A flaw is present in the application, which does not properly handle an insufficient number of values in an feColorMatrix filter. Successful exploitation could allow attackers to cause a d ...

oval:org.secpod.oval:def:24500
The host is missing a high severity security update according to Google advisory. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted vectors. Successful exploitation could allow attackers to bypass security, execute arbitra ...

oval:org.secpod.oval:def:24899
The host is installed with Google Chrome before 42.0.2311.135 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to handle a MutationObserver object that is not currently registered. Successful exploitation could allow attackers to cause a denial of se ...

oval:org.secpod.oval:def:24917
The host is installed with Google Chrome before 43.0.2357.65 and is prone to a denial of service vulnerability. A flaw is present in the application, which does not properly handle an insufficient number of values in an feColorMatrix filter. Successful exploitation could allow attackers to cause a d ...

oval:org.secpod.oval:def:24918
The host is installed with Google Chrome before 43.0.2357.65 and is prone to a denial of service vulnerability. A flaw is present in the application, which does not properly handle an insufficient number of values in an feColorMatrix filter. Successful exploitation could allow attackers to cause a d ...

oval:org.secpod.oval:def:24910
The host is installed with Google Chrome before 43.0.2357.65 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to handle a crafted document. Successful exploitation could allow attackers to cause a denial of service or possibly have unspecified other ...

oval:org.secpod.oval:def:24913
The host is installed with Google Chrome before 43.0.2357.65 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to handle crafted JavaScript code that appends a child to a SCRIPT element, related to the insert and executeReparentTask functions. Success ...

oval:org.secpod.oval:def:24914
The host is installed with Google Chrome before 43.0.2357.65 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to handle crafted JavaScript code that appends a child to a SCRIPT element, related to the insert and executeReparentTask functions. Success ...

oval:org.secpod.oval:def:24915
The host is installed with Google Chrome before 43.0.2357.65 and is prone to a security bypass vulnerability. A flaw is present in the application, which enables the inheritance of the designMode attribute. Successful exploitation could allow attackers to bypass the Same Origin Policy.

oval:org.secpod.oval:def:24916
The host is installed with Google Chrome before 43.0.2357.65 and is prone to a security bypass vulnerability. A flaw is present in the application, which enables the inheritance of the designMode attribute. Successful exploitation could allow attackers to bypass the Same Origin Policy.

oval:org.secpod.oval:def:24907
The host is installed with Google Chrome before 43.0.2357.65 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to handle stop action for an audio track. Successful exploitation could allow attackers to cause a denial of service (heap memory corruption ...

oval:org.secpod.oval:def:24908
The host is installed with Google Chrome before 43.0.2357.65 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to handle stop action for an audio track. Successful exploitation could allow attackers to cause a denial of service (heap memory corruption ...

oval:org.secpod.oval:def:24909
The host is installed with Google Chrome before 43.0.2357.65 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to handle a crafted document. Successful exploitation could allow attackers to cause a denial of service or possibly have unspecified other ...

oval:org.secpod.oval:def:24900
The host is installed with Google Chrome before 42.0.2311.135 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to handle a MutationObserver object that is not currently registered. Successful exploitation could allow attackers to cause a denial of se ...

oval:org.secpod.oval:def:24901
The host is installed with Google Chrome before 42.0.2311.135 and is prone to multiple unspecified vulnerabilities. The flaws are present in the application, which fails to handle unknown vectors. Successful exploitation could allow attackers to cause a denial of service or possibly have other impac ...

oval:org.secpod.oval:def:24902
The host is installed with Google Chrome before 42.0.2311.135 and is prone to multiple unspecified vulnerabilities. The flaws are present in the application, which fails to handle unknown vectors. Successful exploitation could allow attackers to cause a denial of service or possibly have other impac ...

oval:org.secpod.oval:def:24903
The host is missing a high severity security update according to Google advisory. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle unknown vectors. Successful exploitation could allow attackers to execute arbitrary code or crash ...

oval:org.secpod.oval:def:24904
The host is missing a high severity security update according to Google advisory. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle unknown vectors. Successful exploitation could allow attackers to execute arbitrary code or crash ...

oval:org.secpod.oval:def:24933
The host is installed with Google Chrome before 43.0.2357.65 and is prone to a denial of service vulnerability. A flaw is present in the application, which does not initialize a certain width field. Successful exploitation could allow attackers to cause a denial of service or possibly have unspecifi ...

oval:org.secpod.oval:def:24934
The host is installed with Google Chrome before 43.0.2357.65 and is prone to a denial of service vulnerability. A flaw is present in the application, which does not initialize a certain width field. Successful exploitation could allow attackers to cause a denial of service or possibly have unspecifi ...

oval:org.secpod.oval:def:24935
The host is missing a high severity security update according to Google advisory. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted vectors. Successful exploitation could allow attackers to bypass security, execute arbitra ...

oval:org.secpod.oval:def:24936
The host is missing a high severity security update according to Google advisory. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted vectors. Successful exploitation could allow attackers to bypass security, execute arbitra ...

oval:org.secpod.oval:def:24923
The host is installed with Google Chrome before 43.0.2357.65 and is prone to multiple use-after-free vulnerabilities. The flaws are present in the application, which fails to handle a crafted JavaScript code that executes upon completion of a getUserMedia request. Successful exploitation could allow ...

oval:org.secpod.oval:def:24924
The host is installed with Google Chrome before 43.0.2357.65 and is prone to multiple use-after-free vulnerabilities. The flaws are present in the application, which fails to handle a crafted JavaScript code that executes upon completion of a getUserMedia request. Successful exploitation could allow ...

oval:org.secpod.oval:def:24925
The host is installed with Google Chrome before 43.0.2357.65 and is prone to multiple unspecified vulnerabilities. The flaws are present in the application, which fails to handle unknown vectors. Successful exploitation could allow attackers to cause a denial of service or possibly have other impact ...

oval:org.secpod.oval:def:24926
The host is installed with Google Chrome before 43.0.2357.65 and is prone to multiple unspecified vulnerabilities. The flaws are present in the application, which fails to handle unknown vectors. Successful exploitation could allow attackers to cause a denial of service or possibly have other impact ...

oval:org.secpod.oval:def:1600992
A memory leak was discovered in the way Squid handles SNMP denied queries. A remote attacker may use this flaw to exhaust the resources on the server machine

oval:org.secpod.oval:def:51142
texlive-bin: TeX Live: path search library for TeX Several security issues were fixed in Tex Live.

oval:org.secpod.oval:def:704346
texlive-bin: TeX Live: path search library for TeX Several security issues were fixed in Tex Live.

oval:org.secpod.oval:def:1600863
Stack-based buffer under-read in ext/standard/http_fopen_wrapper.c:php_stream_url_wrap_http_ex function when parsing HTTP response allows denial of serviceIn PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and 7.2.x through 7.2.2, there is a stack-based buffer under-read while parsing ...

oval:org.secpod.oval:def:1600861
Stack-based buffer under-read in ext/standard/http_fopen_wrapper.c:php_stream_url_wrap_http_ex function when parsing HTTP response allows denial of service:In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and 7.2.x through 7.2.2, there is a stack-based buffer under-read while parsin ...

oval:org.secpod.oval:def:54584
It was discovered that a buffer overflow in the RTSP parser of the GStreamer media framework may result in the execution of arbitrary code if a malformed RSTP stream is opened.

oval:org.secpod.oval:def:1801298
spice versions 0.5.2 through 0.14.1 are vulnerable to an out-of-bounds read due to an off-by-one error in memslot_get_virt. This may lead to a denial-of-service, or, in the worst case, code-execution by unauthenticated attackers. Fixed In Version:¶ spice 0.14.2

oval:org.secpod.oval:def:1801353
spice versions 0.5.2 through 0.14.1 are vulnerable to an out-of-bounds read due to an off-by-one error in memslot_get_virt. This may lead to a denial-of-service, or, in the worst case, code-execution by unauthenticated attackers. Fixed In Version:¶ spice 0.14.2

oval:org.secpod.oval:def:1801304
spice versions 0.5.2 through 0.14.1 are vulnerable to an out-of-bounds read due to an off-by-one error in memslot_get_virt. This may lead to a denial-of-service, or, in the worst case, code-execution by unauthenticated attackers. Fixed In Version:¶ spice 0.14.2

oval:org.secpod.oval:def:1801305
spice versions 0.5.2 through 0.14.1 are vulnerable to an out-of-bounds read due to an off-by-one error in memslot_get_virt. This may lead to a denial-of-service, or, in the worst case, code-execution by unauthenticated attackers. Fixed In Version:¶ spice 0.14.2

oval:org.secpod.oval:def:1801262
CVE-2018-12900: Heap-based buffer overflow in the cpSeparateBufToContigBuf function resulting in a denial of service¶ Heap-based buffer overflow in the cpSeparateBufToContigBuf function in tiffcp.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service or possibly have unspecifi ...

oval:org.secpod.oval:def:1801264
CVE-2018-12900: Heap-based buffer overflow in the cpSeparateBufToContigBuf function resulting in a denial of service¶ Heap-based buffer overflow in the cpSeparateBufToContigBuf function in tiffcp.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service or possibly have unspecifi ...

oval:org.secpod.oval:def:1801265
CVE-2018-12900: Heap-based buffer overflow in the cpSeparateBufToContigBuf function resulting in a denial of service¶ Heap-based buffer overflow in the cpSeparateBufToContigBuf function in tiffcp.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service or possibly have unspecifi ...

oval:org.secpod.oval:def:2000209
In WordPress before 4.9.9 and 5.x before 5.0.1, contributors could modify new comments made by users with greater privileges, possibly causing XSS.

oval:org.secpod.oval:def:47539
The host is installed with OpenAFS before 1.6.2300 and is prone to an information disclosure vulnerability. The flaw is present in the application, which fails to handle RPC server routines. Successful exploitation allow attackers to perform information leakage.

oval:org.secpod.oval:def:47538
The host is installed with OpenAFS before 1.6.2300 and is prone to an arbitrary code execution vulnerability. The flaw is present in the application, which fails to handle the authentication of incoming RPCs. Successful exploitation allow remote attackers to replace any volume's content with arbitra ...

oval:org.secpod.oval:def:47540
The host is installed with OpenAFS before 1.6.2300 and is prone to a denial of service vulnerability. The flaw is present in the application, which fails to handle an excess resource consumption issue. Successful exploitation allow attackers to send, or claim to send, large input values and consume ...

oval:org.secpod.oval:def:1801170
In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP message with a double "To" header and an empty "To" tag causes a segmentation fault and crash. The reason is missing input validation in the "build_res_buf_from_sip_req" core function. This could result in denial of service and potential ...

oval:org.secpod.oval:def:1801163
In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP message with a double "To" header and an empty "To" tag causes a segmentation fault and crash. The reason is missing input validation in the "build_res_buf_from_sip_req" core function. This could result in denial of service and potential ...

oval:org.secpod.oval:def:603482
Henning Westerholt discovered a flaw related to the To header processing in kamailio, a very fast, dynamic and configurable SIP server. Missing input validation in the build_res_buf_from_sip_req function could result in denial of service and potentially the execution of arbitrary code.

oval:org.secpod.oval:def:53391
Henning Westerholt discovered a flaw related to the To header processing in kamailio, a very fast, dynamic and configurable SIP server. Missing input validation in the build_res_buf_from_sip_req function could result in denial of service and potentially the execution of arbitrary code.

oval:org.secpod.oval:def:1801555
In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP message with a double "To" header and an empty "To" tag causes a segmentation fault and crash. The reason is missing input validation in the "build_res_buf_from_sip_req" core function. This could result in denial of service and potential ...

oval:org.secpod.oval:def:1801543
In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP message with a double "To" header and an empty "To" tag causes a segmentation fault and crash. The reason is missing input validation in the "build_res_buf_from_sip_req" core function. This could result in denial of service and potential ...

oval:org.secpod.oval:def:50316
The host is missing a security update according to Apple advisory, APPLE-SA-2019-1-22-6. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle crafted web content. Successful exploitation could allow attackers to perform arbi ...

oval:org.secpod.oval:def:603545
Three vulnerabilities were discovered in the Open Ticket Request System which could result in privilege escalation or denial of service.

oval:org.secpod.oval:def:1600956
An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one chara ...

oval:org.secpod.oval:def:1801253
CVE-2018-16843: Excessive memory consumption via flaw in HTTP/2 implementation¶ Affected Versions:¶ nginx 1.9.5 - 1.15.5. Fixed In Version:¶ nginx 1.15.6, nginx 1.14.1

oval:org.secpod.oval:def:1801255
CVE-2018-16843: Excessive memory consumption via flaw in HTTP/2 implementation¶ Affected Versions:¶ nginx 1.9.5 - 1.15.5. Fixed In Version:¶ nginx 1.15.6, nginx 1.14.1

oval:org.secpod.oval:def:1801104
CVE-2017-9935: In LibTIFF 4.0.8, there is a heap-based buffer overflow in the t2p_write_pdf function in tools/tiff2pdf.c. This heap overflow could lead to different damages. For example, a crafted TIFF document can lead to an out-of-bounds read in TIFFCleanup, an invalid free in TIFFClose or t2p_fre ...

oval:org.secpod.oval:def:1801105
CVE-2017-9935: In LibTIFF 4.0.8, there is a heap-based buffer overflow in the t2p_write_pdf function in tools/tiff2pdf.c. This heap overflow could lead to different damages. For example, a crafted TIFF document can lead to an out-of-bounds read in TIFFCleanup, an invalid free in TIFFClose or t2p_fre ...

oval:org.secpod.oval:def:1801106
CVE-2017-9935: In LibTIFF 4.0.8, there is a heap-based buffer overflow in the t2p_write_pdf function in tools/tiff2pdf.c. This heap overflow could lead to different damages. For example, a crafted TIFF document can lead to an out-of-bounds read in TIFFCleanup, an invalid free in TIFFClose or t2p_fre ...

oval:org.secpod.oval:def:1801107
CVE-2017-9935: In LibTIFF 4.0.8, there is a heap-based buffer overflow in the t2p_write_pdf function in tools/tiff2pdf.c. This heap overflow could lead to different damages. For example, a crafted TIFF document can lead to an out-of-bounds read in TIFFCleanup, an invalid free in TIFFClose or t2p_fre ...

oval:org.secpod.oval:def:1800959
In LibTIFF 4.0.9, there is an uncontrolled resource consumption in the TIFFSetDirectory function of tif_dir.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tif file. This occurs because the declared number of directory entries is not validated against ...

oval:org.secpod.oval:def:1800956
In LibTIFF 4.0.9, there is an uncontrolled resource consumption in the TIFFSetDirectory function of tif_dir.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tif file. This occurs because the declared number of directory entries is not validated against ...

oval:org.secpod.oval:def:1800957
In LibTIFF 4.0.9, there is an uncontrolled resource consumption in the TIFFSetDirectory function of tif_dir.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tif file. This occurs because the declared number of directory entries is not validated against ...

oval:org.secpod.oval:def:43087
The host is installed with Google Chrome before 63.0.3239.84 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:43088
The host is installed with Google Chrome before 63.0.3239.84 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:43062
The host is installed with Google Chrome before 63.0.3239.84 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:1600832
Transmission relies on X-Transmission-Session-Id for access control, which allows remote attackers to execute arbitrary RPC commands, and consequently write to arbitrary files, via POST requests to /transmission/rpc in conjunction with a DNS rebinding attack

oval:org.secpod.oval:def:43598
Mozilla Firefox ESR before 52.6 or Thunderbird before 52.6 :- A use-after-free vulnerability can occur while editing events in form elements on a page, resulting in a potentially exploitable crash.

oval:org.secpod.oval:def:43620
The host is missing a critical security update according to Mozilla advisory, MFSA2018-03. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ...

oval:org.secpod.oval:def:43778
The host is missing a critical security update according to Mozilla advisory, MFSA2018-04. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ...

oval:org.secpod.oval:def:1600848
Buffer overflow in b64decode function, possibly leading to remote code execution:An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. By sending a handcrafted message, a buffer overflow may happen. This can be used to execute code remotely

oval:org.secpod.oval:def:1600840
Infinite loop issue triggered by invalid OPEN message allows denial-of-serviceAn infinite loop vulnerability was discovered in Quagga. A BGP peer could send specially crafted packets that would cause the daemon to enter an infinite loop, denying service and consuming CPU until it is restarted.Double ...

oval:org.secpod.oval:def:1600930
The Squid Software Foundation Squid HTTP Caching Proxy contains a NULL Pointer Dereference vulnerability in HTTP Response X-Forwarded-For header processing that can result in Denial of Service to all clients of the proxy. This attack appear to be exploitable via Remote HTTP server responding with an ...

oval:org.secpod.oval:def:1800289
CVE-2018-1000024: Incorrect pointer handling when processing ESI Responses can lead to denial of service. Due to incorrect pointer handling, Squid versions 3.x and 4.x are vulnerable to a denial of service attack when processing ESI responses. This problem allows a remote server delivering certain ...

oval:org.secpod.oval:def:1800865
CVE-2018-1000024: Incorrect pointer handling when processing ESI Responses can lead to denial of service¶ Due to incorrect pointer handling, Squid versions 3.x and 4.x are vulnerable to a denial of service attack when processing ESI responses. This problem allows a remote server delivering ce ...

oval:org.secpod.oval:def:603292
Kelby Ludwig and Scott Cantor discovered that the Shibboleth service provider is vulnerable to impersonation attacks and information disclosure due to incorrect XML parsing. For additional details please refer to the upstream advisory at https://shibboleth.net/community/advisories/secadv_20180227.tx ...

oval:org.secpod.oval:def:53263
Kelby Ludwig and Scott Cantor discovered that the Shibboleth service provider is vulnerable to impersonation attacks and information disclosure due to incorrect XML parsing. For additional details please refer to the upstream advisory at https://shibboleth.net/community/advisories/secadv_20180227.tx ...

oval:org.secpod.oval:def:1600868
Buffer overflow in dhclient possibly allowing code execution triggered by malicious serverAn out-of-bound memory access flaw was found in the way dhclient processed a DHCP response packet. A malicious DHCP server could potentially use this flaw to crash dhclient processes running on DHCP client mach ...

oval:org.secpod.oval:def:1801540
A Buffer Overflow issue was discovered in Kamailio before 4.4.7, 5.0.x before 5.0.6, and 5.1.x before 5.1.2. A specially crafted REGISTER message with a malformed branch or From tag triggers an off-by-one heap-based buffer overflow in the tmx_check_pretran function in modules/tmx/tmx_pretran.c.

oval:org.secpod.oval:def:1801530
A Buffer Overflow issue was discovered in Kamailio before 4.4.7, 5.0.x before 5.0.6, and 5.1.x before 5.1.2. A specially crafted REGISTER message with a malformed branch or From tag triggers an off-by-one heap-based buffer overflow in the tmx_check_pretran function in modules/tmx/tmx_pretran.c.

oval:org.secpod.oval:def:1801526
A Buffer Overflow issue was discovered in Kamailio before 4.4.7, 5.0.x before 5.0.6, and 5.1.x before 5.1.2. A specially crafted REGISTER message with a malformed branch or From tag triggers an off-by-one heap-based buffer overflow in the tmx_check_pretran function in modules/tmx/tmx_pretran.c.

oval:org.secpod.oval:def:43070
The host is installed with Google Chrome before 63.0.3239.84 and is prone to a integer overflow vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:1600864
Vorbis audio processing out of bounds write:An out of bounds write flaw was found in the processing of vorbis audio data. A maliciously crafted file or audio stream could cause the application to crash or, potentially, execute arbitrary code

oval:org.secpod.oval:def:603348
It was discovered that a race condition in beep allows local privilege escalation.

oval:org.secpod.oval:def:53296
It was discovered that a race condition in beep allows local privilege escalation.

oval:org.secpod.oval:def:603351
Michal Kedzior found two vulnerabilities in LDAP Account Manager, a web front-end for LDAP directories. CVE-2018-8763 The found Reflected Cross Site Scripting vulnerability might allow an attacker to execute JavaScript code in the browser of the victim or to redirect her to a malicious website if t ...

oval:org.secpod.oval:def:53298
Michal Kedzior found two vulnerabilities in LDAP Account Manager, a web front-end for LDAP directories. CVE-2018-8763 The found Reflected Cross Site Scripting vulnerability might allow an attacker to execute JavaScript code in the browser of the victim or to redirect her to a malicious website if t ...

oval:org.secpod.oval:def:603366
Wojciech Regula discovered an XML External Entity vulnerability in the XML Parser of the mindmap loader in freeplane, a Java program for working with mind maps, resulting in potential information disclosure if a malicious mind map file is opened.

oval:org.secpod.oval:def:53305
Wojciech Regula discovered an XML External Entity vulnerability in the XML Parser of the mindmap loader in freeplane, a Java program for working with mind maps, resulting in potential information disclosure if a malicious mind map file is opened.

oval:org.secpod.oval:def:603385
Two vulnerabilities were found in the Quassel IRC client, which could result in the execution of arbitrary code or denial of service. Note that you need to restart the "quasselcore" service after upgrading the Quassel packages.

oval:org.secpod.oval:def:53316
Two vulnerabilities were found in the Quassel IRC client, which could result in the execution of arbitrary code or denial of service. Note that you need to restart the "quasselcore" service after upgrading the Quassel packages.

oval:org.secpod.oval:def:1800982
CVE-2018-1000178: A heap corruption of type CWE-120 exists in quassel version 0.12.4 in quasselcore in void DataStreamPeer::processMessage datastreampeer.cpp line 62 that allows an attacker to execute code remotely.

oval:org.secpod.oval:def:1900133
A NULL Pointer Dereference of CWE-476 exists in quassel version 0.12.4 in the quasselcore void CoreAuthHandler::handle coreauthhandler.cpp line 235 that allows an attacker to cause a denial of service.

oval:org.secpod.oval:def:1900092
A heap corruption of type CWE-120 exists in quassel version 0.12.4 inquasselcore in void DataStreamPeer::processMessagedatastreampeer.cpp line 62 that allows an attacker to execute code remotely.

oval:org.secpod.oval:def:1600893
A cookie injection flaw was found in wget. An attacker can create a malicious website which, when accessed, overrides cookies belonging to arbitrary domains.

oval:org.secpod.oval:def:1800980
CVE-2018-5150: Memory safety bugs CVE-2018-5154: Use-after-free with SVG animations and clip paths CVE-2018-5155: Use-after-free with SVG animations and text paths CVE-2018-5157: Same-origin bypass of PDF Viewer to view protected PDF files CVE-2018-5158: Malicious PDF can inject JavaScript into PDF ...

oval:org.secpod.oval:def:1801011
GnuPG before version 2.2.8 does not properly sanitize original filenames of signed or encrypted messages allowing for the insertion of line feeds and other control characters. An attacker could exploit this by injecting such characters to craft status messages and fake the validity of signatures.

oval:org.secpod.oval:def:1801014
GnuPG before version 2.2.8 does not properly sanitize original filenames of signed or encrypted messages allowing for the insertion of line feeds and other control characters. An attacker could exploit this by injecting such characters to craft status messages and fake the validity of signatures.

oval:org.secpod.oval:def:1801009
GnuPG before version 2.2.8 does not properly sanitize original filenames of signed or encrypted messages allowing for the insertion of line feeds and other control characters. An attacker could exploit this by injecting such characters to craft status messages and fake the validity of signatures.

oval:org.secpod.oval:def:1800700
CVE-2017-9147: LibTIFF 4.0.7 has an invalid read in the _TIFFVGetField function in tif_dir.c, which might allow remote attackers to cause a denial of service via a crafted TIFF file. Reference: Patch: CVE-2017-9403: In LibTIFF 4.0.7, a memory leak vulnerability was found in the function TIFFReadDir ...

oval:org.secpod.oval:def:1800068
CVE-2017-9936: In LibTIFF 4.0.8, there is a memory leak in tif_jbig.c. A crafted TIFF document can lead to a memory leak resulting in a remote denial of service attack. Reference:¶ Patch:¶ CVE-2017-10688: In LibTIFF 4.0.8, there is a assertion abort in the TIFFWriteDirectoryTagCheckedLong8 ...

oval:org.secpod.oval:def:1801550
CVE-2017-3142: An error in TSIG authentication can permit unauthorized zone transfers Affected versions:¶ 9.4.0-

oval:org.secpod.oval:def:1801551
CVE-2017-3142: An error in TSIG authentication can permit unauthorized zone transfers Affected versions:¶ 9.4.0-

oval:org.secpod.oval:def:1801527
CVE-2017-3142: An error in TSIG authentication can permit unauthorized zone transfers Affected versions:¶ 9.4.0-

oval:org.secpod.oval:def:1800828
The comic book backend in evince 3.24.0 is vulnerable to a commandinjection bug that can be used to execute arbitrary commands when a cbtfile is opened.

oval:org.secpod.oval:def:1800103
An exploitable stack based buffer overflow vulnerability exists in the GNOME libsoup 2.58. A specially crafted HTTP request can cause a stack overflow resulting in remote code execution. An attacker can send a special HTTP request to the vulnerable server to trigger this vulnerability. Fixed In Vers ...

oval:org.secpod.oval:def:1800201
An exploitable stack based buffer overflow vulnerability exists in the GNOME libsoup 2.58. A specially crafted HTTP request can cause a stack overflow resulting in remote code execution. An attacker can send a special HTTP request to the vulnerable server to trigger this vulnerability. Fixed In Vers ...

oval:org.secpod.oval:def:53123
Security consultants in NRI Secure Technologies discovered a stack overflow vulnerability in ConnMan, a network manager for embedded devices. An attacker with control of the DNS responses to the DNS proxy in ConnMan might crash the service and, in same cases, remotely execute arbitrary commands in t ...

oval:org.secpod.oval:def:603076
Security consultants in NRI Secure Technologies discovered a stack overflow vulnerability in ConnMan, a network manager for embedded devices. An attacker with control of the DNS responses to the DNS proxy in ConnMan might crash the service and, in same cases, remotely execute arbitrary commands in t ...

oval:org.secpod.oval:def:1800724
3.2.9 Fixes following vulnerabilities: CVE-2017-15186, Patch: 3.2.8 Fixes following vulnerabilities: CVE-2017-14054,CVE-2017-14055, CVE-2017-14056, CVE-2017-14057, CVE-2017-14058, CVE-2017-14059, CVE-2017-14169, CVE-2017-14170, CVE-2017-14171, CVE-2017-14222, CVE-2017-14223, CVE-2017-14225,CVE-2017- ...

oval:org.secpod.oval:def:1800893
3.2.9 Fixes following vulnerabilities: CVE-2017-15186, Patch: 3.2.8 Fixes following vulnerabilities: CVE-2017-14054,CVE-2017-14055, CVE-2017-14056, CVE-2017-14057, CVE-2017-14058, CVE-2017-14059, CVE-2017-14169, CVE-2017-14170, CVE-2017-14171, CVE-2017-14222, CVE-2017-14223, CVE-2017-14225,CVE-2017- ...

oval:org.secpod.oval:def:1800827
GNU Emacs before 25.3 allows remote attackers to execute arbitrary code via email with crafted "Content-Type: text/enriched" data containing an x-display XML element that specifies execution of shell commands, related to an unsafe text/enriched extension in lisp/textmodes/enriched.el, and unsafe Gnu ...

oval:org.secpod.oval:def:1800816
The aspath_put function in bgpd/bgp_aspath.c in Quagga before 1.2.2 allows remote attackers to cause a denial of service via BGP UPDATE messages, because AS_PATH size calculation for long paths counts certain bytes twice and consequently constructs an invalid message.

oval:org.secpod.oval:def:32946
The host is missing a high severity security update according to Google advisory. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to cause a denial of service, bypass ...

oval:org.secpod.oval:def:32945
The host is missing a high severity security update according to Google advisory. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to cause a denial of service, bypass ...

oval:org.secpod.oval:def:32931
The host is missing a high severity security update according to Google advisory. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to cause a denial of service, bypass ...

oval:org.secpod.oval:def:42486
The host is installed with Google Chrome before 62.0.3202.62 and is prone to an UI spoofing vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:42495
The host is installed with Google Chrome before 62.0.3202.62 and is prone to a null pointer dereference vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:42545
The host is installed with Google Chrome before 62.0.3202.62 and is prone to an incorrect stack manipulation vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:42544
The host is installed with Google Chrome before 62.0.3202.62 and is prone to an incorrect stack manipulation vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:42543
The host is installed with Google Chrome before 62.0.3202.62 and is prone to an out of bounds write vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:42542
The host is installed with Google Chrome before 62.0.3202.62 and is prone to an out of bounds write vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:42509
The host is installed with Google Chrome before 62.0.3202.62 and is prone to a UI spoofing vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:42508
The host is installed with Google Chrome before 62.0.3202.62 and is prone to a UI spoofing vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:42527
The host is installed with Google Chrome before 62.0.3202.62 and is prone to a null pointer dereference vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:42526
The host is installed with Google Chrome before 62.0.3202.62 and is prone to a null pointer dereference vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:42530
The host is installed with Google Chrome before 62.0.3202.62 and is prone to a heap overflow vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:42531
The host is installed with Google Chrome before 62.0.3202.62 and is prone to a heap overflow vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:603160
It was discovered that libpam4j, a Java library wrapper for the integration of PAM did not call pam_acct_mgmt during authentication. As such a user who has a valid password, but a deactivated or disabled account could still log in.

oval:org.secpod.oval:def:53174
It was discovered that libpam4j, a Java library wrapper for the integration of PAM did not call pam_acct_mgmt during authentication. As such a user who has a valid password, but a deactivated or disabled account could still log in.

oval:org.secpod.oval:def:1600822
Use-after-free in processing SMB1 requestsA use-after-free flaw was found in the way samba servers handled certain SMB1 requests. An unauthenticated attacker could send specially-crafted SMB1 requests to cause the server to crash or execute arbitrary code. Server heap-memory disclosureA memory discl ...

oval:org.secpod.oval:def:603186
Two vulnerabilities were discovered in the Open Ticket Request System which could result in disclosure of database credentials or the execution of arbitrary shell commands by logged-in agents.

oval:org.secpod.oval:def:53195
Two vulnerabilities were discovered in the Open Ticket Request System which could result in disclosure of database credentials or the execution of arbitrary shell commands by logged-in agents.

oval:org.secpod.oval:def:603190
Adam Collard discovered that Bazaar, an easy to use distributed version control system, did not correctly handle maliciously constructed bzr+ssh URLs, allowing a remote attackers to run an arbitrary shell command.

oval:org.secpod.oval:def:1800690
Bazaar through 2.7.0, when Subprocess SSH is used, allows remote attackers to execute arbitrary commands via a bzr+ssh URL with an initial dash character in the hostname Fixed In Version:¶ bzr 3.0

oval:org.secpod.oval:def:53199
Adam Collard discovered that Bazaar, an easy to use distributed version control system, did not correctly handle maliciously constructed bzr+ssh URLs, allowing a remote attackers to run an arbitrary shell command.

oval:org.secpod.oval:def:1800032
CVE-2017-8819 In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, the replay-cache protection mechanism is ineffective for v2 onion services, aka TROVE-2017-009. An attacker can send many INTRODUCE2 cells to trigger thi ...

oval:org.secpod.oval:def:1800148
It is possible to trigger heap overflows due to an integer overflow while parsing images and a signedness issue while parsing comments.The integer overflow occurs because the chosen limit 0x10000 for dimensions is too large for 32 bit systems, because each pixel takes4 bytes. Properly chosen values ...

oval:org.secpod.oval:def:1800759
It is possible to trigger heap overflows due to an integer overflow while parsing images and a signedness issue while parsing comments.The integer overflow occurs because the chosen limit 0x10000 for dimensions is too large for 32 bit systems, because each pixel takes4 bytes. Properly chosen values ...

oval:org.secpod.oval:def:43029
The host is installed with Wireshark 2.4.0 to 2.4.2 or 2.2.0 to 2.2.10 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to properly handle the NetBIOS dissector issue. Successful exploitation allows attackers to cause an application crash.

oval:org.secpod.oval:def:43028
The host is installed with Wireshark 2.4.0 to 2.4.2 or 2.2.0 to 2.2.10 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to properly handle the IWARP_MPA dissector issue. Successful exploitation allows attackers to cause an application crash.

oval:org.secpod.oval:def:43027
The host is installed with Wireshark 2.4.0 to 2.4.2 or 2.2.0 to 2.2.10 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to properly handle the CIP Safety dissector issue. Successful exploitation allows attackers to cause an application crash.

oval:org.secpod.oval:def:43076
The host is missing a critical severity security update according to Google advisory. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:603162
Marcin Noga discovered two vulnerabilities in LibreOffice, which could result in the execution of arbitrary code if a malformed PPT or DOC document is opened.

oval:org.secpod.oval:def:1800886
CVE-2017-7753: Out-of-bounds read with cached style data and pseudo-elements CVE-2017-7779: Memory safety bugs CVE-2017-7784: Use-after-free with image observers CVE-2017-7785: Buffer overflow manipulating ARIA attributes in DOM CVE-2017-7786: Buffer overflow while painting non-displayable SVG CVE-2 ...

oval:org.secpod.oval:def:42277
The host is missing a critical security update according to Mozilla advisory, MFSA2017-22. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ...

oval:org.secpod.oval:def:42421
The host is missing a critical security update according to Mozilla advisory, MFSA2017-23. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ...

oval:org.secpod.oval:def:42796
The host is missing a critical security update according to Mozilla advisory, MFSA2017-25. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ...

oval:org.secpod.oval:def:54393
Michael Hanselmann discovered that Samba, a SMB/CIFS file, print, and login server for Unix, was vulnerable to a symlink traversal attack. It would allow remote authenticated users with write permission to either write or detect files outside of Samba shares.

oval:org.secpod.oval:def:54404
samba: SMB/CIFS file, print, and login server for Unix Samba could be made to create files in unexpected locations.

oval:org.secpod.oval:def:1800926
CVE-2018-1050: Denial of Service Attack on external print server. Affected Versions All versions of Samba from 4.0.0 onwards. Fixed In Version Samba 4.7.6, 4.6.14 and 4.5.16.

oval:org.secpod.oval:def:1800962
CVE-2018-1050: Denial of Service Attack on external print server. Affected Versions:¶ All versions of Samba from 4.0.0 onwards. Fixed In Version:¶ Samba 4.7.6, 4.6.14 and 4.5.16.

oval:org.secpod.oval:def:1800963
CVE-2018-1050: Denial of Service Attack on external print server. Affected Versions:¶ All versions of Samba from 4.0.0 onwards. Fixed In Version:¶ Samba 4.7.6, 4.6.14 and 4.5.16.

oval:org.secpod.oval:def:1800964
CVE-2018-1050: Denial of Service Attack on external print server. Affected Versions:¶ All versions of Samba from 4.0.0 onwards. Fixed In Version:¶ Samba 4.7.6, 4.6.14 and 4.5.16.

oval:org.secpod.oval:def:1800766
All versions of Samba prior to 4.6.1, 4.5.7, 4.4.12 are vulnerable to a malicious client using a symlink race to allow access to areas ofthe server file system not exported under the share definition. Samba uses the realpath system call to ensure when a client requests access to a pathname that it i ...

oval:org.secpod.oval:def:1600843
Out-of-bounds read in code handling HTTP/2 trailers:libcurl contains an out bounds read in code handling HTTP/2 trailers. It was reported that reading an HTTP/2 trailer could mess up future trailers since the stored size was one byte less than required. The problem is that the code that creates HTT ...

oval:org.secpod.oval:def:1600871
FTP path trickery leads to NIL byte out of bounds write:It was found that libcurl did not safely parse FTP URLs when using the CURLOPT_FTP_FILEMETHOD method. An attacker, able to provide a specially crafted FTP URL to an application using libcurl, could write a NULL byte at an arbitrary location, re ...

oval:org.secpod.oval:def:1600808
IMAP FETCH response out of bounds read:A buffer overrun flaw was found in the IMAP handler of libcurl. By tricking an unsuspecting user into connecting to a malicious IMAP server, an attacker could exploit this flaw to potentially cause information disclosure or crash the application

oval:org.secpod.oval:def:1600950
curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently ...

oval:org.secpod.oval:def:1800928
CVE-2018-1000120: FTP path trickery leads to NIL byte out of bounds write¶ Affected versions:¶ curl 7.12.3 to and including curl 7.58.0 Not affected versions:¶ curl = 7.59.0

oval:org.secpod.oval:def:1800930
CVE-2018-1000120: FTP path trickery leads to NIL byte out of bounds write¶ Affected versions:¶ curl 7.12.3 to and including curl 7.58.0 Not affected versions:¶ curl = 7.59.0

oval:org.secpod.oval:def:1800931
CVE-2018-1000120: FTP path trickery leads to NIL byte out of bounds write¶ Affected versions:¶ curl 7.12.3 to and including curl 7.58.0 Not affected versions:¶ curl = 7.59.0

oval:org.secpod.oval:def:1800947
CVE-2018-1000120: FTP path trickery leads to NIL byte out of bounds write¶ Affected versions curl 7.12.3 to and including curl 7.58.0 Not affected versions curl = 7.59.0

oval:org.secpod.oval:def:1800178
An IMAP FETCH response line indicates the size of the returned data, in number of bytes. When that response says the data is zero bytes, libcurl would pass on that data with a pointer and the size to the deliver-data function. Affected versions: libcurl 7.20.0 to and including 7.56.0 Not affected ...

oval:org.secpod.oval:def:1800161
CVE-2018-1000005: HTTP/2 trailer out-of-bounds read. Affected versions: libcurl 7.49.0 to and including 7.57.0 Not affected versions: libcurl = 7.58.0

oval:org.secpod.oval:def:1800705
CVE-2018-1000005: HTTP/2 trailer out-of-bounds read¶ Affected versions:¶ libcurl 7.49.0 to and including 7.57.0 Not affected versions:¶ libcurl = 7.58.0

oval:org.secpod.oval:def:1800794
An IMAP FETCH response line indicates the size of the returned data, in number of bytes. When that response says the data is zero bytes, libcurl would pass on that data with a pointer and the size to the deliver-data function. Affected versions: libcurl 7.20.0 to and including 7.56.0 Not affected ...

oval:org.secpod.oval:def:1800848
An IMAP FETCH response line indicates the size of the returned data, in number of bytes. When that response says the data is zero bytes, libcurl would pass on that data with a pointer and the size to the deliver-data function. Affected versions libcurl 7.20.0 to and including 7.56.0 Not affected v ...

oval:org.secpod.oval:def:1502005
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:502115
Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. The following packages have been upgraded to a later upstream version: pidgin . Security Fix: * A denial of service flaw was found in the way Pidgin"s Mxit plug-in han ...

oval:org.secpod.oval:def:601852
Multiple security issues have been discovered in Wordpress, a web blogging tool, resulting in denial of service or information disclosure. More information can be found in the upstream advisory at https://wordpress.org/news/2014/11/wordpress-4-0-1/ CVE-2014-9031 Jouko Pynnonen discovered an unauthen ...

oval:org.secpod.oval:def:108164
Wordpress is an online publishing / weblog package that makes it very easy, almost trivial, to get information out to people on the web. Important information in /usr/share/doc/wordpress/README.fedora

oval:org.secpod.oval:def:24344
curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl.

oval:org.secpod.oval:def:107977
Wordpress is an online publishing / weblog package that makes it very easy, almost trivial, to get information out to people on the web. Important information in /usr/share/doc/wordpress/README.fedora

oval:org.secpod.oval:def:107987
Wordpress is an online publishing / weblog package that makes it very easy, almost trivial, to get information out to people on the web. Important information in /usr/share/doc/wordpress-4.0.1/README.fedora

oval:org.secpod.oval:def:602096
Multiple vulnerabilities were discovered in Zend Framework, a PHP framework. Except for CVE-2015-3154, all these issues were already fixed in the version initially shipped with Jessie. CVE-2014-2681 Lukas Reschke reported a lack of protection against XML External Entity injection attacks in some fun ...

oval:org.secpod.oval:def:602115
The update for zendframework issued as DSA-3265-1 introduced a regression preventing the use of non-string or non-stringable objects as header values. A fix for this problem is now applied, along with the final patch for CVE-2015-3154. For reference the original advisory text follows. Multiple vulne ...

oval:org.secpod.oval:def:52486
fuse: Filesystem in Userspace FUSE could be made to overwrite files as the administrator.

oval:org.secpod.oval:def:109109
NTFS-3G is a stable, open source, GPL licensed, POSIX, read/write NTFS driver for Linux and many other operating systems. It provides safe handling of the Windows XP, Windows Server 2003, Windows 2000, Windows Vista, Windows Server 2008 and Windows 7 NTFS file systems. NTFS-3G can create, remove, re ...

oval:org.secpod.oval:def:25179
The host is installed with fuse on Red Hat Enterprise Linux 7 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to properly filter environment variables. Successful exploitation could allow attackers to escalate privileges.

oval:org.secpod.oval:def:602113
Tavis Ormandy discovered that FUSE, a Filesystem in USErspace, does not scrub the environment before executing mount or umount with elevated privileges. A local user can take advantage of this flaw to overwrite arbitrary files and gain elevated privileges by accessing debugging features via the envi ...

oval:org.secpod.oval:def:602112
Tavis Ormandy discovered that NTFS-3G, a read-write NTFS driver for FUSE, does not scrub the environment before executing mount or umount with elevated privileges. A local user can take advantage of this flaw to overwrite arbitrary files and gain elevated privileges by accessing debugging features v ...

oval:org.secpod.oval:def:602108
The patch applied for ntfs-3g to fix CVE-2015-3202 in DSA 3268-1 was incomplete. This update corrects that problem. For reference the original advisory text follows. Tavis Ormandy discovered that NTFS-3G, a read-write NTFS driver for FUSE, does not scrub the environment before executing mount or umo ...

oval:org.secpod.oval:def:109160
With FUSE it is possible to implement a fully functional filesystem in a userspace program. This package contains the FUSE userspace tools to mount a FUSE filesystem.

oval:org.secpod.oval:def:109169
With FUSE it is possible to implement a fully functional filesystem in a userspace program. This package contains the FUSE userspace tools to mount a FUSE filesystem.

oval:org.secpod.oval:def:109191
NTFS-3G is a stable, open source, GPL licensed, POSIX, read/write NTFS driver for Linux and many other operating systems. It provides safe handling of the Windows XP, Windows Server 2003, Windows 2000, Windows Vista, Windows Server 2008 and Windows 7 NTFS file systems. NTFS-3G can create, remove, re ...

oval:org.secpod.oval:def:109189
With FUSE it is possible to implement a fully functional filesystem in a userspace program. This package contains the FUSE userspace tools to mount a FUSE filesystem.

oval:org.secpod.oval:def:109152
NTFS-3G is a stable, open source, GPL licensed, POSIX, read/write NTFS driver for Linux and many other operating systems. It provides safe handling of the Windows XP, Windows Server 2003, Windows 2000, Windows Vista, Windows Server 2008 and Windows 7 NTFS file systems. NTFS-3G can create, remove, re ...

oval:org.secpod.oval:def:1200035
It was discovered that fusermount failed to properly sanitize its environment before executing mount and umount commands. A local user could possibly use this flaw to escalate their privileges on the system.

oval:org.secpod.oval:def:602384
Aris Adamantiadis discovered that libssh, a tiny C SSH library, incorrectly generated a short ephemeral secret for the diffie-hellman-group1 and diffie-hellman-group14 key exchange methods. The resulting secret is 128 bits long, instead of the recommended sizes of 1024 and 2048 bits respectively. Th ...

oval:org.secpod.oval:def:704161
policykit-1: framework for managing administrative policies and privileges Several security issues were fixed in PolicyKit.

oval:org.secpod.oval:def:52935
policykit-1: framework for managing administrative policies and privileges Several security issues were fixed in PolicyKit.

oval:org.secpod.oval:def:52460
wpa: client support for WPA and WPA2 wpa_supplicant could be made to crash, expose memory, or run programs if it received specially crafted network traffic.

oval:org.secpod.oval:def:1501035
The wpa_supplicant package contains an 802.1X Supplicant with support for WEP, WPA, WPA2 , and various EAP authentication methods. It implements key negotiation with a WPA Authenticator for client stations and controls the roaming and IEEE 802.11 authentication and association of the WLAN driver. A ...

oval:org.secpod.oval:def:602065
The Google security team and the smart hardware research group of Alibaba security team discovered a flaw in how wpa_supplicant used SSID information when creating or updating P2P peer entries. A remote attacker can use this flaw to cause wpa_supplicant to crash, expose memory contents, and potentia ...

oval:org.secpod.oval:def:501578
The wpa_supplicant package contains an 802.1X Supplicant with support for WEP, WPA, WPA2 , and various EAP authentication methods. It implements key negotiation with a WPA Authenticator for client stations and controls the roaming and IEEE 802.11 authentication and association of the WLAN driver. A ...

oval:org.secpod.oval:def:109373
wpa_supplicant is a WPA Supplicant for Linux, BSD and Windows with support for WPA and WPA2 . Supplicant is the IEEE 802.1X/WPA component that is used in the client stations. It implements key negotiation with a WPA Authenticator and it controls the roaming and IEEE 802.11 authentication/association ...

oval:org.secpod.oval:def:108789
wpa_supplicant is a WPA Supplicant for Linux, BSD and Windows with support for WPA and WPA2 . Supplicant is the IEEE 802.1X/WPA component that is used in the client stations. It implements key negotiation with a WPA Authenticator and it controls the roaming and IEEE 802.11 authentication/association ...

oval:org.secpod.oval:def:108854
wpa_supplicant is a WPA Supplicant for Linux, BSD and Windows with support for WPA and WPA2 . Supplicant is the IEEE 802.1X/WPA component that is used in the client stations. It implements key negotiation with a WPA Authenticator and it controls the roaming and IEEE 802.11 authentication/association ...

oval:org.secpod.oval:def:602199
Several vulnerabilities have been fixed in Wordpress, the popular blogging engine. CVE-2015-2213 SQL Injection allowed a remote attacker to compromise the site. CVE-2015-5622 The robustness of the shortcodes HTML tags filter has been improved. The parsing is a bit more strict, which may affect your ...

oval:org.secpod.oval:def:602258
The patch applied for CVE-2015-5622 in DSA-3332-1 contained a faulty hunk. This update corrects that problem. For reference, the relevant part of the original advisory text follows. Several vulnerabilities have been fixed in Wordpress, the popular blogging engine. CVE-2015-5622 The robustness of the ...

oval:org.secpod.oval:def:602263
Several vulnerabilities were discovered in Wordpress, a web blogging tool. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2015-2213 SQL Injection allowed a remote attacker to compromise the site. CVE-2015-5622 The robustness of the shortcodes HTML tags filter ...

oval:org.secpod.oval:def:24492
The host is installed with Google Chrome before 43.0.2357.65 and is prone to a denial of service vulnerability. A flaw is present in the libvpx code, which was not built with an appropriate --size-limit value. Successful exploitation could allow attackers to trigger a negative value for a size field ...

oval:org.secpod.oval:def:24919
The host is installed with Google Chrome before 43.0.2357.65 and is prone to a denial of service vulnerability. A flaw is present in the libvpx code, which was not built with an appropriate --size-limit value. Successful exploitation could allow attackers to trigger a negative value for a size field ...

oval:org.secpod.oval:def:24920
The host is installed with Google Chrome before 43.0.2357.65 and is prone to a denial of service vulnerability. A flaw is present in the libvpx code, which was not built with an appropriate --size-limit value. Successful exploitation could allow attackers to trigger a negative value for a size field ...

oval:org.secpod.oval:def:602327
David Golden of MongoDB discovered that File::Spec::canonpath in Perl returned untainted strings even if passed tainted input. This defect undermines taint propagation, which is sometimes used to ensure that unvalidated user input does not reach sensitive code. The oldstable distribution is not aff ...

oval:org.secpod.oval:def:602482
Several security vulnerabilities were found in botan1.10, a C++ library which provides support for many common cryptographic operations, including encryption, authentication, X.509v3 certificates and CRLs. CVE-2015-5726 The BER decoder would crash due to reading from offset 0 of an empty vector if i ...

oval:org.secpod.oval:def:43678
The host is installed with Google Chrome before 64.0.3282.119 and is prone to a Use after free vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:43680
The host is installed with Google Chrome before 64.0.3282.119 and is prone to a race condition vulnerability. A flaw is present in the application, which fails to properly open downloaded files. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:43689
The host is installed with Google Chrome before 64.0.3282.119 and is prone to a URL spoof vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:43687
The host is installed with Google Chrome before 64.0.3282.119 and is prone to a Content security policy bypass vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:43686
The host is installed with Google Chrome before 64.0.3282.119 and is prone to a XSS vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:43692
The host is installed with Google Chrome before 64.0.3282.119 and is prone to a Insufficient isolation of devtools from extensions vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:43691
The host is installed with Google Chrome before 64.0.3282.119 and is prone to a Insufficient isolation of devtools from extensions vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:43696
The host is installed with Google Chrome before 64.0.3282.119 and is prone to a URL spoof vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:43695
The host is installed with Google Chrome before 64.0.3282.119 and is prone to a UI spoof vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:43694
The host is installed with Google Chrome before 64.0.3282.119 and is prone to a Referrer policy bypass vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:43693
The host is installed with Google Chrome before 64.0.3282.119 and is prone to a Cross origin URL leak vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:43698
The host is installed with Google Chrome before 64.0.3282.119 and is prone to a Incomplete no-referrer policy implementation vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:43755
The host is installed with Google Chrome before 64.0.3282.119 and is prone to a Insufficient isolation of devtools from extensions vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:43752
The host is installed with Google Chrome before 64.0.3282.119 and is prone to a URL spoof vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:43759
The host is installed with Google Chrome before 64.0.3282.119 and is prone to a Cross origin URL leak vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:43758
The host is installed with Google Chrome before 64.0.3282.119 and is prone to a Insufficient isolation of devtools from extensions vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:43757
The host is installed with Google Chrome before 64.0.3282.119 and is prone to a Insufficient isolation of devtools from extensions vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:43756
The host is installed with Google Chrome before 64.0.3282.119 and is prone to a Insufficient isolation of devtools from extensions vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:43762
The host is installed with Google Chrome before 64.0.3282.119 and is prone to a Referrer policy bypass vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:43761
The host is installed with Google Chrome before 64.0.3282.119 and is prone to a Referrer policy bypass vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:43760
The host is installed with Google Chrome before 64.0.3282.119 and is prone to a Cross origin URL leak vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:43766
The host is installed with Google Chrome before 64.0.3282.119 and is prone to a URL spoof vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:43765
The host is installed with Google Chrome before 64.0.3282.119 and is prone to a URL spoof vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:43764
The host is installed with Google Chrome before 64.0.3282.119 and is prone to a UI spoof vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:43763
The host is installed with Google Chrome before 64.0.3282.119 and is prone to a UI spoof vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:43769
The host is installed with Google Chrome before 64.0.3282.119 and is prone to a Incomplete no-referrer policy implementation vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:43773
The host is installed with Google Chrome before 64.0.3282.119 and is prone to a Use after free vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:43770
The host is installed with Google Chrome before 64.0.3282.119 and is prone to a Incomplete no-referrer policy implementation vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:43776
The host is missing a high severity security update according to Google advisory. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:43775
The host is missing a high severity security update according to Google advisory. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:43774
The host is installed with Google Chrome before 64.0.3282.119 and is prone to a Use after free vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:43729
The host is installed with Google Chrome before 64.0.3282.119 and is prone to a Use after free vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:43733
The host is installed with Google Chrome before 64.0.3282.119 and is prone to a race condition vulnerability. A flaw is present in the application, which fails to properly open downloaded files. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:43730
The host is installed with Google Chrome before 64.0.3282.119 and is prone to a Use after free vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:43734
The host is installed with Google Chrome before 64.0.3282.119 and is prone to a race condition vulnerability. A flaw is present in the application, which fails to properly open downloaded files. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:43748
The host is installed with Google Chrome before 64.0.3282.119 and is prone to a Content security policy bypass vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:43747
The host is installed with Google Chrome before 64.0.3282.119 and is prone to a Content security policy bypass vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:43746
The host is installed with Google Chrome before 64.0.3282.119 and is prone to a XSS vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:43745
The host is installed with Google Chrome before 64.0.3282.119 and is prone to a XSS vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:43751
The host is installed with Google Chrome before 64.0.3282.119 and is prone to a URL spoof vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:43700
The host is installed with Google Chrome before 64.0.3282.119 and is prone to a Use after free vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:43701
The host is missing a high severity security update according to Google advisory. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:602488
It was discovered that a heap overflow in the Poppler PDF library may result in denial of service and potentially the execution of arbitrary code if a malformed PDF file is opened.

oval:org.secpod.oval:def:1800264
CVE-2016-5423: CASE/WHEN with in lining can cause untrusted pointer dereference. Fixed In Version: postgresql 9.5.4, postgresql 9.4.9, postgresql 9.3.14, postgresql 9.2.18, postgresql 9.1.23 CVE-2016-5424: database and role names with embedded special characters can allow code injection during admi ...

oval:org.secpod.oval:def:40419
The host is installed with LibreOffice before 5.1.6 or 5.2.x before 5.2.2 and is prone to an arbitrary file disclosure vulnerability. A flaw is present in the application, which fails to handle embedded object. Successful exploitation could allow remote attackers to expose details of the environment ...

oval:org.secpod.oval:def:41754
freerdp: RDP client for Windows Terminal Services Several security issues were fixed in FreeRDP.

oval:org.secpod.oval:def:38110
The host is installed with Wireshark 2.0.x before 2.0.8 or 2.2.x before 2.2.2 and is prone to a denial of service vulnerability. A flaw is present in the AllJoyn dissector, which fails to properly handle network traffic or a capture file. Successful exploitation allow attackers to crash the service ...

oval:org.secpod.oval:def:38111
The host is installed with Wireshark 2.0.x before 2.0.8 or 2.2.x before 2.2.2 and is prone to an use-after-free vulnerability. A flaw is present in the DCERPC dissector, which fails to properly handle network traffic or a capture file. Successful exploitation allow attackers to crash the service wit ...

oval:org.secpod.oval:def:38109
The host is installed with Wireshark 2.0.x before 2.0.8 or 2.2.x before 2.2.2 and is prone to an unspecified vulnerability. A flaw is present in the OpenFlow dissector, which fails to properly handle network traffic or a capture file. Successful exploitation allow attackers to crash the service by f ...

oval:org.secpod.oval:def:49674
perl: Practical Extraction and Report Language Several security issues were fixed in Perl.

oval:org.secpod.oval:def:38108
The host is installed with Wireshark 2.0.x before 2.0.8 or 2.2.x before 2.2.2 and is prone to a denial of service vulnerability. A flaw is present in the OpenFlow dissector, which fails to properly handle network traffic or a capture file. Successful exploitation allow attackers to crash the service ...

oval:org.secpod.oval:def:41727
The host is missing a critical security update according to Mozilla advisory, MFSA2017-19. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code o ...

oval:org.secpod.oval:def:49784
The host is missing a critical security update according to Mozilla advisory, MFSA2018-30. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code.

oval:org.secpod.oval:def:41827
The host is missing a critical security update according to Mozilla advisory, MFSA2017-20. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code o ...

oval:org.secpod.oval:def:204474
The util-linux packages contain a large variety of low-level system utilities that are necessary for a Linux system to function. Among others, these include the fdisk configuration tool and the login program. Security Fix: * A race condition was found in the way su handled the management of child pr ...

oval:org.secpod.oval:def:703456
squid3: Web proxy cache server Squid could be made to expose sensitive information over the network.

oval:org.secpod.oval:def:49022
nginx: small, powerful, scalable web/proxy server Several security issues were fixed in nginx.

oval:org.secpod.oval:def:53954
php7.2: HTML-embedded scripting language interpreter - php7.0: HTML-embedded scripting language interpreter Several security issues were fixed in PHP.

oval:org.secpod.oval:def:40633
bash: GNU Bourne Again SHell Several security issues were fixed in Bash.

oval:org.secpod.oval:def:203642
The wpa_supplicant package contains an 802.1X Supplicant with support for WEP, WPA, WPA2 , and various EAP authentication methods. It implements key negotiation with a WPA Authenticator for client stations and controls the roaming and IEEE 802.11 authentication and association of the WLAN driver. A ...

oval:org.secpod.oval:def:703577
samba: SMB/CIFS file, print, and login server for Unix Samba could be made to expose sensitive information over the network.

oval:org.secpod.oval:def:203658
PostgreSQL is an advanced object-relational database management system . A double-free flaw was found in the connection handling. An unauthenticated attacker could exploit this flaw to crash the PostgreSQL back end by disconnecting at approximately the same time as the authentication time out is tri ...

oval:org.secpod.oval:def:703522
pidgin: graphical multi-protocol instant messaging client for X Pidgin could be made to crash or run programs if it received specially crafted network traffic.

oval:org.secpod.oval:def:41157
Several vulnerabilities have been found in VLC, the VideoLAN project"s media player. Processing malformed subtitles or movie files could lead to denial of service and potentially the execution of arbitrary code.

oval:org.secpod.oval:def:38510
The host is installed with Apple Mac OS X or Server 10.12.x through 10.12.1 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle unknown vectors related to curl. Successful exploitation could allow attackers to leak sensitive u ...

oval:org.secpod.oval:def:38511
The host is installed with Apple Mac OS X or Server 10.12.x through 10.12.1 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle unknown vectors related to curl. Successful exploitation could allow attackers to leak sensitive u ...

oval:org.secpod.oval:def:38512
The host is installed with Apple Mac OS X or Server 10.12.x through 10.12.1 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle unknown vectors related to curl. Successful exploitation could allow attackers to leak sensitive u ...

oval:org.secpod.oval:def:703690
libgcrypt20: LGPL Crypto library - libgcrypt11: LGPL Crypto library Several security issues were fixed in Libgcrypt.

oval:org.secpod.oval:def:703671
linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:703663
linux: Linux kernel Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:703661
linux: Linux kernel Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:703668
linux: Linux kernel Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:703667
linux-raspi2: Linux kernel for Raspberry Pi 2 Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:703658
linux-raspi2: Linux kernel for Raspberry Pi 2 Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:703640
puppet: Centralized configuration management Several security issues were fixed in Puppet.

oval:org.secpod.oval:def:703614
freetype: FreeType 2 is a font engine library FreeType could be made to crash or run programs if it opened a specially crafted font file.

oval:org.secpod.oval:def:703813
emacs25: GNU Emacs editor Emacs could be made to run programs as your login if it opened a specially crafted file.

oval:org.secpod.oval:def:49284
The host is missing a high severity security update according to Google advisory. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:49255
The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix: * It was discovered that the ghostscript /invalidaccess checks fail under certain condition ...

oval:org.secpod.oval:def:49217
The host is installed with Artifex Ghostscript before 9.26 and is prone to a type confusion vulnerability. A flaw is present in the application, which fails to properly handle psi/zicc.c component. Successful exploitation could allow attackers to bypass intended access restrictions because of a setc ...

oval:org.secpod.oval:def:49218
The host is installed with Artifex Ghostscript before 9.26 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to properly handle psi/zdevice2.c component. Successful exploitation could allow attackers to bypass intended access restrictions because avai ...

oval:org.secpod.oval:def:49215
The host is installed with Artifex Ghostscript before 9.26 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to properly handle LockSafetyParams device parameter. Successful exploitation could allow attackers to bypass security restrictions on the sys ...

oval:org.secpod.oval:def:49216
The host is installed with Artifex Ghostscript before 9.26 and is prone to a type confusion vulnerability. A flaw is present in the application, which fails to properly handle psi/zfjbig2.c component. Successful exploitation could allow attackers to bypass intended access restrictions because of a J ...

oval:org.secpod.oval:def:204731
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.5.2. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ...

oval:org.secpod.oval:def:204721
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.5.1 ESR. Security Fix: * A privacy flaw was discovered in Firefox. In Private Browsing mode, a web worker could write persistent data to IndexedDB, which was not cleared when exiting and would persist across mu ...

oval:org.secpod.oval:def:204716
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.5.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ...

oval:org.secpod.oval:def:204707
The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix: * A buffer overrun flaw was found in the IMAP handler of libcurl. By tricking an unsuspecting user into connecting to a maliciou ...

oval:org.secpod.oval:def:204706
Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: * A use-after-free flaw was found in the way samba servers handled c ...

oval:org.secpod.oval:def:204770
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.7.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7 * Mozilla: Buffer overflow manipulating SVG animatedPathSegList * Mozilla: Out-of-bounds write with malformed IP ...

oval:org.secpod.oval:def:204774
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.7.0. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7 * Mozilla: Memory safety bugs fixed in Firefox ESR 52.7 * Mozilla: Vorbis audio processing out o ...

oval:org.secpod.oval:def:204772
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 52.7.2 ESR. Security Fix: * Mozilla: Vorbis audio processing out of bounds write For more details about the security issue, including the impact, ...

oval:org.secpod.oval:def:204763
Mailman is a program used to help manage e-mail discussion lists. Security Fix: * mailman: Cross-site scripting vulnerability in web UI For more details about the security issue, including the impact, a CVSS score, and other related information, refer to the CVE page listed in the References secti ...

oval:org.secpod.oval:def:204760
The quagga packages contain Quagga, the free network-routing software suite that manages TCP/IP based protocols. Quagga supports the BGP4, BGP4+, OSPFv2, OSPFv3, RIPv1, RIPv2, and RIPng protocols, and is intended to be used as a Route Server and Route Reflector. Security Fix: * quagga: Double free v ...

oval:org.secpod.oval:def:204767
The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable ...

oval:org.secpod.oval:def:204751
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.6.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ...

oval:org.secpod.oval:def:702489
tiff: Tag Image File Format library Details: USN-2553-1 fixed vulnerabilities in LibTIFF. One of the security fixes caused a regression when saving certain TIFF files with a Predictor tag. The problematic patch has been temporarily backed out until a more complete fix is available. We apologize for ...

oval:org.secpod.oval:def:38613
nss: Network Security Service library Several security issues were fixed in NSS.

oval:org.secpod.oval:def:204745
The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable ...

oval:org.secpod.oval:def:204743
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.6.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:57785
squid: Web proxy cache server - squid3: Web proxy cache server Several security issues were fixed in Squid.

oval:org.secpod.oval:def:41376
The host is installed with Oracle MySQL Server through 5.5.56, 5.6.36 or 5.7.18 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to Server: Charsets. Successful exploitation allows attackers to affect Availability.

oval:org.secpod.oval:def:41380
The host is installed with Oracle MySQL Server through 5.5.56, 5.6.36 or 5.7.18 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to Server: DDL. Successful exploitation allows attackers to affect Confidentiality and Integrity.

oval:org.secpod.oval:def:48036
The host is installed with Google Chrome before 70.0.3538.67 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:48037
The host is installed with Google Chrome before 70.0.3538.67 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:204850
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.1.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1, and Firefox ESR 52.9 * Mozilla: Buffer overflow usin ...

oval:org.secpod.oval:def:204855
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.9.1. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1, and Firefox ESR 52.9 * Mozilla: Buffer overflow using computed size of canvas element * Mozilla: Use ...

oval:org.secpod.oval:def:204821
LibVNCServer is a C library that enables you to implement VNC server functionality into own programs. Security Fix: * libvncserver: Improper input sanitization in rfbProcessClientNormalMessage in rfbserver.c For more details about the security issue, including the impact, a CVSS score, and other re ...

oval:org.secpod.oval:def:204820
The libvorbis package contains runtime libraries for use in programs that support Ogg Vorbis, a fully open, non-proprietary, patent- and royalty-free, general-purpose compressed format for audio and music at fixed and variable bitrates. Security Fix: * Mozilla: Vorbis audio processing out of bounds ...

oval:org.secpod.oval:def:204825
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 52.8.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8 * Mozilla: Backport critical security fixes in Ski ...

oval:org.secpod.oval:def:204891
The SpamAssassin tool provides a way to reduce unsolicited commercial email from incoming email. Security Fix: * spamassassin: Certain unclosed tags in crafted emails allow for scan timeouts and result in denial of service * spamassassin: Local user code injection in the meta rule syntax For more ...

oval:org.secpod.oval:def:204890
The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix: * It was discovered that the ghostscript /invalidaccess checks fail under certain condition ...

oval:org.secpod.oval:def:20458400
The tcpdump packages contain the tcpdump utility for monitoring network traffic. The tcpdump utility can capture and display the packet headers on a particular network interface or on all interfaces. The following packages have been upgraded to a later upstream version: tcpdump . Security Fix: * Mu ...

oval:org.secpod.oval:def:204886
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.2.1 ESR. Security Fix: * Mozilla: Crash in TransportSecurityInfo due to cached data * Mozilla: Setting a master password post-Firefox 58 does no ...

oval:org.secpod.oval:def:26778
The host is installed with LibreOffice before 4.3.7, 4.4.x before 4.4.2 or Apache OpenOffice before 4.1.2 and is prone to an out-of-bounds write vulnerability. A flaw is present in the application, which fails to handle a crafted HWP document. Successful exploitation could allow attackers to crash ...

oval:org.secpod.oval:def:204871
PostgreSQL is an advanced object-relational database management system . The following packages have been upgraded to a later upstream version: postgresql . Security Fix: * postgresql: Certain host connection parameters defeat client-side security defenses For more details about the security issue ...

oval:org.secpod.oval:def:33049
The host is installed with Google Chrome before 48.0.2564.109 and is prone to an arbitrary code execution vulnerability. Aflaw is present in the application, which fails to handle a crafted JPEG 2000 image in a PDF document. Successful exploitation allows remote attackers to execute arbitrary code o ...

oval:org.secpod.oval:def:204875
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.2.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 62 and Firefox ESR 60.2 * Mozilla: Use-after-free in driver timers * Mozi ...

oval:org.secpod.oval:def:702591
strongswan: IPsec VPN solution strongSwan could be made to expose sensitive information over the network.

oval:org.secpod.oval:def:33048
The host is installed with Google Chrome before 48.0.2564.109 and is prone to an arbitrary code execution vulnerability. A flaw is present in the application, which fails to handle a crafted JPEG 2000 image in a PDF document. Successful exploitation allows remote attackers to execute arbitrary code ...

oval:org.secpod.oval:def:204868
Mutt is a low resource, highly configurable, text-based MIME e-mail client. Mutt supports most e-mail storing formats, such as mbox and Maildir, as well as most protocols, including POP3 and IMAP. Security Fix: * mutt: Remote code injection vulnerability to an IMAP mailbox * mutt: Remote Code Execu ...

oval:org.secpod.oval:def:702582
ntfs-3g: read/write NTFS driver for FUSE Details: USN-2617-1 fixed a vulnerability in NTFS-3G. The original patch did not completely address the issue. This update fixes the problem. Original advisory NTFS-3G could be made to overwrite files as the administrator.

oval:org.secpod.oval:def:702572
postgresql-9.4: Object-relational SQL database - postgresql-9.3: Object-relational SQL database - postgresql-9.1: Object-relational SQL database Several security issues were fixed in PostgreSQL.

oval:org.secpod.oval:def:702568
oxide-qt: Web browser engine library for Qt Several security issues were fixed in Oxide.

oval:org.secpod.oval:def:702567
ntfs-3g: read/write NTFS driver for FUSE Details: USN-2617-1 fixed a vulnerability in FUSE. This update provides the corresponding fix for the embedded FUSE copy in NTFS-3G. Original advisory NTFS-3G could be made to overwrite files as the administrator.

oval:org.secpod.oval:def:702569
fuse: Filesystem in Userspace FUSE could be made to overwrite files as the administrator.

oval:org.secpod.oval:def:703880
libreoffice: Office productivity suite LibreOffice could be made to crash or run programs as your login if it opened a specially crafted file.

oval:org.secpod.oval:def:703883
postgresql-common: PostgreSQL database-cluster manager postgresql-common could be made to overwrite files as the administrator.

oval:org.secpod.oval:def:204814
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.8.0. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8 * Mozilla: Backport critical security fixes in Skia * Mozilla: Use-after-free with SVG animations ...

oval:org.secpod.oval:def:204813
The procps-ng packages contain a set of system utilities that provide system information, including ps, free, skill, pkill, pgrep, snice, tload, top, uptime, vmstat, w, watch, and pwdx. Security Fix: * procps-ng, procps: Integer overflows leading to heap overflow in file2strvec * procps-ng, procps: ...

oval:org.secpod.oval:def:703874
quagga: BGP/OSPF/RIP routing daemon Several security issues were fixed in Quagga.

oval:org.secpod.oval:def:204819
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 52.7.3 ESR. Security Fix: * firefox: Use-after-free in compositor potentially allows code execution For more details about the security issue, incl ...

oval:org.secpod.oval:def:702548
oxide-qt: Web browser engine library for Qt Several security issues were fixed in Oxide.

oval:org.secpod.oval:def:702520
libreoffice: Office productivity suite LibreOffice could be made to crash or run programs as your login if it opened a specially crafted file.

oval:org.secpod.oval:def:702519
tcpdump: command-line network traffic analyzer tcpdump could be made to crash or run programs if it received specially crafted network traffic.

oval:org.secpod.oval:def:702517
wpa: client support for WPA and WPA2 wpa_supplicant could be made to crash, expose memory, or run programs if it received specially crafted network traffic.

oval:org.secpod.oval:def:48182
The host is installed with Artifex Ghostscript through 9.25 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to properly handle vectors involving the 1policy operator. Successful exploitation could allow attackers to bypass a sandbox protection mecha ...

oval:org.secpod.oval:def:204574
The wpa_supplicant packages contain an 802.1X Supplicant with support for WEP, WPA, WPA2 , and various EAP authentication methods. They implement key negotiation with a WPA Authenticator for client stations and controls the roaming and IEEE 802.11 authentication and association of the WLAN driver. S ...

oval:org.secpod.oval:def:204573
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.4.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ...

oval:org.secpod.oval:def:204564
Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix: * A use-after-free flaw was found in the TLS 1.2 implementation in the NSS library when client authentication was used. A malicious cl ...

oval:org.secpod.oval:def:204567
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.4.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:204544
Graphite2 is a project within SIL"s Non-Roman Script Initiative and Language Software Development groups to provide rendering capabilities for complex non-Roman writing systems. Graphite can be used to create smart fonts capable of displaying writing systems with various complex behaviors. With resp ...

oval:org.secpod.oval:def:204589
The bash packages provide Bash , which is the default shell for Red Hat Enterprise Linux. Security Fix: * An arbitrary command injection flaw was found in the way bash processed the hostname value. A malicious DHCP server could use this flaw to execute arbitrary commands on the DHCP client machines ...

oval:org.secpod.oval:def:204588
Poppler is a Portable Document Format rendering library, used by applications such as Evince. Security Fix: * A stack-based buffer overflow was found in the poppler library. An attacker could create a malicious PDF file that would cause applications that use poppler to crash, or potentially execut ...

oval:org.secpod.oval:def:703136
glibc: GNU C Library - eglibc: GNU C Library Details: USN-2985-1 fixed vulnerabilities in the GNU C Library. The fix for CVE-2014-9761 introduced a regression which affected applications that use the libm library but were not fully restarted after the upgrade. This update removes the fix for CVE-201 ...

oval:org.secpod.oval:def:33125
The host is installed with Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65 or 8.x before 8.0.27 and is prone to a directory traversal vulnerability. A flaw is present in RequestUtil.java, which fails to handle a /.. (slash dot dot) in a pathname used by a web application in a getResource, getReso ...

oval:org.secpod.oval:def:204535
Mercurial is a fast, lightweight source control management system designed for efficient handling of very large distributed projects. Security Fix: * A flaw was found in the way "hg serve --stdio" command in Mercurial handled command-line options. A remote, authenticated attacker could use ...

oval:org.secpod.oval:def:204537
The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Security Fix: * A flaw was found in the way BIND handled TSIG authentication for dynamic ...

oval:org.secpod.oval:def:204522
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.2.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ...

oval:org.secpod.oval:def:204516
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.2.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:204500
Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: * It was found that Samba always requested forwardable tickets when ...

oval:org.secpod.oval:def:703983
erlang: Concurrent, real-time, distributed functional language Several security issues were fixed in Erlang.

oval:org.secpod.oval:def:703974
squid3: Web proxy cache server Several security issues were fixed in Squid.

oval:org.secpod.oval:def:40397
The host is installed with Pidgin before 2.12.0 and is prone to an out-of-bounds write vulnerability. A flaw is present in the application, which fails to properly handle a invalid xml. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:204697
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.5.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:204698
The wget packages provide the GNU Wget file retrieval utility for HTTP, HTTPS, and FTP protocols. Security Fix: * A stack-based and a heap-based buffer overflow flaws were found in wget when processing chunked encoded HTTP responses. By tricking an unsuspecting user into connecting to a malicious HT ...

oval:org.secpod.oval:def:204666
Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. The following packages have been upgraded to a later upstream version: pidgin . Security Fix: * A denial of service flaw was found in the way Pidgin"s Mxit plug-in han ...

oval:org.secpod.oval:def:204606
The evince packages provide a simple multi-page document viewer for Portable Document Format , PostScript , Encapsulated PostScript files, and, with additional back-ends, also the Device Independent File format files. Security Fix: * It was found that evince did not properly sanitize the command l ...

oval:org.secpod.oval:def:49637
The host is installed with Google Chrome before 71.0.3578.80 and is prone to a use after free vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:49638
The host is installed with Google Chrome before 71.0.3578.80 and is prone to a use after free vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:49646
The host is missing a high severity security update according to Google advisory. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:703258
imlib2: Image manipulation and rendering library Several security issues were fixed in Imlib2.

oval:org.secpod.oval:def:49645
The host is missing a high severity security update according to Google advisory. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:204641
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.3.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ...

oval:org.secpod.oval:def:204645
The libsoup packages provide an HTTP client and server library for GNOME. Security Fix: * A stack-based buffer overflow flaw was discovered within the HTTP processing of libsoup. A remote attacker could exploit this flaw to cause a crash or, potentially, execute arbitrary code by sending a specially ...

oval:org.secpod.oval:def:204625
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.3.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:54507
Cedric Buissart discovered two vulnerabilities in Ghostscript, the GPL PostScript/PDF interpreter, which could result in bypass of file system restrictions of the dSAFER sandbox.

oval:org.secpod.oval:def:55019
ghostscript: PostScript and PDF interpreter Ghostscript could be made to crash, access files, or run programs if it opened a specially crafted file.

oval:org.secpod.oval:def:55030
A vulnerability was discovered in Ghostscript, the GPL PostScript/PDF interpreter, which may result in denial of service or the execution of arbitrary code if a malformed Postscript file is processed .

oval:org.secpod.oval:def:55042
The host is installed with Artifex Ghostscript before 9.27 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to properly handle the crafted PostScript file. Successful exploitation could allow attackers to have access to the file system outside o ...

oval:org.secpod.oval:def:1801090
In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.

oval:org.secpod.oval:def:1801091
In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.

oval:org.secpod.oval:def:1801087
In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.

oval:org.secpod.oval:def:1801089
In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.

oval:org.secpod.oval:def:1600971
An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file header extensions could cause a one or two byte overwrite.An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the TOLOWER macro for CHM decom ...

oval:org.secpod.oval:def:1600941
Paramiko contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity. This issue does not affect instances where only the ssh client functionality of the paramiko library is used.

oval:org.secpod.oval:def:1801333
Python Paramiko through versions 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5 and 1.17.6 is vulnerable to an authentication bypass in paramiko/auth_handler.py. A remote attacker could exploit this vulnerability in paramiko SSH servers to execute arbitrary code. Fixed In Version:¶ python-paramiko 2 ...

oval:org.secpod.oval:def:1801336
Python Paramiko through versions 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5 and 1.17.6 is vulnerable to an authentication bypass in paramiko/auth_handler.py. A remote attacker could exploit this vulnerability in paramiko SSH servers to execute arbitrary code. Fixed In Version:¶ python-paramiko 2 ...

oval:org.secpod.oval:def:1801329
Python Paramiko through versions 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5 and 1.17.6 is vulnerable to an authentication bypass in paramiko/auth_handler.py. A remote attacker could exploit this vulnerability in paramiko SSH servers to execute arbitrary code. Fixed In Version:¶ python-paramiko 2 ...

oval:org.secpod.oval:def:54505
Chris Coulson discovered several vulnerabilities in libssh2, a SSH2 client-side library, which could result in denial of service, information leaks or the execution of arbitrary code.

oval:org.secpod.oval:def:42580
The host is installed with Apache OpenOffice before 4.1.4 and is prone to an arbitrary file disclosure vulnerability. A flaw is present in the application, which fails to handle a crafted document. Successful exploitation could allow attackers to disclose sensitive information.

oval:org.secpod.oval:def:42585
The host is installed with Apache OpenOffice before 4.1.4 and is prone to an arbitrary file disclosure vulnerability. A flaw is present in the application, which fails to handle a crafted document. Successful exploitation could allow attackers to disclose sensitive information.

oval:org.secpod.oval:def:1800125
Parsing the Rich Text Format character style index was insufficiently checked for validity. Documents can be constructed which dereference an iterator to the first entry of an empty STL container. Fixed In: libreoffice 5.1.4, libreoffice 5.2.0

oval:org.secpod.oval:def:1801355
CVE-2019-6798: SQL injection in Designer feature Affected Versions:¶ phpMyAdmin versions from 4.5.0 through 4.8.4 are affected. Fixed In Version:¶ phpMyAdmin 4.8.5

oval:org.secpod.oval:def:42353
The host is missing an important security update 4041681

oval:org.secpod.oval:def:42357
The host is missing an important security update KB4041690

oval:org.secpod.oval:def:42359
The host is missing an important security update KB4041687

oval:org.secpod.oval:def:42361
The host is missing an important security update KB4041693

oval:org.secpod.oval:def:42364
The host is missing an important security update 4041678

oval:org.secpod.oval:def:42363
The host is missing an important security update 4041679

oval:org.secpod.oval:def:42417
A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or inject forged Wi-Fi packets by manipulating cryptograhpic handshakes used by the WPA2 protocol.

oval:org.secpod.oval:def:42416
A new exploitation technique called key reinstallation attacks (KRACKs) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used group key (GTK) during a group ...

oval:org.secpod.oval:def:42415
A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or inject forged Wi-Fi packets by manipulating cryptograhpic handshakes used by the WPA2 protocol.

oval:org.secpod.oval:def:42414
A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or inject forged Wi-Fi packets by manipulating cryptograhpic handshakes used by the WPA2 protocol.

oval:org.secpod.oval:def:42419
A new exploitation technique called key reinstallation attacks (KRACKs) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used integrity group key (IGTK) dur ...

oval:org.secpod.oval:def:42418
A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or inject forged Wi-Fi packets by manipulating cryptograhpic handshakes used by the WPA2 protocol.

oval:org.secpod.oval:def:42420
A new exploitation technique called key reinstallation attacks (KRACKs) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used group key (GTK) during a Wirel ...

oval:org.secpod.oval:def:43010
The host is installed with Apple Mac OS X 10.11.6 or 10.12.6 or before 10.13.1 and is prone to a key reinstallation vulnerability. A flaw is present in the application, which fails to properly handle a logic issue existing in the handling of state. Successful exploitation could allow attackers to fo ...

oval:org.secpod.oval:def:43014
The host is installed with Apple Mac OS X 10.11.6 or 10.12.6 or before 10.13.1 and is prone to a key reinstallation vulnerability. A flaw is present in the application, which fails to properly handle a logic issue existing in the handling of state. Successful exploitation could allow attackers to fo ...

oval:org.secpod.oval:def:43012
The host is installed with Apple Mac OS X 10.11.6 or 10.12.6 or before 10.13.1 and is prone to a key reinstallation vulnerability. A flaw is present in the application, which fails to properly handle a logic issue existing in the handling of state. Successful exploitation could allow attackers to fo ...

oval:org.secpod.oval:def:43011
The host is installed with Apple Mac OS X 10.11.6 or 10.12.6 or before 10.13.1 and is prone to a key reinstallation vulnerability. A flaw is present in the application, which fails to properly handle a logic issue existing in the handling of state. Successful exploitation could allow attackers to fo ...

oval:org.secpod.oval:def:1600916
exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP 7.2.x before 7.2.8 allows remote attackers to cause a denial of service via a crafted JPEG file.exif_read_from_impl in ext/exif/exif.c in PHP 7.2.x through 7.2.7 allows attackers to trigger a use-after-free because it closes a stream that it ...

oval:org.secpod.oval:def:1600913
exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, and 7.1.x before 7.1.20, allows remote attackers to cause a denial of service via a crafted JPEG file.An issue was discovered in PHP before 5.6.37, 7.0.x before 7.0.31, and 7.1.x before 7.1.20. An Integer Ov ...

oval:org.secpod.oval:def:1600938
The Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 allows XSS via the body of a "Transfer-Encoding: chunked" request, because the bucket brigade is mishandled in the php_handler function in sapi/apache2handler/sapi_apache2.c

oval:org.secpod.oval:def:116245
PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ...

oval:org.secpod.oval:def:116238
PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ...

oval:org.secpod.oval:def:1600927
A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq were used with "host" or "hostaddr" connection parameters from untrusted input, attackers could b ...

oval:org.secpod.oval:def:1600960
A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq were used with "host" or "hostaddr" connection parameters from untrusted input, attackers could b ...

oval:org.secpod.oval:def:1600914
Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.5.60 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability ...

oval:org.secpod.oval:def:1600889
Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of ...

oval:org.secpod.oval:def:1600887
Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromis ...

oval:org.secpod.oval:def:204867
MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a later upstream version: mariadb . Security Fix: * mysql: Client programs unspecified vulnerability * mysql: Server: DML unspecified vulnerability * my ...

oval:org.secpod.oval:def:54090
busybox: Tiny utilities for small and embedded systems Several security issues were fixed in BusyBox.

oval:org.secpod.oval:def:26859
The host is installed with LibreOffice before 4.3.7001, 4.4.x before 4.4.2002 or Apache OpenOffice before 4.1.2 and is prone to an out-of-bounds write vulnerability. A flaw is present in the application, which fails to handle a crafted HWP document. Successful exploitation could allow attackers to c ...

oval:org.secpod.oval:def:40422
The host is installed with LibreOffice before 5.1.6002 or 5.2.x before 5.2.2002 or OpenOffice.org through 4.1.3 and is prone to an arbitrary file disclosure vulnerability. A flaw is present in the application, which fails to handle embedded object. Successful exploitation could allow remote attacker ...

oval:org.secpod.oval:def:43056
The host is installed with Apple Mac OS X 10.13.1 or 10.12.6 or 10.11.6 and is prone to an out-of-bounds read vulnerability. The flaw is present in the application, which fails to properly handle an out-of-bounds read issue, which existed in X.509 IPAddressFamily parsing. Successful exploitation all ...

oval:org.secpod.oval:def:1800292
CVE-2017-3735: Malformed X.509 IPAdressFamily could cause OOB read If an X.509 certificate has a malformed IPAddressFamily extension,OpenSSL could do a one-byte buffer overread. The most likely result would be an erroneous display of the certificate in text format. Fixed In Version openssl 1.0.2m, o ...

oval:org.secpod.oval:def:703881
openssl: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL.

oval:org.secpod.oval:def:1800720
CVE-2017-3735: Malformed X.509 IPAdressFamily could cause OOB read; If an X.509 certificate has a malformed IPAddressFamily extension,OpenSSL could do a one-byte buffer over read. The most likely result would be an erroneous display of the certificate in text format. Fixed In Version: openssl 1.0.2m ...

oval:org.secpod.oval:def:110422
SSH is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the sec ...

oval:org.secpod.oval:def:110559
SSH is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the sec ...

oval:org.secpod.oval:def:1600900
A data validation flaw was found in the way gnupg processes file names during decryption and signature validation. An attacker may be able to inject messages into gnupg verbose message logging which may have the potential to bypass the integrity of signature authentication mechanisms and could have ...

oval:org.secpod.oval:def:204851
The GNU Privacy Guard is a tool for encrypting data and creating digital signatures, compliant with OpenPGP and S/MIME standards. Security Fix: * gnupg2: Improper sanitization of filenames allows for the display of fake status messages and the bypass of signature verification For more details abou ...

oval:org.secpod.oval:def:1600890
Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of ...

oval:org.secpod.oval:def:48027
The host is missing an important security update according to Google advisory. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:48060
The host is missing an important security update according to Google advisory. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:48061
The host is missing an important security update according to Google advisory. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:2000159
In phpMyAdmin before 4.8.4, an XSS vulnerability was found in the navigation tree, where an attacker can deliver a payload to a user through a crafted database/table name.

oval:org.secpod.oval:def:1600982
Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of ...

oval:org.secpod.oval:def:1600991
Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Succe ...

oval:org.secpod.oval:def:1801007
CVE-2017-12122: An exploitable code execution vulnerability exists in the ILBM image rendering functionality of SDL2_image-2.0.2.

oval:org.secpod.oval:def:603379
Multiple vulnerabilities have been discovered in the image loading library for Simple DirectMedia Layer 1.2, which could result in denial of service or the execution of arbitrary code if malformed image files are opened.

oval:org.secpod.oval:def:603371
Multiple vulnerabilities have been discovered in the image loading library for Simple DirectMedia Layer 2, which could result in denial of service or the execution of arbitrary code if malformed image files are opened.

oval:org.secpod.oval:def:53313
Multiple vulnerabilities have been discovered in the image loading library for Simple DirectMedia Layer 1.2, which could result in denial of service or the execution of arbitrary code if malformed image files are opened.

oval:org.secpod.oval:def:53307
Multiple vulnerabilities have been discovered in the image loading library for Simple DirectMedia Layer 2, which could result in denial of service or the execution of arbitrary code if malformed image files are opened.

oval:org.secpod.oval:def:1801552
CVE-2017-2887: An exploitable buffer overflow vulnerability exists in the XCF property handling functionality of SDL_image 2.0.1.

oval:org.secpod.oval:def:603314
Huzaifa Sidhpurwala discovered that an out-of-bounds memory write in the codebook parsing code of the Libtremor multimedia library could result in the execution of arbitrary code if a malformed Vorbis file is opened.

oval:org.secpod.oval:def:53278
Huzaifa Sidhpurwala discovered that an out-of-bounds memory write in the codebook parsing code of the Libtremor multimedia library could result in the execution of arbitrary code if a malformed Vorbis file is opened.

oval:org.secpod.oval:def:603017
The security update announced as DSA-3904-1 in bind9 introduced a regression. The fix for CVE-2017-3142 broke verification of TSIG signed TCP message sequences where not all the messages contain TSIG records. This is conform to the spec and may be used in AXFR and IXFR response.

oval:org.secpod.oval:def:502544
The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix: * ghostscript: incomplete fix for CVE-2018-16509 For more details about the security issue ...

oval:org.secpod.oval:def:1502399
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1600939
A vulnerability was discovered in 389-ds-base. The lock controlling the error log was not correctly used when re-opening the log file in log__error_emergency. An attacker could send a flood of modifications to a very large DN, which would cause slapd to crash.A race condition was found in the way 38 ...

oval:org.secpod.oval:def:204879
389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. Security Fix: * 389-ds-base: race condition on reference counter leads to DoS using persistent search * 389- ...

oval:org.secpod.oval:def:204468
OpenJPEG is an open source library for reading and writing image files in JPEG2000 format. Security Fix: * Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in OpenJPEG. A specially crafted JPEG2000 image could cause an application using OpenJPEG to crash or, potent ...

oval:org.secpod.oval:def:39116
The host installed with kernel package on RHEL 7 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle clearing of SELinux attributes. Successful exploitation could allow attackers to empty (null) write to /proc/pid/attr file that can crash th ...

oval:org.secpod.oval:def:1800905
CVE-2017-12150: SMB1/2/3 connections may not require signing where they should Affected versions: samba 3.0.25 to 4.6.7 Fixed In: samba 4.6.8, 4.5.14 and 4.4.16

oval:org.secpod.oval:def:204560
Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: * It was found that samba did not enforce "SMB signing" wh ...

oval:org.secpod.oval:def:1800860
CVE-2017-12150: SMB1/2/3 connections may not require signing where they should Affected versions:¶ samba 3.0.25 to 4.6.7 Fixed in:¶ samba 4.6.8, 4.5.14 and 4.4.16

oval:org.secpod.oval:def:1800862
CVE-2017-12150: SMB1/2/3 connections may not require signing where they should Affected versions: samba 3.0.25 to 4.6.7 Fixed in: samba 4.6.8, 4.5.14 and 4.4.16

oval:org.secpod.oval:def:110982
Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux . The main package includes the libvirtd server exporting the virtualization support.

oval:org.secpod.oval:def:204129
The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. The following packages have been upgraded to a newer upstream version: libvir ...

oval:org.secpod.oval:def:111126
Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux . The main package includes the libvirtd server exporting the virtualization support.

oval:org.secpod.oval:def:1800281
It was found that setting VNC password to empty string doesn"t work in a way as it"s documented. The documented semantics of setting the password to an empty string are that it disables all access to the VNC server, however in fact it allows all users access with no authentication required instead.

oval:org.secpod.oval:def:110837
Xerces-C is a validating XML parser written in a portable subset of C++. Xerces-C makes it easy to give your application the ability to read and write XML data. A shared library is provided for parsing, generating, manipulating, and validating XML documents. Xerces-C is faithful to the XML 1.0 recom ...

oval:org.secpod.oval:def:110831
Xerces-C is a validating XML parser written in a portable subset of C++. Xerces-C makes it easy to give your application the ability to read and write XML data. A shared library is provided for parsing, generating, manipulating, and validating XML documents. Xerces-C is faithful to the XML 1.0 recom ...

oval:org.secpod.oval:def:110830
Xerces-C is a validating XML parser written in a portable subset of C++. Xerces-C makes it easy to give your application the ability to read and write XML data. A shared library is provided for parsing, generating, manipulating, and validating XML documents. Xerces-C is faithful to the XML 1.0 recom ...

oval:org.secpod.oval:def:110820
Xerces-C is a validating XML parser written in a portable subset of C++. Xerces-C makes it easy to give your application the ability to read and write XML data. A shared library is provided for parsing, generating, manipulating, and validating XML documents. Xerces-C is faithful to the XML 1.0 recom ...

oval:org.secpod.oval:def:110817
Xerces-C is a validating XML parser written in a portable subset of C++. Xerces-C makes it easy to give your application the ability to read and write XML data. A shared library is provided for parsing, generating, manipulating, and validating XML documents. Xerces-C is faithful to the XML 1.0 recom ...

oval:org.secpod.oval:def:110809
Xerces-C is a validating XML parser written in a portable subset of C++. Xerces-C makes it easy to give your application the ability to read and write XML data. A shared library is provided for parsing, generating, manipulating, and validating XML documents. Xerces-C is faithful to the XML 1.0 recom ...

oval:org.secpod.oval:def:400709
xen was updated to fix 44 security issues. These security issues were fixed: - CVE-2013-4533: Buffer overflow in the pxa2xx_ssp_load function in hw/arm/pxa2xx.c allowed remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted s->rx_level value in a savevm ima ...

oval:org.secpod.oval:def:400737
xen was updated to fix 46 security issues. These security issues were fixed: - CVE-2013-4527: Buffer overflow in hw/timer/hpet.c might have allowed remote attackers to execute arbitrary code via vectors related to the number of timers . - CVE-2013-4529: Buffer overflow in hw/pci/pcie_aer.c allowed r ...

oval:org.secpod.oval:def:400783
This update for glibc fixes the following security issues: - CVE-2015-7547: A stack-based buffer overflow in getaddrinfo allowed remote attackers to cause a crash or execute arbitrary code via crafted and timed DNS responses - CVE-2015-8777: Insufficient checking of LD_POINTER_GUARD environment var ...

oval:org.secpod.oval:def:400632
This update for glibc fixes the following security issues: - CVE-2015-7547: A stack-based buffer overflow in getaddrinfo allowed remote attackers to cause a crash or execute arbitrary code via crafted and timed DNS responses - CVE-2015-8777: Insufficient checking of LD_POINTER_GUARD environment var ...

oval:org.secpod.oval:def:25177
The host is installed with qemu-kvm on Red Hat Enterprise Linux 7 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to limit resources used to process the header and payload of an incoming frame. Successful exploitation could allow attackers to cras ...

oval:org.secpod.oval:def:203754
KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. It was found that the QEMU"s websocket frame decoder processed incoming frames without limiting resources used to process the ...

oval:org.secpod.oval:def:703131
glibc: GNU C Library - eglibc: GNU C Library Several security issues were fixed in the GNU C Library.

oval:org.secpod.oval:def:26405
qemu: Machine emulator and virtualizer - qemu-kvm: Machine emulator and virtualizer Several security issues were fixed in QEMU.

oval:org.secpod.oval:def:702725
qemu: Machine emulator and virtualizer - qemu-kvm: Machine emulator and virtualizer Several security issues were fixed in QEMU.

oval:org.secpod.oval:def:602166
It was discovered that the texttopdf utility, part of cups-filters, was susceptible to multiple heap-based buffer overflows due to improper handling of print jobs with a specially crafted line size. This could allow remote attackers to crash texttopdf or possibly execute arbitrary code.

oval:org.secpod.oval:def:1600920
A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq were used with "host" or "hostaddr" connection parameters from untrusted input, attackers could b ...

oval:org.secpod.oval:def:1600929
A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq were used with "host" or "hostaddr" connection parameters from untrusted input, attackers could b ...

oval:org.secpod.oval:def:1600925
OpenSSH is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.

oval:org.secpod.oval:def:1801176
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.

oval:org.secpod.oval:def:1801160
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.

oval:org.secpod.oval:def:1801165
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.

oval:org.secpod.oval:def:1801169
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.

oval:org.secpod.oval:def:1600948
A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq were used with "host" or "hostaddr" connection parameters from untrusted input, attackers could b ...

oval:org.secpod.oval:def:44099
erlang: Concurrent, real-time, distributed functional language Several security issues were fixed in Erlang.

oval:org.secpod.oval:def:52199
erlang: Concurrent, real-time, distributed functional language Several security issues were fixed in Erlang.

oval:org.secpod.oval:def:116923
PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ...

oval:org.secpod.oval:def:116921
PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ...

oval:org.secpod.oval:def:1601055
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information d ...

oval:org.secpod.oval:def:53040
The host is missing a critical security update according to Mozilla advisory, MFSA2019-08. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code.

oval:org.secpod.oval:def:54108
thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird.

oval:org.secpod.oval:def:54509
libxslt: XSLT processing library Libxslt could be made to expose sensitive information if it received a specially crafted file.

oval:org.secpod.oval:def:111570
Quagga is free software that operates TCP/IP-based routing protocols. It takes a multi-server and multi-threaded approach to resolving the current complexity of the Internet. Quagga supports Babel, BGP4, BGP4+, BGP4-, IS-IS , OSPFv2, OSPFv3, RIPv1, RIPv2, and RIPng. Quagga is intended to be used as ...

oval:org.secpod.oval:def:111576
Quagga is free software that operates TCP/IP-based routing protocols. It takes a multi-server and multi-threaded approach to resolving the current complexity of the Internet. Quagga supports Babel, BGP4, BGP4+, BGP4-, IS-IS , OSPFv2, OSPFv3, RIPv1, RIPv2, and RIPng. Quagga is intended to be used as ...

oval:org.secpod.oval:def:111722
The OpenJPEG library is an open-source JPEG 2000 library developed in order to promote the use of JPEG 2000. This package contains * JPEG 2000 codec compliant with the Part 1 of the standard . * JP2

oval:org.secpod.oval:def:111727
The OpenJPEG library is an open-source JPEG 2000 library developed in order to promote the use of JPEG 2000. This package contains * JPEG 2000 codec compliant with the Part 1 of the standard . * JP2

oval:org.secpod.oval:def:111834
MinGW Windows openjpeg2 library.

oval:org.secpod.oval:def:111835
MinGW Windows openjpeg2 library.

oval:org.secpod.oval:def:111928
PowerDNS Recursor is a non authoritative/recursing DNS server. Use this package if you need a dns cache for your network.

oval:org.secpod.oval:def:111930
PowerDNS Recursor is a non authoritative/recursing DNS server. Use this package if you need a dns cache for your network.

oval:org.secpod.oval:def:111944
The PowerDNS Nameserver is a modern, advanced and high performance authoritative-only nameserver. It is written from scratch and conforms to all relevant DNS standards documents. Furthermore, PowerDNS interfaces with almost any database.

oval:org.secpod.oval:def:111945
Ikiwiki is a wiki compiler. It converts wiki pages into HTML pages suitable for publishing on a website. Ikiwiki stores pages and history in a revision control system such as Subversion or Git. There are many other features, including support for blogging, as well as a large array of plugins.

oval:org.secpod.oval:def:111946
Ikiwiki is a wiki compiler. It converts wiki pages into HTML pages suitable for publishing on a website. Ikiwiki stores pages and history in a revision control system such as Subversion or Git. There are many other features, including support for blogging, as well as a large array of plugins.

oval:org.secpod.oval:def:111947
The PowerDNS Nameserver is a modern, advanced and high performance authoritative-only nameserver. It is written from scratch and conforms to all relevant DNS standards documents. Furthermore, PowerDNS interfaces with almost any database.

oval:org.secpod.oval:def:1800453
CVE-2016-7068: Crafted queries can cause abnormal CPU usage Affects: PowerDNS Recursor up to and including 3.7.3, 4.0.3Not affected: PowerDNS Recursor 3.7.4, 4.0.4 Reference Patches CVE-2016-7073, CVE-2016-7074: Insufficient validation of TSIG signatures Affects: PowerDNS Recursor from 4.0.0 and up ...

oval:org.secpod.oval:def:1600721
Unsafe YAML deserialization:Versions of Puppet prior to 4.10.1 will deserialize data off the wire with a attacker-specified format. This could be used to force YAML deserialization in an unsafe manner, which would lead to remote code execution. This change constrains the format of data on the wire ...

oval:org.secpod.oval:def:602901
It was discovered that unrestricted YAML deserialisation of data sent from agents to the server in the Puppet configuration management system could result in the execution of arbitrary code. Note that this fix breaks backward compability with Puppet agents older than 3.2.2 and there is no safe way t ...

oval:org.secpod.oval:def:112428
Puppet lets you centrally manage every important aspect of your system using a cross-platform specification language that manages all the separate elements normally aggregated in different files, like users, cron jobs, and hosts, along with obviously discrete elements like packages, services, and fi ...

oval:org.secpod.oval:def:1800661
A vulnerability exists in Mosquitto versions 0.15 to 1.4.11. Pattern based ACLs can be bypassed by clients that set their username/client id to # or +. This allows locally or remotely connected clients to access MQTT topics that they do have the rights to. The same issue may be present in third part ...

oval:org.secpod.oval:def:1800653
A vulnerability exists in Mosquitto versions 0.15 to 1.4.11. Pattern based ACLs can be bypassed by clients that set their username/client id to # or +. This allows locally or remotely connected clients to access MQTT topics that they do have the rights to. The same issue may be present in third part ...

oval:org.secpod.oval:def:602907
It was discovered that pattern-based ACLs in the Mosquitto MQTT broker could be bypassed.

oval:org.secpod.oval:def:112445
Mosquitto is an open source message broker that implements the MQ Telemetry Transport protocol version 3.1 and 3.1.1 MQTT provides a lightweight method of carrying out messaging using a publish/subscribe model. This makes it suitable for "machine to machine" messaging such as with low power sensors ...

oval:org.secpod.oval:def:112441
Mosquitto is an open source message broker that implements the MQ Telemetry Transport protocol version 3.1 and 3.1.1 MQTT provides a lightweight method of carrying out messaging using a publish/subscribe model. This makes it suitable for "machine to machine" messaging such as with low power sensors ...

oval:org.secpod.oval:def:112582
BIND is an implementation of the DNS protocols. This package set contains only export version of BIND libraries, that are used for building ISC DHCP.

oval:org.secpod.oval:def:112572
DHCP

oval:org.secpod.oval:def:112597
This package provides an LDAP back-end plug-in for BIND. It features support for dynamic updates and internal caching, to lift the load off of your LDAP server.

oval:org.secpod.oval:def:112594
BIND is an implementation of the DNS protocols. BIND includes a DNS server , which resolves host names to IP addresses; a resolver library ; and tools for verifying that the DNS server is operating properly.

oval:org.secpod.oval:def:112567
This package provides an LDAP back-end plug-in for BIND. It features support for dynamic updates and internal caching, to lift the load off of your LDAP server.

oval:org.secpod.oval:def:112568
BIND is an implementation of the DNS protocols. BIND includes a DNS server , which resolves host names to IP addresses; a resolver library ; and tools for verifying that the DNS server is operating properly.

oval:org.secpod.oval:def:112564
This is dnsperf, a collection of DNS server performance testing tools. For more information, see the dnsperf and resperf man pages.

oval:org.secpod.oval:def:112608
This is dnsperf, a collection of DNS server performance testing tools. For more information, see the dnsperf and resperf man pages.

oval:org.secpod.oval:def:1800652
CVE-2017-9462: Python debugger accessible to authorized users In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and consequently execute arbitrary code, by using --debugger as a repository name.

oval:org.secpod.oval:def:1800673
CVE-2017-1000115: Mercurial"s symlink auditing was incomplete prior to 4.3, and could be abused to write to files outside the repository.

oval:org.secpod.oval:def:53127
Several issues were discovered in Mercurial, a distributed revision control system. CVE-2017-9462 Jonathan Claudius of Mozilla discovered that repositories served over stdio could be tricked into granting authorized users access to the Python debugger. CVE-2017-1000115 Mercurial"s symlink auditing ...

oval:org.secpod.oval:def:1800490
CVE-2017-9462: Python debugger accessible to authorized users In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and consequently execute arbitrary code, by using --debugger as a repository name.

oval:org.secpod.oval:def:603088
Several issues were discovered in Mercurial, a distributed revision control system. CVE-2017-9462 Jonathan Claudius of Mozilla discovered that repositories served over stdio could be tricked into granting authorized users access to the Python debugger. CVE-2017-1000115 Mercurial"s symlink auditing ...

oval:org.secpod.oval:def:602927
It has been discovered that Tor, a connection-based low-latency anonymous communication system, contain a flaw in the hidden service code when receiving a BEGIN_DIR cell on a hidden service rendezvous circuit. A remote attacker can take advantage of this flaw to cause a hidden service to crash with ...

oval:org.secpod.oval:def:113593
The Tor network is a group of volunteer-operated servers that allows people to improve their privacy and security on the Internet. Tor's users employ this network by connecting through a series of virtual tunnels rather than making a direct connection, thus allowing both organizations and indivi ...

oval:org.secpod.oval:def:603171
Joseph Bisch discovered that Konversation, an user friendly Internet Relay Chat client for KDE, could crash when parsing certain IRC color formatting codes.

oval:org.secpod.oval:def:53183
Joseph Bisch discovered that Konversation, an user friendly Internet Relay Chat client for KDE, could crash when parsing certain IRC color formatting codes.

oval:org.secpod.oval:def:113576
A simple and easy to use IRC client with support for strikeout; multi-channel joins; away / unaway messages; ignore list functionality; support for foreign language characters; auto-connect to server; optional timestamps to chat windows; configurable background colors and much more

oval:org.secpod.oval:def:113609
A simple and easy to use IRC client with support for strikeout; multi-channel joins; away / unaway messages; ignore list functionality; support for foreign language characters; auto-connect to server; optional timestamps to chat windows; configurable background colors and much more

oval:org.secpod.oval:def:113607
A simple and easy to use IRC client with support for strikeout; multi-channel joins; away / unaway messages; ignore list functionality; support for foreign language characters; auto-connect to server; optional timestamps to chat windows; configurable background colors and much more

oval:org.secpod.oval:def:113735
The transfig utility creates a makefile which translates FIG or PIC figures into a specified LaTeX graphics language . Transfig is used to create TeX documents which are portable . Install transfig if you need a utility for translating FIG or PIC figures into certain graphics languages.

oval:org.secpod.oval:def:113751
The transfig utility creates a makefile which translates FIG or PIC figures into a specified LaTeX graphics language . Transfig is used to create TeX documents which are portable . Install transfig if you need a utility for translating FIG or PIC figures into certain graphics languages.

oval:org.secpod.oval:def:603195
Multiple vulnerabilities have been found in Tor, a connection-based low-latency anonymous communication system.

oval:org.secpod.oval:def:53201
Multiple vulnerabilities have been found in Tor, a connection-based low-latency anonymous communication system.

oval:org.secpod.oval:def:113785
The Tor network is a group of volunteer-operated servers that allows people to improve their privacy and security on the Internet. Tor's users employ this network by connecting through a series of virtual tunnels rather than making a direct connection, thus allowing both organizations and indivi ...

oval:org.secpod.oval:def:113786
The Tor network is a group of volunteer-operated servers that allows people to improve their privacy and security on the Internet. Tor's users employ this network by connecting through a series of virtual tunnels rather than making a direct connection, thus allowing both organizations and indivi ...

oval:org.secpod.oval:def:602706
It was discovered that bottle, a WSGI-framework for the Python programming language, did not properly filter "\r\n" sequences when handling redirections. This allowed an attacker to perform CRLF attacks such as HTTP header injection.

oval:org.secpod.oval:def:113941
Bottle is a fast and simple micro-framework for small web-applications. It offers request dispatching with URL parameter support, Templates, a built-in HTTP Server and adapters for many third party WSGI/HTTP-server and template engines. All in a single file and with no dependencies other than the P ...

oval:org.secpod.oval:def:113917
Bottle is a fast and simple micro-framework for small web-applications. It offers request dispatching with URL parameter support, Templates, a built-in HTTP Server and adapters for many third party WSGI/HTTP-server and template engines. All in a single file and with no dependencies other than the P ...

oval:org.secpod.oval:def:113954
The POCO C++ Libraries are open source C++ class libraries that simplify and accelerate the development of network-centric, portable applications in C++. The POCO C++ Libraries are built strictly on standard ANSI/ISO C++, including the standard library.

oval:org.secpod.oval:def:113943
The POCO C++ Libraries are open source C++ class libraries that simplify and accelerate the development of network-centric, portable applications in C++. The POCO C++ Libraries are built strictly on standard ANSI/ISO C++, including the standard library.

oval:org.secpod.oval:def:603233
Stephan Zeisberg discovered that poco, a collection of open source C++ class libraries, did not correctly validate file paths in ZIP archives. An attacker could leverage this flaw to create or overwrite arbitrary files.

oval:org.secpod.oval:def:53226
Stephan Zeisberg discovered that poco, a collection of open source C++ class libraries, did not correctly validate file paths in ZIP archives. An attacker could leverage this flaw to create or overwrite arbitrary files.

oval:org.secpod.oval:def:49185
systemd: system and service manager Details: USN-3816-1 fixed several vulnerabilities in systemd. However, the fix for CVE-2018-6954 was not sufficient. This update provides the remaining fixes. We apologize for the inconvenience. Original advisory systemd-tmpfiles could be made to change ownership ...

oval:org.secpod.oval:def:49174
systemd: system and service manager Several security issues were fixed in systemd.

oval:org.secpod.oval:def:49175
systemd: system and service manager Several security issues were fixed in systemd.

oval:org.secpod.oval:def:603298
Several vulnerabilities have been discovered in SimpleSAMLphp, a framework for authentication, primarily via the SAML protocol. CVE-2017-12867 Attackers with access to a secret token could extend its validity period by manipulating the prepended time offset. CVE-2017-12869 When using the multiauth m ...

oval:org.secpod.oval:def:114183
A PHP library for SAML2 related functionality. Extracted from SimpleSAMLphp [1], used by OpenConext [2]. This library started as a collaboration between UNINETT [3] and SURFnet [4] but everyone is invited to contribute. Autoloader: /usr/share/php/SAML2/autoload.php [1] https://www.simplesamlphp.org/ ...

oval:org.secpod.oval:def:114182
A PHP library for SAML2 related functionality. Extracted from SimpleSAMLphp [1], used by OpenConext [2]. This library started as a collaboration between UNINETT [3] and SURFnet [4] but everyone is invited to contribute. Autoloader: /usr/share/php/SAML2_1/autoload.php [1] https://www.simplesamlphp.or ...

oval:org.secpod.oval:def:114185
A PHP library for SAML2 related functionality. Extracted from SimpleSAMLphp [1], used by OpenConext [2]. This library started as a collaboration between UNINETT [3] and SURFnet [4] but everyone is invited to contribute. Autoloader: /usr/share/php/SAML2_3/autoload.php [1] https://www.simplesamlphp.or ...

oval:org.secpod.oval:def:114184
A PHP library for SAML2 related functionality. Extracted from SimpleSAMLphp [1], used by OpenConext [2]. This library started as a collaboration between UNINETT [3] and SURFnet [4] but everyone is invited to contribute. Autoloader: /usr/share/php/SAML2_1/autoload.php [1] https://www.simplesamlphp.or ...

oval:org.secpod.oval:def:114180
A PHP library for SAML2 related functionality. Extracted from SimpleSAMLphp [1], used by OpenConext [2]. This library started as a collaboration between UNINETT [3] and SURFnet [4] but everyone is invited to contribute. Autoloader: /usr/share/php/SAML2/autoload.php [1] https://www.simplesamlphp.org/ ...

oval:org.secpod.oval:def:114177
A PHP library for SAML2 related functionality. Extracted from SimpleSAMLphp [1], used by OpenConext [2]. This library started as a collaboration between UNINETT [3] and SURFnet [4] but everyone is invited to contribute. Autoloader: /usr/share/php/SAML2_3/autoload.php [1] https://www.simplesamlphp.or ...

oval:org.secpod.oval:def:53266
Several vulnerabilities have been discovered in SimpleSAMLphp, a framework for authentication, primarily via the SAML protocol. CVE-2017-12867 Attackers with access to a secret token could extend its validity period by manipulating the prepended time offset. CVE-2017-12869 When using the multiauth m ...

oval:org.secpod.oval:def:603167
Wen Bin discovered that bchunk, an application that converts a CD image in bin/cue format into a set of iso and cdr/wav tracks files, did not properly check its input. This would allow malicious users to crash the application or potentially execute arbitrary code.

oval:org.secpod.oval:def:53179
Wen Bin discovered that bchunk, an application that converts a CD image in bin/cue format into a set of iso and cdr/wav tracks files, did not properly check its input. This would allow malicious users to crash the application or potentially execute arbitrary code.

oval:org.secpod.oval:def:114245
The bchunk package contains a UNIX/C rewrite of the BinChunker program. BinChunker converts a CD image in a .bin/.cue format into a set of .iso and .cdr tracks. The .bin/.cue format is used by some non-UNIX CD-writing software, but is not supported on most other CD-writing programs.

oval:org.secpod.oval:def:114255
The bchunk package contains a UNIX/C rewrite of the BinChunker program. BinChunker converts a CD image in a .bin/.cue format into a set of .iso and .cdr tracks. The .bin/.cue format is used by some non-UNIX CD-writing software, but is not supported on most other CD-writing programs.

oval:org.secpod.oval:def:114337
OpenCV means Intel Open Source Computer Vision Library. It is a collection of C functions and a few C++ classes that implement some popular Image Processing and Computer Vision algorithms.

oval:org.secpod.oval:def:114332
OpenCV means Intel Open Source Computer Vision Library. It is a collection of C functions and a few C++ classes that implement some popular Image Processing and Computer Vision algorithms.

oval:org.secpod.oval:def:2000370
In opencv/modules/imgcodecs/src/utils.cpp, functions FillUniColor and FillUniGray do not check the input length, which can lead to integer overflow. If the image is from remote, may lead to remote code execution or denial of service. This affects Opencv 3.3 and earlier.

oval:org.secpod.oval:def:114768
Git-annex allows managing files with git, without checking the file contents into git. While that may seem paradoxical, it is useful when dealing with files larger than git can currently easily handle, whether due to limitations in memory, time, or disk space. It can store large files in many places ...

oval:org.secpod.oval:def:114772
Git-annex allows managing files with git, without checking the file contents into git. While that may seem paradoxical, it is useful when dealing with files larger than git can currently easily handle, whether due to limitations in memory, time, or disk space. It can store large files in many places ...

oval:org.secpod.oval:def:114796
Cinnamon is a Linux desktop which provides advanced innovative features and a traditional user experience. The desktop layout is similar to Gnome 2. The underlying technology is forked from Gnome Shell. The emphasis is put on making users feel at home and providing them with an easy to use and comfo ...

oval:org.secpod.oval:def:114762
Cinnamon is a Linux desktop which provides advanced innovative features and a traditional user experience. The desktop layout is similar to Gnome 2. The underlying technology is forked from Gnome Shell. The emphasis is put on making users feel at home and providing them with an easy to use and comfo ...

oval:org.secpod.oval:def:53280
Marios Nicolaides discovered that the PHP plugin in uWSGI, a fast, self-healing application container server, does not properly handle a DOCUMENT_ROOT check during use of the --php-docroot option, allowing a remote attacker to mount a directory traversal attack and gain unauthorized read access to s ...

oval:org.secpod.oval:def:114824
uWSGI is a fast , self-healing, developer/sysadmin-friendly application container server. Born as a WSGI-only server, over time it has evolved in a complete stack for networked/clustered web applications, implementing message/object passing, caching, RPC and process management. It uses the uwsgi pr ...

oval:org.secpod.oval:def:603316
Marios Nicolaides discovered that the PHP plugin in uWSGI, a fast, self-healing application container server, does not properly handle a DOCUMENT_ROOT check during use of the --php-docroot option, allowing a remote attacker to mount a directory traversal attack and gain unauthorized read access to s ...

oval:org.secpod.oval:def:114826
uWSGI is a fast , self-healing, developer/sysadmin-friendly application container server. Born as a WSGI-only server, over time it has evolved in a complete stack for networked/clustered web applications, implementing message/object passing, caching, RPC and process management. It uses the uwsgi pr ...

oval:org.secpod.oval:def:114842
This package contains software for integrating VPN capabilities with the vpnc server with NetworkManager.

oval:org.secpod.oval:def:114838
This package contains software for integrating VPN capabilities with the vpnc server with NetworkManager.

oval:org.secpod.oval:def:2001413
The wavwritehdr function in wav.c in Sound eXchange 14.4.2 allows remote attackers to cause a denial of service via a crafted snd file, during conversion to a wav file.

oval:org.secpod.oval:def:2001465
The read_samples function in hcom.c in Sound eXchange 14.4.2 allows remote attackers to cause a denial of service via a crafted hcom file.

oval:org.secpod.oval:def:2000230
In lsx_aiffstartread in aiff.c in Sound eXchange 14.4.2, there is a Use-After-Free vulnerability triggered by supplying a malformed AIFF file.

oval:org.secpod.oval:def:2000306
The startread function in wav.c in Sound eXchange 14.4.2 allows remote attackers to cause a denial of service via a crafted wav file.

oval:org.secpod.oval:def:2000463
There is a stack-based buffer overflow in the lsx_ms_adpcm_block_expand_i function of adpcm.c in Sound eXchange 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file.

oval:org.secpod.oval:def:114000
SoX is a sound file format converter. SoX can convert between many different digitized sound formats and perform simple sound manipulation functions, including sound effects.

oval:org.secpod.oval:def:114023
SoX is a sound file format converter. SoX can convert between many different digitized sound formats and perform simple sound manipulation functions, including sound effects.

oval:org.secpod.oval:def:114847
SoX is a sound file format converter. SoX can convert between many different digitized sound formats and perform simple sound manipulation functions, including sound effects.

oval:org.secpod.oval:def:114941
SoX is a sound file format converter. SoX can convert between many different digitized sound formats and perform simple sound manipulation functions, including sound effects.

oval:org.secpod.oval:def:114809
curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+passwo ...

oval:org.secpod.oval:def:2000216
389-ds-base before versions 1.4.0.10, 1.3.8.3 is vulnerable to a race condition in the way 389-ds-base handles persistent search, resulting in a crash if the server is under load. An anonymous attacker could use this flaw to trigger a denial of service.

oval:org.secpod.oval:def:1502319
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1700085
A vulnerability was discovered in 389-ds-base. The lock controlling the error log was not correctly used when re-opening the log file in log__error_emergency. An attacker could send a flood of modifications to a very large DN, which would cause slapd to crash.A race condition was found in the way 38 ...

oval:org.secpod.oval:def:502364
389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. Security Fix: * 389-ds-base: race condition on reference counter leads to DoS using persistent search * 389- ...

oval:org.secpod.oval:def:2000440
The TagLib::Ogg::FLAC::File::scan function in oggflacfile.cpp in TagLib 1.11.1 allows remote attackers to cause information disclosure via a crafted audio file.

oval:org.secpod.oval:def:204816
Librelp is an easy-to-use library for the Reliable Event Logging Protocol protocol. RELP is a general-purpose, extensible logging protocol. Security Fix: * librelp: Stack-based buffer overflow in relpTcpChkPeerName function in src/tcp.c For more details about the security issue, including the impa ...

oval:org.secpod.oval:def:1600842
Improper fetch cleanup sequencing in the resolver can cause named to crash:A use-after-free flaw leading to denial of service was found in the way BIND internally handled cleanup operations on upstream recursion fetch contexts. A remote attacker could potentially use this flaw to make named, acting ...

oval:org.secpod.oval:def:1800901
Improper sequencing during cleanup operations of upstream recursion fetch contexts in BIND can lead to a use-after-free error, triggering an assertion failure and crash in named. Affected BIND versions acting as DNSSEC validating resolvers are currently known to crash with an assertion failure in ne ...

oval:org.secpod.oval:def:204740
The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Security Fix: * A use-after-free flaw leading to denial of service was found in the way ...

oval:org.secpod.oval:def:1800274
Improper sequencing during cleanup operations of upstream recursion fetch contexts in BIND can lead to a use-after-free error, triggering an assertion failure and crash in named. Affected BIND versions acting as DNSSEC validating resolvers are currently known to crash with an assertion failure in ne ...

oval:org.secpod.oval:def:1800780
Improper sequencing during cleanup operations of upstream recursion fetch contexts in BIND can lead to a use-after-free error, triggering an assertion failure and crash in named. Affected BIND versions acting as DNSSEC validating resolvers are currently known to crash with an assertion failure in ne ...

oval:org.secpod.oval:def:114861
BIND is an implementation of the DNS protocols. BIND includes a DNS server , which resolves host names to IP addresses; a resolver library ; and tools for verifying that the DNS server is operating properly.

oval:org.secpod.oval:def:115471
Simple DirectMedia Layer is a cross-platform multimedia library designed to provide fast access to the graphics frame buffer and audio device. This package contains a simple library for loading images of various formats as SDL2 surfaces.

oval:org.secpod.oval:def:115570
GlusterFS is a distributed file-system capable of scaling to several petabytes. It aggregates various storage bricks over Infiniband RDMA or TCP/IP interconnect into one large parallel network file system. GlusterFS is one of the most sophisticated file systems in terms of features and extensibility ...

oval:org.secpod.oval:def:115628
Keepalived provides simple and robust facilities for load balancing and high availability to Linux system and Linux based infrastructures. The load balancing framework relies on well-known and widely used Linux Virtual Server kernel module providing Layer4 load balancing. Keepalived implements a se ...

oval:org.secpod.oval:def:115685
MinGW Windows openjpeg2 library.

oval:org.secpod.oval:def:115684
The OpenJPEG library is an open-source JPEG 2000 library developed in order to promote the use of JPEG 2000. This package contains * JPEG 2000 codec compliant with the Part 1 of the standard . * JP2

oval:org.secpod.oval:def:115676
The OpenJPEG library is an open-source JPEG 2000 library developed in order to promote the use of JPEG 2000. This package contains * JPEG 2000 codec compliant with the Part 1 of the standard . * JP2

oval:org.secpod.oval:def:115672
MinGW Windows openjpeg2 library.

oval:org.secpod.oval:def:115858
Nagios is a program that will monitor hosts and services on your network. It has the ability to send email or page alerts when a problem arises and when a problem is resolved. Nagios is written in C and is designed to run under Linux as a background process, intermittently running checks on various ...

oval:org.secpod.oval:def:115833
Nagios is a program that will monitor hosts and services on your network. It has the ability to send email or page alerts when a problem arises and when a problem is resolved. Nagios is written in C and is designed to run under Linux as a background process, intermittently running checks on various ...

oval:org.secpod.oval:def:115908
phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface , while you still have the ability to directly execute any SQL statement. Features include an intuitive web interface, suppo ...

oval:org.secpod.oval:def:115903
phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface , while you still have the ability to directly execute any SQL statement. Features include an intuitive web interface, suppo ...

oval:org.secpod.oval:def:115924
libConfuse is a configuration file parser library, licensed under the terms of the ISC license, and written in C. It supports sections and values , as well as some other features . It makes it very easy to add configuration file capability to a program using a simple API. The goal of libConfuse is ...

oval:org.secpod.oval:def:115919
libConfuse is a configuration file parser library, licensed under the terms of the ISC license, and written in C. It supports sections and values , as well as some other features . It makes it very easy to add configuration file capability to a program using a simple API. The goal of libConfuse is ...

oval:org.secpod.oval:def:1700099
A stack exhaustion flaw was found in the way Xerces-C XML parser handled deeply nested DTDs. An attacker could potentially use this flaw to crash an application using Xerces-C by tricking it into processing specially crafted data.

oval:org.secpod.oval:def:602548
Brandon Perry discovered that xerces-c, a validating XML parser library for C++, fails to successfully parse a DTD that is deeply nested, causing a stack overflow. A remote unauthenticated attacker can take advantage of this flaw to cause a denial of service against applications using the xerces-c l ...

oval:org.secpod.oval:def:115933
Xerces-C is a validating XML parser written in a portable subset of C++. Xerces-C makes it easy to give your application the ability to read and write XML data. A shared library is provided for parsing, generating, manipulating, and validating XML documents. Xerces-C is faithful to the XML 1.0 recom ...

oval:org.secpod.oval:def:116004
Ceph is a massively scalable, open-source, distributed storage system that runs on commodity hardware and delivers object, block and file system storage.

oval:org.secpod.oval:def:116039
The mgetty package contains a "smart" getty which allows logins over a serial line . If you're using a Class 2 or 2.0 modem, mgetty can receive faxes. If you also need to send faxes, you'll need to install the sendfax program. If you'll be dialing in to your system using a mode ...

oval:org.secpod.oval:def:1901244
An issue was discovered in mgetty before 1.2.1. In fax/faxq-helper.c, the function do_activate does not properly sanitize shell metacharacters to prevent command injection. It is possible to use the

oval:org.secpod.oval:def:603512
Two input sanitization failures have been found in the faxrunq and faxq binaries in mgetty, a smart modem getty replacement. An attacker could leverage them to insert commands via shell metacharacters in jobs id and have them executed with the privilege of the faxrunq/faxq user.

oval:org.secpod.oval:def:116046
The mgetty package contains a "smart" getty which allows logins over a serial line . If you're using a Class 2 or 2.0 modem, mgetty can receive faxes. If you also need to send faxes, you'll need to install the sendfax program. If you'll be dialing in to your system using a mode ...

oval:org.secpod.oval:def:53414
Two input sanitization failures have been found in the faxrunq and faxq binaries in mgetty, a smart modem getty replacement. An attacker could leverage them to insert commands via shell metacharacters in jobs id and have them executed with the privilege of the faxrunq/faxq user.

oval:org.secpod.oval:def:116054
MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files.

oval:org.secpod.oval:def:116061
The file command is used to identify a particular file according to the type of data contained by the file. File can identify many different file types, including ELF binaries, system libraries, RPM packages, and different graphics formats.

oval:org.secpod.oval:def:116108
The file command is used to identify a particular file according to the type of data contained by the file. File can identify many different file types, including ELF binaries, system libraries, RPM packages, and different graphics formats.

oval:org.secpod.oval:def:116117
PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ...

oval:org.secpod.oval:def:116119
PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ...

oval:org.secpod.oval:def:116133
Wordpress is an online publishing / weblog package that makes it very easy, almost trivial, to get information out to people on the web. Important information in /usr/share/doc/wordpress/README.fedora

oval:org.secpod.oval:def:114798
Wordpress is an online publishing / weblog package that makes it very easy, almost trivial, to get information out to people on the web. Important information in /usr/share/doc/wordpress/README.fedora

oval:org.secpod.oval:def:114801
Wordpress is an online publishing / weblog package that makes it very easy, almost trivial, to get information out to people on the web. Important information in /usr/share/doc/wordpress/README.fedora

oval:org.secpod.oval:def:53375
A vulnerability was discovered in Wordpress, a web blogging tool. It allowed remote attackers with specific roles to execute arbitrary code.

oval:org.secpod.oval:def:52489
postgresql-9.4: Object-relational SQL database - postgresql-9.3: Object-relational SQL database - postgresql-9.1: Object-relational SQL database Several security issues were fixed in PostgreSQL.

oval:org.secpod.oval:def:1501055
PostgreSQL is an advanced object-relational database management system . A double-free flaw was found in the connection handling. An unauthenticated attacker could exploit this flaw to crash the PostgreSQL back end by disconnecting at approximately the same time as the authentication time out is tri ...

oval:org.secpod.oval:def:1501054
PostgreSQL is an advanced object-relational database management system . A double-free flaw was found in the connection handling. An unauthenticated attacker could exploit this flaw to crash the PostgreSQL back end by disconnecting at approximately the same time as the authentication time out is tri ...

oval:org.secpod.oval:def:203657
PostgreSQL is an advanced object-relational database management system . A double-free flaw was found in the connection handling. An unauthenticated attacker could exploit this flaw to crash the PostgreSQL back end by disconnecting at approximately the same time as the authentication time out is tri ...

oval:org.secpod.oval:def:602111
Several vulnerabilities have been found in PostgreSQL-9.4, a SQL database system. CVE-2015-3165 SSL clients disconnecting just before the authentication timeout expires can cause the server to crash. CVE-2015-3166 The replacement implementation of snprintf failed to check for errors reported by th ...

oval:org.secpod.oval:def:602109
Several vulnerabilities have been found in PostgreSQL-9.1, a SQL database system. CVE-2015-3165 SSL clients disconnecting just before the authentication timeout expires can cause the server to crash. CVE-2015-3166 The replacement implementation of snprintf failed to check for errors reported by th ...

oval:org.secpod.oval:def:602124
The update for postgresql-9.1 in DSA-3269-1 introduced a regression which can causes PostgreSQL to refuse to restart after an unexpected shutdown or when restoring from a binary backup. Updated packages are now available to address this regression. Please refer to the upstream Bug FAQ for additional ...

oval:org.secpod.oval:def:501586
PostgreSQL is an advanced object-relational database management system . A double-free flaw was found in the connection handling. An unauthenticated attacker could exploit this flaw to crash the PostgreSQL back end by disconnecting at approximately the same time as the authentication time out is tri ...

oval:org.secpod.oval:def:602380
Andreas Schneider reported that libssh2, a SSH2 client-side library, passes the number of bytes to a function that expects number of bits during the SSHv2 handshake when libssh2 is to get a suitable value for "group order" in the Diffie-Hellman negotiation. This weakens significantly the handshake s ...

oval:org.secpod.oval:def:1200106
A double-free flaw was found in the connection handling. An unauthenticated attacker could exploit this flaw to crash the PostgreSQL back end by disconnecting at approximately the same time as the authentication time out is triggered. It was discovered that PostgreSQL did not properly check the retu ...

oval:org.secpod.oval:def:1200109
Double free vulnerability in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 allows remote attackers to cause a denial of service by closing an SSL session at a time when the authentication timeout will expire during the session shutdow ...

oval:org.secpod.oval:def:1200102
Double free vulnerability in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 allows remote attackers to cause a denial of service by closing an SSL session at a time when the authentication timeout will expire during the session shutdow ...

oval:org.secpod.oval:def:52463
libreoffice: Office productivity suite LibreOffice could be made to crash or run programs as your login if it opened a specially crafted file.

oval:org.secpod.oval:def:602683
Chris Evans discovered that the GStreamer 1.0 plugin used to decode files in the FLIC format allowed execution of arbitrary code. Further details can be found in his advisory at https://scarybeastsecurity.blogspot.de/2016/11/0day-exploit-advancing-exploitation.html

oval:org.secpod.oval:def:602682
Chris Evans discovered that the GStreamer 0.10 plugin used to decode files in the FLIC format allowed execution of arbitrary code. Further details can be found in his advisory at https://scarybeastsecurity.blogspot.de/2016/11/0day-exploit-advancing-exploitation.html This update removes the insecure ...

oval:org.secpod.oval:def:1600730
Python debugger accessible to authorized users:A flaw was found in the way hg serve --stdio command in Mercurial handled command-line options. A remote, authenticated attacker could use this flaw to execute arbitrary code on the Mercurial server by using specially crafted command-line options

oval:org.secpod.oval:def:1501089
LibreOffice is an Open Source, community-developed, office productivity suite. It includes the key desktop applications, such as a word processor, spreadsheet, presentation manager, formula editor and drawing program, with a user interface and feature set similar to other office suites. Sophisticate ...

oval:org.secpod.oval:def:1501907
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1501908
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:204106
The Simple Protocol for Independent Computing Environments is a remote display protocol for virtual environments. SPICE users can access a virtualized desktop or server from the local system or any system with network access to the server. SPICE is used in Red Hat Enterprise Linux for viewing virtu ...

oval:org.secpod.oval:def:602062
It was discovered that missing input sanitising in Libreoffice"s filter for HWP documents may result in the execution of arbitrary code if a malformed document is opened.

oval:org.secpod.oval:def:112497
Mercurial is a fast, lightweight source control management system designed for efficient handling of very large distributed projects

oval:org.secpod.oval:def:112490
Mercurial is a fast, lightweight source control management system designed for efficient handling of very large distributed projects

oval:org.secpod.oval:def:204224
LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and extend ...

oval:org.secpod.oval:def:502056
Mercurial is a fast, lightweight source control management system designed for efficient handling of very large distributed projects. Security Fix: * A flaw was found in the way "hg serve --stdio" command in Mercurial handled command-line options. A remote, authenticated attacker could use ...

oval:org.secpod.oval:def:204702
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.5.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:501609
LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and extend ...

oval:org.secpod.oval:def:204572
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.4.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ...

oval:org.secpod.oval:def:204575
The wpa_supplicant packages contain an 802.1X Supplicant with support for WEP, WPA, WPA2 , and various EAP authentication methods. They implement key negotiation with a WPA Authenticator for client stations and controls the roaming and IEEE 802.11 authentication and association of the WLAN driver. S ...

oval:org.secpod.oval:def:204562
Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix: * A use-after-free flaw was found in the TLS 1.2 implementation in the NSS library when client authentication was used. A malicious cl ...

oval:org.secpod.oval:def:204568
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.4.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:204552
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.3.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ...

oval:org.secpod.oval:def:204551
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.3.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:204558
Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. Security Fix: * It was found that samba did not enforce "SMB signing" when certain configuratio ...

oval:org.secpod.oval:def:204559
Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: * A race condition was found in samba server. A malicious samba clie ...

oval:org.secpod.oval:def:204549
Poppler is a Portable Document Format rendering library, used by applications such as Evince. Security Fix: * An integer overflow leading to heap-based buffer overflow was found in the poppler library. An attacker could create a malicious PDF file that would cause applications that use poppler to ...

oval:org.secpod.oval:def:204532
Mercurial is a fast, lightweight source control management system designed for efficient handling of very large distributed projects. Security Fix: * A flaw was found in the way "hg serve --stdio" command in Mercurial handled command-line options. A remote, authenticated attacker could use ...

oval:org.secpod.oval:def:204536
The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Security Fix: * A flaw was found in the way BIND handled TSIG authentication for dynamic ...

oval:org.secpod.oval:def:204523
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.2.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ...

oval:org.secpod.oval:def:204517
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.2.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:108804
LibreOffice is an Open Source, community-developed, office productivity suite. It includes the key desktop applications, such as a word processor, spreadsheet, presentation manager, formula editor and drawing program, with a user interface and feature set similar to other office suites. Sophisticate ...

oval:org.secpod.oval:def:204694
The bash packages provide Bash , which is the default shell for Red Hat Enterprise Linux. Security Fix: * An arbitrary command injection flaw was found in the way bash processed the hostname value. A malicious DHCP server could use this flaw to execute arbitrary commands on the DHCP client machines ...

oval:org.secpod.oval:def:501952
GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license. Security Fix: * Multiple flaws were discovered in GStreamer"s FLC/FLI/FLX m ...

oval:org.secpod.oval:def:204659
The coreutils packages contain the GNU Core Utilities and represent a combination of the previously used GNU fileutils, sh-utils, and textutils packages. Security Fix: * A race condition was found in the way su handled the management of child processes. A local authenticated attacker could use this ...

oval:org.secpod.oval:def:108835
LibreOffice is an Open Source, community-developed, office productivity suite. It includes the key desktop applications, such as a word processor, spreadsheet, presentation manager, formula editor and drawing program, with a user interface and feature set similar to other office suites. Sophisticate ...

oval:org.secpod.oval:def:204780
The python-paramiko package provides a Python module that implements the SSH2 protocol for encrypted and authenticated connections to remote machines. Unlike SSL, the SSH2 protocol does not require hierarchical certificates signed by a powerful central authority. The protocol also includes the abili ...

oval:org.secpod.oval:def:204732
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.5.2. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ...

oval:org.secpod.oval:def:204738
The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Security Fix: * A use-after-free flaw leading to denial of service was found in the way ...

oval:org.secpod.oval:def:204712
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.5.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ...

oval:org.secpod.oval:def:204711
Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. Security Fix: * A use-after-free flaw was found in the way samba servers handled certain SMB1 requests. A ...

oval:org.secpod.oval:def:204713
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.5.1 ESR. Security Fix: * A privacy flaw was discovered in Firefox. In Private Browsing mode, a web worker could write persistent data to IndexedDB, which was not cleared when exiting and would persist across mu ...

oval:org.secpod.oval:def:204771
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 52.7.2 ESR. Security Fix: * Mozilla: Vorbis audio processing out of bounds write For more details about the security issue, including the impact, ...

oval:org.secpod.oval:def:204777
Librelp is an easy-to-use library for the Reliable Event Logging Protocol protocol. RELP is a general-purpose, extensible logging protocol. Security Fix: * librelp: Stack-based buffer overflow in relpTcpChkPeerName function in src/tcp.c For more details about the security issue, including the impa ...

oval:org.secpod.oval:def:204776
The libvorbis package contains runtime libraries for use in programs that support Ogg Vorbis, a fully open, non-proprietary, patent- and royalty-free, general-purpose compressed format for audio and music at fixed and variable bitrates. Security Fix: * Mozilla: Vorbis audio processing out of bounds ...

oval:org.secpod.oval:def:204775
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.7.0. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7 * Mozilla: Memory safety bugs fixed in Firefox ESR 52.7 * Mozilla: Vorbis audio processing out o ...

oval:org.secpod.oval:def:204779
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 52.7.3 ESR. Security Fix: * firefox: Use-after-free in compositor potentially allows code execution For more details about the security issue, incl ...

oval:org.secpod.oval:def:204766
Mailman is a program used to help manage e-mail discussion lists. Security Fix: * mailman: Cross-site scripting vulnerability in web UI For more details about the security issue, including the impact, a CVSS score, and other related information, refer to the CVE page listed in the References secti ...

oval:org.secpod.oval:def:204769
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.7.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7 * Mozilla: Buffer overflow manipulating SVG animatedPathSegList * Mozilla: Out-of-bounds write with malformed IP ...

oval:org.secpod.oval:def:204750
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.6.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ...

oval:org.secpod.oval:def:204756
The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable ...

oval:org.secpod.oval:def:204742
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.6.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:204853
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.1.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1, and Firefox ESR 52.9 * Mozilla: Buffer overflow usin ...

oval:org.secpod.oval:def:204858
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.9.1. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1, and Firefox ESR 52.9 * Mozilla: Buffer overflow using computed size of canvas element * Mozilla: Use ...

oval:org.secpod.oval:def:204843
Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: * samba: Null pointer indirection in printer server process For mor ...

oval:org.secpod.oval:def:204846
Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. Security Fix: * samba: Null pointer indirection in printer server process For more details about the sec ...

oval:org.secpod.oval:def:204849
The GNU Privacy Guard is a tool for encrypting data and creating digital signatures, compliant with OpenPGP and S/MIME standards. Security Fix: * gnupg2: Improper sanitization of filenames allows for the display of fake status messages and the bypass of signature verification For more details abou ...

oval:org.secpod.oval:def:204833
The procps packages contain a set of system utilities that provide system information. The procps packages include the following utilities: ps, free, skill, pkill, pgrep, snice, tload, top, uptime, vmstat, w, watch, pwdx, sysctl, pmap, and slabtop. Security Fix: * procps-ng, procps: Integer overflow ...

oval:org.secpod.oval:def:204898
The python-paramiko package provides a Python module that implements the SSH2 protocol for encrypted and authenticated connections to remote machines. Unlike SSL, the SSH2 protocol does not require hierarchical certificates signed by a powerful central authority. The protocol also includes the abili ...

oval:org.secpod.oval:def:204897
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.2.1. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 62 and Firefox ESR 60.2 * Mozilla: Use-after-free in driver timers * Mozilla: Use-after-free in IndexedDB * Mozilla: Prox ...

oval:org.secpod.oval:def:204884
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.2.1 ESR. Security Fix: * Mozilla: Crash in TransportSecurityInfo due to cached data * Mozilla: Setting a master password post-Firefox 58 does no ...

oval:org.secpod.oval:def:204888
GlusterFS is a key building block of Red Hat Gluster Storage. It is based on a stackable user-space design and can deliver exceptional performance for diverse workloads. GlusterFS aggregates various storage servers over network interconnections into one large, parallel network file system. The glust ...

oval:org.secpod.oval:def:204874
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.2.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 62 and Firefox ESR 60.2 * Mozilla: Use-after-free in driver timers * Mozi ...

oval:org.secpod.oval:def:204869
Mutt is a low resource, highly configurable, text-based MIME e-mail client. Mutt supports most e-mail storing formats, such as mbox and Maildir, as well as most protocols, including POP3 and IMAP. Security Fix: * mutt: Remote code injection vulnerability to an IMAP mailbox * mutt: Remote Code Execu ...

oval:org.secpod.oval:def:204812
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.8.0. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8 * Mozilla: Backport critical security fixes in Skia * Mozilla: Use-after-free with SVG animations ...

oval:org.secpod.oval:def:204801
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 52.8.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8 * Mozilla: Backport critical security fixes in Ski ...

oval:org.secpod.oval:def:602713
Several vulnerabilities have been discovered in GraphicsMagick, a collection of image processing tool, which can cause denial of service attacks, remote file deletion, and remote command execution. This security update removes the full support of PLT/Gnuplot decoder to prevent Gnuplot-shell based sh ...

oval:org.secpod.oval:def:603429
Danny Grander discovered a directory traversal flaw in plexus-archiver, an Archiver plugin for the Plexus compiler system, allowing an attacker to overwrite any file writable by the extracting user via a specially crafted Zip archive.

oval:org.secpod.oval:def:53351
Danny Grander discovered a directory traversal flaw in plexus-archiver, an Archiver plugin for the Plexus compiler system, allowing an attacker to overwrite any file writable by the extracting user via a specially crafted Zip archive.

oval:org.secpod.oval:def:204834
The Plexus project provides a full software stack for creating and executing software projects. Based on the Plexus container, the applications can utilise component-oriented programming to build modular, reusable components that can easily be assembled and reused. The plexus-archiver component prov ...

oval:org.secpod.oval:def:1700057
A path traversal vulnerability has been discovered in plexus-archiver when extracting a carefully crafted zip file which holds path traversal file names. A remote attacker could use this vulnerability to write files outside the target directory and overwrite existing files with malicious code or vul ...

oval:org.secpod.oval:def:1502242
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:114634
The Plexus project seeks to create end-to-end developer tools for writing applications. At the core is the container, which can be embedded or for a full scale application server. There are many reusable components for hibernate, form processing, jndi, i18n, velocity, etc. Plexus also includes an ap ...

oval:org.secpod.oval:def:114633
The Plexus project seeks to create end-to-end developer tools for writing applications. At the core is the container, which can be embedded or for a full scale application server. There are many reusable components for hibernate, form processing, jndi, i18n, velocity, etc. Plexus also includes an ap ...

oval:org.secpod.oval:def:55308
Multiple security issues were found in jackson-databind, a Java library to parse JSON and other data formats which could result in information disclosure or the execution of arbitrary code.

oval:org.secpod.oval:def:42413
The host is missing a security update KB4042723

oval:org.secpod.oval:def:704246
bouncycastle: Java implementation of cryptographic algorithms Several security issues were fixed in Bouncy Castle.

oval:org.secpod.oval:def:1700095
It was found that a specially crafted search query could lead to excessive CPU consumption in the do_search function. An unauthenticated attacker could use this flaw to provoke a denial of service.

oval:org.secpod.oval:def:1502427
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:502596
The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes usi ...

oval:org.secpod.oval:def:205153
The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes usi ...

oval:org.secpod.oval:def:115233
BIND is an implementation of the DNS protocols. BIND includes a DNS server , which resolves host names to IP addresses; a resolver library ; and tools for verifying that the DNS server is operating properly.

oval:org.secpod.oval:def:117118
Core part of Jackson that defines Streaming API as well as basic shared abstractions.

oval:org.secpod.oval:def:117119
Core annotations used for value types, used by Jackson data-binding package.

oval:org.secpod.oval:def:117125
A "bill of materials" POM for Jackson dependencies.

oval:org.secpod.oval:def:117126
The general-purpose data-binding functionality and tree-model for Jackson Data Processor. It builds on core streaming parser/generator package, and uses Jackson Annotations for configuration.

oval:org.secpod.oval:def:117124
Core annotations used for value types, used by Jackson data-binding package.

oval:org.secpod.oval:def:117121
The general-purpose data-binding functionality and tree-model for Jackson Data Processor. It builds on core streaming parser/generator package, and uses Jackson Annotations for configuration.

oval:org.secpod.oval:def:117122
A "bill of materials" POM for Jackson dependencies.

oval:org.secpod.oval:def:117120
Core part of Jackson that defines Streaming API as well as basic shared abstractions.

oval:org.secpod.oval:def:116889
DtkWidget is Deepin graphical user interface for deepin desktop development.

oval:org.secpod.oval:def:1801349
CVE-2018-18500: Use-after-free parsing HTML5 stream CVE-2018-18501: Memory safety bugs CVE-2018-18505: Privilege escalation through IPC channel messages Fixed In Version:¶ Firefox ESR 60.5

oval:org.secpod.oval:def:1801432
CVE-2019-11454: cross-site scripting in Persistent cross-site scripting in in Tildeslash Monit before 5.25.3 allows a remote unauthenticated attacker to introduce arbitrary JavaScript via manipulation of an unsanitized user field of the Authorization header for HTTP Basic Authentication, which is ...

oval:org.secpod.oval:def:1801436
CVE-2019-11454: cross-site scripting in Persistent cross-site scripting in in Tildeslash Monit before 5.25.3 allows a remote unauthenticated attacker to introduce arbitrary JavaScript via manipulation of an unsanitized user field of the Authorization header for HTTP Basic Authentication, which is ...

oval:org.secpod.oval:def:1801441
CVE-2019-11454: cross-site scripting in Persistent cross-site scripting in in Tildeslash Monit before 5.25.3 allows a remote unauthenticated attacker to introduce arbitrary JavaScript via manipulation of an unsanitized user field of the Authorization header for HTTP Basic Authentication, which is ...

oval:org.secpod.oval:def:1801392
libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded.

oval:org.secpod.oval:def:1801396
libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded.

oval:org.secpod.oval:def:1801398
libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded.

oval:org.secpod.oval:def:1801385
libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded.

oval:org.secpod.oval:def:116249
Samba is the standard Windows interoperability suite of programs for Linux and Unix.

oval:org.secpod.oval:def:114988
Samba is the standard Windows interoperability suite of programs for Linux and Unix.

oval:org.secpod.oval:def:116589
Rails internals: application bootup, plugins, generators, and rake tasks. Railties is responsible to glue all frameworks together. Overall, it: * handles all the bootstrapping process for a Rails application; * manages rails command line interface; * provides Rails generators core;

oval:org.secpod.oval:def:116586
Email on Rails. Compose, deliver, receive, and test emails using the familiar controller/view pattern. First-class support for multipart email and attachments.

oval:org.secpod.oval:def:116587
Ruby on Rails is a full-stack web framework optimized for programmer happiness and sustainable productivity. It encourages beautiful code by favoring convention over configuration.

oval:org.secpod.oval:def:116584
Implements the ActiveRecord pattern for ORM. It ties database tables and classes together for business objects, like Customer or Subscription, that can find, save, and destroy themselves without resorting to manual SQL.

oval:org.secpod.oval:def:116585
A toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Rich support for multibyte strings, internationalization, time zones, and testing.

oval:org.secpod.oval:def:116583
Simple, battle-tested conventions and helpers for building web pages.

oval:org.secpod.oval:def:116580
Structure many real-time application concerns into channels over a single WebSocket connection.

oval:org.secpod.oval:def:116579
A toolkit for building modeling frameworks like Active Record. Rich support for attributes, callbacks, validations, serialization, internationalization, and testing.

oval:org.secpod.oval:def:116578
Eases web-request routing, handling, and response as a half-way front, half-way page controller. Implemented with specific emphasis on enabling easy unit/integration testing that doesn't require a browser.

oval:org.secpod.oval:def:116591
Declare job classes that can be run by a variety of queueing backends.

oval:org.secpod.oval:def:116592
Attach cloud and local files in Rails applications.

oval:org.secpod.oval:def:116183
This package provides useful conversion utilities based on Ghostscript software, for converting PS, PDF and other document formats between each other. Ghostscript is a suite of software providing an interpreter for Adobe Systems' PostScript and Portable Document Format page description languag ...

oval:org.secpod.oval:def:116224
This package provides useful conversion utilities based on Ghostscript software, for converting PS, PDF and other document formats between each other. Ghostscript is a suite of software providing an interpreter for Adobe Systems' PostScript and Portable Document Format page description languag ...

oval:org.secpod.oval:def:116149
libssh2 is a library implementing the SSH2 protocol as defined by Internet Drafts: SECSH-TRANS, SECSH-USERAUTH, SECSH-CONNECTION, SECSH-ARCH, SECSH-FILEXFER*, SECSH-DHGEX, and SECSH-NUMBERS.

oval:org.secpod.oval:def:116213
libssh2 is a library implementing the SSH2 protocol as defined by Internet Drafts: SECSH-TRANS, SECSH-USERAUTH, SECSH-CONNECTION, SECSH-ARCH, SECSH-FILEXFER*, SECSH-DHGEX, and SECSH-NUMBERS.

oval:org.secpod.oval:def:1801342
CVE-2019-3855: Possible integer overflow in transport read allows out-of-bounds write Affected versions: all versions to and including 1.8.0 Not affected versions: libssh2

oval:org.secpod.oval:def:1801343
CVE-2019-3855: Possible integer overflow in transport read allows out-of-bounds write Affected versions: all versions to and including 1.8.0 Not affected versions: libssh2

oval:org.secpod.oval:def:1801344
CVE-2019-3855: Possible integer overflow in transport read allows out-of-bounds write Affected versions: all versions to and including 1.8.0 Not affected versions: libssh2

oval:org.secpod.oval:def:1801361
CVE-2019-3855: Possible integer overflow in transport read allows out-of-bounds write Affected versions: all versions to and including 1.8.0 Not affected versions: libssh2

oval:org.secpod.oval:def:116161
QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system , including a processor and various peripherials. It can be used to launch differe ...

oval:org.secpod.oval:def:116101
systemd is a system and service manager that runs as PID 1 and starts the rest of the system. It provides aggressive parallelization capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, keeps track of processes using Linux control groups, mainta ...

oval:org.secpod.oval:def:116022
systemd is a system and service manager that runs as PID 1 and starts the rest of the system. It provides aggressive parallelization capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, keeps track of processes using Linux control groups, mainta ...

oval:org.secpod.oval:def:117136
This package provides useful conversion utilities based on Ghostscript software, for converting PS, PDF and other document formats between each other. Ghostscript is a suite of software providing an interpreter for Adobe Systems' PostScript and Portable Document Format page description languag ...

oval:org.secpod.oval:def:2001598
An issue was discovered in Qt before 5.11.3. A malformed SVG image causes a segmentation fault in qsvghandler.cpp.

oval:org.secpod.oval:def:116134
Cronie contains the standard UNIX daemon crond that runs specified programs at scheduled times and related tools. It is a fork of the original vixie-cron and has security and configuration enhancements like the ability to use pam and SELinux.

oval:org.secpod.oval:def:116175
Python 3.4 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.4, see other distributions that support it, such as CentOS or RHEL with Software Co ...

oval:org.secpod.oval:def:116174
Python 3.4 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.4, see other distributions that support it, such as CentOS or RHEL with Software Co ...

oval:org.secpod.oval:def:116172
Python 3.5 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.5, see other distributions that support it, such as CentOS or RHEL with Software Co ...

oval:org.secpod.oval:def:116166
Python 3.5 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.5, see other distributions that support it, such as CentOS or RHEL with Software Co ...

oval:org.secpod.oval:def:116220
poppler is a PDF rendering library.

oval:org.secpod.oval:def:116212
poppler is a PDF rendering library.

oval:org.secpod.oval:def:1600998
Python is affected by improper Handling of Unicode Encoding during NFKC normalization. The impact is information disclosure . The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authenticati ...

oval:org.secpod.oval:def:1801401
CVE-2018-14647: Missing salt initialization in _elementtree.c module¶ A flaw was found in python"s _elementtree.c module, a wrapper for libexpat XML parser. xml.etree C accelerator don"t call XML_SetHashSalt, failing to properly initiate the random hash seed from a good CSPRNG source and making ...

oval:org.secpod.oval:def:1801402
CVE-2018-14647: Missing salt initialization in _elementtree.c module¶ A flaw was found in python"s _elementtree.c module, a wrapper for libexpat XML parser. xml.etree C accelerator don"t call XML_SetHashSalt, failing to properly initiate the random hash seed from a good CSPRNG source and making ...

oval:org.secpod.oval:def:1801399
CVE-2018-14647: Missing salt initialization in _elementtree.c module¶ A flaw was found in python"s _elementtree.c module, a wrapper for libexpat XML parser. xml.etree C accelerator don"t call XML_SetHashSalt, failing to properly initiate the random hash seed from a good CSPRNG source and making ...

oval:org.secpod.oval:def:116171
The libjpeg-turbo package contains a library of functions for manipulating JPEG images.

oval:org.secpod.oval:def:117138
The OpenSSL toolkit provides support for secure communications between machines. This version of OpenSSL package contains only the libraries and is provided for compatibility with previous releases and software that does not support compilation with OpenSSL-1.1.

oval:org.secpod.oval:def:1801357
CVE-2019-9209: ASN.1 BER and related dissectors crash Affected versions: 2.6.0 to 2.6.6, 2.4.0 to 2.4.12 Fixed versions: 2.6.7, 2.4.13

oval:org.secpod.oval:def:116121
AdvanceCOMP is a set of recompression utilities for .PNG, .MNG and .ZIP files. The main features are : * Recompress ZIP, PNG and MNG files using the Deflate 7-Zip implementation. * Recompress MNG files using Delta and Move optimization. This package contains: * advzip - Recompression and test utilit ...

oval:org.secpod.oval:def:116132
This package provides Django in version 1.11 LTS, the last release to support Python 2. Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle.

oval:org.secpod.oval:def:116126
This package provides Django in version 1.11 LTS, the last release to support Python 2. Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle.

oval:org.secpod.oval:def:116067
Simple DirectMedia Layer is a cross-platform multimedia library designed to provide fast access to the graphics frame buffer and audio device.

oval:org.secpod.oval:def:116037
Simple DirectMedia Layer is a cross-platform multimedia library designed to provide fast access to the graphics frame buffer and audio device.

oval:org.secpod.oval:def:116124
Simple DirectMedia Layer is a cross-platform multimedia library designed to provide fast access to the graphics frame buffer and audio device.

oval:org.secpod.oval:def:116123
Simple DirectMedia Layer is a cross-platform multimedia library designed to provide fast access to the graphics frame buffer and audio device.

oval:org.secpod.oval:def:116154
Libarchive is a programming library that can create and read several different streaming archive formats, including most popular tar variants, several cpio formats, and both BSD and GNU ar variants. It can also write shar archives and read ISO9660 CDROM images and ZIP archives.

oval:org.secpod.oval:def:116228
Libarchive is a programming library that can create and read several different streaming archive formats, including most popular tar variants, several cpio formats, and both BSD and GNU ar variants. It can also write shar archives and read ISO9660 CDROM images and ZIP archives.

oval:org.secpod.oval:def:116197
poppler is a PDF rendering library.

oval:org.secpod.oval:def:116120
MinGW Windows Poppler library.

oval:org.secpod.oval:def:116116
MinGW Windows Poppler library.

oval:org.secpod.oval:def:116027
poppler is a PDF rendering library.

oval:org.secpod.oval:def:116443
SSH is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the sec ...

oval:org.secpod.oval:def:1801356
CVE-2018-20685: In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side.

oval:org.secpod.oval:def:1801334
CVE-2018-20685: In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side.

oval:org.secpod.oval:def:1801326
CVE-2018-20685: In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side.

oval:org.secpod.oval:def:1801328
CVE-2018-20685: In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side.

oval:org.secpod.oval:def:1600984
The GD Graphics Library has a double free in the gdImage*Ptr functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE: PHP is unaffected

oval:org.secpod.oval:def:1600981
Go mishandles P-521 and P-384 elliptic curves, which allows attackers to cause a denial of service or possibly conduct ECDH private key recovery attacks

oval:org.secpod.oval:def:1801299
Go before versions 1.10.8 and 1.11.5 has a vulnerability in the crypto/elliptic implementations of the P-521 and P-384 elliptic curves. A remote attacker can exploit this by crafting inputs that consume excessive amounts of CPU. These inputs might be delivered via TLS handshakes, X.509 certificates, ...

oval:org.secpod.oval:def:1801360
Go before versions 1.10.8 and 1.11.5 has a vulnerability in the crypto/elliptic implementations of the P-521 and P-384 elliptic curves. A remote attacker can exploit this by crafting inputs that consume excessive amounts of CPU. These inputs might be delivered via TLS handshakes, X.509 certificates, ...

oval:org.secpod.oval:def:1801319
Django before versions 1.11.18, 2.0.10 and 2.1.5 is vulnerable to content spoofing via crafted URL in the default 404 page. An attacker could craft a malicious URL that could make spoofed content appear on the default page generated by the django.views.defaults.page_not_found view. Fixed In Version: ...

oval:org.secpod.oval:def:1801325
Django before versions 1.11.18, 2.0.10 and 2.1.5 is vulnerable to content spoofing via crafted URL in the default 404 page. An attacker could craft a malicious URL that could make spoofed content appear on the default page generated by the django.views.defaults.page_not_found view. Fixed In Version: ...

oval:org.secpod.oval:def:1801064
A heap buffer overflow can occur in the Skia library when rasterizing paths using a maliciously crafted SVG file with anti-aliasing turned off. This results in a potentially exploitable crash. Fixed in:¶ Firefox ESR 52.8.1

oval:org.secpod.oval:def:1801065
A heap buffer overflow can occur in the Skia library when rasterizing paths using a maliciously crafted SVG file with anti-aliasing turned off. This results in a potentially exploitable crash. Fixed in:¶ Firefox ESR 52.8.1

oval:org.secpod.oval:def:116324
aria2 is a download utility with resuming and segmented downloading. Supported protocols are HTTP/HTTPS/FTP/BitTorrent. It also supports Metalink version 3.0. Currently it has following features: - HTTP/HTTPS GET support - HTTP Proxy support - HTTP BASIC authentication support - HTTP Proxy authentic ...

oval:org.secpod.oval:def:116322
aria2 is a download utility with resuming and segmented downloading. Supported protocols are HTTP/HTTPS/FTP/BitTorrent. It also supports Metalink version 3.0. Currently it has following features: - HTTP/HTTPS GET support - HTTP Proxy support - HTTP BASIC authentication support - HTTP Proxy authentic ...

oval:org.secpod.oval:def:1801302
aria2c in aria2 1.33.1, when --log is used, can store an HTTP Basic Authentication username and password in a file, which might allow local users to obtain sensitive information by reading this file.

oval:org.secpod.oval:def:116178
Mini-XML is a small XML parsing library that you can use to read XML and XML-like data files in your application without requiring large non-standard libraries.

oval:org.secpod.oval:def:116159
Mini-XML is a small XML parsing library that you can use to read XML and XML-like data files in your application without requiring large non-standard libraries.

oval:org.secpod.oval:def:1801274
A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type , the attacker can crash the KDC by making an S4U2Self request.

oval:org.secpod.oval:def:1801275
A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type , the attacker can crash the KDC by making an S4U2Self request.

oval:org.secpod.oval:def:1801277
A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type , the attacker can crash the KDC by making an S4U2Self request.

oval:org.secpod.oval:def:1801271
SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements , aka Magellan.

oval:org.secpod.oval:def:1801272
SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements , aka Magellan.

oval:org.secpod.oval:def:1801273
SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements , aka Magellan.

oval:org.secpod.oval:def:2000326
A flaw was found in qemu Media Transfer Protocol . The code opening files in usb_mtp_get_object and usb_mtp_get_partial_object and directories in usb_mtp_object_readdir doesn"t consider that the underlying filesystem may have changed since the time lstat was called in usb_mtp_object_alloc, a classic ...

oval:org.secpod.oval:def:704851
qemu: Machine emulator and virtualizer Several security issues were fixed in QEMU.

oval:org.secpod.oval:def:1900087
A flaw was found in qemu Media Transfer Protocol . The code opening files in usb_mtp_get_object and usb_mtp_get_partial_object and directories in usb_mtp_object_readdir doesn"t consider that the underlying file system may have changed since the time lstat was called in usb_mtp_object_alloc, a classi ...

oval:org.secpod.oval:def:1801260
CVE-2018-18311: Integer overflow leading to buffer overflow¶ A flaw was found in Perl versions 5.8.0 through 5.28. An Integer overflow leading to buffer overflow in Perl_my_setenv function in util.c Fixed In Version:¶ perl 5.29.1, perl 5.26.3

oval:org.secpod.oval:def:1801258
CVE-2018-18311: Integer overflow leading to buffer overflow¶ A flaw was found in Perl versions 5.8.0 through 5.28. An Integer overflow leading to buffer overflow in Perl_my_setenv function in util.c Fixed In Version:¶ perl 5.29.1, perl 5.26.3

oval:org.secpod.oval:def:1801259
CVE-2018-18311: Integer overflow leading to buffer overflow¶ A flaw was found in Perl versions 5.8.0 through 5.28. An Integer overflow leading to buffer overflow in Perl_my_setenv function in util.c Fixed In Version:¶ perl 5.29.1, perl 5.26.3

oval:org.secpod.oval:def:116204
A third-party plugin for the Pidgin multi-protocol instant messenger. It implements the extended version of SIP/SIMPLE used by various products: * Skype for Business * Microsoft Office 365 * Microsoft Business Productivity Online Suite * Microsoft Lync Server * Microsoft Office Communications Serve ...

oval:org.secpod.oval:def:116201
gnome-boxes lets you easily create, setup, access, and use: * remote machines * remote virtual machines * local virtual machines * When technology permits, set up access for applications on local virtual machines

oval:org.secpod.oval:def:116227
Remmina is a remote desktop client written in GTK+, aiming to be useful for system administrators and travelers, who need to work with lots of remote computers in front of either large monitors or tiny net-books. Remmina supports multiple network protocols in an integrated and consistent user interf ...

oval:org.secpod.oval:def:116233
The xfreerdp & wlfreerdp Remote Desktop Protocol clients from the FreeRDP project. xfreerdp & wlfreerdp can connect to RDP servers such as Microsoft Windows machines, xrdp and VirtualBox.

oval:org.secpod.oval:def:116065
gnome-boxes lets you easily create, setup, access, and use: * remote machines * remote virtual machines * local virtual machines * When technology permits, set up access for applications on local virtual machines

oval:org.secpod.oval:def:116058
The xfreerdp & wlfreerdp Remote Desktop Protocol clients from the FreeRDP project. xfreerdp & wlfreerdp can connect to RDP servers such as Microsoft Windows machines, xrdp and VirtualBox.

oval:org.secpod.oval:def:116050
Remmina is a remote desktop client written in GTK+, aiming to be useful for system administrators and travelers, who need to work with lots of remote computers in front of either large monitors or tiny net-books. Remmina supports multiple network protocols in an integrated and consistent user interf ...

oval:org.secpod.oval:def:116072
A third-party plugin for the Pidgin multi-protocol instant messenger. It implements the extended version of SIP/SIMPLE used by various products: * Skype for Business * Microsoft Office 365 * Microsoft Business Productivity Online Suite * Microsoft Lync Server * Microsoft Office Communications Serve ...

oval:org.secpod.oval:def:1801394
CVE-2018-8786: FreeRDP prior to version 2.0.0-rc4 contains an Integer Truncation that leads to a Heap-Based Buffer Overflow in function update_read_bitmap_update and results in a memory corruption and probably even a remote code execution.

oval:org.secpod.oval:def:1600972
ext/imap/php_imap.c in PHP 5.x and 7.x before 7.3.0 allows remote attackers to cause a denial of service via an empty string in the message argument to the imap_mail function.University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_open in PHP and other products, launches an rsh command ...

oval:org.secpod.oval:def:1801261
CVE-2018-19409: An issue was discovered in Artifex Ghostscript before 9.26. LockSafetyParams is not checked correctly if another device is used. Fixed In Version:¶ ghostscript 9.26

oval:org.secpod.oval:def:1801263
CVE-2018-19409: An issue was discovered in Artifex Ghostscript before 9.26. LockSafetyParams is not checked correctly if another device is used. Fixed In Version:¶ ghostscript 9.26

oval:org.secpod.oval:def:1801266
CVE-2018-19409: An issue was discovered in Artifex Ghostscript before 9.26. LockSafetyParams is not checked correctly if another device is used. Fixed In Version:¶ ghostscript 9.26

oval:org.secpod.oval:def:114193
Chromium is an open-source web browser, powered by WebKit .

oval:org.secpod.oval:def:1600974
A heap use-after-free flaw was found in curl related to closing an easy handle. When closing and cleaning up an #039;easy#039; handle in the `Curl_close` function, the library code first frees a struct and might then subsequently erroneously write to a struct field within that already freed struct. ...

oval:org.secpod.oval:def:1801193
The gmp plugin in strongSwan before 5.7.1 has a Buffer Overflow via a crafted certificate, the vulnerability was introduced with the patch that fixes CVE-2018-16151/2.

oval:org.secpod.oval:def:1801196
The gmp plugin in strongSwan before 5.7.1 has a Buffer Overflow via a crafted certificate, the vulnerability was introduced with the patch that fixes CVE-2018-16151/2.

oval:org.secpod.oval:def:1801197
The gmp plugin in strongSwan before 5.7.1 has a Buffer Overflow via a crafted certificate, the vulnerability was introduced with the patch that fixes CVE-2018-16151/2.

oval:org.secpod.oval:def:1801189
The gmp plugin in strongSwan before 5.7.1 has a Buffer Overflow via a crafted certificate, the vulnerability was introduced with the patch that fixes CVE-2018-16151/2.

oval:org.secpod.oval:def:1801187
CVE-2018-16151: In verify_emsa_pkcs1_signature in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data after the encoded algorithm OID during PKCS#1 v1.5 signature verification. Similar to the flaw in the same ...

oval:org.secpod.oval:def:1600937
A flaw was found in the way a local user on the SpamAssassin server could inject code in the meta rule syntax. This could cause the arbitrary code execution on the server when these rules are being processed.A potential Remote Code Execution bug exists with the PDFInfo plugin in Apache SpamAssassin ...

oval:org.secpod.oval:def:1801559
An issue was discovered in Artifex Ghostscript before 9.25. Incorrect "restoration of privilege" checking when running out of stack during exception handling could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction. This is due to an incomplete fix fo ...

oval:org.secpod.oval:def:1801533
An issue was discovered in Artifex Ghostscript before 9.25. Incorrect "restoration of privilege" checking when running out of stack during exception handling could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction. This is due to an incomplete fix fo ...

oval:org.secpod.oval:def:1502317
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1600969
It was discovered that the ghostscript /invalidaccess checks fail under certain conditions. An attacker could possibly exploit this to bypass the -dSAFER protection and, for example, execute arbitrary shell commands via a specially crafted PostScript document.

oval:org.secpod.oval:def:115953
Elfutils is a collection of utilities, including stack , nm , size , strip , readelf , elflint and elfcompress .

oval:org.secpod.oval:def:1801158
CVE-2018-10194: The set_text_distance function in devices/vector/gdevpdts.c in the pdfwrite component in Artifex Ghostscript through 9.22 does not prevent overflows in text-positioning calculation, which allows remote attackers to cause a denial of service or possibly have unspecified other impact ...

oval:org.secpod.oval:def:1801173
CVE-2018-10194: The set_text_distance function in devices/vector/gdevpdts.c in the pdfwrite component in Artifex Ghostscript through 9.22 does not prevent overflows in text-positioning calculation, which allows remote attackers to cause a denial of service or possibly have unspecified other impact ...

oval:org.secpod.oval:def:1801162
CVE-2018-10194: The set_text_distance function in devices/vector/gdevpdts.c in the pdfwrite component in Artifex Ghostscript through 9.22 does not prevent overflows in text-positioning calculation, which allows remote attackers to cause a denial of service or possibly have unspecified other impact ...

oval:org.secpod.oval:def:1801168
CVE-2018-10194: The set_text_distance function in devices/vector/gdevpdts.c in the pdfwrite component in Artifex Ghostscript through 9.22 does not prevent overflows in text-positioning calculation, which allows remote attackers to cause a denial of service or possibly have unspecified other impact ...

oval:org.secpod.oval:def:1801199
CVE-2018-14598: Crash on invalid reply in XListExtensions in ListExt.c¶ An issue was discovered in ListExt.c:XListExtensions and GetFPath.c:XGetFontPath in libX11 through version 1.6.5. A malicious server can send a reply in which the first string overflows, causing a variable to be set to NULL ...

oval:org.secpod.oval:def:1801204
CVE-2018-14598: Crash on invalid reply in XListExtensions in ListExt.c¶ An issue was discovered in ListExt.c:XListExtensions and GetFPath.c:XGetFontPath in libX11 through version 1.6.5. A malicious server can send a reply in which the first string overflows, causing a variable to be set to NULL ...

oval:org.secpod.oval:def:1801205
CVE-2018-14598: Crash on invalid reply in XListExtensions in ListExt.c¶ An issue was discovered in ListExt.c:XListExtensions and GetFPath.c:XGetFontPath in libX11 through version 1.6.5. A malicious server can send a reply in which the first string overflows, causing a variable to be set to NULL ...

oval:org.secpod.oval:def:1801206
CVE-2018-14598: Crash on invalid reply in XListExtensions in ListExt.c¶ An issue was discovered in ListExt.c:XListExtensions and GetFPath.c:XGetFontPath in libX11 through version 1.6.5. A malicious server can send a reply in which the first string overflows, causing a variable to be set to NULL ...

oval:org.secpod.oval:def:1600904
Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue and tcp_prune_ofo_queue for every incoming packet which can lead to a denial of service. An attacker can induce a denial of service condition by sending specially modified packets within ongoing TCP sessi ...

oval:org.secpod.oval:def:111999
The Simple Protocol for Independent Computing Environments is a remote display system built for virtual environments which allows you to view a computing 'desktop' environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine a ...

oval:org.secpod.oval:def:111988
The Simple Protocol for Independent Computing Environments is a remote display system built for virtual environments which allows you to view a computing 'desktop' environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine a ...

oval:org.secpod.oval:def:116186
With FUSE it is possible to implement a fully functional filesystem in a userspace program. This package contains the FUSE v2 userspace tools to mount a FUSE filesystem.

oval:org.secpod.oval:def:1801098
In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount is vulnerable to a restriction bypass when SELinux is active. This allows non-root users to mount a FUSE file system with the "allow_other" mount option regardless of whether "user_allow_other" is set in the fuse configuration. An attack ...

oval:org.secpod.oval:def:1801100
In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount is vulnerable to a restriction bypass when SELinux is active. This allows non-root users to mount a FUSE file system with the "allow_other" mount option regardless of whether "user_allow_other" is set in the fuse configuration. An attack ...

oval:org.secpod.oval:def:1801101
In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount is vulnerable to a restriction bypass when SELinux is active. This allows non-root users to mount a FUSE file system with the "allow_other" mount option regardless of whether "user_allow_other" is set in the fuse configuration. An attack ...

oval:org.secpod.oval:def:1801102
In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount is vulnerable to a restriction bypass when SELinux is active. This allows non-root users to mount a FUSE file system with the "allow_other" mount option regardless of whether "user_allow_other" is set in the fuse configuration. An attack ...

oval:org.secpod.oval:def:116229
With FUSE it is possible to implement a fully functional filesystem in a userspace program. This package contains the FUSE v2 userspace tools to mount a FUSE filesystem.

oval:org.secpod.oval:def:1800171
- Mitigate a flush+reload side-channel attack on RSA secret keys dubbed "Sliding right into disaster". For details see < [CVE-2017-7526] Looks like libgcrypt needs to be fixed in stable branches.

oval:org.secpod.oval:def:114352
Drupal is an open source content management platform powering millions of websites and applications. Its built, used, and supported by an active and diverse community of people around the world.

oval:org.secpod.oval:def:114309
Drupal is an open source content management platform powering millions of websites and applications. Its built, used, and supported by an active and diverse community of people around the world.

oval:org.secpod.oval:def:114304
Drupal is an open source content management platform powering millions of websites and applications. Its built, used, and supported by an active and diverse community of people around the world.

oval:org.secpod.oval:def:114274
Equipped with a powerful blend of features, Drupal is a Content Management System written in PHP that can support a variety of websites ranging from personal weblogs to large community-driven websites. Drupal is highly configurable, skinnable, and secure.

oval:org.secpod.oval:def:114273
Equipped with a powerful blend of features, Drupal is a Content Management System written in PHP that can support a variety of websites ranging from personal weblogs to large community-driven websites. Drupal is highly configurable, skinnable, and secure.

oval:org.secpod.oval:def:1800991
A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being compromised. This vulnerability is related to Drupal core - Highly critical - Rem ...

oval:org.secpod.oval:def:1600877
DOS via regular expression catastrophic backtracking in apop method in pop3libA flaw was found in the way catastrophic backtracking was implemented in python's pop3lib's apop method. An attacker could use this flaw to cause denial of service. DOS via regular expression backtracking in diff ...

oval:org.secpod.oval:def:1600952
A flaw was found in the way catastrophic backtracking was implemented in python's pop3lib's apop method. An attacker could use this flaw to cause denial of service.A flaw was found in the way catastrophic backtracking was implemented in python's difflib.IS_LINE_JUNK method. An attacke ...

oval:org.secpod.oval:def:1801021
Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. ...

oval:org.secpod.oval:def:1801022
Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. ...

oval:org.secpod.oval:def:1801019
Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. ...

oval:org.secpod.oval:def:1801005
A flaw was found in strongSwan VPN"s charon server prior to version 5.6.3. In stroke_socket.c, a missing packet length check could allow a integer underflow, which may lead to resource exhaustion and denial of service while reading from the socket. A remote attacker with local user credentials may ...

oval:org.secpod.oval:def:1801003
CVE-2018-11356: DNS dissector crash¶ Affected versions: 2.6.0, 2.4.0 to 2.4.6, 2.2.0 to 2.2.14 Fixed versions: 2.6.1, 2.4.7, 2.2.15

oval:org.secpod.oval:def:114969
PostgreSQL is an advanced Object-Relational database management system . The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine as t ...

oval:org.secpod.oval:def:1600955
A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq were used with "host" or "hostaddr" connection parameters from untrusted input, attackers could b ...

oval:org.secpod.oval:def:1801002
CVE-2018-10536: An issue was discovered in WavPack 5.1.0 and earlier. The WAV parser component contains a vulnerability that allows writing to memory because ParseRiffHeaderConfig in riff.c does not reject multiple format chunks.

oval:org.secpod.oval:def:1801006
CVE-2018-10536: An issue was discovered in WavPack 5.1.0 and earlier. The WAV parser component contains a vulnerability that allows writing to memory because ParseRiffHeaderConfig in riff.c does not reject multiple format chunks.

oval:org.secpod.oval:def:1800990
CVE-2018-10536: An issue was discovered in WavPack 5.1.0 and earlier. The WAV parser component contains a vulnerability that allows writing to memory because ParseRiffHeaderConfig in riff.c does not reject multiple format chunks.

oval:org.secpod.oval:def:1800998
CVE-2018-10536: An issue was discovered in WavPack 5.1.0 and earlier. The WAV parser component contains a vulnerability that allows writing to memory because ParseRiffHeaderConfig in riff.c does not reject multiple format chunks.

oval:org.secpod.oval:def:111956
Ghostscript is a set of software that provides a PostScript interpreter, a set of C procedures and an interpreter for Portable Document Format files. Ghostscript translates PostScript code into many common, bitmapped formats, like those understood by your printer or screen. Ghostscript is normally ...

oval:org.secpod.oval:def:111948
Ghostscript is a set of software that provides a PostScript interpreter, a set of C procedures and an interpreter for Portable Document Format files. Ghostscript translates PostScript code into many common, bitmapped formats, like those understood by your printer or screen. Ghostscript is normally ...

oval:org.secpod.oval:def:1800975
CVE-2018-9256: LWAPP dissector crash Affected versions: 2.4.0 to 2.4.5, 2.2.0 to 2.2.13 Fixed versions: 2.4.6, 2.2.14

oval:org.secpod.oval:def:1800976
CVE-2018-9256: LWAPP dissector crash Affected versions: 2.4.0 to 2.4.5, 2.2.0 to 2.2.13 Fixed versions: 2.4.6, 2.2.14

oval:org.secpod.oval:def:1600918
Because of an implementation bug the PA-RISC CRYPTO_memcmp function is effectively reduced to only comparing the least significant bit of each byte. This allows an attacker to forge messages that would be considered as authenticated in an amount of tries lower than that guaranteed by the security cl ...

oval:org.secpod.oval:def:1600915
Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.7.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability ca ...

oval:org.secpod.oval:def:1600912
Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.6.40 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can ...

oval:org.secpod.oval:def:1600954
Libgcrypt allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacke ...

oval:org.secpod.oval:def:116972
SquirrelMail is a basic webmail package written in PHP4. It includes built-in pure PHP support for the IMAP and SMTP protocols, and all pages render in pure HTML 4.0 for maximum compatibility across browsers. It has very few requirements and is very easy to configure and install.

oval:org.secpod.oval:def:113994
General data-binding functionality for Jackson: works on core streaming API.

oval:org.secpod.oval:def:113995
General data-binding functionality for Jackson: works on core streaming API.

oval:org.secpod.oval:def:603273
It was discovered that jackson-databind, a Java library used to parse JSON and other data formats, did not properly validate user input before attempting deserialization. This allowed an attacker to perform code execution by providing maliciously crafted input.

oval:org.secpod.oval:def:53254
It was discovered that jackson-databind, a Java library used to parse JSON and other data formats, did not properly validate user input before attempting deserialization. This allowed an attacker to perform code execution by providing maliciously crafted input.

oval:org.secpod.oval:def:1600851
Mishandling of client certificates can allow for OCSP check bypass:When parsing the AIA-Extension field of a client certificate, Apache Tomcat Native Connector 1.2.0 to 1.2.14 and 1.1.23 to 1.1.34 did not correctly handle fields longer than 127 bytes. The result of the parsing error was to skip the ...

oval:org.secpod.oval:def:1600862
Cross-site scripting vulnerability in web UIA cross-site scripting flaw was found in mailman. An attacker, able to trick the user into visiting a specific URL, can execute arbitrary web scripts on the user's side and force the victim to perform unintended actions. CSRF protection missing in t ...

oval:org.secpod.oval:def:1800908
CVE-2018-5334: IxVeriWave file parser crash¶ Affected versions: 2.4.0 to 2.4.3, 2.2.0 to 2.2.11Fixed versions: 2.4.4, 2.2.12

oval:org.secpod.oval:def:1600847
Memory information disclosure in DescribeImage function in magick/describe.cGraphicsMagick is vulnerable to a memory information disclosure vulnerability found in the DescribeImage function of the magick/describe.c file, because of a heap-based buffer over-read. The portion of the code containing th ...

oval:org.secpod.oval:def:1800162
CVE-2017-16548: The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing "\0" character in an xattr name, which allows remote attackers to cause a denial of service or possibly have unspecified other impact by sending crafted data to the daemon.

oval:org.secpod.oval:def:1800776
CVE-2017-16548: The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing "\0" character in an xattr name, which allows remote attackers to cause a denial of service or possibly have unspecified other impact by sending crafted data to the daemon.

oval:org.secpod.oval:def:1800247
CVE-2017-14314: Off-by-one error in the DrawImage function in magick/render.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service via a crafted file.

oval:org.secpod.oval:def:1800245
CVE-2017-13065: GraphicsMagick 1.3.26 has a NULL pointer dereference vulnerability in the function SVGStartElement in coders/svg.c.

oval:org.secpod.oval:def:1800297
CVE-2017-13775: GraphicsMagick 1.3.26 has a denial of service issue in ReadJNXImage in coders/jnx.c whereby large amounts of CPU and memory resources may be consumed although the file itself does not support the requests.

oval:org.secpod.oval:def:1800266
CVE-2017-13775: GraphicsMagick 1.3.26 has a denial of service issue in ReadJNXImage in coders/jnx.c whereby large amounts of CPU and memory resources may be consumed although the file itself does not support the requests.

oval:org.secpod.oval:def:1800179
An attacker can craft an RSS item with shell code in the title and/or URL. When you bookmark such an item, your shell will execute that code. Newsbeuter versions 0.7 through 2.9 are affected.

oval:org.secpod.oval:def:1800144
Improper Neutralization of Special Elements used in an OS Command in the podcast playback function of Podbeuter in Newsbeuter 0.3 through 2.9 allows remote attackers to perform user-assisted code execution by crafting an RSS item with a media enclosure that includes shell metacharacters in its file ...

oval:org.secpod.oval:def:1800719
An attacker can craft an RSS item with shell code in the title and/or URL. When you bookmark such an item, your shell will execute that code. Newsbeuter versions 0.7 through 2.9 are affected.

oval:org.secpod.oval:def:1800834
Improper Neutralization of Special Elements used in an OS Command in the podcast playback function of Podbeuter in Newsbeuter 0.3 through 2.9 allows remote attackers to perform user-assisted code execution by crafting an RSS item with a media enclosure that includes shell metacharacters in its file ...

oval:org.secpod.oval:def:1800738
CVE-2017-11642: GraphicsMagick 1.3.26 has a NULL pointer dereference in the WriteMAPImage function in coders/map.c when processing a non-colormapped image, a different vulnerability than CVE-2017-11638.

oval:org.secpod.oval:def:1800920
- Mitigate a flush+reload side-channel attack on RSA secret keys dubbed "Sliding right into disaster". For details see < [CVE-2017-7526] Looks like libgcrypt needs to be fixed in stable branches.

oval:org.secpod.oval:def:1800802
- Mitigate a flush+reload side-channel attack on RSA secret keys dubbed "Sliding right into disaster". For details see < [CVE-2017-7526] Looks like libgcrypt needs to be fixed in stable branches.

oval:org.secpod.oval:def:1501965
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:111458
Ghostscript is a set of software that provides a PostScript interpreter, a set of C procedures and an interpreter for Portable Document Format files. Ghostscript translates PostScript code into many common, bitmapped formats, like those understood by your printer or screen. Ghostscript is normally ...

oval:org.secpod.oval:def:111465
Ghostscript is a set of software that provides a PostScript interpreter, a set of C procedures and an interpreter for Portable Document Format files. Ghostscript translates PostScript code into many common, bitmapped formats, like those understood by your printer or screen. Ghostscript is normally ...

oval:org.secpod.oval:def:116176
SVG Salamander is an SVG engine for Java that's designed to be small, fast, and allow programmers to use it with a minimum of fuss. It's in particular targeted for making it easy to integrate SVG into Java games and making it much easier for artists to design 2D game content - from rich inte ...

oval:org.secpod.oval:def:603129
Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed Real, MV, RL2, ASF, Apple HLS, Phantom Cine, MXF, NSV, MOV or RTP H.264 files/streams are processed.

oval:org.secpod.oval:def:1800658
3.2.9 Fixes following vulnerabilities: CVE-2017-15186, Patch: 3.2.8 Fixes following vulnerabilities: CVE-2017-14054,CVE-2017-14055, CVE-2017-14056, CVE-2017-14057, CVE-2017-14058, CVE-2017-14059, CVE-2017-14169, CVE-2017-14170, CVE-2017-14171, CVE-2017-14222, CVE-2017-14223, CVE-2017-14225,CVE-2017- ...

oval:org.secpod.oval:def:53125
Several vulnerabilities have been discovered in FFmpeg, a multimedia player, server and encoder. These issues could lead to Denial-of-Service and, in some situation, the execution of arbitrary code. CVE-2017-9608 Yihan Lian of Qihoo 360 GearTeam discovered a NULL pointer access when parsing a crafte ...

oval:org.secpod.oval:def:53153
Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed Real, MV, RL2, ASF, Apple HLS, Phantom Cine, MXF, NSV, MOV or RTP H.264 files/streams are processed.

oval:org.secpod.oval:def:603081
Several vulnerabilities have been discovered in FFmpeg, a multimedia player, server and encoder. These issues could lead to Denial-of-Service and, in some situation, the execution of arbitrary code. CVE-2017-9608 Yihan Lian of Qihoo 360 GearTeam discovered a NULL pointer access when parsing a crafte ...

oval:org.secpod.oval:def:1501982
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:52462
tcpdump: command-line network traffic analyzer tcpdump could be made to crash or run programs if it received specially crafted network traffic.

oval:org.secpod.oval:def:108574
Tcpdump is a command-line tool for monitoring network traffic. Tcpdump can capture and display the packet headers on a particular network interface or on all interfaces. Tcpdump can display all of the packet headers, or just the ones that match particular criteria. Install tcpdump if you need a prog ...

oval:org.secpod.oval:def:502083
The tcpdump packages contain the tcpdump utility for monitoring network traffic. The tcpdump utility can capture and display the packet headers on a particular network interface or on all interfaces. The following packages have been upgraded to a later upstream version: tcpdump . Security Fix: * Mu ...

oval:org.secpod.oval:def:601999
Several vulnerabilities have been discovered in tcpdump, a command-line network traffic analyzer. These vulnerabilities might result in denial of service or, potentially, execution of arbitrary code.

oval:org.secpod.oval:def:108705
Tcpdump is a command-line tool for monitoring network traffic. Tcpdump can capture and display the packet headers on a particular network interface or on all interfaces. Tcpdump can display all of the packet headers, or just the ones that match particular criteria. Install tcpdump if you need a prog ...

oval:org.secpod.oval:def:1800748
A design flaw was found in the libgcrypt PRNG . An attacker who can obtain the first 580 bytes of the PRNG output, can trivially predict the following 20 bytes. Fixed In Version: libgcrypt 1.7.3, libgcrypt 1.6.6, libgcrypt 1.5.6, gnupg 1.4.21

oval:org.secpod.oval:def:111200
This module provides simple ways to query and possibly load any of the modules you have installed on your system during run-time.

oval:org.secpod.oval:def:111239
Perl is a high-level programming language with roots in C, sed, awk and shell scripting. Perl is good at handling processes and files, and is especially good at handling text. Perl's hallmarks are practicality and efficiency. While it is used to do a lot of different things, Perl's most comm ...

oval:org.secpod.oval:def:110885
Perl is a high-level programming language with roots in C, sed, awk and shell scripting. Perl is good at handling processes and files, and is especially good at handling text. Perl's hallmarks are practicality and efficiency. While it is used to do a lot of different things, Perl's most comm ...

oval:org.secpod.oval:def:110874
Perl is a high-level programming language with roots in C, sed, awk and shell scripting. Perl is good at handling processes and files, and is especially good at handling text. Perl's hallmarks are practicality and efficiency. While it is used to do a lot of different things, Perl's most comm ...

oval:org.secpod.oval:def:110869
Perl is a high-level programming language with roots in C, sed, awk and shell scripting. Perl is good at handling processes and files, and is especially good at handling text. Perl's hallmarks are practicality and efficiency. While it is used to do a lot of different things, Perl's most comm ...

oval:org.secpod.oval:def:111189
This module provides simple ways to query and possibly load any of the modules you have installed on your system during run-time.

oval:org.secpod.oval:def:1800747
CVE-2017-12837: Heap-based buffer overflow in the regular expression compiler in PERL before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service via a crafted regular expression with the case-insensitive modifier.

oval:org.secpod.oval:def:1800087
CVE-2017-12837: Heap-based buffer overflow in the regular expression compiler in PERL before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service via a crafted regular expression with the case-insensitive modifier.

oval:org.secpod.oval:def:1501997
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1600762
Unbounded stack allocation in catopen functionA stack based buffer overflow vulnerability was found in the catopen function. An excessively long string passed to the function could cause it to crash or, potentially, execute arbitrary code.Integer overflow in hcreate and hcreate_rAn integer overflow ...

oval:org.secpod.oval:def:502002
The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix: * A stack overflow vulnerability was ...

oval:org.secpod.oval:def:110483
The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets ...

oval:org.secpod.oval:def:602376
Several vulnerabilities have been fixed in the GNU C Library, glibc. The first vulnerability listed below is considered to have critical impact. CVE-2015-7547 The Google Security Team and Red Hat discovered that the glibc host name resolver function, getaddrinfo, when processing AF_UNSPEC queries , ...

oval:org.secpod.oval:def:1501806
The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix: * A stack overflow vulnerability was ...

oval:org.secpod.oval:def:602373
Several vulnerabilities have been fixed in the GNU C Library, eglibc. The CVE-2015-7547 vulnerability listed below is considered to have critical impact. CVE-2014-8121 Robin Hack discovered that the nss_files database did not correctly implement enumeration interleaved with name-based or ID-based lo ...

oval:org.secpod.oval:def:1800429
The bgp_nlri_parse_vpnv4 function in bgp_mplsvpn.c in the VPNv4 NLRI parser in bgpd in Quagga before 1.0.20160309, when a certain VPNv4 configuration is used, relies on a Labeled-VPN SAFI routes-data length field during a data copy, which allows remote attackers to execute arbitrary code or cause a ...

oval:org.secpod.oval:def:602438
Kostya Kortchinsky discovered a stack-based buffer overflow vulnerability in the VPNv4 NLRI parser in bgpd in quagga, a BGP/OSPF/RIP routing daemon. A remote attacker can exploit this flaw to cause a denial of service , or potentially, execution of arbitrary code, if bgpd is configured with BGP peer ...

oval:org.secpod.oval:def:501999
The quagga packages contain Quagga, the free network-routing software suite that manages TCP/IP based protocols. Quagga supports the BGP4, BGP4+, OSPFv2, OSPFv3, RIPv1, RIPv2, and RIPng protocols, and is intended to be used as a Route Server and Route Reflector. Security Fix: * A stack-based buffer ...

oval:org.secpod.oval:def:603157
Several vulnerabilities have been discovered in the chromium web browser. In addition, this message serves as an announcement that security support for chromium in the oldstable release , Debian 8, is now discontinued. Debian 8 chromium users that desire continued security updates are strongly encou ...

oval:org.secpod.oval:def:113714
Qt5 - QtWebEngine components.

oval:org.secpod.oval:def:113704
Qt5 - QtWebEngine components.

oval:org.secpod.oval:def:113701
Qt5 - QtWebEngine components.

oval:org.secpod.oval:def:53173
Several vulnerabilities have been discovered in the chromium web browser. In addition, this message serves as an announcement that security support for chromium in the oldstable release , Debian 8, is now discontinued. Debian 8 chromium users that desire continued security updates are strongly encou ...

oval:org.secpod.oval:def:113857
Chromium is an open-source web browser, powered by WebKit .

oval:org.secpod.oval:def:43116
The host is missing a critical severity security update according to Google advisory. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:43115
The host is missing a critical severity security update according to Google advisory. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:43136
The host is missing a critical severity security update according to Google advisory. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:43716
The host is installed with Google Chrome before 64.0.3282.119 and is prone to a Insufficient isolation of devtools from extensions vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:43717
The host is installed with Google Chrome before 64.0.3282.119 and is prone to a Insufficient isolation of devtools from extensions vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:43718
The host is installed with Google Chrome before 64.0.3282.119 and is prone to a Cross origin URL leak vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:43719
The host is installed with Google Chrome before 64.0.3282.119 and is prone to a Referrer policy bypass vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:43720
The host is installed with Google Chrome before 64.0.3282.119 and is prone to a UI spoof vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:43726
The host is missing a high severity security update according to Google advisory. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:114181
Qt5 - QtWebEngine components.

oval:org.secpod.oval:def:114179
Qt5 - QtWebEngine components.

oval:org.secpod.oval:def:53241
Several vulnerabilities have been discovered in the chromium web browser. CVE-2017-15420 Drew Springall discovered a URL spoofing issue. CVE-2017-15429 A cross-site scripting issue was discovered in the v8 javascript library. CVE-2018-6031 A use-after-free issue was discovered in the pdfium library. ...

oval:org.secpod.oval:def:114033
Qt5 - QtWebEngine components.

oval:org.secpod.oval:def:114053
Qt5 - QtWebEngine components.

oval:org.secpod.oval:def:603378
Several vulnerabilities have been discovered in the chromium web browser. CVE-2018-6056 lokihardt discovered an error in the v8 javascript library. CVE-2018-6057 Gal Beniamini discovered errors related to shared memory permissions. CVE-2018-6060 Omair discovered a use-after-free issue in blink/webki ...

oval:org.secpod.oval:def:53312
Several vulnerabilities have been discovered in the chromium web browser. CVE-2018-6056 lokihardt discovered an error in the v8 javascript library. CVE-2018-6057 Gal Beniamini discovered errors related to shared memory permissions. CVE-2018-6060 Omair discovered a use-after-free issue in blink/webki ...

oval:org.secpod.oval:def:45096
The host is installed with Google Chrome before 66.0.3359.117 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:45097
The host is installed with Google Chrome before 66.0.3359.117 and is prone to a same origin bypass vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:45161
The host is missing a critical security update according to Google advisory. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:45126
The host is missing a critical security update according to Google advisory. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:45131
The host is installed with Google Chrome before 66.0.3359.117 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:45132
The host is installed with Google Chrome before 66.0.3359.117 and is prone to a same origin bypass vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:45284
The host is missing a critical security update according to Google advisory. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:45285
The host is missing a critical security update according to Google advisory. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:45224
The host is installed with Google Chrome before 66.0.3359.117 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:45225
The host is installed with Google Chrome before 66.0.3359.117 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:45226
The host is installed with Google Chrome before 66.0.3359.117 and is prone to a same origin bypass vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:45227
The host is installed with Google Chrome before 66.0.3359.117 and is prone to a same origin bypass vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:114598
Chromium is an open-source web browser, powered by WebKit .

oval:org.secpod.oval:def:114585
Chromium is an open-source web browser, powered by WebKit .

oval:org.secpod.oval:def:603441
Several vulnerabilities have been discovered in the chromium web browser. CVE-2018-6118 Ned Williamson discovered a use-after-free issue. CVE-2018-6120 Zhou Aiting discovered a buffer overflow issue in the pdfium library. CVE-2018-6121 It was discovered that malicious extensions could escalate privi ...

oval:org.secpod.oval:def:45780
The host is missing a high severity security update according to Google advisory. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:53361
Several vulnerabilities have been discovered in the chromium web browser. CVE-2018-6118 Ned Williamson discovered a use-after-free issue. CVE-2018-6120 Zhou Aiting discovered a buffer overflow issue in the pdfium library. CVE-2018-6121 It was discovered that malicious extensions could escalate privi ...

oval:org.secpod.oval:def:45829
The host is missing a high severity security update according to Google advisory. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:45830
The host is missing a high severity security update according to Google advisory. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:45855
The host is missing a high severity security update according to Google advisory. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:114683
Chromium is an open-source web browser, powered by WebKit .

oval:org.secpod.oval:def:114631
Chromium is an open-source web browser, powered by WebKit .

oval:org.secpod.oval:def:47562
The host is installed missing a high severity security update according to Google advisory. The update is required to fix multiple stack overflow vulnerabilities. The flaw is present in the application, which fails to handle crafted html page. Successful exploitation allows attackers to attacker to ...

oval:org.secpod.oval:def:47561
The host is installed with Google Chrome before 62.0.3202.75 and is prone to a Stack Buffer Overflow vulnerability. A flaw is present in the application, which fails to handle crafted html page. Successful exploitation allows attackers to attacker to potentially exploit heap corruption via a crafted ...

oval:org.secpod.oval:def:47569
The host is installed with Google Chrome before 62.0.3202.75 and is prone to a Stack Buffer Overflow vulnerability. A flaw is present in the application, which fails to handle crafted html page. Successful exploitation allows attackers to potentially exploit heap corruption via a crafted html page.

oval:org.secpod.oval:def:47570
The host is missing a high severity security update according to Google advisory. The update is required to fix multiple stack overflow vulnerabilities. The flaw is present in the application, which fails to handle crafted html page. Successful exploitation allows attackers to potentially exploit he ...

oval:org.secpod.oval:def:47573
The host is installed with Google Chrome before 62.0.3202.75 and is prone to a Stack Buffer Overflow vulnerability. A flaw is present in the application, which fails to handle crafted html page. Successful exploitation allows attackers to potentially exploit heap corruption via a crafted html page.

oval:org.secpod.oval:def:47574
The host is missing a high severity security update according to Google advisory. The update is required to fix multiple stack overflow vulnerabilities. The flaw is present in the application, which fails to handle crafted html page. Successful exploitation allows attackers to potentially exploit he ...

oval:org.secpod.oval:def:48078
The host is missing an important security update according to Google advisory. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:603257
Several vulnerabilities have been discovered in the chromium web browser. CVE-2017-15420 Drew Springall discovered a URL spoofing issue. CVE-2017-15429 A cross-site scripting issue was discovered in the v8 javascript library. CVE-2018-6031 A use-after-free issue was discovered in the pdfium library. ...

oval:org.secpod.oval:def:49590
The host is missing a high severity security update according to Google advisory. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:53475
Several vulnerabilities have been discovered in the chromium web browser. CVE-2018-17480 Guang Gong discovered an out-of-bounds write issue in the v8 javascript library. CVE-2018-17481 Several use-after-free issues were discovered in the pdfium library. CVE-2018-18335 A buffer overflow issue was dis ...

oval:org.secpod.oval:def:52474
oxide-qt: Web browser engine library for Qt Several security issues were fixed in Oxide.

oval:org.secpod.oval:def:602072
Several vulnerabilities were discovered in the chromium web browser. CVE-2015-1243 Saif El-Sherei discovered a use-after-free issue. CVE-2015-1250 The chrome 42 team found and fixed multiple issues during internal auditing.

oval:org.secpod.oval:def:52485
oxide-qt: Web browser engine library for Qt Several security issues were fixed in Oxide.

oval:org.secpod.oval:def:602116
Several vulnerabilities were discovered in the chromium web browser. CVE-2015-1251 SkyLined discovered a use-after-free issue in speech recognition. CVE-2015-1252 An out-of-bounds write issue was discovered that could be used to escape from the sandbox. CVE-2015-1253 A cross-origin bypass issue was ...

oval:org.secpod.oval:def:109574
libvpx provides the VP8 SDK, which allows you to integrate your applications with the VP8 video codec, a high quality, royalty free, open source codec deployed on millions of computers and devices worldwide.

oval:org.secpod.oval:def:109533
libvpx provides the VP8 SDK, which allows you to integrate your applications with the VP8 video codec, a high quality, royalty free, open source codec deployed on millions of computers and devices worldwide.

oval:org.secpod.oval:def:32823
The host is installed with Google Chrome before 48.0.2564.109 and is prone to an arbitrary code execution vulnerability. A flaw is present in the application, which fails to handle a crafted JPEG 2000 image in a PDF document. Successful exploitation allows remote attackers to execute arbitrary code ...

oval:org.secpod.oval:def:32938
The host is missing a high severity security update according to Google advisory. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to cause a denial of service, bypass ...

oval:org.secpod.oval:def:32438
The host is installed with Google Chrome before 48.0.2564.109 and is prone to an arbitrary code execution vulnerability. A flaw is present in the application, which fails to handle a crafted JPEG 2000 image in a PDF document. Successful exploitation allows remote attackers to execute arbitrary code ...

oval:org.secpod.oval:def:602381
Several vulnerabilities have been discovered in the chromium web browser. CVE-2016-1622 It was discovered that a maliciously crafted extension could bypass the Same Origin Policy. CVE-2016-1623 Mariusz Mlynski discovered a way to bypass the Same Origin Policy. CVE-2016-1624 lukezli discovered a buff ...

oval:org.secpod.oval:def:1502477
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1700160
An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.An integer overflow flaw ...

oval:org.secpod.oval:def:502635
The libssh2 packages provide a library that implements the SSH2 protocol. Security Fix: * libssh2: Integer overflow in transport read resulting in out of bounds write * libssh2: Integer overflow in keyboard interactive handling resulting in out of bounds write * libssh2: Integer overflow in SSH pa ...

oval:org.secpod.oval:def:603849
Chris Coulson discovered several vulnerabilities in libssh2, a SSH2 client-side library, which could result in denial of service, information leaks or the execution of arbitrary code.

oval:org.secpod.oval:def:205182
The libssh2 packages provide a library that implements the SSH2 protocol. Security Fix: * libssh2: Integer overflow in transport read resulting in out of bounds write * libssh2: Integer overflow in keyboard interactive handling resulting in out of bounds write * libssh2: Integer overflow in SSH pa ...

oval:org.secpod.oval:def:503199
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * kernel: nfs: use-after-free in svc_process_common * kernel: insufficient input validation in kernel mode driver in Intel i915 graphics leads to privilege escalation * kernel: nfs: NULL pointer der ...

oval:org.secpod.oval:def:603931
Multiple security issues were found in jackson-databind, a Java library to parse JSON and other data formats which could result in information disclosure or the execution of arbitrary code.

oval:org.secpod.oval:def:603586
Several vulnerabilities have been discovered in the chromium web browser. CVE-2018-17480 Guang Gong discovered an out-of-bounds write issue in the v8 javascript library. CVE-2018-17481 Several use-after-free issues were discovered in the pdfium library. CVE-2018-18335 A buffer overflow issue was dis ...

oval:org.secpod.oval:def:2000525
Apache Thrift Java client library versions 0.5.0 through 0.11.0 can bypass SASL negotiation isComplete validation in the org.apache.thrift.transport.TSaslTransport class. An assert used to determine if the SASL handshake had successfully completed could be disabled in production settings making the ...

oval:org.secpod.oval:def:1901136
FasterXML libjackson2-databind-java 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization.

oval:org.secpod.oval:def:1901329
FasterXML libjackson2-databind-java 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization.

oval:org.secpod.oval:def:50051
The host is installed with Artifex Ghostscript through 9.25 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle a crafted PDF file. Successful exploitation could allow attackers to trigger an extremely long running computation when ...

oval:org.secpod.oval:def:50019
The host is installed with Artifex Ghostscript through 9.25 and is prone to an arbitrary code execution vulnerability. A flaw is present in the application, which fails to properly handle crafted postscript document. Successful exploitation could allow attackers toexecute arbitrary code.

oval:org.secpod.oval:def:115977
Project for parent pom for all Jackson components.

oval:org.secpod.oval:def:115973
Java 8 Datatypes: support for other new Java 8 data types outside of date/time: most notably Optional, OptionalLong, OptionalDouble.

oval:org.secpod.oval:def:115975
A "bill of materials" POM for Jackson dependencies.

oval:org.secpod.oval:def:115971
This is a multi-module umbrella project for various Jackson Data-type modules to support 3rd party Collection libraries. Currently included are: * Guava data-type * HPPC data-type * PCollections data-type

oval:org.secpod.oval:def:115967
Parent pom for Jackson text-format dataformats.

oval:org.secpod.oval:def:115962
A pure Java implementation of the Git version control system.

oval:org.secpod.oval:def:115964
This is a Jackson module that aims to provide full support for data types of Joda date-time library.

oval:org.secpod.oval:def:115963
The general-purpose data-binding functionality and tree-model for Jackson Data Processor. It builds on core streaming parser/generator package, and uses Jackson Annotations for configuration.

oval:org.secpod.oval:def:115995
Add-on module for to support JSON Schema version 3 generation.

oval:org.secpod.oval:def:115994
Data format extension for Jackson to offer alternative support for serializing POJOs as XML and deserializing XML as POJOs. Support implemented on top of Stax API , by implementing core Jackson Streaming API types like JsonGenerator, JsonParser and JsonFactory. Some data-binding types overridden as ...

oval:org.secpod.oval:def:115990
This is a multi-module project that contains Jackson-based JAX-RS providers for following data formats: JSON, Smile , XML, CBOR , YAML.

oval:org.secpod.oval:def:115992
Jackson "base" modules: modules that build directly on databind, and are not data-type, data format, or JAX-RS provider modules.

oval:org.secpod.oval:def:115987
The Linux Tools project is a two-faceted project. Firstly, it develops tools and frameworks for writing tools for Linux developers. Secondly, it provides a place for Linux distributions to collaboratively overcome issues surrounding distribution packaging of Eclipse technology. The project will prod ...

oval:org.secpod.oval:def:115983
Core annotations used for value types, used by Jackson data-binding package.

oval:org.secpod.oval:def:115985
Core part of Jackson that defines Streaming API as well as basic shared abstractions.

oval:org.secpod.oval:def:115980
Parent pom for Jackson binary dataformats.

oval:org.secpod.oval:def:115647
Symfony PHP framework . NOTE: Does not require PHPUnit bridge.

oval:org.secpod.oval:def:115646
Symfony PHP framework . NOTE: Does not require PHPUnit bridge.

oval:org.secpod.oval:def:115645
PHP framework for web projects

oval:org.secpod.oval:def:2001517
An open redirect was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9 and 4.2.x before 4.2.1. By using backslashes in the `_failure_path` input field of login forms, an attacker can work around the redirection target restricti ...

oval:org.secpod.oval:def:2000115
An issue was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9, and 4.2.x before 4.2.1. When using the scalar type hint `string` in a setter method of a class that"s the `data_class` of a form, and when a file upload is submit ...

oval:org.secpod.oval:def:1900109
In The Sleuth Kit through 4.6.4, hfs_cat_traverse in tsk/fs/hfs.c does not properly determine when a key length is too large, which allows attackers to cause a denial of service .

oval:org.secpod.oval:def:53381
Jann Horn discovered that FUSE, a Filesystem in USErspace, allows the bypass of the "user_allow_other" restriction when SELinux is active . A local user can take advantage of this flaw in the fusermount utility to bypass the system configuration and mount a FUSE filesystem with the "allow_other" mou ...

oval:org.secpod.oval:def:1700097
A vulnerability was discovered in fuse. When SELinux is active, fusermount is vulnerable to a restriction bypass. This allows non-root users to mount a FUSE file system with the #039;allow_other#039; mount option regardless of whether #039;user_allow_other#039; is set in the fuse configuration. An a ...

oval:org.secpod.oval:def:114433
Equipped with a powerful blend of features, Drupal is a Content Management System written in PHP that can support a variety of websites ranging from personal weblogs to large community-driven websites. Drupal is highly configurable, skinnable, and secure.

oval:org.secpod.oval:def:114468
Drupal is an open source content management platform powering millions of websites and applications. Its built, used, and supported by an active and diverse community of people around the world.

oval:org.secpod.oval:def:603374
A remote code execution vulnerability has been found in Drupal, a fully-featured content management framework. For additional information, please refer to the upstream advisory at https://www.drupal.org/sa-core-2018-004

oval:org.secpod.oval:def:53309
A remote code execution vulnerability has been found in Drupal, a fully-featured content management framework. For additional information, please refer to the upstream advisory at https://www.drupal.org/sa-core-2018-004

oval:org.secpod.oval:def:114957
Symfony PHP framework . NOTE: Does not require PHPUnit bridge.

oval:org.secpod.oval:def:114761
Symfony PHP framework . NOTE: Does not require PHPUnit bridge.

oval:org.secpod.oval:def:114760
PHP framework for web projects

oval:org.secpod.oval:def:603393
Multiple vulnerabilities were discovered in the wavpack audio codec which could result in denial of service or the execution of arbitrary code if malformed media files are processed. The oldstable distribution is not affected.

oval:org.secpod.oval:def:704171
wavpack: audio codec - encoder and decoder Several security issues were fixed in WavPackXXX-APP-XXX.

oval:org.secpod.oval:def:53323
Multiple vulnerabilities were discovered in the wavpack audio codec which could result in denial of service or the execution of arbitrary code if malformed media files are processed. The oldstable distribution is not affected.

oval:org.secpod.oval:def:114554
WavPack is a completely open audio compression format providing lossless, high-quality lossy, and a unique hybrid compression mode. Although the technology is loosely based on previous versions of WavPack, the new version 4 format has been designed from the ground up to offer unparalleled performanc ...

oval:org.secpod.oval:def:51077
wavpack: audio codec - encoder and decoder Several security issues were fixed in WavPackXXX-APP-XXX.

oval:org.secpod.oval:def:603390
An XML external entity expansion vulnerability was discovered in the DataImportHandler of Solr, a search server based on Lucene, which could result in information disclosure.

oval:org.secpod.oval:def:53321
An XML external entity expansion vulnerability was discovered in the DataImportHandler of Solr, a search server based on Lucene, which could result in information disclosure.

oval:org.secpod.oval:def:114224
The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols.

oval:org.secpod.oval:def:114223
The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols.

oval:org.secpod.oval:def:603356
Florian Grunow und Birk Kauer of ERNW discovered a path traversal vulnerability in SquirrelMail, a webmail application, allowing an authenticated remote attacker to retrieve or delete arbitrary files via mail attachment.

oval:org.secpod.oval:def:2000226
MIT libkrb5-dev 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to cause a denial of service or bypass a DN container check by supplying tagged data that is internal to the database module.

oval:org.secpod.oval:def:1700106
MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a quot;linkdnquot; and quot;containerdnquot; database argument, or by supplying a DN string which is a left extension of a cont ...

oval:org.secpod.oval:def:114027
Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of sending passwords over the network in unencrypted form.

oval:org.secpod.oval:def:114073
Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of sending passwords over the network in unencrypted form.

oval:org.secpod.oval:def:46712
The host is installed with oracle webLogic through 12.2.1.2 or 12.2.1.3 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to handle jackson-databind component issue. Successful exploitation allows an attacker to execute an unauthenticated remote ...

oval:org.secpod.oval:def:603388
It was discovered that jackson-databind, a Java library used to parse JSON and other data formats, improperly validated user input prior to deserializing because of an incomplete fix for CVE-2017-7525.

oval:org.secpod.oval:def:603297
Multiple heap buffer over reads were discovered in freexl, a library to read Microsoft Excel spreadsheets, which could result in denial of service.

oval:org.secpod.oval:def:53265
Multiple heap buffer over reads were discovered in freexl, a library to read Microsoft Excel spreadsheets, which could result in denial of service.

oval:org.secpod.oval:def:603620
A vulnerability was discovered in the implementation of the P-521 and P-384 elliptic curves, which could result in denial of service and in some cases key recovery. In addition this update fixes two vulnerabilities in go get, which could result in the execution of arbitrary shell commands.

oval:org.secpod.oval:def:53503
A vulnerability was discovered in the implementation of the P-521 and P-384 elliptic curves, which could result in denial of service and in some cases key recovery. In addition this update fixes two vulnerabilities in "go get", which could result in the execution of arbitrary shell command ...

oval:org.secpod.oval:def:603332
Two vulnerabilities were discovered in MuPDF, a PDF, XPS, and e-book viewer, which may result in denial of service or remote code execution. An attacker can craft a PDF document which, when opened in the victim host, might consume vast amounts of memory, crash the program, or, in some cases, execute ...

oval:org.secpod.oval:def:53287
Two vulnerabilities were discovered in MuPDF, a PDF, XPS, and e-book viewer, which may result in denial of service or remote code execution. An attacker can craft a PDF document which, when opened in the victim host, might consume vast amounts of memory, crash the program, or, in some cases, execute ...

oval:org.secpod.oval:def:114029
MuPDF is a lightweight PDF viewer and toolkit written in portable C. The renderer in MuPDF is tailored for high quality anti-aliased graphics. MuPDF renders text with metrics and spacing accurate to within fractions of a pixel for the highest fidelity in reproducing the look of a printed page on scr ...

oval:org.secpod.oval:def:602707
It was discovered that Tor, a connection-based low-latency anonymous communication system, may read one byte past a buffer when parsing hidden service descriptors. This issue may enable a hostile hidden service to crash Tor clients depending on hardening options and malloc implementation.

oval:org.secpod.oval:def:1800642
CVE-2017-17083: NetBIOS dissector crash¶ Affected versions: 2.4.0 to 2.4.2, 2.2.0 to 2.2.10 Fixed versions: 2.4.3, 2.2.11

oval:org.secpod.oval:def:113856
Metapackage with installs wireshark-cli and wireshark-qt.

oval:org.secpod.oval:def:1800441
CVE-2017-17083: NetBIOS dissector crash Affected versions: 2.4.0 to 2.4.2, 2.2.0 to 2.2.10 Fixed versions: 2.4.3, 2.2.11

oval:org.secpod.oval:def:43221
The host is installed with Wireshark 2.4.0 to 2.4.2 or 2.2.0 to 2.2.10 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to properly handle the IWARP_MPA dissector issue. Successful exploitation allows attackers to cause an application crash.

oval:org.secpod.oval:def:43220
The host is installed with Wireshark 2.4.0 to 2.4.2 or 2.2.0 to 2.2.10 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to properly handle the CIP safety dissector issue. Successful exploitation allows attackers to cause an application crash.

oval:org.secpod.oval:def:603175
Rod Widdowson of Steading System Software LLP discovered a coding error in the OpenSAML library, causing the DynamicMetadataProvider class to fail configuring itself with the filters provided and omitting whatever checks they are intended to perform.

oval:org.secpod.oval:def:53187
Rod Widdowson of Steading System Software LLP discovered a coding error in the OpenSAML library, causing the DynamicMetadataProvider class to fail configuring itself with the filters provided and omitting whatever checks they are intended to perform.

oval:org.secpod.oval:def:1800564
A vulnerability has been found where an authenticated client can send a malicious XML-RPC request to supervisord that will run arbitrary shell commands on the server. The commands will be run as the same user as supervisord. Depending on how supervisord has been configured, this may be root. Affecte ...

oval:org.secpod.oval:def:1800609
A vulnerability has been found where an authenticated client can send a malicious XML-RPC request to supervisord that will run arbitrary shell commands on the server. The commands will be run as the same user as supervisord. Depending on how supervisord has been configured, this may be root. Affecte ...

oval:org.secpod.oval:def:1800614
A vulnerability has been found where an authenticated client can send a malicious XML-RPC request to supervisord that will run arbitrary shell commands on the server. The commands will be run as the same user as supervisord. Depending on how supervisord has been configured, this may be root. Affecte ...

oval:org.secpod.oval:def:53109
Calum Hutton reported that the XML-RPC server in supervisor, a system for controlling process state, does not perform validation on requested XML-RPC methods, allowing an authenticated client to send a malicious XML-RPC request to supervisord that will run arbitrary shell commands on the server as t ...

oval:org.secpod.oval:def:1800407
A vulnerability has been found where an authenticated client can send a malicious XML-RPC request to supervisord that will run arbitrary shell commands on the server. The commands will be run as the same user as supervisord. Depending on how supervisord has been configured, this may be root. Affecte ...

oval:org.secpod.oval:def:112987
The supervisor is a client/server system that allows its users to control a number of processes on UNIX-like operating systems.

oval:org.secpod.oval:def:112974
The supervisor is a client/server system that allows its users to control a number of processes on UNIX-like operating systems.

oval:org.secpod.oval:def:112994
The supervisor is a client/server system that allows its users to control a number of processes on UNIX-like operating systems.

oval:org.secpod.oval:def:603039
Calum Hutton reported that the XML-RPC server in supervisor, a system for controlling process state, does not perform validation on requested XML-RPC methods, allowing an authenticated client to send a malicious XML-RPC request to supervisord that will run arbitrary shell commands on the server as t ...

oval:org.secpod.oval:def:603207
It was discovered that wireshark, a network protocol analyzer, contained several vulnerabilities in the dissectors for CIP Safety, IWARP_MPA, NetBIOS, Profinet I/O and AMQP, which result in denial of dervice or the execution of arbitrary code.

oval:org.secpod.oval:def:53206
It was discovered that wireshark, a network protocol analyzer, contained several vulnerabilities in the dissectors for CIP Safety, IWARP_MPA, NetBIOS, Profinet I/O and AMQP, which result in denial of dervice or the execution of arbitrary code.

oval:org.secpod.oval:def:53082
Alvaro Munoz and Christian Schneider discovered that jython, an implementation of the Python language seamlessly integrated with Java, is prone to arbitrary code execution triggered when sending a serialized function to the deserializer.

oval:org.secpod.oval:def:602953
Alvaro Munoz and Christian Schneider discovered that jython, an implementation of the Python language seamlessly integrated with Java, is prone to arbitrary code execution triggered when sending a serialized function to the deserializer.

oval:org.secpod.oval:def:602765
Luc Lynx discovered that SVG Salamander, a SVG engine for Java was susceptible to server side request forgery.

oval:org.secpod.oval:def:602678
It was discovered that wireshark, a network protocol analyzer, contained several vulnerabilities in the dissectors for DCERPC, AllJoyn, DTN, and OpenFlow, that could lead to various crashes, denial-of-service, or execution of arbitrary code.

oval:org.secpod.oval:def:36976
The host is installed with Wireshark 2.0.x before 2.0.6 and is prone to a denial of service vulnerability. A flaw is present in the IPMI trace dissector, which does not properly consider whether a string is constant. Successful exploitation allows remote attackers to cause a denial of service (use-a ...

oval:org.secpod.oval:def:36975
The host is installed with Wireshark 2.0.x before 2.0.6 and is prone to a denial of service vulnerability. A flaw is present in the Catapult DCT2000 dissector, which fails to handle a malformed packet. Successful exploitation allows remote attackers to cause a denial of service (application crash).

oval:org.secpod.oval:def:36974
The host is installed with Wireshark 2.0.x before 2.0.6 and is prone to a denial of service vulnerability. A flaw is present in the UMTS FP dissector, which does not ensure that memory is allocated for certain data structures. Successful exploitation allows remote attackers to cause a denial of serv ...

oval:org.secpod.oval:def:36973
The host is installed with Wireshark 2.0.x before 2.0.6 and is prone to a denial of service vulnerability. A flaw is present in the Catapult DCT2000 dissector, which does not restrict the number of channels. Successful exploitation allows remote attackers to cause a denial of service (buffer over-re ...

oval:org.secpod.oval:def:36972
The host is installed with Wireshark 2.0.x before 2.0.6 and is prone to a denial of service vulnerability. A flaw is present in the H.225 dissector, which calls snprintf with one of its input buffers as the output buffer. Successful exploitation allows remote attackers to cause a denial of service ( ...

oval:org.secpod.oval:def:602619
Multiple vulnerabilities were discovered in the dissectors for H.225, Catapult DCT2000, UMTS FP and IPMI, which could result in denial of service or the execution of arbitrary code.

oval:org.secpod.oval:def:36409
The host is installed with Perl on RHEL 5, 6 or 7 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploiation could allow attackers to access directories without permissions.

oval:org.secpod.oval:def:602133
It was discovered that redis, a persistent key-value database, could execute insecure Lua bytecode by way of the EVAL command. This could allow remote attackers to break out of the Lua sandbox and execute arbitrary code.

oval:org.secpod.oval:def:109335
Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing set i ...

oval:org.secpod.oval:def:109321
Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing set i ...

oval:org.secpod.oval:def:48066
The host is installed with Google Chrome before 70.0.3538.67 or Mozilla Firefox before 64, Mozilla Firefox ESR, Mozilla Thunderbird before 60.4 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation ...

oval:org.secpod.oval:def:49586
The host is installed with Google Chrome before 71.0.3578.80, Thunderbird before 60.5.1, Firefox before 65.0.1 or Firefox ESR before 60.5.1 and is prone to a use after free vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows ...

oval:org.secpod.oval:def:205146
GNOME is the default desktop environment of Red Hat Enterprise Linux. Security Fix: * libsoup: Crash in soup_cookie_jar.c:get_cookies on empty hostnames * poppler: Infinite recursion in fofi/FoFiType1C.cc:FoFiType1C::cvtGlyph function allows denial of service * libgxps: heap based buffer over read ...

oval:org.secpod.oval:def:41112
Mozilla Firefox before 54.0, Firefox ESR before 52.2 or Thunderbird before 52.2 :- A use-after-free vulnerability with the frameloader during tree reconstruction while regenerating CSS layout when attempting to use a node in the tree that no longer exists. This results in a potentially exploitable c ...

oval:org.secpod.oval:def:41113
Mozilla Firefox before 54.0, Firefox ESR before 52.2 or Thunderbird before 52.2 :- A use-after-free vulnerability when using an incorrect URL during the reloading of a docshell. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:41114
Mozilla Firefox before 54.0, Firefox ESR before 52.2 or Thunderbird before 52.2 :- A use-after-free vulnerability during video control operations when a 'track' element holds a reference to an older window if that window has been replaced in the DOM. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:41115
Mozilla Firefox before 54.0, Firefox ESR before 52.2 or Thunderbird before 52.2 :- A use-after-free vulnerability with content viewer listeners that results in a potentially exploitable crash.

oval:org.secpod.oval:def:41116
Mozilla Firefox before 54.0, Firefox ESR before 52.2 or Thunderbird before 52.2 :- A use-after-free vulnerability during specific user interactions with the input method editor (IME) in some languages due to how events are handled. This results in a potentially exploitable crash but would require sp ...

oval:org.secpod.oval:def:41118
Mozilla Firefox before 54.0, Firefox ESR before 52.2 or Thunderbird before 52.2 :- A use-after-free and use-after-scope vulnerability when logging errors from headers for XML HTTP Requests (XHR). This could result in a potentially exploitable crash.

oval:org.secpod.oval:def:41119
Mozilla Firefox before 54.0, Firefox ESR before 52.2 or Thunderbird before 52.2 :- A use-after-free vulnerability in IndexedDB when one of its objects is destroyed in memory while a method on it is still being executed. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:41120
Mozilla Firefox before 54.0, Firefox ESR before 52.2 or Thunderbird before 52.2 :- A number of security vulnerabilities in the Graphite 2 library including out-of-bounds reads, buffer overflow reads and writes, and the use of uninitialized memory. These issues were addressed in Graphite 2 version 1. ...

oval:org.secpod.oval:def:41121
Mozilla Firefox before 54.0, Firefox ESR before 52.2 or Thunderbird before 52.2 :- An out-of-bounds read vulnerability with the Opus encoder when the number of channels in an audio stream changes while the encoder is in use.

oval:org.secpod.oval:def:41127
The host is missing a critical security update according to Mozilla advisory, MFSA2017-15. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code o ...

oval:org.secpod.oval:def:41128
The host is missing a critical security update according to Mozilla advisory, MFSA2017-16. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code o ...

oval:org.secpod.oval:def:41129
The host is missing a critical security update according to Mozilla advisory, MFSA2017-17. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code o ...

oval:org.secpod.oval:def:41728
Mozilla Firefox before 55.0Firefox ESR before 52.3 or Thunderbird 52.3 :- An out-of-bounds read occurs when applying style rules to pseudo-elements, such as ::first-line, using cached style data.

oval:org.secpod.oval:def:41736
Mozilla Firefox before 55.0Firefox ESR before 52.3 or Thunderbird 52.3 :- A use-after-free vulnerability can occur when an editor DOM node is deleted prematurely during tree traversal while still bound to the document. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:41740
Mozilla Firefox before 55.0Firefox ESR before 52.3 or Thunderbird 52.3 :- When a pages content security policy (CSP) header contains a sandbox directive, other directives are ignored. This results in the incorrect enforcement of CSP.

oval:org.secpod.oval:def:41752
The host is missing a critical security update according to Mozilla advisory, MFSA2017-18. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code o ...

oval:org.secpod.oval:def:41753
The host is missing a critical security update according to Mozilla advisory, MFSA2017-19. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code o ...

oval:org.secpod.oval:def:41828
The host is missing a critical security update according to Mozilla advisory, MFSA2017-20. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code o ...

oval:org.secpod.oval:def:42278
Mozilla Firefox before 56.0, Firefox ESR before 52.4 or Thunderbird 52.4 :- A use-after-free vulnerability can occur in the Fetch API when the worker or the associated window are freed when still in use, resulting in a potentially exploitable crash.

oval:org.secpod.oval:def:42279
Mozilla Firefox before 56.0, Firefox ESR before 52.4 or Thunderbird 52.4 :- During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer. This saved data is used for later messages but in some cases, the handshake transcript can exceed the space available in the current b ...

oval:org.secpod.oval:def:42280
Mozilla Firefox before 56.0, Firefox ESR before 52.4 or Thunderbird 52.4 :- Mozilla developers and community members Christoph Diehl, Jan de Mooij, Jason Kratzer, Randell Jesup, Tom Ritter, Tyson Smith, and Sebastian Hengst reported memory safety bugs present in Firefox and Firefox ESR. Some of thes ...

oval:org.secpod.oval:def:42281
Mozilla Firefox before 56.0, Firefox ESR before 52.4 or Thunderbird 52.4 :- File downloads encoded with blob: and data: URL elements bypassed normal file download checks though the Phishing and Malware Protection feature and its block lists of suspicious sites and files. This would allow malicious s ...

oval:org.secpod.oval:def:42282
Mozilla Firefox before 56.0, Firefox ESR before 52.4 or Thunderbird 52.4 :- A use-after-free vulnerability can occur when manipulating arrays of Accessible Rich Internet Applications (ARIA) elements within containers through the DOM. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:42283
Mozilla Firefox before 56.0, Firefox ESR before 52.4 or Thunderbird 52.4 :- A use-after-free vulnerability can occur in design mode when image objects are resized if objects referenced during the resizing have been freed from memory. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:42284
Mozilla Firefox before 56.0, Firefox ESR before 52.4 or Thunderbird 52.4 :- The content security policy (CSP) sandbox directive did not create a unique origin for the document, causing it to behave as if the allow-same-origin keyword were always specified. This could allow a Cross-Site Scripting (XS ...

oval:org.secpod.oval:def:42285
Mozilla Firefox before 56.0, Firefox ESR before 52.4 or Thunderbird 52.4 :- A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content. This is due to an incorrect value being passed within the library during checks and results in a potentia ...

oval:org.secpod.oval:def:42295
The host is missing a critical security update according to Mozilla advisory, MFSA2017-21. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ...

oval:org.secpod.oval:def:42296
The host is missing a critical security update according to Mozilla advisory, MFSA2017-22. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ...

oval:org.secpod.oval:def:42422
The host is missing a critical security update according to Mozilla advisory, MFSA2017-23. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ...

oval:org.secpod.oval:def:42821
Mozilla Firefox before 57.0 or Firefox ESR before 52.5 :- A use-after-free vulnerability can occur when flushing and resizing layout because the PressShell object has been freed while still in use. This results in a potentially exploitable crash during these operations.

oval:org.secpod.oval:def:42822
Mozilla Firefox before 57.0 or Firefox ESR before 52.5 :- The Resource Timing API incorrectly revealed navigations in cross-origin iframes. This is a same-origin policy violation and could allow for data theft of URLs loaded by users.

oval:org.secpod.oval:def:42823
Mozilla Firefox before 57.0 or Firefox ESR before 52.5 :- Mozilla developers and community members Christian Holler, David Keeler, Jon Coppeard, Julien Cristau, Jan de Mooij, Jason Kratzer, Philipp, Nicholas Nethercote, Oriol Brufau, Andre Bargull, Bob Clary, Jet Villegas, Randell Jesup, Tyson Smith ...

oval:org.secpod.oval:def:42836
The host is missing a critical security update according to Mozilla advisory, MFSA2017-24. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ...

oval:org.secpod.oval:def:42837
The host is missing a critical security update according to Mozilla advisory, MFSA2017-25. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ...

oval:org.secpod.oval:def:43033
Mozilla Firefox before 57.0.1 :- When Private Browsing mode is used, it is possible for a web worker to write persistent data to IndexedDB and fingerprint a user uniquely. IndexedDB should not be available in Private Browsing mode and this stored data will persist across multiple private browsing mo ...

oval:org.secpod.oval:def:603208
It discovered that the Private Browsing mode in the Mozilla Firefox web browser allowed to fingerprint a user across multiple sessions via IndexedDB.

oval:org.secpod.oval:def:1800363
CVE-2017-7845: Buffer overflow when drawing and validating elements with ANGLE library using Direct 3D 9 CVE-2017-7843: Web worker in Private Browsing mode can write IndexedDB data Fixed In Version:¶ Firefox ESR 52.5.2

oval:org.secpod.oval:def:53207
It discovered that the Private Browsing mode in the Mozilla Firefox web browser allowed to fingerprint a user across multiple sessions via IndexedDB.

oval:org.secpod.oval:def:43035
The host is missing a critical security update according to Mozilla advisory, MFSA2017-27. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to disclose information or ...

oval:org.secpod.oval:def:1502077
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502080
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:43141
The host is missing a critical security update according to Mozilla advisory, MFSA2017-28. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to bypass security.

oval:org.secpod.oval:def:502205
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.5.1 ESR. Security Fix: * A privacy flaw was discovered in Firefox. In Private Browsing mode, a web worker could write persistent data to IndexedDB, which was not cleared when exiting and would persist across mu ...

oval:org.secpod.oval:def:43640
Mozilla Firefox before 58.0 or Firefox ESR before 52.6 or Thunderbird before 52.6 :- Mozilla developers and community members reported memory safety bugs present in Firefox, Firefox ESR and Thunderbird. Some of these bugs showed evidence of memory corruption and we presume that with enough effort th ...

oval:org.secpod.oval:def:43641
Mozilla Firefox before 58.0 or Firefox ESR before 52.6 :- A use-after-free vulnerability can occur during WebRTC connections when interacting with the DTMF timers. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:43642
Mozilla Firefox before 58.0 or Firefox ESR before 52.6 or Thunderbird before 52.6 :- An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 8 GB of RAM. This results in the use of uninitialized memory, resulting in a potentially e ...

oval:org.secpod.oval:def:43643
Mozilla Firefox before 58.0 or Firefox ESR before 52.6 or Thunderbird before 52.6 :- A use-after-free vulnerability can occur during XSL transformations when the source document for the transformation is manipulated by script content during the transformation. This results in a potentially exploitab ...

oval:org.secpod.oval:def:43644
Mozilla Firefox before 58.0 or Firefox ESR before 52.6 or Thunderbird before 52.6 :- A use-after-free vulnerability can occur when form input elements, focus, and selections are manipulated by script content. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:43645
Mozilla Firefox before 58.0 or Firefox ESR before 52.6 or Thunderbird before 52.6 :- A use-after-free vulnerability can occur when the widget listener is holding strong references to browser objects that have previously been freed, resulting in a potentially exploitable crash when these references a ...

oval:org.secpod.oval:def:43646
Mozilla Firefox before 58.0 or Firefox ESR before 52.6 or Thunderbird before 52.6 :- A use-after-free vulnerability can occur when manipulating HTML media elements with media streams, resulting in a potentially exploitable crash.

oval:org.secpod.oval:def:43647
Mozilla Firefox before 58.0 or Firefox ESR before 52.6 or Thunderbird before 52.6 :- A use-after-free vulnerability can occur during mouse event handling due to issues with multiprocess support. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:43648
Mozilla Firefox before 58.0 or Firefox ESR before 52.6 or Thunderbird before 52.6 :- A use-after-free vulnerability can occur during font face manipulation when a font face is freed while still in use, resulting in a potentially exploitable crash.

oval:org.secpod.oval:def:43649
Mozilla Firefox before 58.0 or Firefox ESR before 52.6 or Thunderbird before 52.6 :- If right-to-left text is used in the addressbar with left-to-right alignment, it is possible in some circumstances to scroll this text to spoof the displayed URL. This issue could result in the wrong URL being displ ...

oval:org.secpod.oval:def:43650
Mozilla Firefox ESR before 52.6 or Thunderbird before 52.6 :- A use-after-free vulnerability can occur while editing events in form elements on a page, resulting in a potentially exploitable crash.

oval:org.secpod.oval:def:43673
The host is missing a critical security update according to Mozilla advisory, MFSA2018-02. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ...

oval:org.secpod.oval:def:43674
The host is missing a critical security update according to Mozilla advisory, MFSA2018-03. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ...

oval:org.secpod.oval:def:43779
The host is missing a critical security update according to Mozilla advisory, MFSA2018-04. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ...

oval:org.secpod.oval:def:1502308
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:502357
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.2.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 62 and Firefox ESR 60.2 * Mozilla: Use-after-free in driver timers * Mozi ...

oval:org.secpod.oval:def:502356
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.2.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 62 and Firefox ESR 60.2 * Mozilla: Use-after-free in driver timers * Mozi ...

oval:org.secpod.oval:def:49887
The host is missing a critical security update according to Mozilla advisory, MFSA2018-29. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code.

oval:org.secpod.oval:def:49888
The host is missing a critical security update according to Mozilla advisory, MFSA2018-30. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code.

oval:org.secpod.oval:def:1600837
SingleEntryRegistry incorrect setup of deserialization filter It was discovered that the JMX component of OpenJDK failed to properly set the deserialization filter for the SingleEntryRegistry in certain cases. A remote attacker could possibly use this flaw to bypass intended deserialization restrict ...

oval:org.secpod.oval:def:1600857
DerValue unbounded memory allocation:It was discovered that the Libraries component of OpenJDK failed to sufficiently limit the amount of memory allocated when reading DER encoded input. A remote attacker could possibly use this flaw to make a Java application use an excessive amount of memory if it ...

oval:org.secpod.oval:def:204733
The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix: * Multiple flaws were found in the Hotspot and AWT components of OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java ...

oval:org.secpod.oval:def:204735
The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix: * Multiple flaws were found in the Hotspot and AWT components of OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java ...

oval:org.secpod.oval:def:204752
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix: * A flaw was found in the AWT component of OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. ...

oval:org.secpod.oval:def:204753
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix: * A flaw was found in the AWT component of OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. ...

oval:org.secpod.oval:def:1600884
Unbounded memory allocation during deserialization in NamedNodeMapImpl Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE . Supported versions that are affected are Java SE: 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerabi ...

oval:org.secpod.oval:def:1600876
Unbounded memory allocation during deserialization in Container Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE . Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerabi ...

oval:org.secpod.oval:def:204781
The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix: * OpenJDK: incorrect handling of Reference clones can lead to sandbox bypass * OpenJDK: unrestricted deserialization of data from JCEKS key stores * OpenJ ...

oval:org.secpod.oval:def:204782
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix: * OpenJDK: incorrect handling of Reference clones can lead to sandbox bypass * OpenJDK: unrestricted deserialization of data from JCEKS key stores * OpenJ ...

oval:org.secpod.oval:def:204824
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix: * OpenJDK: incorrect handling of Reference clones can lead to sandbox bypass * OpenJDK: unrestricted deserialization of data from JCEKS key stores * OpenJ ...

oval:org.secpod.oval:def:204829
The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix: * OpenJDK: incorrect handling of Reference clones can lead to sandbox bypass * OpenJDK: unrestricted deserialization of data from JCEKS key stores * OpenJ ...

oval:org.secpod.oval:def:43222
The host is installed with Wireshark 2.4.0 to 2.4.2 or 2.2.0 to 2.2.10 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to properly handle the NetBIOS dissector issue. Successful exploitation allows attackers to cause an application crash.

oval:org.secpod.oval:def:43556
The host is installed with Wireshark 2.4.0 to 2.4.3 or 2.2.0 to 2.2.11 and is prone to multiple denial of service vulnerabilities. The flaws are present in the application, which fails to properly handle the JSON, XML, NTP, XMPP, and GDB dissector issues. Successful exploitation allows attackers to ...

oval:org.secpod.oval:def:603254
It was discovered that wireshark, a network protocol analyzer, contained several vulnerabilities in the dissectors/file parsers for IxVeriWave, WCP, JSON, XML, NTP, XMPP and GDB, which could result in denial of dervice or the execution of arbitrary code.

oval:org.secpod.oval:def:1800315
CVE-2017-17997: MRDISC dissector crash Affected versions: 2.2.0 to 2.2.11Fixed versions: 2.2.12

oval:org.secpod.oval:def:53240
It was discovered that wireshark, a network protocol analyzer, contained several vulnerabilities in the dissectors/file parsers for IxVeriWave, WCP, JSON, XML, NTP, XMPP and GDB, which could result in denial of dervice or the execution of arbitrary code.

oval:org.secpod.oval:def:43557
The host is installed with Wireshark 2.4.0 to 2.4.3 or 2.2.0 to 2.2.11 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to properly handle the WCP dissector issue. Successful exploitation allows attackers to cause an application crash.

oval:org.secpod.oval:def:43558
The host is installed with Wireshark 2.4.0 to 2.4.3 or 2.2.0 to 2.2.11 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to properly handle exceptional conditions. Successful exploitation allows attackers to cause an application crash.

oval:org.secpod.oval:def:44403
The host is installed with Wireshark 2.4.0 to 2.4.4 or 2.2.0 to 2.2.12 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to properly handle the IEEE 802.11 dissector issue. Successful exploitation allows attackers to cause an application crash.

oval:org.secpod.oval:def:44426
The host is installed with Wireshark 2.4.0 to 2.4.4 or 2.2.0 to 2.2.12 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to properly handle the IEEE 802.11 dissector issue. Successful exploitation allows attackers to cause an application crash.

oval:org.secpod.oval:def:44404
The host is installed with Wireshark 2.4.0 to 2.4.4 or 2.2.0 to 2.2.12 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to properly handle the UMTS MAC dissector issue. Successful exploitation allows attackers to cause an application crash.

oval:org.secpod.oval:def:44427
The host is installed with Wireshark 2.4.0 to 2.4.4 or 2.2.0 to 2.2.12 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to properly handle the UMTS MAC dissector issue. Successful exploitation allows attackers to cause an application crash.

oval:org.secpod.oval:def:44418
The host is installed with Wireshark 2.4.0 to 2.4.4 or 2.2.0 to 2.2.12 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to properly handle the SIGCOMP dissector issue. Successful exploitation allows attackers to cause an application crash.

oval:org.secpod.oval:def:44441
The host is installed with Wireshark 2.4.0 to 2.4.4 or 2.2.0 to 2.2.12 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to properly handle the SIGCOMP dissector issue. Successful exploitation allows attackers to cause an application crash.

oval:org.secpod.oval:def:44421
The host is installed with Wireshark 2.4.0 to 2.4.4 or 2.2.0 to 2.2.12 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to properly handle the NBAP dissector issue. Successful exploitation allows attackers to cause an application crash.

oval:org.secpod.oval:def:44444
The host is installed with Wireshark 2.4.0 to 2.4.4 or 2.2.0 to 2.2.12 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to properly handle the NBAP dissector issue. Successful exploitation allows attackers to cause an application crash.

oval:org.secpod.oval:def:44874
The host is installed with Wireshark 2.4.0 to 2.4.5 or 2.2.0 to 2.2.13 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to properly handle the NBAP dissector issue. Successful exploitation allows attackers to cause an application crash.

oval:org.secpod.oval:def:44893
The host is installed with Wireshark 2.4.0 to 2.4.5 or 2.2.0 to 2.2.13 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to properly handle the NBAP dissector issue. Successful exploitation allows attackers to cause an application crash.

oval:org.secpod.oval:def:44877
The host is installed with Wireshark 2.4.0 to 2.4.5 or 2.2.0 to 2.2.13 and is prone to heap-based buffer overflow vulnerability. A flaw is present in the application, which fails to properly handle the ADB dissector issue. Successful exploitation allows attackers to cause an application crash.

oval:org.secpod.oval:def:44896
The host is installed with Wireshark 2.4.0 to 2.4.5 or 2.2.0 to 2.2.13 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to properly handle the ADB dissector issue. Successful exploitation allows attackers to cause an application crash with a heap-bas ...

oval:org.secpod.oval:def:44886
The host is installed with Wireshark 2.4.0 to 2.4.5 or 2.2.0 to 2.2.13 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle the epan/dissectors/packet-pcp.c issue. Successful exploitation allows attackers to cause a memory leak.

oval:org.secpod.oval:def:44905
The host is installed with Wireshark 2.4.0 to 2.4.5 or 2.2.0 to 2.2.13 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle the epan/dissectors/packet-pcp.c issue. Successful exploitation allows attackers to cause a memory leak.

oval:org.secpod.oval:def:45711
The host is installed with Wireshark 2.6.0, 2.4.0 to 2.4.6 or 2.2.0 to 2.2.14 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to properly handle the LWAPP dissector issue. Successful exploitation allows attackers to cause an application crash.

oval:org.secpod.oval:def:45725
The host is installed with Wireshark 2.6.0, 2.4.0 to 2.4.6 or 2.2.0 to 2.2.14 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to properly handle the LWAPP dissector issue. Successful exploitation allows attackers to cause an application crash.

oval:org.secpod.oval:def:45713
The host is installed with Wireshark 2.6.0, 2.4.0 to 2.4.6 or 2.2.0 to 2.2.14 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to properly handle the GSM A DTAP dissector issue. Successful exploitation allows attackers to cause an application crash.

oval:org.secpod.oval:def:45727
The host is installed with Wireshark 2.6.0, 2.4.0 to 2.4.6 or 2.2.0 to 2.2.14 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to properly handle the GSM A DTAP dissector issue. Successful exploitation allows attackers to cause an application crash.

oval:org.secpod.oval:def:603417
It was discovered that Wireshark, a network protocol analyzer, contained several vulnerabilities in the dissectors for PCP, ADB, NBAP, UMTS MAC, IEEE 802.11, SIGCOMP, LDSS, GSM A DTAP and Q.931, which result in denial of service or the execution of arbitrary code.

oval:org.secpod.oval:def:45715
The host is installed with Wireshark 2.6.0, 2.4.0 to 2.4.6 or 2.2.0 to 2.2.14 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to properly handle the Q.931 dissector issue. Successful exploitation allows attackers to cause an application crash.

oval:org.secpod.oval:def:53343
It was discovered that Wireshark, a network protocol analyzer, contained several vulnerabilities in the dissectors for PCP, ADB, NBAP, UMTS MAC, IEEE 802.11, SIGCOMP, LDSS, GSM A DTAP and Q.931, which result in denial of service or the execution of arbitrary code.

oval:org.secpod.oval:def:45729
The host is installed with Wireshark 2.6.0, 2.4.0 to 2.4.6 or 2.2.0 to 2.2.14 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to properly handle the Q.931 dissector issue. Successful exploitation allows attackers to cause an application crash.

oval:org.secpod.oval:def:114580
Metapackage with installs wireshark-cli and wireshark-qt.

oval:org.secpod.oval:def:114200
Metapackage with installs wireshark-cli and wireshark-qt.

oval:org.secpod.oval:def:114876
Metapackage with installs wireshark-cli and wireshark-qt.

oval:org.secpod.oval:def:114600
Metapackage with installs wireshark-cli and wireshark-qt.

oval:org.secpod.oval:def:603587
Multiple security issues were found in PHP, a widely-used open source general purpose scripting language: The EXIF module was susceptible to denial of service/information disclosure when parsing malformed images, the Apache module allowed cross-site-scripting via the body of a Transfer-Encoding: chu ...

oval:org.secpod.oval:def:115125
PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ...

oval:org.secpod.oval:def:115128
PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ...

oval:org.secpod.oval:def:1600037
The rwm overlay in OpenLDAP 2.4.23, 2.4.36, and earlier does not properly count references, which allows remote attackers to cause a denial of service by unbinding immediately after a search request, which triggers rwm_conn_destroy to free the session context while it is being used by rwm_op_search ...

oval:org.secpod.oval:def:52490
openldap: OpenLDAP utilities OpenLDAP could be made to crash if it received specially crafted network traffic.

oval:org.secpod.oval:def:501184
OpenLDAP is an open source suite of Lightweight Directory Access Protocol applications and development tools. LDAP is a set of protocols used to access and maintain distributed directory information services over an IP network. The openldap package contains configuration files, libraries, and docum ...

oval:org.secpod.oval:def:501191
OpenLDAP is an open source suite of Lightweight Directory Access Protocol applications and development tools. LDAP is a set of protocols used to access and maintain distributed directory information services over an IP network. The openldap package contains configuration files, libraries, and docum ...

oval:org.secpod.oval:def:203038
OpenLDAP is an open source suite of Lightweight Directory Access Protocol applications and development tools. LDAP is a set of protocols used to access and maintain distributed directory information services over an IP network. The openldap package contains configuration files, libraries, and docum ...

oval:org.secpod.oval:def:203017
OpenLDAP is an open source suite of Lightweight Directory Access Protocol applications and development tools. LDAP is a set of protocols used to access and maintain distributed directory information services over an IP network. The openldap package contains configuration files, libraries, and docum ...

oval:org.secpod.oval:def:1300279
A vulnerability has been discovered and corrected in openldap: The rwm overlay in OpenLDAP 2.4.23, 2.4.36, and earlier does not properly count references, which allows remote attackers to cause a denial of service by unbinding immediately after a search request, which triggers rwm_conn_destroy to f ...

oval:org.secpod.oval:def:602021
Multiple vulnerabilities were found in OpenLDAP, a free implementation of the Lightweight Directory Access Protocol. CVE-2013-4449 Michael Vishchers from Seven Principles AG discovered a denial of service vulnerability in slapd, the directory server implementation. When the server is configured to u ...

oval:org.secpod.oval:def:106379
OpenLDAP is an open source suite of LDAP applications and development tools. LDAP is a set of protocols for accessing directory services over the Internet, similar to the way DNS information is propagated over the Internet. The openldap package contains configuration files, libraries, and documen ...

oval:org.secpod.oval:def:106491
OpenLDAP is an open source suite of LDAP applications and development tools. LDAP is a set of protocols for accessing directory services over the Internet, similar to the way DNS information is propagated over the Internet. The openldap package contains configuration files, libraries, and documen ...

oval:org.secpod.oval:def:702573
openldap: OpenLDAP utilities OpenLDAP could be made to crash if it received specially crafted network traffic.

oval:org.secpod.oval:def:1500368
Updated openldap packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, ...

oval:org.secpod.oval:def:1500388
Updated openldap packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available ...

oval:org.secpod.oval:def:52480
qemu: Machine emulator and virtualizer - qemu-kvm: Machine emulator and virtualizer Several security issues were fixed in QEMU.

oval:org.secpod.oval:def:52459
mysql-5.5: MySQL database Several security issues were fixed in MySQL.

oval:org.secpod.oval:def:1501135
MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory p ...

oval:org.secpod.oval:def:25795
qemu: Machine emulator and virtualizer - qemu-kvm: Machine emulator and virtualizer Several security issues were fixed in QEMU.

oval:org.secpod.oval:def:703321
linux: Linux kernel The system could be made to run programs as an administrator.

oval:org.secpod.oval:def:703320
linux: Linux kernel The system could be made to run programs as an administrator.

oval:org.secpod.oval:def:703325
linux-raspi2: Linux kernel for Raspberry Pi 2 The system could be made to run programs as an administrator.

oval:org.secpod.oval:def:703315
linux: Linux kernel The system could be made to run programs as an administrator.

oval:org.secpod.oval:def:703314
linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty The system could be made to run programs as an administrator.

oval:org.secpod.oval:def:703319
linux-lts-trusty: Linux hardware enablement kernel from Trusty for Precise The system could be made to run programs as an administrator.

oval:org.secpod.oval:def:703317
linux-ti-omap4: Linux kernel for OMAP4 The system could be made to run programs as an administrator.

oval:org.secpod.oval:def:204456
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.8.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:204440
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.7.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:204465
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.8.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ...

oval:org.secpod.oval:def:24536
The host is installed with MySQL 5.1.73 and earlier on Red Hat Enterprise Linux 6, MySQL 5.0.95 and earlier on Red Hat Enterprise Linux 5, mariadb 5.5.41 and earlier on Red Hat Enterprise Linux 7 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handl ...

oval:org.secpod.oval:def:24539
The host is installed with MySQL 5.1.73 and earlier on Red Hat Enterprise Linux 6, MySQL 5.0.95 and earlier on Red Hat Enterprise Linux 5, mariadb 5.5.41 and earlier on Red Hat Enterprise Linux 7 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handl ...

oval:org.secpod.oval:def:24540
The host is installed with MySQL 5.1.73 and earlier on Red Hat Enterprise Linux 6, MySQL 5.0.95 and earlier on Red Hat Enterprise Linux 5, mariadb 5.5.41 and earlier on Red Hat Enterprise Linux 7 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handl ...

oval:org.secpod.oval:def:24541
The host is installed with MySQL 5.1.73 and earlier on Red Hat Enterprise Linux 6, MySQL 5.0.95 and earlier on Red Hat Enterprise Linux 5, mariadb 5.5.41 and earlier on Red Hat Enterprise Linux 7 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handl ...

oval:org.secpod.oval:def:24542
The host is installed with MySQL 5.1.73 and earlier on Red Hat Enterprise Linux 6, MySQL 5.0.95 and earlier on Red Hat Enterprise Linux 5, mariadb 5.5.41 and earlier on Red Hat Enterprise Linux 7 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handl ...

oval:org.secpod.oval:def:24543
The host is installed with MySQL 5.1.73 and earlier on Red Hat Enterprise Linux 6, MySQL 5.0.95 and earlier on Red Hat Enterprise Linux 5, mariadb 5.5.41 and earlier on Red Hat Enterprise Linux 7 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handl ...

oval:org.secpod.oval:def:108686
This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor

oval:org.secpod.oval:def:108681
This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor

oval:org.secpod.oval:def:108696
QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system , including a processor and various peripherials. It can be used to launch differe ...

oval:org.secpod.oval:def:203691
MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory p ...

oval:org.secpod.oval:def:204104
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.7.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ...

oval:org.secpod.oval:def:602050
Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.43

oval:org.secpod.oval:def:602088
Several vulnerabilities were discovered in the qemu virtualisation solution: CVE-2014-9718 It was discovered that the IDE controller emulation is susceptible to denial of service. CVE-2015-1779 Daniel P. Berrange discovered a denial of service vulnerability in the VNC web socket decoder. CVE-2015-27 ...

oval:org.secpod.oval:def:115569
Chromium is an open-source web browser, powered by WebKit .

oval:org.secpod.oval:def:1501202
KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. It was found that the QEMU"s websocket frame decoder processed incoming frames without limiting resources used to process the ...

oval:org.secpod.oval:def:25185
The host is installed with kernel on Red Hat Enterprise Linux 6 or 7 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to properly handle fork(2) and close(2) system calls with an 'int80' entry. Successful exploitation could allow attackers to es ...

oval:org.secpod.oval:def:115524
Chromium is an open-source web browser, powered by WebKit .

oval:org.secpod.oval:def:603561
Several vulnerabilities have been discovered in the chromium web browser. CVE-2018-5179 Yannic Boneberger discovered an error in the ServiceWorker implementation. CVE-2018-17462 Ned Williamson and Niklas Baumstark discovered a way to escape the sandbox. CVE-2018-17463 Ned Williamson and Niklas Baums ...

oval:org.secpod.oval:def:1800190
CVE-2016-4962, XSA-175: Unsanitised guest input in libxl device handling code. CVE-2016-4480, XSA-176: x86 software guest page walk PS bit handling flaw. CVE-2016-4963, XSA-178: Unsanitised driver domain input in libxl device handling. CVE-2016-3710 CVE-2016-3712, XSA-179: QEMU: Banked access to VGA ...

oval:org.secpod.oval:def:501670
KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. It was found that the QEMU"s websocket frame decoder processed incoming frames without limiting resources used to process the ...

oval:org.secpod.oval:def:109402
This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor

oval:org.secpod.oval:def:501630
MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory p ...

oval:org.secpod.oval:def:204056
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.6.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:204048
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.5.0 Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute ar ...

oval:org.secpod.oval:def:204090
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.7.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:204096
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.5.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:204061
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.6.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ...

oval:org.secpod.oval:def:703098
openssh: secure shell for secure access to remote machines Several security issues were fixed in OpenSSH.

oval:org.secpod.oval:def:602427
Multiple security issues have been found in the Xen virtualisation solution, which may result in denial of service or information disclosure. The oldstable distribution will be updated in a separate DSA.

oval:org.secpod.oval:def:110561
QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system , including a processor and various peripherials. It can be used to launch differe ...

oval:org.secpod.oval:def:110577
This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor

oval:org.secpod.oval:def:110542
This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor

oval:org.secpod.oval:def:26757
The host is installed with Oracle MySQL 5.5.x through 5.5.42 or MySQL 5.6.x through 5.6.23 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to properly handle vectors related to Server : Compiling. Successful exploitation allows remote authenticated use ...

oval:org.secpod.oval:def:26759
The host is installed with Oracle MySQL 5.5.x through 5.5.42 or MySQL 5.6.x through 5.6.23 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to properly handle vectors related to Server : Optimizer. Successful exploitation allows remote authenticated use ...

oval:org.secpod.oval:def:26747
The host is installed with Oracle MySQL 5.5.x through 5.5.41 or MySQL 5.6.x through 5.6.22 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to properly handle vectors related to InnoDB : DML. Successful exploitation allows remote authenticated users to ...

oval:org.secpod.oval:def:26749
The host is installed with Oracle MySQL 5.5.x through 5.5.41 or MySQL 5.6.x through 5.6.22 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to properly handle unknown vectors related to Server : Security : Privileges. Successful exploitation allows remo ...

oval:org.secpod.oval:def:26748
The host is installed with Oracle MySQL 5.5.x through 5.5.41 or MySQL 5.6.x through 5.6.22 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to properly handle unknown vectors related to Server : Security : Encryption. Successful exploitation allows remo ...

oval:org.secpod.oval:def:26756
The host is installed with Oracle MySQL 5.5.x through 5.5.42 or MySQL 5.6.x through 5.6.23 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to properly handle vectors related to Server : Federated. Successful exploitation allows remote authenticated use ...

oval:org.secpod.oval:def:1800216
CVE-2017-5373: Memory safety bugs fixed in Firefox 51 and Firefox ESR 45.7 CVE-2017-5375: Excessive JIT code allocation allows bypass of ASLR and DEP CVE-2017-5376: Use-after-free in XSL CVE-2017-5378: Pointer and frame data leakage of Javascript objects CVE-2017-5380: Potential use-after-free durin ...

oval:org.secpod.oval:def:110505
QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system , including a processor and various peripherials. It can be used to launch differe ...

oval:org.secpod.oval:def:702557
qemu: Machine emulator and virtualizer - qemu-kvm: Machine emulator and virtualizer Several security issues were fixed in QEMU.

oval:org.secpod.oval:def:702516
mysql-5.5: MySQL database Several security issues were fixed in MySQL.

oval:org.secpod.oval:def:1800751
CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP CVE-2017-5401: Memory Corruption when handling ErrorResult CVE-2017-5402: Use-after-free working with events in FontFace objects CVE-2017-5404: Use-after-free working with ranges in selections CVE-2017-5407: Pixel and history stealing via floati ...

oval:org.secpod.oval:def:1800704
CVE-2017-5373: Memory safety bugs fixed in Firefox 51 and Firefox ESR 45.7 CVE-2017-5375: Excessive JIT code allocation allows bypass of ASLR and DEP CVE-2017-5376: Use-after-free in XSL CVE-2017-5378: Pointer and frame data leakage of Javascript objects CVE-2017-5380: Potential use-after-free durin ...

oval:org.secpod.oval:def:109186
This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor

oval:org.secpod.oval:def:109208
QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system , including a processor and various peripherials. It can be used to launch differe ...

oval:org.secpod.oval:def:109225
This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor

oval:org.secpod.oval:def:602467
Shayan Sadigh discovered a vulnerability in OpenSSH: If PAM support is enabled and the sshd PAM configuration is configured to read user- specified environment variables and the "UseLogin" option is enabled, a local user may escalate her privileges to root. In Debian "UseLogin" i ...

oval:org.secpod.oval:def:109222
This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor

oval:org.secpod.oval:def:400672
qemu was updated to fix 37 security issues. These security issues were fixed: - CVE-2016-4439: Avoid OOB access in 53C9X emulation - CVE-2016-4441: Avoid OOB access in 53C9X emulation - CVE-2016-4952: Avoid OOB access in Vmware PV SCSI emulation - CVE-2015-8817: Avoid OOB access in PCI DMA I/O - ...

oval:org.secpod.oval:def:108802
This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor

oval:org.secpod.oval:def:108817
This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor

oval:org.secpod.oval:def:602606
It was reported that the update for flex as released in DSA-3653-1 did not completely address CVE-2016-6354 as intended due to problems in the patch handling and regenerated files during the build. Additionally a regression was introduced, causing new warnings when compiling flex generated code. Upd ...

oval:org.secpod.oval:def:602596
Alexander Sulfrian discovered a buffer overflow in the yy_get_next_buffer function generated by Flex, which may result in denial of service and potentially the execution of code if operating on data from untrusted sources. Affected applications need to be rebuild. bogofilter will be rebuild against ...

oval:org.secpod.oval:def:109311
This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor

oval:org.secpod.oval:def:501995
OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fix: * It was discovered that the OpenSSH sshd daemon fetched PAM environment settings before running t ...

oval:org.secpod.oval:def:108883
This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor

oval:org.secpod.oval:def:108879
This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor

oval:org.secpod.oval:def:108863
QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system , including a processor and various peripherials. It can be used to launch differe ...

oval:org.secpod.oval:def:1600909
The defaults settings for the CORS filter provided in Apache Tomcat are insecure and enable 'supportsCredentials' for all origins. It is expected that users of the CORS filter will have configured it appropriately for their environment rather than using it in the default configuration. The ...

oval:org.secpod.oval:def:116193
Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory e ...

oval:org.secpod.oval:def:1600945
When the default servlet in Apache Tomcat versions 7.0.23 to 7.0.90 returned a redirect to a directory a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice.

oval:org.secpod.oval:def:1600906
The defaults settings for the CORS filter provided in Apache Tomcat are insecure and enable 'supportsCredentials' for all origins. It is expected that users of the CORS filter will have configured it appropriately for their environment rather than using it in the default configuration. The ...

oval:org.secpod.oval:def:204892
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Security Fix: * tomcat: A bug in the UTF-8 decoder can lead to DoS For more details about the security issue, including the impact, a CVSS score, and other related information, refer to the CVE page listed ...

oval:org.secpod.oval:def:1800937
CVE-2018-7536: Denial-of-service possibility in urlize and urlizetrunc template filters¶ The django.utils.html.urlize function was extremely slow to evaluate certain inputs due to catastrophic backtracking vulnerabilities in two regular expressions . The urlize function is used to implement the ...

oval:org.secpod.oval:def:1800938
CVE-2018-7536: Denial-of-service possibility in urlize and urlizetrunc template filters¶ The django.utils.html.urlize function was extremely slow to evaluate certain inputs due to catastrophic backtracking vulnerabilities in two regular expressions . The urlize function is used to implement the ...

oval:org.secpod.oval:def:1800944
CVE-2018-7536: Denial-of-service possibility in urlize and urlizetrunc template filters¶ The django.utils.html.urlize function was extremely slow to evaluate certain inputs due to catastrophic backtracking vulnerabilities in two regular expressions . The urlize function is used to implement the ...

oval:org.secpod.oval:def:1800952
CVE-2018-7536: Denial-of-service possibility in urlize and urlizetrunc template filters¶ The django.utils.html.urlize function was extremely slow to evaluate certain inputs due to catastrophic backtracking vulnerabilities in two regular expressions . The urlize function is used to implement the ...

oval:org.secpod.oval:def:602436
Multiple security vulnerabilities have been fixed in the Tomcat servlet and JSP engine, which may result on bypass of security manager restrictions, information disclosure, denial of service or session fixation.

oval:org.secpod.oval:def:400782
This update for tomcat fixes the following issues: Tomcat 8 was updated from 8.0.23 to 8.0.32, to fix bugs and security issues. Fixed security issues: * CVE-2015-5174: Directory traversal vulnerability in RequestUtil.java in Apache Tomcat allowed remote authenticated users to bypass intended Securit ...

oval:org.secpod.oval:def:1600343
A directory traversal vulnerability in RequestUtil.java was discovered which allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths cal ...

oval:org.secpod.oval:def:1600336
ResourceLinkFactory.setGlobalContext is a public method and was discovered to be accessible by web applications running under a security manager without any checks. This allowed a malicious web application to inject a malicious global context that could in turn be used to disrupt other web applicati ...

oval:org.secpod.oval:def:1600351
A directory traversal vulnerability in RequestUtil.java was discovered which allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths cal ...

oval:org.secpod.oval:def:1600357
ResourceLinkFactory.setGlobalContext is a public method and was discovered to be accessible by web applications running under a security manager without any checks. This allowed a malicious web application to inject a malicious global context that could in turn be used to disrupt other web applicati ...

oval:org.secpod.oval:def:1600384
A directory traversal vulnerability in RequestUtil.java was discovered which allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths cal ...

oval:org.secpod.oval:def:602469
Multiple security vulnerabilities have been discovered in the Tomcat servlet and JSP engine, which may result in information disclosure, the bypass of CSRF protections and bypass of the SecurityManager.

oval:org.secpod.oval:def:33121
The host is installed with Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31 or 9.x before 9.0.0.M3 and is prone to a security bypass vulnerability. A flaw is present in the setGlobalContext method, which does not consider whether ResourceLinkFactory.setGlobalContext callers are authorized. Success ...

oval:org.secpod.oval:def:33120
The host is installed with Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31 or 9.x before 9.0.0.M2 and is prone to a security bypass vulnerability. A flaw is present in the application, which does not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catal ...

oval:org.secpod.oval:def:33119
The host is installed with Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31 or 9.x before 9.0.0.M2 and is prone to a security bypass vulnerability. A flaw is present in the session-persistence implementation, which mishandles session attributes. Successful exploitation allows re ...

oval:org.secpod.oval:def:400638
This update for tomcat fixes the following security issues. Tomcat has been updated from 7.0.55 to 7.0.68. * CVE-2015-5174: Directory traversal vulnerability in RequestUtil.java in Apache Tomcat allowed remote authenticated users to bypass intended SecurityManager restrictions and list a parent dire ...

oval:org.secpod.oval:def:110343
Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory e ...

oval:org.secpod.oval:def:1501600
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Security Fix: * It was discovered that the Tomcat packages installed configuration file /usr/lib/tmpfiles.d/tomcat.conf writeable to the tomcat group. A member of the group or a malicious web application dep ...

oval:org.secpod.oval:def:33123
The host is installed with Apache Tomcat 7.x before 7.0.66, 8.x before 8.0.30 or 9.x before 9.0.0.M2 and is prone to a session fixation vulnerability. A flaw is present in the session-persistence implementation, which fails to handle different session settings used for deployments of multiple versio ...

oval:org.secpod.oval:def:33122
The host is installed with Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31 or 9.x before 9.0.0.M2 and is prone to a security bypass vulnerability. A flaw is present in the Manager and Host Manager applications, which establish sessions and send CSRF tokens for arbitrary new requests. Successful e ...

oval:org.secpod.oval:def:33124
The host is installed with Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.67, 8.x before 8.0.30 or 9.x before 9.0.0.M2 and is prone to an information disclosure vulnerability. A flaw is present in the Mapper component, which processes redirects before considering security constraints and Filters. S ...

oval:org.secpod.oval:def:1900023
Go before 1.10.8 and 1.11.x before 1.11.5 mishandles P-521 and P-384elliptic curves, which allows attackers to cause a denial of service or possibly conduct ECDH private key recovery attacks.

oval:org.secpod.oval:def:1900027
python3-sqlalchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter.

oval:org.secpod.oval:def:1900002
An issue was discovered in phpMyAdmin before 4.8.5. When the AllowArbitraryServer configuration setting is set to true, with the use of a rogue MySQL server, an attacker can read any file on the server that the web server"s user can access. This is related to the mysql.allow_local_in file PHP config ...

oval:org.secpod.oval:def:1900005
python3-sqlalchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled.

oval:org.secpod.oval:def:1900017
A Denial of Service issue was discovered in the LIVE555 Strealibming-dev Media libraries as used in Live555 Media Server 0.93. It can cause an RTSP Server crash in handle HTTPCmd_Tunneling POST, when RTSP-over-HTTP tunneling is supported, via x-session cookie HTTP headers in a GET request and a POST ...

oval:org.secpod.oval:def:1700145
Go mishandles P-521 and P-384 elliptic curves, which allows attackers to cause a denial of service or possibly conduct ECDH private key recovery attacks.Note: This CVE is also fixed in golang-1.11.3-2.amzn2.0.2 in the golang1.11 extras repository.

oval:org.secpod.oval:def:2001596
SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter.

oval:org.secpod.oval:def:50990
The Go Programming Language.

oval:org.secpod.oval:def:502702
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. SQLAlchemy is an Ob ...

oval:org.secpod.oval:def:2001025
SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled.

oval:org.secpod.oval:def:603621
A vulnerability was discovered in the implementation of the P-521 and P-384 elliptic curves, which could result in denial of service and in some cases key recovery. In addition this update fixes a vulnerability in go get, which could result in the execution of arbitrary shell commands.

oval:org.secpod.oval:def:115893
The Go Programming Language.

oval:org.secpod.oval:def:53504
A vulnerability was discovered in the implementation of the P-521 and P-384 elliptic curves, which could result in denial of service and in some cases key recovery. In addition this update fixes a vulnerability in "go get", which could result in the execution of arbitrary shell commands.

oval:org.secpod.oval:def:115969
Docker is an open source project to build, ship and run any application as a lightweight container. Docker containers are both hardware-agnostic and platform-agnostic. This means they can run anywhere, from your laptop to the largest EC2 compute instance and everything in between - and they don' ...

oval:org.secpod.oval:def:115671
Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of sending passwords over the network in unencrypted form.

oval:org.secpod.oval:def:2000150
Netwide Assembler before 2.13.02 has a use-after-free in detoken at asm/preproc.c.

oval:org.secpod.oval:def:2001448
The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user. This affects versions of SSSD before 1 ...

oval:org.secpod.oval:def:2000255
In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.

oval:org.secpod.oval:def:1700110
The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD utilizes too broad of a set of permissions. Any user who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user.

oval:org.secpod.oval:def:603389
Several vulnerabilities were discovered in wordpress, a web blogging tool, which could allow remote attackers to compromise a site via cross-site scripting, bypass restrictions or unsafe redirects. More information can be found in the upstream advisory at https://wordpress.org/news/2018/04/wordpress ...

oval:org.secpod.oval:def:114188
SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL database w ...

oval:org.secpod.oval:def:114201
SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL database w ...

oval:org.secpod.oval:def:603413
It was discovered that Zookeeper, a service for maintaining configuration information, enforced no authentication/authorisation when a server attempts to join a Zookeeper quorum. This update backports authentication support. Additional configuration steps are needed, please see https://cwiki.apache. ...

oval:org.secpod.oval:def:53320
Several vulnerabilities were discovered in wordpress, a web blogging tool, which could allow remote attackers to compromise a site via cross-site scripting, bypass restrictions or unsafe redirects. More information can be found in the upstream advisory at https://wordpress.org/news/2018/04/wordpress ...

oval:org.secpod.oval:def:53339
It was discovered that Zookeeper, a service for maintaining configuration information, enforced no authentication/authorisation when a server attempts to join a Zookeeper quorum. This update backports authentication support. Additional configuration steps are needed, please see https://cwiki.apache. ...

oval:org.secpod.oval:def:603573
It was discovered that a buffer overflow in liveMedia, a set of C++ libraries for multimedia streaming could result in the execution of arbitrary code when parsing a malformed RTSP stream.

oval:org.secpod.oval:def:1900111
In libjs-dojo-core Toolkit before 1.14, there is unescaped string injection in libjs-dojo-corex/Grid/DataGrid.

oval:org.secpod.oval:def:1900110
Before WordPress 4.9.5, the redirection URL for the login page was not validated or sanitized if forced to use HTTPS.

oval:org.secpod.oval:def:1900141
A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type , the attacker can crash the KDC by making an S4U2Self request.

oval:org.secpod.oval:def:1900142
An exploitable code execution vulnerability exists in the HTTPpacket-parsing functionality of the LIVE555 RTSP server library version0.92. A specially crafted packet can cause a stack-based buffer overflow,result ing in code execution. An attacker can send a packet to trigger this vulnerability.

oval:org.secpod.oval:def:1900135
Netwide Assembler before 2.13.02 has a use-after-free in detoken atasm/preproc.c.

oval:org.secpod.oval:def:1900061
In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.

oval:org.secpod.oval:def:1900057
Before WordPress 4.9.5, the version string was not escaped in the get_the_generator function, and could lead to XSS in a generator tag.

oval:org.secpod.oval:def:1900099
No authentication/authorization is enforced when a server attempts to join a quorum in Apache ZooKeeper before 3.4.10, and 3.5.0-alpha through3.5.3-beta. As a result an arbitrary end point could join the cluster and begin propagating counterfeit changes to the leader.

oval:org.secpod.oval:def:1900164
The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user. This affects versions of SSSD before1. ...

oval:org.secpod.oval:def:113871
GIMP is a powerful image composition and editing program, which can be extremely useful for creating logos and other graphics for webpages. GIMP has many of the tools and filters you would expect to find in similar commercial offerings, and some interesting extras as well. GIMP provides a large ima ...

oval:org.secpod.oval:def:2000142
The function d2ulaw_array in ulaw.c of libsndfile 1.0.29pre1 may lead to a remote DoS attack , a different vulnerability than CVE-2017-14246.

oval:org.secpod.oval:def:603176
Rod Widdowson of Steading System Software LLP discovered a coding error in the "Dynamic" metadata plugin of the Shibboleth Service Provider, causing the plugin to fail configuring itself with the filters provided and omitting whatever checks they are intended to perform.

oval:org.secpod.oval:def:603227
Several vulnerabilities were discovered in GIMP, the GNU Image Manipulation Program, which could result in denial of service or potentially the execution of arbitrary code if malformed files are opened.

oval:org.secpod.oval:def:603218
Francesco Sirocco discovered a flaw in otrs2, the Open Ticket Request System, which could result in session information disclosure when cookie support is disabled. A remote attacker can take advantage of this flaw to take over an agent"s session if the agent is tricked into clicking a link in a spec ...

oval:org.secpod.oval:def:603215
It was discovered that malformed jumbogram packets could result in denial of service against OpenAFS, an implementation of the Andrew distributed file system.

oval:org.secpod.oval:def:603216
Two vulnerabilities were discovered in the Open Ticket Request System which could result in information disclosure or the execution of arbitrary shell commands by logged-in agents.

oval:org.secpod.oval:def:53188
Rod Widdowson of Steading System Software LLP discovered a coding error in the "Dynamic" metadata plugin of the Shibboleth Service Provider, causing the plugin to fail configuring itself with the filters provided and omitting whatever checks they are intended to perform.

oval:org.secpod.oval:def:53222
Several vulnerabilities were discovered in GIMP, the GNU Image Manipulation Program, which could result in denial of service or potentially the execution of arbitrary code if malformed files are opened.

oval:org.secpod.oval:def:53212
Two vulnerabilities were discovered in the Open Ticket Request System which could result in information disclosure or the execution of arbitrary shell commands by logged-in agents.

oval:org.secpod.oval:def:53214
Francesco Sirocco discovered a flaw in otrs2, the Open Ticket Request System, which could result in session information disclosure when cookie support is disabled. A remote attacker can take advantage of this flaw to take over an agent"s session if the agent is tricked into clicking a link in a spec ...

oval:org.secpod.oval:def:704197
gimp: The GNU Image Manipulation Program Several security issues were fixed in GIMP.

oval:org.secpod.oval:def:1900325
In the trapper functionality of zabbix-agent Server 2.4.x, specifically crafted trapper packets can pass database logic checks, result ing in database writes. An attacker can set up a Man-in-the-Middle server to alter trapper requests made between an active zabbix-agent proxy and Server to trigger t ...

oval:org.secpod.oval:def:1900307
The function d2ulaw_array in ulaw.c of libsndfile1 1.0.29pre1 may lead to a remote DoS attack , a different vulnerability than CVE-2017-14246.

oval:org.secpod.oval:def:1900309
libopenafs-dev 1.x before 1.6.22 does not properly validate Rx ack packets, which allows remote attackers to cause a denial of service via crafted fields, as demonstrated by an integer underflow and assertion failure for a small MTU value.

oval:org.secpod.oval:def:1900318
Open Ticket Request System 4.0.x before 4.0.28, 5.0.x before 5.0.26,and 6.0.x before 6.0.3, when cookie support is disabled, might allow remote attackers to hijack web sessions and consequently gain privileges via a crafted email.

oval:org.secpod.oval:def:52939
gimp: The GNU Image Manipulation Program Several security issues were fixed in GIMP.

oval:org.secpod.oval:def:1900280
shibsp/metadata/DynamicMetadataProvider.cpp in the Dynamic Metadata Provider plugin in Shibboleth Service Provider before 2.6.1 fails to properly configure itself with the Metadata Filter plugins and does not perform critical security checks such as signature verification, enforcement of validity pe ...

oval:org.secpod.oval:def:1900281
In OTRS 6.0.x up to and including 6.0.1, OTRS 5.0.x up to and including5.0.24, and OTRS 4.0.x up to and including 4.0.26, an attacker who is logged into OTRS as an agent can manipulate form parameters and execute arbitrary shell commands with the permissions of the OTRS or web server user.

oval:org.secpod.oval:def:1900295
Code injection exists in Kernel/System/Spelling.pm in Open Ticket Request System 5 before 5.0.24, 4 before 4.0.26, and 3.3 before 3.3.20. In the agent interface, an authenticated remote attacker can execute shell commands as the webserver user via URL manipulation.

oval:org.secpod.oval:def:114056
GIMP is a powerful image composition and editing program, which can be extremely useful for creating logos and other graphics for webpages. GIMP has many of the tools and filters you would expect to find in similar commercial offerings, and some interesting extras as well. GIMP provides a large ima ...

oval:org.secpod.oval:def:603040
Lilith Wyatt discovered two vulnerabilities in the Zabbix network monitoring system which may result in execution of arbitrary code or database writes by malicious proxies.

oval:org.secpod.oval:def:114354
Equipped with a powerful blend of features, Drupal is a Content Management System written in PHP that can support a variety of websites ranging from personal weblogs to large community-driven websites. Drupal is highly configurable, skinnable, and secure.

oval:org.secpod.oval:def:1800518
Incorrect SASL authentication in the CharybdisIRC server may lead to users impersonating other users. Fixed in version 3.5.3 Reference Patch

oval:org.secpod.oval:def:1800524
Private files that have been uploaded by an anonymous user but not permanently attached to content on the site should only be visible to the anonymous user that uploaded them, rather than all anonymous users. Drupal core did not previously provide this protection, allowing an access bypass vulnerabi ...

oval:org.secpod.oval:def:114348
Equipped with a powerful blend of features, Drupal is a Content Management System written in PHP that can support a variety of websites ranging from personal weblogs to large community-driven websites. Drupal is highly configurable, skinnable, and secure.

oval:org.secpod.oval:def:602749
Multiple vulnerabilities in OpenJPEG, a JPEG 2000 image compression / decompression library, may result in denial of service or the execution of arbitrary code if a malformed JPEG 2000 file is processed.

oval:org.secpod.oval:def:112561
Equipped with a powerful blend of features, Drupal is a Content Management System written in PHP that can support a variety of websites ranging from personal weblogs to large community-driven websites. Drupal is highly configurable, skinnable, and secure.

oval:org.secpod.oval:def:112552
Equipped with a powerful blend of features, Drupal is a Content Management System written in PHP that can support a variety of websites ranging from personal weblogs to large community-driven websites. Drupal is highly configurable, skinnable, and secure.

oval:org.secpod.oval:def:603239
Several vulnerabilities were discovered in Wordpress, a web blogging tool. They allowed remote attackers to perform SQL injections and various Cross-Side Scripting and Server-Side Request Forgery attacks, as well as bypass some access restrictions.

oval:org.secpod.oval:def:53079
Two vulnerabilities were discovered in Drupal, a fully-featured content management framework. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2015-7943 Samuel Mortenson and Pere Orga discovered that the overlay module does not sufficiently validate URLs prior to ...

oval:org.secpod.oval:def:602949
Two vulnerabilities were discovered in Drupal, a fully-featured content management framework. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2015-7943 Samuel Mortenson and Pere Orga discovered that the overlay module does not sufficiently validate URLs prior to ...

oval:org.secpod.oval:def:1900504
The m_sasl module in InspIRCd before 2.0.23, when used with a service that supports SASL_EXTERNAL authentication, allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted SASL message.

oval:org.secpod.oval:def:1900509
The oarsh script in OAR before 2.5.7 allows remote authenticated users of acluster to obtain sensitive information and possibly gain privileges via vectors related to Opelibnss3-devH options.

oval:org.secpod.oval:def:1900521
The m_authenticate function in modules/m_sasl.c in Charybdis before 3.5.3allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted AUTHENTICATE parameter.

oval:org.secpod.oval:def:1800374
Incorrect SASL authentication in the CharybdisIRC server may lead to users impersonating other users. Fixed In Version: 3.5.3.

oval:org.secpod.oval:def:53230
Several vulnerabilities were discovered in Wordpress, a web blogging tool. They allowed remote attackers to perform SQL injections and various Cross-Side Scripting and Server-Side Request Forgery attacks, as well as bypass some access restrictions.

oval:org.secpod.oval:def:1800430
Private files that have been uploaded by an anonymous user but not permanently attached to content on the site should only be visible to the anonymous user that uploaded them, rather than all anonymous users. Drupal core did not previously provide this protection, allowing an access bypass vulnerabi ...

oval:org.secpod.oval:def:1900387
Drupal core 7.x versions before 7.57 when using Drupal"s private filesystem, Drupal will check to make sure a user has access to a file before allowing the user to view or download it. This check fails under certain conditions in which one module is trying to grant access to the file and another is ...

oval:org.secpod.oval:def:1900376
In Drupal core 8.x prior to 8.3.4 and Drupal core 7.x prior to 7.56;Private files that have been uploaded by an anonymous user but not permanently attached to content on the site should only be visible to the anonymous user that uploaded them, rather than all anonymous users. Drupalcore did not prev ...

oval:org.secpod.oval:def:1900451
In WordPress before 4.7.5, there is insufficient redirect validation in the HTTP class, leading to SSRF.

oval:org.secpod.oval:def:602460
Emmanuel Thome discovered that missing sanitising in the oarsh command of OAR, a software used to manage jobs and resources of HPC clusters, could result in privilege escalation.

oval:org.secpod.oval:def:602610
It was discovered that incorrect SASL authentication in the Inspircd IRC server may lead to users impersonating other users.

oval:org.secpod.oval:def:602607
It was discovered that incorrect SASL authentication in the Charybdis IRC server may lead to users impersonating other users.

oval:org.secpod.oval:def:502008
OpenJPEG is an open source library for reading and writing image files in JPEG2000 format. Security Fix: * Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in OpenJPEG. A specially crafted JPEG2000 image could cause an application using OpenJPEG to crash or, potent ...

oval:org.secpod.oval:def:603678
Several vulnerabilities were discovered in Wordpress, a web blogging tool. They allowed remote attackers to perform various Cross-Side Scripting and PHP injections attacks, delete files, leak potentially sensitive data, create posts of unauthorized types, or cause denial-of-service by application c ...

oval:org.secpod.oval:def:53528
Several vulnerabilities were discovered in Wordpress, a web blogging tool. They allowed remote attackers to perform various Cross-Side Scripting and PHP injections attacks, delete files, leak potentially sensitive data, create posts of unauthorized types, or cause denial-of-service by application c ...

oval:org.secpod.oval:def:1501801
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:115642
PHP framework for web projects

oval:org.secpod.oval:def:115638
Symfony PHP framework . NOTE: Does not require PHPUnit bridge.

oval:org.secpod.oval:def:115637
Symfony PHP framework . NOTE: Does not require PHPUnit bridge.

oval:org.secpod.oval:def:113897
Gifsicle is a command-line tool for creating, editing, and getting information about GIF images and animations. Some more gifsicle features: * Batch mode for changing GIFs in place. * Prints detailed information about GIFs, including comments. * Control over interlacing, comments, looping, transpare ...

oval:org.secpod.oval:def:2000265
In ng_pkt in transports/smart_pkt.c in libgit2 before 0.26.6 and 0.27.x before 0.27.4, a remote attacker can send a crafted smart-protocol "ng" packet that lacks a "\0" byte to trigger an out-of-bounds read that leads to DoS.

oval:org.secpod.oval:def:603238
It was discovered that gifsicle, a tool for manipulating GIF image files, contained a flaw that could lead to arbitrary code execution.

oval:org.secpod.oval:def:1901001
The newEntry function in ptserver/ptprocs.c in OpenAFS before 1.6.17 allows remote authenticated users from foreign Kerberos realms to bypass intended access restrictions and create arbitrary groups as administrators by leveraging mishandling of the creator ID.

oval:org.secpod.oval:def:53229
It was discovered that gifsicle, a tool for manipulating GIF image files, contained a flaw that could lead to arbitrary code execution.

oval:org.secpod.oval:def:603514
Several heap buffer overflows were found in discount, an implementation of the Markdown markup language, that could be triggered witth specially crafted Markdown data and would cause discount to read past the end of internal buffers.

oval:org.secpod.oval:def:1901050
An issue was discovered in the Security component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. A session fixation vulnerability within the "Guard" login feature may allow an attacker to impersonate a victim towards the web ap ...

oval:org.secpod.oval:def:53416
Several heap buffer overflows were found in discount, an implementation of the Markdown markup language, that could be triggered witth specially crafted Markdown data and would cause discount to read past the end of internal buffers.

oval:org.secpod.oval:def:1900997
Gifsicle gifview 1.89 and older is vulnerable to a use-after-free in the read_gif function resulting potential code execution

oval:org.secpod.oval:def:1900977
In ng_pkt in transports/smart_pkt.c in libgit2-dev before 0.26.6 and 0.27.x before 0.27.4, a remote attacker can send a crafted smart-protocol "ng" packet that lacks a "\0" byte to trigger an out-of-bounds read that leads to DoS.

oval:org.secpod.oval:def:115088
DISCOUNT is an implementation of John Gruber's Markdown language in C. It includes all of the original Markdown features, along with a few extensions, and passes the Markdown test suite.

oval:org.secpod.oval:def:602667
Several issues have been discovered in the MariaDB database server. The vulnerabilities are addressed by upgrading MariaDB to the new upstream version 10.0.28. Please see the MariaDB 10.0 Release Notes for further details: https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/

oval:org.secpod.oval:def:1901200
rsyslog librelp0 version 1.2.14 and earlier contains a Buffer Overflow vulnerability in the checking of x509 certificates from a peer that can result in Remote code execution. This attack appear to be exploitable a remote attacker that can connect to rsyslog and trigger a stack buffer overflow by se ...

oval:org.secpod.oval:def:1901242
ikiwiki before 3.20161229 incorrectly called the CGI::FormBuilder->field method , which can be abused to lead to commit metadata forgery.

oval:org.secpod.oval:def:1901228
Cross-site scripting vulnerability in the cgierror function in CGI.pm in ikiwiki before 3.20160506 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving an error message.

oval:org.secpod.oval:def:602739
Multiple vulnerabilities have been found in the Ikiwiki wiki compiler: CVE-2016-9646 Commit metadata forgery via CGI::FormBuilder context-dependent APIs CVE-2016-10026 Editing restriction bypass for git revert CVE-2017-0356 Authentication bypass via repeated parameters Additional details on these vu ...

oval:org.secpod.oval:def:1901164
OpenJPEG 2.3.0 has a NULL pointer dereference for "red" in the imagetopnm function of jp2/convert.c

oval:org.secpod.oval:def:1901140
When parsing the AIA-Extension field of a client certificate, Apache Tomcat Native Connector 1.2.0 to 1.2.14 and 1.1.23 to 1.1.34 did not correctly handle fields longer than 127 bytes. The result of the parsing error was to skip the OCSP check. It was therefore possible for client certificates that ...

oval:org.secpod.oval:def:1901255
The package `node-cli` before 1.0.0 insecurely uses the lock_file and log_file. Both of these are temporary, but it allows the starting user to overwrite any file they have access to.

oval:org.secpod.oval:def:1901267
An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 4.0.4, allowing an attacker in position of man-in-the-middle to alter the content of an AXFR because of insufficient validation of TSIG signatures. A missing check of the TSIG time and fudge values was found in ...

oval:org.secpod.oval:def:603275
Jonas Klempel reported that tomcat-native, a library giving Tomcat access to the Apache Portable Runtime library"s network connection implementation and random-number generator, does not properly handle fields longer than 127 bytes when parsing the AIA-Extension field of a client certificate. If O ...

oval:org.secpod.oval:def:704925
python-gnupg: Python wrapper for the GNU Privacy Guard Several security issues were fixed in python-gnupg

oval:org.secpod.oval:def:704030
librelp: Reliable Event Logging Protocol library librelp could be made to crash or run programs if it received specially crafted network traffic.

oval:org.secpod.oval:def:603330
Bas van Schaik and Kevin Backhouse discovered a stack-based buffer overflow vulnerability in librelp, a library providing reliable event logging over the network, triggered while checking x509 certificates from a peer. A remote attacker able to connect to rsyslog can take advantage of this flaw for ...

oval:org.secpod.oval:def:53211
It was discovered that malformed jumbogram packets could result in denial of service against OpenAFS, an implementation of the Andrew distributed file system.

oval:org.secpod.oval:def:114252
Librelp is an easy to use library for the RELP protocol. RELP is a general-purpose, extensible logging protocol.

oval:org.secpod.oval:def:114250
Librelp is an easy to use library for the RELP protocol. RELP is a general-purpose, extensible logging protocol.

oval:org.secpod.oval:def:1901099
The security handlers in the Security component in Symfony in 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11 have an Open redirect vulnerability when security.http_utils is inlined by a container. NOTE: this issue exists because of an inco ...

oval:org.secpod.oval:def:53286
Bas van Schaik and Kevin Backhouse discovered a stack-based buffer overflow vulnerability in librelp, a library providing reliable event logging over the network, triggered while checking x509 certificates from a peer. A remote attacker able to connect to rsyslog can take advantage of this flaw for ...

oval:org.secpod.oval:def:1901087
[improper input validation in gnupg.GPG.encrypt and gnupg.GPG.decrypt]

oval:org.secpod.oval:def:1901088
The isfootnote function in markdown.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service via a crafted file, as demonstrated by mkd2html.

oval:org.secpod.oval:def:53256
Jonas Klempel reported that tomcat-native, a library giving Tomcat access to the Apache Portable Runtime library"s network connection implementation and random-number generator, does not properly handle fields longer than 127 bytes when parsing the AIA-Extension field of a client certificate. If O ...

oval:org.secpod.oval:def:1901065
In GraphicsMagick 1.3.28, there is a divide-by-zero in the ReadMNGImage function of coders/png.c. Remote attackers could leverage this vulnerability to cause a crash and denial of service via a crafted mng file.

oval:org.secpod.oval:def:52918
librelp: Reliable Event Logging Protocol library librelp could be made to crash or run programs if it received specially crafted network traffic.

oval:org.secpod.oval:def:502281
Librelp is an easy-to-use library for the Reliable Event Logging Protocol protocol. RELP is a general-purpose, extensible logging protocol. Security Fix: * librelp: Stack-based buffer overflow in relpTcpChkPeerName function in src/tcp.c For more details about the security issue, including the impa ...

oval:org.secpod.oval:def:502280
Librelp is an easy-to-use library for the Reliable Event Logging Protocol protocol. RELP is a general-purpose, extensible logging protocol. Security Fix: * librelp: Stack-based buffer overflow in relpTcpChkPeerName function in src/tcp.c For more details about the security issue, including the impa ...

oval:org.secpod.oval:def:1700023
Stack-based buffer overflow in relpTcpChkPeerName function in src/tcp.c:rsyslog librelp version 1.2.14 and earlier contains a Buffer Overflow vulnerability in the checking of x509 certificates from a peer that can result in Remote code execution. This attack appear to be exploitable a remote attacke ...

oval:org.secpod.oval:def:602494
Simon McVittie discovered a cross-site scripting vulnerability in the error reporting of Ikiwiki, a wiki compiler. This update also hardens ikiwiki"s use of imagemagick in the img plugin.

oval:org.secpod.oval:def:2000014
improper input validation in gnupg.GPG.encrypt and gnupg.GPG.decrypt

oval:org.secpod.oval:def:1502188
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502187
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:115619
Uriparser is a strictly RFC 3986 compliant URI parsing library written in C. uriparser is cross-platform, fast, supports Unicode and is licensed under the New BSD license.

oval:org.secpod.oval:def:115614
MinGW Windows uriparser library.

oval:org.secpod.oval:def:602737
Multiple vulnerabilities have been discovered in pdns, an authoritative DNS server. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2016-2120 Mathieu Lafon discovered that pdns does not properly validate records in zones. An authorized user can take advantage ...

oval:org.secpod.oval:def:2001491
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization.

oval:org.secpod.oval:def:115625
MinGW Windows uriparser library.

oval:org.secpod.oval:def:115624
Uriparser is a strictly RFC 3986 compliant URI parsing library written in C. uriparser is cross-platform, fast, supports Unicode and is licensed under the New BSD license.

oval:org.secpod.oval:def:1901322
The User module in Drupal 7.x before 7.44 allows remote authenticated users to gain privileges via vectors involving contributed or custom code that triggers a rebuild of the user profile form.

oval:org.secpod.oval:def:1901324
An issue was discovered in liburiparser1 before 0.9.0. UriQuery.c allows an out-of-bounds write via a uriComposeQuery* or uriComposeQueryEx* function because the "&" character is mishandled in certain contexts.

oval:org.secpod.oval:def:1901320
An issue has been found in PowerDNS Authoritative Server before 3.4.11 and 4.0.2 allowing a remote, unauthenticated attacker to cause a denial of service by opening a large number of TCP connections to the web server. If the web server runs out of file descriptors, it triggers an exception and termi ...

oval:org.secpod.oval:def:2001515
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization.

oval:org.secpod.oval:def:1901359
An issue was discovered in liburiparser1 before 0.9.0. UriQuery.c allows an integer overflow via a uriComposeQuery* or uriComposeQueryEx* function because of an unchecked multiplication.

oval:org.secpod.oval:def:1901366
An issue was discovered in libraries/common.inc.php in phpMyAdmin 4.0 before 4.0.10.20, 4.4.x, 4.6.x, and 4.7.0 prereleases. The restrictions caused by $cfg["Servers"][$i]["AllowNoPassword"] = false are bypassed under certain PHP versions . This can allow the login of users who have no password set ...

oval:org.secpod.oval:def:1901279
FasterXML libjackson2-databind-java 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization.

oval:org.secpod.oval:def:2000386
FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization.

oval:org.secpod.oval:def:1800464
A heap overflow in collectd"s network plugin which can be triggered remotely and is potentially exploitable. Fixed In Version: collectd 5.5.2, collectd 5.4.3

oval:org.secpod.oval:def:603548
Several vulnerabilities have been discovered in GraphicsMagick, a set of command-line applications to manipulate image files, which could result in denial of service or the execution of arbitrary code if malformed image files are processed.

oval:org.secpod.oval:def:53442
Several vulnerabilities have been discovered in GraphicsMagick, a set of command-line applications to manipulate image files, which could result in denial of service or the execution of arbitrary code if malformed image files are processed.

oval:org.secpod.oval:def:114909
Control groups infrastructure. The library helps manipulate, control, administrate and monitor control groups and the associated controllers.

oval:org.secpod.oval:def:1901419
FasterXML libjackson2-databind-java 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization.

oval:org.secpod.oval:def:1901483
FasterXML libjackson2-databind-java 2.x before 2.9.7 might allow attackers to conduct external XML entity attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization.

oval:org.secpod.oval:def:1901370
FasterXML libjackson2-databind-java 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization.

oval:org.secpod.oval:def:1901380
In Open Ticket Request System through 3.3.20, 4 through 4.0.26, 5 through 5.0.24, and 6 through 6.0.1, an attacker who is logged in as a customer can use the ticket search form to disclose internal article information of their customer tickets.

oval:org.secpod.oval:def:602575
Emilien Gaspar discovered that collectd, a statistics collection and monitoring daemon, incorrectly processed incoming network packets. This resulted in a heap overflow, allowing a remote attacker to either cause a DoS via application crash, or potentially execute arbitrary code. Additionally, secur ...

oval:org.secpod.oval:def:2001539
An information disclosure vulnerability was discovered in glusterfs server. An attacker could issue a xattr request via glusterfs FUSE to determine the existence of any file.

oval:org.secpod.oval:def:1700103
A flaw was found in dict.c:dict_unserialize function of glusterfs, dic_unserialize function does not handle negative key length values. An attacker could use this flaw to read memory from other locations into the stored dict value.

oval:org.secpod.oval:def:2000332
A flaw was found in RPC request using gfs3_rename_req in glusterfs server. An authenticated attacker could use this flaw to write to a destination outside the gluster volume.

oval:org.secpod.oval:def:2001628
The Gluster file system through versions 4.1.4 and 3.12 is vulnerable to a heap-based buffer overflow in the "__server_getspec" function via the "gf_getspec_req" RPC message. A remote authenticated attacker could exploit this to cause a denial of service or other potential unspecified impact.

oval:org.secpod.oval:def:2000571
The Gluster file system through versions 3.12 and 4.1.4 is vulnerable to a buffer overflow in the "features/index" translator via the code handling the "GF_XATTR_CLRLK_CMD" xattr in the "pl_getxattr" function. A remote authenticated attacker could exploit this on a mounted volume to cause a denial o ...

oval:org.secpod.oval:def:1901638
A flaw was found in RPC request using gfs3_rename_req in glusterfs-common server. An authenticated attacker could use this flaw to write to a destination outside the gluster volume.

oval:org.secpod.oval:def:1901637
The Gluster file system through versions 3.12 and 4.1.4 is vulnerable to a buffer overflow in the "features/index" translator via the code handling the "GF_XATTR_CLRLK_CMD" xattr in the "pl_getxattr" function. A remote authenticated attacker could exploit this on a mounted volume to cause a denial o ...

oval:org.secpod.oval:def:2000594
A flaw was found in RPC request using gfs3_mknod_req supported by glusterfs server. An authenticated attacker could use this flaw to write files to an arbitrary location via path traversal and execute arbitrary code on a glusterfs server node.

oval:org.secpod.oval:def:115066
GlusterFS is a distributed file-system capable of scaling to several petabytes. It aggregates various storage bricks over Infiniband RDMA or TCP/IP interconnect into one large parallel network file system. GlusterFS is one of the most sophisticated file systems in terms of features and extensibility ...

oval:org.secpod.oval:def:502369
GlusterFS is a key building block of Red Hat Gluster Storage. It is based on a stackable user-space design and can deliver exceptional performance for diverse workloads. GlusterFS aggregates various storage servers over network interconnections into one large, parallel network file system. The glust ...

oval:org.secpod.oval:def:1901596
The Gluster file system through versions 4.1.4 and 3.12 is vulnerable to a heap-based buffer overflow in the "__server_getspec" function via the "gf_getspec_req" RPC message. A remote authenticated attacker could exploit this to cause a denial of service or other potential unspecified impact.

oval:org.secpod.oval:def:1901591
A flaw was found in RPC request using gfs3_mknod_req supported by glusterfs-common server. An authenticated attacker could use this flaw to write files to an arbitrary location via path traversal and execute arbitrary code on a glusterfs-common server node.

oval:org.secpod.oval:def:1901574
An information disclosure vulnerability was discovered in glusterfs-common server. An attacker could issue a xattr request via glusterfs-common FUSE to determine the existence of any file.

oval:org.secpod.oval:def:115154
GlusterFS is a distributed file-system capable of scaling to several petabytes. It aggregates various storage bricks over Infiniband RDMA or TCP/IP interconnect into one large parallel network file system. GlusterFS is one of the most sophisticated file systems in terms of features and extensibility ...

oval:org.secpod.oval:def:2000218
In GraphicsMagick 1.3.31, the ReadDIBImage function of coders/dib.c has a vulnerability allowing a crash and denial of service via a dib file that is crafted to appear with direct pixel values and also colormapping , and therefore lacks indexes initialization.

oval:org.secpod.oval:def:2000327
Genivia gSOAP 2.7.x and 2.8.x before 2.8.75 allows attackers to cause a denial of service or possibly have unspecified other impact if a server application is built with the -DWITH_COOKIES flag. This affects the C/C++ libgsoapck/libgsoapck++ and libgsoapssl/libgsoapssl++ libraries, as these are bui ...

oval:org.secpod.oval:def:2001616
aria2c in aria2 1.33.1, when --log is used, can store an HTTP Basic Authentication username and password in a file, which might allow local users to obtain sensitive information by reading this file.

oval:org.secpod.oval:def:1901869
In GraphicsMagick 1.3.31 the ReadDIBImage function of coders/dib.c has a vulnerability allowing a crash and denial of service via a dib file that is crafted to appear with direct pixel values and also colormapping , and therefore lacks indexes initialization.

oval:org.secpod.oval:def:1901951
aria2c in aria2 1.33.1, when --log is used, can store an HTTP Basic Authentication username and password in a file, which might allow local users to obtain sensitive information by reading this file.

oval:org.secpod.oval:def:1901971
Persistent cross-site scripting in http/cervlet.c in Tildeslash Monit before 5.25.3 allows a remote unauthenticated attacker to introduce arbitrary JavaScript via manipulation of an unsanitized user field of the Authorization header for HTTP Basic Authentication, which is mishandled during an _view ...

oval:org.secpod.oval:def:1901972
A buffer over-read in Util_urlDecode in util.c in Tildeslash Monit before 5.25.3 allows a remote authenticated attacker to retrieve the contents of adjacent memory via manipulation of GET or POST parameters. The attacker can also cause a denial of service .

oval:org.secpod.oval:def:704933
monit: utility for monitoring and managing daemons or similar programs Several security issues were fixed in Monit

oval:org.secpod.oval:def:1902083
A heap-based buffer over-read issue was discovered in the function sec_merge_hash_lookup in merge.c in the Binary File Descriptor library , as distributed in GNU Binutils 2.31, because _bfd_add_merge_section mishandles section merges when size is not a multiple of entsize. A specially crafted ELF a ...

oval:org.secpod.oval:def:1902071
An issue was discovered in elf_link_input_bfd in elflink.c in the Binary File Descriptor library , as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in elf_link_input_bfd when used for finding STT_TLS symbols without any TLS section. A specially crafted ELF allows remote atta ...

oval:org.secpod.oval:def:602715
Saulius Lapinskas from Lithuanian State Social Insurance Fund Board discovered that Squid3, a fully featured web proxy cache, does not properly process responses to If-None-Modified HTTP conditional requests, leading to client-specific Cookie data being leaked to other clients. A remote attacker can ...

oval:org.secpod.oval:def:113977
Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS l ...

oval:org.secpod.oval:def:603143
It was discovered that the bgpd daemon in the Quagga routing suite does not properly calculate the length of multi-segment AS_PATH UPDATE messages, causing bgpd to drop a session and potentially resulting in loss of network connectivity.

oval:org.secpod.oval:def:603164
It was discovered that the pg_ctlcluster, pg_createcluster and pg_upgradecluster commands handled symbolic links insecurely which could result in local denial of service by overwriting arbitrary files.

oval:org.secpod.oval:def:603154
Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2017-3735 It was discovered that OpenSSL is prone to a one-byte buffer overread while parsing a malformed IPAddressFamily ex ...

oval:org.secpod.oval:def:603153
Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2017-3735 It was discovered that OpenSSL is prone to a one-byte buffer overread while parsing a malformed IPAddressFamily ex ...

oval:org.secpod.oval:def:1800542
An attacker who learns the EdDSA session key from side-channel observation during the signing process, can easily recover the long-term secret key. Storing the session key in secure memory ensures that constant time point operations are used in the MPI library. Fixed In Version: libgcrypt 1.7.7 Refe ...

oval:org.secpod.oval:def:1800562
An attacker who learns the EdDSA session key from side-channel observation during the signing process, can easily recover the long-term secret key. Storing the session key in secure memory ensures that constant time point operations are used in the MPI library. Fixed In Version libgcrypt 1.7.7 Refer ...

oval:org.secpod.oval:def:1800554
CVE-2017-3735: Malformed X.509 IPAdressFamily could cause OOB read. If an X.509 certificate has a malformed IPAddressFamily extension,OpenSSL could do a one-byte buffer overread. The most likely result would be an erroneous display of the certificate in text format. Fixed In Version: openssl 1.0.2m, ...

oval:org.secpod.oval:def:44098
erlang: Concurrent, real-time, distributed functional language Several security issues were fixed in Erlang.

oval:org.secpod.oval:def:603206
It was discovered that the TLS server in Erlang is vulnerable to an adaptive chosen ciphertext attack against RSA keys.

oval:org.secpod.oval:def:603278
Several vulnerabilities have been discovered in Squid3, a fully featured web proxy cache. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2018-1000024 Louis Dion-Marcil discovered that Squid does not properly handle processing of certain ESI responses. A remote ...

oval:org.secpod.oval:def:1800667
CVE-2018-1000024: Incorrect pointer handling when processing ESI Responses can lead to denial of service Due to incorrect pointer handling, Squid versions 3.x and 4.x are vulnerable to a denial of service attack when processing ESI responses. This problem allows a remote server delivering certain ...

oval:org.secpod.oval:def:704079
curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl.

oval:org.secpod.oval:def:704051
perl: Practical Extraction and Report Language Several security issues were fixed in Perl.

oval:org.secpod.oval:def:2000387
In WordPress before 4.9.9 and 5.x before 5.0.1, contributors could conduct PHP object injection attacks via crafted metadata in a wp.getMediaItem XMLRPC call. This is caused by mishandling of serialized data at phar:// URLs in the wp_get_attachment_thumb_file function in wp-includes/post.php.

oval:org.secpod.oval:def:1800399
CVE-2018-1000024: Incorrect pointer handling when processing ESI Responses can lead to denial of service; Due to incorrect pointer handling, Squid versions 3.x and 4.x are vulnerable to a denial of service attack when processing ESI responses. This problem allows a remote server delivering certain ...

oval:org.secpod.oval:def:53166
It was discovered that the bgpd daemon in the Quagga routing suite does not properly calculate the length of multi-segment AS_PATH UPDATE messages, causing bgpd to drop a session and potentially resulting in loss of network connectivity.

oval:org.secpod.oval:def:53170
Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2017-3735 It was discovered that OpenSSL is prone to a one-byte buffer overread while parsing a malformed IPAddressFamily ex ...

oval:org.secpod.oval:def:53176
It was discovered that the pg_ctlcluster, pg_createcluster and pg_upgradecluster commands handled symbolic links insecurely which could result in local denial of service by overwriting arbitrary files.

oval:org.secpod.oval:def:53169
Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2017-3735 It was discovered that OpenSSL is prone to a one-byte buffer overread while parsing a malformed IPAddressFamily ex ...

oval:org.secpod.oval:def:1800369
The aspath_put function in bgpd/bgp_aspath.c in Quagga before 1.2.2 allows remote attackers to cause a denial of service via BGP UPDATE messages, because AS_PATH size calculation for long paths counts certain bytes twice and consequently constructs an invalid message.

oval:org.secpod.oval:def:603399
OSS-fuzz, assisted by Max Dymond, discovered that cURL, an URL transfer library, could be tricked into reading data beyond the end of a heap based buffer when parsing invalid headers in an RTSP response.

oval:org.secpod.oval:def:41167
libgcrypt20: LGPL Crypto library - libgcrypt11: LGPL Crypto library Several security issues were fixed in Libgcrypt.

oval:org.secpod.oval:def:53205
It was discovered that the TLS server in Erlang is vulnerable to an adaptive chosen ciphertext attack against RSA keys.

oval:org.secpod.oval:def:1800405
The aspath_put function in bgpd/bgp_aspath.c in Quagga before 1.2.2 allows remote attackers to cause a denial of service via BGP UPDATE messages, because AS_PATH size calculation for long paths counts certain bytes twice and consequently constructs an invalid message.

oval:org.secpod.oval:def:43822
squid3: Web proxy cache server Several security issues were fixed in Squid.

oval:org.secpod.oval:def:113769
Erlang is a general-purpose programming language and runtime environment. Erlang has built-in support for concurrency, distribution and fault tolerance. Erlang is used in several large telecommunication systems from Ericsson.

oval:org.secpod.oval:def:113767
Erlang is a general-purpose programming language and runtime environment. Erlang has built-in support for concurrency, distribution and fault tolerance. Erlang is used in several large telecommunication systems from Ericsson.

oval:org.secpod.oval:def:603445
Several vulnerabilities were found in PHP, a widely-used open source general purpose scripting language: CVE-2018-7584 Buffer underread in parsing HTTP responses CVE-2018-10545 Dumpable FPM child processes allowed the bypass of opcache access controls CVE-2018-10546 Denial of service via infinite lo ...

oval:org.secpod.oval:def:45660
curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl.

oval:org.secpod.oval:def:53257
Several vulnerabilities have been discovered in Squid3, a fully featured web proxy cache. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2018-1000024 Louis Dion-Marcil discovered that Squid does not properly handle processing of certain ESI responses. A remote ...

oval:org.secpod.oval:def:53329
OSS-fuzz, assisted by Max Dymond, discovered that cURL, an URL transfer library, could be tricked into reading data beyond the end of a heap based buffer when parsing invalid headers in an RTSP response.

oval:org.secpod.oval:def:113486
The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols.

oval:org.secpod.oval:def:113480
The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols.

oval:org.secpod.oval:def:51530
quagga: BGP/OSPF/RIP routing daemon Several security issues were fixed in Quagga.

oval:org.secpod.oval:def:51532
postgresql-common: PostgreSQL database-cluster manager postgresql-common could be made to overwrite files as the administrator.

oval:org.secpod.oval:def:51531
openssl: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL.

oval:org.secpod.oval:def:51534
squid3: Web proxy cache server Several security issues were fixed in Squid.

oval:org.secpod.oval:def:51535
erlang: Concurrent, real-time, distributed functional language Several security issues were fixed in Erlang.

oval:org.secpod.oval:def:51537
curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl.

oval:org.secpod.oval:def:113456
The OpenSSL toolkit provides support for secure communications between machines. This version of OpenSSL package contains only the libraries and is provided for compatibility with previous releases and software that does not support compilation with OpenSSL-1.1.

oval:org.secpod.oval:def:51524
libgcrypt20: LGPL Crypto library - libgcrypt11: LGPL Crypto library Several security issues were fixed in Libgcrypt.

oval:org.secpod.oval:def:52900
openssl: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL.

oval:org.secpod.oval:def:52912
squid3: Web proxy cache server Several security issues were fixed in Squid.

oval:org.secpod.oval:def:52922
perl: Practical Extraction and Report Language Several security issues were fixed in Perl.

oval:org.secpod.oval:def:113578
Quagga is free software that operates TCP/IP-based routing protocols. It takes a multi-server and multi-threaded approach to resolving the current complexity of the Internet. Quagga supports Babel, BGP4, BGP4+, BGP4-, IS-IS , OSPFv2, OSPFv3, RIPv1, RIPv2, RIPng, PIM-SSM and NHRP. Quagga is intended ...

oval:org.secpod.oval:def:113571
The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols.

oval:org.secpod.oval:def:113501
Quagga is free software that operates TCP/IP-based routing protocols. It takes a multi-server and multi-threaded approach to resolving the current complexity of the Internet. Quagga supports Babel, BGP4, BGP4+, BGP4-, IS-IS , OSPFv2, OSPFv3, RIPv1, RIPv2, RIPng, PIM-SSM and NHRP. Quagga is intended ...

oval:org.secpod.oval:def:113534
The OpenSSL toolkit provides support for secure communications between machines. This version of OpenSSL package contains only the libraries and is provided for compatibility with previous releases and software that does not support compilation with OpenSSL-1.1.

oval:org.secpod.oval:def:36988
imlib2: Image manipulation and rendering library Several security issues were fixed in Imlib2.

oval:org.secpod.oval:def:43223
quagga: BGP/OSPF/RIP routing daemon Several security issues were fixed in Quagga.

oval:org.secpod.oval:def:43225
postgresql-common: PostgreSQL database-cluster manager postgresql-common could be made to overwrite files as the administrator.

oval:org.secpod.oval:def:43224
openssl: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL.

oval:org.secpod.oval:def:1700054
Curl version curl 7.54.1 to and including curl 7.59.0 contains a CWE-122: Heap-based Buffer Overflow vulnerability in denial of service and more that can result in curl might overflow a heap based memory buffer when closing down an FTP connection with very long server command replies.Curl version cu ...

oval:org.secpod.oval:def:114538
curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+passwo ...

oval:org.secpod.oval:def:602480
Several vulnerabilities were discovered in imlib2, an image manipulation library. CVE-2011-5326 Kevin Ryde discovered that attempting to draw a 2x1 radi ellipse results in a floating point exception. CVE-2014-9771 It was discovered that an integer overflow could lead to invalid memory reads and unre ...

oval:org.secpod.oval:def:51040
curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl.

oval:org.secpod.oval:def:602570
Multiple vulnerabilities were discovered in the implementation of the Perl programming language. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2016-1238 John Lightsey and Todd Rinaldo reported that the opportunistic loading of optional modules can make many ...

oval:org.secpod.oval:def:501969
The squid34 packages provide version 3.4 of Squid, a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fix: * It was found that squid did not properly remove connection specific headers when answering conditional requests using a cached re ...

oval:org.secpod.oval:def:51165
python2.7: An interactive high-level object-oriented language - python3.5: An interactive high-level object-oriented language - python3.4: An interactive high-level object-oriented language Several security issues were fixed in Python.

oval:org.secpod.oval:def:51159
openssh: secure shell for secure access to remote machines Several security issues were fixed in OpenSSH.

oval:org.secpod.oval:def:115677
Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS l ...

oval:org.secpod.oval:def:1502480
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502422
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:49675
perl: Practical Extraction and Report Language Several security issues were fixed in Perl.

oval:org.secpod.oval:def:34611
qemu: Machine emulator and virtualizer - qemu-kvm: Machine emulator and virtualizer Several security issues were fixed in QEMU.

oval:org.secpod.oval:def:2001514
SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements , aka Magellan.

oval:org.secpod.oval:def:1900031
Squid before 4.4, when SNMP is enabled, allows a denial of service via an SNMP packet.

oval:org.secpod.oval:def:1700156
FreeRDP prior to version 2.0.0-rc4 contains an Out-Of-Bounds Write of up to 4 bytes in function nsc_rle_decode that results in a memory corruption and possibly even a remote code execution.FreeRDP prior to version 2.0.0-rc4 contains an Integer Overflow that leads to a Heap-Based Buffer Overflow in f ...

oval:org.secpod.oval:def:2000279
v9fs_wstat in hw/9pfs/9p.c in QEMU allows guest OS users to cause a denial of service because of a race condition during file renaming.

oval:org.secpod.oval:def:2001571
A flaw was found in polkit before version 0.116. The implementation of the polkit_backend_interactive_authority_check_authorization function in polkitd allows to test for authentication and trigger authentication of unrelated processes owned by other users. This may result in a local DoS and informa ...

oval:org.secpod.oval:def:2000224
hw/9pfs/cofile.c and hw/9pfs/9p.c in QEMU can modify an fid path while it is being accessed by a second thread, leading to a use-after-free outcome.

oval:org.secpod.oval:def:502637
FreeRDP is a free implementation of the Remote Desktop Protocol , released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. Security Fix: * freerdp: Integer truncation leading to heap-based buffer overflow in update_re ...

oval:org.secpod.oval:def:502640
OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fix: * openssh: User enumeration via malformed packets in authentication requests For more details abo ...

oval:org.secpod.oval:def:47236
postgresql-10: object-relational SQL database - postgresql-9.5: Object-relational SQL database - postgresql-9.3: Object-relational SQL database Several security issues were fixed in PostgreSQL.

oval:org.secpod.oval:def:57479
squid: Web proxy cache server - squid3: Web proxy cache server Several security issues were fixed in Squid.

oval:org.secpod.oval:def:1901830
Modules/_pickle.c in Python before 3.7.1 has an integer overflow via a large LONG_BINPUT value that is mishandled during a "resize to twice the size" attempt. This issue might cause memory exhaustion, but is only relevant if the pickle format is used for serializing tens or hundreds of gigabytes of ...

oval:org.secpod.oval:def:49017
openssh: secure shell for secure access to remote machines Several security issues were fixed in OpenSSH.

oval:org.secpod.oval:def:2000382
Exiv2::Internal::PngChunk::parseTXTChunk in Exiv2 v0.26 allows remote attackers to cause a denial of service via a crafted image file, a different vulnerability than CVE-2018-10999.

oval:org.secpod.oval:def:114956
PostgreSQL is an advanced Object-Relational database management system . The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine as t ...

oval:org.secpod.oval:def:47259
The host is installed with OpenSSH through 7.7 and is prone to an user enumeration vulnerability. A flaw is present in the application, which fails to properly handle an invalid authenticating user. Successful exploitation could allow remote attackers to identify existing users on a target machine.

oval:org.secpod.oval:def:47262
The host is installed with PostgreSQL 10.x before 10.5, 9.6.x before 9.6.10, 9.5.x before 9.5.14, 9.4.x before 9.4.19, and 9.3.x before 9.3.24 and is prone to a security bypass vulnerability. The flaw present in the application's libpq component where it fails to properly reset its internal state be ...

oval:org.secpod.oval:def:114974
Python 3.4 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.4, see other distributions that support it, such as CentOS or RHEL with Software Co ...

oval:org.secpod.oval:def:48685
curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl.

oval:org.secpod.oval:def:603336
A remote code execution vulnerability has been found in Drupal, a fully-featured content management framework. For additional information, please refer to the upstream advisory at https://www.drupal.org/sa-core-2018-002

oval:org.secpod.oval:def:704873
busybox: Tiny utilities for small and embedded systems Several security issues were fixed in BusyBox.

oval:org.secpod.oval:def:49184
systemd: system and service manager Details: USN-3816-1 fixed several vulnerabilities in systemd. However, the fix for CVE-2018-6954 was not sufficient. This update provides the remaining fixes. We apologize for the inconvenience. Original advisory systemd-tmpfiles could be made to change ownership ...

oval:org.secpod.oval:def:50186
The host is installed with python before versions 2.7.15 or 3.4.9 and is prone to a denial-of-service vulnerability. The flaw is present in the application, which fails to properly handle catastrophic backtracking in difflib.IS_LINE_JUNK method. Successful exploitation allow context-dependent attack ...

oval:org.secpod.oval:def:114269
The python3-docs package contains documentation on the Python 3 programming language and interpreter. Install the python3-docs package if you'd like to use the documentation for the Python 3 language.

oval:org.secpod.oval:def:114264
The python3-docs package contains documentation on the Python 3 programming language and interpreter. Install the python3-docs package if you'd like to use the documentation for the Python 3 language.

oval:org.secpod.oval:def:114260
pip is a package management system used to install and manage software packages written in Python. Many packages can be found in the Python Package Index . pip is a recursive acronym that can stand for either "Pip Installs Packages" or "Pip Installs Python".

oval:org.secpod.oval:def:50187
The host is installed with python 2.7.0 is prone to a denial-of-service vulnerability. The flaw is present in the application, which fails to properly handle the passage of unfiltered user input to the function. Successful exploitation allow attackers to cause a denial of service, information gain v ...

oval:org.secpod.oval:def:115585
Perl is a high-level programming language with roots in C, sed, awk and shell scripting. Perl is good at handling processes and files, and is especially good at handling text. Perl's hallmarks are practicality and efficiency. While it is used to do a lot of different things, Perl's most comm ...

oval:org.secpod.oval:def:49173
python2.7: An interactive high-level object-oriented language - python3.5: An interactive high-level object-oriented language - python3.4: An interactive high-level object-oriented language Several security issues were fixed in Python.

oval:org.secpod.oval:def:603432
Two vulnerabilities were discovered in strongSwan, an IKE/IPsec suite. CVE-2018-5388 The stroke plugin did not verify the message length when reading from its control socket. This vulnerability could lead to denial of service. On Debian write access to the socket requires root permission on default ...

oval:org.secpod.oval:def:603499
Dariusz Tytko, Michal Sajdak and Qualys Security discovered that OpenSSH, an implementation of the SSH protocol suite, was prone to a user enumeration vulnerability. This would allow a remote attacker to check whether a specific user account existed on the target server.

oval:org.secpod.oval:def:53290
A remote code execution vulnerability has been found in Drupal, a fully-featured content management framework. For additional information, please refer to the upstream advisory at https://www.drupal.org/sa-core-2018-002

oval:org.secpod.oval:def:502000
Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix: * An integer overflow flaw and an out-of-bounds read flaw were found in the way QEM ...

oval:org.secpod.oval:def:114271
Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to v ...

oval:org.secpod.oval:def:114270
It uses mostly the same techniques for finding packages, so packages that were made easy_installable should be pip-installable as well.

oval:org.secpod.oval:def:114272
Python is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readibility. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3 package provides the "python3" executable: the ...

oval:org.secpod.oval:def:1901058
FasterXML libjackson2-databind-java through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, ...

oval:org.secpod.oval:def:50299
The host is installed with Apple Mac OS X 10.14.2 and is prone to multiple memory corruption vulnerabilities. The flaws are present in the application, which fails to properly handle an input validation issue. Successful exploitation allows an attacker to execute arbitrary code through a maliciously ...

oval:org.secpod.oval:def:53353
Two vulnerabilities were discovered in strongSwan, an IKE/IPsec suite. CVE-2018-5388 The stroke plugin did not verify the message length when reading from its control socket. This vulnerability could lead to denial of service. On Debian write access to the socket requires root permission on default ...

oval:org.secpod.oval:def:2000538
Modules/_pickle.c in Python before 3.7.1 has an integer overflow via a large LONG_BINPUT value that is mishandled during a "resize to twice the size" attempt. This issue might cause memory exhaustion, but is only relevant if the pickle format is used for serializing tens or hundreds of gigabytes of ...

oval:org.secpod.oval:def:51541
python2.7: An interactive high-level object-oriented language - python3.5: An interactive high-level object-oriented language - python3.4: An interactive high-level object-oriented language Several security issues were fixed in Python.

oval:org.secpod.oval:def:51540
openssh: secure shell for secure access to remote machines Several security issues were fixed in OpenSSH.

oval:org.secpod.oval:def:114787
polkit is a toolkit for defining and handling authorizations. It is used for allowing unprivileged processes to speak to privileged processes.

oval:org.secpod.oval:def:1901612
BusyBox project BusyBox wget version prior to commit 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e contains a Buffer Overflow vulnerability in Busybox wget that can result in heap buffer overflow. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed ...

oval:org.secpod.oval:def:603530
Sze Yiu Chau and his team from Purdue University and The University of Iowa found several issues in the gmp plugin for strongSwan, an IKE/IPsec suite. Problems in the parsing and verification of RSA signatures could lead to a Bleichenbacher-style low-exponent signature forgery in certificates and du ...

oval:org.secpod.oval:def:603531
Multiple security issues were discovered in Python: ElementTree failed to initialise Expat"s hash salt, two denial of service issues were found in difflib and poplib and the shutil module was affected by a command injection vulnerability.

oval:org.secpod.oval:def:603567
Two vulnerabilities were discovered in cURL, an URL transfer library. CVE-2018-16839 Harry Sintonen discovered that, on systems with a 32 bit size_t, an integer overflow would be triggered when a SASL user name longer than 2GB is used. This would in turn cause a very small buffer to be allocated ins ...

oval:org.secpod.oval:def:603581
Multiple vulnerabilities were discovered in the implementation of the Perl programming language. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2018-18311 Jayakrishna Menon and Christophe Hauser discovered an integer overflow vulnerability in Perl_my_setenv l ...

oval:org.secpod.oval:def:47530
php7.2: HTML-embedded scripting language interpreter - php7.0: HTML-embedded scripting language interpreter - php5: HTML-embedded scripting language interpreter Several security issues were fixed in PHP.

oval:org.secpod.oval:def:115296
curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+passwo ...

oval:org.secpod.oval:def:115255
Python 2 is an old version of the language that is incompatible with the 3.x line of releases. The language is mostly the same, but many details, especially how built-in objects like dictionaries and strings work, have changed considerably, and a lot of deprecated features have finally been removed ...

oval:org.secpod.oval:def:115252
Python 2 is an old version of the language that is incompatible with the 3.x line of releases. The language is mostly the same, but many details, especially how built-in objects like dictionaries and strings work, have changed considerably, and a lot of deprecated features have finally been removed ...

oval:org.secpod.oval:def:115243
The strongSwan IPsec implementation supports both the IKEv1 and IKEv2 key exchange protocols in conjunction with the native NETKEY IPsec stack of the Linux kernel.

oval:org.secpod.oval:def:115241
The strongSwan IPsec implementation supports both the IKEv1 and IKEv2 key exchange protocols in conjunction with the native NETKEY IPsec stack of the Linux kernel.

oval:org.secpod.oval:def:115308
The strongSwan IPsec implementation supports both the IKEv1 and IKEv2 key exchange protocols in conjunction with the native NETKEY IPsec stack of the Linux kernel.

oval:org.secpod.oval:def:53429
Multiple security issues were discovered in Python: ElementTree failed to initialise Expat"s hash salt, two denial of service issues were found in difflib and poplib and the shutil module was affected by a command injection vulnerability.

oval:org.secpod.oval:def:1901720
get_8bit_row in rdbmp.c in libturbojpeg through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service via a crafted 8-bit BMP in which one or more of the color indices is out of range for the number of palette entries.

oval:org.secpod.oval:def:50332
The host is missing a security update according to Apple advisory, APPLE-SA-2019-1-22-6. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fail to properly handle validation or memory corruption issues. Successful exploitation could allow attacke ...

oval:org.secpod.oval:def:704387
python2.7: An interactive high-level object-oriented language - python3.5: An interactive high-level object-oriented language - python3.4: An interactive high-level object-oriented language Several security issues were fixed in Python.

oval:org.secpod.oval:def:114864
polkit is a toolkit for defining and handling authorizations. It is used for allowing unprivileged processes to speak to privileged processes.

oval:org.secpod.oval:def:52960
freerdp2: RDP client for Windows Terminal Services - freerdp: RDP client for Windows Terminal Services Several security issues were fixed in FreeRDP.

oval:org.secpod.oval:def:50304
The host is installed with Apple iCloud before 7.10 or Apple itunes before 12.9.3 and is prone to multiple memory corruption vulnerabilities. The flaws are present in the application, which fails to properly handle maliciously crafted SQL query. Successful exploitation could allow attackers to perfo ...

oval:org.secpod.oval:def:704375
openssh: secure shell for secure access to remote machines Several security issues were fixed in OpenSSH.

oval:org.secpod.oval:def:47604
strongswan: IPsec VPN solution Several security issues were fixed in strongSwan.

oval:org.secpod.oval:def:115380
curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+passwo ...

oval:org.secpod.oval:def:1900101
It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of tilibming-dev data using crafted packets.

oval:org.secpod.oval:def:114595
The strongSwan IPsec implementation supports both the IKEv1 and IKEv2 key exchange protocols in conjunction with the native NETKEY IPsec stack of the Linux kernel.

oval:org.secpod.oval:def:114563
The strongSwan IPsec implementation supports both the IKEv1 and IKEv2 key exchange protocols in conjunction with the native NETKEY IPsec stack of the Linux kernel.

oval:org.secpod.oval:def:1700096
It was found that GnuTLS#039;s implementation of HMAC-SHA-256 was vulnerable to Lucky Thirteen-style attack. A remote attacker could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets.It was found that GnuTLS# ...

oval:org.secpod.oval:def:1700080
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.

oval:org.secpod.oval:def:1900122
It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of tilibming-dev data using crafted packets.

oval:org.secpod.oval:def:1700079
A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq were used with quot;hostquot; or quot;hostaddrquot; connection parameters from untrusted input, attackers could bypas ...

oval:org.secpod.oval:def:501821
KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm packages provide the user-space component for running virtual machines using KVM. Security Fix: * An out-of-bounds read/write access flaw was found in the way QEMU"s VGA emulation with VESA BIOS Extensions ...

oval:org.secpod.oval:def:54091
busybox: Tiny utilities for small and embedded systems Several security issues were fixed in BusyBox.

oval:org.secpod.oval:def:602468
Several vulnerabilities have been discovered in the chromium web browser. CVE-2016-1651 An out-of-bounds read issue was discovered in the pdfium library. CVE-2016-1652 A cross-site scripting issue was discovered in extension bindings. CVE-2016-1653 Choongwoo Han discovered an out-of-bounds write iss ...

oval:org.secpod.oval:def:602497
Several vulnerabilities were discovered in qemu, a fast processor emulator. CVE-2016-3710 Wei Xiao and Qinghao Tang of 360.cn Inc discovered an out-of-bounds read and write flaw in the QEMU VGA module. A privileged guest user could use this flaw to execute arbitrary code on the host with the privile ...

oval:org.secpod.oval:def:115087
SSH is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the sec ...

oval:org.secpod.oval:def:46457
policykit-1: framework for managing administrative policies and privileges Several security issues were fixed in PolicyKit.

oval:org.secpod.oval:def:704426
freerdp2: RDP client for Windows Terminal Services - freerdp: RDP client for Windows Terminal Services Several security issues were fixed in FreeRDP.

oval:org.secpod.oval:def:1502299
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:502353
PostgreSQL is an advanced object-relational database management system . The following packages have been upgraded to a later upstream version: postgresql . Security Fix: * postgresql: Certain host connection parameters defeat client-side security defenses For more details about the security issue ...

oval:org.secpod.oval:def:115026
SSH is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the sec ...

oval:org.secpod.oval:def:205144
Perl is a high-level programming language that is commonly used for system administration utilities and web programming. Security Fix: * perl: Integer overflow leading to buffer overflow in Perl_my_setenv For more details about the security issue, including the impact, a CVSS score, and other relat ...

oval:org.secpod.oval:def:51021
strongswan: IPsec VPN solution Several security issues were fixed in strongSwan.

oval:org.secpod.oval:def:205140
The gnutls packages provide the GNU Transport Layer Security library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. The following packages have been upgraded to a later upstream version: gnutls . Security Fix: * gnutls: HMAC-SHA-256 vulnerable to Lucky thirtee ...

oval:org.secpod.oval:def:51015
policykit-1: framework for managing administrative policies and privileges Several security issues were fixed in PolicyKit.

oval:org.secpod.oval:def:205185
FreeRDP is a free implementation of the Remote Desktop Protocol , released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. Security Fix: * freerdp: Integer truncation leading to heap-based buffer overflow in update_re ...

oval:org.secpod.oval:def:53642
qemu: Machine emulator and virtualizer Several security issues were fixed in QEMU.

oval:org.secpod.oval:def:53641
qemu: Machine emulator and virtualizer Several security issues were fixed in QEMU.

oval:org.secpod.oval:def:705067
squid: Web proxy cache server - squid3: Web proxy cache server Several security issues were fixed in Squid.

oval:org.secpod.oval:def:114642
The strongSwan IPsec implementation supports both the IKEv1 and IKEv2 key exchange protocols in conjunction with the native NETKEY IPsec stack of the Linux kernel.

oval:org.secpod.oval:def:114610
SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL database w ...

oval:org.secpod.oval:def:50606
FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing ...

oval:org.secpod.oval:def:115133
Python 2 is an old version of the language that is incompatible with the 3.x line of releases. The language is mostly the same, but many details, especially how built-in objects like dictionaries and strings work, have changed considerably, and a lot of deprecated features have finally been removed ...

oval:org.secpod.oval:def:115158
Python 2 is an old version of the language that is incompatible with the 3.x line of releases. The language is mostly the same, but many details, especially how built-in objects like dictionaries and strings work, have changed considerably, and a lot of deprecated features have finally been removed ...

oval:org.secpod.oval:def:1800505
CVE-2016-5419: TLS session resumption client cert bypass. Fixed In Version: curl 7.50.1 CVE-2016-5420: Re-using connection with wrong client cert. Fixed In Version: curl 7.50.1 CVE-2016-5421: Use of connection struct after free. Fixed In Version: curl 7.50.1

oval:org.secpod.oval:def:1501996
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:602753
Multiple security issues have been found in the Mozilla Firefox web browser: Memory safety errors, use-after-frees and other implementation errors may lead to the execution of arbitrary code, information disclosure or privilege escalation.

oval:org.secpod.oval:def:602776
Several vulnerabilities were discovered in spice, a SPICE protocol client and server library. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2016-9577 Frediano Ziglio of Red Hat discovered a buffer overflow vulnerability in the main_channel_alloc_msg_rcv_buf ...

oval:org.secpod.oval:def:602760
Jann Horn of Google Project Zero discovered that NTFS-3G, a read-write NTFS driver for FUSE, does not scrub the environment before executing modprobe with elevated privileges. A local user can take advantage of this flaw for local root privilege escalation.

oval:org.secpod.oval:def:602784
Ben Hayak discovered that objects embedded in Writer and Calc documents may result in information disclosure. Please see https://www.libreoffice.org/about-us/security/advisories/cve-2017-3157/ for additional information.

oval:org.secpod.oval:def:703399
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:602696
Multiple security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, buffer overflows and other implementation errors may lead to the execution of arbitrary code or information leaks.

oval:org.secpod.oval:def:602692
Multiple security issues have been found in Icedove, Debian"s version of the Mozilla Thunderbird mail client: Multiple memory safety errors, same-origin policy bypass issues, integer overflows, buffer overflows and use-after-frees may lead to the execution of arbitrary code or denial of service.

oval:org.secpod.oval:def:703385
ghostscript: PostScript and PDF interpreter Ghostscript could be made to crash, run programs, or disclose sensitive information if it processed a specially crafted file.

oval:org.secpod.oval:def:703383
c-ares: library for asynchronous name resolves c-ares could be made to crash or run programs if it processed a specially crafted hostname.

oval:org.secpod.oval:def:703375
thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird.

oval:org.secpod.oval:def:703323
linux: Linux kernel The system could be made to run programs as an administrator.

oval:org.secpod.oval:def:703329
quagga: BGP/OSPF/RIP routing daemon Quagga could be made to crash if it received specially crafted network traffic.

oval:org.secpod.oval:def:703328
mysql-5.7: MySQL database - mysql-5.5: MySQL database Several security issues were fixed in MySQL.

oval:org.secpod.oval:def:703316
linux-snapdragon: Linux kernel for Snapdragon Processors The system could be made to run programs as an administrator.

oval:org.secpod.oval:def:703318
linux-raspi2: Linux kernel for Raspberry Pi 2 The system could be made to run programs as an administrator.

oval:org.secpod.oval:def:1800637
All versions of Samba prior to 4.6.1, 4.5.7, 4.4.12 are vulnerable to a malicious client using a symlink race to allow access to areas of the server file system not exported under the share definition. Samba uses the real path system call to ensure when a client requests access to a pathname that it ...

oval:org.secpod.oval:def:602813
Multiple security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees and other implementation errors may lead to the execution of arbitrary code, ASLR bypass, information disclosure or denial of service.

oval:org.secpod.oval:def:1501866
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:602827
Jann Horn of Google discovered a time-of-check, time-of-use race condition in Samba, a SMB/CIFS file, print, and login server for Unix. A malicious client can take advantage of this flaw by exploting a symlink race to access areas of the server file system not exported under a share definition.

oval:org.secpod.oval:def:602856
Multiple security issues have been found in Thunderbird, which may may lead to the execution of arbitrary code or information leaks. With this update, the Icedove packages are de-branded back to the official Mozilla branding. With the removing of the Debian branding the packages are also renamed bac ...

oval:org.secpod.oval:def:602847
It was discovered that the Dovecot email server is vulnerable to a denial of service attack. When the "dict" passdb and userdb are used for user authentication, the username sent by the IMAP/POP3 client is sent through var_expand to perform %variable expansion. Sending specially crafted %v ...

oval:org.secpod.oval:def:703487
libreoffice: Office productivity suite LibreOffice could be made to disclose files if it opened a specially crafted file.

oval:org.secpod.oval:def:703476
spice: SPICE protocol client and server library Spice could be made to crash or run programs if it received specially crafted network traffic.

oval:org.secpod.oval:def:703459
firefox: Mozilla Open Source web browser Details: USN-3175-1 fixed vulnerabilities in Firefox. The update caused a regression on systems where the AppArmor profile for Firefox is set to enforce mode. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3175-1 intr ...

oval:org.secpod.oval:def:703440
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:703446
ntfs-3g: read/write NTFS driver for FUSE NTFS-3G could be made to load kernel modules as an administrator.

oval:org.secpod.oval:def:703439
thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird.

oval:org.secpod.oval:def:703416
nss: Network Security Service library Several security issues were fixed in NSS.

oval:org.secpod.oval:def:112324
Dovecot is an IMAP server for Linux/UNIX-like systems, written with security primarily in mind. It also contains a small POP3 server. It supports mail in either of maildir or mbox formats. The SQL drivers and authentication plug-ins are in their subpackages.

oval:org.secpod.oval:def:112322
Dovecot is an IMAP server for Linux/UNIX-like systems, written with security primarily in mind. It also contains a small POP3 server. It supports mail in either of maildir or mbox formats. The SQL drivers and authentication plug-ins are in their subpackages.

oval:org.secpod.oval:def:1800382
CVE-2016-9893: Memory safety bugs CVE-2016-9895: CSP bypass using marquee tag CVE-2016-9897: Memory corruption in libGLES CVE-2016-9898: Use-after-free in Editor while manipulating DOM subtrees CVE-2016-9899: Use-after-free while manipulating DOM events and audio elements CVE-2016-9900: Restricted e ...

oval:org.secpod.oval:def:703562
dovecot: IMAP and POP3 email server Dovecot could be made to crash if it received specially crafted input.

oval:org.secpod.oval:def:1800397
CVE-2016-7440: mariadb 5.5.53, mariadb 10.1.19 CVE-2016-5584: mariadb 5.5.53, mariadb 10.1.19 Reference:

oval:org.secpod.oval:def:703569
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:1800337
All versions of Samba prior to 4.6.1, 4.5.7, 4.4.12 are vulnerable to a malicious client using a symlink race to allow access to areas ofthe server file system not exported under the share definition. Samba uses the realpath system call to ensure when a client requests access to a pathname that it i ...

oval:org.secpod.oval:def:703535
thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird.

oval:org.secpod.oval:def:703533
samba: SMB/CIFS file, print, and login server for Unix Samba could be made to expose sensitive information over the network.

oval:org.secpod.oval:def:703526
freetype: FreeType 2 is a font engine library FreeType could be made to crash or run programs if it opened a specially crafted font file.

oval:org.secpod.oval:def:703516
libevent: Asynchronous event notification library Several security issues were fixed in libevent.

oval:org.secpod.oval:def:703502
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:36755
curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl.

oval:org.secpod.oval:def:1800486
libcurl would attempt to resume a TLS session even if the client certificate had changed. That is unacceptable since a server by specification is allowed to skip the client certificate check on resume, and may instead use the old identity which was established by the previous certificate . libcurl s ...

oval:org.secpod.oval:def:502019
LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and extend ...

oval:org.secpod.oval:def:502035
Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: * It was found that Samba always requested forwardable tickets when ...

oval:org.secpod.oval:def:1501599
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Security Fix: * It was discovered that the Tomcat packages installed configuration file /usr/lib/tmpfiles.d/tomcat.conf writeable to the tomcat group. A member of the group or a malicious web application dep ...

oval:org.secpod.oval:def:1600492
It was found that the ghostscript functions getenv, file name for all and .libfile did not honor the -dSAFER option, usually used when processing untrusted documents, leading to information disclosure. A specially crafted postscript document could read environment variable, list directory and retrie ...

oval:org.secpod.oval:def:112256
Samba is the standard Windows interoperability suite of programs for Linux and Unix.

oval:org.secpod.oval:def:112227
Samba is the standard Windows interoperability suite of programs for Linux and Unix.

oval:org.secpod.oval:def:45875
The host is installed with Ghostscript 9.10 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle a crafted postscript file. Successful exploitation could allow attackers to read data via a crafted postscript file.

oval:org.secpod.oval:def:1501792
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.8.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:1501793
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.8.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:1501796
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.8.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ...

oval:org.secpod.oval:def:1501794
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.8.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:1501799
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1501749
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.7.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:1501750
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.7.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:1501751
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.7.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:1501754
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1501758
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1501759
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1501761
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1600702
A remote code execution flaw was found in Samba. A malicious authenticatedsamba client, having write access to the samba share, could use this flaw toexecute arbitrary code as root. It was found that Samba always requested forwardable tickets when using Kerberos authentication. A service to which Sa ...

oval:org.secpod.oval:def:602547
Aleksandar Nikolic discovered that missing input sanitising in the RTF parser in Libreoffice may result in the execution of arbitrary code if a malformed documented is opened.

oval:org.secpod.oval:def:501881
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Security Fix: * It was discovered that the Tomcat packages installed certain configuration files read by the Tomcat initialization script as writeable to the tomcat group. A member of the group or a malicio ...

oval:org.secpod.oval:def:501887
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * A race condition was found in the way the Linux kernel"s memory subsystem handled the copy-on-write breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to ...

oval:org.secpod.oval:def:1501833
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1501838
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1501671
Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.

oval:org.secpod.oval:def:1501673
Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.

oval:org.secpod.oval:def:1501674
Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.

oval:org.secpod.oval:def:1501686
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.5.0 Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute ar ...

oval:org.secpod.oval:def:1501687
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.5.0 Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute ar ...

oval:org.secpod.oval:def:602633
Gzob Qq discovered that the query-building functions in c-ares, an asynchronous DNS request library would not correctly process crafted query names, resulting in a heap buffer overflow and potentially leading to arbitrary code execution.

oval:org.secpod.oval:def:501955
The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix: * It was found that the ghostscript functions getenv, filenameforall and .libfile did not h ...

oval:org.secpod.oval:def:602648
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2015-8956 It was discovered that missing input sanitising in RFCOMM Bluetooth socket handling may result in denial of service or information leak. CVE ...

oval:org.secpod.oval:def:602646
It was discovered that the zebra daemon in the Quagga routing suite suffered from a stack-based buffer overflow when processing IPv6 Neighbor Discovery messages.

oval:org.secpod.oval:def:602643
Several vulnerabilities were discovered in Ghostscript, the GPL PostScript/PDF interpreter, which may lead to the execution of arbitrary code or information disclosure if a specially crafted Postscript file is processed.

oval:org.secpod.oval:def:602673
Multiple security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, buffer overflows and other implementation errors may lead to the execution of arbitrary code or bypass of the same-origin policy. Also, a man-in-the-middle attack in the addon update mechanism ...

oval:org.secpod.oval:def:602662
Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.53, which includes additional changes, such as performance improvements, bug fixes, new features, and possibly incompatible changes

oval:org.secpod.oval:def:602578
Several vulnerabilities were discovered in cURL, an URL transfer library: CVE-2016-5419 Bru Rom discovered that libcurl would attempt to resume a TLS session even if the client certificate had changed. CVE-2016-5420 It was discovered that libcurl did not consider client certificates when reusing TLS ...

oval:org.secpod.oval:def:602560
It was discovered that Django, a high-level Python web development framework, is prone to a cross-site scripting vulnerability in the admin"s add/change related popup.

oval:org.secpod.oval:def:602593
Felix Doerre and Vladimir Klebanov from the Karlsruhe Institute of Technology discovered a flaw in the mixing functions of GnuPG"s random number generator. An attacker who obtains 4640 bits from the RNG can trivially predict the next 160 bits of output. A first analysis on the impact of this bug for ...

oval:org.secpod.oval:def:602592
Felix Doerre and Vladimir Klebanov from the Karlsruhe Institute of Technology discovered a flaw in the mixing functions of Libgcrypt"s random number generator. An attacker who obtains 4640 bits from the RNG can trivially predict the next 160 bits of output. A first analysis on the impact of this bug ...

oval:org.secpod.oval:def:703241
fontconfig: generic font configuration library Fontconfig be made to crash or run programs if it opened a specially crafted file.

oval:org.secpod.oval:def:703240
libgcrypt20: LGPL Crypto library - libgcrypt11: LGPL Crypto library Libgcrypt incorrectly generated random numbers.

oval:org.secpod.oval:def:602588
Several vulnerabilities have been found in PostgreSQL-9.4, a SQL database system. CVE-2016-5423 Karthikeyan Jambu Rajaraman discovered that nested CASE-WHEN expressions are not properly evaluated, potentially leading to a crash or allowing to disclose portions of server memory. CVE-2016-5424 Nathan ...

oval:org.secpod.oval:def:602586
Tobias Stoeckmann discovered that cache files are insufficiently validated in fontconfig, a generic font configuration library. An attacker can trigger arbitrary free calls, which in turn allows double free attacks and therefore arbitrary code execution. In combination with setuid binaries using cra ...

oval:org.secpod.oval:def:703239
postgresql-9.5: object-relational SQL database - postgresql-9.3: Object-relational SQL database - postgresql-9.1: Object-relational SQL database Several security issues were fixed in PostgreSQL.

oval:org.secpod.oval:def:703238
gnupg: GNU privacy guard - a free PGP replacement GnuPG incorrectly generated random numbers.

oval:org.secpod.oval:def:703223
curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl.

oval:org.secpod.oval:def:501974
The Simple Protocol for Independent Computing Environments is a remote display protocol for virtual environments. SPICE users can access a virtualized desktop or server from the local system or any system with network access to the server. SPICE is used in Red Hat Enterprise Linux for viewing virtu ...

oval:org.secpod.oval:def:703211
python-django: High-level Python web development framework A security issue was fixed in Django.

oval:org.secpod.oval:def:1501701
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.6.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:1501702
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.6.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:1501706
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.6.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ...

oval:org.secpod.oval:def:1501703
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.6.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:1501717
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.6.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ...

oval:org.secpod.oval:def:1501720
The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix: * It was found that the ghostscript functions getenv, filenameforall and .libfile did not h ...

oval:org.secpod.oval:def:1501721
The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix: * It was found that the ghostscript functions getenv, filenameforall and .libfile did not h ...

oval:org.secpod.oval:def:114363
GNU Wget is a file retrieval utility which can use either the HTTP or FTP protocols. Wget features include the ability to work in the background while you are logged out, recursive retrieval of directories, file name wildcard matching, remote file timestamp storage and comparison, use of Rest with F ...

oval:org.secpod.oval:def:114364
GNU Wget is a file retrieval utility which can use either the HTTP or FTP protocols. Wget features include the ability to work in the background while you are logged out, recursive retrieval of directories, file name wildcard matching, remote file timestamp storage and comparison, use of Rest with F ...

oval:org.secpod.oval:def:1800502
A vulnerability was found in popd. It can be tricked to free a user supplied address in the following way: $ popd +-111111 This could be used to bypass restricted shells on some environments to cause use-after-free. Reference Patch

oval:org.secpod.oval:def:113043
Libsoup is an HTTP library implementation in C. It was originally part of a SOAP implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. libsoup uses the Glib main loop and is designed to work well with GTK applications. This enables GNOME application ...

oval:org.secpod.oval:def:113044
Libsoup is an HTTP library implementation in C. It was originally part of a SOAP implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. libsoup uses the Glib main loop and is designed to work well with GTK applications. This enables GNOME application ...

oval:org.secpod.oval:def:1501968
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1501973
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1501970
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1501979
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1501983
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1501985
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:113015
MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files.

oval:org.secpod.oval:def:1501995
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:113007
MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files.

oval:org.secpod.oval:def:114336
MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files.

oval:org.secpod.oval:def:114331
MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files.

oval:org.secpod.oval:def:44840
The host is installed with Apple Mac OS X 10.11.6 or 10.12.6 and is prone to an integer overflow vulnerability. A flaw is present in the application, which fails to properly handle bounds checking. Successful exploitation leads to integer overflow.

oval:org.secpod.oval:def:602775
Several vulnerabilities were discovered in libevent, an asynchronous event notification library. They would lead to Denial Of Service via application crash, or remote code execution.

oval:org.secpod.oval:def:1900788
Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Serv ...

oval:org.secpod.oval:def:1900798
Memory safety bugs were reported in Firefox 55 and Firefox ESR 52.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thun ...

oval:org.secpod.oval:def:51981
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:51984
thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird.

oval:org.secpod.oval:def:51992
exim4: Exim is a mail transport agent Exim could be made to crash or run programs if it received specially crafted network traffic.

oval:org.secpod.oval:def:51994
advancecomp: collection of recompression utilities AdvanceCOMP could be made to crash or run programs if it opened a specially crafted file.

oval:org.secpod.oval:def:51995
quagga: BGP/OSPF/RIP routing daemon Several security issues were fixed in Quagga.

oval:org.secpod.oval:def:602780
Several vulnerabilities were discovered in the shadow suite. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2016-6252 An integer overflow vulnerability was discovered, potentially allowing a local user to escalate privileges via crafted input to the newuidmap ...

oval:org.secpod.oval:def:112626
Poppler, a PDF rendering library, is a fork of the xpdf PDF viewer developed by Derek Noonburg of Glyph and Cog, LLC.

oval:org.secpod.oval:def:113953
This is dnsperf, a collection of DNS server performance testing tools. For more information, see the dnsperf and resperf man pages.

oval:org.secpod.oval:def:112623
Evince is simple multi-page document viewer. It can display and print Portable Document Format , PostScript and Encapsulated PostScript files. When supported by the document format, evince allows searching for text, copying text to the clipboard, hypertext navigation, table-of-contents bookmarks a ...

oval:org.secpod.oval:def:113945
This is dnsperf, a collection of DNS server performance testing tools. For more information, see the dnsperf and resperf man pages.

oval:org.secpod.oval:def:113946
This package provides an LDAP back-end plug-in for BIND. It features support for dynamic updates and internal caching, to lift the load off of your LDAP server.

oval:org.secpod.oval:def:113948
BIND is an implementation of the DNS protocols. BIND includes a DNS server , which resolves host names to IP addresses; a resolver library ; and tools for verifying that the DNS server is operating properly.

oval:org.secpod.oval:def:113964
This package provides an LDAP back-end plug-in for BIND. It features support for dynamic updates and internal caching, to lift the load off of your LDAP server.

oval:org.secpod.oval:def:112606
Graphite2 is a project within SILs Non-Roman Script Initiative and Language Software Development groups to provide rendering capabilities for complex non-Roman writing systems. Graphite can be used to create smart fonts capable of displaying writing systems with various complex behaviors. With respe ...

oval:org.secpod.oval:def:603127
Martin Thomson discovered that nss, the Mozilla Network Security Service library, is prone to a use-after-free vulnerability in the TLS 1.2 implementation when handshake hashes are generated. A remote attacker can take advantage of this flaw to cause an application using the nss library to crash, re ...

oval:org.secpod.oval:def:113928
BIND is an implementation of the DNS protocols. BIND includes a DNS server , which resolves host names to IP addresses; a resolver library ; and tools for verifying that the DNS server is operating properly.

oval:org.secpod.oval:def:603119
Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees, buffer overflows and other implementation errors may lead to the execution of arbitrary code, denial of service, cross-site scripting or bypass of the phishing and malware prot ...

oval:org.secpod.oval:def:603114
Multiple security issues have been discoverd in Samba, a SMB/CIFS file, print, and login server for Unix: CVE-2017-12150 Stefan Metzmacher discovered multiple code paths where SMB signing was not enforced. CVE-2017-12151 Stefan Metzmacher discovered that tools using libsmbclient did not enforce encr ...

oval:org.secpod.oval:def:603148
Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code or denial of service.

oval:org.secpod.oval:def:1800581
CVE-2017-14746: Use-after-free vulnerability. Affected Versions: All versions of Samba from 4.0.0 onwards. Fixed In: Samba 4.7.3, 4.6.11 and 4.5.15

oval:org.secpod.oval:def:1800584
GNU Emacs before 25.3 allows remote attackers to execute arbitrary code via email with crafted "Content-Type: text/enriched" data containing an x-display XML element that specifies execution of shell commands, related to an unsafe text/enriched extension in lisp/textmodes/enriched.el, and unsafe Gnu ...

oval:org.secpod.oval:def:603140
Antti Levomaeki, Christian Jalio, Joonas Pihlaja and Juhani Eronen discovered two buffer overflows in the HTTP protocol handler of the Wget download tool, which could result in the execution of arbitrary code when connecting to a malicious HTTP server.

oval:org.secpod.oval:def:603139
Brian Carpenter, Geeknik Labs and 0xd34db347 discovered that cURL, an URL transfer library, incorrectly parsed an IMAP FETCH response with size 0, leading to an out-of-bounds read.

oval:org.secpod.oval:def:603132
Several vulnerabilities have been discovered in the X.Org X server. An attacker who"s able to connect to an X server could cause a denial of service or potentially the execution of arbitrary code.

oval:org.secpod.oval:def:603131
Mathy Vanhoef of the imec-DistriNet research group of KU Leuven discovered multiple vulnerabilities in the WPA protocol, used for authentication in wireless networks. Those vulnerabilities applies to both the access point and the station . An attacker exploiting the vulnerabilities could force the ...

oval:org.secpod.oval:def:603166
Several vulnerabilities have been found in the PostgreSQL database system: CVE-2017-15098 Denial of service and potential memory disclosure in the json_populate_recordset and jsonb_populate_recordset functions CVE-2017-15099 Insufficient permissions checks in "INSERT ... ON CONFLICT DO UPDATE&q ...

oval:org.secpod.oval:def:603163
A vulnerability has been found in the PostgreSQL database system: Denial of service and potential memory disclosure in the json_populate_recordset and jsonb_populate_recordset functions.

oval:org.secpod.oval:def:603155
Multiple vulnerabilities have been discovered in Irssi, a terminal based IRC client. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2017-10965 Brian "geeknik" Carpenter of Geeknik Labs discovered that Irssi does not properly handle receiving messages with inv ...

oval:org.secpod.oval:def:113078
Libsoup is an HTTP library implementation in C. It was originally part of a SOAP implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. libsoup uses the Glib main loop and is designed to work well with GTK applications. This enables GNOME application ...

oval:org.secpod.oval:def:1800541
CVE-2017-7753: Out-of-bounds read with cached style data and pseudo-elements CVE-2017-7779: Memory safety bugs CVE-2017-7784: Use-after-free with image observers CVE-2017-7785: Buffer overflow manipulating ARIA attributes in DOM CVE-2017-7786: Buffer overflow while painting non-displayable SVG CVE-2 ...

oval:org.secpod.oval:def:1800543
A vulnerability was found in popd. It can be tricked to free a user supplied address in the following way: $ popd +-111111 This could be used to bypass restricted shells on some environments to cause use-after-free..

oval:org.secpod.oval:def:603183
Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2017-14746 Yihan Lian and Zhibin Hu of Qihoo 360 GearTeam discovered a use-after-free vulnerability allowing ...

oval:org.secpod.oval:def:603174
Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees and other implementation errors may lead to the execution of arbitrary code, denial of service or bypass of the same origin policy.

oval:org.secpod.oval:def:1800537
CVE-2017-7793: Use-after-free with Fetch API CVE-2017-7818: Use-after-free during ARIA array manipulation CVE-2017-7819: Use-after-free while resizing images in design mode CVE-2017-7824: Buffer overflow when drawing and validating elements with ANGLE CVE-2017-7805: Use-after-free in TLS 1.2 generat ...

oval:org.secpod.oval:def:113083
Libsoup is an HTTP library implementation in C. It was originally part of a SOAP implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. libsoup uses the Glib main loop and is designed to work well with GTK applications. This enables GNOME application ...

oval:org.secpod.oval:def:1800558
CVE-2017-7867: Heap-buffer overflow in utext_setNativeIndex function

oval:org.secpod.oval:def:113156
A library for reading and converting Windows MetaFile vector graphics .

oval:org.secpod.oval:def:1501895
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1501896
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1800616
Improper sequencing during cleanup operations of upstream recursion fetch contexts in BIND can lead to a use-after-free error, triggering an assertion failure and crash in named. Affected BIND versions acting as DNSSEC validating resolvers are currently known to crash with an assertion failure in ne ...

oval:org.secpod.oval:def:113169
K-3D is a complete 3D modeling, animation and rendering system. K-3D features a robust, object oriented plugin architecture, designed to scale to the needs of professional artists. It is designed from the ground up to generate motion picture quality animation using RenderMan compliant render engines ...

oval:org.secpod.oval:def:1501852
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1501850
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:113104
CVS is a version control system that can record the history of your files . CVS only stores the differences between versions, instead of every version of every file you have ever created. CVS also keeps a log of who, when, and why changes occurred. CVS is very helpful for managing releases and cont ...

oval:org.secpod.oval:def:113100
CVS is a version control system that can record the history of your files . CVS only stores the differences between versions, instead of every version of every file you have ever created. CVS also keeps a log of who, when, and why changes occurred. CVS is very helpful for managing releases and cont ...

oval:org.secpod.oval:def:602829
Multiple security issues have been found in the JBIG2 decoder library, which may lead to lead to denial of service or the execution of arbitrary code if a malformed image file is opened.

oval:org.secpod.oval:def:602854
Multiple security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees, buffer overflows and other implementation errors may lead to the execution of arbitrary code, information disclosure or denial of service.

oval:org.secpod.oval:def:602853
It was discovered that icu, the International Components for Unicode library, did not correctly validate its input. An attacker could use this problem to trigger an out-of-bound write through a heap-based buffer overflow, thus causing a denial of service via application crash, or potential execution ...

oval:org.secpod.oval:def:602873
Timo Schmid of ERNW GmbH discovered that the Git git-shell, a restricted login shell for Git-only SSH access, allows a user to run an interactive pager by causing it to spawn "git upload-pack --help".

oval:org.secpod.oval:def:602864
Several vulnerabilities were discovered in Freetype. Opening malformed fonts may result in denial of service or the execution of arbitrary code.

oval:org.secpod.oval:def:44095
quagga: BGP/OSPF/RIP routing daemon Several security issues were fixed in Quagga.

oval:org.secpod.oval:def:1600711
Escape out of git-shellA flaw was found in the way git-shell handled command-line options for the restricted set of git-shell commands. A remote authenticated attacker could use this flaw to bypass git-shell restrictions, to view and manipulate files, by abusing the instance of the less command laun ...

oval:org.secpod.oval:def:603209
Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code or denial of service.

oval:org.secpod.oval:def:1600736
Security Fix: A flaw was found in the way BIND handled TSIG authentication for dynamic updates. A remote attacker able to communicate with an authoritative BIND server could use this flaw to manipulate the contents of a zone, by forging a valid TSIG or SIG signature for a dynamic update request. A f ...

oval:org.secpod.oval:def:1600760
Server: Charsets unspecified vulnerability Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via ...

oval:org.secpod.oval:def:603225
Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code, denial of service, information disclosure or spoofing of sender"s email addresses.

oval:org.secpod.oval:def:1600768
Server: Charsets unspecified vulnerability :Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via ...

oval:org.secpod.oval:def:1600759
popd controlled free:A denial of service flaw was found in the way bash handled popd commands. A poorly written shell script could cause bash to crash resulting in a local denial of service limited to a specific bash session.Arbitrary code execution via malicious hostname:An arbitrary command inject ...

oval:org.secpod.oval:def:1600782
Stack-buffer overflow in GfxState.cc:A stack-based buffer overflow was found in the poppler library. An attacker could create a malicious PDF file that would cause applications that use poppler to crash, or potentially execute arbitrary code when opened. Integer overflow in JBIG2Stream.cc:An intege ...

oval:org.secpod.oval:def:603248
Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees, integer overflows and other implementation errors may lead to the execution of arbitrary code, denial of service or URL spoofing.

oval:org.secpod.oval:def:1600789
Server memory information leak over SMB1:An information leak flaw was found in the way SMB1 protocol was implemented by Samba. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the exact area of server memory cannot be c ...

oval:org.secpod.oval:def:1600787
Command injection flaw within "enriched mode" handling:A command injection flaw within the Emacs "enriched mode" handling has been discovered. By tricking an unsuspecting user into opening a specially crafted file using Emacs, a remote attacker could exploit this flaw to execute arbitrary ...

oval:org.secpod.oval:def:603234
Jayachandran Palanisamy of Cygate AB reported that BIND, a DNS server implementation, was improperly sequencing cleanup operations, leading in some cases to a use-after-free error, triggering an assertion failure and crash in named.

oval:org.secpod.oval:def:1501925
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1501926
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:603267
Meh Chang discovered a buffer overflow flaw in a utility function used in the SMTP listener of Exim, a mail transport agent. A remote attacker can take advantage of this flaw to cause a denial of service, or potentially the execution of arbitrary code via a specially crafted message.

oval:org.secpod.oval:def:1501933
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1600790
Potential use-after-free in TLS 1.2 server when verifying client authentication:A use-after-free flaw was found in the TLS 1.2 implementation in the NSS library when client authentication was used. A malicious client could use this flaw to cause an application compiled against NSS to crash or, poten ...

oval:org.secpod.oval:def:1600796
Heap-based buffer overflow in HTTP protocol handlingA heap-based buffer overflow, when processing chunked encoded HTTP responses, was found in wget. By tricking an unsuspecting user into connecting to a malicious HTTP server, an attacker could exploit this flaw to potentially execute arbitrary code. ...

oval:org.secpod.oval:def:603255
Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code, denial of service or URL spoofing.

oval:org.secpod.oval:def:1501949
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1501960
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:603272
Several vulnerabilities have been discovered in Quagga, a routing daemon. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2018-5378 It was discovered that the Quagga BGP daemon, bgpd, does not properly bounds check data sent with a NOTIFY to a peer, if an attrib ...

oval:org.secpod.oval:def:113196
pfstools is a set of command line programs for reading, writing, manipulating and viewing high-dynamic range images and video frames. All programs in the package exchange data using unix pipes and a simple generic HDR image format . The concept of the pfstools is similar to netpbm package for low-d ...

oval:org.secpod.oval:def:113198
Synfig is a powerful, industrial-strength vector-based 2D animation software, designed from the ground-up for producing feature-film quality animation with fewer people and resources. It is designed to be capable of producing feature-film quality animation. It eliminates the need for tweening, preve ...

oval:org.secpod.oval:def:113192
Q is a powerful and extensible functional programming language based on the term rewriting calculus. You specify an arbitrary system of equations which the interpreter uses as rewrite rules to reduce expressions to normal form. Q is useful for scientific programming and other advanced applications, ...

oval:org.secpod.oval:def:113194
Synfig Animation Studio is a powerful, industrial-strength vector-based 2D animation software, designed from the ground-up for producing feature-film quality animation with fewer people and resources. It is designed to be capable of producing feature-film quality animation. It eliminates the need fo ...

oval:org.secpod.oval:def:113190
A command line tool for generating timing diagrams from ASCII input files. The input files use a structured language to represent signal state transitions and interdependencies. Raster image output support is provided by ImageMagick. It can be used for VHDL or verilog presentations.

oval:org.secpod.oval:def:113185
Window Maker is an X11 window manager designed to give additional integration support to the GNUstep Desktop Environment. In every way possible, it reproduces the elegant look and feel of the NEXTSTEP GUI. It is fast, feature rich, easy to configure, and easy to use. In addition, Window Maker works ...

oval:org.secpod.oval:def:113182
RMagick is an interface between Ruby and ImageMagick.

oval:org.secpod.oval:def:113180
KXStitch can be used to create cross stitch patterns from scratch. It is also possible to convert existing images to a cross stitch pattern or scan one with a Sane supported scanner.

oval:org.secpod.oval:def:1501904
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1901299
Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Serve ...

oval:org.secpod.oval:def:1501905
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:602916
Several vulnerabilities were discovered in NSS, a set of cryptographic libraries, which may result in denial of service or information disclosure.

oval:org.secpod.oval:def:53101
It was discovered that Atril, the MATE document viewer, made insecure use of tar when opening tar comic book archives . Opening a malicious CBT archive could result in the execution of arbitrary code. This update disables the CBT format entirely.

oval:org.secpod.oval:def:53110
Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees, buffer overflows and other implementation errors may lead to the execution of arbitrary code, denial of service, bypass of the same-origin policy or incorrect enforcement of CS ...

oval:org.secpod.oval:def:53105
Tyler Bohan of Talos discovered that FreeRDP, a free implementation of the Remote Desktop Protocol , contained several vulnerabilities that allowed a malicious remote server or a man-in-the-middle to either cause a DoS by forcibly terminating the client, or execute arbitrary code on the client side.

oval:org.secpod.oval:def:53104
Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code or denial of service. Debian follows the extended support releases of Thunderbird. Support for the 45.x series has ended, so starting with this update we"re now following the 52.x releases.

oval:org.secpod.oval:def:602935
Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees, buffer overflows and other implementation errors may lead to the execution of arbitrary code, denial of service or domain spoofing. Debian follows the extended support releases ...

oval:org.secpod.oval:def:602958
Multiple vulnerabilities have been found in the Graphite font rendering engine which might result in denial of service or the execution of arbitrary code if a malformed font file is processed.

oval:org.secpod.oval:def:113679
Samba is the standard Windows interoperability suite of programs for Linux and Unix.

oval:org.secpod.oval:def:112363
Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The git rpm installs common set of tools which are usually using with small amount of dependencies. To install all git packages, incl ...

oval:org.secpod.oval:def:113645
A library for reading and converting Windows MetaFile vector graphics .

oval:org.secpod.oval:def:703594
firefox: Mozilla Open Source web browser Details: USN-3260-1 fixed vulnerabilities in Firefox. The update caused the date picker panel and form validation errors to close immediately on opening. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3260-1 caused a ...

oval:org.secpod.oval:def:1800381
A number of security vulnerabilities in the Graphite 2 library including out-of-bounds reads, buffer overflow reads and writes, and the use of uninitialized memory. These issues were addressed in Graphite 2 version 1.3.10. Reference:

oval:org.secpod.oval:def:703599
git: fast, scalable, distributed revision control system Git could be made to expose sensitive information over the network.

oval:org.secpod.oval:def:703583
icu: International Components for Unicode library Several security issues were fixed in ICU.

oval:org.secpod.oval:def:703585
freetype: FreeType 2 is a font engine library FreeType could be made to crash or run programs if it opened a specially crafted font file.

oval:org.secpod.oval:def:703584
shadow: system login tools su could be made to crash or stop programs as an administrator.

oval:org.secpod.oval:def:1800391
An IMAP FETCH response line indicates the size of the returned data, in number of bytes. When that response says the data is zero bytes, libcurl would pass on that data with a pointer and the size to the deliver-data function. Affected versions:¶ libcurl 7.20.0 to and including 7.56.0 Not aff ...

oval:org.secpod.oval:def:53163
Antti Levomaeki, Christian Jalio, Joonas Pihlaja and Juhani Eronen discovered two buffer overflows in the HTTP protocol handler of the Wget download tool, which could result in the execution of arbitrary code when connecting to a malicious HTTP server.

oval:org.secpod.oval:def:53162
Brian Carpenter, Geeknik Labs and 0xd34db347 discovered that cURL, an URL transfer library, incorrectly parsed an IMAP FETCH response with size 0, leading to an out-of-bounds read.

oval:org.secpod.oval:def:53171
Multiple vulnerabilities have been discovered in Irssi, a terminal based IRC client. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2017-10965 Brian "geeknik" Carpenter of Geeknik Labs discovered that Irssi does not properly handle receiving messages with inv ...

oval:org.secpod.oval:def:53178
Several vulnerabilities have been found in the PostgreSQL database system: CVE-2017-15098 Denial of service and potential memory disclosure in the json_populate_recordset and jsonb_populate_recordset functions CVE-2017-15099 Insufficient permissions checks in "INSERT ... ON CONFLICT DO UPDATE&q ...

oval:org.secpod.oval:def:53186
Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees and other implementation errors may lead to the execution of arbitrary code, denial of service or bypass of the same origin policy.

oval:org.secpod.oval:def:1800361
CVE-2016-10195: dns remote stack overread vulnerability. Fixed in libevent 2.1.6

oval:org.secpod.oval:def:53194
Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2017-14746 Yihan Lian and Zhibin Hu of Qihoo 360 GearTeam discovered a use-after-free vulnerability allowing ...

oval:org.secpod.oval:def:53114
It was discovered that CVS, a centralised version control system, did not correctly handle maliciously constructed repository URLs, which allowed an attacker to run an arbitrary shell command.

oval:org.secpod.oval:def:53115
Aleksandar Nikolic of Cisco Talos discovered a stack-based buffer overflow vulnerability in libsoup2.4, a HTTP library implementation in C. A remote attacker can take advantage of this flaw by sending a specially crafted HTTP request to cause an application using the libsoup2.4 library to crash , or ...

oval:org.secpod.oval:def:1800303
CVE-2017-12150: SMB1/2/3 connections may not require signing where they should Affected versions samba 3.0.25 to 4.6.7 Fixed in samba 4.6.8, 4.5.14 and 4.4.16

oval:org.secpod.oval:def:53131
Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code or denial of service.

oval:org.secpod.oval:def:53126
A double-free vulnerability was discovered in the gdImagePngPtr function in libgd2, a library for programmatic graphics creation and manipulation, which may result in denial of service or potentially the execution of arbitrary code if a specially crafted file is processed.

oval:org.secpod.oval:def:53143
Multiple security issues have been discoverd in Samba, a SMB/CIFS file, print, and login server for Unix: CVE-2017-12150 Stefan Metzmacher discovered multiple code paths where SMB signing was not enforced. CVE-2017-12151 Stefan Metzmacher discovered that tools using libsmbclient did not enforce encr ...

oval:org.secpod.oval:def:53152
Martin Thomson discovered that nss, the Mozilla Network Security Service library, is prone to a use-after-free vulnerability in the TLS 1.2 implementation when handshake hashes are generated. A remote attacker can take advantage of this flaw to cause an application using the nss library to crash, re ...

oval:org.secpod.oval:def:53156
Several vulnerabilities have been discovered in the X.Org X server. An attacker who"s able to connect to an X server could cause a denial of service or potentially the execution of arbitrary code.

oval:org.secpod.oval:def:53155
Mathy Vanhoef of the imec-DistriNet research group of KU Leuven discovered multiple vulnerabilities in the WPA protocol, used for authentication in wireless networks. Those vulnerabilities applies to both the access point and the station . An attacker exploiting the vulnerabilities could force the ...

oval:org.secpod.oval:def:53148
Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees, buffer overflows and other implementation errors may lead to the execution of arbitrary code, denial of service, cross-site scripting or bypass of the phishing and malware prot ...

oval:org.secpod.oval:def:703710
mysql-5.7: MySQL database - mysql-5.5: MySQL database Several security issues were fixed in MySQL.

oval:org.secpod.oval:def:703700
evince: Document viewer Evince could be made run programs as your login if it opened a specially crafted file.

oval:org.secpod.oval:def:53220
Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code, denial of service, information disclosure or spoofing of sender"s email addresses.

oval:org.secpod.oval:def:1800406
An exploitable stack based buffer overflow vulnerability exists in the GNOME libsoup 2.58. A specially crafted HTTP request can cause a stack overflow resulting in remote code execution. An attacker can send a special HTTP request to the vulnerable server to trigger this vulnerability. Fixed In Vers ...

oval:org.secpod.oval:def:115542
MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files.

oval:org.secpod.oval:def:112423
Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The git rpm installs common set of tools which are usually using with small amount of dependencies. To install all git packages, incl ...

oval:org.secpod.oval:def:112505
Graphite2 is a project within SILs Non-Roman Script Initiative and Language Software Development groups to provide rendering capabilities for complex non-Roman writing systems. Graphite can be used to create smart fonts capable of displaying writing systems with various complex behaviors. With respe ...

oval:org.secpod.oval:def:703693
thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird.

oval:org.secpod.oval:def:703694
poppler: PDF rendering library poppler could be made to crash or run programs as your login if it opened a specially crafted file.

oval:org.secpod.oval:def:703685
bind9: Internet Domain Name Server Bind could be made to serve incorrect information or expose sensitive information over the network.

oval:org.secpod.oval:def:703670
linux-aws: Linux kernel for Amazon Web Services systems Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:1800460
CVE-2017-14746: Use-after-free vulnerability. Affected Versions All versions of Samba from 4.0.0 onwards. Fixed In Samba 4.7.3, 4.6.11 and 4.5.15

oval:org.secpod.oval:def:1800466
CVE-2017-14746: Use-after-free vulnerability. Affected Versions: All versions of Samba from 4.0.0 onwards. Fixed In: Samba 4.7.3, 4.6.11 and 4.5.15

oval:org.secpod.oval:def:703660
linux: Linux kernel Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:703664
linux-snapdragon: Linux kernel for Snapdragon processors Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:1800451
CVE-2016-6252: Integer overflow in shadow 4.2.1 allows local users to gain privileges via crafted input to newuidmap.

oval:org.secpod.oval:def:1800455
Mozilla Network Security Services before 3.21.4, 3.22.x through 3.28.x before 3.28.4, 3.29.x before 3.29.5, and 3.30.x before 3.30.1 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging incorrect base64 operations.

oval:org.secpod.oval:def:703666
linux-gke: Linux kernel for Google Container Engine systems Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:1800458
A non-privileged X client can instruct X server running under root to open any file by creating own directory with "fonts.dir","fonts.alias" or any font file being a symbolic link to any other file in the system. X server will then open it. This can be issue with special files such as /dev/watchdog. ...

oval:org.secpod.oval:def:703665
linux-hwe: Linux hardware enablement kernel Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:703669
linux-raspi2: Linux kernel for Raspberry Pi 2 Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:703656
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:502007
The bash packages provide Bash , which is the default shell for Red Hat Enterprise Linux. Security Fix: * An arbitrary command injection flaw was found in the way bash processed the hostname value. A malicious DHCP server could use this flaw to execute arbitrary commands on the DHCP client machines ...

oval:org.secpod.oval:def:1800474
In Exim 4.90 and earlier, there is a buffer overflow in an utility function, if some pre-conditions are met. Using a handcrafted message, remote code execution seems to be possible.

oval:org.secpod.oval:def:502006
The coreutils packages contain the GNU Core Utilities and represent a combination of the previously used GNU fileutils, sh-utils, and textutils packages. Security Fix: * A race condition was found in the way su handled the management of child processes. A local authenticated attacker could use this ...

oval:org.secpod.oval:def:1800476
CVE-2017-7826: Memory safety bugs CVE-2017-7828: Use-after-free of PressShell while restyling layout CVE-2017-7830: Cross-origin URL information leak through Resource Timing API Fixed In:¶ Firefox ESR 52.5

oval:org.secpod.oval:def:53235
Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees, integer overflows and other implementation errors may lead to the execution of arbitrary code, denial of service or URL spoofing.

oval:org.secpod.oval:def:53253
Several vulnerabilities have been discovered in Quagga, a routing daemon. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2018-5378 It was discovered that the Quagga BGP daemon, bgpd, does not properly bounds check data sent with a NOTIFY to a peer, if an attrib ...

oval:org.secpod.oval:def:53249
Meh Chang discovered a buffer overflow flaw in a utility function used in the SMTP listener of Exim, a mail transport agent. A remote attacker can take advantage of this flaw to cause a denial of service, or potentially the execution of arbitrary code via a specially crafted message.

oval:org.secpod.oval:def:703618
jbig2dec: JBIG2 decoder library Several security issues were fixed in jbig2dec.

oval:org.secpod.oval:def:703612
bash: GNU Bourne Again SHell Several security issues were fixed in Bash.

oval:org.secpod.oval:def:703609
thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird.

oval:org.secpod.oval:def:1800434
An exploitable stack based buffer overflow vulnerability exists in the GNOME libsoup 2.58. A specially crafted HTTP request can cause a stack overflow resulting in remote code execution. An attacker can send a special HTTP request to the vulnerable server to trigger this vulnerability. Fixed In Vers ...

oval:org.secpod.oval:def:112189
This package contains an implementation of the image compression standard JPEG-2000, Part 1. It consists of tools for conversion to and from the JP2 and JPC formats.

oval:org.secpod.oval:def:502052
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.2.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ...

oval:org.secpod.oval:def:112182
This package contains an implementation of the image compression standard JPEG-2000, Part 1. It consists of tools for conversion to and from the JP2 and JPC formats.

oval:org.secpod.oval:def:502063
The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Security Fix: * A flaw was found in the way BIND handled TSIG authentication for dynamic ...

oval:org.secpod.oval:def:502065
The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Security Fix: * A flaw was found in the way BIND handled TSIG authentication for dynamic ...

oval:org.secpod.oval:def:703826
nss: Network Security Service library NSS could be made to crash or run programs if it received specially crafted network traffic.

oval:org.secpod.oval:def:703825
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:502070
Graphite2 is a project within SIL"s Non-Roman Script Initiative and Language Software Development groups to provide rendering capabilities for complex non-Roman writing systems. Graphite can be used to create smart fonts capable of displaying writing systems with various complex behaviors. With resp ...

oval:org.secpod.oval:def:502075
The evince packages provide a simple multi-page document viewer for Portable Document Format , PostScript , Encapsulated PostScript files, and, with additional back-ends, also the Device Independent File format files. Security Fix: * It was found that evince did not properly sanitize the command l ...

oval:org.secpod.oval:def:502078
The bash packages provide Bash , which is the default shell for Red Hat Enterprise Linux. Security Fix: * An arbitrary command injection flaw was found in the way bash processed the hostname value. A malicious DHCP server could use this flaw to execute arbitrary commands on the DHCP client machines ...

oval:org.secpod.oval:def:703816
emacs24: GNU Emacs editor Emacs could be made to run programs as your login if it opened a specially crafted file.

oval:org.secpod.oval:def:703814
libgd2: GD Graphics Library GD library could be made to crash if it opened a specially crafted file.

oval:org.secpod.oval:def:703808
samba: SMB/CIFS file, print, and login server for Unix Samba could be made to expose sensitive information over the network.

oval:org.secpod.oval:def:703804
bind9: Internet Domain Name Server Details: USN-3346-1 fixed vulnerabilities in Bind. The fix for CVE-2017-3142 introduced a regression in the ability to receive an AXFR or IXFR in the case where TSIG is used and not every message is signed. This update fixes the problem. In addition, this update ad ...

oval:org.secpod.oval:def:502012
The util-linux packages contain a large variety of low-level system utilities that are necessary for a Linux system to function. Among others, these include the fdisk configuration tool and the login program. Security Fix: * A race condition was found in the way su handled the management of child pr ...

oval:org.secpod.oval:def:502022
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.1.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:502048
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.2.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:113435
GNU Wget is a file retrieval utility which can use either the HTTP or FTP protocols. Wget features include the ability to work in the background while you are logged out, recursive retrieval of directories, file name wildcard matching, remote file timestamp storage and comparison, use of Rest with F ...

oval:org.secpod.oval:def:112104
The util-linux package contains a large variety of low-level system utilities that are necessary for a Linux system to function. Among others, Util-linux contains the fdisk configuration tool and the login program.

oval:org.secpod.oval:def:113422
hostapd is a user space daemon for access point and authentication servers. It implements IEEE 802.11 access point management, IEEE 802.1X/WPA/WPA2/EAP Authenticators and RADIUS authentication server. hostapd is designed to be a "daemon" program that runs in the back-ground and acts as the ...

oval:org.secpod.oval:def:1502002
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502006
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502009
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502016
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502015
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:113418
hostapd is a user space daemon for access point and authentication servers. It implements IEEE 802.11 access point management, IEEE 802.1X/WPA/WPA2/EAP Authenticators and RADIUS authentication server. hostapd is designed to be a "daemon" program that runs in the back-ground and acts as the ...

oval:org.secpod.oval:def:1502067
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502065
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502070
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502074
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502075
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502023
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502024
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502021
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502035
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502038
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502036
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502037
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:603571
Several issues have been discovered in the MariaDB database server. The vulnerabilities are addressed by upgrading MariaDB to the new upstream version 10.1.37. Please see the MariaDB 10.1 Release Notes for further details: https://mariadb.com/kb/en/mariadb/mariadb-10127-release-notes/ https://mariad ...

oval:org.secpod.oval:def:1502044
Several security issues were fixed in wget.

oval:org.secpod.oval:def:703794
thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird.

oval:org.secpod.oval:def:44451
The host is installed with PostgreSQL 10.x before 10.1, 9.3.x before 9.3.20, 9.4.x before 9.4.15, 9.5.x before 9.5.10 or 9.6.x before 9.6.6 and is prone to a memory disclosure vulnerability. The flaw present in the application fails to handle the json function call issue. Successful exploitation all ...

oval:org.secpod.oval:def:703773
graphite2: Font rendering engine for Complex Scripts graphite2 could be made to crash or run programs if it opened a specially crafted font.

oval:org.secpod.oval:def:703775
cvs: Concurrent Versions System cvs could be made run programs as your login if it opened a specially crafted cvs repository.

oval:org.secpod.oval:def:703762
ubufox: Ubuntu Firefox specific configuration defaults and apt support Details: USN-3391-1 fixed vulnerabilities in Firefox. This update provides the corresponding update for Ubufox. Original advisory This update provides compatible packages for Firefox 55.

oval:org.secpod.oval:def:502120
The libsoup packages provide an HTTP client and server library for GNOME. Security Fix: * A stack-based buffer overflow flaw was discovered within the HTTP processing of libsoup. A remote attacker could exploit this flaw to cause a crash or, potentially, execute arbitrary code by sending a specially ...

oval:org.secpod.oval:def:703765
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:703752
libsoup2.4: HTTP client/server library for GNOME Applications using libsoup could be made to crash or run programs as your login if it received specially crafted network traffic.

oval:org.secpod.oval:def:703743
freerdp: RDP client for Windows Terminal Services Several security issues were fixed in FreeRDP.

oval:org.secpod.oval:def:502175
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.3.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:703954
bind9: Internet Domain Name Server Bind could be made to crash if it received specially crafted network traffic.

oval:org.secpod.oval:def:502182
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.4.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ...

oval:org.secpod.oval:def:502181
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.3.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ...

oval:org.secpod.oval:def:502187
The wget packages provide the GNU Wget file retrieval utility for HTTP, HTTPS, and FTP protocols. Security Fix: * A stack-based and a heap-based buffer overflow flaws were found in wget when processing chunked encoded HTTP responses. By tricking an unsuspecting user into connecting to a malicious HT ...

oval:org.secpod.oval:def:502195
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.5.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:502197
The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix: * A buffer overrun flaw was found in the IMAP handler of libcurl. By tricking an unsuspecting user into connecting to a maliciou ...

oval:org.secpod.oval:def:502196
Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: * A use-after-free flaw was found in the way samba servers handled c ...

oval:org.secpod.oval:def:53464
Several issues have been discovered in the MariaDB database server. The vulnerabilities are addressed by upgrading MariaDB to the new upstream version 10.1.37. Please see the MariaDB 10.1 Release Notes for further details: https://mariadb.com/kb/en/mariadb/mariadb-10127-release-notes/ https://mariad ...

oval:org.secpod.oval:def:502130
Poppler is a Portable Document Format rendering library, used by applications such as Evince. Security Fix: * A stack-based buffer overflow was found in the poppler library. An attacker could create a malicious PDF file that would cause applications that use poppler to crash, or potentially execut ...

oval:org.secpod.oval:def:703918
linux-firmware: Firmware for Linux kernel drivers Several security issues were fixed in linux-firmware.

oval:org.secpod.oval:def:703916
thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird.

oval:org.secpod.oval:def:502139
Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: * A race condition was found in samba server. A malicious samba clie ...

oval:org.secpod.oval:def:703910
libxcursor: X11 cursor management library libxcursor could be made to crash or run programs if it opened a specially crafted file.

oval:org.secpod.oval:def:703913
libxfont: X11 font rasterisation library - libxfont1: X11 font rasterisation library - libxfont2: X11 font rasterisation library libXfont could be made to access arbitrary files, including special device files.

oval:org.secpod.oval:def:113589
Samba is the standard Windows interoperability suite of programs for Linux and Unix.

oval:org.secpod.oval:def:502140
Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. Security Fix: * It was found that samba did not enforce "SMB signing" when certain configuratio ...

oval:org.secpod.oval:def:502141
Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: * It was found that samba did not enforce "SMB signing" wh ...

oval:org.secpod.oval:def:703907
firefox: Mozilla Open Source web browser Details: USN-3477-1 fixed vulnerabilities in Firefox. The update caused search suggestions to not be displayed when performing Google searches from the search bar. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3477-1 ...

oval:org.secpod.oval:def:502146
Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix: * A use-after-free flaw was found in the TLS 1.2 implementation in the NSS library when client authentication was used. A malicious cl ...

oval:org.secpod.oval:def:502147
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.4.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:502151
The wpa_supplicant packages contain an 802.1X Supplicant with support for WEP, WPA, WPA2 , and various EAP authentication methods. They implement key negotiation with a WPA Authenticator for client stations and controls the roaming and IEEE 802.11 authentication and association of the WLAN driver. S ...

oval:org.secpod.oval:def:502152
The wpa_supplicant packages contain an 802.1X Supplicant with support for WEP, WPA, WPA2 , and various EAP authentication methods. They implement key negotiation with a WPA Authenticator for client stations and controls the roaming and IEEE 802.11 authentication and association of the WLAN driver. S ...

oval:org.secpod.oval:def:113572
wpa_supplicant is a WPA Supplicant for Linux, BSD and Windows with support for WPA and WPA2 . Supplicant is the IEEE 802.1X/WPA component that is used in the client stations. It implements key negotiation with a WPA Authenticator and it controls the roaming and IEEE 802.11 authentication/association ...

oval:org.secpod.oval:def:113524
GNU Wget is a file retrieval utility which can use either the HTTP or FTP protocols. Wget features include the ability to work in the background while you are logged out, recursive retrieval of directories, file name wildcard matching, remote file timestamp storage and comparison, use of Rest with F ...

oval:org.secpod.oval:def:113525
Samba is the standard Windows interoperability suite of programs for Linux and Unix.

oval:org.secpod.oval:def:113611
curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+passwo ...

oval:org.secpod.oval:def:113613
Emacs is a powerful, customizable, self-documenting, modeless text editor. Emacs contains special code editing features, a scripting language , and the capability to read mail, news, and more without leaving the editor. This package provides an emacs binary with support for X windows.

oval:org.secpod.oval:def:113605
hostapd is a user space daemon for access point and authentication servers. It implements IEEE 802.11 access point management, IEEE 802.1X/WPA/WPA2/EAP Authenticators and RADIUS authentication server. hostapd is designed to be a "daemon" program that runs in the back-ground and acts as the ...

oval:org.secpod.oval:def:52192
freerdp: RDP client for Windows Terminal Services Several security issues were fixed in FreeRDP.

oval:org.secpod.oval:def:52194
postgresql-9.6: Object-relational SQL database - postgresql-9.5: Object-relational SQL database - postgresql-9.3: Object-relational SQL database Several security issues were fixed in PostgreSQL.

oval:org.secpod.oval:def:114084
X.Org X11 libXfont2 runtime library

oval:org.secpod.oval:def:114082
Quagga is free software that operates TCP/IP-based routing protocols. It takes a multi-server and multi-threaded approach to resolving the current complexity of the Internet. Quagga supports Babel, BGP4, BGP4+, BGP4-, IS-IS , OSPFv2, OSPFv3, RIPv1, RIPv2, RIPng, PIM-SSM and NHRP. Quagga is intended ...

oval:org.secpod.oval:def:114081
X.Org X11 libXfont2 runtime library

oval:org.secpod.oval:def:502219
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.5.2. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ...

oval:org.secpod.oval:def:114077
Quagga is free software that operates TCP/IP-based routing protocols. It takes a multi-server and multi-threaded approach to resolving the current complexity of the Internet. Quagga supports Babel, BGP4, BGP4+, BGP4-, IS-IS , OSPFv2, OSPFv3, RIPv1, RIPv2, RIPng, PIM-SSM and NHRP. Quagga is intended ...

oval:org.secpod.oval:def:502223
The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Security Fix: * A use-after-free flaw leading to denial of service was found in the way ...

oval:org.secpod.oval:def:502224
The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Security Fix: * A use-after-free flaw leading to denial of service was found in the way ...

oval:org.secpod.oval:def:703891
samba: SMB/CIFS file, print, and login server for Unix Several security issues were fixed in Samba.

oval:org.secpod.oval:def:502233
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.6.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ...

oval:org.secpod.oval:def:502237
The quagga packages contain Quagga, the free network-routing software suite that manages TCP/IP based protocols. Quagga supports the BGP4, BGP4+, OSPFv2, OSPFv3, RIPv1, RIPv2, and RIPng protocols, and is intended to be used as a Route Server and Route Reflector. Security Fix: * quagga: Double free v ...

oval:org.secpod.oval:def:114093
X.Org X11 libXfont runtime library

oval:org.secpod.oval:def:114092
X.Org X11 libXfont runtime library

oval:org.secpod.oval:def:703888
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:703885
postgresql-9.6: Object-relational SQL database - postgresql-9.5: Object-relational SQL database - postgresql-9.3: Object-relational SQL database Several security issues were fixed in PostgreSQL.

oval:org.secpod.oval:def:703872
wget: retrieves files from the web Several security issues were fixed in Wget.

oval:org.secpod.oval:def:703871
irssi: terminal based IRC client Several security issues were fixed in Irssi.

oval:org.secpod.oval:def:114047
Exim is a message transfer agent developed at the University of Cambridge for use on Unix systems connected to the Internet. It is freely available under the terms of the GNU General Public Licence. In style it is similar to Smail 3, but its facilities are more general. There is a great deal of fle ...

oval:org.secpod.oval:def:114046
Exim is a message transfer agent developed at the University of Cambridge for use on Unix systems connected to the Internet. It is freely available under the terms of the GNU General Public Licence. In style it is similar to Smail 3, but its facilities are more general. There is a great deal of fle ...

oval:org.secpod.oval:def:45861
The host is installed with Artifex Ghostscript before 9.21 and is prone to a heap based buffer overflow vulnerability. A flaw is present in the application, which fails to properly decode halftone segments in a JBIG2 image. Successful exploitation could allow attackers to trigger a segmentation faul ...

oval:org.secpod.oval:def:703862
curl: HTTP, HTTPS, and FTP client and client libraries curl could be made to crash or run programs if it received specially crafted network traffic.

oval:org.secpod.oval:def:703861
xorg-server: X.Org X11 server - xorg-server-hwe-16.04: X.Org X11 server - xorg-server-lts-xenial: X.Org X11 server Several security issues were fixed in the X.Org X server.

oval:org.secpod.oval:def:703860
wpa: client support for WPA and WPA2 Several security issues were fixed in wpa_supplicant.

oval:org.secpod.oval:def:703851
xorg-server: X.Org X11 server - xorg-server-hwe-16.04: X.Org X11 server - xorg-server-lts-xenial: X.Org X11 server Several security issues were fixed in the X.Org X server.

oval:org.secpod.oval:def:703855
thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird.

oval:org.secpod.oval:def:43226
postgresql-9.6: Object-relational SQL database - postgresql-9.5: Object-relational SQL database - postgresql-9.3: Object-relational SQL database Several security issues were fixed in PostgreSQL.

oval:org.secpod.oval:def:502200
Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. Security Fix: * A use-after-free flaw was found in the way samba servers handled certain SMB1 requests. A ...

oval:org.secpod.oval:def:502203
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.5.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ...

oval:org.secpod.oval:def:113296
Samba is the standard Windows interoperability suite of programs for Linux and Unix.

oval:org.secpod.oval:def:113234
Gtatool is a command line tool to manipulate GTAs. It provides a set of commands that manipulate GTAs on various levels: array element components, array dimensions, whole arrays, and streams of arrays. For example, you can add components to array elements, merge separate arrays into combined arrays ...

oval:org.secpod.oval:def:113235
Converseen is a batch image conversion tool and resizer written in C++ with Qt5 and Magick++. Converseen allows you to convert images in more than 100 different formats!

oval:org.secpod.oval:def:113231
ImageInfo computes and displays selected image attributes. It is similar in function to the ImageMagick "identify" utility, but provides a few additional attributes , and allows command line selection of the attributes to be computed, avoiding unnecessary computation and and allowing easie ...

oval:org.secpod.oval:def:113226
A port of the Really Slick Screensavers to GLX. Provides several visually impressive and graphically intensive screensavers. Note that this package contains only the display hacks themselves; you will need to install the appropriate subpackage for your desktop environment in order to use them as scr ...

oval:org.secpod.oval:def:113228
Emacs is a powerful, customizable, self-documenting, modeless text editor. Emacs contains special code editing features, a scripting language , and the capability to read mail, news, and more without leaving the editor. This package provides an emacs binary with support for X windows.

oval:org.secpod.oval:def:113229
imagick is a native php extension to create and modify images using the ImageMagick API.

oval:org.secpod.oval:def:113224
Scraper2vdr acts as client and provides scraped metadata for tvshows and movies from epgd to other plugins via its service interface. The plugin cares about caching the images locally and also cleans up the images if not longer needed. epgd itself uses the thetvdb.com API for collecting series metad ...

oval:org.secpod.oval:def:113256
Samba is the standard Windows interoperability suite of programs for Linux and Unix.

oval:org.secpod.oval:def:1700076
Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.5.57 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability c ...

oval:org.secpod.oval:def:113244
VIPS is an image processing library. It is good for very large images , and for working with color. This package should be installed if you want to use a program compiled against VIPS.

oval:org.secpod.oval:def:113247
A library for reading and converting Windows MetaFile vector graphics .

oval:org.secpod.oval:def:113240
Techne is a general purpose, programmable physical simulator and renderer. It reads in a set of scripts wherein every aspect of a physical system is specified and then proceeds to simulate and render the system onscreen.

oval:org.secpod.oval:def:113242
Perl module to aide in locating a sub-image within an image.

oval:org.secpod.oval:def:113219
ImageMagick is an image display and manipulation tool for the X Window System. ImageMagick can read and write JPEG, TIFF, PNM, GIF, and Photo CD image formats. It can resize, rotate, sharpen, color reduce, or add special effects to an image, and when finished you can either save the completed work i ...

oval:org.secpod.oval:def:113215
A conversion utility for the Psion files

oval:org.secpod.oval:def:113216
AutoTrace is a program for converting bitmaps to vector graphics. Supported input formats include BMP, TGA, PNM, PPM, and any format supported by ImageMagick, whereas output can be produced in Postscript, SVG, xfig, SWF, and others.

oval:org.secpod.oval:def:113218
Inkscape is a vector graphics editor, with capabilities similar to Illustrator, CorelDraw, or Xara X, using the W3C standard Scalable Vector Graphics file format. It is therefore a very useful tool for web designers and as an interchange format for desktop publishing. Inkscape supports many advance ...

oval:org.secpod.oval:def:113213
RipRight is a minimal CD ripper modeled on autorip. It can run as a daemon and will automatically start ripping any CD found in the drive after which the disc will be ejected. Ripping is always to FLAC lossless audio format with tags taken from the community-maintained MusicBrainz lookup service and ...

oval:org.secpod.oval:def:51796
bash: GNU Bourne Again SHell Several security issues were fixed in Bash.

oval:org.secpod.oval:def:112789
Evince is simple multi-page document viewer. It can display and print Portable Document Format , PostScript and Encapsulated PostScript files. When supported by the document format, evince allows searching for text, copying text to the clipboard, hypertext navigation, table-of-contents bookmarks a ...

oval:org.secpod.oval:def:1700009
Improper fetch cleanup sequencing in the resolver can cause named to crashA use-after-free flaw leading to denial of service was found in the way BIND internally handled cleanup operations on upstream recursion fetch contexts. A remote attacker could potentially use this flaw to make named, acting a ...

oval:org.secpod.oval:def:112860
poppler is a PDF rendering library.

oval:org.secpod.oval:def:51821
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:51835
bind9: Internet Domain Name Server Bind could be made to serve incorrect information or expose sensitive information over the network.

oval:org.secpod.oval:def:51839
thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird.

oval:org.secpod.oval:def:51840
poppler: PDF rendering library poppler could be made to crash or run programs as your login if it opened a specially crafted file.

oval:org.secpod.oval:def:51842
evince: Document viewer Evince could be made run programs as your login if it opened a specially crafted file.

oval:org.secpod.oval:def:51848
mysql-5.7: MySQL database - mysql-5.5: MySQL database Several security issues were fixed in MySQL.

oval:org.secpod.oval:def:1900922
Memory safety bugs were reported in Firefox 57 and Firefox ESR 52.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, an ...

oval:org.secpod.oval:def:1502294
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:43359
The host is installed with Mozilla Thunderbird before 52.5.2 and is prone to an address spoofing vulnerability. A flaw is present in the application, which fails to properly handle null character. Successful exploitation could allow attackers to modify the message body.

oval:org.secpod.oval:def:1501804
The bash packages provide Bash , which is the default shell for Red Hat Enterprise Linux. Security Fix: * An arbitrary command injection flaw was found in the way bash processed the hostname value. A malicious DHCP server could use this flaw to execute arbitrary commands on the DHCP client machines ...

oval:org.secpod.oval:def:43358
The host is installed with Mozilla Thunderbird before 52.5.2 and is prone to a cross site scripting vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to inject new lines into the created email structure.

oval:org.secpod.oval:def:43357
The host is installed with Mozilla Thunderbird before 52.5.2 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle crafted CSS. Successful exploitation could allow attackers to leak and reveal local path strings, which may contain user n ...

oval:org.secpod.oval:def:43356
The host is installed with Mozilla Thunderbird before 52.5.2 and is prone to a javascript execution vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute JavaScript in the parsed RSS feed.

oval:org.secpod.oval:def:43360
The host is missing a security update according to Mozilla advisory, MFSA 2017-30. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle to crafted data. Successful exploitation could allow attackers to disclose sensitive information, ...

oval:org.secpod.oval:def:1501816
The coreutils packages contain the GNU Core Utilities and represent a combination of the previously used GNU fileutils, sh-utils, and textutils packages. Security Fix: * A race condition was found in the way su handled the management of child processes. A local authenticated attacker could use this ...

oval:org.secpod.oval:def:502349
MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a later upstream version: mariadb . Security Fix: * mysql: Client programs unspecified vulnerability * mysql: Server: DML unspecified vulnerability * my ...

oval:org.secpod.oval:def:1501823
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1600694
Sending SIGKILL to other processes with root privileges via su:A race condition was found in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill other processes with root privileges under specific conditions.

oval:org.secpod.oval:def:115062
MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files.

oval:org.secpod.oval:def:1501845
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1501843
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:703982
firefox: Mozilla Open Source web browser Details: USN-3544-1 fixed vulnerabilities in Firefox. The update caused a web compatibility regression and a tab crash during printing in some circumstances. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3544-1 cause ...

oval:org.secpod.oval:def:703980
exim4: Exim is a mail transport agent Exim could be made to crash or run programs if it received specially crafted network traffic.

oval:org.secpod.oval:def:703986
quagga: BGP/OSPF/RIP routing daemon Several security issues were fixed in Quagga.

oval:org.secpod.oval:def:703984
advancecomp: collection of recompression utilities AdvanceCOMP could be made to crash or run programs if it opened a specially crafted file.

oval:org.secpod.oval:def:703970
thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird.

oval:org.secpod.oval:def:703965
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:43351
The host is installed with Mozilla Thunderbird before 52.5.2 and is prone to a javascript execution vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute JavaScript in the parsed RSS feed.

oval:org.secpod.oval:def:43355
The host is missing a security update according to Mozilla advisory, MFSA 2017-30. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle to crafted data. Successful exploitation could allow attackers to disclose sensitive information, ...

oval:org.secpod.oval:def:43354
The host is installed with Mozilla Thunderbird before 52.5.2 and is prone to an address spoofing vulnerability. A flaw is present in the application, which fails to properly handle null character. Successful exploitation could allow attackers to modify the message body.

oval:org.secpod.oval:def:43353
The host is installed with Mozilla Thunderbird before 52.5.2 and is prone to a cross site scripting vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to inject new lines into the created email structure.

oval:org.secpod.oval:def:43352
The host is installed with Mozilla Thunderbird before 52.5.2 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle crafted CSS. Successful exploitation could allow attackers to leak and reveal local path strings, which may contain user n ...

oval:org.secpod.oval:def:113393
GNU Wget is a file retrieval utility which can use either the HTTP or FTP protocols. Wget features include the ability to work in the background while you are logged out, recursive retrieval of directories, file name wildcard matching, remote file timestamp storage and comparison, use of Rest with F ...

oval:org.secpod.oval:def:113387
curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+passwo ...

oval:org.secpod.oval:def:603094
Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code or denial of service.

oval:org.secpod.oval:def:112080
The util-linux package contains a large variety of low-level system utilities that are necessary for a Linux system to function. Among others, Util-linux contains the fdisk configuration tool and the login program.

oval:org.secpod.oval:def:113319
wpa_supplicant is a WPA Supplicant for Linux, BSD and Windows with support for WPA and WPA2 . Supplicant is the IEEE 802.1X/WPA component that is used in the client stations. It implements key negotiation with a WPA Authenticator and it controls the roaming and IEEE 802.11 authentication/association ...

oval:org.secpod.oval:def:1502100
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502101
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:51898
samba: SMB/CIFS file, print, and login server for Unix Samba could be made to expose sensitive information over the network.

oval:org.secpod.oval:def:1502115
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502114
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:113323
wpa_supplicant is a WPA Supplicant for Linux, BSD and Windows with support for WPA and WPA2 . Supplicant is the IEEE 802.1X/WPA component that is used in the client stations. It implements key negotiation with a WPA Authenticator and it controls the roaming and IEEE 802.11 authentication/association ...

oval:org.secpod.oval:def:1502130
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502131
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:51866
libsoup2.4: HTTP client/server library for GNOME Applications using libsoup could be made to crash or run programs as your login if it received specially crafted network traffic.

oval:org.secpod.oval:def:51865
freerdp: RDP client for Windows Terminal Services Several security issues were fixed in FreeRDP.

oval:org.secpod.oval:def:51880
graphite2: Font rendering engine for Complex Scripts graphite2 could be made to crash or run programs if it opened a specially crafted font.

oval:org.secpod.oval:def:51872
ubufox: Ubuntu Firefox specific configuration defaults and apt support Details: USN-3391-1 fixed vulnerabilities in Firefox. This update provides the corresponding update for Ubufox. Original advisory This update provides compatible packages for Firefox 55.

oval:org.secpod.oval:def:51875
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:51890
thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird.

oval:org.secpod.oval:def:51882
cvs: Concurrent Versions System cvs could be made run programs as your login if it opened a specially crafted cvs repository.

oval:org.secpod.oval:def:51932
postgresql-9.6: Object-relational SQL database - postgresql-9.5: Object-relational SQL database - postgresql-9.3: Object-relational SQL database Several security issues were fixed in PostgreSQL.

oval:org.secpod.oval:def:51935
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:51938
samba: SMB/CIFS file, print, and login server for Unix Several security issues were fixed in Samba.

oval:org.secpod.oval:def:112979
The xfreerdp Remote Desktop Protocol client from the FreeRDP project. xfreerdp can connect to RDP servers such as Microsoft Windows machines, xrdp and VirtualBox.

oval:org.secpod.oval:def:51952
thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird.

oval:org.secpod.oval:def:51954
linux-firmware: Firmware for Linux kernel drivers Several security issues were fixed in linux-firmware.

oval:org.secpod.oval:def:112990
Remmina is a remote desktop client written in GTK+, aiming to be useful for system administrators and travelers, who need to work with lots of remote computers in front of either large monitors or tiny net-books. Remmina supports multiple network protocols in an integrated and consistent user interf ...

oval:org.secpod.oval:def:112944
BIND is an implementation of the DNS protocols. This package set contains only export version of BIND libraries, that are used for building ISC DHCP.

oval:org.secpod.oval:def:112945
MinGW Windows Poppler library.

oval:org.secpod.oval:def:112940
MinGW Windows Poppler library.

oval:org.secpod.oval:def:112943
DHCP

oval:org.secpod.oval:def:1502141
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:51902
libgd2: GD Graphics Library GD library could be made to crash if it opened a specially crafted file.

oval:org.secpod.oval:def:51905
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:51906
nss: Network Security Service library NSS could be made to crash or run programs if it received specially crafted network traffic.

oval:org.secpod.oval:def:51919
wpa: client support for WPA and WPA2 Several security issues were fixed in wpa_supplicant.

oval:org.secpod.oval:def:112968
Evince is simple multi-page document viewer. It can display and print Portable Document Format , PostScript and Encapsulated PostScript files. When supported by the document format, evince allows searching for text, copying text to the clipboard, hypertext navigation, table-of-contents bookmarks a ...

oval:org.secpod.oval:def:112963
The xfreerdp Remote Desktop Protocol client from the FreeRDP project. xfreerdp can connect to RDP servers such as Microsoft Windows machines, xrdp and VirtualBox.

oval:org.secpod.oval:def:112965
Remmina is a remote desktop client written in GTK+, aiming to be useful for system administrators and travelers, who need to work with lots of remote computers in front of either large monitors or tiny net-books. Remmina supports multiple network protocols in an integrated and consistent user interf ...

oval:org.secpod.oval:def:51916
xorg-server: X.Org X11 server - xorg-server-hwe-16.04: X.Org X11 server - xorg-server-lts-xenial: X.Org X11 server Several security issues were fixed in the X.Org X server.

oval:org.secpod.oval:def:51918
thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird.

oval:org.secpod.oval:def:51921
curl: HTTP, HTTPS, and FTP client and client libraries curl could be made to crash or run programs if it received specially crafted network traffic.

oval:org.secpod.oval:def:51920
xorg-server: X.Org X11 server - xorg-server-hwe-16.04: X.Org X11 server - xorg-server-lts-xenial: X.Org X11 server Several security issues were fixed in the X.Org X server.

oval:org.secpod.oval:def:51927
wget: retrieves files from the web Several security issues were fixed in Wget.

oval:org.secpod.oval:def:112948
MinGW Windows Poppler library.

oval:org.secpod.oval:def:51926
irssi: terminal based IRC client Several security issues were fixed in Irssi.

oval:org.secpod.oval:def:603028
Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code or denial of service. Debian follows the extended support releases of Thunderbird. Support for the 45.x series has ended, so starting with this update we"re now following the 52.x releases.

oval:org.secpod.oval:def:603016
It was discovered that Atril, the MATE document viewer, made insecure use of tar when opening tar comic book archives . Opening a malicious CBT archive could result in the execution of arbitrary code. This update disables the CBT format entirely.

oval:org.secpod.oval:def:603048
It was discovered that CVS, a centralised version control system, did not correctly handle maliciously constructed repository URLs, which allowed an attacker to run an arbitrary shell command.

oval:org.secpod.oval:def:603049
Aleksandar Nikolic of Cisco Talos discovered a stack-based buffer overflow vulnerability in libsoup2.4, a HTTP library implementation in C. A remote attacker can take advantage of this flaw by sending a specially crafted HTTP request to cause an application using the libsoup2.4 library to crash , or ...

oval:org.secpod.oval:def:603043
Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees, buffer overflows and other implementation errors may lead to the execution of arbitrary code, denial of service, bypass of the same-origin policy or incorrect enforcement of CS ...

oval:org.secpod.oval:def:603033
Tyler Bohan of Talos discovered that FreeRDP, a free implementation of the Remote Desktop Protocol , contained several vulnerabilities that allowed a malicious remote server or a man-in-the-middle to either cause a DoS by forcibly terminating the client, or execute arbitrary code on the client side.

oval:org.secpod.oval:def:603031
Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.57, which includes additional changes, such as performance improvements, bug fixes, new features, and possibly incompatible changes

oval:org.secpod.oval:def:603085
A double-free vulnerability was discovered in the gdImagePngPtr function in libgd2, a library for programmatic graphics creation and manipulation, which may result in denial of service or potentially the execution of arbitrary code if a specially crafted file is processed.

oval:org.secpod.oval:def:114365
LibreOffice is an Open Source, community-developed, office productivity suite. It includes the key desktop applications, such as a word processor, spreadsheet, presentation manager, formula editor and drawing program, with a user interface and feature set similar to other office suites. Sophisticate ...

oval:org.secpod.oval:def:115691
MinGW Windows Poppler library.

oval:org.secpod.oval:def:114373
DHCP

oval:org.secpod.oval:def:1800517
CVE-2017-9147: LibTIFF 4.0.7 has an invalid read in the _TIFFVGetField function in tif_dir.c, which might allow remote attackers to cause a denial of service via a crafted TIFF file. Reference Patch CVE-2017-9403: In LibTIFF 4.0.7, a memory leak vulnerability was found in the function TIFFReadDirEn ...

oval:org.secpod.oval:def:1501969
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:114327
memcached is a high-performance, distributed memory object caching system, generic in nature, but intended for use in speeding up dynamic web applications by alleviating database load.

oval:org.secpod.oval:def:114326
LibreOffice is an Open Source, community-developed, office productivity suite. It includes the key desktop applications, such as a word processor, spreadsheet, presentation manager, formula editor and drawing program, with a user interface and feature set similar to other office suites. Sophisticate ...

oval:org.secpod.oval:def:51112
mozjs52: SpiderMonkey JavaScript library Several security issues were fixed in Spidermonkey.

oval:org.secpod.oval:def:114303
The libtiff package contains a library of functions for manipulating TIFF image format files. TIFF is a widely used file format for bitmapped images. TIFF files usually end in the .tif extension and they are often quite large. The libtiff package should be installed if you need to manipulate TIFF f ...

oval:org.secpod.oval:def:1900721
Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Su ...

oval:org.secpod.oval:def:1900737
Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromis ...

oval:org.secpod.oval:def:1900795
Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Succe ...

oval:org.secpod.oval:def:113957
curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+passwo ...

oval:org.secpod.oval:def:113962
curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+passwo ...

oval:org.secpod.oval:def:113907
Transmission is a free, lightweight BitTorrent client. It features a simple, intuitive interface on top on an efficient, cross-platform back-end.

oval:org.secpod.oval:def:2000194
An error within the "LibRaw::unpack" function in LibRaw versions prior to 0.18.7 can be exploited to trigger a NULL pointer dereference.

oval:org.secpod.oval:def:114482
MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files.

oval:org.secpod.oval:def:1901337
Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Su ...

oval:org.secpod.oval:def:115784
Ogg Vorbis is a fully open, non-proprietary, patent- and royalty-free, general-purpose compressed audio format for audio and music at fixed and variable bitrates from 16 to 128 kbps/channel. This package contains the MinGW Windows cross compiled libvorbis library.

oval:org.secpod.oval:def:1502343
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502344
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:2000282
An error within the "kodak_radc_load_raw" function related to the "buf" variable in LibRaw versions prior to 0.18.7 can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash.

oval:org.secpod.oval:def:2001597
The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.88 are insecure and enable "supportsCredentials" for all origins. It is expected that users of the CORS filter will have configured it appropriately for their en ...

oval:org.secpod.oval:def:1700124
The nss-pem package provides the PEM file reader for Network Security Services implemented as a PKCS#11 module. This update contains fixes related to CURL security updates, specifically updating an object ID when reusing a certificate

oval:org.secpod.oval:def:1502323
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1700107
A null pointer dereference flaw was found in Samba RPC external printer service. An attacker could use this flaw to cause the printer spooler service to crash.A heap-buffer overflow was found in the way samba clients processed extra long filename in a directory listing. A malicious samba server coul ...

oval:org.secpod.oval:def:603205
It was discovered that libXcursor, a X cursor management library, is prone to several heap overflows when parsing malicious files. An attacker can take advantage of these flaws for arbitrary code execution, if a user is tricked into processing a specially crafted cursor file.

oval:org.secpod.oval:def:603229
Multiple vulnerabilities were discovered in the poppler PDF rendering library, which could result in denial of service or the execution of arbitrary code if a malformed PDF file is processed.

oval:org.secpod.oval:def:53092
Multiple vulnerabilities have been discovered in the libtiff library and the included tools, which may result in denial of service or the execution of arbitrary code.

oval:org.secpod.oval:def:603214
Several vulnerabilities were discovered in rsync, a fast, versatile, remote file-copying tool, allowing a remote attacker to bypass intended access restrictions or cause a denial of service.

oval:org.secpod.oval:def:603266
Calum Hutton and the Mailman team discovered a cross site scripting and information leak vulnerability in the user options page. A remote attacker could use a crafted URL to steal cookie information or to fish for whether a user is subscribed to a list with a private roster.

oval:org.secpod.oval:def:1800697
CVE-2018-1000005: HTTP/2 trailer out-of-bounds read; Affected versions: libcurl 7.49.0 to and including 7.57.0 Not affected versions: libcurl = 7.58.0

oval:org.secpod.oval:def:603251
Two vulnerabilities were discovered in cURL, an URL transfer library. CVE-2018-1000005 Zhouyihai Ding discovered an out-of-bounds read in the code handling HTTP/2 trailers. This issue doesn"t affect the oldstable distribution . CVE-2018-1000007 Craig de Stigter discovered that authentication data mi ...

oval:org.secpod.oval:def:603252
Multiple vulnerabilities have been discovered in the libtiff library and the included tools, which may result in denial of service or the execution of arbitrary code.

oval:org.secpod.oval:def:1800665
CVE-2017-16548: The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing "\0" character in an xattr name, which allows remote attackers to cause a denial of service or possibly have unspecified other impact by sending crafted data to the daemon.

oval:org.secpod.oval:def:603296
Several vulnerabilities have been discovered in the Dovecot email server. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2017-14461 Aleksandar Nikolic of Cisco Talos and "flxflndy" discovered that Dovecot does not properly parse invalid email addresses, which m ...

oval:org.secpod.oval:def:1800670
CVE-2017-9147: LibTIFF 4.0.7 has an invalid read in the _TIFFVGetField function in tif_dir.c, which might allow remote attackers to cause a denial of service via a crafted TIFF file. CVE-2017-9403: In LibTIFF 4.0.7, a memory leak vulnerability was found in the function TIFFReadDirEntryLong8Array i ...

oval:org.secpod.oval:def:114110
Transmission is a free, lightweight BitTorrent client. It features a simple, intuitive interface on top on an efficient, cross-platform back-end.

oval:org.secpod.oval:def:114112
PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ...

oval:org.secpod.oval:def:2000335
libjpeg-turbo 1.5.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted BMP image.

oval:org.secpod.oval:def:114144
Mailman is software to help manage email discussion lists, much like Majordomo and Smartmail. Unlike most similar products, Mailman gives each mailing list a webpage, and allows users to subscribe, unsubscribe, etc. over the Web. Even the list manager can administer his or her list entirely from the ...

oval:org.secpod.oval:def:114138
Samba is the standard Windows interoperability suite of programs for Linux and Unix.

oval:org.secpod.oval:def:114134
An extensible library that implements an LDAP like API to access remote LDAP servers, or use local tdb databases.

oval:org.secpod.oval:def:114106
This is a simple library designed to help locate and load cursors. Cursors can be loaded from files or memory. A library of common cursors exists which map to the standard X cursor names.Cursors can exist in several sizes and the library automatically picks the best size.

oval:org.secpod.oval:def:114102
This is a simple library designed to help locate and load cursors. Cursors can be loaded from files or memory. A library of common cursors exists which map to the standard X cursor names.Cursors can exist in several sizes and the library automatically picks the best size.

oval:org.secpod.oval:def:704095
thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird.

oval:org.secpod.oval:def:704091
procps: /proc file system utilities Several security issues were fixed in procps-ng.

oval:org.secpod.oval:def:704071
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:704072
openjdk-8: Open Source Java implementation Several security issues were fixed in OpenJDK 8.

oval:org.secpod.oval:def:114990
Samba is the standard Windows interoperability suite of programs for Linux and Unix.

oval:org.secpod.oval:def:704063
mysql-5.7: MySQL database Details: USN-3629-1 fixed vulnerabilities in MySQL. This update provides the corresponding updates for Ubuntu 18.04 LTS. Original advisory Several security issues were fixed in MySQL.

oval:org.secpod.oval:def:704053
mysql-5.7: MySQL database - mysql-5.5: MySQL database Several security issues were fixed in MySQL.

oval:org.secpod.oval:def:602980
Multiple vulnerabilities have been discovered in the libtiff library and the included tools, which may result in denial of service or the execution of arbitrary code.

oval:org.secpod.oval:def:704048
wayland: Wayland compositor infrastructure Wayland could be made to crash or run programs if it opened a specially crafted file.

oval:org.secpod.oval:def:704035
openjdk-8: Open Source Java implementation Several security issues were fixed in OpenJDK 8.

oval:org.secpod.oval:def:704036
openjdk-7: Open Source Java implementation Several security issues were fixed in OpenJDK 7.

oval:org.secpod.oval:def:704037
libraw: raw image decoder library LibRaw could be made to crash or run programs as your login if it opened a specially crafted file.

oval:org.secpod.oval:def:704031
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:704032
openssl: Secure Socket Layer cryptographic library and tools OpenSSL could be made to crash if it received specially crafted network traffic.

oval:org.secpod.oval:def:704034
thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird.

oval:org.secpod.oval:def:704024
libvorbis: The Vorbis General Audio Compression Codec libvorbis could be made to crash or run programs as your login if it opened a specially crafted file.

oval:org.secpod.oval:def:603404
The Qualys Research Labs discovered multiple vulnerabilities in procps, a set of command line and full screen utilities for browsing procfs. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2018-1122 top read its configuration from the current working directory ...

oval:org.secpod.oval:def:704020
tiff: Tag Image File Format library LibTIFF could be made to crash or run programs as your login if it opened a specially crafted file.

oval:org.secpod.oval:def:704021
paramiko: Python SSH2 library Paramiko could be made to run programs if it received specially crafted network traffic.

oval:org.secpod.oval:def:603408
Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code, denial of service or attacks on encrypted emails.

oval:org.secpod.oval:def:603409
Gabriel Corona discovered that xdg-utils, a set of tools for desktop environment integration, is vulnerable to argument injection attacks. If the environment variable BROWSER in the victim host has a "%s" and the victim opens a link crafted by an attacker with xdg-open, the malicious party ...

oval:org.secpod.oval:def:704029
icu: International Components for Unicode library ICU could be made to crash if it received specially crafted input.

oval:org.secpod.oval:def:704013
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:704015
memcached: high-performance memory object caching system Memcached could be made to crash if it received specially crafted network traffic.

oval:org.secpod.oval:def:114976
Python 3.4 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.4, see other distributions that support it, such as CentOS or RHEL with Software Co ...

oval:org.secpod.oval:def:704012
curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl.

oval:org.secpod.oval:def:704003
dovecot: IMAP and POP3 email server Several security issues were fixed in Dovecot.

oval:org.secpod.oval:def:603308
Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2018-1050 It was discovered that Samba is prone to a denial of service attack when the RPC spoolss service i ...

oval:org.secpod.oval:def:704004
python-django: High-level Python web development framework Several security issues were fixed in Django.

oval:org.secpod.oval:def:704000
isc-dhcp: DHCP server and client Several security issues were fixed in DHCP.

oval:org.secpod.oval:def:603302
Several vulnerabilities have been discovered in the ISC DHCP client, relay and server. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2017-3144 It was discovered that the DHCP server does not properly clean up closed OMAPI connections, which can lead to exhaust ...

oval:org.secpod.oval:def:704001
memcached: high-performance memory object caching system Several security issues were fixed in Memcached.

oval:org.secpod.oval:def:603309
Multiple vulnerabilities were discovered in cURL, an URL transfer library. CVE-2018-1000120 Duy Phan Thanh discovered that curl could be fooled into writing a zero byte out of bounds when curl is told to work on an FTP URL with the setting to only issue a single CWD command, if the directory part of ...

oval:org.secpod.oval:def:704008
samba: SMB/CIFS file, print, and login server for Unix Several security issues were fixed in Samba.

oval:org.secpod.oval:def:704009
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:603329
It was discovered that an integer overflow in the International Components for Unicode library could result in denial of service and potentially the execution of arbitrary code.

oval:org.secpod.oval:def:603317
Richard Zhu and Huzaifa Sidhpurwala discovered that an out-of-bounds memory write when playing Vorbis media files could result in the execution of arbitrary code.

oval:org.secpod.oval:def:603315
Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in denial of service, sandbox bypass, execution of arbitrary code, incorrect LDAP/GSS authentication, insecure use of cryptography or bypass of deserialisation restrictions.

oval:org.secpod.oval:def:603312
Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors and other implementation errors may lead to the execution of arbitrary code, denial of service or information disclosure.

oval:org.secpod.oval:def:603313
Richard Zhu discovered that an out-of-bounds memory write in the codeboook parsing code of the Libvorbis multimedia library could result in the execution of arbitrary code.

oval:org.secpod.oval:def:603341
James Davis discovered two issues in Django, a high-level Python web development framework, that can lead to a denial-of-service attack. An attacker with control on the input of the django.utils.html.urlize function or django.utils.text.Truncator"s chars and words methods could craft a string that m ...

oval:org.secpod.oval:def:603338
Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2017-3738 David Benjamin of Google reported an overflow bug in the AVX2 Montgomery multiplication procedure used in exponent ...

oval:org.secpod.oval:def:603337
It was discovered that constructed ASN.1 types with a recursive definition could exceed the stack, potentially leading to a denial of service. Details can be found in the upstream advisory: https://www.openssl.org/news/secadv/20180327.txt

oval:org.secpod.oval:def:603335
Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code, denial of service or information disclosure.

oval:org.secpod.oval:def:603333
It was discovered that a use-after-free in the compositor of Firefox can result in the execution of arbitrary code.

oval:org.secpod.oval:def:603359
It was discovered that the poppler upload for the oldstable distribution , released as DSA-4079-1, did not correctly address CVE-2017-9776 and additionally caused regressions when rendering PDFs embedding JBIG2 streams. Updated packages are now available to correct this issue.

oval:org.secpod.oval:def:603353
Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in denial of service, sandbox bypass, execution of arbitrary code, incorrect LDAP/GSS authentication, insecure use of cryptography or bypass of deserialisation restrictions.

oval:org.secpod.oval:def:45541
The host is missing a critical security update according to Mozilla advisory, MFSA2018-11. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ...

oval:org.secpod.oval:def:45542
The host is missing a critical security update according to Mozilla advisory, MFSA2018-12. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ...

oval:org.secpod.oval:def:603377
Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in denial of service, sandbox bypass, execution of arbitrary code or bypass of JAR signature validation.

oval:org.secpod.oval:def:603370
Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.60, which includes additional changes

oval:org.secpod.oval:def:1800354
CVE-2017-16548: The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing "\0" character in an xattr name, which allows remote attackers to cause a denial of service or possibly have unspecified other impact by sending crafted data to the daemon.

oval:org.secpod.oval:def:603394
Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors and other implementation errors may lead to the execution of arbitrary code or denial of service.

oval:org.secpod.oval:def:114165
Ogg Vorbis is a fully open, non-proprietary, patent- and royalty-free, general-purpose compressed audio format for audio and music at fixed and variable bitrates. The libvorbis package contains runtime libraries for use in programs that support Ogg Vorbis.

oval:org.secpod.oval:def:114167
curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+passwo ...

oval:org.secpod.oval:def:114150
Samba is the standard Windows interoperability suite of programs for Linux and Unix.

oval:org.secpod.oval:def:114152
curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+passwo ...

oval:org.secpod.oval:def:45516
Mozilla Firefox before 60.0 or Firefox ESR before 52.8 : Same-origin protections for the PDF viewer can be bypassed, allowing a malicious site to intercept messages meant for the viewer. This could allow the site to retrieve PDF files restricted to viewing by an authenticated user on a third-party w ...

oval:org.secpod.oval:def:45517
Mozilla Firefox before 60.0 or Firefox ESR before 52.8 : The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. This JavaScript can then be run with the permissions of the PDF viewer by its worker.

oval:org.secpod.oval:def:45518
>Mozilla Firefox before 60.0, Firefox, Thunderbird or ESR before 52.8 : An integer overflow can occur in the Skia library due to 32-bit integer use in an array without integer overflow checks, resulting in possible out-of-bounds writes. This could lead to a potentially exploitable crash triggerable ...

oval:org.secpod.oval:def:45513
The host is missing a critical security update according to Mozilla advisory, MFSA2018-12. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ...

oval:org.secpod.oval:def:114186
Ogg Vorbis is a fully open, non-proprietary, patent- and royalty-free, general-purpose compressed audio format for audio and music at fixed and variable bitrates. The libvorbis package contains runtime libraries for use in programs that support Ogg Vorbis.

oval:org.secpod.oval:def:1800316
CVE-2018-1000005: HTTP/2 trailer out-of-bounds read Affected versions libcurl 7.49.0 to and including 7.57.0 Not affected versions libcurl = 7.58.0

oval:org.secpod.oval:def:46916
The host is missing a security update according to Mozilla advisory, MFSA2018-19. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle the crafted data. Successful exploitation could allow attackers to disclose sensitive information, ...

oval:org.secpod.oval:def:46917
The host is missing a critical security update according to Mozilla advisory, MFSA2018-19. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ...

oval:org.secpod.oval:def:53210
Several vulnerabilities were discovered in rsync, a fast, versatile, remote file-copying tool, allowing a remote attacker to bypass intended access restrictions or cause a denial of service.

oval:org.secpod.oval:def:114232
Paramiko is a module for python 2.3 or greater that implements the SSH2 protocol for secure connections to remote machines. Unlike SSL , the SSH2 protocol does not require hierarchical certificates signed by a powerful central authority. You may know SSH2 as the protocol that replaced telnet and r ...

oval:org.secpod.oval:def:53204
It was discovered that libXcursor, a X cursor management library, is prone to several heap overflows when parsing malicious files. An attacker can take advantage of these flaws for arbitrary code execution, if a user is tricked into processing a specially crafted cursor file.

oval:org.secpod.oval:def:114263
The OpenSSL toolkit provides support for secure communications between machines. This version of OpenSSL package contains only the libraries and is provided for compatibility with previous releases and software that does not support compilation with OpenSSL-1.1.

oval:org.secpod.oval:def:114262
The OpenSSL toolkit provides support for secure communications between machines. This version of OpenSSL package contains only the libraries and is provided for compatibility with previous releases and software that does not support compilation with OpenSSL-1.1.

oval:org.secpod.oval:def:53224
Multiple vulnerabilities were discovered in the poppler PDF rendering library, which could result in denial of service or the execution of arbitrary code if a malformed PDF file is processed.

oval:org.secpod.oval:def:114208
The libtiff package contains a library of functions for manipulating TIFF image format files. TIFF is a widely used file format for bitmapped images. TIFF files usually end in the .tif extension and they are often quite large. The libtiff package should be installed if you need to manipulate TIFF f ...

oval:org.secpod.oval:def:114228
Dovecot is an IMAP server for Linux/UNIX-like systems, written with security primarily in mind. It also contains a small POP3 server. It supports mail in either of maildir or mbox formats. The SQL drivers and authentication plug-ins are in their subpackages.

oval:org.secpod.oval:def:114229
Paramiko is a module for python 2.3 or greater that implements the SSH2 protocol for secure connections to remote machines. Unlike SSL , the SSH2 protocol does not require hierarchical certificates signed by a powerful central authority. You may know SSH2 as the protocol that replaced telnet and r ...

oval:org.secpod.oval:def:704196
transmission: lightweight BitTorrent client Transmission could be made to run arbitraty code.

oval:org.secpod.oval:def:704198
rsync: fast, versatile, remote file-copying tool Several security issues were fixed in rsync.

oval:org.secpod.oval:def:704199
xdg-utils: desktop integration utilities from freedesktop.org xdg-utils could be made to run arbitrary code if it received a specially crafted input.

oval:org.secpod.oval:def:704194
poppler: PDF rendering library Several security issues were fixed in poppler.

oval:org.secpod.oval:def:704182
poppler: PDF rendering library poppler could be made to crash if it opened a specially crafted file.

oval:org.secpod.oval:def:704177
curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl.

oval:org.secpod.oval:def:704173
libarchive-zip-perl: Perl module for manipulation of ZIP archives Archive Zip module could be made to expose sensitive information if it received a specially crafted input.

oval:org.secpod.oval:def:704164
clamav: Anti-virus utility for Unix ClamAV could be made to hang if it opened a specially crafted file.

oval:org.secpod.oval:def:704166
tomcat8: Servlet and JSP engine - tomcat7: Servlet and JSP engine Several security issues were fixed in Tomcat.

oval:org.secpod.oval:def:704158
thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird.

oval:org.secpod.oval:def:704147
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:603526
It was discovered that Archive::Zip, a perl module for manipulation of ZIP archives, is prone to a directory traversal vulnerability. An attacker able to provide a specially crafted archive for processing can take advantage of this flaw to overwrite arbitrary files during archive extraction.

oval:org.secpod.oval:def:603516
Multiple security issues have been found in Thunderbird: Multiple memory safety errors and use-after-frees may lead to the execution of arbitrary code or denial of service. Debian follows the Thunderbird upstream releases. Support for the 52.x series has ended, so starting with this update we"re now ...

oval:org.secpod.oval:def:704133
openjdk-7: Open Source Java implementation Several security issues were fixed in OpenJDK 7.

oval:org.secpod.oval:def:603428
Jakub Wilk discovered a directory traversal flaw in the Archive::Tar module, allowing an attacker to overwrite any file writable by the extracting user via a specially crafted tar archive.

oval:org.secpod.oval:def:704124
gnupg2: GNU privacy guard - a free PGP replacement Details: USN-3675-1 fixed a vulnerability in GnuPG 2 for Ubuntu 18.04 LTS and Ubuntu 17.10. This update provides the corresponding update for GnuPG 2 in Ubuntu 16.04 LTS and Ubuntu 14.04 LTS. Original advisory GnuPG 2 could be made to present validi ...

oval:org.secpod.oval:def:603424
Marcus Brinkmann discovered that GnuGPG performed insufficient sanitisation of file names displayed in status messages, which could be abused to fake the verification status of a signed email. Details can be found in the upstream advisory at https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/00 ...

oval:org.secpod.oval:def:603425
Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in denial of service, sandbox bypass, execution of arbitrary code or bypass of JAR signature validation.

oval:org.secpod.oval:def:46109
The host is missing a critical security update according to Mozilla advisory, MFSA2018-16. The update is required to fix multiple vulnerabilities. A flaw is present in the application, which fails to handle crafted data. Successful exploitation allows attackers to crash an application.

oval:org.secpod.oval:def:603423
Marcus Brinkmann discovered that GnuGPG performed insufficient sanitisation of file names displayed in status messages, which could be abused to fake the verification status of a signed email. Details can be found in the upstream advisory at https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/00 ...

oval:org.secpod.oval:def:603420
Marcus Brinkmann discovered that GnuGPG performed insufficient sanitisation of file names displayed in status messages, which could be abused to fake the verification status of a signed email. Details can be found in the upstream advisory at https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/00 ...

oval:org.secpod.oval:def:603421
Ivan Fratric discovered a buffer overflow in the Skia graphics library used by Firefox, which could result in the execution of arbitrary code.

oval:org.secpod.oval:def:46110
The host is missing a critical security update according to Mozilla advisory, MFSA2018-17. The update is required to fix multiple vulnerabilities. A flaw is present in the application, which fails to handle crafted data. Successful exploitation allows attackers to crash an application.

oval:org.secpod.oval:def:704128
mozjs52: SpiderMonkey JavaScript library Several security issues were fixed in Spidermonkey.

oval:org.secpod.oval:def:603418
Several vulnerabilities were discovered in memcached, a high-performance memory object caching system. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2017-9951 Daniel Shapira reported a heap-based buffer over-read in memcached triggered by specially crafted ...

oval:org.secpod.oval:def:704111
gnupg2: GNU privacy guard - a free PGP replacement - gnupg: GNU privacy guard - a free PGP replacement Several security issues were fixed in GnuPG.

oval:org.secpod.oval:def:704119
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:46129
The host is missing a critical security update according to Mozilla advisory, MFSA2018-15. The update is required to fix multiple vulnerabilities. A flaw is present in the application, which fails to handle crafted data. Successful exploitation allows attackers to crash an application.

oval:org.secpod.oval:def:46130
The host is missing a critical security update according to Mozilla advisory, MFSA2018-16. The update is required to fix multiple vulnerabilities. A flaw is present in the application, which fails to handle crafted data. Successful exploitation allows attackers to crash an application.

oval:org.secpod.oval:def:603440
Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors and other implementation errors may lead to the execution of arbitrary code, denial of service, cross-site request forgery or information disclosure.

oval:org.secpod.oval:def:46131
The host is missing a critical security update according to Mozilla advisory, MFSA2018-17. The update is required to fix multiple vulnerabilities. A flaw is present in the application, which fails to handle crafted data. Successful exploitation allows attackers to crash an application.

oval:org.secpod.oval:def:46134
Mozilla Firefox 61, Mozilla Thunderbird 60.0, Mozilla Firefox ESR 52.9 and 60.1: A use-after-free vulnerability can occur when deleting an code input/code element during a mutation event handler triggered by focusing that element. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:46133
Mozilla Firefox 61, Mozilla Thunderbird 60.0, Mozilla Firefox ESR 52.9 and 60.1: A buffer overflow can occur when rendering canvas content while adjusting the height and width of the 'canvas' element dynamically, causing data to be written outside of the currently computed boundaries. This results i ...

oval:org.secpod.oval:def:46139
Mozilla Firefox 61, Mozilla Thunderbird 60.0, Mozilla Firefox ESR 52.9 and 60.1: A compromised IPC child process can escape the content sandbox and list the names of arbitrary files on the file system without user consent or interaction. This could result in exposure of private local files.

oval:org.secpod.oval:def:46148
Mozilla Firefox 61, Mozilla Thunderbird 60.0, Mozilla Firefox ESR 52.9 and 60.1: Mozilla developers and community members Alex Gaynor, Christoph Diehl, Christian Holler, Jason Kratzer, David Major, Jon Coppeard, Nicolas B. Pierron, Jason Kratzer, Marcia Knous, and Ronald Crane reported memory safety ...

oval:org.secpod.oval:def:46145
Mozilla Firefox 61, Mozilla Thunderbird 60.0, Mozilla Firefox ESR 52.9 and 60.1: A vulnerability can occur when capturing a media stream when the media source type is changed as the capture is occuring. This can result in stream data being cast to the wrong type causing a potentially exploitable cra ...

oval:org.secpod.oval:def:1800496
It was found that setting VNC password to empty string doesn"t work in a way as it"s documented. The documented semantics of setting the password to an empty string are that it disables all access to the VNC server, however in fact it allows all users access with no authentication required instead.

oval:org.secpod.oval:def:603451
Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code, denial of service or attacks on encrypted emails.

oval:org.secpod.oval:def:53281
Richard Zhu and Huzaifa Sidhpurwala discovered that an out-of-bounds memory write when playing Vorbis media files could result in the execution of arbitrary code.

oval:org.secpod.oval:def:53285
It was discovered that an integer overflow in the International Components for Unicode library could result in denial of service and potentially the execution of arbitrary code.

oval:org.secpod.oval:def:53288
It was discovered that a use-after-free in the compositor of Firefox can result in the execution of arbitrary code.

oval:org.secpod.oval:def:53279
Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in denial of service, sandbox bypass, execution of arbitrary code, incorrect LDAP/GSS authentication, insecure use of cryptography or bypass of deserialisation restrictions.

oval:org.secpod.oval:def:1800465
It is possible to trigger heap overflows due to an integer overflow while parsing images and a signedness issue while parsing comments.The integer overflow occurs because the chosen limit 0x10000 for dimensions is too large for 32 bit systems, because each pixel takes4 bytes. Properly chosen values ...

oval:org.secpod.oval:def:1901048
Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Succe ...

oval:org.secpod.oval:def:53291
It was discovered that constructed ASN.1 types with a recursive definition could exceed the stack, potentially leading to a denial of service. Details can be found in the upstream advisory: https://www.openssl.org/news/secadv/20180327.txt

oval:org.secpod.oval:def:45668
The host is missing a critical security update according to Mozilla advisory, MFSA2018-13. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ...

oval:org.secpod.oval:def:53292
Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2017-3738 David Benjamin of Google reported an overflow bug in the AVX2 Montgomery multiplication procedure used in exponent ...

oval:org.secpod.oval:def:53289
Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code, denial of service or information disclosure.

oval:org.secpod.oval:def:45680
The host is missing a critical security update according to Mozilla advisory, MFSA2018-13. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ...

oval:org.secpod.oval:def:53239
Multiple vulnerabilities have been discovered in the libtiff library and the included tools, which may result in denial of service or the execution of arbitrary code.

oval:org.secpod.oval:def:53238
Two vulnerabilities were discovered in cURL, an URL transfer library. CVE-2018-1000005 Zhouyihai Ding discovered an out-of-bounds read in the code handling HTTP/2 trailers. This issue doesn"t affect the oldstable distribution . CVE-2018-1000007 Craig de Stigter discovered that authentication data mi ...

oval:org.secpod.oval:def:53248
Calum Hutton and the Mailman team discovered a cross site scripting and information leak vulnerability in the user options page. A remote attacker could use a crafted URL to steal cookie information or to fish for whether a user is subscribed to a list with a private roster.

oval:org.secpod.oval:def:1901066
Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Succ ...

oval:org.secpod.oval:def:53270
Several vulnerabilities have been discovered in the ISC DHCP client, relay and server. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2017-3144 It was discovered that the DHCP server does not properly clean up closed OMAPI connections, which can lead to exhaust ...

oval:org.secpod.oval:def:53273
Multiple vulnerabilities were discovered in cURL, an URL transfer library. CVE-2018-1000120 Duy Phan Thanh discovered that curl could be fooled into writing a zero byte out of bounds when curl is told to work on an FTP URL with the setting to only issue a single CWD command, if the directory part of ...

oval:org.secpod.oval:def:53272
Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2018-1050 It was discovered that Samba is prone to a denial of service attack when the RPC spoolss service i ...

oval:org.secpod.oval:def:53277
Richard Zhu discovered that an out-of-bounds memory write in the codeboook parsing code of the Libvorbis multimedia library could result in the execution of arbitrary code.

oval:org.secpod.oval:def:53276
Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors and other implementation errors may lead to the execution of arbitrary code, denial of service or information disclosure.

oval:org.secpod.oval:def:114292
memcached is a high-performance, distributed memory object caching system, generic in nature, but intended for use in speeding up dynamic web applications by alleviating database load.

oval:org.secpod.oval:def:53311
Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in denial of service, sandbox bypass, execution of arbitrary code or bypass of JAR signature validation.

oval:org.secpod.oval:def:53332
The Qualys Research Labs discovered multiple vulnerabilities in procps, a set of command line and full screen utilities for browsing procfs. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2018-1122 top read its configuration from the current working directory ...

oval:org.secpod.oval:def:53324
Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors and other implementation errors may lead to the execution of arbitrary code or denial of service.

oval:org.secpod.oval:def:52010
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:52012
curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl.

oval:org.secpod.oval:def:52003
isc-dhcp: DHCP server and client Several security issues were fixed in DHCP.

oval:org.secpod.oval:def:52004
memcached: high-performance memory object caching system Several security issues were fixed in Memcached.

oval:org.secpod.oval:def:53335
Gabriel Corona discovered that xdg-utils, a set of tools for desktop environment integration, is vulnerable to argument injection attacks. If the environment variable BROWSER in the victim host has a "%s" and the victim opens a link crafted by an attacker with xdg-open, the malicious party ...

oval:org.secpod.oval:def:52007
python-django: High-level Python web development framework Several security issues were fixed in Django.

oval:org.secpod.oval:def:52006
dovecot: IMAP and POP3 email server Several security issues were fixed in Dovecot.

oval:org.secpod.oval:def:52009
samba: SMB/CIFS file, print, and login server for Unix Several security issues were fixed in Samba.

oval:org.secpod.oval:def:53350
Jakub Wilk discovered a directory traversal flaw in the Archive::Tar module, allowing an attacker to overwrite any file writable by the extracting user via a specially crafted tar archive.

oval:org.secpod.oval:def:52021
icu: International Components for Unicode library ICU could be made to crash if it received specially crafted input.

oval:org.secpod.oval:def:52023
openssl: Secure Socket Layer cryptographic library and tools OpenSSL could be made to crash if it received specially crafted network traffic.

oval:org.secpod.oval:def:52022
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:52013
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:53344
Several vulnerabilities were discovered in memcached, a high-performance memory object caching system. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2017-9951 Daniel Shapira reported a heap-based buffer over-read in memcached triggered by specially crafted ...

oval:org.secpod.oval:def:52016
tiff: Tag Image File Format library LibTIFF could be made to crash or run programs as your login if it opened a specially crafted file.

oval:org.secpod.oval:def:53347
Ivan Fratric discovered a buffer overflow in the Skia graphics library used by Firefox, which could result in the execution of arbitrary code.

oval:org.secpod.oval:def:53346
Marcus Brinkmann discovered that GnuGPG performed insufficient sanitisation of file names displayed in status messages, which could be abused to fake the verification status of a signed email. Details can be found in the upstream advisory at https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/00 ...

oval:org.secpod.oval:def:52015
memcached: high-performance memory object caching system Memcached could be made to crash if it received specially crafted network traffic.

oval:org.secpod.oval:def:52018
libvorbis: The Vorbis General Audio Compression Codec libvorbis could be made to crash or run programs as your login if it opened a specially crafted file.

oval:org.secpod.oval:def:53349
Marcus Brinkmann discovered that GnuGPG performed insufficient sanitisation of file names displayed in status messages, which could be abused to fake the verification status of a signed email. Details can be found in the upstream advisory at https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/00 ...

oval:org.secpod.oval:def:52017
paramiko: Python SSH2 library Paramiko could be made to run programs if it received specially crafted network traffic.

oval:org.secpod.oval:def:114769
The libjpeg-turbo package contains a library of functions for manipulating JPEG images.

oval:org.secpod.oval:def:113424
poppler is a PDF rendering library.

oval:org.secpod.oval:def:114752
GnuPG is a GNU utility for encrypting data and creating digital signatures. GnuPG has advanced key management capabilities and is compliant with the proposed OpenPGP Internet standard described in RFC2440. Since GnuPG doesn't use any patented algorithm, it is not compatible with any version of ...

oval:org.secpod.oval:def:704295
mozjs52: SpiderMonkey JavaScript library Several security issues were fixed in Spidermonkey.

oval:org.secpod.oval:def:114726
This package contains dcraw, a command line tool to decode raw image data downloaded from digital cameras.

oval:org.secpod.oval:def:46158
The host is missing a critical security update according to Mozilla advisory, MFSA2018-18. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ...

oval:org.secpod.oval:def:46154
The host is missing a security update according to Mozilla advisory, MFSA2018-18. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle the crafted data. Successful exploitation could allow attackers to disclose sensitive information, ...

oval:org.secpod.oval:def:603532
Multiple security issues were discovered in Python: ElementTree failed to initialise Expat"s hash salt, two denial of service issues were found in difflib and poplib and a buffer overflow in PyString_DecodeEscape.

oval:org.secpod.oval:def:52919
openjdk-7: Open Source Java implementation Several security issues were fixed in OpenJDK 7.

oval:org.secpod.oval:def:114823
A comprehensive, modular and portable cryptographic toolkit that provides developers with a vast array of well known published block ciphers, one-way hash functions, chaining modes, pseudo-random number generators, public key cryptography and a plethora of other routines. Designed from the ground up ...

oval:org.secpod.oval:def:704213
mailman: Powerful, web-based mailing list manager Mailman could be made to run arbitrary code.

oval:org.secpod.oval:def:114816
The Archive::Zip module allows a Perl program to create, manipulate, read, and write Zip archive files. Zip archives can be created, or you can read from existing zip files. Once created, they can be written to files, streams, or strings. Members can be added, removed, extracted, replaced, rearrange ...

oval:org.secpod.oval:def:114812
The Archive::Zip module allows a Perl program to create, manipulate, read, and write Zip archive files. Zip archives can be created, or you can read from existing zip files. Once created, they can be written to files, streams, or strings. Members can be added, removed, extracted, replaced, rearrange ...

oval:org.secpod.oval:def:52930
openjdk-7: Open Source Java implementation Several security issues were fixed in OpenJDK 7.

oval:org.secpod.oval:def:603583
Multiple vulnerabilities have been discovered in the libtiff library and the included tools, which may result in denial of service or the execution of arbitrary code if malformed image files are processed.

oval:org.secpod.oval:def:704204
perl: Practical Extraction and Report Language Perl could be made to overwrite arbitrary files if it received a specially crafted archive file.

oval:org.secpod.oval:def:52072
poppler: PDF rendering library poppler could be made to crash if it opened a specially crafted file.

oval:org.secpod.oval:def:52078
poppler: PDF rendering library Several security issues were fixed in poppler.

oval:org.secpod.oval:def:52069
curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl.

oval:org.secpod.oval:def:45787
The host is installed with Google Chrome before 67.0.3396.62 and is prone to a heap buffer overflow vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:45788
The host is installed with Google Chrome before 67.0.3396.62 and is prone to a heap buffer overflow vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:52081
rsync: fast, versatile, remote file-copying tool Several security issues were fixed in rsync.

oval:org.secpod.oval:def:52080
transmission: lightweight BitTorrent client Transmission could be made to run arbitraty code.

oval:org.secpod.oval:def:52089
mailman: Powerful, web-based mailing list manager Mailman could be made to run arbitrary code.

oval:org.secpod.oval:def:43130
The host is installed with Google Chrome before 63.0.3239.84 and is prone to an integer overflow vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:53360
Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors and other implementation errors may lead to the execution of arbitrary code, denial of service, cross-site request forgery or information disclosure.

oval:org.secpod.oval:def:52033
wayland: Wayland compositor infrastructure Wayland could be made to crash or run programs if it opened a specially crafted file.

oval:org.secpod.oval:def:52025
openjdk-8: Open Source Java implementation Several security issues were fixed in OpenJDK 8.

oval:org.secpod.oval:def:52024
thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird.

oval:org.secpod.oval:def:52026
libraw: raw image decoder library LibRaw could be made to crash or run programs as your login if it opened a specially crafted file.

oval:org.secpod.oval:def:115246
Clam AntiVirus is an anti-virus toolkit for UNIX. The main purpose of this software is the integration with mail servers . The package provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via Internet. The programs are based on a shared li ...

oval:org.secpod.oval:def:52042
openjdk-8: Open Source Java implementation Several security issues were fixed in OpenJDK 8.

oval:org.secpod.oval:def:52035
mysql-5.7: MySQL database - mysql-5.5: MySQL database Several security issues were fixed in MySQL.

oval:org.secpod.oval:def:53368
Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code, denial of service or attacks on encrypted emails.

oval:org.secpod.oval:def:45753
The host is installed with Apache Tomcat 9.x before 9.0.9, 7.0.41 before 7.0.89, 8.x before 8.0.53 or 8.5.x before 8.5.32 and is prone to a security bypass vulnerability. A flaw is present in application, which fails to properly handle CORS filter settings issue. Successful exploitation allow attack ...

oval:org.secpod.oval:def:52052
gnupg2: GNU privacy guard - a free PGP replacement Details: This update provides the corresponding update for GnuPG 2 in Linux Mint 18.x LTS and Linux Mint 17.x LTS. Original advisory GnuPG 2 could be made to present validity information incorrectly.

oval:org.secpod.oval:def:43104
The host is installed with Google Chrome before 63.0.3239.84 and is prone to an integer overflow vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:43103
The host is installed with Google Chrome before 63.0.3239.84 and is prone to an integer overflow vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:52061
tomcat8: Servlet and JSP engine - tomcat7: Servlet and JSP engine Several security issues were fixed in Tomcat.

oval:org.secpod.oval:def:45834
The host is installed with Google Chrome before 67.0.3396.62 and is prone to a heap buffer overflow vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:53472
Multiple vulnerabilities have been discovered in the libtiff library and the included tools, which may result in denial of service or the execution of arbitrary code if malformed image files are processed.

oval:org.secpod.oval:def:502131
Poppler is a Portable Document Format rendering library, used by applications such as Evince. Security Fix: * An integer overflow leading to heap-based buffer overflow was found in the poppler library. An attacker could create a malicious PDF file that would cause applications that use poppler to ...

oval:org.secpod.oval:def:53404
Several issues were discovered in the Tomcat servlet and JSP engine. They could lead to unauthorized access to protected resources, denial-of-service, or information leak.

oval:org.secpod.oval:def:53430
Multiple security issues were discovered in Python: ElementTree failed to initialise Expat"s hash salt, two denial of service issues were found in difflib and poplib and a buffer overflow in PyString_DecodeEscape.

oval:org.secpod.oval:def:113557
poppler is a PDF rendering library.

oval:org.secpod.oval:def:114841
This package contains dcraw, a command line tool to decode raw image data downloaded from digital cameras.

oval:org.secpod.oval:def:114931
poppler is a PDF rendering library.

oval:org.secpod.oval:def:114079
PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ...

oval:org.secpod.oval:def:502222
The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix: * Multiple flaws were found in the Hotspot and AWT components of OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java ...

oval:org.secpod.oval:def:502229
The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable ...

oval:org.secpod.oval:def:502235
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix: * A flaw was found in the AWT component of OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. ...

oval:org.secpod.oval:def:502243
The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable ...

oval:org.secpod.oval:def:502242
The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable ...

oval:org.secpod.oval:def:502244
Mailman is a program used to help manage e-mail discussion lists. Security Fix: * mailman: Cross-site scripting vulnerability in web UI For more details about the security issue, including the impact, a CVSS score, and other related information, refer to the CVE page listed in the References secti ...

oval:org.secpod.oval:def:502246
Mailman is a program used to help manage e-mail discussion lists. Security Fix: * mailman: Cross-site scripting vulnerability in web UI For more details about the security issue, including the impact, a CVSS score, and other related information, refer to the CVE page listed in the References secti ...

oval:org.secpod.oval:def:114066
MinGW Windows Poppler library.

oval:org.secpod.oval:def:502293
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 52.8.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8 * Mozilla: Backport critical security fixes in Ski ...

oval:org.secpod.oval:def:53567
The host is installed with Apple Mac OS X 10.12.6, 10.13.6 or 10.14.3 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to properly handle an issue in perl. Successful exploitation allows an attacker to cause unspecified impact.

oval:org.secpod.oval:def:45957
The host is installed with Google Chrome before 67.0.3396.62, Mozilla Firefox before 60.0.2, Firefox-esr before 52.8.1 or 60.0.x before 60.0.2 and is prone to a heap buffer overflow vulnerability. A flaw is present in the application, which failes to properly handle SVG file with anti-aliasing turne ...

oval:org.secpod.oval:def:45958
The host is missing a critical security update according to Mozilla advisory, MFSA2018-14. The update is required to fix heap buffer overflow vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation allows attackers to crash an application.

oval:org.secpod.oval:def:1700092
An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service.

oval:org.secpod.oval:def:502250
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.7.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7 * Mozilla: Buffer overflow manipulating SVG animatedPathSegList * Mozilla: Out-of-bounds write with malformed IP ...

oval:org.secpod.oval:def:502252
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 52.7.2 ESR. Security Fix: * Mozilla: Vorbis audio processing out of bounds write For more details about the security issue, including the impact, ...

oval:org.secpod.oval:def:502251
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.7.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7 * Mozilla: Buffer overflow manipulating SVG animatedPathSegList * Mozilla: Out-of-bounds write with malformed IP ...

oval:org.secpod.oval:def:502253
The python-paramiko package provides a Python module that implements the SSH2 protocol for encrypted and authenticated connections to remote machines. Unlike SSL, the SSH2 protocol does not require hierarchical certificates signed by a powerful central authority. The protocol also includes the abili ...

oval:org.secpod.oval:def:502258
The libvorbis package contains runtime libraries for use in programs that support Ogg Vorbis, a fully open, non-proprietary, patent- and royalty-free, general-purpose compressed format for audio and music at fixed and variable bitrates. Security Fix: * Mozilla: Vorbis audio processing out of bounds ...

oval:org.secpod.oval:def:502257
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.7.0. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7 * Mozilla: Memory safety bugs fixed in Firefox ESR 52.7 * Mozilla: Vorbis audio processing out o ...

oval:org.secpod.oval:def:502259
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.7.0. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7 * Mozilla: Memory safety bugs fixed in Firefox ESR 52.7 * Mozilla: Vorbis audio processing out o ...

oval:org.secpod.oval:def:45901
The host is installed with Apple Mac OS X 10.13.4 and is prone to a stack buffer overflow vulnerability. A flaw is present in the application, which fails to properly handle php version less than 7.1.16. Successful exploitation allows attackers to execute arbitrary code in the context of the affecte ...

oval:org.secpod.oval:def:114553
The xdg-utils package is a set of simple scripts that provide basic desktop integration functions for any Free Desktop, such as Linux. They are intended to provide a set of defacto standards. This means that: * Third party software developers can rely on these xdg-utils for all of their simple integ ...

oval:org.secpod.oval:def:502261
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 52.7.3 ESR. Security Fix: * firefox: Use-after-free in compositor potentially allows code execution For more details about the security issue, incl ...

oval:org.secpod.oval:def:114550
The procps package contains a set of system utilities that provide system information. Procps includes ps, free, skill, pkill, pgrep, snice, tload, top, uptime, vmstat, w, watch and pwdx. The ps command displays a snapshot of running processes. The top command provides a repetitive update of the sta ...

oval:org.secpod.oval:def:502263
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 52.7.3 ESR. Security Fix: * firefox: Use-after-free in compositor potentially allows code execution For more details about the security issue, incl ...

oval:org.secpod.oval:def:502269
The libvorbis package contains runtime libraries for use in programs that support Ogg Vorbis, a fully open, non-proprietary, patent- and royalty-free, general-purpose compressed format for audio and music at fixed and variable bitrates. Security Fix: * Mozilla: Vorbis audio processing out of bounds ...

oval:org.secpod.oval:def:114588
poppler is a PDF rendering library.

oval:org.secpod.oval:def:502276
The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix: * OpenJDK: incorrect handling of Reference clones can lead to sandbox bypass * OpenJDK: unrestricted deserialization of data from JCEKS key stores * OpenJ ...

oval:org.secpod.oval:def:502275
The python-paramiko package provides a Python module that implements the SSH2 protocol for encrypted and authenticated connections to remote machines. Unlike SSL, the SSH2 protocol does not require hierarchical certificates signed by a powerful central authority. The protocol also includes the abili ...

oval:org.secpod.oval:def:52201
php7.1: HTML-embedded scripting language interpreter - php7.0: HTML-embedded scripting language interpreter - php5: HTML-embedded scripting language interpreter Several security issues were fixed in PHP.

oval:org.secpod.oval:def:502277
The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix: * OpenJDK: incorrect handling of Reference clones can lead to sandbox bypass * OpenJDK: unrestricted deserialization of data from JCEKS key stores * OpenJ ...

oval:org.secpod.oval:def:1700072
Use-after-free when appending DOM nodes Use-after-free using focus Compromised IPC child process can list local filenames Buffer overflow using computed size of canvas element Using form to exfiltrate encrypted mail part by pressing enter in form field S/MIME plaintext can be leaked through HTML rep ...

oval:org.secpod.oval:def:502285
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix: * OpenJDK: incorrect handling of Reference clones can lead to sandbox bypass * OpenJDK: unrestricted deserialization of data from JCEKS key stores * OpenJ ...

oval:org.secpod.oval:def:502284
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix: * OpenJDK: incorrect handling of Reference clones can lead to sandbox bypass * OpenJDK: unrestricted deserialization of data from JCEKS key stores * OpenJ ...

oval:org.secpod.oval:def:502289
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 52.8.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8 * Mozilla: Backport critical security fixes in Ski ...

oval:org.secpod.oval:def:1700066
A data validation flaw was found in the way gnupg processes file names during decryption and signature validation. An attacker may be able to inject messages into gnupg verbose message logging which may have the potential to bypass the integrity of signature authentication mechanisms and could have ...

oval:org.secpod.oval:def:114529
The xdg-utils package is a set of simple scripts that provide basic desktop integration functions for any Free Desktop, such as Linux. They are intended to provide a set of defacto standards. This means that: * Third party software developers can rely on these xdg-utils for all of their simple integ ...

oval:org.secpod.oval:def:114528
The xdg-utils package is a set of simple scripts that provide basic desktop integration functions for any Free Desktop, such as Linux. They are intended to provide a set of defacto standards. This means that: * Third party software developers can rely on these xdg-utils for all of their simple integ ...

oval:org.secpod.oval:def:1700050
Multiple integer overflows leading to heap corruption flaws were discovered in file2strvec. These vulnerabilities can lead to privilege escalation for a local attacker who can create entries in procfs by starting processes, which will lead to crashes or arbitrary code execution in proc utilities run ...

oval:org.secpod.oval:def:1502232
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502237
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502234
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502235
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1700046
The following CVEs are fixed in the updated thunderbird package:CVE-2018-5161 : Hang via malformed headersCVE-2018-5162 : Encrypted mail leaks plaintext through src attributeCVE-2018-5183 : Backport critical security fixes in SkiaCVE-2018-5155 : Use-after-free with SVG animations and text pathsCVE-2 ...

oval:org.secpod.oval:def:114543
MariaDB is a community developed branch of MySQL. MariaDB is a multi-user, multi-threaded SQL database server. It is a client/server implementation consisting of a server daemon and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs an ...

oval:org.secpod.oval:def:1700030
Unbounded memory allocation during deserialization in Container Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE . Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerabi ...

oval:org.secpod.oval:def:1700034
Unbounded memory allocation during deserialization in NamedNodeMapImpl Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE . Supported versions that are affected are Java SE: 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerabi ...

oval:org.secpod.oval:def:114539
The procps package contains a set of system utilities that provide system information. Procps includes ps, free, skill, pkill, pgrep, snice, tload, top, uptime, vmstat, w, watch and pwdx. The ps command displays a snapshot of running processes. The top command provides a repetitive update of the sta ...

oval:org.secpod.oval:def:1502253
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502259
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1700024
FTP path trickery leads to NIL byte out of bounds write:It was found that libcurl did not safely parse FTP URLs when using the CURLOPT_FTP_FILEMETHOD method. An attacker, able to provide a specially crafted FTP URL to an application using libcurl, could write a NULL byte at an arbitrary location, re ...

oval:org.secpod.oval:def:1700021
Buffer overflow in dhclient possibly allowing code execution triggered by malicious serverAn out-of-bound memory access flaw was found in the way dhclient processed a DHCP response packet. A malicious DHCP server could potentially use this flaw to crash dhclient processes running on DHCP client mach ...

oval:org.secpod.oval:def:1700015
Vorbis audio processing out of bounds write :An out of bounds write flaw was found in the processing of vorbis audio data. A maliciously crafted file or audio stream could cause the application to crash or, potentially, execute arbitrary code

oval:org.secpod.oval:def:1700018
Cross-site scripting vulnerability in web UIA cross-site scripting flaw was found in mailman. An attacker, able to trick the user into visiting a specific URL, can execute arbitrary web scripts on the user#039;s side and force the victim to perform unintended actions

oval:org.secpod.oval:def:1700010
Omapi code doesn"t free socket descriptors when empty message is received allowing denial-of-serviceIt was found that the DHCP daemon did not properly clean up closed OMAPI connections in certain cases. A remote attacker able to connect to the OMAPI port could use this flaw to exhaust file descripto ...

oval:org.secpod.oval:def:1700005
SingleEntryRegistry incorrect setup of deserialization filter It was discovered that the JMX component of OpenJDK failed to properly set the deserialization filter for the SingleEntryRegistry in certain cases. A remote attacker could possibly use this flaw to bypass intended deserialization restrict ...

oval:org.secpod.oval:def:1700004
HTTP authentication leak in redirectslibcurl might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response ...

oval:org.secpod.oval:def:602554
Vivian Zhang and Christoph Anton Mitterer discovered that setting an empty VNC password does not work as documented in Libvirt, a virtualisation abstraction library. When the password on a VNC server is set to the empty string, authentication on the VNC server will be disabled, allowing any user to ...

oval:org.secpod.oval:def:1502211
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502212
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502264
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1900953
Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Succe ...

oval:org.secpod.oval:def:1502272
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502273
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502278
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502279
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:502331
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.1.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1, and Firefox ESR 52.9 * Mozilla: Buffer overflow usin ...

oval:org.secpod.oval:def:502330
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.1.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1, and Firefox ESR 52.9 * Mozilla: Buffer overflow usin ...

oval:org.secpod.oval:def:115054
Ghostscript is a set of software that provides a PostScript interpreter, a set of C procedures and an interpreter for Portable Document Format files. Ghostscript translates PostScript code into many common, bitmapped formats, like those understood by your printer or screen. Ghostscript is normally ...

oval:org.secpod.oval:def:502335
The GNU Privacy Guard is a tool for encrypting data and creating digital signatures, compliant with OpenPGP and S/MIME standards. Security Fix: * gnupg2: Improper sanitization of filenames allows for the display of fake status messages and the bypass of signature verification For more details abou ...

oval:org.secpod.oval:def:502334
The GNU Privacy Guard is a tool for encrypting data and creating digital signatures, compliant with OpenPGP and S/MIME standards. Security Fix: * gnupg2: Improper sanitization of filenames allows for the display of fake status messages and the bypass of signature verification For more details abou ...

oval:org.secpod.oval:def:502339
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.9.1. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1, and Firefox ESR 52.9 * Mozilla: Buffer overflow using computed size of canvas element * Mozilla: Use ...

oval:org.secpod.oval:def:502340
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.9.1. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1, and Firefox ESR 52.9 * Mozilla: Buffer overflow using computed size of canvas element * Mozilla: Use ...

oval:org.secpod.oval:def:115074
Tools and utilities for developing with icu.

oval:org.secpod.oval:def:115060
Ghostscript is a set of software that provides a PostScript interpreter, a set of C procedures and an interpreter for Portable Document Format files. Ghostscript translates PostScript code into many common, bitmapped formats, like those understood by your printer or screen. Ghostscript is normally ...

oval:org.secpod.oval:def:502306
The procps-ng packages contain a set of system utilities that provide system information, including ps, free, skill, pkill, pgrep, snice, tload, top, uptime, vmstat, w, watch, and pwdx. Security Fix: * procps-ng, procps: Integer overflows leading to heap overflow in file2strvec * procps-ng, procps: ...

oval:org.secpod.oval:def:502308
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.8.0. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8 * Mozilla: Backport critical security fixes in Skia * Mozilla: Use-after-free with SVG animations ...

oval:org.secpod.oval:def:502307
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.8.0. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8 * Mozilla: Backport critical security fixes in Skia * Mozilla: Use-after-free with SVG animations ...

oval:org.secpod.oval:def:502311
The procps packages contain a set of system utilities that provide system information. The procps packages include the following utilities: ps, free, skill, pkill, pgrep, snice, tload, top, uptime, vmstat, w, watch, pwdx, sysctl, pmap, and slabtop. Security Fix: * procps-ng, procps: Integer overflow ...

oval:org.secpod.oval:def:502318
Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: * samba: Null pointer indirection in printer server process For mor ...

oval:org.secpod.oval:def:115028
Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory e ...

oval:org.secpod.oval:def:502320
Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. Security Fix: * samba: Null pointer indirection in printer server process For more details about the sec ...

oval:org.secpod.oval:def:44721
Mozilla Firefox ESR before 52.7 or Thunderbird before 52.7 : An integer overflow can occur during conversion of text to some Unicode character sets due to an unchecked length parameter.

oval:org.secpod.oval:def:44722
Mozilla Firefox ESR before 52.7 or Thunderbird before 52.7 : Mozilla developers reported memory safety bugs present in Firefox ESR. These bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.

oval:org.secpod.oval:def:44733
The host is missing a critical security update according to Mozilla advisory, MFSA2018-07. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ...

oval:org.secpod.oval:def:44734
The host is missing a critical security update according to Mozilla advisory, MFSA2018-06. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ...

oval:org.secpod.oval:def:44739
php7.1: HTML-embedded scripting language interpreter - php7.0: HTML-embedded scripting language interpreter - php5: HTML-embedded scripting language interpreter Several security issues were fixed in PHP.

oval:org.secpod.oval:def:205139
Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. The following packages have been upgraded to a later upstream version: samba . Se ...

oval:org.secpod.oval:def:51044
procps: /proc file system utilities Several security issues were fixed in procps-ng.

oval:org.secpod.oval:def:51035
mysql-5.7: MySQL database Details: USN-3629-1 fixed vulnerabilities in MySQL. This update provides the corresponding updates for Linux Mint 19.x LTS. Original advisory Several security issues were fixed in MySQL.

oval:org.secpod.oval:def:51039
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:51050
gnupg2: GNU privacy guard - a free PGP replacement - gnupg: GNU privacy guard - a free PGP replacement Several security issues were fixed in GnuPG.

oval:org.secpod.oval:def:51053
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:51045
thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird.

oval:org.secpod.oval:def:502373
The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix: * It was discovered that the ghostscript /invalidaccess checks fail under certain condition ...

oval:org.secpod.oval:def:502374
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Security Fix: * tomcat: A bug in the UTF-8 decoder can lead to DoS For more details about the security issue, including the impact, a CVSS score, and other related information, refer to the CVE page listed ...

oval:org.secpod.oval:def:1501628
The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. The following packages have been upgraded to a newer upstream version: libvir ...

oval:org.secpod.oval:def:44700
Mozilla Firefox ESR before 52.7 or Thunderbird before 52.7 : An integer overflow can occur during conversion of text to some Unicode character sets due to an unchecked length parameter.

oval:org.secpod.oval:def:44701
Mozilla Firefox ESR before 52.7 or Thunderbird before 52.7 : Mozilla developers reported memory safety bugs present in Firefox ESR. These bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.

oval:org.secpod.oval:def:44714
Mozilla Firefox before 59.0, Firefox ESR before 52.7 or Thunderbird before 52.7 : Mozilla developers and community members reported memory safety bugs present in Firefox and Firefox ESR. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these ...

oval:org.secpod.oval:def:44715
Mozilla Firefox before 59.0, Firefox ESR before 52.7 or Thunderbird before 52.7 : A buffer overflow can occur when manipulating the SVG animatedPathSegList through script. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:44716
Mozilla Firefox before 59.0, Firefox ESR before 52.7 or Thunderbird before 52.7 : A lack of parameter validation on IPC messages results in a potential out-of-bounds write through malformed IPC messages. This can potentially allow for sandbox escape through memory corruption in the parent process.

oval:org.secpod.oval:def:44712
The host is missing a critical security update according to Mozilla advisory, MFSA2018-07. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ...

oval:org.secpod.oval:def:44717
Mozilla Firefox before 59.0 or Firefox ESR before 52.7 : When packets with a mismatched RTP payload type are sent in WebRTC connections, in some circumstances a potentially exploitable crash is triggered.

oval:org.secpod.oval:def:44718
Mozilla Firefox before 59.0 or Firefox ESR before 52.7 : Under certain circumstances the fetch() API can return transient local copies of resources that were sent with a no-store or no-cache cache header instead of downloading a copy from the network as it should. This can result in previously store ...

oval:org.secpod.oval:def:114641
The libtiff package contains a library of functions for manipulating TIFF image format files. TIFF is a widely used file format for bitmapped images. TIFF files usually end in the .tif extension and they are often quite large. The libtiff package should be installed if you need to manipulate TIFF f ...

oval:org.secpod.oval:def:1502108
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:114639
GnuPG is a GNU utility for encrypting data and creating digital signatures. GnuPG has advanced key management capabilities and is compliant with the proposed OpenPGP Internet standard described in RFC2440. Since GnuPG doesn't use any patented algorithm, it is not compatible with any version of ...

oval:org.secpod.oval:def:1502111
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:114667
MariaDB is a community developed branch of MySQL. MariaDB is a multi-user, multi-threaded SQL database server. It is a client/server implementation consisting of a server daemon and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs an ...

oval:org.secpod.oval:def:114669
GnuPG is a GNU utility for encrypting data and creating digital signatures. GnuPG has advanced key management capabilities and is compliant with the proposed OpenPGP Internet standard described in RFC2440. Since GnuPG doesn't use any patented algorithm, it is not compatible with any version of ...

oval:org.secpod.oval:def:114666
GnuPG is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440 and the S/MIME standard as describe ...

oval:org.secpod.oval:def:114665
Archive::Tar provides an object oriented mechanism for handling tar files. It provides class methods for quick and easy files handling while also allowing for the creation of tar file objects for custom manipulation. If you have the IO::Zlib module installed, Archive::Tar will also support compresse ...

oval:org.secpod.oval:def:114660
GnuPG is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440 and the S/MIME standard as describe ...

oval:org.secpod.oval:def:114662
This is a library that defines common error values for all GnuPG components. Among these are GPG, GPGSM, GPGME, GPG-Agent, libgcrypt, pinentry, SmartCard Daemon and possibly more in the future.

oval:org.secpod.oval:def:114657
This is a library that defines common error values for all GnuPG components. Among these are GPG, GPGSM, GPGME, GPG-Agent, libgcrypt, pinentry, SmartCard Daemon and possibly more in the future.

oval:org.secpod.oval:def:114659
Archive::Tar provides an object oriented mechanism for handling tar files. It provides class methods for quick and easy files handling while also allowing for the creation of tar file objects for custom manipulation. If you have the IO::Zlib module installed, Archive::Tar will also support compresse ...

oval:org.secpod.oval:def:1502135
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502139
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:2001366
transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as demon ...

oval:org.secpod.oval:def:45188
The host is installed with Oracle MySQL Server through 5.5.59, 5.6.39 or 5.7.21 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to Server: Replication. Successful exploitation allows attackers to affect Confidentiality, Integr ...

oval:org.secpod.oval:def:45195
The host is installed with Oracle MySQL Server through 5.5.59, 5.6.39 or 5.7.21 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to Server: Locking. Successful exploitation allows attackers to affect Availability.

oval:org.secpod.oval:def:45191
The host is installed with Oracle MySQL Server through 5.5.59, 5.6.39 or 5.7.21 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to Client programs. Successful exploitation allows attackers to affect Availability.

oval:org.secpod.oval:def:1901503
Memory safety bugs were reported in Firefox 58 and Firefox ESR 52.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.7, Firefox ESR < 52.7, an ...

oval:org.secpod.oval:def:114609
The libtiff package contains a library of functions for manipulating TIFF image format files. TIFF is a widely used file format for bitmapped images. TIFF files usually end in the .tif extension and they are often quite large. The libtiff package should be installed if you need to manipulate TIFF f ...

oval:org.secpod.oval:def:501918
The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. The following packages have been upgraded to a newer upstream version: libvir ...

oval:org.secpod.oval:def:1502181
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502194
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502198
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:51948
libxcursor: X11 cursor management library libxcursor could be made to crash or run programs if it opened a specially crafted file.

oval:org.secpod.oval:def:114705
MariaDB is a community developed branch of MySQL. MariaDB is a multi-user, multi-threaded SQL database server. It is a client/server implementation consisting of a server daemon and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs an ...

oval:org.secpod.oval:def:45299
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:45298
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:45215
The host is installed with Oracle MySQL Server through 5.5.59, 5.6.39 or 5.7.21 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to InnoDB. Successful exploitation allows attackers to affect Availability.

oval:org.secpod.oval:def:1502145
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502148
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502149
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502146
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502147
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502151
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502152
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502155
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502153
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502159
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502162
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502163
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502160
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502166
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502164
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502165
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502179
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:45203
The host is installed with Oracle MySQL Server through 5.5.59, 5.6.39 or 5.7.21 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to Server: Optimizer. Successful exploitation allows attackers to affect Availability.

oval:org.secpod.oval:def:45211
The host is installed with Oracle MySQL Server through 5.5.59, 5.6.39 or 5.7.21 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to Server: DDL. Successful exploitation allows attackers to affect Confidentiality.

oval:org.secpod.oval:def:45213
The host is installed with Oracle MySQL Server through 5.5.59, 5.6.39 or 5.7.21 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to Server: DDL. Successful exploitation allows attackers to affect Availability.

oval:org.secpod.oval:def:44769
The host is missing a critical security update according to Mozilla advisory, MFSA2018-09. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ...

oval:org.secpod.oval:def:44764
Mozilla Firefox before 59.0.1 or Firefox ESR before 52.7.2 : An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest.

oval:org.secpod.oval:def:44765
The host is missing a critical security update according to Mozilla advisory, MFSA2018-08. The update is required to fix out-of-bound memory write vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to crash the se ...

oval:org.secpod.oval:def:51061
mozjs52: SpiderMonkey JavaScript library Several security issues were fixed in Spidermonkey.

oval:org.secpod.oval:def:44770
The host is missing a critical security update according to Mozilla advisory, MFSA2018-09. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ...

oval:org.secpod.oval:def:44776
Mozilla Firefox before 59.0.2 or Firefox ESR before 52.7.3 : A use-after-free vulnerability can occur in the compositor during certain graphics operations when a raw pointer is used instead of a reference counted one. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:44777
The host is missing a important security update according to Mozilla advisory, MFSA2018-10. The update is required to fix use-after-free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to crash the service.

oval:org.secpod.oval:def:51074
thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird.

oval:org.secpod.oval:def:51068
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:51086
xdg-utils: desktop integration utilities from freedesktop.org xdg-utils could be made to run arbitrary code if it received a specially crafted input.

oval:org.secpod.oval:def:51088
perl: Practical Extraction and Report Language Perl could be made to overwrite arbitrary files if it received a specially crafted archive file.

oval:org.secpod.oval:def:51143
clamav: Anti-virus utility for Unix ClamAV could be made to crash if it opened a specially crafted file.

oval:org.secpod.oval:def:51133
ghostscript: PostScript and PDF interpreter Several security issues were fixed in Ghostscript.

oval:org.secpod.oval:def:51137
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:51150
mysql-5.7: MySQL database - mysql-5.5: MySQL database Several security issues were fixed in MySQL.

oval:org.secpod.oval:def:51154
ghostscript: PostScript and PDF interpreter Several security issues were fixed in Ghostscript.

oval:org.secpod.oval:def:51147
moin: Collaborative hypertext environment MoinMoin could be made to expose sensitive information if it received a specially crafted input.

oval:org.secpod.oval:def:51146
thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird.

oval:org.secpod.oval:def:51149
paramiko: Python SSH2 library Paramiko could allow unintended access to network services.

oval:org.secpod.oval:def:51160
spamassassin: Perl-based spam filter using text analysis Several security issues were fixed in SpamAssassin.

oval:org.secpod.oval:def:51163
libmspack: library for Microsoft compression formats Several security issues were fixed in libmspack.

oval:org.secpod.oval:def:51162
nginx: small, powerful, scalable web/proxy server Several security issues were fixed in nginx.

oval:org.secpod.oval:def:51155
network-manager: Network connection manager NetworkManager could be made to crash or run programs if it received specially crafted network traffic.

oval:org.secpod.oval:def:51157
systemd: system and service manager systemd-networkd could be made to crash or run programs if it received specially crafted network traffic.

oval:org.secpod.oval:def:1502409
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:51170
samba: SMB/CIFS file, print, and login server for Unix Several security issues were fixed in Samba.

oval:org.secpod.oval:def:51174
ghostscript: PostScript and PDF interpreter Several security issues were fixed in Ghostscript.

oval:org.secpod.oval:def:51168
systemd: system and service manager Details: USN-3816-1 fixed several vulnerabilities in systemd. However, the fix for CVE-2018-6954 was not sufficient. This update provides the remaining fixes. We apologize for the inconvenience. Original advisory systemd-tmpfiles could be made to change ownership ...

oval:org.secpod.oval:def:51100
libmspack: library for Microsoft compression formats Several security issues were fixed in libmspack.

oval:org.secpod.oval:def:51107
wpa: client support for WPA and WPA2 wpa_supplicant and hostapd could be made to expose sensitive information if it received a crafted message.

oval:org.secpod.oval:def:51116
poppler: PDF rendering library poppler could be made to crash if it received specially crafted PDF file.

oval:org.secpod.oval:def:51118
libtirpc: transport-independent RPC library - development files Several security issues were fixed in libtirpc.

oval:org.secpod.oval:def:51117
libx11: X11 client-side library Several security issues were fixed in libx11.

oval:org.secpod.oval:def:51119
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:115664
lxml is a Pythonic, mature binding for the libxml2 and libxslt libraries. It provides safe and convenient access to these libraries using the ElementTree It extends the ElementTree API significantly to offer support for XPath, RelaxNG, XML Schema, XSLT, C14N and much more.To contact the project, go ...

oval:org.secpod.oval:def:51132
strongswan: IPsec VPN solution strongSwan could be made to crash or run programs if it received specially crafted network traffic.

oval:org.secpod.oval:def:1900717
Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.6.40 and prior, 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Succe ...

oval:org.secpod.oval:def:112559
Libgcrypt is a general purpose crypto library based on the code used in GNU Privacy Guard. This is a development version.

oval:org.secpod.oval:def:112621
Libgcrypt is a general purpose crypto library based on the code used in GNU Privacy Guard. This is a development version.

oval:org.secpod.oval:def:46696
The host is installed with Oracle MySQL Server through 5.5.60 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to Server: Security: Privileges. Successful exploitation allows attackers to affect Availability.

oval:org.secpod.oval:def:46699
The host is installed with Oracle MySQL Server through 5.5.60, 5.6.40 or 5.7.22 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to Server: Options. Successful exploitation allows attackers to affect Confidentiality and Integri ...

oval:org.secpod.oval:def:46692
The host is installed with Oracle MySQL Server through 5.5.60, 5.6.40 or 5.7.22 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to MyISAM. Successful exploitation allows attackers to affect Integrity.

oval:org.secpod.oval:def:502586
The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix: * ghostscript: Incorrect free logic in pagedevice replacement * ghostscript: Incorrect &q ...

oval:org.secpod.oval:def:502590
The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes usi ...

oval:org.secpod.oval:def:51187
python-django: High-level Python web development framework Django could be made to expose spoofed information over the network.

oval:org.secpod.oval:def:51186
nss: Network Security Service library Several security issues were fixed in NSS.

oval:org.secpod.oval:def:502534
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.2.1. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 62 and Firefox ESR 60.2 * Mozilla: Use-after-free in driver timers * Mozilla: Use-after-free in IndexedDB * Mozilla: Prox ...

oval:org.secpod.oval:def:502539
NetworkManager is a system network service that manages network devices and connections, attempting to keep active network connectivity when available. Its capabilities include managing Ethernet, wireless, mobile broadband , and PPPoE devices, as well as providing VPN integration with a variety of d ...

oval:org.secpod.oval:def:51191
systemd: system and service manager Several security issues were fixed in systemd.

oval:org.secpod.oval:def:502540
The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix: * ghostscript: .tempfile file permission issues * ghostscript: shading_param incomplete t ...

oval:org.secpod.oval:def:502543
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fix: * ruby: OpenSSL::X509::Name equality check does not work correctly For more details about the security issue, including the impact, a ...

oval:org.secpod.oval:def:502545
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fix: * ruby: OpenSSL::X509::Name equality check does not work correctly For more details about the security issue, including the impact, a ...

oval:org.secpod.oval:def:2001509
When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice.

oval:org.secpod.oval:def:1900037
Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.6.41 and prior, 5.7.23and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Succes ...

oval:org.secpod.oval:def:114432
GNU Wget is a file retrieval utility which can use either the HTTP or FTP protocols. Wget features include the ability to work in the background while you are logged out, recursive retrieval of directories, file name wildcard matching, remote file timestamp storage and comparison, use of Rest with F ...

oval:org.secpod.oval:def:1700180
An off-by-one error has been discovered in libX11 in functions XGetFontPath, XListExtensions, and XListFonts. An attacker who can either configure a malicious X server or modify the data coming from one could use this flaw to make the program crash or have other unspecified effects, caused by the me ...

oval:org.secpod.oval:def:115740
systemd is a system and service manager that runs as PID 1 and starts the rest of the system. It provides aggressive parallelization capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, keeps track of processes using Linux control groups, mainta ...

oval:org.secpod.oval:def:1700126
Large syslogd messages sent to journald can cause stack corruption, causing journald to crash. The version of systemd on Amazon Linux 2 is not vulnerable to privilege escalation in this case. Large native messages to journald can cause stack corruption, leading to possible local privilege escalation ...

oval:org.secpod.oval:def:1700112
An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to crash systemd-journald or escalate privileges.It was disc ...

oval:org.secpod.oval:def:1700111
curl is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to iterate over t ...

oval:org.secpod.oval:def:2001554
A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are systemd versions up to and includ ...

oval:org.secpod.oval:def:1700101
An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within range of the Access Point and client can abuse the vulnerability to recover sensitive informat ...

oval:org.secpod.oval:def:502624
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Security Fix: * tomcat: Open redirect in default servlet For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page ...

oval:org.secpod.oval:def:53090
Daniel J. Bernstein, Joachim Breitner, Daniel Genkin, Leon Groot Bruinderink, Nadia Heninger, Tanja Lange, Christine van Vredendaal and Yuval Yarom discovered that Libgcrypt is prone to a local side-channel attack allowing full key recovery for RSA-1024. See https://eprint.iacr.org/2017/627 for deta ...

oval:org.secpod.oval:def:1502393
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502391
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502397
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502398
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:603240
Nick Wellnhofer discovered that certain function calls inside XPath predicates can lead to use-after-free and double-free errors when executed by libxml2"s XPath engine via an XSLT transformation.

oval:org.secpod.oval:def:115451
The purpose of libmspack is to provide both compression and decompression of some loosely related file formats used by Microsoft.

oval:org.secpod.oval:def:115454
cabextract is a program which can extract files from cabinet archives.

oval:org.secpod.oval:def:115477
cabextract is a program which can extract files from cabinet archives.

oval:org.secpod.oval:def:115479
The purpose of libmspack is to provide both compression and decompression of some loosely related file formats used by Microsoft.

oval:org.secpod.oval:def:115416
Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks . It is simple, straight-forward, and extensible.

oval:org.secpod.oval:def:50000
The host is installed with Artifex Ghostscript through 9.25 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to properly handle vectors involving errorhandler setup. Successful exploitation could allow attackers to bypass a sandbox protection mechani ...

oval:org.secpod.oval:def:50001
The host is installed with Artifex Ghostscript through 9.25 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to properly handle exposure of system operators in the saved execution stack in an error object. Successful exploitation could allow attacker ...

oval:org.secpod.oval:def:1901004
Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Su ...

oval:org.secpod.oval:def:602975
Daniel J. Bernstein, Joachim Breitner, Daniel Genkin, Leon Groot Bruinderink, Nadia Heninger, Tanja Lange, Christine van Vredendaal and Yuval Yarom discovered that Libgcrypt is prone to a local side-channel attack allowing full key recovery for RSA-1024. See https://eprint.iacr.org/2017/627 for deta ...

oval:org.secpod.oval:def:114995
BIND is an implementation of the DNS protocols. BIND includes a DNS server , which resolves host names to IP addresses; a resolver library ; and tools for verifying that the DNS server is operating properly.

oval:org.secpod.oval:def:47256
libxml2: GNOME XML library Several security issues were fixed in libxml2.

oval:org.secpod.oval:def:47269
The host is installed with Artifex Ghostscript before 9.23 and is prone to a type confusion vulnerability. A flaw is present in the application, which fails to properly handle the .shfill operator. Successful exploitation could allow attackers to supply crafted postScript files to crash the interpre ...

oval:org.secpod.oval:def:47268
The host is installed with Artifex Ghostscript before 9.23 and is prone to a type confusion vulnerability. A flaw is present in the application, which fails to properly handle the LockDistillerParams parameter. Successful exploitation could allow attackers to crash the interpreter or execute code.

oval:org.secpod.oval:def:47267
The host is installed with Artifex Ghostscript before 9.23 and is prone to an arbitrary code execution vulnerability. A flaw is present in the application, which fails to properly handle the uninitialized memory access in the aesdecode operator. Successful exploitation could allow attackers to crash ...

oval:org.secpod.oval:def:114975
wpa_supplicant is a WPA Supplicant for Linux, BSD and Windows with support for WPA and WPA2 . Supplicant is the IEEE 802.1X/WPA component that is used in the client stations. It implements key negotiation with a WPA Authenticator and it controls the roaming and IEEE 802.11 authentication/association ...

oval:org.secpod.oval:def:47270
The host is installed with Artifex Ghostscript before 9.23 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to properly handle .tempfile restrictions and write files. Successful exploitation could allow attackers to supply malicious postScript files ...

oval:org.secpod.oval:def:603354
A buffer-overflow vulnerability was discovered in Sharutils, a set of utilities handle Shell Archives. An attacker with control on the input of the unshar command, could crash the application or execute arbitrary code in the its context.

oval:org.secpod.oval:def:603395
Harry Sintonen discovered that wget, a network utility to retrieve files from the web, does not properly handle "\r\n" from continuation lines while parsing the Set-Cookie HTTP header. A malicious web server could use this flaw to inject arbitrary cookies to the cookie jar file, adding new or replac ...

oval:org.secpod.oval:def:1800302
CVE-2016-1238: loading of modules from current directory Fixed In Version: perl 5.22.3, perl 5.24.1

oval:org.secpod.oval:def:50168
An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to crash systemd-journald or escalate his privileges.

oval:org.secpod.oval:def:50169
An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when many entries are sent to the journal socket. A local attacker, or a remote one if systemd-journal-remote is used, may use this flaw to crash systemd-jou ...

oval:org.secpod.oval:def:50176
In systemd before 240-1, a popular init system and service manager for most Linux operating systems, that could allow unprivileged local attackers or malicious programs to gain root access on the targeted systems.

oval:org.secpod.oval:def:50177
In systemd before 240-1, a popular init system and service manager for most Linux operating systems, that could allow unprivileged local attackers or malicious programs to gain root access on the targeted systems.

oval:org.secpod.oval:def:115595
Samba is the standard Windows interoperability suite of programs for Linux and Unix.

oval:org.secpod.oval:def:503286
MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a later upstream version: mariadb . Security Fix: * mysql: MyISAM unspecified vulnerability * mysql: Server: Security: Privileges unspecified vulnerabilit ...

oval:org.secpod.oval:def:115591
Samba is the standard Windows interoperability suite of programs for Linux and Unix.

oval:org.secpod.oval:def:53231
Nick Wellnhofer discovered that certain function calls inside XPath predicates can lead to use-after-free and double-free errors when executed by libxml2"s XPath engine via an XSLT transformation.

oval:org.secpod.oval:def:115528
Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage.

oval:org.secpod.oval:def:115548
MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files.

oval:org.secpod.oval:def:704178
mutt: text-based mailreader supporting MIME, GPG, PGP and threading Several security issues were fixed in Mutt.

oval:org.secpod.oval:def:47382
Mozilla Firefox 62, Mozilla Firefox ESR 60.2, Mozilla Thunderbird 60.2.1 : A use-after-free vulnerability can occur when an IndexedDB index is deleted while still in use by JavaScript code that is providing payload values to be stored. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:47381
Mozilla Firefox 62, Mozilla Firefox ESR 60.2, Mozilla Thunderbird 60.2.1 : A use-after-free vulnerability can occur when refresh driver timers are refreshed in some circumstances during shutdown when the timer is deleted while still in use. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:47384
Mozilla Firefox 62, Mozilla Firefox ESR 60.2.1, Mozilla Thunderbird 60.2.1 : If a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the data was ...

oval:org.secpod.oval:def:47380
Mozilla Firefox 62Mozilla Firefox ESR 60.2, Mozilla Thunderbird 60.2.1 : Mozilla developers and community members Alex Gaynor, Boris Zbarsky, Christoph Diehl, Christian Holler, Jason Kratzer, Jed Davis, Tyson Smith, Bogdan Tara, Karl Tomlinson, Mats Palmgren, Nika Layzell, Ted Campbell, and Andrei C ...

oval:org.secpod.oval:def:603515
Tavis Ormandy discovered multiple vulnerabilites in Ghostscript, an interpreter for the PostScript language, which could result in the execution of arbitrary code if a malformed Postscript file is processed .

oval:org.secpod.oval:def:47397
The host is installed with Artifex Ghostscript before 9.24 and is prone to a use-after-free vulnerability. A flaw is present in the application, which fails to properly handle the builtin PDF14 converter. Successful exploitation could allow attackers to supply crafted postScript files to crash the i ...

oval:org.secpod.oval:def:47396
The host is installed with Artifex Ghostscript before 9.24 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to properly handle .tempfile restrictions and write files. Successful exploitation could allow attackers to supply malicious postScript files ...

oval:org.secpod.oval:def:47399
The host is installed with Artifex Ghostscript before 9.24 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle the stack-size checking during error handling. Successful exploitation could allow attackers to supply crafted postScript files to ...

oval:org.secpod.oval:def:2000477
Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. This can result in memory corruption and denial of service. This may be exploitable when a victim opens a specially crafted PDF fil ...

oval:org.secpod.oval:def:47398
The host is installed with Artifex Ghostscript before 9.24 and is prone to a denial of service vulnerability. A flaw is present in the application, which uses incorrect free logic in pagedevice. Successful exploitation could allow attackers to supply crafted postScript files to crash the interpreter ...

oval:org.secpod.oval:def:704129
libgcrypt20: LGPL Crypto library - libgcrypt11: LGPL Crypto library Libgcrypt could be made to expose sensitive information.

oval:org.secpod.oval:def:1901095
Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Succe ...

oval:org.secpod.oval:def:603433
It was discovered that Libgcrypt is prone to a local side-channel attack allowing recovery of ECDSA private keys.

oval:org.secpod.oval:def:47400
The host is installed with Artifex Ghostscript before 9.24 and is prone to a type confusion vulnerability. A flaw is present in the application, which uses gssetresolution and gsgetresolution parameters. Successful exploitation could allow attackers to supply crafted postScript files to crash the in ...

oval:org.secpod.oval:def:47403
The host is installed with Artifex Ghostscript before 9.24 and is prone to a type confusion vulnerability. A flaw is present in the application, which fails to properly handle the ztype parameter. Successful exploitation could allow attackers to supply crafted postScript files to crash the interpret ...

oval:org.secpod.oval:def:47404
The host is installed with Artifex Ghostscript before 9.24 and is prone to a type confusion vulnerability. A flaw is present in the application, which fails to properly handle the setcolor function. Successful exploitation could allow attackers to supply crafted postScript files to crash the interpr ...

oval:org.secpod.oval:def:53299
A buffer-overflow vulnerability was discovered in Sharutils, a set of utilities handle Shell Archives. An attacker with control on the input of the unshar command, could crash the application or execute arbitrary code in the its context.

oval:org.secpod.oval:def:1800471
CVE-2017-12837: Heap-based buffer overflow in the regular expression compiler in PERL before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service via a crafted regular expression with the case-insensitive modifier.

oval:org.secpod.oval:def:115201
Clam AntiVirus is an anti-virus toolkit for UNIX. The main purpose of this software is the integration with mail servers . The package provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via Internet. The programs are based on a shared li ...

oval:org.secpod.oval:def:53325
Harry Sintonen discovered that wget, a network utility to retrieve files from the web, does not properly handle "\r\n" from continuation lines while parsing the Set-Cookie HTTP header. A malicious web server could use this flaw to inject arbitrary cookies to the cookie jar file, adding new or replac ...

oval:org.secpod.oval:def:115232
Paramiko is a module for python 2.3 or greater that implements the SSH2 protocol for secure connections to remote machines. Unlike SSL , the SSH2 protocol does not require hierarchical certificates signed by a powerful central authority. You may know SSH2 as the protocol that replaced telnet and r ...

oval:org.secpod.oval:def:53354
It was discovered that Libgcrypt is prone to a local side-channel attack allowing recovery of ECDSA private keys.

oval:org.secpod.oval:def:114765
Botan is a BSD-licensed crypto library written in C++. It provides a wide variety of basic cryptographic algorithms, X.509 certificates and CRLs, PKCS \#10 certificate requests, a filter/pipe message processing system, and a wide variety of other features, all written in portable C++. The API refere ...

oval:org.secpod.oval:def:52869
libgcrypt20: LGPL Crypto library - libgcrypt11: LGPL Crypto library Several security issues were fixed in Libgcrypt.

oval:org.secpod.oval:def:114753
Libsoup is an HTTP library implementation in C. It was originally part of a SOAP implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. libsoup uses the Glib main loop and is designed to work well with GTK applications. This enables GNOME application ...

oval:org.secpod.oval:def:51542
systemd: system and service manager Details: USN-3816-1 fixed several vulnerabilities in systemd. However, the fix for CVE-2018-6954 was not sufficient. This update provides the remaining fixes. We apologize for the inconvenience. Original advisory systemd-tmpfiles could be made to change ownership ...

oval:org.secpod.oval:def:603605
The Qualys Research Labs discovered multiple vulnerabilities in systemd-journald. Two memory corruption flaws, via attacker-controlled allocas and an out-of-bounds read flaw leading to an information leak , could allow an attacker to cause a denial of service or the execution of arbitrary code. Fur ...

oval:org.secpod.oval:def:603602
It was discovered that malformed URLs could spoof the content of the default 404 page of Django, a Python web development framework.

oval:org.secpod.oval:def:114771
Botan is a BSD-licensed crypto library written in C++. It provides a wide variety of basic cryptographic algorithms, X.509 certificates and CRLs, PKCS \#10 certificate requests, a filter/pipe message processing system, and a wide variety of other features, all written in portable C++. The API refere ...

oval:org.secpod.oval:def:704288
wpa: client support for WPA and WPA2 wpa_supplicant and hostapd could be made to expose sensitive information if it received a crafted message.

oval:org.secpod.oval:def:704282
libxml2: GNOME XML library Several security issues were fixed in libxml2.

oval:org.secpod.oval:def:704272
- gnupg: GNU privacy guard - a free PGP replacement GnuPG could be made to expose sensitive information.

oval:org.secpod.oval:def:114748
Libsoup is an HTTP library implementation in C. It was originally part of a SOAP implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. libsoup uses the Glib main loop and is designed to work well with GTK applications. This enables GNOME application ...

oval:org.secpod.oval:def:704250
libxcursor: X11 cursor management library libxcursor could be made to crash or run programs if it opened a specially crafted file.

oval:org.secpod.oval:def:704244
mysql-5.7: MySQL database - mysql-5.5: MySQL database Several security issues were fixed in MySQL.

oval:org.secpod.oval:def:603547
Nitin Venkatesh discovered a cross-site scripting vulnerability in moin, a Python clone of WikiWiki. A remote attacker can conduct cross-site scripting attacks via the GUI editor"s link dialogue. This only affects installations which have set up fckeditor .

oval:org.secpod.oval:def:704247
libmspack: library for Microsoft compression formats Several security issues were fixed in libmspack.

oval:org.secpod.oval:def:47565
The host is installed with Artifex Ghostscript before 9.25 and is prone to an arbitrary code execution vulnerability. A flaw is present in the application, which fails to properly handle crafted postscript. Successful exploitation could allow attackers to potentially overwrite or replace error handl ...

oval:org.secpod.oval:def:704249
clamav: Anti-virus utility for Unix Details: USN-3728-1 fixed several vulnerabilities in libmspack. In Ubuntu 14.04 libmspack is included into ClamAV. This update provides the corresponding update for Ubuntu 14.04 LTS. Original advisory Several security issues were fixed in ClamAV.

oval:org.secpod.oval:def:704233
sharutils: shar, unshar, uuencode, uudecode Sharutils could be made to execute arbitrary code if it opened a specially crafted file.

oval:org.secpod.oval:def:603537
Google"s OSS-Fuzz revealed an exploitable bug in the gmp plugin caused by the patch that fixes CVE-2018-16151 and CVE-2018-16151 . An attacker could trigger it using crafted certificates with RSA keys with very small moduli. Verifying signatures with such keys would cause an integer underflow and su ...

oval:org.secpod.oval:def:704238
clamav: Anti-virus utility for Unix Details: USN-3722-1 fixed vulnerabilities in ClamAV. The updated ClamAV version removed some configuration options which caused the daemon to fail to start in environments where the ClamAV configuration file was manually edited. This update fixes the problem. We a ...

oval:org.secpod.oval:def:704225
libsoup2.4: HTTP client/server library for GNOME libsoup could be made to crash if it received a specially crafted input.

oval:org.secpod.oval:def:603568
Several vulnerabilities were discovered in Ghostscript, the GPL PostScript/PDF interpreter, which may result in denial of service, disclosure of existence and size of arbitrary files, or the execution of arbitrary code if a malformed Postscript file is processed . This update rebases ghostscript for ...

oval:org.secpod.oval:def:603565
Three vulnerabilities were discovered in Nginx, a high-performance web and reverse proxy server, which could in denial of service in processing HTTP/2 or server memory disclosure in the ngx_http_mp4_module module .

oval:org.secpod.oval:def:603562
Several vulnerabilities have been discovered in the interpreter for the Ruby language. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2018-16395 Tyler Eckstein reported that the equality check of OpenSSL::X509::Name could return true for non-equal objects. If ...

oval:org.secpod.oval:def:603554
Multiple security issues have been found in Thunderbird: Multiple memory safety errors and use-after-frees may lead to the execution of arbitrary code or denial of service.

oval:org.secpod.oval:def:704219
libxml2: GNOME XML library libxml2 could be made to crash or run arbitrary code if it opened a specially crafted file.

oval:org.secpod.oval:def:704216
wget: retrieves files from the web Wget could be made to inject arbitrary cookie values.

oval:org.secpod.oval:def:47518
The host is installed with Artifex Ghostscript before 9.25 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to properly handle an exception during incorrect "restoration of privilege" checking when running out of stack. Successful exploitation c ...

oval:org.secpod.oval:def:603576
Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2018-14629 Florian Stuelpner discovered that Samba is vulnerable to infinite query recursion caused by CNAME ...

oval:org.secpod.oval:def:603575
Several vulnerabilities were discovered in Ghostscript, the GPL PostScript/PDF interpreter, which may result in denial of service or the execution of arbitrary code if a malformed Postscript file is processed . This update rebases ghostscript for stretch to the upstream version 9.26 which includes a ...

oval:org.secpod.oval:def:115295
NetworkManager is a system service that manages network interfaces and connections based on user or automatic configuration. It supports Ethernet, Bridge, Bond, VLAN, Team, InfiniBand, Wi-Fi, mobile broadband , PPPoE and other devices, and supports a variety of different VPN services.

oval:org.secpod.oval:def:43122
The host is installed with Google Chrome before 63.0.3239.84 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:115289
systemd is a system and service manager that runs as PID 1 and starts the rest of the system. It provides aggressive parallelization capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, keeps track of processes using Linux control groups, mainta ...

oval:org.secpod.oval:def:52092
libxml2: GNOME XML library libxml2 could be made to crash or run arbitrary code if it opened a specially crafted file.

oval:org.secpod.oval:def:115256
Paramiko is a module for python 2.3 or greater that implements the SSH2 protocol for secure connections to remote machines. Unlike SSL , the SSH2 protocol does not require hierarchical certificates signed by a powerful central authority. You may know SSH2 as the protocol that replaced telnet and r ...

oval:org.secpod.oval:def:52101
sharutils: shar, unshar, uuencode, uudecode Sharutils could be made to execute arbitrary code if it opened a specially crafted file.

oval:org.secpod.oval:def:52106
- gnupg: GNU privacy guard - a free PGP replacement GnuPG could be made to expose sensitive information.

oval:org.secpod.oval:def:52121
tomcat8: Servlet and JSP engine - tomcat7: Servlet and JSP engine Tomcat could be made to redirect to arbitrary locations.

oval:org.secpod.oval:def:52124
systemd: system and service manager Several security issues were fixed in systemd.

oval:org.secpod.oval:def:115346
systemd is a system and service manager that runs as PID 1 and starts the rest of the system. It provides aggressive parallelization capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, keeps track of processes using Linux control groups, mainta ...

oval:org.secpod.oval:def:53468
Several vulnerabilities were discovered in Ghostscript, the GPL PostScript/PDF interpreter, which may result in denial of service or the execution of arbitrary code if a malformed Postscript file is processed . This update rebases ghostscript for stretch to the upstream version 9.26 which includes a ...

oval:org.secpod.oval:def:53417
Tavis Ormandy discovered multiple vulnerabilites in Ghostscript, an interpreter for the PostScript language, which could result in the execution of arbitrary code if a malformed Postscript file is processed .

oval:org.secpod.oval:def:52943
clamav: Anti-virus utility for Unix Details: USN-3728-1 fixed several vulnerabilities in libmspack. In Linux Mint 17.x libmspack is included into ClamAV. This update provides the corresponding update for Linux Mint 17.x LTS. Original advisory Several security issues were fixed in ClamAV.

oval:org.secpod.oval:def:704396
systemd: system and service manager Details: USN-3816-1 fixed several vulnerabilities in systemd. However, the fix for CVE-2018-6954 was not sufficient. This update provides the remaining fixes. We apologize for the inconvenience. Original advisory systemd-tmpfiles could be made to change ownership ...

oval:org.secpod.oval:def:52955
clamav: Anti-virus utility for Unix Details: USN-3814-1 fixed several vulnerabilities in libmspack. In Linux Mint 17.x libmspack is included into ClamAV. This update provides the corresponding update for Linux Mint 17.x LTS. Original advisory Several security issues were fixed in ClamAV.

oval:org.secpod.oval:def:704388
clamav: Anti-virus utility for Unix Details: USN-3814-1 fixed several vulnerabilities in libmspack. In Ubuntu 14.04 libmspack is included into ClamAV. This update provides the corresponding update for Ubuntu 14.04 LTS. Original advisory Several security issues were fixed in ClamAV.

oval:org.secpod.oval:def:704383
libmspack: library for Microsoft compression formats Several security issues were fixed in libmspack.

oval:org.secpod.oval:def:704385
systemd: system and service manager Several security issues were fixed in systemd.

oval:org.secpod.oval:def:114867
poppler is a PDF rendering library.

oval:org.secpod.oval:def:114862
Mutt is a small but very powerful text-based MIME mail client. Mutt is highly configurable, and is well suited to the mail power user with advanced features like key bindings, keyboard macros, mail threading, regular expression searches and a powerful pattern matching language for selecting groups o ...

oval:org.secpod.oval:def:704381
nginx: small, powerful, scalable web/proxy server Several security issues were fixed in nginx.

oval:org.secpod.oval:def:205321
MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a later upstream version: mariadb . Security Fix: * mysql: MyISAM unspecified vulnerability * mysql: Server: Security: Privileges unspecified vulnerabilit ...

oval:org.secpod.oval:def:114859
Mutt is a small but very powerful text-based MIME mail client. Mutt is highly configurable, and is well suited to the mail power user with advanced features like key bindings, keyboard macros, mail threading, regular expression searches and a powerful pattern matching language for selecting groups o ...

oval:org.secpod.oval:def:704376
spamassassin: Perl-based spam filter using text analysis Several security issues were fixed in SpamAssassin.

oval:org.secpod.oval:def:704372
ruby2.5: Interpreter of object-oriented scripting language Ruby - ruby2.3: Object-oriented scripting language - ruby1.9.1: Object-oriented scripting language - ruby2.0: Object-oriented scripting language Several security issues were fixed in Ruby.

oval:org.secpod.oval:def:704373
systemd: system and service manager systemd-networkd could be made to crash or run programs if it received specially crafted network traffic.

oval:org.secpod.oval:def:704371
network-manager: Network connection manager NetworkManager could be made to crash or run programs if it received specially crafted network traffic.

oval:org.secpod.oval:def:114924
The purpose of libmspack is to provide both compression and decompression of some loosely related file formats used by Microsoft.

oval:org.secpod.oval:def:704367
paramiko: Python SSH2 library Details: USN-3796-1 fixed a vulnerability in Paramiko. This update provides the corresponding update for Ubuntu 18.10. Original advisory Paramiko could allow unintended access to network services.

oval:org.secpod.oval:def:704362
texlive-bin: TeX Live: path search library for TeX Details: USN-3788-1 fixed vulnerabilities in Tex Live. This update provides the corresponding update for Ubuntu 18.10 Original advisory Several security issues were fixed in Tex Live.

oval:org.secpod.oval:def:704369
ghostscript: PostScript and PDF interpreter Several security issues were fixed in Ghostscript.

oval:org.secpod.oval:def:704356
mysql-5.7: MySQL database - mysql-5.5: MySQL database Several security issues were fixed in MySQL.

oval:org.secpod.oval:def:704350
thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird.

oval:org.secpod.oval:def:704351
moin: Collaborative hypertext environment MoinMoin could be made to expose sensitive information if it received a specially crafted input.

oval:org.secpod.oval:def:704353
paramiko: Python SSH2 library Paramiko could allow unintended access to network services.

oval:org.secpod.oval:def:704344
tomcat8: Servlet and JSP engine - tomcat7: Servlet and JSP engine Tomcat could be made to redirect to arbitrary locations.

oval:org.secpod.oval:def:704347
clamav: Anti-virus utility for Unix ClamAV could be made to crash if it opened a specially crafted file.

oval:org.secpod.oval:def:704335
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:704326
mutt: text-based mailreader supporting MIME, GPG, PGP and threading Details: USN-3719-1 fixed vulnerabilities in Mutt. Unfortunately, the fixes were not correctly applied to the packaging for Mutt in Ubuntu 16.04 LTS. This update corrects the oversight. We apologize for the inconvenience. Original a ...

oval:org.secpod.oval:def:704327
strongswan: IPsec VPN solution strongSwan could be made to crash or run programs if it received specially crafted network traffic.

oval:org.secpod.oval:def:704328
ghostscript: PostScript and PDF interpreter Several security issues were fixed in Ghostscript.

oval:org.secpod.oval:def:704318
php7.2: HTML-embedded scripting language interpreter - php7.0: HTML-embedded scripting language interpreter - php5: HTML-embedded scripting language interpreter Several security issues were fixed in PHP.

oval:org.secpod.oval:def:704307
libx11: X11 client-side library Several security issues were fixed in libx11.

oval:org.secpod.oval:def:704308
libtirpc: transport-independent RPC library - development files Several security issues were fixed in libtirpc.

oval:org.secpod.oval:def:704309
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:704306
poppler: PDF rendering library poppler could be made to crash if it received specially crafted PDF file.

oval:org.secpod.oval:def:47606
The host is missing a moderate security update according to Mozilla advisory, MFSA2018-23. The update is required to fix a denial of service vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation allows attackers to crash an application.

oval:org.secpod.oval:def:47623
The host is missing a moderate security update according to Mozilla advisory, MFSA2018-23. The update is required to fix a denial of service vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation allows attackers to crash an application.

oval:org.secpod.oval:def:47622
The host is missing a moderate security update according to Mozilla advisory, MFSA2018-22. The update is required to fix a denial of service vulnerability. A flaw is present in the application, which fails to handle the TransportSecurityInfo used for SSL. Successful exploitation allows attackers to ...

oval:org.secpod.oval:def:47624
Mozilla Firefox 62.0.2, Mozilla Firefox ESR 60.2.1, Mozilla Thunderbird 60.2.1 : A potentially exploitable crash in TransportSecurityInfo used for SSL can be triggered by data stored in the local cache in the user profile directory. This issue is only exploitable in combination with another vulnerab ...

oval:org.secpod.oval:def:115374
NetworkManager is a system service that manages network interfaces and connections based on user or automatic configuration. It supports Ethernet, Bridge, Bond, VLAN, Team, InfiniBand, Wi-Fi, mobile broadband , PPPoE and other devices, and supports a variety of different VPN services.

oval:org.secpod.oval:def:53476
Multiple security issues were found in PHP, a widely-used open source general purpose scripting language: The EXIF module was susceptible to denial of service/information disclosure when parsing malformed images, the Apache module allowed cross-site-scripting via the body of a "Transfer-Encodin ...

oval:org.secpod.oval:def:53491
The Qualys Research Labs discovered multiple vulnerabilities in systemd-journald. Two memory corruption flaws, via attacker-controlled allocas and an out-of-bounds read flaw leading to an information leak , could allow an attacker to cause a denial of service or the execution of arbitrary code. Fur ...

oval:org.secpod.oval:def:53488
It was discovered that malformed URLs could spoof the content of the default 404 page of Django, a Python web development framework.

oval:org.secpod.oval:def:115385
Clam AntiVirus is an anti-virus toolkit for UNIX. The main purpose of this software is the integration with mail servers . The package provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via Internet. The programs are based on a shared li ...

oval:org.secpod.oval:def:115383
Paramiko is a module for python 2.3 or greater that implements the SSH2 protocol for secure connections to remote machines. Unlike SSL , the SSH2 protocol does not require hierarchical certificates signed by a powerful central authority. You may know SSH2 as the protocol that replaced telnet and r ...

oval:org.secpod.oval:def:1900116
Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.6.41 and prior, 5.7.23and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Succes ...

oval:org.secpod.oval:def:1700090
A flaw was found in the way SpamAssassin processes HTML email containing unclosed HTML tags. A carefully crafted mail message could cause SpamAssassin to consume significant resources. If a large number of these messages are sent, a denial of service could occur potentially delaying or preventing th ...

oval:org.secpod.oval:def:1700098
A cookie injection flaw was found in wget. An attacker can create a malicious website which, when accessed, overrides cookies belonging to arbitrary domains.

oval:org.secpod.oval:def:1901486
Vulnerability in the MySQL Client component of Oracle MySQL . Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior, 5.7.22 and prior and 8.0.11 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromis ...

oval:org.secpod.oval:def:114552
WavPack is a completely open audio compression format providing lossless, high-quality lossy, and a unique hybrid compression mode. Although the technology is loosely based on previous versions of WavPack, the new version 4 format has been designed from the ground up to offer unparalleled performanc ...

oval:org.secpod.oval:def:52202
nginx: small, powerful, scalable web/proxy server Several security issues were fixed in nginx.

oval:org.secpod.oval:def:1700075
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c does not forbid characters that may have unsafe interaction with message-cache pathnames, as demonstrated by a #039;/#039; character.An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They al ...

oval:org.secpod.oval:def:115097
MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files.

oval:org.secpod.oval:def:704432
nss: Network Security Service library Several security issues were fixed in NSS.

oval:org.secpod.oval:def:704433
python-django: High-level Python web development framework Django could be made to expose spoofed information over the network.

oval:org.secpod.oval:def:704437
systemd: system and service manager Several security issues were fixed in systemd.

oval:org.secpod.oval:def:704422
lxml: pythonic binding for the libxml2 and libxslt libraries lxml could allow cross-site scripting attacks.

oval:org.secpod.oval:def:704425
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:1502298
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502297
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:704400
samba: SMB/CIFS file, print, and login server for Unix Several security issues were fixed in Samba.

oval:org.secpod.oval:def:1900063
Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server exe ...

oval:org.secpod.oval:def:1900066
Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.5.61and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise M ...

oval:org.secpod.oval:def:704407
ghostscript: PostScript and PDF interpreter Several security issues were fixed in Ghostscript.

oval:org.secpod.oval:def:115047
MariaDB is a community developed branch of MySQL. MariaDB is a multi-user, multi-threaded SQL database server. It is a client/server implementation consisting of a server daemon and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs an ...

oval:org.secpod.oval:def:115041
MariaDB is a community developed branch of MySQL. MariaDB is a multi-user, multi-threaded SQL database server. It is a client/server implementation consisting of a server daemon and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs an ...

oval:org.secpod.oval:def:115078
This package provides useful conversion utilities based on Ghostscript software, for converting PS, PDF and other document formats between each other. Ghostscript is a suite of software providing an interpreter for Adobe Systems' PostScript and Portable Document Format page description languag ...

oval:org.secpod.oval:def:502352
Mutt is a low resource, highly configurable, text-based MIME e-mail client. Mutt supports most e-mail storing formats, such as mbox and Maildir, as well as most protocols, including POP3 and IMAP. Security Fix: * mutt: Remote code injection vulnerability to an IMAP mailbox * mutt: Remote Code Execu ...

oval:org.secpod.oval:def:502368
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.2.1 ESR. Security Fix: * Mozilla: Crash in TransportSecurityInfo due to cached data * Mozilla: Setting a master password post-Firefox 58 does no ...

oval:org.secpod.oval:def:502367
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.2.1 ESR. Security Fix: * Mozilla: Crash in TransportSecurityInfo due to cached data * Mozilla: Setting a master password post-Firefox 58 does no ...

oval:org.secpod.oval:def:115061
This package provides useful conversion utilities based on Ghostscript software, for converting PS, PDF and other document formats between each other. Ghostscript is a suite of software providing an interpreter for Adobe Systems' PostScript and Portable Document Format page description languag ...

oval:org.secpod.oval:def:115011
wpa_supplicant is a WPA Supplicant for Linux, BSD and Windows with support for WPA and WPA2 . Supplicant is the IEEE 802.1X/WPA component that is used in the client stations. It implements key negotiation with a WPA Authenticator and it controls the roaming and IEEE 802.11 authentication/association ...

oval:org.secpod.oval:def:1900096
Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.6.41 and prior, 5.7.23and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Succes ...

oval:org.secpod.oval:def:205142
The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes usi ...

oval:org.secpod.oval:def:205132
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fix: * ruby: OpenSSL::X509::Name equality check does not work correctly For more details about the security issue, including the impact, a ...

oval:org.secpod.oval:def:205133
The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix: * ghostscript: .tempfile file permission issues * ghostscript: shading_param incomplete t ...

oval:org.secpod.oval:def:51025
systemd: system and service manager Several security issues were fixed in systemd.

oval:org.secpod.oval:def:205135
The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix: * ghostscript: Incorrect free logic in pagedevice replacement * ghostscript: Incorrect &q ...

oval:org.secpod.oval:def:205120
NetworkManager is a system network service that manages network devices and connections, attempting to keep active network connectivity when available. Its capabilities include managing Ethernet, wireless, mobile broadband , and PPPoE devices, as well as providing VPN integration with a variety of d ...

oval:org.secpod.oval:def:205127
The python-paramiko package provides a Python module that implements the SSH2 protocol for encrypted and authenticated connections to remote machines. Unlike SSL, the SSH2 protocol does not require hierarchical certificates signed by a powerful central authority. The protocol also includes the abili ...

oval:org.secpod.oval:def:115100
This package provides useful conversion utilities based on Ghostscript software, for converting PS, PDF and other document formats between each other. Ghostscript is a suite of software providing an interpreter for Adobe Systems' PostScript and Portable Document Format page description languag ...

oval:org.secpod.oval:def:502372
The SpamAssassin tool provides a way to reduce unsolicited commercial email from incoming email. Security Fix: * spamassassin: Certain unclosed tags in crafted emails allow for scan timeouts and result in denial of service * spamassassin: Local user code injection in the meta rule syntax For more ...

oval:org.secpod.oval:def:205171
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Security Fix: * tomcat: Open redirect in default servlet For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page ...

oval:org.secpod.oval:def:114663
Libgcrypt is a general purpose crypto library based on the code used in GNU Privacy Guard. This is a development version.

oval:org.secpod.oval:def:114655
Libgcrypt is a general purpose crypto library based on the code used in GNU Privacy Guard. This is a development version.

oval:org.secpod.oval:def:115930
Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory e ...

oval:org.secpod.oval:def:115925
This package provides useful conversion utilities based on Ghostscript software, for converting PS, PDF and other document formats between each other. Ghostscript is a suite of software providing an interpreter for Adobe Systems' PostScript and Portable Document Format page description languag ...

oval:org.secpod.oval:def:115956
This package provides useful conversion utilities based on Ghostscript software, for converting PS, PDF and other document formats between each other. Ghostscript is a suite of software providing an interpreter for Adobe Systems' PostScript and Portable Document Format page description languag ...

oval:org.secpod.oval:def:115952
systemd is a system and service manager that runs as PID 1 and starts the rest of the system. It provides aggressive parallelization capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, keeps track of processes using Linux control groups, mainta ...

oval:org.secpod.oval:def:1901496
When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice.

oval:org.secpod.oval:def:47874
The host is missing a critical security update according to Mozilla advisory, MFSA2018-25. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ...

oval:org.secpod.oval:def:47876
The host is missing a critical security update according to Mozilla advisory, MFSA2018-25. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ...

oval:org.secpod.oval:def:47875
The host is installed with Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 or 7.0.23 to 7.0.90 and is prone to an open redirection vulnerability. A flaw is present in the application which fails to handle the issue in default servlet which returned a redirect to a directory. Successful ex ...

oval:org.secpod.oval:def:51062
libgcrypt20: LGPL Crypto library - libgcrypt11: LGPL Crypto library Libgcrypt could be made to expose sensitive information.

oval:org.secpod.oval:def:115126
SpamAssassin provides you with a way to reduce if not completely eliminate Unsolicited Commercial Email from your incoming email. It can be invoked by a MDA such as sendmail or postfix, or can be called from a procmail script, .forward file, etc. It uses a genetic-algorithm evolved scoring system t ...

oval:org.secpod.oval:def:115157
SpamAssassin provides you with a way to reduce if not completely eliminate Unsolicited Commercial Email from your incoming email. It can be invoked by a MDA such as sendmail or postfix, or can be called from a procmail script, .forward file, etc. It uses a genetic-algorithm evolved scoring system t ...

oval:org.secpod.oval:def:603087
Daniel J. Bernstein, Joachim Breitner, Daniel Genkin, Leon Groot Bruinderink, Nadia Heninger, Tanja Lange, Christine van Vredendaal and Yuval Yarom discovered that GnuPG is prone to a local side-channel attack allowing full key recovery for RSA-1024.

oval:org.secpod.oval:def:51092
wget: retrieves files from the web Wget could be made to inject arbitrary cookie values.

oval:org.secpod.oval:def:1502408
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:51101
linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-kvm: Linux kernel for cloud environments - linux-oem: Linux kernel for OEM processors - li ...

oval:org.secpod.oval:def:1502467
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502468
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502466
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:2000186
GPAC version 0.7.2 and earlier has a Buffer Overflow vulnerability in the gf_sm_load_init function in scene_manager.c in libgpac_static.a.

oval:org.secpod.oval:def:1900757
An issue was discovered in MP4Box in GPAC 0.7.1. There is a heap-based buffer over-read in the isomedia/box_dump.c function hdlr_dump.

oval:org.secpod.oval:def:1502475
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502476
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:2000163
libarchive version commit bf9aec176c6748f0ee7a678c5f9f9555b9a757c1 onwards contains a CWE-125: Out-of-bounds Read vulnerability in 7zip decompression, archive_read_support_format_7zip.c, header_bytes that can result in a crash . This attack appears to be exploitable via the victim opening a special ...

oval:org.secpod.oval:def:1502423
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502424
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502428
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:2001456
An issue was discovered in MP4Box in GPAC 0.7.1. There is a heap-based buffer over-read in the isomedia/box_dump.c function hdlr_dump.

oval:org.secpod.oval:def:1502429
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502436
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502437
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502445
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502444
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502449
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502447
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1900776
do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360.

oval:org.secpod.oval:def:704660
libgd2: GD Graphics Library Several security issues were fixed in GD.

oval:org.secpod.oval:def:704654
thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird.

oval:org.secpod.oval:def:704655
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:704657
openssl1.0: Secure Socket Layer cryptographic library and tools - openssl: Secure Socket Layer cryptographic library and tools OpenSSL could be made to expose sensitive information over the network.

oval:org.secpod.oval:def:502585
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.4.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4 * Mozilla: Memory corruption in Angle * Mozilla: ...

oval:org.secpod.oval:def:502587
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.4.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4 * Mozilla: Memory corruption in Angle * Mozilla: ...

oval:org.secpod.oval:def:45313
The host is installed with LibreOffice before 5.4.6.1 or 6.x before 6.0.2001 and is prone to a heap-based buffer overflow vulnerability. A flaw is present in the application, which fails to properly validate a customizations index. Successful exploitation could allow remote attackers to crash the se ...

oval:org.secpod.oval:def:45314
The host is installed with LibreOffice before 5.4.5 or 6.x before 6.0.1 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to properly handle an incorrect integer data type in the StgSmallStrm class. Successful exploitation could allow remote attackers ...

oval:org.secpod.oval:def:502595
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.4.0. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4 * chromium-browser, firefox: Memory corruption in Angle * Mozilla: Use-after-free with select elem ...

oval:org.secpod.oval:def:502594
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.4.0. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4 * chromium-browser, firefox: Memory corruption in Angle * Mozilla: Use-after-free with select elem ...

oval:org.secpod.oval:def:502599
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.5.0 ESR. Security Fix: * Mozilla: Use-after-free parsing HTML5 stream * Mozilla: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5 * ...

oval:org.secpod.oval:def:51194
libcaca: text mode graphics utilities Several security issues were fixed in libcaca.

oval:org.secpod.oval:def:51195
libarchive: Library to read/write archive files Several security issues were fixed in libarchive.

oval:org.secpod.oval:def:51199
ghostscript: PostScript and PDF interpreter Ghostscript could be made to crash, access files, or run programs if it opened a specially crafted file.

oval:org.secpod.oval:def:704805
openssh: secure shell for secure access to remote machines Details: USN-3885-1 fixed vulnerabilities in OpenSSH. It was discovered that the fix for CVE-2019-6111 turned out to be incomplete. This update fixes the problem. Original advisory One of the fixes in USN-3885-1 was incomplete.

oval:org.secpod.oval:def:1900026
The GD Graphics Library 2.2.5 has a double free in thegdImage*Ptr functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE:PHP is unaffected.

oval:org.secpod.oval:def:51215
libarchive: Library to read/write archive files Several security issues were fixed in libarchive.

oval:org.secpod.oval:def:51214
openssh: secure shell for secure access to remote machines Several security issues were fixed in OpenSSH.

oval:org.secpod.oval:def:51217
poppler: PDF rendering library Several security issues were fixed in poppler.

oval:org.secpod.oval:def:51222
systemd: system and service manager systemd could be made to crash if it received specially a crafted D-Bus message.

oval:org.secpod.oval:def:51228
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:51227
thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird.

oval:org.secpod.oval:def:51229
openssl1.0: Secure Socket Layer cryptographic library and tools - openssl: Secure Socket Layer cryptographic library and tools OpenSSL could be made to expose sensitive information over the network.

oval:org.secpod.oval:def:1900006
rssh version 2.3.4 contains a CWE-77: Improper Neutralization of Special Elements used in a Command vulnerability in allow scppermission that can result in Local command execution. This attack appear to be exploitable via An authorized SSH user with the allow scp permission.

oval:org.secpod.oval:def:1900014
Insufficient sanitization of arguments passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, result ing in the execution of arbitrary shell commands.

oval:org.secpod.oval:def:114402
LibreOffice is an Open Source, community-developed, office productivity suite. It includes the key desktop applications, such as a word processor, spreadsheet, presentation manager, formula editor and drawing program, with a user interface and feature set similar to other office suites. Sophisticate ...

oval:org.secpod.oval:def:1700178
An issue was discovered in OpenSSH. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned . A malicious scp server can overwrite arbitrary fil ...

oval:org.secpod.oval:def:1700163
When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration file or if a PAC file is loaded locally, this PAC file can specify that requests to the localhost are to be sent through the proxy to another server. This behavior is disallowed by default when a proxy is manual ...

oval:org.secpod.oval:def:51200
mysql-5.7: MySQL database Several security issues were fixed in MySQL.

oval:org.secpod.oval:def:1700148
Spice, versions 0.5.2 through 0.14.0, are vulnerable to an out-of-bounds read due to an off-by-one error in memslot_get_virt. This may lead to a denial of service, or, in the worst case, code-execution by unauthenticated attackers.

oval:org.secpod.oval:def:51204
spice: SPICE protocol client and server library Spice could be made to crash or run programs if it received specially crafted network traffic.

oval:org.secpod.oval:def:51207
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:113993
p7zip is a port of 7za.exe for Unix. 7-Zip is a file archiver with a very high compression ratio

oval:org.secpod.oval:def:1700139
It was found that bus_process_object in bus-objects.c allocates a buffer on the stack large enough to temporarily store the object path specified in the incoming message. A malicious unprivileged local user to send a message which results in the stack pointer moving outside of the bounds of the curr ...

oval:org.secpod.oval:def:113980
p7zip is a port of 7za.exe for Unix. 7-Zip is a file archiver with a very high compression ratio

oval:org.secpod.oval:def:1502313
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502312
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1700115
The GD Graphics Library 2.2.5 has a double free in the gdImage*Ptr functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE: PHP is unaffected.

oval:org.secpod.oval:def:502612
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.5.1 ESR. Security Fix: * chromium-browser, mozilla: Use after free in Skia * mozilla: Integer overflow in Skia For more details about the secur ...

oval:org.secpod.oval:def:502614
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.5.1 ESR. Security Fix: * chromium-browser, mozilla: Use after free in Skia * mozilla: Integer overflow in Skia For more details about the secur ...

oval:org.secpod.oval:def:502613
The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes usi ...

oval:org.secpod.oval:def:502617
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * kernel: MIDI driver race condition leads to a double-free For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the ...

oval:org.secpod.oval:def:502629
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.6.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6 * Mozilla: Use-after-free when removing in-use DOM ...

oval:org.secpod.oval:def:502628
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.6.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6 * Mozilla: Use-after-free when removing in-use DOM ...

oval:org.secpod.oval:def:502630
The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix: * ghostscript: superexec operator is available * ghostscript: forceput in DefineResource ...

oval:org.secpod.oval:def:502634
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.6.1. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6 * Mozilla: Use-after-free when removing in-use DOM elements * Mozilla: Type inference is incorrect ...

oval:org.secpod.oval:def:502636
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.6.1. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6 * Mozilla: Use-after-free when removing in-use DOM elements * Mozilla: Type inference is incorrect ...

oval:org.secpod.oval:def:1900823
GPAC version 0.7.2 and earlier has a Buffer Overflow vulnerability in the gf_sm_load_init function in scene_manager.c in libgpac_static.a.

oval:org.secpod.oval:def:50800
The host is missing a high security update according to Mozilla advisory, MFSA2019-05. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code.

oval:org.secpod.oval:def:50803
The host is missing a high security update according to Mozilla advisory, MFSA2019-04. The update is required to fix multiple vulnerabilities. A flaw is present in the application, which fails to handle crafted data. Successful exploitation allows attackers to crash an application.

oval:org.secpod.oval:def:50804
The host is missing a high security update according to Mozilla advisory, MFSA2019-05. The update is required to fix multiple vulnerabilities. A flaw is present in the application, which fails to handle crafted data. Successful exploitation allows attackers to crash an application.

oval:org.secpod.oval:def:1900827
In GPAC 0.7.2, gf_text_get_utf8_line in media_tools/text_import.c in libgpac_static.a allows an out-of-bounds write because a certain -1 return value is mishandled.

oval:org.secpod.oval:def:502601
The Simple Protocol for Independent Computing Environments is a remote display system built for virtual environments which allows the user to view a computing "desktop" environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine arch ...

oval:org.secpod.oval:def:502600
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.5.0 ESR. Security Fix: * Mozilla: Use-after-free parsing HTML5 stream * Mozilla: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5 * ...

oval:org.secpod.oval:def:502602
The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix: * ghostscript: use-after-free in copydevice handling * ghostscript: access bypass in psi/ ...

oval:org.secpod.oval:def:502607
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.5.0. Security Fix: * Mozilla: Use-after-free parsing HTML5 stream * Mozilla: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5 * Mozilla: Privilege escalation through IPC channel ...

oval:org.secpod.oval:def:502606
The Simple Protocol for Independent Computing Environments is a remote display protocol for virtual environments. SPICE users can access a virtualized desktop or server from the local system or any system with network access to the server. SPICE is used in Red Hat Enterprise Linux for viewing virtu ...

oval:org.secpod.oval:def:502608
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.5.0. Security Fix: * Mozilla: Use-after-free parsing HTML5 stream * Mozilla: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5 * Mozilla: Privilege escalation through IPC channel ...

oval:org.secpod.oval:def:502690
The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes usi ...

oval:org.secpod.oval:def:502692
The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix: * ghostscript: superexec operator is available * ghostscript: forceput in DefineResource ...

oval:org.secpod.oval:def:603258
"landave" discovered a heap-based buffer overflow vulnerability in the NCompress::NShrink::CDecoder::CodeReal method in p7zip, a 7zr file archiver with high compression ratio. A remote attacker can take advantage of this flaw to cause a denial-of-service or, potentially the execution of arbitrary co ...

oval:org.secpod.oval:def:53065
The host is installed with Artifex Ghostscript through 9.26 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to properly handle the system operators. Successful exploitation could allow attackers to perform remote code execution.

oval:org.secpod.oval:def:502655
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.6.1 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6 * Mozilla: Use-after-free when removing in-use DO ...

oval:org.secpod.oval:def:53007
linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-hwe: Linux hardware enablement kernel The system could be made unavailable if it received specially crafted network traffic.

oval:org.secpod.oval:def:53020
The host is missing a critical security update according to Mozilla advisory, MFSA2019-08. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code.

oval:org.secpod.oval:def:53018
file: Tool to determine file types Several security issues were fixed in file.

oval:org.secpod.oval:def:2000309
There is an illegal WRITE memory access at caca/file.c in libcaca-dev 0.99.beta19.

oval:org.secpod.oval:def:2001615
do_core_note in readelf.c in libmagic.a in file 5.35 allows remote attackers to cause a denial of service or possibly have unspecified other impact.

oval:org.secpod.oval:def:50880
The host is missing a high security update according to Mozilla advisory, MFSA2019-06. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to crash the service.

oval:org.secpod.oval:def:1901854
libxslt1-dev through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded.

oval:org.secpod.oval:def:502707
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.6.1. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6 * Mozilla: Use-after-free when removing in-use DOM elements * Mozilla: Type inference is incorrec ...

oval:org.secpod.oval:def:50953
The host is missing a high security update according to Mozilla advisory, MFSA2019-06. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to crash the service.

oval:org.secpod.oval:def:704899
libxslt: XSLT processing library Libxslt could be made to expose sensitive information if it received a specially crafted file.

oval:org.secpod.oval:def:704888
rssh: Restricted shell allowing scp, sftp, cvs, svn, rsync or rdist rssh could be made to run arbitrary commands if it received specially crafted input.

oval:org.secpod.oval:def:603372
Two vulnerabilities were discovered in LibreOffice"s code to parse MS Word and Structured Storage files, which could result in denial of service and potentially the execution of arbitrary code if a malformed file is opened.

oval:org.secpod.oval:def:704877
advancecomp: collection of recompression utilities AdvanceCOMP could be made to run arbitrary code if it opened a specially crafted file.

oval:org.secpod.oval:def:704878
samba: SMB/CIFS file, print, and login server for Unix Samba could be made to create files in unexpected locations.

oval:org.secpod.oval:def:46892
The host is installed with LibreOffice before 5.4.7 or 6.x before 6.0.4 or Apache OpenOffice 4.1.5 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle a crafted XML document. heap-based buffer overflow vulnerability. A flaw is present ...

oval:org.secpod.oval:def:704853
thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird.

oval:org.secpod.oval:def:704856
gpac: GPAC Project on Advanced Content GPAC could be made to crash or run programs as your login if it opened a specially crafted file.

oval:org.secpod.oval:def:704846
php7.2: HTML-embedded scripting language interpreter - php7.0: HTML-embedded scripting language interpreter Several security issues were fixed in PHP.

oval:org.secpod.oval:def:704835
p7zip: 7z file archiver with high compression ratio p7zip could be made to crash or run programs as your login if it opened a specially crafted file.

oval:org.secpod.oval:def:704838
ghostscript: PostScript and PDF interpreter Several security issues were fixed in Ghostscript.

oval:org.secpod.oval:def:704827
file: Tool to determine file types Several security issues were fixed in file.

oval:org.secpod.oval:def:1900685
An issue was discovered in MP4Box in GPAC 0.7.1. The function urn_Read in isomedia/box_code_base.c has a heap-based buffer over-read.

oval:org.secpod.oval:def:50195
The host is installed with OpenSSH through 7.9p1 or WinSCP through 5.13 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to properly handle an issue in the scp client utility. Successful exploitation could allow a malicious scp server to write arbitr ...

oval:org.secpod.oval:def:50199
CVE-2019-6111 openssh: Improper validation of object names allows malicious server to overwrite files via scp client

oval:org.secpod.oval:def:1901120
0-byte record padding oracle

oval:org.secpod.oval:def:1502595
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:503314
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * openssl: 0-byte record padding oracle For more details about the security issue, including the impact, a CVSS scor ...

oval:org.secpod.oval:def:1901079
GPAC version 0.7.2 and earlier has a buffer overflow vulnerability in the cat_multiple_files function in applications/mp4box/fileimport.c when MP4Box is used for a local directory containing crafted filenames.

oval:org.secpod.oval:def:53242
"landave" discovered a heap-based buffer overflow vulnerability in the NCompress::NShrink::CDecoder::CodeReal method in p7zip, a 7zr file archiver with high compression ratio. A remote attacker can take advantage of this flaw to cause a denial-of-service or, potentially the execution of arbitrary co ...

oval:org.secpod.oval:def:2000574
In GPAC through 0.7.2, gf_text_get_utf8_line in media_tools/text_import.c in libgpac_static.a allows an out-of-bounds write because of missing szLineConv bounds checking.

oval:org.secpod.oval:def:1901684
GPAC through 0.7.1 has a Buffer Overflow in the gf_media_avc_read_sps function in media_tools/av_parsers.c, a different vulnerability than CVE-2018-1000100.

oval:org.secpod.oval:def:1901688
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_TIFF.

oval:org.secpod.oval:def:205247
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * openssl: 0-byte record padding oracle For more details about the security issue, including the impact, a CVSS scor ...

oval:org.secpod.oval:def:1901698
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the maker_note->offset relationship to value_len.

oval:org.secpod.oval:def:50268
scp client missing received object name validation

oval:org.secpod.oval:def:53308
Two vulnerabilities were discovered in LibreOffice"s code to parse MS Word and Structured Storage files, which could result in denial of service and potentially the execution of arbitrary code if a malformed file is opened.

oval:org.secpod.oval:def:50201
In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename.

oval:org.secpod.oval:def:603627
Multiple vulnerabilities have been discovered in libgd2, a library for programmatic graphics creation and manipulation, which may result in denial of service or potentially the execution of arbitrary code if a malformed file is processed.

oval:org.secpod.oval:def:603624
Pavel Cheremushkin discovered several vulnerabilities in libvncserver, a library to implement VNC server/client functionalities, which might result in the execution of arbitrary code, denial of service or information disclosure.

oval:org.secpod.oval:def:603622
Nick Cleaton discovered two vulnerabilities in rssh, a restricted shell that allows users to perform only scp, sftp, cvs, svnserve , rdist and/or rsync operations. Missing validation in the rsync support could result in the bypass of this restriction, allowing the execution of arbitrary shell comman ...

oval:org.secpod.oval:def:603616
Christophe Fergeau discovered an out-of-bounds read vulnerability in spice, a SPICE protocol client and server library, which might result in denial of service , or possibly, execution of arbitrary code.

oval:org.secpod.oval:def:603612
Tavis Ormandy discovered a vulnerability in Ghostscript, the GPL PostScript/PDF interpreter, which may result in denial of service or the execution of arbitrary code if a malformed Postscript file is processed .

oval:org.secpod.oval:def:603619
The ESnet security team discovered a vulnerability in rssh, a restricted shell that allows users to perform only scp, sftp, cvs, svnserve , rdist and/or rsync operations. Missing validation in the scp support could result in the bypass of this restriction, allowing the execution of arbitrary shell c ...

oval:org.secpod.oval:def:603618
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or privilege escalation.

oval:org.secpod.oval:def:603644
The restrictions introduced in the security fix to address CVE-2019-1000018 also disallowed the -pf and -pt options which are used by the scp support in libssh2. This update restores support for those.

oval:org.secpod.oval:def:603643
Chris Coulson discovered a flaw in systemd leading to denial of service. An unprivileged user could take advantage of this issue to crash PID1 by sending a specially crafted D-Bus message on the system bus.

oval:org.secpod.oval:def:603637
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.

oval:org.secpod.oval:def:603638
Multiple security issues have been found in the Thunderbird mail client, which could lead to the execution of arbitrary code, denial of service or spoofing of S/MIME signatures.

oval:org.secpod.oval:def:704251
linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-kvm: Linux kernel for cloud environments - linux-oem: Linux kernel for OEM processors - li ...

oval:org.secpod.oval:def:603630
Harry Sintonen from F-Secure Corporation discovered multiple vulnerabilities in OpenSSH, an implementation of the SSH protocol suite. All the vulnerabilities are in found in the scp client implementing the SCP protocol. CVE-2018-20685 Due to improper directory name validation, the scp client allows ...

oval:org.secpod.oval:def:603588
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or bypass of the same-origin policy.

oval:org.secpod.oval:def:603597
Multiple security issues were found in libarchive, a multi-format archive and compression library: Processing malformed RAR archives could result in denial of service or the execution of arbitrary code and malformed WARC, LHarc, ISO, Xar or CAB archives could result in denial of service.

oval:org.secpod.oval:def:1902003
An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned . A malicious scp server can overwrite arbitrary ...

oval:org.secpod.oval:def:2000615
do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360.

oval:org.secpod.oval:def:114006
p7zip is a port of 7za.exe for Unix. 7-Zip is a file archiver with a very high compression ratio

oval:org.secpod.oval:def:2000666
GPAC version 0.7.2 and earlier has a buffer overflow vulnerability in the cat_multiple_files function in applications/mp4box/fileimport.c when MP4Box is used for a local directory containing crafted filenames.

oval:org.secpod.oval:def:114011
p7zip is a port of 7za.exe for Unix. 7-Zip is a file archiver with a very high compression ratio

oval:org.secpod.oval:def:1901787
In AdvanceCOMP 2.1, png_compress in pngex.cc in advpng has an integer overflow upon encountering an invalid PNG size, which results in an attempted memcpy to write into a buffer that is too small

oval:org.secpod.oval:def:52135
libreoffice: Office productivity suite Several security issues were fixed in LibreOffice.

oval:org.secpod.oval:def:1901711
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the data_len variable.

oval:org.secpod.oval:def:1901713
An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. Due to the way rename across filesystems is implemented, it is possible that file being renamed is briefly available with wrong permissions while the rename is ongoing, thus enabling unauthorized users to acce ...

oval:org.secpod.oval:def:50328
The host is missing a critical security update according to Mozilla advisory, MFSA2018-31. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code.

oval:org.secpod.oval:def:50329
The host is missing a critical security update according to Mozilla advisory, MFSA2018-31. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code.

oval:org.secpod.oval:def:1901700
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an Invalid Read in exif_process_SOFn.

oval:org.secpod.oval:def:52968
openssh: secure shell for secure access to remote machines Details: USN-3885-1 fixed vulnerabilities in OpenSSH. It was discovered that the fix for CVE-2019-6111 turned out to be incomplete. This update fixes the problem. Original advisory One of the fixes in USN-3885-1 was incomplete.

oval:org.secpod.oval:def:52967
libgd2: GD Graphics Library Several security issues were fixed in GD.

oval:org.secpod.oval:def:603679
It was found that a security update of OpenSSH, an implementation of the SSH protocol suite, was incomplete. This update did not completely fix CVE-2019-6111, an arbitrary file overwrite vulnerability in the scp client implementing the SCP protocol.

oval:org.secpod.oval:def:603677
Juraj Somorovsky, Robert Merget and Nimrod Aviram discovered a padding oracle attack in OpenSSL.

oval:org.secpod.oval:def:2001184
Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Succe ...

oval:org.secpod.oval:def:53484
Multiple security issues were found in libarchive, a multi-format archive and compression library: Processing malformed RAR archives could result in denial of service or the execution of arbitrary code and malformed WARC, LHarc, ISO, Xar or CAB archives could result in denial of service.

oval:org.secpod.oval:def:53497
Tavis Ormandy discovered a vulnerability in Ghostscript, the GPL PostScript/PDF interpreter, which may result in denial of service or the execution of arbitrary code if a malformed Postscript file is processed .

oval:org.secpod.oval:def:53499
Christophe Fergeau discovered an out-of-bounds read vulnerability in spice, a SPICE protocol client and server library, which might result in denial of service , or possibly, execution of arbitrary code.

oval:org.secpod.oval:def:1900117
In Liblibtiff-tools 4.0.9, there is a NULL pointer dereference in the libtiff-toolsWriteDirectorySec function in tif_dirwrite.c that will lead to a denial of service attack, as demonstrated by libtiff-tools set.

oval:org.secpod.oval:def:53578
The host is installed with Artifex Ghostscript before 9.27 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to properly handle crafted postscript file. Successful exploitation could allow attackers to use this flaw in order to, for example, have ...

oval:org.secpod.oval:def:53579
The host is installed with Artifex Ghostscript before 9.27 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to properly handle crafted postscript file. Successful exploitation could allow attackers to use this flaw in order to, for example, have ...

oval:org.secpod.oval:def:1901473
Insufficient sanitization of environment variables passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands.

oval:org.secpod.oval:def:53510
Harry Sintonen from F-Secure Corporation discovered multiple vulnerabilities in OpenSSH, an implementation of the SSH protocol suite. All the vulnerabilities are in found in the scp client implementing the SCP protocol. CVE-2018-20685 Due to improper directory name validation, the scp client allows ...

oval:org.secpod.oval:def:53516
Multiple security issues have been found in the Thunderbird mail client, which could lead to the execution of arbitrary code, denial of service or spoofing of S/MIME signatures.

oval:org.secpod.oval:def:53515
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.

oval:org.secpod.oval:def:53521
Chris Coulson discovered a flaw in systemd leading to denial of service. An unprivileged user could take advantage of this issue to crash PID1 by sending a specially crafted D-Bus message on the system bus.

oval:org.secpod.oval:def:53522
The restrictions introduced in the security fix to address CVE-2019-1000018 also disallowed the -pf and -pt options which are used by the scp support in libssh2. This update restores support for those.

oval:org.secpod.oval:def:53527
Juraj Somorovsky, Robert Merget and Nimrod Aviram discovered a padding oracle attack in OpenSSL.

oval:org.secpod.oval:def:53529
It was found that a security update of OpenSSH, an implementation of the SSH protocol suite, was incomplete. This update did not completely fix CVE-2019-6111, an arbitrary file overwrite vulnerability in the scp client implementing the SCP protocol.

oval:org.secpod.oval:def:1700063
Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue and tcp_prune_ofo_queue for every incoming packet which can lead to a denial of service. An attacker can induce a denial of service condition by sending specially modified packets within ongoing TCP sessi ...

oval:org.secpod.oval:def:603829
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.

oval:org.secpod.oval:def:50461
The host is missing a critical security update according to Mozilla advisory, MFSA2019-01. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code.

oval:org.secpod.oval:def:50453
The host is missing a critical security update according to Mozilla advisory, MFSA2019-02. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code.

oval:org.secpod.oval:def:603845
Michael Hanselmann discovered that Samba, a SMB/CIFS file, print, and login server for Unix, was vulnerable to a symlink traversal attack. It would allow remote authenticated users with write permission to either write or detect files outside of Samba shares.

oval:org.secpod.oval:def:50472
It was found that ghostscript could leak sensitive operators on the operand stack when a pseudo-operator pushes a subroutine. A specially crafted PostScript file could use this flaw to escape the -dSAFER protection in order to, for example, have access to the file system and execute commands.

oval:org.secpod.oval:def:50462
The host is missing a critical security update according to Mozilla advisory, MFSA2019-02. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code.

oval:org.secpod.oval:def:50463
Mozilla Firefox 65, Mozilla Firefox ESR 60.5 and Mozilla Thunderbird 60.5: A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements. This results in the stream parser object being freed while still in use, leading to a potentially exploitable crash.

oval:org.secpod.oval:def:50464
Mozilla Firefox 64, Mozilla Firefox ESR 60.4 and Mozilla Thunderbird 60.5: Mozilla developers and community members Alex Gaynor, Christoph Diehl, Steven Crane, Jason Kratzer, Gary Kwong, and Christian Holler reported memory safety bugs present in Firefox 64 and Firefox ESR 60.4. Some of these bugs s ...

oval:org.secpod.oval:def:50468
Mozilla Firefox 65, Mozilla Firefox ESR 60.5 and Mozilla Thunderbird 60.5: An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC endpoints and server parents during IPC process creation. This authentication is insuffic ...

oval:org.secpod.oval:def:50469
Mozilla Firefox 65 : When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration (PAC) file or if a PAC file is loaded locally, this PAC file can specify that requests to the localhost are to be sent through the proxy to another server. This behavior is disallowed by defa ...

oval:org.secpod.oval:def:603838
Multiple security issues have been found in the Thunderbird mail client, which could lead to the execution of arbitrary code or denial of service.

oval:org.secpod.oval:def:53501
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or privilege escalation.

oval:org.secpod.oval:def:53502
The ESnet security team discovered a vulnerability in rssh, a restricted shell that allows users to perform only scp, sftp, cvs, svnserve , rdist and/or rsync operations. Missing validation in the scp support could result in the bypass of this restriction, allowing the execution of arbitrary shell c ...

oval:org.secpod.oval:def:53505
Nick Cleaton discovered two vulnerabilities in rssh, a restricted shell that allows users to perform only scp, sftp, cvs, svnserve , rdist and/or rsync operations. Missing validation in the rsync support could result in the bypass of this restriction, allowing the execution of arbitrary shell comman ...

oval:org.secpod.oval:def:53508
Multiple vulnerabilities have been discovered in libgd2, a library for programmatic graphics creation and manipulation, which may result in denial of service or potentially the execution of arbitrary code if a malformed file is processed.

oval:org.secpod.oval:def:602532
Marcin "Icewall" Noga of Cisco Talos discovered an out-of-bound read vulnerability in the CInArchive::ReadFileItem method in p7zip, a 7zr file archiver with high compression ratio. A remote attacker can take advantage of this flaw to cause a denial-of-service or, potentially the execution of arbitra ...

oval:org.secpod.oval:def:603851
Cedric Buissart discovered two vulnerabilities in Ghostscript, the GPL PostScript/PDF interpreter, which could result in bypass of file system restrictions of the dSAFER sandbox.

oval:org.secpod.oval:def:704499
systemd: system and service manager systemd could be made to crash if it received specially a crafted D-Bus message.

oval:org.secpod.oval:def:704490
libarchive: Library to read/write archive files Several security issues were fixed in libarchive.

oval:org.secpod.oval:def:704492
poppler: PDF rendering library Several security issues were fixed in poppler.

oval:org.secpod.oval:def:704486
libreoffice: Office productivity suite Several security issues were fixed in LibreOffice.

oval:org.secpod.oval:def:704489
openssh: secure shell for secure access to remote machines Several security issues were fixed in OpenSSH.

oval:org.secpod.oval:def:704473
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:704474
libvncserver: vnc server library Several security issues were fixed in LibVNCServer.

oval:org.secpod.oval:def:115917
A library for reading and converting Windows MetaFile vector graphics .

oval:org.secpod.oval:def:704462
linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-hwe: Linux hardware enablement kernel The system could be made unavailable if it received specially crafted network traffic.

oval:org.secpod.oval:def:115913
A library for reading and converting Windows MetaFile vector graphics .

oval:org.secpod.oval:def:50504
The host is missing a critical security update according to Mozilla advisory, MFSA2019-03. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code.

oval:org.secpod.oval:def:50507
The host is missing a critical security update according to Mozilla advisory, MFSA2019-03. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code.

oval:org.secpod.oval:def:704468
spice: SPICE protocol client and server library Spice could be made to crash or run programs if it received specially crafted network traffic.

oval:org.secpod.oval:def:115909
The Simple Protocol for Independent Computing Environments is a remote display system built for virtual environments which allows you to view a computing 'desktop' environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine a ...

oval:org.secpod.oval:def:704450
ghostscript: PostScript and PDF interpreter Ghostscript could be made to crash, access files, or run programs if it opened a specially crafted file.

oval:org.secpod.oval:def:704451
mysql-5.7: MySQL database Several security issues were fixed in MySQL.

oval:org.secpod.oval:def:704452
thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird.

oval:org.secpod.oval:def:704440
libcaca: text mode graphics utilities Several security issues were fixed in libcaca.

oval:org.secpod.oval:def:704441
libarchive: Library to read/write archive files Several security issues were fixed in libarchive.

oval:org.secpod.oval:def:1502285
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1900077
A NULL pointer dereference in the function _libtiff-tools memcmp at tif_unix.c in Liblibtiff-tools 4.0.9 allows an attacker to cause a denial-of-service through a crafted libtiff-tools file. This vulnerability can be triggered by the executable libtiff-tool scp.

oval:org.secpod.oval:def:205148
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.4.0. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4 * chromium-browser, firefox: Memory corruption in Angle * Mozilla: Use-after-free with select elem ...

oval:org.secpod.oval:def:205136
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.4.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4 * Mozilla: Memory corruption in Angle * Mozilla: ...

oval:org.secpod.oval:def:205137
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.4.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4 * Mozilla: Memory corruption in Angle * Mozilla: ...

oval:org.secpod.oval:def:205181
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.6.1. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6 * Mozilla: Use-after-free when removing in-use DOM elements * Mozilla: Type inference is incorrect ...

oval:org.secpod.oval:def:205175
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.6.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6 * Mozilla: Use-after-free when removing in-use DOM ...

oval:org.secpod.oval:def:205176
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.6.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6 * Mozilla: Use-after-free when removing in-use DOM ...

oval:org.secpod.oval:def:205177
The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix: * ghostscript: superexec operator is available * ghostscript: forceput in DefineResource ...

oval:org.secpod.oval:def:205179
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.6.1. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6 * Mozilla: Use-after-free when removing in-use DOM elements * Mozilla: Type inference is incorrect ...

oval:org.secpod.oval:def:205163
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * kernel: MIDI driver race condition leads to a double-free For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the ...

oval:org.secpod.oval:def:205160
The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes usi ...

oval:org.secpod.oval:def:205161
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.5.1 ESR. Security Fix: * chromium-browser, mozilla: Use after free in Skia * mozilla: Integer overflow in Skia For more details about the secur ...

oval:org.secpod.oval:def:205162
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.5.1 ESR. Security Fix: * chromium-browser, mozilla: Use after free in Skia * mozilla: Integer overflow in Skia For more details about the secur ...

oval:org.secpod.oval:def:205152
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.4.0. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4 * chromium-browser, firefox: Memory corruption in Angle * Mozilla: Use-after-free with select elem ...

oval:org.secpod.oval:def:205154
The Simple Protocol for Independent Computing Environments is a remote display protocol for virtual environments. SPICE users can access a virtualized desktop or server from the local system or any system with network access to the server. SPICE is used in Red Hat Enterprise Linux for viewing virtu ...

oval:org.secpod.oval:def:205155
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.5.0. Security Fix: * Mozilla: Use-after-free parsing HTML5 stream * Mozilla: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5 * Mozilla: Privilege escalation through IPC channel ...

oval:org.secpod.oval:def:205150
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.5.0 ESR. Security Fix: * Mozilla: Use-after-free parsing HTML5 stream * Mozilla: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5 * ...

oval:org.secpod.oval:def:205151
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.5.0 ESR. Security Fix: * Mozilla: Use-after-free parsing HTML5 stream * Mozilla: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5 * ...

oval:org.secpod.oval:def:205156
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.5.0. Security Fix: * Mozilla: Use-after-free parsing HTML5 stream * Mozilla: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5 * Mozilla: Privilege escalation through IPC channel ...

oval:org.secpod.oval:def:205157
The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix: * ghostscript: use-after-free in copydevice handling * ghostscript: access bypass in psi/ ...

oval:org.secpod.oval:def:205158
The Simple Protocol for Independent Computing Environments is a remote display system built for virtual environments which allows the user to view a computing "desktop" environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine arch ...

oval:org.secpod.oval:def:115966
The libtiff package contains a library of functions for manipulating TIFF image format files. TIFF is a widely used file format for bitmapped images. TIFF files usually end in the .tif extension and they are often quite large. The libtiff package should be installed if you need to manipulate TIFF f ...

oval:org.secpod.oval:def:1901515
In GPAC through 0.7.2, gf_text_get_utf8_line in media_tools/text_import.c in libgpac_static.a allows an out-of-bounds write because of missing szLineConv bounds checking.

oval:org.secpod.oval:def:45294
The host is installed with LibreOffice before 5.4.6.1 or 6.x before 6.0.2.1 and is prone to a heap-based buffer overflow vulnerability. A flaw is present in the application, which fails to properly validate a customizations index. Successful exploitation could allow remote attackers to crash the ser ...

oval:org.secpod.oval:def:45295
The host is installed with LibreOffice before 5.4.5 or 6.x before 6.0.1 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to properly handle an incorrect integer data type in the StgSmallStrm class. Successful exploitation could allow remote attackers ...

oval:org.secpod.oval:def:45297
The host is installed with 7 zip before 18.0 and is prone to a heap based buffer overflow vulnerability. A flaw is present in the application, which fails to handle a crafted ZIP archive. Successful exploitation could allow remote attackers to crash the service.

oval:org.secpod.oval:def:2000996
Divide-by-zero vulnerabilities in the function arlib_add_symbols in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled.

oval:org.secpod.oval:def:2000152
A stack-based buffer overflow in psf_memset in common.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted audio file. The vulnerability can be triggered by the executable sndfile-deinterleave.

oval:org.secpod.oval:def:2000134
In Exiv2 0.26, Exiv2::PsdImage::readMetadata in psdimage.cpp in the PSD image reader may suffer from a denial of service caused by an integer overflow via a crafted PSD image file.

oval:org.secpod.oval:def:2001433
There is a heap-based buffer over-read at wav.c in wav_write_header in libsndfile 1.0.28 that will cause a denial of service.

oval:org.secpod.oval:def:502589
The keepalived utility provides simple and robust facilities for load balancing and high availability. The load balancing framework relies on the well-known and widely used IP Virtual Server kernel module providing layer-4 load balancing. Keepalived implements a set of checkers to dynamically and ...

oval:org.secpod.oval:def:1901170
The Eclipse Mosquitto broker up to version 1.4.15 does not reject strings that are not valid UTF-8. A malicious client could cause other clients that do reject invalid UTF-8 strings to disconnect themselves from the broker by sending a topic string which is not valid UTF-8, and so cause a denial of ...

oval:org.secpod.oval:def:2000221
An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to denial-of ...

oval:org.secpod.oval:def:2001527
An error within the "parse_rollei" function within LibRaw versions prior to 0.19.1 can be exploited to trigger an infinite loop.

oval:org.secpod.oval:def:2000266
An out of bounds read in the function d2ulaw_array in ulaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values.

oval:org.secpod.oval:def:2001580
The function d2alaw_array in alaw.c of libsndfile 1.0.29pre1 may lead to a remote DoS attack , a different vulnerability than CVE-2017-14245.

oval:org.secpod.oval:def:2001565
It was found Ceph versions before 13.2.4 that authenticated ceph users with read only permissions could steal dm-crypt encryption keys used in ceph disk encryption.

oval:org.secpod.oval:def:1700119
Heap-based buffer overflow vulnerability in extract_status_code function in lib/html.c that parses HTTP status code returned from web server allows malicious web server or man-in-the-middle attacker pretending to be a web server to cause either a denial of service or potentially execute arbitrary co ...

oval:org.secpod.oval:def:2001562
In Exiv2 0.26, Exiv2::IptcParser::decode in iptc.cpp may suffer from a denial of service caused by an integer overflow via a crafted PSD image file.

oval:org.secpod.oval:def:53076
The host is installed with Wireshark 2.6.0 to 2.6.6 or 2.4.0 to 2.4.12 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle the ASN.1 BER dissector issue. Successful exploitation could cause buffer overflow associated with excessive ...

oval:org.secpod.oval:def:502650
The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix: * ghostscript: missing attack vector protections for CVE-2019-6116 For more details about ...

oval:org.secpod.oval:def:53013
poppler: PDF rendering library poppler could be made to crash if it opened a specially crafted file.

oval:org.secpod.oval:def:2000319
An issue was discovered in libsndfile 1.0.28. There is a buffer over-read in the function i2alaw_array in alaw.c that will lead to a denial of service.

oval:org.secpod.oval:def:2000379
keepalived before 2.0.7 has a heap-based buffer overflow when parsing HTTP status codes resulting in DoS or possibly unspecified other impact, because extract_status_code in lib/html.c has no validation of the status code and instead writes an unlimited amount of data to the heap.

oval:org.secpod.oval:def:50979
Ceph is a massively scalable, open-source, distributed storage system that runs on commodity hardware and delivers object, block and file system storage.

oval:org.secpod.oval:def:704814
poppler: PDF rendering library poppler could be made to crash if it opened a specially crafted file.

oval:org.secpod.oval:def:1502501
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:2000425
dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service via a crafted file.

oval:org.secpod.oval:def:704934
ghostscript: PostScript and PDF interpreter Ghostscript could be made to crash, access files, or run programs if it opened a specially crafted file.

oval:org.secpod.oval:def:2000539
In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service by crafting a PDF file in which an xref data structure is mishandled during extractPDFSubtype processing.

oval:org.secpod.oval:def:1900314
The function d2a law_array in a law.c of libsndfile1 1.0.29pre1 may lead to a remote DoS attack , a different vulnerability than CVE-2017-14245.

oval:org.secpod.oval:def:603544
This update fixes several vulnerabilities in Imagemagick, a graphical software suite. Various memory handling problems or incomplete input sanitising have been found in the coders for BMP, DIB, PICT, DCM, CUT and PSD.

oval:org.secpod.oval:def:1902089
dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service via a crafted file.

oval:org.secpod.oval:def:1902085
Divide-by-zero vulnerabilities in the function arlib_add_symbols in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled.

oval:org.secpod.oval:def:1902096
A heap-based buffer over-read was discovered in the function read_srclines in dwarf_getsrclines.c in libdw in elfutils 0.175. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by eu-nm.

oval:org.secpod.oval:def:1902068
An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service with a crafted ELF file, as demonstrated by consider_notes.

oval:org.secpod.oval:def:603553
It was discovered that mosquitto, an MQTT broker, was vulnerable to remote denial-of-service attacks that could be mounted using various vectors.

oval:org.secpod.oval:def:1902070
An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a d ...

oval:org.secpod.oval:def:53447
It was discovered that mosquitto, an MQTT broker, was vulnerable to remote denial-of-service attacks that could be mounted using various vectors.

oval:org.secpod.oval:def:2000664
A heap-based buffer over-read was discovered in the function read_srclines in dwarf_getsrclines.c in libdw in elfutils 0.175. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by eu-nm.

oval:org.secpod.oval:def:1900414
The function GfxImageColorMap::getGray in GfxState.cc in libpoppler-dev 0.54.0allows remote attackers to cause a denial of service via a crafted PDF document, related to missing color-map validation in Image OutputDev.cc.

oval:org.secpod.oval:def:52970
poppler: PDF rendering library poppler could be made to crash if it opened a specially crafted file.

oval:org.secpod.oval:def:1900114
In Exiv2 0.26, Exiv2::IptcParser::decode in iptc.cpp may suffer from a denial of service caused by an integer overflow via a crafted PSD image file.

oval:org.secpod.oval:def:1900119
A stack-based buffer overflow in psf_memset in common.c in libsndfile11.0.28 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted audio file.The vulnerability can be triggered by the executable sndfile-deinterleave.

oval:org.secpod.oval:def:1900144
In libpoppler-dev 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service by crafting a PDF file in which an xref data structure is mishandled during extract PDFSubtype processing.

oval:org.secpod.oval:def:1900143
There is a heap-based buffer over-read at wav.c in wav_write_header in libsndfile1 1.0.28 that will cause a denial of service.

oval:org.secpod.oval:def:1900149
keepalived before 2.0.7 has a heap-based buffer overflow when parsing HTTP status codes result ing in DoS or possibly unspecified other impact, because extract_status_code in lib/html.c has no validation of the status code and instead writes an unlimited amount of data to the heap.

oval:org.secpod.oval:def:1900130
An issue was discovered in libsndfile1 1.0.28. There is a buffer over-read in the function i2a law_array in a law.c that will lead to a denial of service.

oval:org.secpod.oval:def:1900137
In Exiv2 0.26, Exiv2::PsdImage::readMetadata in psdimage.cpp in the PSD image reader may suffer from a denial of service caused by an integer overflow via a crafted PSD image file.

oval:org.secpod.oval:def:115859
This package contains the Qt software toolkit for developing cross-platform applications. This is the Windows version of Qt, for use in conjunction with the Fedora Windows cross-compiler.

oval:org.secpod.oval:def:115855
This package contains the Qt software toolkit for developing cross-platform applications. This is the Windows version of Qt, for use in conjunction with the Fedora Windows cross-compiler.

oval:org.secpod.oval:def:115852
MinGW Windows PyQt5

oval:org.secpod.oval:def:115849
This package contains the Qt software toolkit for developing cross-platform applications. This is the Windows version of Qt, for use in conjunction with the Fedora Windows cross-compiler.

oval:org.secpod.oval:def:115846
This package contains the Qt software toolkit for developing cross-platform applications. This is the Windows version of Qt, for use in conjunction with the Fedora Windows cross-compiler.

oval:org.secpod.oval:def:115840
This package contains the Qt software toolkit for developing cross-platform applications. This is the Windows version of Qt, for use in conjunction with the Fedora Windows cross-compiler.

oval:org.secpod.oval:def:115843
This package contains the Qt software toolkit for developing cross-platform applications. This is the Windows version of Qt, for use in conjunction with the Fedora Windows cross-compiler.

oval:org.secpod.oval:def:115874
This package contains the Qt software toolkit for developing cross-platform applications. This is the Windows version of Qt, for use in conjunction with the Fedora Windows cross-compiler.

oval:org.secpod.oval:def:115871
This package contains the Qt software toolkit for developing cross-platform applications. This is the Windows version of Qt, for use in conjunction with the Fedora Windows cross-compiler.

oval:org.secpod.oval:def:603834
It was discovered that Wireshark, a network traffic analyzer, contained several vulnerabilities in the dissectors for 6LoWPAN, P_MUL, RTSE, ISAKMP, TCAP, ASN.1 BER and RPCAP, which could result in denial of service.

oval:org.secpod.oval:def:115868
This package contains the Qt software toolkit for developing cross-platform applications. This is the Windows version of Qt, for use in conjunction with the Fedora Windows cross-compiler.

oval:org.secpod.oval:def:115862
This package contains the Qt software toolkit for developing cross-platform applications. This is the Windows version of Qt, for use in conjunction with the Fedora Windows cross-compiler.

oval:org.secpod.oval:def:115865
This package contains the Qt software toolkit for developing cross-platform applications. This is the Windows version of Qt, for use in conjunction with the Fedora Windows cross-compiler.

oval:org.secpod.oval:def:115818
This package contains the Qt software toolkit for developing cross-platform applications. This is the Windows version of Qt, for use in conjunction with the Fedora Windows cross-compiler.

oval:org.secpod.oval:def:115812
This package contains the Qt software toolkit for developing cross-platform applications. This is the Windows version of Qt, for use in conjunction with the Fedora Windows cross-compiler.

oval:org.secpod.oval:def:115809
This package contains the Qt software toolkit for developing cross-platform applications. This is the Windows version of Qt, for use in conjunction with the Fedora Windows cross-compiler.

oval:org.secpod.oval:def:115806
This package contains the Qt software toolkit for developing cross-platform applications. This is the Windows version of Qt, for use in conjunction with the Fedora Windows cross-compiler.

oval:org.secpod.oval:def:115837
This package contains the Qt software toolkit for developing cross-platform applications. This is the Windows version of Qt, for use in conjunction with the Fedora Windows cross-compiler.

oval:org.secpod.oval:def:115834
This package contains the Qt software toolkit for developing cross-platform applications. This is the Windows version of Qt, for use in conjunction with the Fedora Windows cross-compiler.

oval:org.secpod.oval:def:115830
This package contains the Qt software toolkit for developing cross-platform applications. This is the Windows version of Qt, for use in conjunction with the Fedora Windows cross-compiler.

oval:org.secpod.oval:def:115827
This package contains the Qt software toolkit for developing cross-platform applications. This is the Windows version of Qt, for use in conjunction with the Fedora Windows cross-compiler.

oval:org.secpod.oval:def:115824
This package contains the Qt software toolkit for developing cross-platform applications. This is the Windows version of Qt, for use in conjunction with the Fedora Windows cross-compiler.

oval:org.secpod.oval:def:115821
MinGW Windows SIP.

oval:org.secpod.oval:def:205138
The keepalived utility provides simple and robust facilities for load balancing and high availability. The load balancing framework relies on the well-known and widely used IP Virtual Server kernel module providing layer-4 load balancing. Keepalived implements a set of checkers to dynamically and ...

oval:org.secpod.oval:def:1900267
An out of bounds read in the function d2ulaw_array in ulaw.c of libsndfile1 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values.

oval:org.secpod.oval:def:603918
A vulnerability was discovered in Ghostscript, the GPL PostScript/PDF interpreter, which may result in denial of service or the execution of arbitrary code if a malformed Postscript file is processed .

oval:org.secpod.oval:def:2000056
It was found in Ceph versions before 13.2.4 that authenticated ceph RGW users can cause a denial of service against OMAPs holding bucket indices.

oval:org.secpod.oval:def:2001397
An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service with a crafted ELF file, as demonstrated by consider_notes.

oval:org.secpod.oval:def:705009
elfutils: collection of utilities to handle ELF objects Several security issues were fixed in elfutils.

oval:org.secpod.oval:def:115167
Elfutils is a collection of utilities, including stack , nm , size , strip , readelf , elflint and elfcompress .

oval:org.secpod.oval:def:2000952
An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a d ...

oval:org.secpod.oval:def:705150
dovecot: IMAP and POP3 email server Dovecot could be made to crash or execute arbitrary code if it received a specially crafted data.

oval:org.secpod.oval:def:2001470
SDL through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c.

oval:org.secpod.oval:def:705114
php7.2: HTML-embedded scripting language interpreter - php7.0: HTML-embedded scripting language interpreter PHP could be made to crash or execute arbitrary code if it received specially crafted image.

oval:org.secpod.oval:def:604537
Multiple security issues were found in PHP, a widely-used open source general purpose scripting language: Missing sanitising in the EXIF extension and the iconv_mime_decode_headers function could result in information disclosure or denial of service.

oval:org.secpod.oval:def:604535
Multiple security issues were found in PHP, a widely-used open source general purpose scripting language: Missing sanitising in the EXIF extension and the iconv_mime_decode_headers function could result in information disclosure or denial of service.

oval:org.secpod.oval:def:1502675
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502680
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502681
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:2000412
SDL through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c .

oval:org.secpod.oval:def:2001004
SDL through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c .

oval:org.secpod.oval:def:2000591
SDL through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c.

oval:org.secpod.oval:def:205371
Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Security Fix: * dovecot: ...

oval:org.secpod.oval:def:205369
Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Security Fix: * dovecot: ...

oval:org.secpod.oval:def:58365
php7.2: HTML-embedded scripting language interpreter - php7.0: HTML-embedded scripting language interpreter PHP could be made to crash or execute arbitrary code if it received specially crafted image.

oval:org.secpod.oval:def:2001197
SDL through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c.

oval:org.secpod.oval:def:2000763
SDL through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Map1toN in video/SDL_pixels.c.

oval:org.secpod.oval:def:2000783
SDL through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c.

oval:org.secpod.oval:def:2000850
SDL through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c.

oval:org.secpod.oval:def:2001371
SDL through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c.

oval:org.secpod.oval:def:2000086
SDL through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c.

oval:org.secpod.oval:def:1800526
CVE-2017-13065: GraphicsMagick 1.3.26 has a NULL pointer dereference vulnerability in the function SVGStartElement in coders/svg.c.

oval:org.secpod.oval:def:113967
GraphicsMagick is a comprehensive image processing package which is initially based on ImageMagick 5.5.2, but which has undergone significant re-work by the GraphicsMagick Group to significantly improve the quality and performance of the software.

oval:org.secpod.oval:def:113969
GraphicsMagick is a comprehensive image processing package which is initially based on ImageMagick 5.5.2, but which has undergone significant re-work by the GraphicsMagick Group to significantly improve the quality and performance of the software.

oval:org.secpod.oval:def:1901168
ReadCMYKImage in coders/cmyk.c in GraphicsMagick 1.3.26 has a magick/import.c ImportCMYKQuantumType heap-based buffer over-read via a crafted file.

oval:org.secpod.oval:def:1901163
ReadPNMImage in coders/pnm.c in GraphicsMagick 1.3.26 does not ensure the correct number of colors for the XV 332 format, leading to a NULL Pointer Dereference.

oval:org.secpod.oval:def:1901141
The ReadWMFImage function in coders/wmf.c in GraphicsMagick 1.3.26 has a use-after-free issue for data associated with exception reporting.

oval:org.secpod.oval:def:1901197
The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3.26 has a colormap heap-based buffer over-read.

oval:org.secpod.oval:def:1901194
WriteOnePNGImage in coders/png.c in GraphicsMagick 1.3.26 has a heap-based buffer over-read via a crafted file.

oval:org.secpod.oval:def:1901352
GraphicsMagick 1.3.26 is vulnerable to a memory information disclosure vulnerability found in the DescribeImage function of the magick/describe.c file, because of a heap-based buffer over-read. The portion of the code containing the vulnerability is responsible for printing the IPTC Profile informat ...

oval:org.secpod.oval:def:1800694
CVE-2017-14314: Off-by-one error in the DrawImage function in magick/render.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service via a crafted file.

oval:org.secpod.oval:def:1901251
GraphicsMagick 1.3.26 is vulnerable to a heap-based buffer overflow vulnerability found in the "Display visual image directory" feature of the DescribeImage function of the magick/describe.c file. One possible way to trigger the vulnerability is to run the identify command on a specially crafted MIF ...

oval:org.secpod.oval:def:603327
Alfred Farrugia and Sandro Gauci discovered an off-by-one heap overflow in the Kamailio SIP server which could result in denial of service and potentially the execution of arbitrary code.

oval:org.secpod.oval:def:603324
Several vulnerabilities were discovered in PolarSSL, a lightweight crypto and SSL/TLS library, that allowed a remote attacker to either cause a denial-of-service by application crash, or execute arbitrary code.

oval:org.secpod.oval:def:603311
Several vulnerabilities were discovered in mbed TLS, a lightweight crypto and SSL/TLS library, that allowed a remote attacker to either cause a denial-of-service by application crash, or execute arbitrary code.

oval:org.secpod.oval:def:1901118
GraphicsMagick 1.3.26 has a denial of service issue in ReadJNXImage in coders/jnx.c whereby large amounts of CPU and memory resources may be consumed although the file itself does not support the requests.

oval:org.secpod.oval:def:53284
Alfred Farrugia and Sandro Gauci discovered an off-by-one heap overflow in the Kamailio SIP server which could result in denial of service and potentially the execution of arbitrary code.

oval:org.secpod.oval:def:1901054
In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a heap-based buffer over-read in ReadMNGImage in coders/png.c, related to accessing one byte before testing whether a limit has been reached.

oval:org.secpod.oval:def:1901052
GraphicsMagick 1.3.26 has a denial of service issue in ReadXBMImage in a coders/xbm.c "Read hex image data" version==10 case that results in the reader not returning; it would cause large amounts of CPU and memory consumption although the crafted file itself does not request it.

oval:org.secpod.oval:def:53275
Several vulnerabilities were discovered in mbed TLS, a lightweight crypto and SSL/TLS library, that allowed a remote attacker to either cause a denial-of-service by application crash, or execute arbitrary code.

oval:org.secpod.oval:def:2001034
SDL through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c.

oval:org.secpod.oval:def:114837
Mailman is software to help manage email discussion lists, much like Majordomo and Smartmail. Unlike most similar products, Mailman gives each mailing list a webpage, and allows users to subscribe, unsubscribe, etc. over the Web. Even the list manager can administer his or her list entirely from the ...

oval:org.secpod.oval:def:502592
LibVNCServer is a C library that enables you to implement VNC server functionality into own programs. Security Fix: * libvncserver: Heap out-of-bounds write in rfbserver.c in rfbProcessFileTransferReadBuffer allows for potential code execution For more details about the security issue, including th ...

oval:org.secpod.oval:def:1800557
An attacker can craft an RSS item with shell code in the title and/or URL. When you bookmark such an item, your shell will execute that code. Newsbeuter versions 0.7 through 2.9 are affected.

oval:org.secpod.oval:def:1501959
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:704044
libvncserver: vnc server library LibVNCServer could be made to crash, expose sensitive information, or run programs if it received specially crafted network traffic.

oval:org.secpod.oval:def:1800390
An attacker can craft an RSS item with shell code in the title and/or URL. When you bookmark such an item, your shell will execute that code. Newsbeuter versions 0.7 through 2.9 are affected.

oval:org.secpod.oval:def:114190
LibVNCServer makes writing a VNC server easy. It hides the programmer from the tedious task of managing clients and compression schemata.

oval:org.secpod.oval:def:603375
It was discovered that gunicorn, an event-based HTTP/WSGI server was susceptible to HTTP Response splitting.

oval:org.secpod.oval:def:1800364
Improper Neutralization of Special Elements used in an OS Command in the podcast playback function of Podbeuter in Newsbeuter 0.3 through 2.9 allows remote attackers to perform user-assisted code execution by crafting an RSS item with a media enclosure that includes shell metacharacters in its file ...

oval:org.secpod.oval:def:114235
LibVNCServer makes writing a VNC server easy. It hides the programmer from the tedious task of managing clients and compression schemata.

oval:org.secpod.oval:def:603511
Several vulnerabilities were discovered in libextractor, a library to extract arbitrary meta-data from files, which may lead to denial of service or the execution of arbitrary code if a specially crafted file is opened.

oval:org.secpod.oval:def:603419
Alexander Peslyak discovered that insufficient input sanitising of RFB packets in LibVNCServer could result in the disclosure of memory contents.

oval:org.secpod.oval:def:603443
Fabian Henneke discovered a cross-site scripting vulnerability in the password change form of GOsa, a web-based LDAP administration program.

oval:org.secpod.oval:def:1901033
Improper Neutralization of Special Elements used in an OS Command in bookmarking function of Newsbeuter versions 0.7 through 2.9 allows remote attackers to perform user-assisted code execution by crafting an RSS item that includes shell code in its title and/or URL.

oval:org.secpod.oval:def:1800469
Improper Neutralization of Special Elements used in an OS Command in the podcast playback function of Podbeuter in Newsbeuter 0.3 through 2.9 allows remote attackers to perform user-assisted code execution by crafting an RSS item with a media enclosure that includes shell metacharacters in its file ...

oval:org.secpod.oval:def:53345
Alexander Peslyak discovered that insufficient input sanitising of RFB packets in LibVNCServer could result in the disclosure of memory contents.

oval:org.secpod.oval:def:603598
Several vulnerabilities were discovered in libextractor, a library to extract arbitrary meta-data from files, which may lead to denial of service or memory disclosure if a malformed OLE file is processed.

oval:org.secpod.oval:def:52030
libvncserver: vnc server library LibVNCServer could be made to crash, expose sensitive information, or run programs if it received specially crafted network traffic.

oval:org.secpod.oval:def:502264
LibVNCServer is a C library that enables you to implement VNC server functionality into own programs. Security Fix: * libvncserver: Improper input sanitization in rfbProcessClientNormalMessage in rfbserver.c For more details about the security issue, including the impact, a CVSS score, and other re ...

oval:org.secpod.oval:def:1900126
GNU libextractor-dev through 1.8 has an out-of-bounds read vulnerability in the function history_extract in plugins/ole2_extractor.c, related to EXTRACTOR_common_convert_to_utf8 in common/convert.c.

oval:org.secpod.oval:def:1700039
Improper input sanitization in rfbProcessClientNormalMessage in rfbserver.cAn issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified ...

oval:org.secpod.oval:def:603855
It was discovered that a buffer overflow in the RTSP parser of the GStreamer media framework may result in the execution of arbitrary code if a malformed RSTP stream is opened.

oval:org.secpod.oval:def:205145
LibVNCServer is a C library that enables you to implement VNC server functionality into own programs. Security Fix: * libvncserver: Heap out-of-bounds write in rfbserver.c in rfbProcessFileTransferReadBuffer allows for potential code execution For more details about the security issue, including th ...

oval:org.secpod.oval:def:1502180
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:113010
General data-binding functionality for Jackson: works on core streaming API.

oval:org.secpod.oval:def:113002
General data-binding functionality for Jackson: works on core streaming API.

oval:org.secpod.oval:def:603137
Liao Xinxi discovered that jackson-databind, a Java library used to parse JSON and other data formats, did not properly validate user input before attemtping deserialization. This allowed an attacker to perform code execution by providing maliciously crafted input.

oval:org.secpod.oval:def:45316
The host is installed with Oracle Weblogic Server 10.3.6.0, 12.1.3.0, 12.2.1.2 and 12.2.1.3 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to handle unauthenticated network access via HTTP. Successful exploitation allows an attacker to take ov ...

oval:org.secpod.oval:def:603177
It was discovered that jackson-databind, a Java library used to parse JSON and other data formats, improperly validated user input prior to deserializing: following DSA-4004-1 for CVE-2017-7525, an additional set of classes was identified as unsafe for deserialization.

oval:org.secpod.oval:def:1900035
GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service by modifying a file that is supposed to be archived by a different user"s process .

oval:org.secpod.oval:def:53160
Liao Xinxi discovered that jackson-databind, a Java library used to parse JSON and other data formats, did not properly validate user input before attemtping deserialization. This allowed an attacker to perform code execution by providing maliciously crafted input.

oval:org.secpod.oval:def:53189
It was discovered that jackson-databind, a Java library used to parse JSON and other data formats, improperly validated user input prior to deserializing: following DSA-4004-1 for CVE-2017-7525, an additional set of classes was identified as unsafe for deserialization.

oval:org.secpod.oval:def:53319
It was discovered that jackson-databind, a Java library used to parse JSON and other data formats, improperly validated user input prior to deserializing because of an incomplete fix for CVE-2017-7525.

oval:org.secpod.oval:def:113412
General data-binding functionality for Jackson: works on core streaming API.

oval:org.secpod.oval:def:113561
General data-binding functionality for Jackson: works on core streaming API.

oval:org.secpod.oval:def:1900436
A deserialization flaw was discovered in the libjackson2-databind-java, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.

oval:org.secpod.oval:def:1901541
A deserialization flaw was discovered in the libjackson2-databind-java in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw C ...

oval:org.secpod.oval:def:50591
GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c) by modifying a file that is supposed to be archived by a different user's process (e.g., a system ba ...

oval:org.secpod.oval:def:112960
General data-binding functionality for Jackson: works on core streaming API.

oval:org.secpod.oval:def:1900743
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Optimizer.

oval:org.secpod.oval:def:1900731
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client. NOTE: the previous ...

oval:org.secpod.oval:def:203888
MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a newer upstream version: MariaDB . Refer to the MariaDB Release Notes listed in the References section for a complete list of changes. Security Fix: * It wa ...

oval:org.secpod.oval:def:1901332
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Optimizer.

oval:org.secpod.oval:def:203985
MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a newer upstream version: mariadb . Security Fix: * This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws c ...

oval:org.secpod.oval:def:1901284
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to UDF.

oval:org.secpod.oval:def:1800668
CVE-2016-2047: MariaDB 10.1.10 CVE-2016-0616: MariaDB 10.1.10 CVE-2016-0610: MariaDB 10.1.9 CVE-2016-0609: MariaDB 10.1.10 CVE-2016-0608: MariaDB 10.1.10 CVE-2016-0606: MariaDB 10.1.10 CVE-2016-0600: MariaDB 10.1.10 CVE-2016-0598: MariaDB 10.1.10 CVE-2016-0597: MariaDB 10.1.10 CVE-2016-0596: MariaDB ...

oval:org.secpod.oval:def:53014
tiff: Tag Image File Format library LibTIFF could be made to crash or run programs as your login if it opened a specially crafted file.

oval:org.secpod.oval:def:1900581
Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to PS.

oval:org.secpod.oval:def:1900582
Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect integrity and availability via vectors related to DML.

oval:org.secpod.oval:def:1900562
Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to Security: Privileges.

oval:org.secpod.oval:def:1900566
Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect confidentiality and availability via vectors related to MyISAM.

oval:org.secpod.oval:def:1900578
Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to FTS.

oval:org.secpod.oval:def:52682
mysql-5.6: MySQL database - mysql-5.5: MySQL database Several security issues were fixed in MySQL.

oval:org.secpod.oval:def:1900502
Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to PS.

oval:org.secpod.oval:def:1900510
Unspecified vulnerability in Oracle MySQL 5.6.29 and earlier and 5.7.11 and earlier and MariaDB 10.0.x before 10.0.25 and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to InnoDB.

oval:org.secpod.oval:def:704026
tiff: Tag Image File Format library LibTIFF could be made to crash or run programs as your login if it opened a specially crafted file.

oval:org.secpod.oval:def:1900525
Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to DDL.

oval:org.secpod.oval:def:1900524
Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and 5.7.10 and earlier and MariaDB 10.0.x before 10.0.24 and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to InnoDB.

oval:org.secpod.oval:def:704820
tiff: Tag Image File Format library LibTIFF could be made to crash or run programs as your login if it opened a specially crafted file.

oval:org.secpod.oval:def:1901110
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to DML.

oval:org.secpod.oval:def:115529
The libtiff package contains a library of functions for manipulating TIFF image format files. TIFF is a widely used file format for bitmapped images. TIFF files usually end in the .tif extension and they are often quite large. The libtiff package should be installed if you need to manipulate TIFF f ...

oval:org.secpod.oval:def:1901121
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect integrity via unknown vectors related to encryption.

oval:org.secpod.oval:def:34160
The host is installed with Oracle MySQL 5.5.x through 5.5.47, 5.6.x through 5.6.28 or 5.7.x through 5.7.10 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to properly handle vectors related to DDL. Successful exploitation allows local users to affect a ...

oval:org.secpod.oval:def:34163
The host is installed with Oracle MySQL 5.5.x through 5.5.48, 5.6.x through 5.6.29 or 5.7.x through 5.7.11 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to properly handle vectors related to FTS. Successful exploitation allows local users to affect a ...

oval:org.secpod.oval:def:34158
The host is installed with Oracle MySQL 5.5.x through 5.5.47, 5.6.x through 5.6.28 or 5.7.x through 5.7.10 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to properly handle vectors related to DML. Successful exploitation allows local users to affect i ...

oval:org.secpod.oval:def:24752
The host is installed with libtiff in RHEL 5, 6 or 7 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle crafted data. Successful exploitation could allow attackers to crash the service.

oval:org.secpod.oval:def:1501545
MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a newer upstream version: mariadb . Security Fix: * This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws c ...

oval:org.secpod.oval:def:52019
tiff: Tag Image File Format library LibTIFF could be made to crash or run programs as your login if it opened a specially crafted file.

oval:org.secpod.oval:def:34183
The host is installed with Oracle MySQL 5.6.x through 5.6.28 or 5.7.x through 5.7.10 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to properly handle vectors related to InnoDB. Successful exploitation allows local users to affect availability.

oval:org.secpod.oval:def:34172
The host is installed with Oracle MySQL 5.5.x through 5.5.47, 5.6.x through 5.6.28 or 5.7.x through 5.7.10 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to properly handle vectors related to PS. Successful exploitation allows local users to affect av ...

oval:org.secpod.oval:def:34171
The host is installed with Oracle MySQL 5.5.x through 5.5.48, 5.6.x through 5.6.29 or 5.7.x through 5.7.11 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to properly handle vectors related to PS. Successful exploitation allows local users to affect av ...

oval:org.secpod.oval:def:34179
The host is installed with Oracle MySQL 5.6.x through 5.6.29 or 5.7.x through 5.7.11 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to properly handle vectors related to InnoDB. Successful exploitation allows local users to affect availability.

oval:org.secpod.oval:def:34176
The host is installed with Oracle MySQL 5.5.x through 5.5.48, 5.6.x through 5.6.29 or 5.7.x through 5.7.11 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to properly handle vectors related to Security: Privileges. Successful exploitation allows allows ...

oval:org.secpod.oval:def:34177
The host is installed with Oracle MySQL 5.5.x through 5.5.47, 5.6.x through 5.6.28 or 5.7.x through 5.7.10 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to properly handle vectors related to MyISAM. Successful exploitation allows local users to affec ...

oval:org.secpod.oval:def:1600440
Multiple flaws have been discovered in libtiff. A remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code by tricking an application linked against libtiff into processing specially crafted files

oval:org.secpod.oval:def:1600443
It was found that the MariaDB client library did not properly check host names against server identities noted in the X.509 certificates when establishing secure connections using TLS/SSL. A man-in-the-middle attacker could possibly use this flaw to impersonate a server to a client. Unspecified vuln ...

oval:org.secpod.oval:def:1501424
MariaDB is a community developed branch of MySQL. MariaDB is a multi-user, multi-threaded SQL database server. It is a client/server implementation consisting of a server daemon and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs and ...

oval:org.secpod.oval:def:703059
mysql-5.7: MySQL database Several security issues were fixed in MySQL.

oval:org.secpod.oval:def:703057
mysql-5.6: MySQL database - mysql-5.5: MySQL database Several security issues were fixed in MySQL.

oval:org.secpod.oval:def:602353
Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.47

oval:org.secpod.oval:def:602351
Several issues have been discovered in the MariaDB database server. The vulnerabilities are addressed by upgrading MariaDB to the new upstream version 10.0.23. Please see the MariaDB 10.0 Release Notes for further details: https://mariadb.com/kb/en/mariadb/mariadb-10023-release-notes/

oval:org.secpod.oval:def:501798
MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a newer upstream version: MariaDB . Refer to the MariaDB Release Notes listed in the References section for a complete list of changes. Security Fix: * It wa ...

oval:org.secpod.oval:def:602365
Several vulnerabilities have been found in tiff, a Tag Image File Format library. Multiple out-of-bounds read and write flaws could cause an application using the tiff library to crash.

oval:org.secpod.oval:def:1600337
wolfSSL before 3.6.8 does not properly handle faults associated with the Chinese Remainder Theorem process when allowing ephemeral key exchange without low memory optimizations on a server, which makes it easier for remote attackers to obtain private RSA keys by capturing TLS handshakes, also know ...

oval:org.secpod.oval:def:400733
mariadb was updated to version 10.0.25 to fix 25 security issues. These security issues were fixed: - CVE-2016-0505: Unspecified vulnerability allowed remote authenticated users to affect availability via unknown vectors related to Options . - CVE-2016-0546: Unspecified vulnerability allowed local u ...

oval:org.secpod.oval:def:1200116
Use of uninitialized memory was reported in in libtiff.

oval:org.secpod.oval:def:110198
MariaDB is a community developed branch of MySQL. MariaDB is a multi-user, multi-threaded SQL database server. It is a client/server implementation consisting of a server daemon and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs an ...

oval:org.secpod.oval:def:109163
The libtiff package contains a library of functions for manipulating TIFF image format files. TIFF is a widely used file format for bitmapped images. TIFF files usually end in the .tif extension and they are often quite large. The libtiff package should be installed if you need to manipulate TIFF f ...

oval:org.secpod.oval:def:602526
Several issues have been discovered in the MariaDB database server. The vulnerabilities are addressed by upgrading MariaDB to the new upstream version 10.0.25. Please see the MariaDB 10.0 Release Notes for further details: https://mariadb.com/kb/en/mariadb/mariadb-10024-release-notes/ https://mariad ...

oval:org.secpod.oval:def:109149
The libtiff package contains a library of functions for manipulating TIFF image format files. TIFF is a widely used file format for bitmapped images. TIFF files usually end in the .tif extension and they are often quite large. The libtiff package should be installed if you need to manipulate TIFF f ...

oval:org.secpod.oval:def:602477
Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.49

oval:org.secpod.oval:def:501862
MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a newer upstream version: mariadb . Security Fix: * This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws c ...

oval:org.secpod.oval:def:400641
mariadb was updated to version 10.0.25 to fix 25 security issues. These security issues were fixed: - CVE-2016-0505: Unspecified vulnerability allowed remote authenticated users to affect availability via unknown vectors related to Options . - CVE-2016-0546: Unspecified vulnerability allowed local u ...

oval:org.secpod.oval:def:32758
The host is installed with Oracle MySQL through 5.5.46 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails unknown vectors related to Optimizer. Successful exploitation allows remote authenticated users to affect availability.

oval:org.secpod.oval:def:32753
The host is installed with Oracle MySQL through 5.5.46, through 5.6.27 or 5.7.9 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails vectors related to DML. Successful exploitation allows remote authenticated users to affect availability.

oval:org.secpod.oval:def:32754
The host is installed with Oracle MySQL through 5.5.46, through 5.6.27 or 5.7.9 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails unknown vectors related to Optimizer. Successful exploitation allows remote authenticated users to affect availability.

oval:org.secpod.oval:def:32746
The host is installed with Oracle MySQL through 5.5.46, through 5.6.27 or 5.7.9 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails vectors related to UDF. Successful exploitation allows remote authenticated users to affect availability.

oval:org.secpod.oval:def:32748
The host is installed with Oracle MySQL through 5.5.46, through 5.6.27 or 5.7.9 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails unknown vectors related to encryption. Successful exploitation allows remote authenticated users to affect integrity.

oval:org.secpod.oval:def:32742
The host is installed with Oracle MySQL through 5.5.46, through 5.6.27 or 5.7.9 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails unknown vectors related to Client. Successful exploitation allows local users to affect confidentiality, integrity, and avai ...

oval:org.secpod.oval:def:110278
MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files.

oval:org.secpod.oval:def:110258
MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files.

oval:org.secpod.oval:def:110256
MariaDB is a community developed branch of MySQL. MariaDB is a multi-user, multi-threaded SQL database server. It is a client/server implementation consisting of a server daemon and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs an ...

oval:org.secpod.oval:def:602569
Secunia Research at Flexera Software discovered an integer overflow vulnerability within the _gdContributionsAlloc function in libgd2, a library for programmatic graphics creation and manipulation. A remote attacker can take advantage of this flaw to cause a denial-of-service against an application ...

oval:org.secpod.oval:def:703226
libgd2: GD Graphics Library The GD library could be made to crash or run programs if it processed a specially crafted image file.

oval:org.secpod.oval:def:602771
Multiple vulnerabilities have been discovered in the JasPer library for processing JPEG-2000 images, which may result in denial of service or the execution of arbitrary code if a malformed image is processed.

oval:org.secpod.oval:def:1501855
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1501853
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:204498
JasPer is an implementation of Part 1 of the JPEG 2000 image compression standard. Security Fix: Multiple flaws were found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code. Multiple flaws ...

oval:org.secpod.oval:def:204496
JasPer is an implementation of Part 1 of the JPEG 2000 image compression standard. Security Fix: Multiple flaws were found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code. Multiple flaws ...

oval:org.secpod.oval:def:1600714
Multiple flaws were found in the way JasPer decoded JPEG 2000 image files. Aspecially crafted file could cause an application using JasPer to crash or,possibly, execute arbitrary code. Multiple flaws were found in the way JasPer decoded JPEG 2000 image files. Aspecially crafted file could cause an a ...

oval:org.secpod.oval:def:703615
jasper: Library for manipulating JPEG-2000 files Several security issues were fixed in JasPer.

oval:org.secpod.oval:def:502031
JasPer is an implementation of Part 1 of the JPEG 2000 image compression standard. Security Fix: Multiple flaws were found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code. Multiple flaws ...

oval:org.secpod.oval:def:112633
The kernel meta package

oval:org.secpod.oval:def:603147
Multiple vulnerabilities in OpenJPEG, a JPEG 2000 image compression / decompression library, may result in denial of service or the execution of arbitrary code if a malformed JPEG 2000 file is processed.

oval:org.secpod.oval:def:112712
The kernel meta package

oval:org.secpod.oval:def:53167
Multiple vulnerabilities in OpenJPEG, a JPEG 2000 image compression / decompression library, may result in denial of service or the execution of arbitrary code if a malformed JPEG 2000 file is processed.

oval:org.secpod.oval:def:52875
linux: Linux kernel Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:52883
linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:1502030
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:703781
linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-gke: Linux kernel for Google Container Engine systems - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors Several security issues were fixed in the Linux ker ...

oval:org.secpod.oval:def:703783
linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:703741
linux: Linux kernel Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:53532
Multiple vulnerabilities have been discovered in openjpeg2, the open-source JPEG 2000 codec, that could be leveraged to cause a denial of service or possibly remote code execution. CVE-2017-17480 Write stack buffer overflow in the jp3d and jpwl codecs can result in a denial of service or remote code ...

oval:org.secpod.oval:def:603821
Multiple vulnerabilities have been discovered in openjpeg2, the open-source JPEG 2000 codec, that could be leveraged to cause a denial of service or possibly remote code execution. CVE-2017-17480 Write stack buffer overflow in the jp3d and jpwl codecs can result in a denial of service or remote code ...

oval:org.secpod.oval:def:51885
linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-gke: Linux kernel for Google Container Engine systems - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors Several security issues were fixed in the Linux ker ...

oval:org.secpod.oval:def:2001457
An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. The "runtar" setuid root binary does not check for additional arguments supplied after --create, allowing users to manipulate commands and perform command injection as root.

oval:org.secpod.oval:def:47394
The host is installed with oracle fusion middleware mapViewer 12.2.1.2 or 12.2.1.3 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle the install (Apache Batik) component issue. Successful exploitation allows an attacker to gain acces ...

oval:org.secpod.oval:def:603415
Man Yue Mo, Lars Krapf and Pierre Ernst discovered that Batik, a toolkit for processing SVG images, did not properly validate its input. This would allow an attacker to cause a denial-of-service, mount cross-site scripting attacks, or access restricted files on the server.

oval:org.secpod.oval:def:53341
Man Yue Mo, Lars Krapf and Pierre Ernst discovered that Batik, a toolkit for processing SVG images, did not properly validate its input. This would allow an attacker to cause a denial-of-service, mount cross-site scripting attacks, or access restricted files on the server.

oval:org.secpod.oval:def:704222
batik: SVG Library Batik could be made to expose sensitive information if it received a specially crafted XML.

oval:org.secpod.oval:def:52940
batik: SVG Library Batik could be made to expose sensitive information if it received a specially crafted XML.

oval:org.secpod.oval:def:114623
Batik is a Java technology based toolkit for applications that want to use images in the Scalable Vector Graphics format for various purposes, such as viewing, generation or manipulation.

oval:org.secpod.oval:def:114622
Batik is a Java technology based toolkit for applications that want to use images in the Scalable Vector Graphics format for various purposes, such as viewing, generation or manipulation.

oval:org.secpod.oval:def:46697
The host is installed with Oracle MySQL Server through 5.6.40, 5.7.22 or 8.0.11 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to InnoDB. Successful exploitation allows attackers to affect Integrity and Availability.

oval:org.secpod.oval:def:50225
The host is installed with Oracle MySQL Server through 5.6.42, 5.7.24 or 8.0.13 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to Server: Optimizer. Successful exploitation allows attackers to affect Availability.

oval:org.secpod.oval:def:48102
The host is installed with Oracle MySQL Server through 5.6.41, 5.7.23 or 8.0.12 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to InnoDB. Successful exploitation allows attackers to affect Availability.

oval:org.secpod.oval:def:48103
The host is installed with Oracle MySQL Server through 5.6.41, 5.7.23 or 8.0.12 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to InnoDB. Successful exploitation allows attackers to affect Availability.

oval:org.secpod.oval:def:48101
The host is installed with Oracle MySQL Server through 5.6.41, 5.7.23 or 8.0.12 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to InnoDB. Successful exploitation allows attackers to affect Availability.

oval:org.secpod.oval:def:48114
The host is installed with Oracle MySQL Server through 5.5.61, 5.6.41, 5.7.23 or 8.0.12 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to Client programs. Successful exploitation allows attackers to affect Availability.

oval:org.secpod.oval:def:48128
The host is installed with Oracle MySQL Server through 5.5.61, 5.6.41, 5.7.23 or 8.0.12 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to Server: Storage Engines. Successful exploitation allows attackers to affect Availabilit ...

oval:org.secpod.oval:def:44771
The host is installed with OpenSSL 1.1.0 before 1.1.0h or OpenSSL 1.0.2b before 1.0.2n or MySQL Server prior to 5.6.40, 5.7.22 or 8.0.11 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle malicious input to a stack. Successful expl ...

oval:org.secpod.oval:def:54331
The host is installed with Oracle MySQL Server through 5.6.43, 5.7.25 or 8.0.15 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to Server: Compiling (OpenSSL). Successful exploitation allows attackers to affect Confidentiality ...

oval:org.secpod.oval:def:50989
The host is installed with OpenSSL 1.0.2 through 1.0.2q or Oracle MySQL Server through 5.6.43, 5.7.25 or 8.0.15 and is prone to a padding oracle attack vulnerability. The vulnerability is present in the SSL_shutdown() method used in conjunction with non-stitched ciphersuites. On successful exploitat ...

oval:org.secpod.oval:def:602757
Ibrahim M. El-Sayed discovered an out-of-bounds heap read vulnerability in the function Type_MLU_Read in liblcms2-2, the Little CMS 2 color management library, which can be triggered by an image with a specially crafted ICC profile and leading to a heap memory leak or denial-of-service for applicati ...

oval:org.secpod.oval:def:204141
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix: * It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy function in certain cases. An untrusted Jav ...

oval:org.secpod.oval:def:1800226
An out-of-bounds read in cmstypes.c in Type_MLU_Read function was found, leading to heap memory leak triggered by crafted ICC profile. Patch:

oval:org.secpod.oval:def:1800773
An out-of-bounds read in cmstypes.c in Type_MLU_Read function was found, leading to heap memory leak triggered by crafted ICC profile. Patch Reference

oval:org.secpod.oval:def:1800877
An out-of-bounds read in cmstypes.c in Type_MLU_Read function was found, leading to heap memory leak triggered by crafted ICC profile. Patch: Reference:

oval:org.secpod.oval:def:42356
The host is missing a critical security update KB4041689

oval:org.secpod.oval:def:42360
The host is missing an important security update KB4041676

oval:org.secpod.oval:def:114319
The mod_h2 Apache httpd module implements the HTTP2 protocol on top of libnghttp2 for httpd 2.4 servers.

oval:org.secpod.oval:def:114313
Module::CoreList provides information on which core and dual-life modules are shipped with each version of perl.

oval:org.secpod.oval:def:114310
Perl is a high-level programming language with roots in C, sed, awk and shell scripting. Perl is good at handling processes and files, and is especially good at handling text. Perl's hallmarks are practicality and efficiency. While it is used to do a lot of different things, Perl's most comm ...

oval:org.secpod.oval:def:1600879
Use-after-free on HTTP/2 stream shutdownWhen an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to trigger ...

oval:org.secpod.oval:def:114477
Perl is a high-level programming language with roots in C, sed, awk and shell scripting. Perl is good at handling processes and files, and is especially good at handling text. Perl's hallmarks are practicality and efficiency. While it is used to do a lot of different things, Perl's most comm ...

oval:org.secpod.oval:def:116205
The Apache HTTP Server is a powerful, efficient, and extensible web server.

oval:org.secpod.oval:def:54395
apache2: Apache HTTP server Several security issues were fixed in the Apache HTTP Server.

oval:org.secpod.oval:def:54396
apache2: Apache HTTP server Several security issues were fixed in the Apache HTTP Server.

oval:org.secpod.oval:def:704065
apache2: Apache HTTP server Details: USN-3627-1 fixed vulnerabilities in Apache HTTP Server. This update provides the corresponding updates for Ubuntu 18.04 LTS. Original advisory Several security issues were fixed in the Apache HTTP Server.

oval:org.secpod.oval:def:704052
apache2: Apache HTTP server Several security issues were fixed in the Apache HTTP Server.

oval:org.secpod.oval:def:2000360
In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the session is decoded.

oval:org.secpod.oval:def:48667
The host is installed with Apple Mac OS X 10.12.6 and is prone to multiple buffer overflow vulnerabilities. The flaws are present in the application, which fails to properly handle a memory related issue. Successful exploitation may allow attackers to perform buffer overflow.

oval:org.secpod.oval:def:48678
The host is installed with Apple Mac OS X 10.12.6 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle issues related to ruby. Successful exploitation may allow attackers to cause unexpected application termination or arbitrary code ...

oval:org.secpod.oval:def:48676
The host is installed with Apple Mac OS X 10.12.6 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle issues related to ruby. Successful exploitation may allow attackers to cause unexpected application termination or arbitrary code ...

oval:org.secpod.oval:def:48677
The host is installed with Apple Mac OS X 10.12.6 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle issues related to ruby. Successful exploitation may allow attackers to cause unexpected application termination or arbitrary code ...

oval:org.secpod.oval:def:48674
The host is installed with Apple Mac OS X 10.12.6 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle issues related to ruby. Successful exploitation may allow attackers to cause unexpected application termination or arbitrary code ...

oval:org.secpod.oval:def:48675
The host is installed with Apple Mac OS X 10.12.6 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle issues related to ruby. Successful exploitation may allow attackers to cause unexpected application termination or arbitrary code ...

oval:org.secpod.oval:def:48672
The host is installed with Apple Mac OS X 10.12.6 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle issues related to ruby. Successful exploitation may allow attackers to cause unexpected application termination or arbitrary code ...

oval:org.secpod.oval:def:603362
Multiple vulnerabilities were discovered in the implementation of the Perl programming language. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2018-6797 Brian Carpenter reported that a crafted regular expression could cause a heap buffer write overflow, with ...

oval:org.secpod.oval:def:603350
Several vulnerabilities have been found in the Apache HTTPD server. CVE-2017-15710 Alex Nichols and Jakob Hirsch reported that mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, could cause an of bound write if supplied with a crafted Accept-Language header. This could potentially be used fo ...

oval:org.secpod.oval:def:114242
The mod_h2 Apache httpd module implements the HTTP2 protocol on top of libnghttp2 for httpd 2.4 servers.

oval:org.secpod.oval:def:114244
The Apache HTTP Server is a powerful, efficient, and extensible web server.

oval:org.secpod.oval:def:704180
ruby2.3: Object-oriented scripting language - ruby1.9.1: Object-oriented scripting language - ruby2.0: Object-oriented scripting language Several security issues were fixed in Ruby.

oval:org.secpod.oval:def:704176
ruby2.3: Object-oriented scripting language - ruby1.9.1: Object-oriented scripting language - ruby2.0: Object-oriented scripting language Several security issues were fixed in Ruby.

oval:org.secpod.oval:def:1600980
A bug exists in the way mod_ssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause mod_ssl to enter a loop leading to a denial of service. This bug can be only triggered with Apache HTTP Server version 2.4.37 when using OpenSSL version 1.1.1 or l ...

oval:org.secpod.oval:def:603472
Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may result in incorrect processing of HTTP/FTP, directory traversal, command injection, unintended socket creation or information disclosure. This update also fixes several issues in RubyGems which could all ...

oval:org.secpod.oval:def:53297
Several vulnerabilities have been found in the Apache HTTPD server. CVE-2017-15710 Alex Nichols and Jakob Hirsch reported that mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, could cause an of bound write if supplied with a crafted Accept-Language header. This could potentially be used fo ...

oval:org.secpod.oval:def:114296
Module::CoreList provides information on which core and dual-life modules are shipped with each version of perl.

oval:org.secpod.oval:def:114298
Perl is a high-level programming language with roots in C, sed, awk and shell scripting. Perl is good at handling processes and files, and is especially good at handling text. Perl's hallmarks are practicality and efficiency. While it is used to do a lot of different things, Perl's most comm ...

oval:org.secpod.oval:def:1800939
CVE-2017-15710: Out of bound write in mod_authnz_ldap when using too small Accept-Language values¶ Affected Versions:¶ 2.4.1 to 2.4.29 Fixed in:¶ Apache 2.4.30

oval:org.secpod.oval:def:1800945
CVE-2017-15710: Out of bound write in mod_authnz_ldap when using too small Accept-Language values¶ Affected Versions 2.4.1 to 2.4.29 Fixed in Apache 2.4.30

oval:org.secpod.oval:def:1800946
CVE-2017-15710: Out of bound write in mod_authnz_ldap when using too small Accept-Language values¶ Affected Versions:¶ 2.4.1 to 2.4.29 Fixed in:¶ Apache 2.4.30

oval:org.secpod.oval:def:1800958
Ruby has multiple vulnerabilities: CVE-2017-17742: HTTP response splitting in WEBrick CVE-2018-6914: Unintentional file and directory creation with directory traversal in tempfile and tmpdir CVE-2018-8777: DoS by large request in WEBrick CVE-2018-8778: Buffer under-read in String#unpack CVE-2018-877 ...

oval:org.secpod.oval:def:1800960
Ruby has multiple vulnerabilities: CVE-2017-17742: HTTP response splitting in WEBrick CVE-2018-6914: Unintentional file and directory creation with directory traversal in tempfile and tmpdir CVE-2018-8777: DoS by large request in WEBrick CVE-2018-8778: Buffer under-read in String#unpack CVE-2018-877 ...

oval:org.secpod.oval:def:1800961
Ruby has multiple vulnerabilities: CVE-2017-17742: HTTP response splitting in WEBrick CVE-2018-6914: Unintentional file and directory creation with directory traversal in tempfile and tmpdir CVE-2018-8777: DoS by large request in WEBrick CVE-2018-8778: Buffer under-read in String#unpack CVE-2018-877 ...

oval:org.secpod.oval:def:53303
Multiple vulnerabilities were discovered in the implementation of the Perl programming language. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2018-6797 Brian Carpenter reported that a crafted regular expression could cause a heap buffer write overflow, with ...

oval:org.secpod.oval:def:1800950
CVE-2017-15710: Out of bound write in mod_authnz_ldap when using too small Accept-Language values¶ Affected Versions:¶ 2.4.1 to 2.4.29 Fixed in:¶ Apache 2.4.30

oval:org.secpod.oval:def:51536
perl: Practical Extraction and Report Language Several security issues were fixed in Perl.

oval:org.secpod.oval:def:704215
ruby2.3: Interpreter of object-oriented scripting language Ruby - ruby1.9.1: Object-oriented scripting language - ruby2.0: Object-oriented scripting language Ruby could be made to execute arbitrary commands if opened a specially crafted file.

oval:org.secpod.oval:def:204761
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fix: * It was discovered that the Net::FTP module did not properly process filenames in combination with certain operations. A remote attack ...

oval:org.secpod.oval:def:52071
ruby2.3: Object-oriented scripting language - ruby1.9.1: Object-oriented scripting language - ruby2.0: Object-oriented scripting language Several security issues were fixed in Ruby.

oval:org.secpod.oval:def:52068
ruby2.3: Object-oriented scripting language - ruby1.9.1: Object-oriented scripting language - ruby2.0: Object-oriented scripting language Several security issues were fixed in Ruby.

oval:org.secpod.oval:def:52090
ruby2.3: Interpreter of object-oriented scripting language Ruby - ruby1.9.1: Object-oriented scripting language - ruby2.0: Object-oriented scripting language Ruby could be made to execute arbitrary commands if opened a specially crafted file.

oval:org.secpod.oval:def:52034
apache2: Apache HTTP server Several security issues were fixed in the Apache HTTP Server.

oval:org.secpod.oval:def:53383
Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may result in incorrect processing of HTTP/FTP, directory traversal, command injection, unintended socket creation or information disclosure. This update also fixes several issues in RubyGems which could all ...

oval:org.secpod.oval:def:1901777
mod_auth_digest access control bypass

oval:org.secpod.oval:def:502236
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fix: * It was discovered that the Net::FTP module did not properly process filenames in combination with certain operations. A remote attack ...

oval:org.secpod.oval:def:114573
Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks . It is simple, straight-forward, and extensible.

oval:org.secpod.oval:def:603841
Several vulnerabilities have been found in the Apache HTTP server. CVE-2018-17189 Gal Goldshtein of F5 Networks discovered a denial of service vulnerability in mod_http2. By sending malformed requests, the http/2 stream for that request unnecessarily occupied a server thread cleaning up incoming dat ...

oval:org.secpod.oval:def:45091
perl: Practical Extraction and Report Language Several security issues were fixed in Perl.

oval:org.secpod.oval:def:45092
perl: Practical Extraction and Report Language Several security issues were fixed in Perl.

oval:org.secpod.oval:def:54093
apache2: Apache HTTP server Several security issues were fixed in the Apache HTTP Server.

oval:org.secpod.oval:def:54094
apache2: Apache HTTP server Several security issues were fixed in the Apache HTTP Server.

oval:org.secpod.oval:def:54095
apache2: Apache HTTP server Several security issues were fixed in the Apache HTTP Server.

oval:org.secpod.oval:def:1801294
CVE-2018-17189: DoS for HTTP/2 connections via slow request bodies¶ By sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 connections. A possible mitigation ...

oval:org.secpod.oval:def:1801296
CVE-2018-17189: DoS for HTTP/2 connections via slow request bodies¶ By sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 connections. A possible mitigation ...

oval:org.secpod.oval:def:1801297
CVE-2018-17189: DoS for HTTP/2 connections via slow request bodies¶ By sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 connections. A possible mitigation ...

oval:org.secpod.oval:def:1900079
In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the session is decoded.

oval:org.secpod.oval:def:51036
apache2: Apache HTTP server Details: USN-3627-1 fixed vulnerabilities in Apache HTTP Server. This update provides the corresponding updates for Linux Mint 19.x LTS. Original advisory Several security issues were fixed in the Apache HTTP Server.

oval:org.secpod.oval:def:114608
Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks . It is simple, straight-forward, and extensible.

oval:org.secpod.oval:def:50601
When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to trigger in usual configurations, the reporter an ...

oval:org.secpod.oval:def:1502140
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1801348
CVE-2018-17189: DoS for HTTP/2 connections via slow request bodies¶ By sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 connections. A possible mitigation ...

oval:org.secpod.oval:def:1801364
CVE-2019-0196: mod_ read-after-free on a string compare¶ Using fuzzed network input, the request handling could be made to access freed memory in string comparision when determining the method of a request and thus process the request incorrectly. Versions Affected:¶ 2.4.17 to 2.4.38 Fixed ...

oval:org.secpod.oval:def:1801365
CVE-2019-0196: mod_ read-after-free on a string compare¶ Using fuzzed network input, the request handling could be made to access freed memory in string comparision when determining the method of a request and thus process the request incorrectly. Versions Affected:¶ 2.4.17 to 2.4.38 Fixed ...

oval:org.secpod.oval:def:1801366
CVE-2019-0196: mod_ read-after-free on a string compare¶ Using fuzzed network input, the request handling could be made to access freed memory in string comparision when determining the method of a request and thus process the request incorrectly. Versions Affected:¶ 2.4.17 to 2.4.38 Fixed ...

oval:org.secpod.oval:def:1801367
CVE-2019-0196: mod_ read-after-free on a string compare¶ Using fuzzed network input, the request handling could be made to access freed memory in string comparision when determining the method of a request and thus process the request incorrectly. Versions Affected:¶ 2.4.17 to 2.4.38 Fixed ...

oval:org.secpod.oval:def:54101
The host is installed with Apache HTTP Server 2.4.x through 2.4.38 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to properly handle a race condition in mod_auth_digest when running in a threaded server. Successful exploitation could allow attacker ...

oval:org.secpod.oval:def:34666
The host is installed with Apple Mac OS X or Server 10.9.5, 10.10.5 or 10.11.x before 10.11.5 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle unspecified vectors. Successful exploitation could allow remote attackers to an unexpe ...

oval:org.secpod.oval:def:34667
The host is installed with Apple Mac OS X or Server 10.9.5, 10.10.5 or 10.11.x before 10.11.5 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle unspecified vectors. Successful exploitation could allow remote attackers to an unexpe ...

oval:org.secpod.oval:def:34664
The host is installed with Apple Mac OS X or Server 10.9.5, 10.10.5 or 10.11.x before 10.11.5 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle unspecified vectors. Successful exploitation could allow remote attackers to an unexpe ...

oval:org.secpod.oval:def:34665
The host is installed with Apple Mac OS X or Server 10.9.5, 10.10.5 or 10.11.x before 10.11.5 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle unspecified vectors. Successful exploitation could allow remote attackers to an unexpe ...

oval:org.secpod.oval:def:34662
The host is installed with Apple Mac OS X or Server 10.9.5, 10.10.5 or 10.11.x before 10.11.5 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle unspecified vectors. Successful exploitation could allow remote attackers to an unexpe ...

oval:org.secpod.oval:def:34660
The host is installed with Apple Mac OS X or Server 10.9.5, 10.10.5 or 10.11.x before 10.11.5 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle unspecified vectors. Successful exploitation could allow remote attackers to an unexpe ...

oval:org.secpod.oval:def:34661
The host is installed with Apple Mac OS X or Server 10.9.5, 10.10.5 or 10.11.x before 10.11.5 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle unspecified vectors. Successful exploitation could allow remote attackers to an unexpe ...

oval:org.secpod.oval:def:33674
The host is installed with Apple Mac OS X or Server 10.9.5, 10.10.5 or 10.11.x before 10.11.4 or Apple Safari before 9.1 and is prone to an arbitrary code execution vulnerability. A flaw is present in the application, which fails to properly handle a malicious crafted XML. Successful exploitation co ...

oval:org.secpod.oval:def:602531
Multiple security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, buffer overflows and other implementation errors may lead to the execution of arbitrary code or spoofing. Wait, Firefox? No more references to Iceweasel? That"s right, Debian no longer applies ...

oval:org.secpod.oval:def:602589
Multiple security issues have been found in Icedove, Debian"s version of the Mozilla Thunderbird mail client: Multiple memory safety errors may lead to the execution of arbitrary code or denial of service.

oval:org.secpod.oval:def:42214
The host is missing a security update according to Apple advisory, APPLE-SA-2017-09-25-1. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle crafted data. Successful exploitation could allow attackers to execute arbitrary ...

oval:org.secpod.oval:def:116979
MariaDB is a community developed branch of MySQL - a multi-user, multi-threaded SQL database server. It is a client/server implementation consisting of a server daemon and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs and generic ...

oval:org.secpod.oval:def:115668
MariaDB is a community developed branch of MySQL - a multi-user, multi-threaded SQL database server. It is a client/server implementation consisting of a server daemon and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs and generic ...

oval:org.secpod.oval:def:112585
This is expat, the C library for parsing XML, written by James Clark. Expat is a stream oriented XML parser. This means that you register handlers with the parser prior to starting the parse. These handlers are called when the parser discovers the associated structures in the document being parsed. ...

oval:org.secpod.oval:def:112591
This is expat, the C library for parsing XML, written by James Clark. Expat is a stream oriented XML parser. This means that you register handlers with the parser prior to starting the parse. These handlers are called when the parser discovers the associated structures in the document being parsed. ...

oval:org.secpod.oval:def:703357
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:1700155
The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prio ...

oval:org.secpod.oval:def:53080
Multiple vulnerabilities have been discovered in Expat, an XML parsing C library. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2016-9063 Gustavo Grieco discovered an integer overflow flaw during parsing of XML. An attacker can take advantage of this flaw to ...

oval:org.secpod.oval:def:602951
Multiple vulnerabilities have been discovered in Expat, an XML parsing C library. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2016-9063 Gustavo Grieco discovered an integer overflow flaw during parsing of XML. An attacker can take advantage of this flaw to ...

oval:org.secpod.oval:def:113669
Chromium is an open-source web browser, powered by WebKit .

oval:org.secpod.oval:def:53120
Several vulnerabilities were discovered in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause a denial-of-service against the applica ...

oval:org.secpod.oval:def:115490
MariaDB is a community developed branch of MySQL. MariaDB is a multi-user, multi-threaded SQL database server. It is a client/server implementation consisting of a server daemon and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs an ...

oval:org.secpod.oval:def:42549
The host is missing a high severity security update according to Google advisory. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:42548
The host is missing a high severity security update according to Google advisory. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:115534
MariaDB is a community developed branch of MySQL. MariaDB is a multi-user, multi-threaded SQL database server. It is a client/server implementation consisting of a server daemon and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs an ...

oval:org.secpod.oval:def:42506
The host is missing a high severity security update according to Google advisory. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:42541
The host is installed with Google Chrome before 62.0.3202.62 and is prone to a heap overflow vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:42540
The host is installed with Google Chrome before 62.0.3202.62 and is prone to a heap overflow vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:1600961
Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Succe ...

oval:org.secpod.oval:def:1600958
Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server exe ...

oval:org.secpod.oval:def:1600949
Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability ...

oval:org.secpod.oval:def:113859
Chromium is an open-source web browser, powered by WebKit .

oval:org.secpod.oval:def:2000543
An integer overflow in xmlmemory.c in libxml2 before 2.9.5, as used in Google Chrome prior to 62.0.3202.62 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted XML file.

oval:org.secpod.oval:def:703799
libxml2: GNOME XML library Several security issues were fixed in libxml2.

oval:org.secpod.oval:def:51669
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:1801556
CVE-2018-2755: mariaDB 10.1.33 CVE-2018-2761: mariaDB 10.1.33 CVE-2018-2766: mariaDB 10.1.33 CVE-2018-2767: mariaDB 10.1.33 CVE-2018-2771: mariaDB 10.1.33 CVE-2018-2781: mariaDB 10.1.33 CVE-2018-2782: mariaDB 10.1.33 CVE-2018-2784: mariaDB 10.1.33 CVE-2018-2787: mariaDB 10.1.33 CVE-2018-2813: mariaD ...

oval:org.secpod.oval:def:1801542
CVE-2018-3060: mariaDB 10.2.17 CVE-2018-3064: mariaDB 10.2.17 CVE-2018-3063: mariaDB 10.2.17 CVE-2018-3058: mariaDB 10.2.17 CVE-2018-3066: mariaDB 10.2.17 CVE-2018-3282: mariaDB 10.2.19 CVE-2016-9843: mariaDB 10.2.19 CVE-2018-3174: mariaDB 10.2.19 CVE-2018-3143: mariaDB 10.2.19 CVE-2018-3156: mariaD ...

oval:org.secpod.oval:def:1801544
CVE-2018-2755: mariaDB 10.1.33 CVE-2018-2761: mariaDB 10.1.33 CVE-2018-2766: mariaDB 10.1.33 CVE-2018-2767: mariaDB 10.1.33 CVE-2018-2771: mariaDB 10.1.33 CVE-2018-2781: mariaDB 10.1.33 CVE-2018-2782: mariaDB 10.1.33 CVE-2018-2784: mariaDB 10.1.33 CVE-2018-2787: mariaDB 10.1.33 CVE-2018-2813: mariaD ...

oval:org.secpod.oval:def:112829
This is expat, the C library for parsing XML, written by James Clark. Expat is a stream oriented XML parser. This means that you register handlers with the parser prior to starting the parse. These handlers are called when the parser discovers the associated structures in the document being parsed. ...

oval:org.secpod.oval:def:51892
libxml2: GNOME XML library Several security issues were fixed in libxml2.

oval:org.secpod.oval:def:38093
The host is missing a critical security update according to Mozilla advisory, MFSA2016-89. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code o ...

oval:org.secpod.oval:def:38090
The host is installed with Mozilla Firefox before 50.0 or Apple Mac OS 10.8 before 10.13 and is prone to an integer overflow vulnerability. A flaw is present in the Expat, which fails to properly parse XML. Successful exploitation allows remote attackers to cause integer overflow.

oval:org.secpod.oval:def:603070
Several vulnerabilities were discovered in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause a denial-of-service against the applica ...

oval:org.secpod.oval:def:51138
apache2: Apache HTTP server Several security issues were fixed in the Apache HTTP Server.

oval:org.secpod.oval:def:51121
linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 S ...

oval:org.secpod.oval:def:51129
lcms2: Little CMS color management library Several security issues were fixed in Little CMS.

oval:org.secpod.oval:def:1600944
An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel. An attacker with a local account can trick the stack unwinder code to leak stack contents to userspace. The fix allows only root to inspect the kernel stack of an arbitrary task.A vulnerability was discover ...

oval:org.secpod.oval:def:1600942
During key agreement in a TLS handshake using a DH based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This cou ...

oval:org.secpod.oval:def:51996
qemu: Machine emulator and virtualizer Several security issues were fixed in QEMU.

oval:org.secpod.oval:def:51997
libvirt: Libvirt virtualization toolkit Several security issues were fixed in libvirt.

oval:org.secpod.oval:def:1502452
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502453
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502450
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502451
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502454
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1600831
The NTLM authentication feature in curl and libcurl before 7.57.0 on 32-bit platforms allows attackers to cause a denial of service or possibly have unspecified other impact via vectors involving long user and password fields. The FTP wildcard function in curl and libcurl before 7.57.0 allows remot ...

oval:org.secpod.oval:def:113972
The kernel meta package

oval:org.secpod.oval:def:1900703
libvirt0 version before 4.2.0-rc1 is vulnerable to a resource exhaustion as a result of an incomplete fix for CVE-2018-5748 that affects QEMU monitor but now also triggered via QEMU guest agent.

oval:org.secpod.oval:def:1801000
CVE-2018-10472,XSA-258: Information leak via crafted user-supplied CDROM

oval:org.secpod.oval:def:1801001
CVE-2018-8897, XSA-260: x86: mishandling of debug exceptions

oval:org.secpod.oval:def:1801004
CVE-2018-10472,XSA-258: Information leak via crafted user-supplied CDROM

oval:org.secpod.oval:def:116106
The kernel meta package

oval:org.secpod.oval:def:116107
Kernel-headers includes the C header files that specify the interface between the Linux kernel and userspace libraries and programs. The header files define structures and constants that are needed for building most standard programs and are also needed for rebuilding the glibc package.

oval:org.secpod.oval:def:116104
Kernel-headers includes the C header files that specify the interface between the Linux kernel and userspace libraries and programs. The header files define structures and constants that are needed for building most standard programs and are also needed for rebuilding the glibc package.

oval:org.secpod.oval:def:116105
The kernel meta package

oval:org.secpod.oval:def:603189
Two vulnerabilities were discovered in cURL, an URL transfer library. CVE-2017-8816 Alex Nichols discovered a buffer overrun flaw in the NTLM authentication code which can be triggered on 32bit systems where an integer overflow might occur when calculating the size of a memory allocation. CVE-2017-8 ...

oval:org.secpod.oval:def:502541
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * kernel: stack-based buffer overflow in chap_server_compute_md5 in iscsi target * kernel: NULL pointer dereference in af_netlink.c:__netlink_ns_capable allows for denial of service For more details ...

oval:org.secpod.oval:def:114497
This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor

oval:org.secpod.oval:def:113108
The kernel meta package

oval:org.secpod.oval:def:43626
The host is installed with Apple Mac OS X 10.13.2 and is prone to a denial of service vulnerability. The flaw is present in the application, which fails to properly handle an out-of-bounds read issue. Successful exploitation allows attackers to cause a denial of service.

oval:org.secpod.oval:def:1502342
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502341
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:114424
This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor

oval:org.secpod.oval:def:1700150
A kernel memory leak was found in the kernel_read_file function in the fs/exec.c file in the Linux kernel. An attacker could use this flaw to cause a memory leak and thus a denial of service .A flaw was found in mmap in the Linux kernel allowing the process to map a null page. This allows attackers ...

oval:org.secpod.oval:def:1700149
Vulnerability in the Java SE component of Oracle Java SE . Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of th ...

oval:org.secpod.oval:def:1700144
A vulnerability was found in polkit. When authentication is performed by a non-root user to perform an administrative task, the authentication is temporarily cached in such a way that a local attacker could impersonate the authorized process, thus gaining access to elevated privileges.

oval:org.secpod.oval:def:1502306
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502307
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:112659
The kernel meta package

oval:org.secpod.oval:def:113981
The kernel meta package

oval:org.secpod.oval:def:1700125
libcurl is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad le ...

oval:org.secpod.oval:def:204475
The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated kernel packages include several security issues and numerous bug fixes. Space precludes documenting all of these bug fixes in this advisory. To see the complete list of bug fixes, users are directed t ...

oval:org.secpod.oval:def:1700108
util/virlog.c in libvirt does not properly determine the hostname on LXC container startup, which allows local guest OS users to bypass an intended container protection mechanism and execute arbitrary commands via a crafted NSS module.

oval:org.secpod.oval:def:502616
The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix: * OpenJDK: memory disclosure in FileChannelImpl For more details about the security issue, including the impact, a CVSS score, and other related information ...

oval:org.secpod.oval:def:502615
The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones. Security Fix: * polkit: Temporary auth hijacking via PID reuse and non-atomic fork For more details a ...

oval:org.secpod.oval:def:502618
The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix: * OpenJDK: memory disclosure in FileChannelImpl For more details about the security issue, including the impact, a CVSS score, and other related information ...

oval:org.secpod.oval:def:502619
The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fix: * OpenJDK: memory disclosure in FileChannelImpl For more details about the security issue, including the impact, a CVSS score, and other related information, ...

oval:org.secpod.oval:def:502621
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix: * OpenJDK: memory disclosure in FileChannelImpl For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other re ...

oval:org.secpod.oval:def:502620
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix: * OpenJDK: memory disclosure in FileChannelImpl For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other re ...

oval:org.secpod.oval:def:502639
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * kernel: Missing check in fs/inode.c:inode_init_owner does not clear SGID bit on non-directories for non-members For more details about the security issue, including the impact, a CVSS score, acknow ...

oval:org.secpod.oval:def:1502392
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1600783
A buffer overflow was discovered in tpacket_rcv function in the Linux kernel since v4.6-rc1 through v4.13. A number of socket-related syscalls can be made to set up a configuration when each packet received by a network interface can cause writing up to 10 bytes to a kernel memory outside of a kerne ...

oval:org.secpod.oval:def:502605
The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones. Security Fix: * polkit: Temporary auth hijacking via PID reuse and non-atomic fork For more details a ...

oval:org.secpod.oval:def:45418
The host is missing an important security update for KB4103731

oval:org.secpod.oval:def:45419
The host is missing an important security update for KB4103730

oval:org.secpod.oval:def:45416
The host is missing an important security update for KB4134651

oval:org.secpod.oval:def:45421
The host is missing an important security update 4103715

oval:org.secpod.oval:def:45423
The host is missing an important security update for KB4103721

oval:org.secpod.oval:def:1501938
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:44100
qemu: Machine emulator and virtualizer Several security issues were fixed in QEMU.

oval:org.secpod.oval:def:1501940
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:44101
qemu: Machine emulator and virtualizer Several security issues were fixed in QEMU.

oval:org.secpod.oval:def:1501947
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:45436
The host is missing an important security update for KB4103725

oval:org.secpod.oval:def:45437
The host is missing an important security update 4103726

oval:org.secpod.oval:def:45438
The host is missing an important security update for KB4103727

oval:org.secpod.oval:def:45440
The host is missing an important security update 4103712

oval:org.secpod.oval:def:1501966
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:53002
linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-hwe: Linux hardware enablement kernel Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:53015
linux: Linux kernel The system could be made to run programs as an administrator.

oval:org.secpod.oval:def:114124
The kernel meta package

oval:org.secpod.oval:def:54407
openjdk-7: Open Source Java implementation Java applets or applications could be made to expose sensitive information.

oval:org.secpod.oval:def:2000324
A memory leak in the kernel_read_file function in fs/exec.c in the Linux kernel through 4.20.11 allows attackers to cause a denial of service by triggering vfs_read failures.

oval:org.secpod.oval:def:115440
This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor

oval:org.secpod.oval:def:704900
openjdk-lts: Open Source Java implementation Java applets or applications could be made to expose sensitive information.

oval:org.secpod.oval:def:53108
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2017-7346 Li Qiang discovered that the DRM driver for VMware virtual GPUs does not properly check user-controlled values in the vmw_surface_define_ioc ...

oval:org.secpod.oval:def:114968
The kernel meta package

oval:org.secpod.oval:def:1502682
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:603310
Several vulnerabilities were discovered in Libvirt, a virtualisation abstraction library: CVE-2018-1064 Denial Berrange discovered that the QEMU guest agent performed insufficient validationof incoming data, which allows a privileged user in the guest to exhaust resources on the virtualisation host, ...

oval:org.secpod.oval:def:113718
curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+passwo ...

oval:org.secpod.oval:def:45543
The host is missing an important security update 4103718

oval:org.secpod.oval:def:704874
policykit-1: framework for managing administrative policies and privileges PolicyKit could allow unintended access.

oval:org.secpod.oval:def:704879
openjdk-7: Open Source Java implementation Java applets or applications could be made to expose sensitive information.

oval:org.secpod.oval:def:53198
Two vulnerabilities were discovered in cURL, an URL transfer library. CVE-2017-8816 Alex Nichols discovered a buffer overrun flaw in the NTLM authentication code which can be triggered on 32bit systems where an integer overflow might occur when calculating the size of a memory allocation. CVE-2017-8 ...

oval:org.secpod.oval:def:603396
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation or denial of service. CVE-2018-1087 Andy Lutomirski discovered that the KVM implementation did not properly handle #DB exceptions while deferred by MOV SS/POP SS, allowing an unprivileged KVM gue ...

oval:org.secpod.oval:def:704821
linux: Linux kernel The system could be made to run programs as an administrator.

oval:org.secpod.oval:def:115587
QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system , including a processor and various peripherials. It can be used to launch differe ...

oval:org.secpod.oval:def:2000401
In PolicyKit 0.115, the "start time" protection mechanism can be bypassed because fork is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c.

oval:org.secpod.oval:def:54510
openjdk-lts: Open Source Java implementation Java applets or applications could be made to expose sensitive information.

oval:org.secpod.oval:def:113749
curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+passwo ...

oval:org.secpod.oval:def:704151
libjpeg-turbo: library for handling JPEG files libjpeg-turbo could be made to crash or run programs as your login if it opened a specially crafted file.

oval:org.secpod.oval:def:704134
openssl: Secure Socket Layer cryptographic library and tools - openssl1.0: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL.

oval:org.secpod.oval:def:704113
linux: Linux kernel Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:1600987
Vulnerability in the Java SE component of Oracle Java SE . Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of th ...

oval:org.secpod.oval:def:116064
Kernel-headers includes the C header files that specify the interface between the Linux kernel and userspace libraries and programs. The header files define structures and constants that are needed for building most standard programs and are also needed for rebuilding the glibc package.

oval:org.secpod.oval:def:1600990
A kernel memory leak was found in the kernel_read_file function in the fs/exec.c file in the Linux kernel. An attacker could use this flaw to cause a memory leak and thus a denial of service . A flaw was found in mmap in the Linux kernel allowing the process to map a null page. This allows attackers ...

oval:org.secpod.oval:def:116053
The kernel meta package

oval:org.secpod.oval:def:53274
Several vulnerabilities were discovered in Libvirt, a virtualisation abstraction library: CVE-2018-1064 Denial Berrange discovered that the QEMU guest agent performed insufficient validationof incoming data, which allows a privileged user in the guest to exhaust resources on the virtualisation host, ...

oval:org.secpod.oval:def:1800989
CVE-2018-10472,XSA-258: Information leak via crafted user-supplied CDROM

oval:org.secpod.oval:def:53326
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation or denial of service. CVE-2018-1087 Andy Lutomirski discovered that the KVM implementation did not properly handle #DB exceptions while deferred by MOV SS/POP SS, allowing an unprivileged KVM gue ...

oval:org.secpod.oval:def:53328
Multiple vulnerabilities have been discovered in the Xen hypervisor: CVE-2018-8897 Andy Lutomirski and Nick Peterson discovered that incorrect handling of debug exceptions could result in privilege escalation. CVE-2018-10471 An error was discovered in the mitigations against Meltdown which could res ...

oval:org.secpod.oval:def:115236
Kernel-headers includes the C header files that specify the interface between the Linux kernel and userspace libraries and programs. The header files define structures and constants that are needed for building most standard programs and are also needed for rebuilding the glibc package.

oval:org.secpod.oval:def:115235
This package contains the tools/ directory from the kernel source and the supporting documentation.

oval:org.secpod.oval:def:115230
The kernel meta package

oval:org.secpod.oval:def:703806
linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:703805
linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-gke: Linux kernel for Google Container Engine systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors Se ...

oval:org.secpod.oval:def:703800
linux-hwe: Linux hardware enablement kernel Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:703801
linux: Linux kernel - linux-raspi2: Linux kernel for Raspberry Pi 2 Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:49231
qemu: Machine emulator and virtualizer Several security issues were fixed in QEMU.

oval:org.secpod.oval:def:51543
qemu: Machine emulator and virtualizer Several security issues were fixed in QEMU.

oval:org.secpod.oval:def:52874
linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:49230
qemu: Machine emulator and virtualizer Several security issues were fixed in QEMU.

oval:org.secpod.oval:def:1800914
CVE-2017-8816: NTLM buffer overflow via integer overflow Affected versions: libcurl 7.36.0 to and including 7.56.1 Not affected versions: libcurl = 7.57.0

oval:org.secpod.oval:def:52885
linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:1502007
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502008
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:114770
The kernel meta package

oval:org.secpod.oval:def:204783
Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix: * Qemu: vga: OOB read access during display update * Qemu: Slirp: use-after-free w ...

oval:org.secpod.oval:def:1502013
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502011
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502017
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502014
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:46150
The host is installed with OpenSSL 1.1.0 through 1.1.0h or OpenSSL 1.0.2 through 1.0.2o or Oracle VM VirtualBox before 5.2.20 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle a key agreement issue in a TLS handshake using a DH(E) ...

oval:org.secpod.oval:def:114740
The kernel meta package

oval:org.secpod.oval:def:603564
Integer overflows in the processing of packets in network cards emulated by QEMU, a fast processor emulator, could result in denial of service. In addition this update backports support to passthrough the new CPU features added in the intel-microcode update shipped in DSA 4273 to x86-based guests.

oval:org.secpod.oval:def:1502026
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502029
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502045
Several security issues were fixed in Linux Kernel and dtrace-modules.

oval:org.secpod.oval:def:1502047
Several security issues were fixed in Linux Kernel.

oval:org.secpod.oval:def:1502048
Several security issues were fixed in Linux Kernel and dtrace-modules.

oval:org.secpod.oval:def:204748
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * An integer overflow vulnerability in ip6_find_1stfragopt function was found. A local attacker that has privileges to open raw socket can cause an infinite loop inside the ip6_find_1stfragopt functi ...

oval:org.secpod.oval:def:57782
linux: Linux kernel - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-aws: Linux kernel for Amazon Web Services systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-euclid: Linux kernel for Intel Euclid systems - linux-gcp: Linux kernel for Google Cloud Platform syst ...

oval:org.secpod.oval:def:115253
The mod_h2 Apache httpd module implements the HTTP2 protocol on top of libnghttp2 for httpd 2.4 servers.

oval:org.secpod.oval:def:703740
linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-gke: Linux kernel for Google Container Engine systems - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors Several security issues were fixed in the Linux ker ...

oval:org.secpod.oval:def:115249
This package contains the tools/ directory from the kernel source and the supporting documentation.

oval:org.secpod.oval:def:115248
Kernel-headers includes the C header files that specify the interface between the Linux kernel and userspace libraries and programs. The header files define structures and constants that are needed for building most standard programs and are also needed for rebuilding the glibc package.

oval:org.secpod.oval:def:703739
linux-hwe: Linux hardware enablement kernel Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:703738
linux: Linux kernel - linux-raspi2: Linux kernel for Raspberry Pi 2 Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:703737
linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:53390
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation or denial of service. CVE-2018-5390 Juha-Matti Tilli discovered that a remote attacker can trigger the worst case code paths for TCP stream reassembly with low rates of specially crafted packets ...

oval:org.secpod.oval:def:115324
This package contains the tools/ directory from the kernel source and the supporting documentation.

oval:org.secpod.oval:def:205372
Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix: * QEMU: slirp: heap buffer overflow while reassembling fragmented datagrams * QEMU ...

oval:org.secpod.oval:def:52132
openjdk-lts: Open Source Java implementation - openjdk-8: Open Source Java implementation Java applets or applications could be made to expose sensitive information.

oval:org.secpod.oval:def:53457
Integer overflows in the processing of packets in network cards emulated by QEMU, a fast processor emulator, could result in denial of service. In addition this update backports support to passthrough the new CPU features added in the intel-microcode update shipped in DSA 4273 to x86-based guests.

oval:org.secpod.oval:def:115345
Kernel-headers includes the C header files that specify the interface between the Linux kernel and userspace libraries and programs. The header files define structures and constants that are needed for building most standard programs and are also needed for rebuilding the glibc package.

oval:org.secpod.oval:def:502135
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * A stack buffer overflow flaw was found in the way the Bluetooth subsystem of the Linux kernel processed pending L2CAP configuration responses from a client. On systems with the stack protection feat ...

oval:org.secpod.oval:def:502137
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * A stack buffer overflow flaw was found in the way the Bluetooth subsystem of the Linux kernel processed pending L2CAP configuration responses from a client. On systems with the stack protection feat ...

oval:org.secpod.oval:def:703912
curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl.

oval:org.secpod.oval:def:114886
The kernel meta package

oval:org.secpod.oval:def:704399
qemu: Machine emulator and virtualizer Several security issues were fixed in QEMU.

oval:org.secpod.oval:def:204842
The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix: * libvirt: Resource exhaustion via qemuMonitorIORead method * ...

oval:org.secpod.oval:def:704336
apache2: Apache HTTP server Several security issues were fixed in the Apache HTTP Server.

oval:org.secpod.oval:def:704322
lcms2: Little CMS color management library Several security issues were fixed in Little CMS.

oval:org.secpod.oval:def:704312
linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 S ...

oval:org.secpod.oval:def:204866
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * Modern operating systems implement virtualization of physical memory to efficiently use available system resources and provide inter-domain protection through access control and isolation. The L1TF ...

oval:org.secpod.oval:def:52196
curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl.

oval:org.secpod.oval:def:114070
Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux . The main package includes the libvirtd server exporting the virtualization support.

oval:org.secpod.oval:def:502230
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * An integer overflow vulnerability in ip6_find_1stfragopt function was found. A local attacker that has privileges to open raw socket can cause an infinite loop inside the ip6_find_1stfragopt functi ...

oval:org.secpod.oval:def:703873
linux-hwe: Linux hardware enablement kernel Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:115373
The kernel meta package

oval:org.secpod.oval:def:703877
linux-gcp: Linux kernel for Google Cloud Platform systems Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:204817
The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix: * libvirt: Resource exhaustion via qemuMonitorIORead method * ...

oval:org.secpod.oval:def:703878
linux: Linux kernel - linux-raspi2: Linux kernel for Raspberry Pi 2 Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:1800208
CVE-2017-8816: NTLM buffer overflow via integer overflow Affected versions libcurl 7.36.0 to and including 7.56.1 Not affected versions libcurl = 7.57.0

oval:org.secpod.oval:def:43228
curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl.

oval:org.secpod.oval:def:502292
The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix: * libvirt: Resource exhaustion via qemuMonitorIORead method * ...

oval:org.secpod.oval:def:114593
The kernel meta package

oval:org.secpod.oval:def:1700093
During key agreement in a TLS handshake using a DH based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This cou ...

oval:org.secpod.oval:def:1700091
An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel. An attacker with a local account can trick the stack unwinder code to leak stack contents to userspace. The fix allows only root to inspect the kernel stack of an arbitrary task.A vulnerability was discover ...

oval:org.secpod.oval:def:114565
This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor

oval:org.secpod.oval:def:45915
The host is installed with Apple Mac OS X 10.11.6 or 10.12.6 and is prone to an arbitrary code execution vulnerability. A flaw is present in the application, which fails to properly handle an undocumented instructions issue. Successful exploitation allows attackers to execute arbitrary code with ker ...

oval:org.secpod.oval:def:502272
Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix: * Qemu: vga: OOB read access during display update * Qemu: Slirp: use-after-free w ...

oval:org.secpod.oval:def:53540
The host is installed with Apple Mac OS X through 10.12.6, 10.13.6 or 10.14.3 and is prone to multiple vulnerabilities. The flaws are present in the application, which fails to properly handle multiple issues. Successful exploitation allows attackers to execute arbitrary code or read restricted memo ...

oval:org.secpod.oval:def:52200
qemu: Machine emulator and virtualizer Several security issues were fixed in QEMU.

oval:org.secpod.oval:def:114570
The kernel meta package

oval:org.secpod.oval:def:48133
The host is installed with Oracle VM VirtualBox before 5.2.20 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to Core (OpenSSL). Successful exploitation allows attackers to affect Availability.

oval:org.secpod.oval:def:114544
curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+passwo ...

oval:org.secpod.oval:def:204554
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * A stack buffer overflow flaw was found in the way the Bluetooth subsystem of the Linux kernel processed pending L2CAP configuration responses from a client. On systems with the stack protection feat ...

oval:org.secpod.oval:def:204553
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * A stack buffer overflow flaw was found in the way the Bluetooth subsystem of the Linux kernel processed pending L2CAP configuration responses from a client. On systems with the stack protection feat ...

oval:org.secpod.oval:def:1502247
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502248
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502246
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:603830
A memory disclosure vulnerability was discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in information disclosure or bypass of sandbox restrictions.

oval:org.secpod.oval:def:1502203
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502204
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502201
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502202
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502205
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502213
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:704472
openjdk-lts: Open Source Java implementation - openjdk-8: Open Source Java implementation Java applets or applications could be made to expose sensitive information.

oval:org.secpod.oval:def:704454
linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-hwe: Linux hardware enablement kernel Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:1502287
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502286
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502292
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:502347
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * Modern operating systems implement virtualization of physical memory to efficiently use available system resources and provide inter-domain protection through access control and isolation. The L1TF ...

oval:org.secpod.oval:def:1501832
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1501835
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:703987
qemu: Machine emulator and virtualizer Several security issues were fixed in QEMU.

oval:org.secpod.oval:def:703988
libvirt: Libvirt virtualization toolkit Several security issues were fixed in libvirt.

oval:org.secpod.oval:def:502319
The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix: * libvirt: Resource exhaustion via qemuMonitorIORead method * ...

oval:org.secpod.oval:def:115029
This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor

oval:org.secpod.oval:def:115020
The kernel meta package

oval:org.secpod.oval:def:205141
The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. The following packages have been upgraded to a later upstream version: libvir ...

oval:org.secpod.oval:def:205130
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * kernel: stack-based buffer overflow in chap_server_compute_md5 in iscsi target * kernel: NULL pointer dereference in af_netlink.c:__netlink_ns_capable allows for denial of service For more details ...

oval:org.secpod.oval:def:51027
qemu: Machine emulator and virtualizer Several security issues were fixed in QEMU.

oval:org.secpod.oval:def:1800813
CVE-2017-8816: NTLM buffer overflow via integer overflow Affected versions: libcurl 7.36.0 to and including 7.56.1 Not affected versions: libcurl = 7.57.0

oval:org.secpod.oval:def:205164
The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix: * OpenJDK: memory disclosure in FileChannelImpl For more details about the security issue, including the impact, a CVSS score, and other related information ...

oval:org.secpod.oval:def:205165
The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones. Security Fix: * polkit: Temporary auth hijacking via PID reuse and non-atomic fork For more details a ...

oval:org.secpod.oval:def:205166
The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fix: * OpenJDK: memory disclosure in FileChannelImpl For more details about the security issue, including the impact, a CVSS score, and other related information, ...

oval:org.secpod.oval:def:205167
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix: * OpenJDK: memory disclosure in FileChannelImpl For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other re ...

oval:org.secpod.oval:def:205168
The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones. Security Fix: * polkit: Temporary auth hijacking via PID reuse and non-atomic fork For more details a ...

oval:org.secpod.oval:def:205169
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix: * OpenJDK: memory disclosure in FileChannelImpl For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other re ...

oval:org.secpod.oval:def:51893
linux-hwe: Linux hardware enablement kernel Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:51896
linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-gke: Linux kernel for Google Container Engine systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors Se ...

oval:org.secpod.oval:def:50583
The host is installed with Oracle Java SE through 7u201, 8u192 or 11.0.1 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to handle vectors related to unspecified vectors. Successful exploitation allows remote attackers to execute code without u ...

oval:org.secpod.oval:def:50588
The host is installed with Oracle Java SE through 7u201, 8u192 or 11.0.1 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to handle vectors related to unspecified vectors. Successful exploitation allows remote attackers to execute code without u ...

oval:org.secpod.oval:def:705016
linux: Linux kernel - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-aws: Linux kernel for Amazon Web Services systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-euclid: Linux kernel for Intel Euclid systems - linux-gcp: Linux kernel for Google Cloud Platform syst ...

oval:org.secpod.oval:def:51862
linux-hwe: Linux hardware enablement kernel Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:51863
linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-gke: Linux kernel for Google Container Engine systems - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors Several security issues were fixed in the Linux ker ...

oval:org.secpod.oval:def:51930
linux-gcp: Linux kernel for Google Cloud Platform systems Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:51949
curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl.

oval:org.secpod.oval:def:1502168
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:51928
linux-hwe: Linux hardware enablement kernel Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:115174
LittleCMS intends to be a small-footprint, speed optimized color management engine in open source form. LCMS2 is the current version of LCMS, and can be parallel installed with the original lcms.

oval:org.secpod.oval:def:115169
The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols.

oval:org.secpod.oval:def:115166
This package contains the tools/ directory from the kernel source and the supporting documentation.

oval:org.secpod.oval:def:115162
The kernel meta package

oval:org.secpod.oval:def:115161
Kernel-headers includes the C header files that specify the interface between the Linux kernel and userspace libraries and programs. The header files define structures and constants that are needed for building most standard programs and are also needed for rebuilding the glibc package.

oval:org.secpod.oval:def:115164
Kernel-headers includes the C header files that specify the interface between the Linux kernel and userspace libraries and programs. The header files define structures and constants that are needed for building most standard programs and are also needed for rebuilding the glibc package.

oval:org.secpod.oval:def:115163
This package contains the tools/ directory from the kernel source and the supporting documentation.

oval:org.secpod.oval:def:603038
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2017-7346 Li Qiang discovered that the DRM driver for VMware virtual GPUs does not properly check user-controlled values in the vmw_surface_define_ioc ...

oval:org.secpod.oval:def:51064
openssl: Secure Socket Layer cryptographic library and tools - openssl1.0: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL.

oval:org.secpod.oval:def:603061
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2014-9940 A use-after-free flaw in the voltage and current regulator driver could allow a local user to cause a denial of service or potentially escal ...

oval:org.secpod.oval:def:115131
Kernel-headers includes the C header files that specify the interface between the Linux kernel and userspace libraries and programs. The header files define structures and constants that are needed for building most standard programs and are also needed for rebuilding the glibc package.

oval:org.secpod.oval:def:51070
libjpeg-turbo: library for handling JPEG files libjpeg-turbo could be made to crash or run programs as your login if it opened a specially crafted file.

oval:org.secpod.oval:def:115122
Kernel-headers includes the C header files that specify the interface between the Linux kernel and userspace libraries and programs. The header files define structures and constants that are needed for building most standard programs and are also needed for rebuilding the glibc package.

oval:org.secpod.oval:def:115124
The kernel meta package

oval:org.secpod.oval:def:115123
The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols.

oval:org.secpod.oval:def:115148
LittleCMS intends to be a small-footprint, speed optimized color management engine in open source form. LCMS2 is the current version of LCMS, and can be parallel installed with the original lcms.

oval:org.secpod.oval:def:54117
policykit-1: framework for managing administrative policies and privileges PolicyKit could allow unintended access.

oval:org.secpod.oval:def:704155
imagemagick: Image manipulation programs and library Several security issues were fixed in ImageMagick.

oval:org.secpod.oval:def:704338
imagemagick: Image manipulation programs and library Several security issues were fixed in ImageMagick.

oval:org.secpod.oval:def:47878
imagemagick: Image manipulation programs and library Several security issues were fixed in ImageMagick.

oval:org.secpod.oval:def:51179
openssl: Secure Socket Layer cryptographic library and tools - openssl1.0: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL.

oval:org.secpod.oval:def:1700153
A microprocessor side-channel vulnerability was found on SMT architectures. An attacker running a malicious process on the same core of the processor as the victim process can extract certain secret information.If an application encounters a fatal protocol error and then calls SSL_shutdown twice t ...

oval:org.secpod.oval:def:502625
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures For more details about the security issu ...

oval:org.secpod.oval:def:503264
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * openssl: 0-byte record padding oracle * openssl: timing side channel attack in the DSA signature algorithm For mo ...

oval:org.secpod.oval:def:51450
The host is installed with OpenSSL 1.1.0 through 1.1.0h or OpenSSL 1.0.2 through 1.0.2p and is prone to a microarchitecture timing side channel attack vulnerability. A flaw is present in the application, which fails to properly handle an issue in ECDSA signature generation. Successful exploitation c ...

oval:org.secpod.oval:def:48691
This is a flaw in the Intel processor execution engine sharing on SMT (e.g. Hyper-Threading) architectures. It can result in leakage of secret data in applications such as OpenSSL that has secret dependent control flow at any granularity level. In order to exploit this flaw, the attacker needs to ru ...

oval:org.secpod.oval:def:1600996
A microprocessor side-channel vulnerability was found on SMT architectures. An attacker running a malicious process on the same core of the processor as the victim process can extract certain secret information. If an application encounters a fatal protocol error and then calls SSL_shutdown twice ...

oval:org.secpod.oval:def:205268
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * openssl: 0-byte record padding oracle * openssl: timing side channel attack in the DSA signature algorithm For mo ...

oval:org.secpod.oval:def:603589
Several local side channel attacks and a denial of service via large Diffie-Hellman parameters were discovered in OpenSSL, a Secure Sockets Layer toolkit.

oval:org.secpod.oval:def:603582
Several local side channel attacks and a denial of service via large Diffie-Hellman parameters were discovered in OpenSSL, a Secure Sockets Layer toolkit.

oval:org.secpod.oval:def:53471
Several local side channel attacks and a denial of service via large Diffie-Hellman parameters were discovered in OpenSSL, a Secure Sockets Layer toolkit.

oval:org.secpod.oval:def:53478
Several local side channel attacks and a denial of service via large Diffie-Hellman parameters were discovered in OpenSSL, a Secure Sockets Layer toolkit.

oval:org.secpod.oval:def:704418
openssl: Secure Socket Layer cryptographic library and tools - openssl1.0: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL.

oval:org.secpod.oval:def:205170
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures For more details about the security issu ...

oval:org.secpod.oval:def:52464
oxide-qt: Web browser engine library for Qt Several security issues were fixed in Oxide.

oval:org.secpod.oval:def:602056
The Google security team and the smart hardware research group of Alibaba security team discovered a flaw in how wpa_supplicant used SSID information when creating or updating P2P peer entries. A remote attacker can use this flaw to cause wpa_supplicant to crash, expose memory contents, and potentia ...

oval:org.secpod.oval:def:24119
The host is installed with Google Chrome before 42.0.2311.90 and is prone to a cross-origin bypass vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to bypass cross origin vulnerability.

oval:org.secpod.oval:def:24120
The host is installed with Google Chrome before 42.0.2311.90 and is prone to a cross-origin bypass vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to bypass cross origin.

oval:org.secpod.oval:def:24121
The host is installed with Google Chrome before 42.0.2311.90 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code or crash the service.

oval:org.secpod.oval:def:24122
The host is installed with Google Chrome before 42.0.2311.90 and is prone to an out-of-bounds vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code or crash the service.

oval:org.secpod.oval:def:24123
The host is installed with Google Chrome before 42.0.2311.90 and is prone to an out-of-bounds read vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code or crash the service.

oval:org.secpod.oval:def:24124
The host is installed with Google Chrome before 42.0.2311.90 and is prone to a tap-jacking vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code or crash the service.

oval:org.secpod.oval:def:24125
The host is installed with Google Chrome before 42.0.2311.90 and is prone to a type-confusion vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code or crash the service.

oval:org.secpod.oval:def:24126
The host is installed with Google Chrome before 42.0.2311.90 and is prone to a HSTS bypass vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code or crash the service.

oval:org.secpod.oval:def:702521
oxide-qt: Web browser engine library for Qt Several security issues were fixed in Oxide.

oval:org.secpod.oval:def:24164
The host is installed with Google Chrome before 42.0.2311.90 and is prone to an out-of-bounds read vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code or crash the service.

oval:org.secpod.oval:def:24165
The host is installed with Google Chrome before 42.0.2311.90 and is prone to a tap-jacking vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code or crash the service.

oval:org.secpod.oval:def:24166
The host is installed with Google Chrome before 42.0.2311.90 and is prone to a type-confusion vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code or crash the service.

oval:org.secpod.oval:def:24167
The host is installed with Google Chrome before 42.0.2311.90 and is prone to a HSTS bypass vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code or crash the service.

oval:org.secpod.oval:def:24160
The host is installed with Google Chrome before 42.0.2311.90 and is prone to a cross-origin bypass vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to bypass cross origin vulnerability.

oval:org.secpod.oval:def:24161
The host is installed with Google Chrome before 42.0.2311.90 and is prone to a cross-origin bypass vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to bypass cross origin.

oval:org.secpod.oval:def:24162
The host is installed with Google Chrome before 42.0.2311.90 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code or crash the service.

oval:org.secpod.oval:def:24163
The host is installed with Google Chrome before 42.0.2311.90 and is prone to an out-of-bounds vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code or crash the service.

oval:org.secpod.oval:def:24131
The host is installed with Google Chrome before 42.0.2311.90 and is prone to multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code or crash the service.

oval:org.secpod.oval:def:24132
The host is missing a high severity security update according to Google advisory. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code or crash the ...

oval:org.secpod.oval:def:24197
The host is installed with Google Chrome before 42.0.2311.90 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code or crash the service.

oval:org.secpod.oval:def:24198
The host is installed with Google Chrome before 42.0.2311.90 and is prone to an out-of-bounds vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code or crash the service.

oval:org.secpod.oval:def:24199
The host is installed with Google Chrome before 42.0.2311.90 and is prone to an out-of-bounds vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code or crash the service.

oval:org.secpod.oval:def:24192
The host is installed with Google Chrome before 42.0.2311.90 and is prone to a cross-origin bypass vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to bypass cross origin vulnerability.

oval:org.secpod.oval:def:24193
The host is installed with Google Chrome before 42.0.2311.90 and is prone to a cross-origin bypass vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to bypass cross origin vulnerability.

oval:org.secpod.oval:def:24194
The host is installed with Google Chrome before 42.0.2311.90 and is prone to a cross-origin bypass vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to bypass cross origin.

oval:org.secpod.oval:def:24195
The host is installed with Google Chrome before 42.0.2311.90 and is prone to a cross-origin bypass vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to bypass cross origin.

oval:org.secpod.oval:def:24196
The host is installed with Google Chrome before 42.0.2311.90 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code or crash the service.

oval:org.secpod.oval:def:24172
The host is installed with Google Chrome before 42.0.2311.90 and is prone to multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code or crash the service.

oval:org.secpod.oval:def:24173
The host is missing a high severity security update according to Google advisory. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code or crash the ...

oval:org.secpod.oval:def:24200
The host is installed with Google Chrome before 42.0.2311.90 and is prone to an out-of-bounds read vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code or crash the service.

oval:org.secpod.oval:def:24201
The host is installed with Google Chrome before 42.0.2311.90 and is prone to an out-of-bounds read vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code or crash the service.

oval:org.secpod.oval:def:24202
The host is installed with Google Chrome before 42.0.2311.90 and is prone to a tap-jacking vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code or crash the service.

oval:org.secpod.oval:def:24203
The host is installed with Google Chrome before 42.0.2311.90 and is prone to a tap-jacking vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code or crash the service.

oval:org.secpod.oval:def:24204
The host is installed with Google Chrome before 42.0.2311.90 and is prone to a type-confusion vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code or crash the service.

oval:org.secpod.oval:def:24216
The host is installed with Google Chrome before 42.0.2311.90 and is prone to multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code or crash the service.

oval:org.secpod.oval:def:24217
The host is installed with Google Chrome before 42.0.2311.90 and is prone to multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code or crash the service.

oval:org.secpod.oval:def:24218
The host is missing a high severity security update according to Google advisory. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code or crash the ...

oval:org.secpod.oval:def:24219
The host is missing a high severity security update according to Google advisory. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code or crash the ...

oval:org.secpod.oval:def:24205
The host is installed with Google Chrome before 42.0.2311.90 and is prone to a type-confusion vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code or crash the service.

oval:org.secpod.oval:def:24206
The host is installed with Google Chrome before 42.0.2311.90 and is prone to a HSTS bypass vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code or crash the service.

oval:org.secpod.oval:def:24207
The host is installed with Google Chrome before 42.0.2311.90 and is prone to a HSTS bypass vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code or crash the service.

oval:org.secpod.oval:def:26802
The host is installed with Google Chrome before 42.0.2311.90 and is prone to multiple unspecifies vulnerabilities. The flaws are present in the application, which fails to handle unknown vectors. Successful exploitation could allow attackers to cause a denial of service or possibly have other impact ...

oval:org.secpod.oval:def:26801
The host is installed with Google Chrome before 42.0.2311.90 and is prone to multiple unspecifies vulnerabilities. The flaws are present in the application, which fails to handle unknown vectors. Successful exploitation could allow attackers to cause a denial of service or possibly have other impact ...

oval:org.secpod.oval:def:26806
The host is installed with Google Chrome before 42.0.2311.90 and is prone to multiple unspecifies vulnerabilities. The flaws are present in the application, which fails to handle unknown vectors. Successful exploitation could allow attackers to cause a denial of service or possibly have other impact ...

oval:org.secpod.oval:def:26810
The host is installed with Google Chrome before 42.0.2311.90 and is prone to multiple unspecifies vulnerabilities. The flaws are present in the application, which fails to handle unknown vectors. Successful exploitation could allow attackers to cause a denial of service or possibly have other impact ...

oval:org.secpod.oval:def:24273
Several vulnerabilities were discovered in the chromium web browser. CVE-2015-1235 A Same Origin Policy bypass issue was discovered in the HTML parser. CVE-2015-1236 Amitay Dobo discovered a Same Origin Policy bypass in the Web Audio API. CVE-2015-1237 Khalil Zhani discovered a use-after-free issue ...

oval:org.secpod.oval:def:39003
squid3: Web proxy cache server Squid could be made to expose sensitive information over the network.

oval:org.secpod.oval:def:602779
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or have other impacts. CVE-2016-6786 / CVE-2016-6787 It was discovered that the performance events subsystem does not properly manage locks during certain migrations, allowing ...

oval:org.secpod.oval:def:116966
Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS l ...

oval:org.secpod.oval:def:602639
Several vulnerabilities were discovered in NSS, the cryptography library developed by the Mozilla project. CVE-2015-4000 David Adrian et al. reported that it may be feasible to attack Diffie-Hellman-based cipher suites in certain circumstances, compromising the confidentiality and integrity of data ...

oval:org.secpod.oval:def:51134
linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-kvm: Linux kernel for cloud environments - linux-oem: Linux kernel for OEM processors - linux-raspi2: Linux kernel for Raspberry Pi 2 Several security i ...

oval:org.secpod.oval:def:53011
linux-gcp: Linux kernel for Google Cloud Platform systems - linux-hwe: Linux hardware enablement kernel Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:115435
This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor

oval:org.secpod.oval:def:115530
This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor

oval:org.secpod.oval:def:114789
This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor

oval:org.secpod.oval:def:114727
This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor

oval:org.secpod.oval:def:204852
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions . It relies on the presence of a precisely-defi ...

oval:org.secpod.oval:def:704330
linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-kvm: Linux kernel for cloud environments - linux-oem: Linux kernel for OEM processors - linux-raspi2: Linux kernel for Raspberry Pi 2 Several security i ...

oval:org.secpod.oval:def:114551
This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor

oval:org.secpod.oval:def:1502222
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502240
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502241
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:704466
linux-gcp: Linux kernel for Google Cloud Platform systems - linux-hwe: Linux hardware enablement kernel Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:502332
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load Store instructions . It relies on the presence of a precisely-defined in ...

oval:org.secpod.oval:def:115038
This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor

oval:org.secpod.oval:def:114614
This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor

oval:org.secpod.oval:def:1600844
Kernel address information leak in drivers/acpi/sbshc.c:acpi_smbus_hc_add function potentially allowing KASLR bypassThe acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux kernel, through 4.14.15, allows local users to obtain sensitive address information by reading dmesg data from an SB ...

oval:org.secpod.oval:def:53259
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2017-5715 Multiple researchers have discovered a vulnerability in various processors supporting speculative execution, enabling an attacker controllin ...

oval:org.secpod.oval:def:1502095
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1700012
Stack-based out-of-bounds read via vmcall instructionLinux kernel compiled with the KVM virtualization support is vulnerable to an out-of-bounds read access issue. It could occur when emulating vmcall instructions invoked by a guest. A guest user/process could use this flaw to disclose kernel memor ...

oval:org.secpod.oval:def:111284
Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory e ...

oval:org.secpod.oval:def:111287
Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory e ...

oval:org.secpod.oval:def:704098
tomcat8: Servlet and JSP engine - tomcat7: Servlet and JSP engine Several security issues were fixed in Tomcat.

oval:org.secpod.oval:def:1600439
A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of the multipart boundary was just below the size of the buffer used to read the uploaded file if the boundary was the typical tens of bytes long.

oval:org.secpod.oval:def:703196
tomcat8: Servlet and JSP engine Tomcat could be made to hang if it received specially crafted network traffic.

oval:org.secpod.oval:def:703188
tomcat7: Servlet and JSP engine - tomcat6: Servlet and JSP engine Several security issues were fixed in Tomcat.

oval:org.secpod.oval:def:602553
The TERASOLUNA Framework Development Team discovered a denial of service vulnerability in Apache Commons FileUpload, a package to make it easy to add robust, high-performance, file upload capability to servlets and web applications. A remote attacker can take advantage of this flaw by sending file u ...

oval:org.secpod.oval:def:602549
The TERASOLUNA Framework Development Team discovered a denial of service vulnerability in Apache Commons FileUpload, a package to make it easy to add robust, high-performance, file upload capability to servlets and web applications. A remote attacker can take advantage of this flaw by sending file u ...

oval:org.secpod.oval:def:602545
Multiple security vulnerabilities have been discovered in the Tomcat servlet and JSP engine, which may result in information disclosure, the bypass of CSRF protections, bypass of the SecurityManager or denial of service.

oval:org.secpod.oval:def:1501655
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. The following packages have been upgraded to a newer upstream version: tomcat . Security Fix: * A CSRF flaw was found in Tomcat"s the index pages for the Manager and Host Manager applications. These applic ...

oval:org.secpod.oval:def:51047
tomcat8: Servlet and JSP engine - tomcat7: Servlet and JSP engine Several security issues were fixed in Tomcat.

oval:org.secpod.oval:def:35821
The host is installed with Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3 or 9.x before 9.0.0.M7 and is prone to a denial of service vulnerability. A flaw is present in the MultipartStream class in Apache Commons Fileupload, which fails to handle a long boundary string. Succe ...

oval:org.secpod.oval:def:35820
tomcat7: Servlet and JSP engine - tomcat6: Servlet and JSP engine Several security issues were fixed in Tomcat.

oval:org.secpod.oval:def:35819
tomcat7: Servlet and JSP engine - tomcat6: Servlet and JSP engine Several security issues were fixed in Tomcat.

oval:org.secpod.oval:def:602680
Florian Larysch and Bram Moolenaar discovered that vim, an enhanced vi editor, does not properly validate values for the the "filetype", "syntax" and "keymap" options, which may result in the execution of arbitrary code if a file with a specially crafted modeline is opened.

oval:org.secpod.oval:def:703368
vim: Vi IMproved - enhanced vi editor Vim could be made run programs as your login if it opened a specially crafted file.

oval:org.secpod.oval:def:1800916
A vulnerability was found in Vim which would allow arbitrary shell commands to be run if a user opened a file with a malicious modeline. This is due to lack of validation of values for a few options. Those options" values are then used in Vim"s scripts to build a command string that"s evaluated by : ...

oval:org.secpod.oval:def:38800
The host is installed with Apple Mac OS X or Server 10.12.2 and is prone to an arbitrary code execution vulnerability. A flaw is present in the application, which fails to properly handle certain modeline options. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:2000157
There is a SEGV in Exiv2::Internal::TiffParserWorker::findPrimaryGroups of tiffimage_int.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack.

oval:org.secpod.oval:def:51188
exiv2: EXIF/IPTC/XMP metadata manipulation tool Several security issues were fixed in Exiv2.

oval:org.secpod.oval:def:51545
exiv2: EXIF/IPTC/XMP metadata manipulation tool Several security issues were fixed in Exiv2.

oval:org.secpod.oval:def:50470
exiv2: EXIF/IPTC/XMP metadata manipulation tool Several security issues were fixed in Exiv2.

oval:org.secpod.oval:def:704434
exiv2: EXIF/IPTC/XMP metadata manipulation tool Several security issues were fixed in Exiv2.

oval:org.secpod.oval:def:1600872
Missing length check of payload in net/sctp/sm_make_chunk.c:_sctp_make_chunk function allows denial of service:An error in the _sctp_make_chunk function when handling SCTP, packet length can be exploited by a malicious local user to cause a kernel crash and a DoS. Mishandling mutex within libsas al ...

oval:org.secpod.oval:def:1501044
arch/x86/kernel/entry_64.S in the Linux kernel before 3.19.2 does not prevent the TS_COMPAT flag from reaching a user-mode task, which might allow local users to bypass the seccomp or audit protection mechanism via a crafted application that uses the (1) fork or (2) close system call, as demonstrate ...

oval:org.secpod.oval:def:1501045
arch/x86/kernel/entry_64.S in the Linux kernel before 3.19.2 does not prevent the TS_COMPAT flag from reaching a user-mode task, which might allow local users to bypass the seccomp or audit protection mechanism via a crafted application that uses the (1) fork or (2) close system call, as demonstrate ...

oval:org.secpod.oval:def:1501048
arch/x86/kernel/entry_64.S in the Linux kernel before 3.19.2 does not prevent the TS_COMPAT flag from reaching a user-mode task, which might allow local users to bypass the seccomp or audit protection mechanism via a crafted application that uses the (1) fork or (2) close system call, as demonstrate ...

oval:org.secpod.oval:def:1501049
arch/x86/kernel/entry_64.S in the Linux kernel before 3.19.2 does not prevent the TS_COMPAT flag from reaching a user-mode task, which might allow local users to bypass the seccomp or audit protection mechanism via a crafted application that uses the (1) fork or (2) close system call, as demonstrate ...

oval:org.secpod.oval:def:1501052
arch/x86/kernel/entry_64.S in the Linux kernel before 3.19.2 does not prevent the TS_COMPAT flag from reaching a user-mode task, which might allow local users to bypass the seccomp or audit protection mechanism via a crafted application that uses the (1) fork or (2) close system call, as demonstrate ...

oval:org.secpod.oval:def:1501050
arch/x86/kernel/entry_64.S in the Linux kernel before 3.19.2 does not prevent the TS_COMPAT flag from reaching a user-mode task, which might allow local users to bypass the seccomp or audit protection mechanism via a crafted application that uses the (1) fork or (2) close system call, as demonstrate ...

oval:org.secpod.oval:def:1501070
The kernel packages contain the Linux kernel, the core of any Linux operating system. * A NULL pointer dereference flaw was found in the way the Linux kernel"s virtual console implementation handled reference counting when accessing pseudo-terminal device files . A local, unprivileged attacker could ...

oval:org.secpod.oval:def:203674
The kernel packages contain the Linux kernel, the core of any Linux operating system. * A NULL pointer dereference flaw was found in the way the Linux kernel"s virtual console implementation handled reference counting when accessing pseudo-terminal device files . A local, unprivileged attacker could ...

oval:org.secpod.oval:def:501595
The kernel packages contain the Linux kernel, the core of any Linux operating system. * A NULL pointer dereference flaw was found in the way the Linux kernel"s virtual console implementation handled reference counting when accessing pseudo-terminal device files . A local, unprivileged attacker could ...

oval:org.secpod.oval:def:1502478
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502479
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502348
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502349
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:704141
linux: Linux kernel - linux-raspi2: Linux kernel for Raspberry Pi 2 Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:704140
linux-oem: Linux kernel for OEM processors Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:704114
linux: Linux kernel - linux-raspi2: Linux kernel for Raspberry Pi 2 Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:114788
The kernel meta package

oval:org.secpod.oval:def:704299
linux-aws: Linux kernel for Amazon Web Services systems - linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:704298
linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:52055
linux-oem: Linux kernel for OEM processors Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:52112
linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:52117
linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:52125
linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:52949
linux-aws: Linux kernel for Amazon Web Services systems - linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:704394
linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:52951
linux-aws: Linux kernel for Amazon Web Services systems - linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:52956
linux-aws: Linux kernel for Amazon Web Services systems - linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:704389
linux-aws: Linux kernel for Amazon Web Services systems - linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:114920
This package contains the tools/ directory from the kernel source and the supporting documentation.

oval:org.secpod.oval:def:114917
Kernel-headers includes the C header files that specify the interface between the Linux kernel and userspace libraries and programs. The header files define structures and constants that are needed for building most standard programs and are also needed for rebuilding the glibc package.

oval:org.secpod.oval:def:114913
Kernel-headers includes the C header files that specify the interface between the Linux kernel and userspace libraries and programs. The header files define structures and constants that are needed for building most standard programs and are also needed for rebuilding the glibc package.

oval:org.secpod.oval:def:114906
This package contains the tools/ directory from the kernel source and the supporting documentation.

oval:org.secpod.oval:def:704331
linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:704329
linux-aws: Linux kernel for Amazon Web Services systems - linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:114905
The kernel meta package

oval:org.secpod.oval:def:45898
The host is installed with Apple Mac OS 10.13.4, 10.12.6 or 10.11.6 and is prone to multiple vulnerabilities. The flaw is present in the application, which fails to properly handle multiple issues. Successful exploitation allows remote attackers to execute arbitrary code or read restricted memory or ...

oval:org.secpod.oval:def:114632
The kernel meta package

oval:org.secpod.oval:def:2000100
KVM: x86: work around leak of uninitialized stack contents

oval:org.secpod.oval:def:51166
linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-kvm: Linux kernel for cloud environments - linux-oem: Linux kernel for OEM processors - li ...

oval:org.secpod.oval:def:51105
linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-kvm: Linux kernel for cloud environments - linux-oem: Linux kernel for OEM processors - li ...

oval:org.secpod.oval:def:115613
This package contains the tools/ directory from the kernel source and the supporting documentation.

oval:org.secpod.oval:def:115610
The kernel meta package

oval:org.secpod.oval:def:115612
Kernel-headers includes the C header files that specify the interface between the Linux kernel and userspace libraries and programs. The header files define structures and constants that are needed for building most standard programs and are also needed for rebuilding the glibc package.

oval:org.secpod.oval:def:115630
The kernel meta package

oval:org.secpod.oval:def:1502487
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:115627
Kernel-headers includes the C header files that specify the interface between the Linux kernel and userspace libraries and programs. The header files define structures and constants that are needed for building most standard programs and are also needed for rebuilding the glibc package.

oval:org.secpod.oval:def:115626
This package contains the tools/ directory from the kernel source and the supporting documentation.

oval:org.secpod.oval:def:1502497
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1600910
Fixes for L1Terminal Fault security issues:L1 Terminal Fault-OS/ SMM:Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault an ...

oval:org.secpod.oval:def:1502443
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1600933
A security flaw was found in the chap_server_compute_md5 function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The atta ...

oval:org.secpod.oval:def:51185
linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-kvm: Linux kernel for cloud environments - linux-oem: Linux kernel for OEM processors - li ...

oval:org.secpod.oval:def:704806
linux-aws-hwe: Linux kernel for Amazon Web Services systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-hwe: Linux hardware enablement kernel - linux-oracle: Linux kernel for Oracle Cloud systems Several securit ...

oval:org.secpod.oval:def:704807
linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-kvm: Linux kernel for cloud environments - linux-oem: Linux kernel for OEM processors - linux-oracle: Linux kernel for Oracle Cloud systems - linux-rasp ...

oval:org.secpod.oval:def:704808
linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-hwe: Linux hardware enablement kernel Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:704809
linux: Linux kernel - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:51210
linux-aws: Linux kernel for Amazon Web Services systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-kvm: Linux kernel for cloud environments - linux-oem: Linux kernel for OEM processors - linux-raspi2: Linux kernel for Raspberry Pi 2 Several security issues were fixed in th ...

oval:org.secpod.oval:def:51216
linux-azure: Linux kernel for Microsoft Azure Cloud systems Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:2000292
In the Linux kernel through 4.19.6, a local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device that is mishandled in usb_audio_probe in sound/usb/card.c.

oval:org.secpod.oval:def:1502340
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1700166
A flaw was found in the Linux kernel#039;s implementation of logical link control and adaptation protocol , part of the Bluetooth stack in the l2cap_parse_conf_rsp and l2cap_parse_conf_req functions. An attacker with physical access within the range of standard Bluetooth transmission can create a sp ...

oval:org.secpod.oval:def:51206
linux: Linux kernel Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:1700116
A flaw was found in the Linux kernel"s NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a ...

oval:org.secpod.oval:def:1700114
A use-after-free vulnerability was found in the way the Linux kernel#039;s KVM hypervisor implements its device control API. While creating a device via kvm_ioctl_create_device, the device holds a reference to a VM object, later this reference is transferred to the caller#039;s file descriptor table ...

oval:org.secpod.oval:def:1502320
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502321
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1700105
A security flaw was found in the Linux kernel in a way that the cleancache subsystem clears an inode after the final file truncation . The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one.An issue was discovered in the Linux ...

oval:org.secpod.oval:def:502626
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * kernel: Memory corruption due to incorrect socket cloning * kernel: Unprivileged users able to inspect kernel stacks of arbitrary tasks * kernel: Faulty computation of numberic bounds in the BPF v ...

oval:org.secpod.oval:def:502649
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * Kernel: KVM: potential use-after-free via kvm_ioctl_create_device * Kernel: KVM: nVMX: use-after-free of the hrtimer for emulation of the preemption timer For more details about the security issue ...

oval:org.secpod.oval:def:53004
linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-hwe: Linux hardware enablement kernel Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:53003
linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-hwe: Linux hardware enablement kernel Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:53009
linux-aws-hwe: Linux kernel for Amazon Web Services systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-hwe: Linux hardware enablement kernel Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:704870
linux: Linux kernel Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:704863
linux-aws: Linux kernel for Amazon Web Services systems - linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:704868
linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 S ...

oval:org.secpod.oval:def:704864
linux-aws-hwe: Linux kernel for Amazon Web Services systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-hwe: Linux hardware enablement kernel - linux-oracle: Linux kernel for Oracle Cloud systems Several securit ...

oval:org.secpod.oval:def:704865
linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-hwe: Linux hardware enablement kernel Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:704866
linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-kvm: Linux kernel for cloud environments - linux-oem: Linux kernel for OEM processors - linux-oracle: Linux kernel for Oracle Cloud systems - linux-rasp ...

oval:org.secpod.oval:def:704867
linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:704825
linux-aws: Linux kernel for Amazon Web Services systems - linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:704826
linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:115536
This package contains the tools/ directory from the kernel source and the supporting documentation.

oval:org.secpod.oval:def:115535
Kernel-headers includes the C header files that specify the interface between the Linux kernel and userspace libraries and programs. The header files define structures and constants that are needed for building most standard programs and are also needed for rebuilding the glibc package.

oval:org.secpod.oval:def:2000418
Heap data infoleak in multiple locations including functionl2cap_parse_conf_rsp

oval:org.secpod.oval:def:1600978
A use-after-free vulnerability was found in the way the Linux kernel's KVM hypervisor emulates a preemption timer for L2 guests when nested virtualization is enabled. This high resolution timer runs when a L2 guest is active. After VM exit, the sync_vmcs12 timer object is stopped. The use-afte ...

oval:org.secpod.oval:def:1600973
A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption ...

oval:org.secpod.oval:def:1600968
A security flaw was found in the Linux kernel in a way that the cleancache subsystem clears an inode after the final file truncation . The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one.An issue was discovered in the Linux ...

oval:org.secpod.oval:def:55022
linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-hwe: Linux hardware enablement kernel Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:55023
linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-hwe: Linux hardware enablement kernel - linux-oracle: Linux kernel for Oracle Cloud systems Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:704950
linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-hwe: Linux hardware enablement kernel - linux-oracle: Linux kernel for Oracle Cloud systems Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:704945
linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-hwe: Linux hardware enablement kernel Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:704946
linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 S ...

oval:org.secpod.oval:def:205243
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * kernel: nfs: use-after-free in svc_process_common * kernel: insufficient input validation in kernel mode driver in Intel i915 graphics leads to privilege escalation * kernel: nfs: NULL pointer der ...

oval:org.secpod.oval:def:2000558
KVM: nVMX: use-after-free of the hrtimer for emulation of the preemption timer

oval:org.secpod.oval:def:2001012
In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free.

oval:org.secpod.oval:def:704281
linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:704283
linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-kvm: Linux kernel for cloud environments - linux-oem: Linux kernel for OEM processors - li ...

oval:org.secpod.oval:def:704278
linux: Linux kernel Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:704279
linux-aws: Linux kernel for Amazon Web Services systems - linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:603536
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2018-6554 A memory leak in the irda_bind function in the irda subsystem was discovered. A local user can take advantage of this flaw to cause a denial ...

oval:org.secpod.oval:def:57783
linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-kvm: Linux kernel for cloud environments - linux-oem: Linux kernel for OEM processors - linux-oracle: Linux kernel for Oracle Cloud systems - linux-rasp ...

oval:org.secpod.oval:def:205195
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * Kernel: KVM: potential use-after-free via kvm_ioctl_create_device * Kernel: KVM: nVMX: use-after-free of the hrtimer for emulation of the preemption timer For more details about the security issue ...

oval:org.secpod.oval:def:53396
CVE-2018-5391 Juha-Matti Tilli discovered a flaw in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. A remote attacker can take advantage of this flaw to trigger time and calculation expensive fragment reassembly algorithms by sending specially crafted packets, leadi ...

oval:org.secpod.oval:def:52110
linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:52122
linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:52133
linux-aws-hwe: Linux kernel for Amazon Web Services systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-hwe: Linux hardware enablement kernel Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:52128
linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:52138
linux-aws-hwe: Linux kernel for Amazon Web Services systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-hwe: Linux hardware enablement kernel - linux-oracle: Linux kernel for Oracle Cloud systems Several securit ...

oval:org.secpod.oval:def:53431
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2018-6554 A memory leak in the irda_bind function in the irda subsystem was discovered. A local user can take advantage of this flaw to cause a denial ...

oval:org.secpod.oval:def:52946
linux-aws: Linux kernel for Amazon Web Services systems - linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:52945
linux: Linux kernel Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:704390
linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-kvm: Linux kernel for cloud environments - linux-oem: Linux kernel for OEM processors - li ...

oval:org.secpod.oval:def:704392
linux: Linux kernel Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:52952
linux-aws: Linux kernel for Amazon Web Services systems - linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:52957
linux: Linux kernel Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:52962
linux-aws: Linux kernel for Amazon Web Services systems - linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:52961
linux: Linux kernel Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:52964
linux-azure: Linux kernel for Microsoft Azure Cloud systems Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:52963
linux-azure: Linux kernel for Microsoft Azure Cloud systems Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:52966
linux: Linux kernel Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:704354
linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:704355
linux-aws: Linux kernel for Amazon Web Services systems - linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:204822
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * Kernel: KVM: error in exception handling leads to wrong debug stack value * Kernel: error in exception handling leads to DoS * Kernel: ipsec: xfrm: use-after-free leading to potential privilege es ...

oval:org.secpod.oval:def:204889
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * A flaw named FragmentSmack was found in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. A remote attacker could use this flaw to trigger time and calculation expensi ...

oval:org.secpod.oval:def:1700082
A security flaw was found in the chap_server_compute_md5 function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The atta ...

oval:org.secpod.oval:def:502287
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * Kernel: KVM: error in exception handling leads to wrong debug stack value * Kernel: error in exception handling leads to DoS * Kernel: ipsec: xfrm: use-after-free leading to potential privilege es ...

oval:org.secpod.oval:def:1700069
Fixes for L1Terminal Fault security issues:L1 Terminal Fault-OS/ SMM:Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault an ...

oval:org.secpod.oval:def:1700044
A weakness was found in the Linux kernel#039;s implementation of random seed data. Programs, early in the boot sequence, could use the data allocated for the seed before it was sufficiently generated. A flaw was found in the way the Linux kernel handled exceptions delivered after a stack switch oper ...

oval:org.secpod.oval:def:114545
The kernel meta package

oval:org.secpod.oval:def:1502207
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:704491
linux-azure: Linux kernel for Microsoft Azure Cloud systems Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:704484
linux: Linux kernel Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:704481
linux-aws-hwe: Linux kernel for Amazon Web Services systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-hwe: Linux hardware enablement kernel Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:704478
linux-aws: Linux kernel for Amazon Web Services systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-kvm: Linux kernel for cloud environments - linux-oem: Linux kernel for OEM processors - linux-raspi2: Linux kernel for Raspberry Pi 2 Several security issues were fixed in th ...

oval:org.secpod.oval:def:704470
linux: Linux kernel Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:704464
linux-aws-hwe: Linux kernel for Amazon Web Services systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-hwe: Linux hardware enablement kernel Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:704467
linux-azure: Linux kernel for Microsoft Azure Cloud systems Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:704455
linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-hwe: Linux hardware enablement kernel Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:704456
linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-hwe: Linux hardware enablement kernel Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:704458
linux-azure: Linux kernel for Microsoft Azure Cloud systems Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:704431
linux-aws: Linux kernel for Amazon Web Services systems - linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:704430
linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 T ...

oval:org.secpod.oval:def:115084
This package contains the tools/ directory from the kernel source and the supporting documentation.

oval:org.secpod.oval:def:115082
Kernel-headers includes the C header files that specify the interface between the Linux kernel and userspace libraries and programs. The header files define structures and constants that are needed for building most standard programs and are also needed for rebuilding the glibc package.

oval:org.secpod.oval:def:1502288
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:704428
linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:704429
linux: Linux kernel Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:704427
linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-kvm: Linux kernel for cloud environments - linux-oem: Linux kernel for OEM processors - li ...

oval:org.secpod.oval:def:704410
linux-aws: Linux kernel for Amazon Web Services systems Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:704409
linux: Linux kernel - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:115071
The kernel meta package

oval:org.secpod.oval:def:1601000
A flaw was found in the Linux kernel's implementation of logical link control and adaptation protocol , part of the Bluetooth stack in the l2cap_parse_conf_rsp and l2cap_parse_conf_req functions. An attacker with physical access within the range of standard Bluetooth transmission can create a s ...

oval:org.secpod.oval:def:502371
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * A flaw named FragmentSmack was found in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. A remote attacker could use this flaw to trigger time and calculation expensi ...

oval:org.secpod.oval:def:205173
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * kernel: Memory corruption due to incorrect socket cloning * kernel: Unprivileged users able to inspect kernel stacks of arbitrary tasks * kernel: Faulty computation of numberic bounds in the BPF v ...

oval:org.secpod.oval:def:114668
The kernel meta package

oval:org.secpod.oval:def:115939
Kernel-headers includes the C header files that specify the interface between the Linux kernel and userspace libraries and programs. The header files define structures and constants that are needed for building most standard programs and are also needed for rebuilding the glibc package.

oval:org.secpod.oval:def:705018
linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-kvm: Linux kernel for cloud environments - linux-oem: Linux kernel for OEM processors - linux-oracle: Linux kernel for Oracle Cloud systems - linux-rasp ...

oval:org.secpod.oval:def:2001338
A flaw was found in the Linux kernel"s NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a ...

oval:org.secpod.oval:def:115948
The kernel meta package

oval:org.secpod.oval:def:115944
Kernel-headers includes the C header files that specify the interface between the Linux kernel and userspace libraries and programs. The header files define structures and constants that are needed for building most standard programs and are also needed for rebuilding the glibc package.

oval:org.secpod.oval:def:115943
The kernel meta package

oval:org.secpod.oval:def:115940
This package contains the tools/ directory from the kernel source and the supporting documentation.

oval:org.secpod.oval:def:115942
This package contains the tools/ directory from the kernel source and the supporting documentation.

oval:org.secpod.oval:def:54112
linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-kvm: Linux kernel for cloud environments - linux-oem: Linux kernel for OEM processors - linux-oracle: Linux kernel for Oracle Cloud systems - linux-rasp ...

oval:org.secpod.oval:def:54113
linux-aws-hwe: Linux kernel for Amazon Web Services systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-hwe: Linux hardware enablement kernel - linux-oracle: Linux kernel for Oracle Cloud systems Several securit ...

oval:org.secpod.oval:def:54111
linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-hwe: Linux hardware enablement kernel Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:54116
linux: Linux kernel Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:54114
linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:54115
linux-aws: Linux kernel for Amazon Web Services systems - linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:49668
The host is installed with Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, or 2.17.x before 2.17.1 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to handle the crafted .gitmodules file. Successful exploita ...

oval:org.secpod.oval:def:1600894
In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory.In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x befor ...

oval:org.secpod.oval:def:2000286
A flaw was found in libgit2 before version 0.27.3. It has been discovered that an unexpected sign extension in git_delta_apply function in delta.c file may lead to an integer overflow which in turn leads to an out of bound read, allowing to read before the base object. An attacker may use this flaw ...

oval:org.secpod.oval:def:115426
libgit2 is a portable, pure C implementation of the Git core methods provided as a re-entrant linkable library with a solid API, allowing you to write native speed custom Git applications in any language with bindings.

oval:org.secpod.oval:def:114981
libgit2 is a portable, pure C implementation of the Git core methods provided as a re-entrant linkable library with a solid API, allowing you to write native speed custom Git applications in any language with bindings.

oval:org.secpod.oval:def:46090
The host is installed with Apple Mac OS X 10.13.2 or later or Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4 or 2.17.x before 2.17.1 and is prone to an arbitary code execution vulnerability. A flaw is present in the application, which fails to handle crafted file ...

oval:org.secpod.oval:def:603412
Etienne Stalmans discovered that git, a fast, scalable, distributed revision control system, is prone to an arbitrary code execution vulnerability exploitable via specially crafted submodule names in a .gitmodules file.

oval:org.secpod.oval:def:704107
git: fast, scalable, distributed revision control system Several security issues were fixed in Git.

oval:org.secpod.oval:def:53338
Etienne Stalmans discovered that git, a fast, scalable, distributed revision control system, is prone to an arbitrary code execution vulnerability exploitable via specially crafted submodule names in a .gitmodules file.

oval:org.secpod.oval:def:115229
libgit2 is a portable, pure C implementation of the Git core methods provided as a re-entrant linkable library with a solid API, allowing you to write native speed custom Git applications in any language with bindings.

oval:org.secpod.oval:def:1800993
CVE-2018-11233:¶ In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory.

oval:org.secpod.oval:def:1800995
CVE-2018-11233:¶ In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory.

oval:org.secpod.oval:def:1800999
CVE-2018-11233:¶ In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory.

oval:org.secpod.oval:def:114754
libgit2 is a portable, pure C implementation of the Git core methods provided as a re-entrant linkable library with a solid API, allowing you to write native speed custom Git applications in any language with bindings.

oval:org.secpod.oval:def:114750
libgit2 is a portable, pure C implementation of the Git core methods provided as a re-entrant linkable library with a solid API, allowing you to write native speed custom Git applications in any language with bindings.

oval:org.secpod.oval:def:114819
libgit2 is a portable, pure C implementation of the Git core methods provided as a re-entrant linkable library with a solid API, allowing you to write native speed custom Git applications in any language with bindings.

oval:org.secpod.oval:def:114817
libgit2 is a portable, pure C implementation of the Git core methods provided as a re-entrant linkable library with a solid API, allowing you to write native speed custom Git applications in any language with bindings.

oval:org.secpod.oval:def:115254
Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The git rpm installs common set of tools which are usually using with small amount of dependencies. To install all git packages, incl ...

oval:org.secpod.oval:def:115245
libgit2 is a portable, pure C implementation of the Git core methods provided as a re-entrant linkable library with a solid API, allowing you to write native speed custom Git applications in any language with bindings.

oval:org.secpod.oval:def:115315
libgit2 is a portable, pure C implementation of the Git core methods provided as a re-entrant linkable library with a solid API, allowing you to write native speed custom Git applications in any language with bindings.

oval:org.secpod.oval:def:114919
libgit2 is a portable, pure C implementation of the Git core methods provided as a re-entrant linkable library with a solid API, allowing you to write native speed custom Git applications in any language with bindings.

oval:org.secpod.oval:def:204835
Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work ...

oval:org.secpod.oval:def:114590
Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The git rpm installs common set of tools which are usually using with small amount of dependencies. To install all git packages, incl ...

oval:org.secpod.oval:def:114589
Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The git rpm installs common set of tools which are usually using with small amount of dependencies. To install all git packages, incl ...

oval:org.secpod.oval:def:1700048
In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory.In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x befor ...

oval:org.secpod.oval:def:1502252
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:502322
Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work ...

oval:org.secpod.oval:def:51048
git: fast, scalable, distributed revision control system Several security issues were fixed in Git.

oval:org.secpod.oval:def:113157
The kernel meta package

oval:org.secpod.oval:def:43639
The host is installed with Apple Mac OS 10.13.1 or 10.12.6 or 10.11.6 and is prone to multiple vulnerabilities. The flaw is present in the application, which fails to properly handle multiple issues. Successful exploitation allows remote attackers to execute arbitrary code or read restricted memory.

oval:org.secpod.oval:def:1600794
stack buffer overflow in the native Bluetooth stackA stack buffer overflow flaw was found in the way the Bluetooth subsystem of the Linux kernel processed pending L2CAP configuration responses from a client. On systems with the stack protection feature enabled in the kernel , an unauthenticated atta ...

oval:org.secpod.oval:def:603280
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2017-5715 Multiple researchers have discovered a vulnerability in various processors supporting speculative execution, enabling an attacker controllin ...

oval:org.secpod.oval:def:704058
linux-aws: Linux kernel for Amazon Web Services systems - linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:704054
linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:603398
Multiple vulnerabilities have been discovered in the Xen hypervisor: CVE-2018-8897 Andy Lutomirski and Nick Peterson discovered that incorrect handling of debug exceptions could result in privilege escalation. CVE-2018-10471 An error was discovered in the mitigations against Meltdown which could res ...

oval:org.secpod.oval:def:703711
linux-hwe: Linux hardware enablement kernel - linux-meta-hwe: Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:704144
linux: Linux kernel Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:603411
Several vulnerabilities were discovered in qemu, a fast processor emulator. CVE-2017-15038 Tuomas Tynkkynen discovered an information leak in 9pfs. CVE-2017-15119 Eric Blake discovered that the NBD server insufficiently restricts large option requests, resulting in denial of service. CVE-2017-15124 ...

oval:org.secpod.oval:def:53337
Several vulnerabilities were discovered in qemu, a fast processor emulator. CVE-2017-15038 Tuomas Tynkkynen discovered an information leak in 9pfs. CVE-2017-15119 Eric Blake discovered that the NBD server insufficiently restricts large option requests, resulting in denial of service. CVE-2017-15124 ...

oval:org.secpod.oval:def:703802
linux: Linux kernel Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:204791
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * hw: cpu: speculative execution permission faults handling * kernel: Buffer overflow in firewire driver via crafted incoming packets * kernel: Use-after-free vulnerability in DCCP socket * Kernel: ...

oval:org.secpod.oval:def:52884
linux: Linux kernel Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:204798
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * hw: cpu: speculative execution permission faults handling * Kernel: error in exception handling leads to DoS * kernel: nfsd: Incorrect handling of long RPC replies * kernel: Use-after-free vulner ...

oval:org.secpod.oval:def:52897
linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:1502063
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502061
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:52916
linux: Linux kernel Details: It was discovered that an out-of-bounds write vulnerability existed in the Flash-Friendly File System in the Linux kernel. An attacker could construct a malicious file system that, when mounted, could cause a denial of service or possibly execute arbitrary code. It wa ...

oval:org.secpod.oval:def:1502082
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:52923
linux-aws: Linux kernel for Amazon Web Services systems - linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:52933
linux: Linux kernel Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:1502042
Several security issues were fixed in Linux kernel, python-perf and perf.

oval:org.secpod.oval:def:1502043
Several security issues were fixed in Linux kernel, python-perf and perf.

oval:org.secpod.oval:def:204758
The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated kernel packages include several security issues and numerous bug fixes, some of which you can see below. Space precludes documenting all of these bug fixes in this advisory. To see the complete list o ...

oval:org.secpod.oval:def:1502057
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502055
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502059
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:52036
linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:502159
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * Out-of-bounds kernel heap access vulnerability was found in xfrm, kernel"s IP framework for transforming packets. An error dealing with netlink messages from an unprivileged user leads to arbitrary ...

oval:org.secpod.oval:def:502241
The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated kernel packages include several security issues and numerous bug fixes, some of which you can see below. Space precludes documenting all of these bug fixes in this advisory. To see the complete list o ...

oval:org.secpod.oval:def:703876
linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:703875
linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-gke: Linux kernel for Google Container Engine systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors Se ...

oval:org.secpod.oval:def:502267
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * hw: cpu: speculative execution permission faults handling * kernel: Buffer overflow in firewire driver via crafted incoming packets * kernel: Use-after-free vulnerability in DCCP socket * Kernel: ...

oval:org.secpod.oval:def:113249
The kernel meta package

oval:org.secpod.oval:def:502286
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * hw: cpu: speculative execution permission faults handling * Kernel: error in exception handling leads to DoS * kernel: nfsd: Incorrect handling of long RPC replies * kernel: Use-after-free vulner ...

oval:org.secpod.oval:def:204579
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * Out-of-bounds kernel heap access vulnerability was found in xfrm, kernel"s IP framework for transforming packets. An error dealing with netlink messages from an unprivileged user leads to arbitrary ...

oval:org.secpod.oval:def:1502206
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502266
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502269
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502267
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502268
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502291
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:703996
linux: Linux kernel Details: It was discovered that an out-of-bounds write vulnerability existed in the Flash-Friendly File System in the Linux kernel. An attacker could construct a malicious file system that, when mounted, could cause a denial of service or possibly execute arbitrary code. It wa ...

oval:org.secpod.oval:def:1502144
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502175
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:51929
linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-gke: Linux kernel for Google Container Engine systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors Se ...

oval:org.secpod.oval:def:40418
libxslt: XSLT processing library Several security issues were fixed in Libxslt.

oval:org.secpod.oval:def:40417
libxslt: XSLT processing library Several security issues were fixed in Libxslt.

oval:org.secpod.oval:def:34663
The host is installed with Apple Mac OS X or Server 10.9.5, 10.10.5 or 10.11.x before 10.11.6 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle unspecified vectors. Successful exploitation could allow remote attackers to have unsp ...

oval:org.secpod.oval:def:1600404
A double-free flaw was found in the way OpenSSL parsed certain malformed DSA private keys. An attacker could create specially crafted DSA private keys that, when processed by an application compiled against OpenSSL, could cause the application to crash. The ssl_verify_server_cert function in sql-co ...

oval:org.secpod.oval:def:34287
The host is installed with Apple iTunes before 12.4.2 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation allows attackers to crash the service.

oval:org.secpod.oval:def:34290
The host is installed with Apple iTunes before 12.4.2 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation allows attackers to crash the service.

oval:org.secpod.oval:def:110496
MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files.

oval:org.secpod.oval:def:602320
Several vulnerabilities were discovered in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to use an excessive am ...

oval:org.secpod.oval:def:501720
The libxml2 library is a development toolbox providing the implementation of various XML standards. Several denial of service flaws were found in libxml2, a library providing support for reading, modifying, and writing XML and HTML files. A remote attacker could provide a specially crafted XML or HT ...

oval:org.secpod.oval:def:110547
MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files.

oval:org.secpod.oval:def:602524
Several vulnerabilities were discovered in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause a denial-of-service against the applica ...

oval:org.secpod.oval:def:602520
Several vulnerabilities have been discovered in the chromium web browser. CVE-2016-1667 Mariusz Mylinski discovered a cross-origin bypass. CVE-2016-1668 Mariusz Mylinski discovered a cross-origin bypass in bindings to v8. CVE-2016-1669 Choongwoo Han discovered a buffer overflow in the v8 javascript ...

oval:org.secpod.oval:def:602541
Several vulnerabilities were discovered in libxslt, an XSLT processing runtime library, which could lead to information disclosure or denial-of-service against an application using the libxslt library.

oval:org.secpod.oval:def:36255
The host is missing a security update according to Apple advisory APPLE-SA-2016-07-18-6. The update is required to fix multiple memory corruption vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows attackers to crash the servi ...

oval:org.secpod.oval:def:36326
The host is missing a security update according to Apple advisory APPLE-SA-2016-07-18-1. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted website. Successful exploitation allows attackers to crash the service, disclose th ...

oval:org.secpod.oval:def:36314
The host is installed with Apple Mac OS X or Server 10.9.5, 10.10.5 or 10.11.x before 10.11.6 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle unspecified vectors. Successful exploitation could allow remote attackers to have unsp ...

oval:org.secpod.oval:def:52434
linux: Linux kernel Several security issues were fixed in the kernel.

oval:org.secpod.oval:def:52438
linux-lts-utopic: Linux hardware enablement kernel from Utopic Several security issues were fixed in the kernel.

oval:org.secpod.oval:def:109880
With conntrack-tools you can setup a High Availability cluster and synchronize conntrack state between multiple firewalls. The conntrack-tools package contains two programs: - conntrack: the command line interface to interact with the connection tracking system. - conntrackd: the connection tracking ...

oval:org.secpod.oval:def:109855
With conntrack-tools you can setup a High Availability cluster and synchronize conntrack state between multiple firewalls. The conntrack-tools package contains two programs: - conntrack: the command line interface to interact with the connection tracking system. - conntrackd: the connection tracking ...

oval:org.secpod.oval:def:1501303
The key_gc_unused_keys function in security/keys/gc.c in the Linux kernel allows local users to cause a denial of service (OOPS) via crafted keyctl commands.

oval:org.secpod.oval:def:1501307
Race condition in the IPC object implementation in the Linux kernel allows local users to gain privileges by triggering an ipc_addid call that leads to uid and gid comparisons against uninitialized data, related to msg.c, shm.c, and util.c.

oval:org.secpod.oval:def:1800383
x86: inconsistent cachability flags on guest mappings. Multiple mappings of the same physical page with different cachability setting can cause problems. While one category affects only guests themselves , the other category being Machine Check exceptions can be fatal to entire hosts.

oval:org.secpod.oval:def:1500949
Stack-based buffer overflow in the ttusbdecfe_dvbs_diseqc_send_master_cmd function in drivers/media/usb/ttusb-dec/ttusbdecfe.c in the Linux kernel before 3.17.4 allows local users to cause a denial of service (system crash) or possibly gain privileges via a large message length in an ioctl call.

oval:org.secpod.oval:def:1500950
Stack-based buffer overflow in the ttusbdecfe_dvbs_diseqc_send_master_cmd function in drivers/media/usb/ttusb-dec/ttusbdecfe.c in the Linux kernel before 3.17.4 allows local users to cause a denial of service (system crash) or possibly gain privileges via a large message length in an ioctl call.

oval:org.secpod.oval:def:204270
The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel"s file system implementation handled rename operations in which the source was inside and the destination was outside of a bind mount. A privileged user inside a conta ...

oval:org.secpod.oval:def:1501253
The flaws were found in the way the Linux kernel's file system implementation handled rename operations in which the source was inside and the destination was outside of a bind mount. A privileged user inside a container could use this flaw to escape the bind mount and, potentially, escalate their p ...

oval:org.secpod.oval:def:1501293
The key_gc_unused_keys function in security/keys/gc.c in the Linux kernel allows local users to cause a denial of service (OOPS) via crafted keyctl commands.

oval:org.secpod.oval:def:1501298
Race condition in the IPC object implementation in the Linux kernel allows local users to gain privileges by triggering an ipc_addid call that leads to uid and gid comparisons against uninitialized data, related to msg.c, shm.c, and util.c.

oval:org.secpod.oval:def:24743
The host is installed with kernel in RHEL 7 and is prone to an unprivileged module load vulnerability. A flaw is present in the application, which fails to properly handle request_module() call. Successful exploitation could allow attackers to load any installed module.

oval:org.secpod.oval:def:602209
It was discovered that in certain configurations, if the relevant conntrack kernel module is not loaded, conntrackd will crash when handling DCCP, SCTP or ICMPv6 packets.

oval:org.secpod.oval:def:702482
linux-lts-utopic: Linux hardware enablement kernel from Utopic Several security issues were fixed in the kernel.

oval:org.secpod.oval:def:702481
linux-lts-trusty: Linux hardware enablement kernel from Trusty Several security issues were fixed in the kernel.

oval:org.secpod.oval:def:702475
linux: Linux kernel Several security issues were fixed in the kernel.

oval:org.secpod.oval:def:702474
linux: Linux kernel Several security issues were fixed in the kernel.

oval:org.secpod.oval:def:501694
The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel"s file system implementation handled rename operations in which the source was inside and the destination was outside of a bind mount. A privileged user inside a conta ...

oval:org.secpod.oval:def:702602
linux-ti-omap4: Linux kernel for OMAP4 Several security issues were fixed in the kernel.

oval:org.secpod.oval:def:601968
Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leaks or privilege escalation. CVE-2013-7421 / CVE-2014-9644 It was discovered that the Crypto API allowed unprivileged users to load arbitrary kernel modules. A local user can use this ...

oval:org.secpod.oval:def:702593
linux: Linux kernel Several security issues were fixed in the kernel.

oval:org.secpod.oval:def:52440
tiff: Tag Image File Format library LibTIFF could be made to crash or run programs as your login if it opened a specially crafted file.

oval:org.secpod.oval:def:1501139
MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. It was found that the MySQL client library permitted but did not require a client to use SSL/TLS when establishing a secure connection to a MySQL server using the "--ssl" option. A man-in-the- ...

oval:org.secpod.oval:def:113112
The gd graphics library allows your code to quickly draw images complete with lines, arcs, text, multiple colors, cut and paste from other images, and flood fills, and to write out the result as a PNG or JPEG file. This is particularly useful in Web applications, where PNG and JPEG are two of the fo ...

oval:org.secpod.oval:def:113124
The gd graphics library allows your code to quickly draw images complete with lines, arcs, text, multiple colors, cut and paste from other images, and flood fills, and to write out the result as a PNG or JPEG file. This is particularly useful in Web applications, where PNG and JPEG are two of the fo ...

oval:org.secpod.oval:def:203982
The libtiff packages contain a library of functions for manipulating Tagged Image File Format files. Security Fix: * Multiple flaws have been discovered in libtiff. A remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code by tricking an ...

oval:org.secpod.oval:def:203978
The libtiff packages contain a library of functions for manipulating Tagged Image File Format files. Security Fix: * Multiple flaws have been discovered in libtiff. A remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code by tricking an ...

oval:org.secpod.oval:def:1800681
CVE-2017-6362: Double-free in gdImagePngPtr. Double free vulnerability in the gdImagePngPtr function in libgd2 before 2.2.5 allows remote attackers to cause a denial of service via vectors related to a palette with no colors. Fixed In Version: libgd 2.2.5

oval:org.secpod.oval:def:203693
MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. It was found that the MySQL client library permitted but did not require a client to use SSL/TLS when establishing a secure connection to a MySQL server using the "--ssl" option. A man-in-the- ...

oval:org.secpod.oval:def:704014
php7.1: HTML-embedded scripting language interpreter - php7.0: HTML-embedded scripting language interpreter - php5: HTML-embedded scripting language interpreter Several security issues were fixed in PHP.

oval:org.secpod.oval:def:34930
libgd2: GD Graphics Library The GD library could be made to crash or run programs if it processed a specially crafted image file.

oval:org.secpod.oval:def:602114
William Robinet and Michal Zalewski discovered multiple vulnerabilities in the TIFF library and its tools, which may result in denial of service or the execution of arbitrary code if a malformed TIFF file is processed.

oval:org.secpod.oval:def:602168
Several issues have been discovered in the MariaDB database server. The vulnerabilities are addressed by upgrading MariaDB to the new upstream version 10.0.20. Please see the MariaDB 10.0 Release Notes for further details: https://mariadb.com/kb/en/mariadb/mariadb-10017-release-notes/ https://mariad ...

oval:org.secpod.oval:def:1800488
CVE-2017-6362: Double-free in gdImagePngPtr. Double free vulnerability in the gdImagePngPtr function in libgd2 before 2.2.5 allows remote attackers to cause a denial of service via vectors related to a palette with no colors. Fixed In Version: libgd 2.2.5

oval:org.secpod.oval:def:1501540
The libtiff packages contain a library of functions for manipulating Tagged Image File Format files. Security Fix: * Multiple flaws have been discovered in libtiff. A remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code by tricking an ...

oval:org.secpod.oval:def:1501543
The libtiff packages contain a library of functions for manipulating Tagged Image File Format files. Security Fix: * Multiple flaws have been discovered in libtiff. A remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code by tricking an ...

oval:org.secpod.oval:def:52014
php7.1: HTML-embedded scripting language interpreter - php7.0: HTML-embedded scripting language interpreter - php5: HTML-embedded scripting language interpreter Several security issues were fixed in PHP.

oval:org.secpod.oval:def:113491
The gd graphics library allows your code to quickly draw images complete with lines, arcs, text, multiple colors, cut and paste from other images, and flood fills, and to write out the result as a PNG or JPEG file. This is particularly useful in Web applications, where PNG and JPEG are two of the fo ...

oval:org.secpod.oval:def:51546
php7.0: HTML-embedded scripting language interpreter - php5: HTML-embedded scripting language interpreter Several security issues were fixed in PHP.

oval:org.secpod.oval:def:501640
MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. It was found that the MySQL client library permitted but did not require a client to use SSL/TLS when establishing a secure connection to a MySQL server using the --ssl option. A man-in-the-middle attac ...

oval:org.secpod.oval:def:702486
tiff: Tag Image File Format library LibTIFF could be made to crash or run programs as your login if it opened a specially crafted file.

oval:org.secpod.oval:def:1600435
Multiple flaws have been discovered in libtiff. A remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code by tricking an application linked against libtiff into processing specially crafted files. Multiple flaws have been discovered in va ...

oval:org.secpod.oval:def:53365
Several vulnerabilities were found in PHP, a widely-used open source general purpose scripting language: CVE-2018-7584 Buffer underread in parsing HTTP responses CVE-2018-10545 Dumpable FPM child processes allowed the bypass of opcache access controls CVE-2018-10546 Denial of service via infinite lo ...

oval:org.secpod.oval:def:603675
Multiple security issues were found in PHP, a widely-used open source general purpose scripting language: Multiple out-of-bounds memory accesses were found in the xmlrpc, mbstring and phar extensions and the dns_get_record function.

oval:org.secpod.oval:def:36105
libgd2: GD Graphics Library The GD library could be made to crash or run programs if it processed a specially crafted image file.

oval:org.secpod.oval:def:36104
libgd2: GD Graphics Library The GD library could be made to crash or run programs if it processed a specially crafted image file.

oval:org.secpod.oval:def:53525
Multiple security issues were found in PHP, a widely-used open source general purpose scripting language: Multiple out-of-bounds memory accesses were found in the xmlrpc, mbstring and phar extensions and the dns_get_record function.

oval:org.secpod.oval:def:38789
The host is missing a security update according to Apple advisory, APPLE-SA-2017-01-23-2. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle crafted data. Successful exploitation could allow attackers to execute arbitrary ...

oval:org.secpod.oval:def:602539
Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development. The vulnerabilities are addressed by upgrading PHP to the new upstream version 5.6.22, which includes additional bug fixes. Please refer to the upstream changelog for more i ...

oval:org.secpod.oval:def:602557
Several vulnerabilities were discovered in libgd2, a library for programmatic graphics creation and manipulation. A remote attacker can take advantage of these flaws to cause a denial-of-service against an application using the libgd2 library , or potentially to execute arbitrary code with the privi ...

oval:org.secpod.oval:def:703141
libgd2: GD Graphics Library The GD library could be made to crash or run programs if it processed a specially crafted image file.

oval:org.secpod.oval:def:602479
Hans Jerry Illikainen discovered that libgd2, a library for programmatic graphics creation and manipulation, suffers of a signedness vulnerability which may result in a heap overflow when processing specially crafted compressed gd2 data. A remote attacker can take advantage of this flaw to cause an ...

oval:org.secpod.oval:def:501854
The libtiff packages contain a library of functions for manipulating Tagged Image File Format files. Security Fix: * Multiple flaws have been discovered in libtiff. A remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code by tricking an ...

oval:org.secpod.oval:def:501858
The libtiff packages contain a library of functions for manipulating Tagged Image File Format files. Security Fix: * Multiple flaws have been discovered in libtiff. A remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code by tricking an ...

oval:org.secpod.oval:def:1800778
CVE-2017-6362: Double-free in gdImagePngPtr. Double free vulnerability in the gdImagePngPtr function in libgd2 before 2.2.5 allows remote attackers to cause a denial of service via vectors related to a palette with no colors. Fixed In Version libgd 2.2.5

oval:org.secpod.oval:def:51007
php7.0: HTML-embedded scripting language interpreter - php5: HTML-embedded scripting language interpreter Several security issues were fixed in PHP.

oval:org.secpod.oval:def:52471
linux: Linux kernel The system could be made to run programs as an administrator.

oval:org.secpod.oval:def:52466
linux-lts-utopic: Linux hardware enablement kernel from Utopic The system could be made to run programs as an administrator.

oval:org.secpod.oval:def:52484
linux: Linux kernel Several security issues were fixed in the kernel.

oval:org.secpod.oval:def:1501102
linux: Linux kernel Several security issues were fixed in the kernel.

oval:org.secpod.oval:def:1501108
Moderate: Oracle Linux 5 Unbreakable Enterprise kernel security update.

oval:org.secpod.oval:def:1501111
Moderate: Oracle Linux 6 Unbreakable Enterprise kernel security update.

oval:org.secpod.oval:def:1501115
Moderate: Oracle Linux 6 Unbreakable Enterprise kernel security update.

oval:org.secpod.oval:def:1501116
Moderate: Oracle Linux 5 Unbreakable Enterprise kernel security update.

oval:org.secpod.oval:def:1501096
linux: Linux kernel Several security issues were fixed in the kernel.

oval:org.secpod.oval:def:1501063
The kernel packages contain the Linux kernel, the core of any Linux operating system. * A NULL pointer dereference flaw was found in the way the Linux kernel"s virtual console implementation handled reference counting when accessing pseudo-terminal device files . A local, unprivileged attacker could ...

oval:org.secpod.oval:def:1501065
The kernel packages contain the Linux kernel, the core of any Linux operating system. * A NULL pointer dereference flaw was found in the way the Linux kernel"s virtual console implementation handled reference counting when accessing pseudo-terminal device files . A local, unprivileged attacker could ...

oval:org.secpod.oval:def:1501073
The kernel packages contain the Linux kernel, the core of any Linux operating system. * A NULL pointer dereference flaw was found in the way the Linux kernel"s virtual console implementation handled reference counting when accessing pseudo-terminal device files . A local, unprivileged attacker could ...

oval:org.secpod.oval:def:1501071
The kernel packages contain the Linux kernel, the core of any Linux operating system. * A NULL pointer dereference flaw was found in the way the Linux kernel"s virtual console implementation handled reference counting when accessing pseudo-terminal device files . A local, unprivileged attacker could ...

oval:org.secpod.oval:def:1501072
The kernel packages contain the Linux kernel, the core of any Linux operating system. * A NULL pointer dereference flaw was found in the way the Linux kernel"s virtual console implementation handled reference counting when accessing pseudo-terminal device files . A local, unprivileged attacker could ...

oval:org.secpod.oval:def:1501075
The kernel packages contain the Linux kernel, the core of any Linux operating system. * A NULL pointer dereference flaw was found in the way the Linux kernel"s virtual console implementation handled reference counting when accessing pseudo-terminal device files . A local, unprivileged attacker could ...

oval:org.secpod.oval:def:602074
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2014-8159 It was found that the Linux kernel"s InfiniBand/RDMA subsystem did not properly sanitize input parameters while registering memory regions f ...

oval:org.secpod.oval:def:25176
The host is installed with kernel on Red Hat Enterprise Linux 6 or 7 and is prone to a race condition vulnerability. A flaw is present in the application, which fails to properly handle set file permissions in certain conditions. Successful exploitation could allow attackers to execute crafted file ...

oval:org.secpod.oval:def:204242
The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way Linux kernel"s Transparent Huge Pages implementation handled non-huge page migration. A local, unprivileged user could use this flaw to crash the kernel by migrating transparent hugep ...

oval:org.secpod.oval:def:25164
The host is installed with kernel on Red Hat Enterprise Linux 6 or 7 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle Router advertisements. Successful exploitation could allow attackers to crash the service.

oval:org.secpod.oval:def:501622
The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way Linux kernel"s Transparent Huge Pages implementation handled non-huge page migration. A local, unprivileged user could use this flaw to crash the kernel by migrating transparent hugep ...

oval:org.secpod.oval:def:702563
linux: Linux kernel Several security issues were fixed in the kernel.

oval:org.secpod.oval:def:702561
linux-ti-omap4: Linux kernel for OMAP4 Several security issues were fixed in the kernel.

oval:org.secpod.oval:def:702565
linux-lts-trusty: Linux hardware enablement kernel from Trusty Several security issues were fixed in the kernel.

oval:org.secpod.oval:def:702541
linux-ti-omap4: Linux kernel for OMAP4 The system could be made to run programs as an administrator.

oval:org.secpod.oval:def:702544
linux-ec2: Linux kernel for EC2 The system could be made to run programs as an administrator.

oval:org.secpod.oval:def:702535
linux: Linux kernel The system could be made to run programs as an administrator.

oval:org.secpod.oval:def:702534
linux: Linux kernel The system could be made to run programs as an administrator.

oval:org.secpod.oval:def:702533
linux: Linux kernel The system could be made to run programs as an administrator.

oval:org.secpod.oval:def:702538
linux: Linux kernel The system could be made to run programs as an administrator.

oval:org.secpod.oval:def:702537
linux: Linux kernel The system could be made to run programs as an administrator.

oval:org.secpod.oval:def:702529
linux: Linux kernel The system could be made to run programs as an administrator.

oval:org.secpod.oval:def:702525
linux-lts-utopic: Linux hardware enablement kernel from Utopic The system could be made to run programs as an administrator.

oval:org.secpod.oval:def:24346
linux-lts-trusty: Linux hardware enablement kernel from Trusty The system could be made to run programs as an administrator.

oval:org.secpod.oval:def:114362
The Apache HTTP Server is a powerful, efficient, and extensible web server.

oval:org.secpod.oval:def:603112
Hanno Boeck discovered that incorrect parsing of Limit directives of .htaccess files by the Apache HTTP Server could result in memory disclosure.

oval:org.secpod.oval:def:1600776
Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user"s .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. The attacker sends an unauthenticated OPTIONS HTTP request when attempting to read secret data. ...

oval:org.secpod.oval:def:53141
Hanno Boeck discovered that incorrect parsing of Limit directives of .htaccess files by the Apache HTTP Server could result in memory disclosure.

oval:org.secpod.oval:def:43037
The host is installed with Apple Mac OS X 10.13.1 or 10.12.6 or 10.11.6 and is prone to an information disclosure vulnerability. The flaw is present in the application, which fails to properly handle multiple issues. Successful exploitation could allow attackers to obtain sensitive information that ...

oval:org.secpod.oval:def:43036
The host is installed with Apple Mac OS 10.13.1 or 10.12.6 or 10.11.6 and is prone to multiple vulnerabilities. The flaw is present in the application, which fails to properly handle multiple issues. Successful exploitation allows remote attackers to execute arbitrary code or read restricted memory.

oval:org.secpod.oval:def:703803
apache2: Apache HTTP server Apache HTTP Server could be made to expose sensitive information over the network.

oval:org.secpod.oval:def:1502033
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502039
Several security issues were fixed in httpd.

oval:org.secpod.oval:def:502150
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker ...

oval:org.secpod.oval:def:502156
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker ...

oval:org.secpod.oval:def:113556
The Apache HTTP Server is a powerful, efficient, and extensible web server.

oval:org.secpod.oval:def:113262
The Apache HTTP Server is a powerful, efficient, and extensible web server.

oval:org.secpod.oval:def:204571
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker ...

oval:org.secpod.oval:def:204577
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker ...

oval:org.secpod.oval:def:51894
apache2: Apache HTTP server Apache HTTP Server could be made to expose sensitive information over the network.

oval:org.secpod.oval:def:42910
The host is missing a security update according to Apple advisory, APPLE-SA-2017-10-31-2. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle crafted data. Successful exploitation could allow attackers to execute arbitrary ...

oval:org.secpod.oval:def:110858
This is expat, the C library for parsing XML, written by James Clark. Expat is a stream oriented XML parser. This means that you register handlers with the parser prior to starting the parse. These handlers are called when the parser discovers the associated structures in the document being parsed. ...

oval:org.secpod.oval:def:39517
The host is installed with Apple iTunes before 12.6 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle crafted identifiers. Successful exploitation could allows context-dependent attackers to cause a denial of service (CPU consumpt ...

oval:org.secpod.oval:def:39515
The host is installed with Apple iTunes before 12.6 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to properly handle vectors involving use of the srand function. Successful exploitation could allow context-dependent attackers to defeat cryptograph ...

oval:org.secpod.oval:def:39506
The host is installed with Apple iTunes before 12.6 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle crafted identifiers in an XML document. Successful exploitation allows attackers to cause a denial of service (CPU consumption).

oval:org.secpod.oval:def:39504
The host is installed with Apple iTunes before 12.6 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to handle vectors involving use of the srand function. Successful exploitation allows attackers to defeat cryptographic protection mechanisms.

oval:org.secpod.oval:def:1901278
Expat allows context-dependent attackers to cause a denial of service or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.

oval:org.secpod.oval:def:204140
Expat is a C library for parsing XML documents. Security Fix: * An out-of-bounds read flaw was found in the way Expat processed certain input. A remote attacker could send specially crafted XML that, when parsed by an application using the Expat library, would cause that application to crash or, pos ...

oval:org.secpod.oval:def:110629
This is expat, the C library for parsing XML, written by James Clark. Expat is a stream oriented XML parser. This means that you register handlers with the parser prior to starting the parse. These handlers are called when the parser discovers the associated structures in the document being parsed. ...

oval:org.secpod.oval:def:602093
Michal Zalewski discovered multiple vulnerabilities in SQLite, which may result in denial of service or the execution of arbitrary code.

oval:org.secpod.oval:def:36618
The host is missing an important security update according to Mozilla advisory, MFSA2016-68. The update is required to fix an out-of-bounds read vulnerability. A flaw is present in the application, which fail to handle malformed XML data. Successful exploitation allows remote attackers to read other ...

oval:org.secpod.oval:def:36617
The host is installed with Mozilla Firefox before 48.0 and is prone to an out-of-bounds read vulnerability. A flaw is present in the application, which fails to handle malformed XML data. Successful exploitation allows remote attackers to read other inaccessible memory.

oval:org.secpod.oval:def:34942
The host is installed with RHEL 6 or 7 and is prone to an out-of-bounds heap read vulnerability. A flaw is present in the application, which fails to handle a malformed input document. Successful exploitation could allow attackers to execute arbitrary code or crash the service.

oval:org.secpod.oval:def:602142
Michal Zalewski discovered that SQLite3, an implementation of an SQL database engine, did not properly handle precision and width values during floating-point conversions, leading to an integer overflow and a stack-based buffer overflow. This could allow remote attackers to cause a denial of service ...

oval:org.secpod.oval:def:602177
Several vulnerabilities were discovered in the chromium web browser. CVE-2015-1266 Intended access restrictions could be bypassed for certain URLs like chrome://gpu. CVE-2015-1267 A way to bypass the Same Origin Policy was discovered. CVE-2015-1268 Mariusz Mlynski also discovered a way to bypass the ...

oval:org.secpod.oval:def:110714
This is expat, the C library for parsing XML, written by James Clark. Expat is a stream oriented XML parser. This means that you register handlers with the parser prior to starting the parse. These handlers are called when the parser discovers the associated structures in the document being parsed. ...

oval:org.secpod.oval:def:51563
expat: XML parsing C library Expat could be made to crash or run programs as your login if it opened a specially crafted file.

oval:org.secpod.oval:def:51609
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:1600483
CVE-2016-0718 : Out-of-bounds read flaw An out-of-bounds read flaw was found in the way Expat processed certain input. A remote attacker could send specially crafted XML that, when parsed by an application using the Expat library, would cause that application to crash or, possibly, execute arbitrary ...

oval:org.secpod.oval:def:204045
Expat is a C library for parsing XML documents. Security Fix: * An out-of-bounds read flaw was found in the way Expat processed certain input. A remote attacker could send specially crafted XML that, when parsed by an application using the Expat library, would cause that application to crash or, pos ...

oval:org.secpod.oval:def:400755
This update for expat fixes the following issues: Security issue fixed: - CVE-2016-0718: Fix Expat XML parser that mishandles certain kinds of malformed input documents. - CVE-2015-1283: Fix multiple integer overflows

oval:org.secpod.oval:def:602506
Gustavo Grieco discovered that Expat, an XML parsing C library, does not properly handle certain kinds of malformed input documents, resulting in buffer overflows during processing and error reporting. A remote attacker can take advantage of this flaw to cause an application using the Expat library ...

oval:org.secpod.oval:def:602529
Two related issues have been discovered in Expat, a C library for parsing XML. CVE-2012-6702 It was introduced when CVE-2012-0876 was addressed. Stefan Sørensen discovered that the use of the function XML_Parse seeds the random number generator generating repeated outputs for rand calls. ...

oval:org.secpod.oval:def:703172
xmlrpc-c: Lightweight RPC library based on XML and HTTP Several security issues were fixed in XML-RPC for C and C++.

oval:org.secpod.oval:def:703112
expat: XML parsing C library Expat could be made to crash or run programs as your login if it opened a specially crafted file.

oval:org.secpod.oval:def:1501684
Expat is a C library for parsing XML documents. Security Fix: * An out-of-bounds read flaw was found in the way Expat processed certain input. A remote attacker could send specially crafted XML that, when parsed by an application using the Expat library, would cause that application to crash or, pos ...

oval:org.secpod.oval:def:1501685
Expat is a C library for parsing XML documents. Security Fix: * An out-of-bounds read flaw was found in the way Expat processed certain input. A remote attacker could send specially crafted XML that, when parsed by an application using the Expat library, would cause that application to crash or, pos ...

oval:org.secpod.oval:def:501941
Expat is a C library for parsing XML documents. Security Fix: * An out-of-bounds read flaw was found in the way Expat processed certain input. A remote attacker could send specially crafted XML that, when parsed by an application using the Expat library, would cause that application to crash or, pos ...

oval:org.secpod.oval:def:36289
The host is installed with Apple Mac OS X or Server 10.11.x before 10.11.6 or apple itunes before 12.6 or mozilla firefox before 48.0 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle unknown vectors. Successful exploitation could ...

oval:org.secpod.oval:def:703220
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:39507
The host is missing a critical security update according to Apple advisory, APPLE-SA-2017-03-22-1. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle crafted vectors. Successful exploitation allows attackers to execute arb ...

oval:org.secpod.oval:def:39508
The host is missing a security update according to Apple advisory, APPLE-SA-2017-03-22-2. The update is required to fix multiple vulnerabilities in Apple iTunes. The flaws are present in SQLite and expat which fails to handle vectors related to iTunes, crafted xml files. Successful exploitation coul ...

oval:org.secpod.oval:def:115667
The kernel meta package

oval:org.secpod.oval:def:115661
This package contains the tools/ directory from the kernel source and the supporting documentation.

oval:org.secpod.oval:def:115660
Kernel-headers includes the C header files that specify the interface between the Linux kernel and userspace libraries and programs. The header files define structures and constants that are needed for building most standard programs and are also needed for rebuilding the glibc package.

oval:org.secpod.oval:def:1700130
The USB subsystem mishandles size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c.A flaw was found where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect an ...

oval:org.secpod.oval:def:1600970
The USB subsystem mishandles size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c.A flaw was found where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect an ...

oval:org.secpod.oval:def:2000582
An issue was discovered in the Linux kernel before 4.19.9. The USB subsystem mishandles size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c.

oval:org.secpod.oval:def:52134
linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:52965
linux-aws: Linux kernel for Amazon Web Services systems - linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:704483
linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:704480
linux-aws: Linux kernel for Amazon Web Services systems - linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:47525
Microsoft is aware of a denial of service vulnerability (named "FragmentSmack" CVE-2018-5391) affecting Windows systems. An attacker could send many 8-byte sized IP fragments with random starting offsets, but withhold the last fragment and exploit the worst-case complexity of linked lists in reassem ...

oval:org.secpod.oval:def:42351
The host is missing an important security update KB4042895

oval:org.secpod.oval:def:45422
The host is missing an important security update for KB4103716

oval:org.secpod.oval:def:42355
The host is missing a critical security update KB4041691

oval:org.secpod.oval:def:42412
A spoofing vulnerability exists in the Windows implementation of wireless networking. An attacker who successfully exploited this vulnerability could potentially replay broadcast and/or multicast traffic to hosts on a WPA or WPA 2-protected wireless network. Multiple conditions would need to be met ...

oval:org.secpod.oval:def:45388
An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new a ...

oval:org.secpod.oval:def:45435
The host is missing an important security update for KB4103723

oval:org.secpod.oval:def:47526
The host is missing an important security update according to MS advisory ADV180022.

oval:org.secpod.oval:def:503137
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * An integer overflow flaw was found in the way the Linux kernel"s networking subsystem processed TCP Selective Acknowledgment segments. While processing SACK segments, the Linux kernel"s socket buff ...

oval:org.secpod.oval:def:703895
linux: Linux kernel - linux-raspi2: Linux kernel for Raspberry Pi 2 Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:704042
linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:704045
linux-aws: Linux kernel for Amazon Web Services systems - linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:52921
linux-aws: Linux kernel for Amazon Web Services systems - linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:52029
linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:1502220
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502215
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502217
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502137
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502138
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502136
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502177
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502178
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:603111
Several vulnerabilities have been discovered in the Linux kernel that may lead to privilege escalation, denial of service or information leaks. CVE-2017-7518 Andy Lutomirski discovered that KVM is prone to an incorrect debug exception error occurring while emulating a syscall instruction. A process ...

oval:org.secpod.oval:def:53140
Several vulnerabilities have been discovered in the Linux kernel that may lead to privilege escalation, denial of service or information leaks. CVE-2017-7518 Andy Lutomirski discovered that KVM is prone to an incorrect debug exception error occurring while emulating a syscall instruction. A process ...

oval:org.secpod.oval:def:52898
linux: Linux kernel Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:1502083
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502084
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502053
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502056
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502058
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:703879
linux: Linux kernel Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:602546
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2015-7515, CVE-2016-2184, CVE-2016-2185, CVE-2016-2186, CVE-2016-2187, CVE-2016-3136, CVE-2016-3137, CVE-2016-3138, CVE-2016-3140 Ralf Spenneberg of O ...

oval:org.secpod.oval:def:52470
linux: Linux kernel Several security issues were fixed in the kernel.

oval:org.secpod.oval:def:52468
linux-lts-utopic: Linux hardware enablement kernel from Utopic Several security issues were fixed in the kernel.

oval:org.secpod.oval:def:1501145
Stack-based buffer overflow in the get_matching_model_microcode function in arch/x86/kernel/cpu/microcode/intel_early.c in the Linux kernel allows context-dependent attackers to gain privileges by constructing a crafted microcode header and leveraging root privileges for write access to the initrd.

oval:org.secpod.oval:def:1501040
The kernel packages contain the Linux kernel, the core of any Linux operating system. * It was found that the Linux kernel"s implementation of vectored pipe read and write functionality did not take into account the I/O vectors that were already processed when retrying after a failed atomic access o ...

oval:org.secpod.oval:def:203648
The kernel packages contain the Linux kernel, the core of any Linux operating system. * It was found that the Linux kernel"s implementation of vectored pipe read and write functionality did not take into account the I/O vectors that were already processed when retrying after a failed atomic access o ...

oval:org.secpod.oval:def:203683
The kernel packages contain the Linux kernel, the core of any Linux operating system. * An integer overflow flaw was found in the way the Linux kernel"s netfilter connection tracking implementation loaded extensions. An attacker on a local network could potentially send a sequence of specially craft ...

oval:org.secpod.oval:def:501583
The kernel packages contain the Linux kernel, the core of any Linux operating system. * It was found that the Linux kernel"s implementation of vectored pipe read and write functionality did not take into account the I/O vectors that were already processed when retrying after a failed atomic access o ...

oval:org.secpod.oval:def:109462
The kernel meta package

oval:org.secpod.oval:def:109409
The kernel meta package

oval:org.secpod.oval:def:501627
The kernel packages contain the Linux kernel, the core of any Linux operating system. * An integer overflow flaw was found in the way the Linux kernel"s netfilter connection tracking implementation loaded extensions. An attacker on a local network could potentially send a sequence of specially craft ...

oval:org.secpod.oval:def:702432
linux-ti-omap4: Linux kernel for OMAP4 Several security issues were fixed in the kernel.

oval:org.secpod.oval:def:702438
linux: Linux kernel Several security issues were fixed in the kernel.

oval:org.secpod.oval:def:702530
linux-lts-utopic: Linux hardware enablement kernel from Utopic Several security issues were fixed in the kernel.

oval:org.secpod.oval:def:702536
linux: Linux kernel Several security issues were fixed in the kernel.

oval:org.secpod.oval:def:702526
linux-lts-trusty: Linux hardware enablement kernel from Trusty Several security issues were fixed in the kernel.

oval:org.secpod.oval:def:109128
The kernel meta package

oval:org.secpod.oval:def:109211
The kernel meta package

oval:org.secpod.oval:def:108752
The kernel meta package

oval:org.secpod.oval:def:109262
The kernel meta package

oval:org.secpod.oval:def:24343
linux: Linux kernel Several security issues were fixed in the kernel.

oval:org.secpod.oval:def:108851
The kernel meta package

oval:org.secpod.oval:def:42454
The host is installed with Oracle Java SE through 7u151, 8u144 or 9 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to 2D (Little CMS 2). Successful exploitation allows attackers to affect Confidentiality.

oval:org.secpod.oval:def:43535
The host is installed with Oracle Java SE through 6u171, 7u161, 8u152 or 9.0.1 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to Libraries. Successful exploitation allows attackers to affect Confidentiality.

oval:org.secpod.oval:def:43539
The host is installed with Oracle Java SE through 6u171, 7u161, 8u152 or 9.0.1 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to JNDI. Successful exploitation allows attackers to affect Integrity and Availability.

oval:org.secpod.oval:def:43538
The host is installed with Oracle Java SE through 6u171, 7u161, 8u152 or 9.0.1 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to LDAP. Successful exploitation allows attackers to affect Confidentiality.

oval:org.secpod.oval:def:43542
The host is installed with Oracle Java SE through 6u171, 7u161, 8u152 or 9.0.1 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to JCE. Successful exploitation allows attackers to affect Confidentiality.

oval:org.secpod.oval:def:43541
The host is installed with Oracle Java SE through 6u171, 7u161, 8u152 or 9.0.1 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to Libraries. Successful exploitation allows attackers to affect Availability.

oval:org.secpod.oval:def:43540
The host is installed with Oracle Java SE through 6u171, 7u161, 8u152 or 9.0.1 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to I18n. Successful exploitation allows attackers to affect Confidentiality, Integrity and Availabi ...

oval:org.secpod.oval:def:43546
The host is installed with Oracle Java SE through 7u161, 8u152 or 9.0.1 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to JGSS. Successful exploitation allows attackers to affect Confidentiality.

oval:org.secpod.oval:def:43545
The host is installed with Oracle Java SE through 6u171, 7u161, 8u152 or 9.0.1 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to JNDI. Successful exploitation allows attackers to affect Confidentiality, Integrity and Availabi ...

oval:org.secpod.oval:def:43544
The host is installed with Oracle Java SE through 6u171, 7u161, 8u152 or 9.0.1 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to JGSS. Successful exploitation allows attackers to affect Integrity.

oval:org.secpod.oval:def:43547
The host is installed with Oracle Java SE through 6u171, 7u161, 8u152 or 9.0.1 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to JMX. Successful exploitation allows attackers to affect Confidentiality and Integrity.

oval:org.secpod.oval:def:43553
The host is installed with Oracle Java SE through 6u171, 7u161, 8u152 or 9.0.1 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to AWT. Successful exploitation allows attackers to affect Availability.

oval:org.secpod.oval:def:43552
The host is installed with Oracle Java SE through 6u171, 7u161, 8u152 or 9.0.1 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to Libraries. Successful exploitation allows attackers to affect Availability.

oval:org.secpod.oval:def:43550
The host is installed with Oracle Java SE through 6u171, 7u161, 8u152 or 9.0.1 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to AWT. Successful exploitation allows attackers to affect Integrity.

oval:org.secpod.oval:def:43554
The host is installed with Oracle Java SE through 6u171, 7u161, 8u152 or 9.0.1 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to JNDI. Successful exploitation allows attackers to affect Availability.

oval:org.secpod.oval:def:50264
The host is installed with Oracle Java SE through 7u201, 8u192 or 11.0.1 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to Libraries. Successful exploitation allows attackers to affect Confidentiality.

oval:org.secpod.oval:def:45167
The host is installed with Oracle Java SE through 6u181, 7u171, 8u162 or 10 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to Security. Successful exploitation allows attackers to affect Availability.

oval:org.secpod.oval:def:45168
The host is installed with Oracle Java SE through 7u171, 8u162 or 10 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to Concurrency. Successful exploitation allows attackers to affect Availability.

oval:org.secpod.oval:def:45169
The host is installed with Oracle Java SE through 6u181, 7u171, 8u162 or 10 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to JMX. Successful exploitation allows attackers to affect Availability.

oval:org.secpod.oval:def:45165
The host is installed with Oracle Java SE through 6u181, 7u171, 8u162 or 10 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to Security. Successful exploitation allows attackers to affect Integrity.

oval:org.secpod.oval:def:45166
The host is installed with Oracle Java SE through 6u181, 7u171, 8u162, 10 or JRockit: R28.3.17 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to Security. Successful exploitation allows attackers to affect Confidentiality, In ...

oval:org.secpod.oval:def:45170
The host is installed with Oracle Java SE through 6u181, 7u171, 8u162 or 10 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to AWT. Successful exploitation allows attackers to affect Availability.

oval:org.secpod.oval:def:45171
The host is installed with Oracle Java SE through 7u171, 8u162 or 10 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to JAXP. Successful exploitation allows attackers to affect Availability.

oval:org.secpod.oval:def:45172
The host is installed with Oracle Java SE through 6u181, 7u171 or 8u162 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to RMI. Successful exploitation allows attackers to affect Confidentiality and Integrity.

oval:org.secpod.oval:def:45174
The host is installed with Oracle Java SE through 6u181, 7u171, 8u162 or 10 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to Hotspot. Successful exploitation allows attackers to affect Confidentiality, Integrity and Availabi ...

oval:org.secpod.oval:def:45175
The host is installed with Oracle Java SE through 6u181, 7u171, 8u162 or 10 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to Serialization. Successful exploitation allows attackers to affect Availability.

oval:org.secpod.oval:def:108760
The kernel package contains the Linux kernel , the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc.

oval:org.secpod.oval:def:108880
The kernel package contains the Linux kernel , the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc.

oval:org.secpod.oval:def:704911
php5: HTML-embedded scripting language interpreter Details: USN-3922-1 fixed vulnerabilities in PHP. This update provides the corresponding update for Ubuntu 14.04 LTS. It was discovered that PHP incorrectly handled certain files. An attacker could possibly use this issue to access sensitive informa ...

oval:org.secpod.oval:def:54514
php5: HTML-embedded scripting language interpreter Details: USN-3922-1 fixed vulnerabilities in PHP. This update provides the corresponding update for Linux Mint 17.x LTS. It was discovered that PHP incorrectly handled certain files. An attacker could possibly use this issue to access sensitive info ...

oval:org.secpod.oval:def:51127
ghostscript: PostScript and PDF interpreter Several security issues were fixed in Ghostscript.

oval:org.secpod.oval:def:47405
The host is installed with Artifex Ghostscript before 9.24 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle the .setdistillerkeys PostScript command. Successful exploitation could allow attackers to supply crafted postScript file ...

oval:org.secpod.oval:def:53411
Tavis Ormandy discovered multiple vulnerabilites in Ghostscript, an interpreter for the PostScript language, which could result in denial of service, the creation of files or the execution of arbitrary code if a malformed Postscript file is processed .

oval:org.secpod.oval:def:704319
ghostscript: PostScript and PDF interpreter Several security issues were fixed in Ghostscript.

oval:org.secpod.oval:def:1700083
It was discovered that the ghostscript .shfill operator did not properly validate certain types. An attacker could possibly exploit this to bypass the -dSAFER protection and crash ghostscript or, possibly, execute arbitrary code in the ghostscript context via a specially crafted PostScript document. ...

oval:org.secpod.oval:def:51113
linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:51203
linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-oem: Linux kernel for OEM processors - linux-gcp: Linux kernel for Google Cloud Platform systems Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:1502394
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502395
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:53006
linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-oem: Linux kernel for OEM processors - linux-gcp: Linux kernel for Google Cloud Platform systems Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:52113
linux-hwe: Linux hardware enablement kernel Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:704300
linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:704301
linux-hwe: Linux hardware enablement kernel Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:704461
linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-oem: Linux kernel for OEM processors - linux-gcp: Linux kernel for Google Cloud Platform systems Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:704142
linux-aws: Linux kernel for Amazon Web Services systems - linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:704139
linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:52932
linux-aws: Linux kernel for Amazon Web Services systems - linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:52054
linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:52950
linux: Linux kernel Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:704302
linux: Linux kernel Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:114358
The kernel meta package

oval:org.secpod.oval:def:114328
The kernel meta package

oval:org.secpod.oval:def:1600892
A weakness was found in the Linux kernel#039;s implementation of random seed data. Programs, early in the boot sequence, could use the data allocated for the seed before it was sufficiently generated. A flaw was found in the way the Linux kernel handled exceptions delivered after a stack switch oper ...

oval:org.secpod.oval:def:704089
linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:603383
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2015-9016 Ming Lei reported a race condition in the multiqueue block layer . On a system with a driver using blk-mq , a local user might be able to us ...

oval:org.secpod.oval:def:603384
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2017-5715 Multiple researchers have discovered a vulnerability in various processors supporting speculative execution, enabling an attacker controllin ...

oval:org.secpod.oval:def:114282
The kernel meta package

oval:org.secpod.oval:def:53315
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2017-5715 Multiple researchers have discovered a vulnerability in various processors supporting speculative execution, enabling an attacker controllin ...

oval:org.secpod.oval:def:1901841
** DISPUTED ** etc/ObjectList in Metview 4.7.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a third party has indicated that the code to access t ...

oval:org.secpod.oval:def:2000396
** DISPUTED ** etc/ObjectList in Metview 4.7.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a third party has indicated that the code to access t ...

oval:org.secpod.oval:def:34616
The host is missing a security update according to Apple advisory, APPLE-SA-2016-05-16-4. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle unspecified vectors. Successful exploitation could allow remote attackers to caus ...

oval:org.secpod.oval:def:36575
The host is missing an important security update according to Mozilla advisory, MFSA2016-68. The update is required to fix an out-of-bounds read vulnerability. A flaw is present in the application, which fail to handle malformed XML data. Successful exploitation allows remote attackers to read other ...

oval:org.secpod.oval:def:36574
The host is installed with Mozilla Firefox before 48.0 or iTunes before 12.6 and is prone to an out-of-bounds read vulnerability. A flaw is present in the application, which fails to handle malformed XML data. Successful exploitation allows remote attackers to read other inaccessible memory.

oval:org.secpod.oval:def:38073
The host is missing a critical security update according to Mozilla advisory, MFSA2016-89. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code o ...

oval:org.secpod.oval:def:38070
The host is installed with Mozilla Firefox before 50.0 and is prone to an integer overflow vulnerability. A flaw is present in the Expat, which fails to properly parse XML. Successful exploitation allows remote attackers to cause integer overflow.

oval:org.secpod.oval:def:41707
Mozilla Firefox before 55.0 , Firefox ESR before 52.3 or Thunderbird 52.3 :- A use-after-free vulnerability can occur when an editor DOM node is deleted prematurely during tree traversal while still bound to the document. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:41711
Mozilla Firefox before 55.0 , Firefox ESR before 52.3 or Thunderbird 52.3 :- When a pages content security policy (CSP) header contains a sandbox directive, other directives are ignored. This results in the incorrect enforcement of CSP.

oval:org.secpod.oval:def:41726
The host is missing a critical security update according to Mozilla advisory, MFSA2017-18. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code o ...

oval:org.secpod.oval:def:42267
Mozilla Firefox before 56.0, Firefox ESR before 52.4 or Thunderbird 52.4 :- A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content. This is due to an incorrect value being passed within the library during checks and results in a potentia ...

oval:org.secpod.oval:def:42276
The host is missing a critical security update according to Mozilla advisory, MFSA2017-21. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ...

oval:org.secpod.oval:def:42262
Mozilla Firefox before 56.0, Firefox ESR before 52.4 or Thunderbird 52.4 :- Mozilla developers and community members Christoph Diehl, Jan de Mooij, Jason Kratzer, Randell Jesup, Tom Ritter, Tyson Smith, and Sebastian Hengst reported memory safety bugs present in Firefox and Firefox ESR. Some of thes ...

oval:org.secpod.oval:def:42261
Mozilla Firefox before 56.0, Firefox ESR before 52.4 or Thunderbird 52.4 :- During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer. This saved data is used for later messages but in some cases, the handshake transcript can exceed the space available in the current b ...

oval:org.secpod.oval:def:42260
Mozilla Firefox before 56.0, Firefox ESR before 52.4 or Thunderbird 52.4 :- A use-after-free vulnerability can occur in the Fetch API when the worker or the associated window are freed when still in use, resulting in a potentially exploitable crash.

oval:org.secpod.oval:def:42266
Mozilla Firefox before 56.0, Firefox ESR before 52.4 or Thunderbird 52.4 :- The content security policy (CSP) sandbox directive did not create a unique origin for the document, causing it to behave as if the allow-same-origin keyword were always specified. This could allow a Cross-Site Scripting (XS ...

oval:org.secpod.oval:def:42265
Mozilla Firefox before 56.0, Firefox ESR before 52.4 or Thunderbird 52.4 :- A use-after-free vulnerability can occur in design mode when image objects are resized if objects referenced during the resizing have been freed from memory. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:42264
Mozilla Firefox before 56.0, Firefox ESR before 52.4 or Thunderbird 52.4 :- A use-after-free vulnerability can occur when manipulating arrays of Accessible Rich Internet Applications (ARIA) elements within containers through the DOM. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:42263
Mozilla Firefox before 56.0, Firefox ESR before 52.4 or Thunderbird 52.4 :- File downloads encoded with blob: and data: URL elements bypassed normal file download checks though the Phishing and Malware Protection feature and its block lists of suspicious sites and files. This would allow malicious s ...

oval:org.secpod.oval:def:41080
Mozilla Firefox before 54.0, Firefox ESR before 52.2 or Thunderbird before 52.2 :- A use-after-free vulnerability with the frameloader during tree reconstruction while regenerating CSS layout when attempting to use a node in the tree that no longer exists. This results in a potentially exploitable c ...

oval:org.secpod.oval:def:41081
Mozilla Firefox before 54.0, Firefox ESR before 52.2 or Thunderbird before 52.2 :- A use-after-free vulnerability when using an incorrect URL during the reloading of a docshell. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:41084
Mozilla Firefox before 54.0, Firefox ESR before 52.2 or Thunderbird before 52.2 :- A use-after-free vulnerability during specific user interactions with the input method editor (IME) in some languages due to how events are handled. This results in a potentially exploitable crash but would require sp ...

oval:org.secpod.oval:def:41082
Mozilla Firefox before 54.0, Firefox ESR before 52.2 or Thunderbird before 52.2 :- A use-after-free vulnerability during video control operations when a 'track' element holds a reference to an older window if that window has been replaced in the DOM. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:41083
Mozilla Firefox before 54.0, Firefox ESR before 52.2 or Thunderbird before 52.2 :- A use-after-free vulnerability with content viewer listeners that results in a potentially exploitable crash.

oval:org.secpod.oval:def:41088
Mozilla Firefox before 54.0, Firefox ESR before 52.2 or Thunderbird before 52.2 :- A use-after-free vulnerability in IndexedDB when one of its objects is destroyed in memory while a method on it is still being executed. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:41089
Mozilla Firefox before 54.0, Firefox ESR before 52.2 or Thunderbird before 52.2 :- A number of security vulnerabilities in the Graphite 2 library including out-of-bounds reads, buffer overflow reads and writes, and the use of uninitialized memory. These issues were addressed in Graphite 2 version 1. ...

oval:org.secpod.oval:def:41087
Mozilla Firefox before 54.0, Firefox ESR before 52.2 or Thunderbird before 52.2 :- A use-after-free and use-after-scope vulnerability when logging errors from headers for XML HTTP Requests (XHR). This could result in a potentially exploitable crash.

oval:org.secpod.oval:def:41090
Mozilla Firefox before 54.0, Firefox ESR before 52.2 or Thunderbird before 52.2 :- An out-of-bounds read vulnerability with the Opus encoder when the number of channels in an audio stream changes while the encoder is in use.

oval:org.secpod.oval:def:41101
The host is missing a critical security update according to Mozilla advisory, MFSA2017-15. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code o ...

oval:org.secpod.oval:def:43032
The host is missing a critical security update according to Mozilla advisory, MFSA2017-27. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to disclose information or ...

oval:org.secpod.oval:def:43030
Mozilla Firefox before 57.0.1 and Mozilla Firefox ESR before 52.5.2 :- When Private Browsing mode is used, it is possible for a web worker to write persistent data to IndexedDB and fingerprint a user uniquely. IndexedDB should not be available in Private Browsing mode and this stored data will persi ...

oval:org.secpod.oval:def:42795
The host is missing a critical security update according to Mozilla advisory, MFSA2017-24. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ...

oval:org.secpod.oval:def:42783
Mozilla Firefox before 57.0 or Firefox ESR before 52.5 :- Mozilla developers and community members Christian Holler, David Keeler, Jon Coppeard, Julien Cristau, Jan de Mooij, Jason Kratzer, Philipp, Nicholas Nethercote, Oriol Brufau, Andre Bargull, Bob Clary, Jet Villegas, Randell Jesup, Tyson Smith ...

oval:org.secpod.oval:def:42782
Mozilla Firefox before 57.0, Firefox ESR before 52.5 or Apple iCloud 7.3:- The Resource Timing API incorrectly revealed navigations in cross-origin iframes. This is a same-origin policy violation and could allow for data theft of URLs loaded by users.

oval:org.secpod.oval:def:42781
Mozilla Firefox before 57.0 or Firefox ESR before 52.5 :- A use-after-free vulnerability can occur when flushing and resizing layout because the PressShell object has been freed while still in use. This results in a potentially exploitable crash during these operations.

oval:org.secpod.oval:def:41698
Mozilla Firefox before 55.0 , Firefox ESR before 52.3 or Thunderbird 52.3 :- An out-of-bounds read occurs when applying style rules to pseudo-elements, such as ::first-line, using cached style data.

oval:org.secpod.oval:def:43589
Mozilla Firefox before 58.0 or Firefox ESR before 52.6 :- A use-after-free vulnerability can occur during WebRTC connections when interacting with the DTMF timers. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:43588
Mozilla Firefox before 58.0 or Firefox ESR before 52.6 or Thunderbird before 52.6 :- Mozilla developers and community members reported memory safety bugs present in Firefox, Firefox ESR and Thunderbird. Some of these bugs showed evidence of memory corruption and we presume that with enough effort th ...

oval:org.secpod.oval:def:43593
Mozilla Firefox before 58.0 or Firefox ESR before 52.6 or Thunderbird before 52.6 :- A use-after-free vulnerability can occur when the widget listener is holding strong references to browser objects that have previously been freed, resulting in a potentially exploitable crash when these references a ...

oval:org.secpod.oval:def:43592
Mozilla Firefox before 58.0 or Firefox ESR before 52.6 or Thunderbird before 52.6 :- A use-after-free vulnerability can occur when form input elements, focus, and selections are manipulated by script content. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:43591
Mozilla Firefox before 58.0 or Firefox ESR before 52.6 or Thunderbird before 52.6 :- A use-after-free vulnerability can occur during XSL transformations when the source document for the transformation is manipulated by script content during the transformation. This results in a potentially exploitab ...

oval:org.secpod.oval:def:43590
Mozilla Firefox before 58.0 or Firefox ESR before 52.6 or Thunderbird before 52.6 :- An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 8 GB of RAM. This results in the use of uninitialized memory, resulting in a potentially e ...

oval:org.secpod.oval:def:43597
Mozilla Firefox before 58.0 or Firefox ESR before 52.6 or Thunderbird before 52.6 :- If right-to-left text is used in the addressbar with left-to-right alignment, it is possible in some circumstances to scroll this text to spoof the displayed URL. This issue could result in the wrong URL being displ ...

oval:org.secpod.oval:def:43596
Mozilla Firefox before 58.0 or Firefox ESR before 52.6 or Thunderbird before 52.6 :- A use-after-free vulnerability can occur during font face manipulation when a font face is freed while still in use, resulting in a potentially exploitable crash.

oval:org.secpod.oval:def:43595
Mozilla Firefox before 58.0 or Firefox ESR before 52.6 or Thunderbird before 52.6 :- A use-after-free vulnerability can occur during mouse event handling due to issues with multiprocess support. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:43594
Mozilla Firefox before 58.0 or Firefox ESR before 52.6 or Thunderbird before 52.6 :- A use-after-free vulnerability can occur when manipulating HTML media elements with media streams, resulting in a potentially exploitable crash.

oval:org.secpod.oval:def:43619
The host is missing a critical security update according to Mozilla advisory, MFSA2018-02. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ...

oval:org.secpod.oval:def:49783
The host is missing a critical security update according to Mozilla advisory, MFSA2018-29. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code.

oval:org.secpod.oval:def:50799
The host is missing a high security update according to Mozilla advisory, MFSA2019-04. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code.

oval:org.secpod.oval:def:45487
Mozilla Firefox before 60.0, Firefox or ESR before 52.8 : Same-origin protections for the PDF viewer can be bypassed, allowing a malicious site to intercept messages meant for the viewer. This could allow the site to retrieve PDF files restricted to viewing by an authenticated user on a third-party ...

oval:org.secpod.oval:def:45488
Mozilla Firefox before 60.0, Firefox or ESR before 52.8 : The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. This JavaScript can then be run with the permissions of the PDF viewer by its worker.

oval:org.secpod.oval:def:45489
Mozilla Firefox before 60.0, Firefox, Thunderbird or ESR before 52.8 : An integer overflow can occur in the Skia library due to 32-bit integer use in an array without integer overflow checks, resulting in possible out-of-bounds writes. This could lead to a potentially exploitable crash triggerable b ...

oval:org.secpod.oval:def:45512
The host is missing a critical security update according to Mozilla advisory, MFSA2018-11. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ...

oval:org.secpod.oval:def:47371
Mozilla Firefox 62, Mozilla Firefox ESR 60.2, Mozilla Thunderbird 60.2.1 : Mozilla developers and community members Alex Gaynor, Boris Zbarsky, Christoph Diehl, Christian Holler, Jason Kratzer, Jed Davis, Tyson Smith, Bogdan Tara, Karl Tomlinson, Mats Palmgren, Nika Layzell, Ted Campbell, and Andrei ...

oval:org.secpod.oval:def:47373
Mozilla Firefox 62, Mozilla Firefox ESR 60.2, Mozilla Thunderbird 60.2.1 : A use-after-free vulnerability can occur when an IndexedDB index is deleted while still in use by JavaScript code that is providing payload values to be stored. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:47372
Mozilla Firefox 62, Mozilla Firefox ESR 60.2, Mozilla Thunderbird 60.2.1 : A use-after-free vulnerability can occur when refresh driver timers are refreshed in some circumstances during shutdown when the timer is deleted while still in use. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:47375
Mozilla Firefox 62, Mozilla Firefox ESR 60.2.1, Mozilla Thunderbird 60.2.1 : If a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the data was ...

oval:org.secpod.oval:def:46108
The host is missing a critical security update according to Mozilla advisory, MFSA2018-15. The update is required to fix multiple vulnerabilities. A flaw is present in the application, which fails to handle crafted data. Successful exploitation allows attackers to crash an application.

oval:org.secpod.oval:def:46113
Mozilla Firefox 61, Mozilla Thunderbird 60.0, Mozilla Firefox ESR 52.9 and 60.1: A use-after-free vulnerability can occur when deleting an code input/code element during a mutation event handler triggered by focusing that element. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:46112
Mozilla Firefox 61, Mozilla Thunderbird 60.0, Mozilla Firefox ESR 52.9 and 60.1: A buffer overflow can occur when rendering canvas content while adjusting the height and width of the 'canvas' element dynamically, causing data to be written outside of the currently computed boundaries. This results i ...

oval:org.secpod.oval:def:46118
Mozilla Firefox 61, Mozilla Thunderbird 60.0, Mozilla Firefox ESR 52.9 and 60.1: A compromised IPC child process can escape the content sandbox and list the names of arbitrary files on the file system without user consent or interaction. This could result in exposure of private local files.

oval:org.secpod.oval:def:46125
Mozilla Firefox 61, Mozilla Thunderbird 60.0, Mozilla Firefox ESR 52.9 and 60.1: A vulnerability can occur when capturing a media stream when the media source type is changed as the capture is occuring. This can result in stream data being cast to the wrong type causing a potentially exploitable cra ...

oval:org.secpod.oval:def:46128
Mozilla Firefox 61, Mozilla Thunderbird 60.0, Mozilla Firefox ESR 52.9 and 60.1: Mozilla developers and community members Alex Gaynor, Christoph Diehl, Christian Holler, Jason Kratzer, David Major, Jon Coppeard, Nicolas B. Pierron, Jason Kratzer, Marcia Knous, and Ronald Crane reported memory safety ...

oval:org.secpod.oval:def:49280
The host is installed with Google Chrome before 71.0.3578.80, Firefox before 65.0.1, Firefox ESR before 60.5.1 or Thunderbird before 60.5.1 and is prone to a use after free vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows ...

oval:org.secpod.oval:def:45759
The host is installed with Google Chrome before 67.0.3396.62, Mozilla Firefox before 60.0.2 or Firefox-esr before 52.8.1 or 60.0.x before 60.0.2 and is prone to a heap buffer overflow vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitat ...

oval:org.secpod.oval:def:48015
The host is installed with Google Chrome before 70.0.3538.67 or Mozilla Firefox before 64, Mozilla Firefox ESR before 60.4, Mozilla Thunderbird 60.4 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploita ...

oval:org.secpod.oval:def:47607
Mozilla Firefox 62.0.2, Mozilla Firefox ESR 60.2.1, Mozilla Thunderbird 60.2.1 : A potentially exploitable crash in TransportSecurityInfo used for SSL can be triggered by data stored in the local cache in the user profile directory. This issue is only exploitable in combination with another vulnerab ...

oval:org.secpod.oval:def:47605
The host is missing a moderate security update according to Mozilla advisory, MFSA2018-22. The update is required to fix a denial of service vulnerability. A flaw is present in the application, which fails to handle the TransportSecurityInfo used for SSL. Successful exploitation allows attackers to ...

oval:org.secpod.oval:def:45956
The host is missing a critical security update according to Mozilla advisory, MFSA2018-14. The update is required to fix heap buffer overflow vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation allows attackers to crash an application.

oval:org.secpod.oval:def:45955
The host is installed with Mozilla Firefox before 60.0.2, Firefox-esr before 52.8.1 or 60.0.x before 60.0.2 and is prone to a heap buffer overflow vulnerability. A flaw is present in the application, which failes to properly handle SVG file with anti-aliasing turned off. Successful exploitation coul ...

oval:org.secpod.oval:def:50460
Mozilla Firefox 65 or Firefox ESR 60.6 : When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration (PAC) file or if a PAC file is loaded locally, this PAC file can specify that requests to the localhost are to be sent through the proxy to another server. This behavior i ...

oval:org.secpod.oval:def:50452
The host is missing a critical security update according to Mozilla advisory, MFSA2019-01. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code.

oval:org.secpod.oval:def:50454
Mozilla Firefox 65, Mozilla Firefox ESR 60.5 and Mozilla Thunderbird 60.5 : A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements. This results in the stream parser object being freed while still in use, leading to a potentially exploitable crash ...

oval:org.secpod.oval:def:50455
Mozilla Firefox 64, Mozilla Firefox ESR 60.4 and Mozilla Thunderbird 60.5 : Mozilla developers and community members Alex Gaynor, Christoph Diehl, Steven Crane, Jason Kratzer, Gary Kwong, and Christian Holler reported memory safety bugs present in Firefox 64 and Firefox ESR 60.4. Some of these bugs ...

oval:org.secpod.oval:def:50459
Mozilla Firefox 65, Mozilla Firefox ESR 60.5 and Mozilla Thunderbird 60.5 : An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC endpoints and server parents during IPC process creation. This authentication is insuffi ...

oval:org.secpod.oval:def:44694
Mozilla Firefox before 59.0, Firefox ESR before 52.7 or Thunderbird before 52.7 : A buffer overflow can occur when manipulating the SVG animatedPathSegList through script. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:44695
Mozilla Firefox before 59.0, Firefox ESR before 52.7 or Thunderbird before 52.7 : A lack of parameter validation on IPC messages results in a potential out-of-bounds write through malformed IPC messages. This can potentially allow for sandbox escape through memory corruption in the parent process.

oval:org.secpod.oval:def:44696
Mozilla Firefox before 59.0 or Firefox ESR before 52.7 : When packets with a mismatched RTP payload type are sent in WebRTC connections, in some circumstances a potentially exploitable crash is triggered.

oval:org.secpod.oval:def:44697
Mozilla Firefox before 59.0 or Firefox ESR before 52.7 : Under certain circumstances the fetch() API can return transient local copies of resources that were sent with a no-store or no-cache cache header instead of downloading a copy from the network as it should. This can result in previously store ...

oval:org.secpod.oval:def:44693
Mozilla Firefox before 59.0, Firefox ESR before 52.7 or Thunderbird before 52.7 : Mozilla developers and community members reported memory safety bugs present in Firefox and Firefox ESR. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these ...

oval:org.secpod.oval:def:44713
The host is missing a critical security update according to Mozilla advisory, MFSA2018-06. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ...

oval:org.secpod.oval:def:44766
Mozilla Firefox before 59.0.1 or Firefox ESR before 52.7.2 : An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest.

oval:org.secpod.oval:def:44767
The host is missing a critical security update according to Mozilla advisory, MFSA2018-08. The update is required to fix out-of-bound memory write vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to crash the se ...

oval:org.secpod.oval:def:44774
Mozilla Firefox before 59.0.2 or Firefox ESR before 52.7.3 : A use-after-free vulnerability can occur in the compositor during certain graphics operations when a raw pointer is used instead of a reference counted one. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:44775
The host is missing a important security update according to Mozilla advisory, MFSA2018-10. The update is required to fix use-after-free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to crash the service.

CVE    1545
CVE-2011-2902
CVE-2011-5326
CVE-2016-10244
CVE-2016-10243
...
*CPE
cpe:/o:debian:debian_linux:8.0

© SecPod Technologies