[Forgot Password]
Login  Register Subscribe

24003

 
 

131401

 
 

103942

 
 

909

 
 

84044

 
 

133

Paid content will be excluded from the download.


Download | Alert*


oval:org.secpod.oval:def:203038
OpenLDAP is an open source suite of Lightweight Directory Access Protocol applications and development tools. LDAP is a set of protocols used to access and maintain distributed directory information services over an IP network. The openldap package contains configuration files, libraries, and docum ...

oval:org.secpod.oval:def:203017
OpenLDAP is an open source suite of Lightweight Directory Access Protocol applications and development tools. LDAP is a set of protocols used to access and maintain distributed directory information services over an IP network. The openldap package contains configuration files, libraries, and docum ...

oval:org.secpod.oval:def:23220
The host is installed with Oracle Java SE 6u85 and earlier, 7u72 and earlier or 8u25 and earlier and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle unknown vectors related to Hotspot. Successful exploitation could allow attackers to affect confi ...

oval:org.secpod.oval:def:16665
The host is installed with Google Chrome before 32.0.1700.102 and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to handle vectors that trigger incorrect handling of "popular pages.". Successful exploitation allows attackers to have unknown impact and ...

oval:org.secpod.oval:def:16669
The host is installed with Google Chrome before 32.0.1700.102 and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to handle vectors that trigger incorrect handling of "popular pages.". Successful exploitation allows attackers to have unknown impact and ...

oval:org.secpod.oval:def:17550
The host is installed with Google Chrome before 34.0.1847.116 and is prone to an universal cross site scripting vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation could allow attackers to inject arbitrary web script or HTML.

oval:org.secpod.oval:def:17535
The host is installed with Google Chrome before 34.0.1847.116 and is prone to an universal cross site scripting vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation could allow attackers to inject arbitrary web script or HTML.

oval:org.secpod.oval:def:27127
The host is installed with 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, or 2.3.x before 2.3.6 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle a small control channel packet. Successful exploitation allows remote attackers to cr ...

oval:org.secpod.oval:def:24756
The host is installed with qemu-kvm on RHEL 7 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle malformed Physical Region Descriptor Table (PRDT) data sent to the host's IDE and/or AHCI controller emulation. Successful exploitatio ...

oval:org.secpod.oval:def:203513
X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Multiple integer overflow flaws and out-of-bounds write flaws were found in the way the X.Org server calculated memory requireme ...

oval:org.secpod.oval:def:203511
X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Multiple integer overflow flaws and out-of-bounds write flaws were found in the way the X.Org server calculated memory requireme ...

oval:org.secpod.oval:def:203515
X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Multiple integer overflow flaws and out-of-bounds write flaws were found in the way the X.Org server calculated memory requireme ...

oval:org.secpod.oval:def:1600037
The rwm overlay in OpenLDAP 2.4.23, 2.4.36, and earlier does not properly count references, which allows remote attackers to cause a denial of service by unbinding immediately after a search request, which triggers rwm_conn_destroy to free the session context while it is being used by rwm_op_search ...

oval:org.secpod.oval:def:1600188
OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6 allows remote authenticated users to cause a denial of service via a small control channel packet.

oval:org.secpod.oval:def:1500368
Updated openldap packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, ...

oval:org.secpod.oval:def:1500801
Updated xorg-x11-server packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are a ...

oval:org.secpod.oval:def:1500807
Updated xorg-x11-server packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are a ...

oval:org.secpod.oval:def:1600486
A vulnerability was found in vim in how certain modeline options were treated. An attacker could craft a file that, when opened in vim with modelines enabled, could execute arbitrary commands with privileges of the user running vim

oval:org.secpod.oval:def:204062
Vim is an updated and improved version of the vi editor. Security Fix: * A vulnerability was found in vim in how certain modeline options were treated. An attacker could craft a file that, when opened in vim with modelines enabled, could execute arbitrary commands with privileges of the user runnin ...

oval:org.secpod.oval:def:204064
Vim is an updated and improved version of the vi editor. Security Fix: * A vulnerability was found in vim in how certain modeline options were treated. An attacker could craft a file that, when opened in vim with modelines enabled, could execute arbitrary commands with privileges of the user runnin ...

oval:org.secpod.oval:def:1501708
Vim is an updated and improved version of the vi editor. Security Fix: * A vulnerability was found in vim in how certain modeline options were treated. An attacker could craft a file that, when opened in vim with modelines enabled, could execute arbitrary commands with privileges of the user running ...

oval:org.secpod.oval:def:1501712
Vim is an updated and improved version of the vi editor. Security Fix: * A vulnerability was found in vim in how certain modeline options were treated. An attacker could craft a file that, when opened in vim with modelines enabled, could execute arbitrary commands with privileges of the user running ...

oval:org.secpod.oval:def:20866
The host is installed with Google Chrome before 36.0.1985.143 and is prone to use-after-free vulnerability. A flaw is present in the application, which fails to properly handle vectors that trigger an unexpectedly long lifetime of a temporary object during method completion. Successful exploitation ...

oval:org.secpod.oval:def:20864
The host is installed with Google Chrome before 36.0.1985.143 and is prone to use-after-free vulnerability. A flaw is present in the application, which fails to properly handle vectors that trigger an unexpectedly long lifetime of a temporary object during method completion. Successful exploitation ...

oval:org.secpod.oval:def:20861
The host is installed with Google Chrome before 36.0.1985.143 and is prone to multiple unspecified vulnerabilities. The flaws are present in the application, which fails to properly handle unknown vectors. Successful exploitation allow attackers to cause a denial of service or possibly have other im ...

oval:org.secpod.oval:def:20862
The host is installed with Google Chrome before 36.0.1985.143 and is prone to multiple unspecified vulnerabilities. The flaws are present in the application, which fails to properly handle unknown vectors. Successful exploitation allow attackers to cause a denial of service or possibly have other im ...

oval:org.secpod.oval:def:21814
The host is installed Ruby 1.9.3 and earlier or 2.x through 2.1.2 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle vectors that trigger a stack-based buffer overflow. Successful exploitation allows context-dependent attackers to ...

oval:org.secpod.oval:def:203500
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Multiple denial of service flaws were found in the way the Ruby REXML XML parser performed expansion of parameter entities. A specially crafted XML d ...

oval:org.secpod.oval:def:1500811
Updated ruby packages that fix three security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are available for each vul ...

oval:org.secpod.oval:def:400571
Update to Chromium 30.0.1599.66: - Easier searching by image - A number of new apps/extension APIs - Lots of under the hood changes for stability and performance - Security fixes: + CVE-2013-2906: Races in Web Audio + CVE-2013-2907: Out of bounds read in Window.prototype object + CVE-2013-2908: Addr ...

oval:org.secpod.oval:def:15694
The host is installed with Google Chrome before 30.0.1599.66 and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to handle Google V8. Successful exploitation allows attackers to cause a denial of service.

oval:org.secpod.oval:def:15713
The host is installed with Google Chrome before 30.0.1599.66 and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to handle Google V8. Successful exploitation allows attackers to cause a denial of service.

oval:org.secpod.oval:def:15812
The host is installed with Google Chrome before 30.0.1599.101 and is prone to use-after-free vulnerability. The flaws are present in the HTMLFormElement::prepareForSubmission function in core/html/HTMLFormElement.cpp in Blink, which fails to handle vectors related to submission for FORM elements. Su ...

oval:org.secpod.oval:def:15816
The host is installed with Google Chrome before 30.0.1599.101 and is prone to use-after-free vulnerability. The flaws are present in the HTMLFormElement::prepareForSubmission function in core/html/HTMLFormElement.cpp in Blink, which fails to handle vectors related to submission for FORM elements. Su ...

oval:org.secpod.oval:def:16027
The host is installed with Google Chrome before 31.0.1650.48 and is prone to an use-after-free vulnerability. The flaw is present in text INPUT element, which fails to properly handle the x-webkit-speech attribute. Successful exploitation allows remote attackers to cause a denial of service.

oval:org.secpod.oval:def:16043
The host is installed with Google Chrome before 31.0.1650.48 and is prone to an use-after-free vulnerability. The flaw is present in text INPUT element, which fails to properly handle the x-webkit-speech attribute. Successful exploitation allows remote attackers to cause a denial of service.

oval:org.secpod.oval:def:1501111
Moderate: Oracle Linux 6 Unbreakable Enterprise kernel security update.

oval:org.secpod.oval:def:1501115
Moderate: Oracle Linux 6 Unbreakable Enterprise kernel security update.

oval:org.secpod.oval:def:204242
The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way Linux kernel"s Transparent Huge Pages implementation handled non-huge page migration. A local, unprivileged user could use this flaw to crash the kernel by migrating transparent hugep ...

oval:org.secpod.oval:def:23222
The host is installed with Oracle Java SE 5.0u75 and earlier, 6u85 and earlier, 7u72 and earlier or 8u25 and earlier and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle unknown vectors related to Hotspot. Successful exploitation could allow attac ...

oval:org.secpod.oval:def:23221
The host is installed with Oracle Java SE 5.0u75 and earlier, 6u85 and earlier, 7u72 and earlier or 8u25 and earlier and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle unknown vectors related to Hotspot. Successful exploitation could allow attac ...

oval:org.secpod.oval:def:23226
The host is installed with Oracle Java SE 5.0u75 and earlier, 6u85 and earlier, 7u72 and earlier or 8u25 and earlier and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle unknown vectors related to Swing. Successful exploitation could allow attacke ...

oval:org.secpod.oval:def:23234
The host is installed with Oracle Java SE 5.0u75 and earlier, 6u85 and earlier, 7u72 and earlier or 8u25 and earlier and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle unknown vectors related to Security. Successful exploitation could allow atta ...

oval:org.secpod.oval:def:23225
The host is installed with Oracle Java SE 5.0u75 and earlier, 6u85 and earlier, 7u72 and earlier or 8u25 and earlier and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to RMI. Successful exploitation could allow attackers to affe ...

oval:org.secpod.oval:def:23224
The host is installed with Oracle Java SE 6u85 and earlier, 7u72 and earlier or 8u25 and earlier and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to JAX-WS. Successful exploitation could allow attackers to affect confidentialit ...

oval:org.secpod.oval:def:24919
The host is installed with Google Chrome before 43.0.2357.65 and is prone to a denial of service vulnerability. A flaw is present in the libvpx code, which was not built with an appropriate --size-limit value. Successful exploitation could allow attackers to trigger a negative value for a size field ...

oval:org.secpod.oval:def:24920
The host is installed with Google Chrome before 43.0.2357.65 and is prone to a denial of service vulnerability. A flaw is present in the libvpx code, which was not built with an appropriate --size-limit value. Successful exploitation could allow attackers to trigger a negative value for a size field ...

oval:org.secpod.oval:def:1501089
LibreOffice is an Open Source, community-developed, office productivity suite. It includes the key desktop applications, such as a word processor, spreadsheet, presentation manager, formula editor and drawing program, with a user interface and feature set similar to other office suites. Sophisticate ...

oval:org.secpod.oval:def:1501202
KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. It was found that the QEMU"s websocket frame decoder processed incoming frames without limiting resources used to process the ...

oval:org.secpod.oval:def:25177
The host is installed with qemu-kvm on Red Hat Enterprise Linux 7 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to limit resources used to process the header and payload of an incoming frame. Successful exploitation could allow attackers to cras ...

oval:org.secpod.oval:def:203754
KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. It was found that the QEMU"s websocket frame decoder processed incoming frames without limiting resources used to process the ...

oval:org.secpod.oval:def:1501101
The libxml2 library is a development toolbox providing the implementation of various XML standards. A denial of service flaw was found in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML file that, when process ...

oval:org.secpod.oval:def:204237
The libxml2 library is a development toolbox providing the implementation of various XML standards. A denial of service flaw was found in the way the libxml2 library parsed certain XML files. An attacker could provide a specially crafted XML file that, when parsed by an application using libxml2, co ...

oval:org.secpod.oval:def:1501161
Network Security Services is a set of libraries designed to support cross-platform development of security-enabled client and server applications. A flaw was found in the way NSS verified certain ECDSA signatures. Under certain conditions, an attacker could use this flaw to conduct signature forgery ...

oval:org.secpod.oval:def:1501162
Network Security Services is a set of libraries designed to support cross-platform development of security-enabled client and server applications. A flaw was found in the way NSS verified certain ECDSA signatures. Under certain conditions, an attacker could use this flaw to conduct signature forgery ...

oval:org.secpod.oval:def:1501057
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:1501058
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:1501067
Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. It ...

oval:org.secpod.oval:def:1501069
Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. It ...

oval:org.secpod.oval:def:203673
Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. I ...

oval:org.secpod.oval:def:203663
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:203661
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:203660
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:203666
Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. I ...

oval:org.secpod.oval:def:203668
Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. I ...

oval:org.secpod.oval:def:25633
The host is installed with Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 or 38.x before 38.1 and is prone to an ECDSA signatures spoofing vulnerability. A flaw is present in the applications, which do not properly perform Elliptical Curve Cryptography (ECC) multiplications. Successful ex ...

oval:org.secpod.oval:def:25634
The host is missing a critical security update according to Mozilla advisory, MFSA-2015-64. The update is required to fix an ECDSA signatures spoofing vulnerability. A flaw is present in the applications, which do not properly perform Elliptical Curve Cryptography (ECC) multiplications. Successful e ...

oval:org.secpod.oval:def:25615
The host is installed with Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8, 38.x before 38.1, Thunderbird before 31.8 or 38.x before 38.1 and is prone to an unspecified vulnerability. A flaw is present in the applications, which read data from uninitialized memory locations. Successful exp ...

oval:org.secpod.oval:def:25616
The host is missing a critical security update according to Mozilla advisory, MFSA-2015-66. The update is required to fix unspecified vulnerabilities. The flaws are present in the applications, which read data from uninitialized memory locations. Successful exploitation could allow attackers to caus ...

oval:org.secpod.oval:def:25619
The host is installed with Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8, 38.x before 38.1, Thunderbird before 31.8 or 38.x before 38.1 and is prone to an unspecified vulnerability. A flaw is present in the applications, which read data from uninitialized memory locations. Successful exp ...

oval:org.secpod.oval:def:203724
Network Security Services is a set of libraries designed to support cross-platform development of security-enabled client and server applications. A flaw was found in the way NSS verified certain ECDSA signatures. Under certain conditions, an attacker could use this flaw to conduct signature forge ...

oval:org.secpod.oval:def:203711
Network Security Services is a set of libraries designed to support cross-platform development of security-enabled client and server applications. A flaw was found in the way NSS verified certain ECDSA signatures. Under certain conditions, an attacker could use this flaw to conduct signature forge ...

oval:org.secpod.oval:def:25620
The host is installed with Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8, 38.x before 38.1, Thunderbird before 31.8 or 38.x before 38.1 and is prone to an unspecified vulnerability. A flaw is present in the applications, which read data from uninitialized memory locations. Successful exp ...

oval:org.secpod.oval:def:25621
The host is installed with Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8, 38.x before 38.1, Thunderbird before 31.8 or 38.x before 38.1 and is prone to an unspecified vulnerability. A flaw is present in the applications, which access unintended memory locations. Successful exploitation c ...

oval:org.secpod.oval:def:25179
The host is installed with fuse on Red Hat Enterprise Linux 7 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to properly filter environment variables. Successful exploitation could allow attackers to escalate privileges.

oval:org.secpod.oval:def:204273
The pcs package provides a configuration tool for Corosync and Pacemaker. It permits users to easily view, modify and create Pacemaker based clusters. The pcs package includes Rack, which provides a minimal interface between webservers that support Ruby and Ruby frameworks. A flaw was found in a way ...

oval:org.secpod.oval:def:204254
The cups-filters packages contain back ends, filters, and other software that was once part of the core Common UNIX Printing System distribution but is now maintained independently. A heap-based buffer overflow flaw and an integer overflow flaw leading to a heap-based buffer overflow were discovere ...

oval:org.secpod.oval:def:25176
The host is installed with kernel on Red Hat Enterprise Linux 6 or 7 and is prone to a race condition vulnerability. A flaw is present in the application, which fails to properly handle set file permissions in certain conditions. Successful exploitation could allow attackers to execute crafted file ...

oval:org.secpod.oval:def:1501119
SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL database w ...

oval:org.secpod.oval:def:24535
The host is installed with ntp version 4.2.6 and earlier on Redhat Enterprise Linux 6 or on Redhat Enterprise Linux 7 and is prone to an endless loop vulnerability. A flaw is present in the application, which fails to handle MD5 symmetric keys on big-endian systems. Successful exploitation could all ...

oval:org.secpod.oval:def:203696
SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL database w ...

oval:org.secpod.oval:def:1501147
SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL database w ...

oval:org.secpod.oval:def:203695
SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL database w ...

oval:org.secpod.oval:def:1501266
LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and extend ...

oval:org.secpod.oval:def:1501278
It was discovered that LibreOffice did not properly restrict automatic link updates. By tricking a victim into opening specially crafted documents, an attacker could possibly use this flaw to disclose contents of files accessible by the victim.

oval:org.secpod.oval:def:203784
LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and extend ...

oval:org.secpod.oval:def:203785
LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and extend ...

oval:org.secpod.oval:def:1501184
The Simple Protocol for Independent Computing Environments is a remote display protocol for virtual environments. SPICE users can access a virtualized desktop or server from the local system or any system with network access to the server. SPICE is used in Red Hat Enterprise Linux for viewing virtu ...

oval:org.secpod.oval:def:1501185
The Simple Protocol for Independent Computing Environments is a remote display protocol for virtual environments. SPICE users can access a virtualized desktop or server from the local system or any system with network access to the server. SPICE is used in Red Hat Enterprise Linux for viewing virtu ...

oval:org.secpod.oval:def:203742
The Simple Protocol for Independent Computing Environments is a remote display protocol for virtual environments. SPICE users can access a virtualized desktop or server from the local system or any system with network access to the server. SPICE is used in Red Hat Enterprise Linux for viewing virtu ...

oval:org.secpod.oval:def:203741
The Simple Protocol for Independent Computing Environments is a remote display protocol for virtual environments. SPICE users can access a virtualized desktop or server from the local system or any system with network access to the server. SPICE is used in Red Hat Enterprise Linux for viewing virtu ...

oval:org.secpod.oval:def:1501269
The libpng packages contain a library of functions for creating and manipulating PNG image format files. It was discovered that the png_get_PLTE and png_set_PLTE functions of libpng did not correctly calculate the maximum palette sizes for bit depths of less than 8. In case an application tried to ...

oval:org.secpod.oval:def:1501271
Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image.

oval:org.secpod.oval:def:204176
The libxml2 library is a development toolbox providing the implementation of various XML standards. Several denial of service flaws were found in libxml2, a library providing support for reading, modifying, and writing XML and HTML files. A remote attacker could provide a specially crafted XML or HT ...

oval:org.secpod.oval:def:1501264
libxml2 does not properly stop parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and libxml2 crash) via crafted XML data to the (1) xmlParseEntityDecl or (2) xmlParseConditionalSections function in parser.c, as demonstrated by non-termin ...

oval:org.secpod.oval:def:1501265
libxml2 does not properly stop parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and libxml2 crash) via crafted XML data to the (1) xmlParseEntityDecl or (2) xmlParseConditionalSections function in parser.c, as demonstrated by non-termin ...

oval:org.secpod.oval:def:203780
The libxml2 library is a development toolbox providing the implementation of various XML standards. Several denial of service flaws were found in libxml2, a library providing support for reading, modifying, and writing XML and HTML files. A remote attacker could provide a specially crafted XML or HT ...

oval:org.secpod.oval:def:32670
The host is installed with Oracle VM VirtualBox from 4.3.x before 4.3.36 or 5.0.x and before 5.0.14 and is prone to unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to core. Successful exploitation could allows local users to affect availability

oval:org.secpod.oval:def:1501490
The Simple Protocol for Independent Computing Environments is a remote display protocol for virtual environments. SPICE users can access a virtualized desktop or server from the local system or any system with network access to the server. SPICE is used in Red Hat Enterprise Linux for viewing virtu ...

oval:org.secpod.oval:def:1501489
The Simple Protocol for Independent Computing Environments is a remote display protocol for virtual environments. SPICE users can access a virtualized desktop or server from the local system or any system with network access to the server. SPICE is used in Red Hat Enterprise Linux for viewing virtu ...

oval:org.secpod.oval:def:203946
The Simple Protocol for Independent Computing Environments is a remote display system built for virtual environments which allows the user to view a computing "desktop" environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine arch ...

oval:org.secpod.oval:def:203945
The Simple Protocol for Independent Computing Environments is a remote display protocol for virtual environments. SPICE users can access a virtualized desktop or server from the local system or any system with network access to the server. SPICE is used in Red Hat Enterprise Linux for viewing virtu ...

oval:org.secpod.oval:def:33740
The host is installed with PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, or 9.5.x before 9.5.1 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to properly restrict access to unspecified custom configura ...

oval:org.secpod.oval:def:36409
The host is installed with Perl on RHEL 5, 6 or 7 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploiation could allow attackers to access directories without permissions.

oval:org.secpod.oval:def:203840
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Multiple security flaws were found in the graphite2 font library shipped with Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbi ...

oval:org.secpod.oval:def:203844
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Multiple security flaws were found in the graphite2 font library shipped with Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbi ...

oval:org.secpod.oval:def:203837
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Multiple security flaws were found in the graphite2 font library shipped with Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbi ...

oval:org.secpod.oval:def:1501343
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Multiple security flaws were found in the graphite2 font library shipped with Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbi ...

oval:org.secpod.oval:def:1501352
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Multiple security flaws were found in the graphite2 font library shipped with Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbi ...

oval:org.secpod.oval:def:32954
The host is installed with Google Chrome before 48.0.2564.109 and is prone to a security bypass vulnerability. The flaw is present in the application, which fails to handle unspecified vectors, related to instant_service.cc and search_tab_helper.cc. Successful exploitation allows remote attackers to ...

oval:org.secpod.oval:def:32951
The host is installed with Google Chrome before 48.0.2564.109 and is prone to an integer underflow vulnerability. The flaw is present in the application, which fails to handle crafted data with brotli compression. Successful exploitation allows remote attackers to cause a denial of service (buffer o ...

oval:org.secpod.oval:def:32950
The host is installed with Google Chrome before 48.0.2564.109 and is prone to a same origin policy bypass vulnerability. The flaw is present in the application, which fails to handle crafted web site, related to FrameLoader.cpp. Successful exploitation allows remote attackers to bypass the same orig ...

oval:org.secpod.oval:def:32953
The host is installed with Google Chrome before 48.0.2564.109 and is prone to a security bypass vulnerability. The flaw is present in the application, which fails to handle unspecified vectors, related to instant_service.cc and search_tab_helper.cc. Successful exploitation allows remote attackers to ...

oval:org.secpod.oval:def:32952
The host is installed with Google Chrome before 48.0.2564.109 and is prone to an integer underflow vulnerability. The flaw is present in the application, which fails to handle crafted data with brotli compression. Successful exploitation allows remote attackers to cause a denial of service (buffer o ...

oval:org.secpod.oval:def:32948
The host is installed with Google Chrome before 48.0.2564.109 and is prone to a same origin policy bypass vulnerability. The flaw is present in the application, which fails to handle a crafted javascript code. Successful exploitation allows remote attackers to bypass the same origin policy.

oval:org.secpod.oval:def:32947
The host is installed with Google Chrome before 48.0.2564.109 and is prone to a same origin policy bypass vulnerability. The flaw is present in the application, which fails to handle a crafted javascript code. Successful exploitation allows remote attackers to bypass the same origin policy.

oval:org.secpod.oval:def:32949
The host is installed with Google Chrome before 48.0.2564.109 and is prone to a same origin policy bypass vulnerability. The flaw is present in the application, which fails to handle crafted web site, related to FrameLoader.cpp. Successful exploitation allows remote attackers to bypass the same orig ...

oval:org.secpod.oval:def:32957
The host is installed with Google Chrome before 48.0.2564.109 and is prone to a security bypass vulnerability. The flaw is present in the application, which fails to handle a crafted URL, related to browser/devtools/devtools_ui_bindings.cc and WebKit/Source/devtools/front_end/Runtime.js. Successful ...

oval:org.secpod.oval:def:32958
The host is installed with Google Chrome before 48.0.2564.109 and is prone to a security bypass vulnerability. The flaw is present in the application, which fails to handle a crafted URL, related to browser/devtools/devtools_ui_bindings.cc and WebKit/Source/devtools/front_end/Runtime.js. Successful ...

oval:org.secpod.oval:def:33732
The host is installed with Google Chrome before 49.0.2623.108 and is prone to an out-of-bounds vulnerability. A flaw is present in the application, which fails to handle a specially crafted web page. Successful exploitation allow an attacker to execute arbitrary code in the context of the browser, o ...

oval:org.secpod.oval:def:33731
The host is installed with Google Chrome before 49.0.2623.108 and is prone to an out-of-bounds vulnerability. A flaw is present in the application, which fails to handle a specially crafted web page. Successful exploitation allow an attacker to execute arbitrary code in the context of the browser, o ...

oval:org.secpod.oval:def:33730
The host is installed with Google Chrome before 49.0.2623.108 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to handle a specially crafted web page. Successful exploitation allow an attacker to execute arbitrary code in the context of the browser, ...

oval:org.secpod.oval:def:33725
The host is installed with Google Chrome before 49.0.2623.108 and is prone to a buffer-overflow vulnerability. A flaw is present in the application, which fails to handle a specially crafted web page. Successful exploitation allow an attacker to execute arbitrary code in the context of the browser, ...

oval:org.secpod.oval:def:33724
The host is installed with Google Chrome before 49.0.2623.108 and is prone to multiple unspecified vulnerabilities. The flaws are present in the application, which fails to handle a specially crafted web page. Successful exploitation allow an attacker to execute arbitrary code in the context of the ...

oval:org.secpod.oval:def:33727
The host is installed with Google Chrome before 49.0.2623.108 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to handle a specially crafted web page. Successful exploitation allow an attacker to execute arbitrary code in the context of the browser, ...

oval:org.secpod.oval:def:33726
The host is installed with Google Chrome before 49.0.2623.108 and is prone to a buffer-overflow vulnerability. A flaw is present in the application, which fails to handle a specially crafted web page. Successful exploitation allow an attacker to execute arbitrary code in the context of the browser, ...

oval:org.secpod.oval:def:33723
The host is installed with Google Chrome before 49.0.2623.108 and is prone to multiple unspecified vulnerabilities. The flaws are present in the application, which fails to handle a specially crafted web page. Successful exploitation allow an attacker to execute arbitrary code in the context of the ...

oval:org.secpod.oval:def:33729
The host is installed with Google Chrome before 49.0.2623.108 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to handle a specially crafted web page. Successful exploitation allow an attacker to execute arbitrary code in the context of the browser, ...

oval:org.secpod.oval:def:33728
The host is installed with Google Chrome before 49.0.2623.108 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to handle a specially crafted web page. Successful exploitation allow an attacker to execute arbitrary code in the context of the browser, ...

oval:org.secpod.oval:def:34390
The host is installed with Google Chrome before 50.0.2661.102 and is prone to a same origin policy bypass vulnerability. A flaw is present in the application, which fails to handle a crafted web site. Successful exploitation allows remote attackers to bypass the Same Origin Policy.

oval:org.secpod.oval:def:34389
The host is installed with Google Chrome before 50.0.2661.102 and is prone to a same origin policy bypass vulnerability. A flaw is present in the application, which fails to handle a crafted web site. Successful exploitation allows remote attackers to bypass the Same Origin Policy.

oval:org.secpod.oval:def:34387
The host is installed with Google Chrome before 50.0.2661.102 and is prone to a same origin policy bypass vulnerability. A flaw is present in the application, which fails to handle a crafted web site. Successful exploitation allows remote attackers to bypass the Same Origin Policy.

oval:org.secpod.oval:def:34388
The host is installed with Google Chrome before 50.0.2661.102 and is prone to a same origin policy bypass vulnerability. A flaw is present in the application, which fails to handle a crafted web site. Successful exploitation allows remote attackers to bypass the Same Origin Policy.

oval:org.secpod.oval:def:34402
The host is installed with Google Chrome before 50.0.2661.102 and is prone to a same origin policy bypass vulnerability. A flaw is present in the application, which fails to handle a crafted web site. Successful exploitation allows remote attackers to bypass the Same Origin Policy.

oval:org.secpod.oval:def:34403
The host is installed with Google Chrome before 50.0.2661.102 and is prone to a same origin policy bypass vulnerability. A flaw is present in the application, which fails to handle a crafted web site. Successful exploitation allows remote attackers to bypass the Same Origin Policy.

oval:org.secpod.oval:def:34714
The host is installed with Google Chrome before 51.0.2704.63 and is prone to a type confusion vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34712
The host is installed with Google Chrome before 51.0.2704.63 and is prone to a cross-origin bypass vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34713
The host is installed with Google Chrome before 51.0.2704.63 and is prone to a type confusion vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34710
The host is installed with Google Chrome before 51.0.2704.63 and is prone to a cross-origin bypass vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34711
The host is installed with Google Chrome before 51.0.2704.63 and is prone to a cross-origin bypass vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34705
The host is installed with Google Chrome before 51.0.2704.63 and is prone to a cross-origin bypass vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34706
The host is installed with Google Chrome before 51.0.2704.63 and is prone to a cross-origin bypass vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34703
The host is installed with Google Chrome before 51.0.2704.63 and is prone to a cross-origin bypass vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34704
The host is installed with Google Chrome before 51.0.2704.63 and is prone to a cross-origin bypass vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34709
The host is installed with Google Chrome before 51.0.2704.63 and is prone to a cross-origin bypass vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34707
The host is installed with Google Chrome before 51.0.2704.63 and is prone to a cross-origin bypass vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34708
The host is installed with Google Chrome before 51.0.2704.63 and is prone to a cross-origin bypass vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34393
The host is installed with Google Chrome before 50.0.2661.102 and is prone to a race condition vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to make arbitrary HTTP requests.

oval:org.secpod.oval:def:34394
The host is installed with Google Chrome before 50.0.2661.102 and is prone to a race condition vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to make arbitrary HTTP requests.

oval:org.secpod.oval:def:34783
The host is installed with Google Chrome before 51.0.2704.63 and is prone to a type confusion vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34781
The host is installed with Google Chrome before 51.0.2704.63 and is prone to a cross-origin bypass vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34782
The host is installed with Google Chrome before 51.0.2704.63 and is prone to a cross-origin bypass vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34780
The host is installed with Google Chrome before 51.0.2704.63 and is prone to a cross-origin bypass vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34778
The host is installed with Google Chrome before 51.0.2704.63 and is prone to a cross-origin bypass vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34779
The host is installed with Google Chrome before 51.0.2704.63 and is prone to a cross-origin bypass vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34405
The host is installed with Google Chrome before 50.0.2661.102 and is prone to a race condition vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to make arbitrary HTTP requests.

oval:org.secpod.oval:def:34720
The host is installed with Google Chrome before 51.0.2704.63 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34716
The host is installed with Google Chrome before 51.0.2704.63 and is prone to a heap based overflow vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34717
The host is installed with Google Chrome before 51.0.2704.63 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34715
The host is installed with Google Chrome before 51.0.2704.63 and is prone to a heap based overflow vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34718
The host is installed with Google Chrome before 51.0.2704.63 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34719
The host is installed with Google Chrome before 51.0.2704.63 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34730
The host is installed with Google Chrome before 51.0.2704.63 and is prone to an out-of-bounds read vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34725
The host is installed with Google Chrome before 51.0.2704.63 and is prone to an out-of-bound vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34726
The host is installed with Google Chrome before 51.0.2704.63 and is prone to an out-of-bound vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34723
The host is installed with Google Chrome before 51.0.2704.63 and is prone to a CSP bypass vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34724
The host is installed with Google Chrome before 51.0.2704.63 and is prone to a CSP bypass vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34721
The host is installed with Google Chrome before 51.0.2704.63 and is prone to a heap based overflow vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34722
The host is installed with Google Chrome before 51.0.2704.63 and is prone to a heap based overflow vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34729
The host is installed with Google Chrome before 51.0.2704.63 and is prone to an out-of-bounds read vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34791
The host is installed with Google Chrome before 51.0.2704.63 and is prone to an out-of-bounds read vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34789
The host is installed with Google Chrome before 51.0.2704.63 and is prone to an out-of-bound vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34787
The host is installed with Google Chrome before 51.0.2704.63 and is prone to a heap based overflow vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34788
The host is installed with Google Chrome before 51.0.2704.63 and is prone to a CSP bypass vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34785
The host is installed with Google Chrome before 51.0.2704.63 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34786
The host is installed with Google Chrome before 51.0.2704.63 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34784
The host is installed with Google Chrome before 51.0.2704.63 and is prone to a heap based overflow vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34747
The host is installed with Google Chrome before 51.0.2704.63 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34748
The host is installed with Google Chrome before 51.0.2704.63 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34745
The host is installed with Google Chrome before 51.0.2704.63 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34746
The host is installed with Google Chrome before 51.0.2704.63 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34743
The host is installed with Google Chrome before 51.0.2704.63 and is prone to a cross-origin bypass vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34744
The host is installed with Google Chrome before 51.0.2704.63 and is prone to a cross-origin bypass vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34741
The host is installed with Google Chrome before 51.0.2704.63 and is prone to a heap based buffer-overflow vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34742
The host is installed with Google Chrome before 51.0.2704.63 and is prone to a heap based buffer-overflow vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34740
The host is installed with Google Chrome before 51.0.2704.63 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34738
The host is installed with Google Chrome before 51.0.2704.63 and is prone to a heap buffer overflow vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34739
The host is installed with Google Chrome before 51.0.2704.63 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34736
The host is installed with Google Chrome before 51.0.2704.63 and is prone to an out-of-bounds read vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34737
The host is installed with Google Chrome before 51.0.2704.63 and is prone to a heap buffer overflow vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34734
The host is installed with Google Chrome before 51.0.2704.63 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34735
The host is installed with Google Chrome before 51.0.2704.63 and is prone to an out-of-bounds read vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34732
The host is installed with Google Chrome before 51.0.2704.63 and is prone to an out-of-bounds read vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34733
The host is installed with Google Chrome before 51.0.2704.63 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34731
The host is installed with Google Chrome before 51.0.2704.63 and is prone to an out-of-bounds read vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34798
The host is installed with Google Chrome before 51.0.2704.63 and is prone to a cross-origin bypass vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34799
The host is installed with Google Chrome before 51.0.2704.63 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34796
The host is installed with Google Chrome before 51.0.2704.63 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34797
The host is installed with Google Chrome before 51.0.2704.63 and is prone to a heap based buffer-overflow vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34794
The host is installed with Google Chrome before 51.0.2704.63 and is prone to an out-of-bounds read vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34795
The host is installed with Google Chrome before 51.0.2704.63 and is prone to a heap buffer overflow vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34792
The host is installed with Google Chrome before 51.0.2704.63 and is prone to an out-of-bounds read vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34793
The host is installed with Google Chrome before 51.0.2704.63 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34800
The host is installed with Google Chrome before 51.0.2704.63 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34750
The host is installed with Google Chrome before 51.0.2704.63 and is prone to multiple vulnerabilities. The flaws are present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34749
The host is installed with Google Chrome before 51.0.2704.63 and is prone to multiple vulnerabilities. The flaws are present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34801
The host is installed with Google Chrome before 51.0.2704.63 and is prone to multiple vulnerabilities. The flaws are present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34899
The host is installed with Google Chrome before 51.0.2704.79 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34897
The host is installed with Google Chrome before 51.0.2704.79 and is prone to a cross-origin bypass vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34898
The host is installed with Google Chrome before 51.0.2704.79 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34895
The host is installed with Google Chrome before 51.0.2704.79 and is prone to a cross-origin bypass vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34896
The host is installed with Google Chrome before 51.0.2704.79 and is prone to a cross-origin bypass vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34894
The host is installed with Google Chrome before 51.0.2704.79 and is prone to a cross-origin bypass vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34903
The host is installed with Google Chrome before 51.0.2704.79 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34904
The host is installed with Google Chrome before 51.0.2704.79 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34901
The host is installed with Google Chrome before 51.0.2704.79 and is prone to a parameter sanitization failure vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34902
The host is installed with Google Chrome before 51.0.2704.79 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34900
The host is installed with Google Chrome before 51.0.2704.79 and is prone to a parameter sanitization failure vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34907
The host is installed with Google Chrome before 51.0.2704.79 and is prone to an out-of-bounds read vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34905
The host is installed with Google Chrome before 51.0.2704.79 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34906
The host is installed with Google Chrome before 51.0.2704.79 and is prone to an out-of-bounds read vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34909
The host is installed with Google Chrome before 51.0.2704.79 and is prone to multiple vulnerabilities. The flaws are present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34908
The host is installed with Google Chrome before 51.0.2704.79 and is prone to multiple vulnerabilities. The flaws are present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34190
The host is installed with Mozilla Firefox before 46.0 or Firefox ESR 45.x before 45.1 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle unknown vectors. Successful exploitation allows remote attackers to execute arbitrary code or crash th ...

oval:org.secpod.oval:def:1501439
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.1.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:1501442
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.1.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:203923
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.1.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:203922
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.1.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:203921
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.1.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:1501512
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.2.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ...

oval:org.secpod.oval:def:1501513
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.2.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ...

oval:org.secpod.oval:def:1501491
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.2.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the p ...

oval:org.secpod.oval:def:1501493
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.2.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the p ...

oval:org.secpod.oval:def:203964
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.2.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ...

oval:org.secpod.oval:def:203962
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.2.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ...

oval:org.secpod.oval:def:203961
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.2.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ...

oval:org.secpod.oval:def:203950
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.2.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:203949
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.2.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:203948
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.2.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:34969
The host is installed with Mozilla Firefox before 47.0, Firefox ESR before 45.2.2 or Mozilla Thunderbird 45.x before 45.2 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fail to handle unknown vectors. Successful exploitation allows remote attackers to ...

oval:org.secpod.oval:def:34967
The host is installed with Mozilla Firefox before 47.0 or Firefox ESR before 45.2 and is prone to a buffer overflow vulnerability. A flaw is present in the application, which fail to handle unknown vectors. Successful exploitation allows remote attackers to crash service.

oval:org.secpod.oval:def:34968
The host is missing a critical security update according to Mozilla advisory, MFSA2016-49. The update is required to fix multiple memory corruption vulnerabilities. The flaws are present in the application, which fail to handle unknown vectors. Successful exploitation allows remote attackers to run ...

oval:org.secpod.oval:def:34965
The host is installed with Mozilla Firefox before 47.0 or Firefox ESR before 45.2 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fail to handle unknown vectors. Successful exploitation allows remote attackers to crash service.

oval:org.secpod.oval:def:34966
The host is missing a critical security update according to Mozilla advisory, MFSA2016-50. The update is required to fix a buffer overflow vulnerability. A flaw is present in the application, which fail to handle unknown vectors. Successful exploitation allows remote attackers to crash service.

oval:org.secpod.oval:def:34964
The host is missing an important security update according to Mozilla advisory, MFSA2016-51. The update is required to fix an use-after-free vulnerability. A flaw is present in the application, which fail to handle unknown vectors. Successful exploitation allows remote attackers to crash service.

oval:org.secpod.oval:def:34962
The host is missing an important security update according to Mozilla advisory, MFSA2016-52. The update is required to fix an addressbar spoofing vulnerability. A flaw is present in the application, which fail to handle unknown vectors. Successful exploitation allows remote attackers to mask the tru ...

oval:org.secpod.oval:def:34954
The host is missing an important security update according to Mozilla advisory, MFSA2016-56. The update is required to fix an use-after-free vulnerability. A flaw is present in the application, which fail to handle unknown vectors. Successful exploitation allows remote attackers to cause potentially ...

oval:org.secpod.oval:def:34955
The host is installed with Mozilla Firefox before 47.0 or Firefox ESR before 45.2 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fail to handle unknown vectors. Successful exploitation allows remote attackers to cause potentially exploitable crash when t ...

oval:org.secpod.oval:def:34950
The host is missing an important security update according to Mozilla advisory, MFSA2016-58. The update is required to fix a privilege escalation vulnerability. A flaw is present in the application, which fail to handle unknown vectors. Successful exploitation allows remote attackers to escalate per ...

oval:org.secpod.oval:def:34951
The host is installed with Mozilla Firefox before 47.0 or Firefox ESR before 45.2 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fail to handle unknown vectors. Successful exploitation allows remote attackers to escalate permissions, spoofing and cl ...

oval:org.secpod.oval:def:34963
The host is installed with Mozilla Firefox before 47.0 or Firefox ESR before 45.2 and is prone to an addressbar spoofing vulnerability. A flaw is present in the application, which fail to handle unknown vectors. Successful exploitation allows remote attackers to mask the true site URL, allowing for ...

oval:org.secpod.oval:def:1501444
Mercurial is a fast, lightweight source control management system designed for efficient handling of very large distributed projects. Security Fix: * It was discovered that Mercurial failed to properly check Git sub-repository URLs. A Mercurial repository that includes a Git sub-repository with a sp ...

oval:org.secpod.oval:def:203924
Mercurial is a fast, lightweight source control management system designed for efficient handling of very large distributed projects. Security Fix: * It was discovered that Mercurial failed to properly check Git sub-repository URLs. A Mercurial repository that includes a Git sub-repository with a sp ...

oval:org.secpod.oval:def:1600368
It was discovered that Mercurial failed to properly check Git sub-repository URLs. A Mercurial repository that includes a Git sub-repository with a specially crafted URL could cause Mercurial to execute arbitrary code. The binary delta decoder in Mercurial before 3.7.3 allows remote attackers to exe ...

oval:org.secpod.oval:def:1501471
It was found that libndp did not properly validate and check the origin of Neighbor Discovery Protocol (NDP) messages. An attacker on a non-local network could use this flaw to advertise a node as a router, allowing them to perform man-in-the-middle attacks on a connecting client, or disrupt the net ...

oval:org.secpod.oval:def:203937
Libndp is a library that provides a wrapper for the IPv6 Neighbor Discovery Protocol. It also provides a tool named ndptool for sending and receiving NDP messages. Security Fix: * It was found that libndp did not properly validate and check the origin of Neighbor Discovery Protocol messages. An at ...

oval:org.secpod.oval:def:35967
The host is installed with LibreOffice before 5.1.4.2 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to handle a crafted RTF file, related to stylesheet and supercript tokens. Successful exploitation could allow remote attackers to execute arbitrar ...

oval:org.secpod.oval:def:34971
The host is installed with VideoLAN vlc media player before 2.2.4 and is prone to a buffer overflow vulnerability. A flaw is present in the application, which fails to handle a crafted QuickTime IMA file. Successful exploitation could allow remote attackers to cause a denial of service (crash) or po ...

oval:org.secpod.oval:def:37423
The host is installed with Google Chrome before 53.0.2785.143 and is prone to multiple vulnerabilities. The flaws are present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:37422
The host is installed with Google Chrome before 53.0.2785.143 and is prone to multiple vulnerabilities. The flaws are present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:37421
The host is installed with Google Chrome before 53.0.2785.143 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:37420
The host is installed with Google Chrome before 53.0.2785.143 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:204150
Fontconfig is designed to locate fonts within the system and select them according to requirements specified by applications. Security Fix: * It was found that cache files were insufficiently validated in fontconfig. A local attacker could create a specially crafted cache file to trigger arbitrary f ...

oval:org.secpod.oval:def:1501637
Fontconfig is designed to locate fonts within the system and select them according to requirements specified by applications. Security Fix: * It was found that cache files were insufficiently validated in fontconfig. A local attacker could create a specially crafted cache file to trigger arbitrary f ...

oval:org.secpod.oval:def:37757
The host is installed with Oracle MySQL Server through 5.5.52, 5.6.33 or 5.7.15 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to Server: Security: Encryption. Successful exploitation allows attackers to affect Confidentialit ...

oval:org.secpod.oval:def:1600510
It was found that Exim leaked DKIM signing private keys to the "mainlog" log file. As a result, an attacker with access to system log files could potentially access these leaked DKIM private keys.

oval:org.secpod.oval:def:32955
The host is installed with Google Chrome before 48.0.2564.109 and is prone to a denial of service vulnerability. The flaw is present in the application, which fails to handle a crafted PDF document. Successful exploitation allows remote attackers to cause a denial of service (out-of-bounds read).

oval:org.secpod.oval:def:32956
The host is installed with Google Chrome before 48.0.2564.109 and is prone to a denial of service vulnerability. The flaw is present in the application, which fails to handle a crafted PDF document. Successful exploitation allows remote attackers to cause a denial of service (out-of-bounds read).

oval:org.secpod.oval:def:204198
The libpng12 packages contain a library of functions for creating and manipulating PNG image format files. It was discovered that the png_get_PLTE and png_set_PLTE functions of libpng did not correctly calculate the maximum palette sizes for bit depths of less than 8. In case an application tried t ...

oval:org.secpod.oval:def:203786
The libpng packages contain a library of functions for creating and manipulating PNG image format files. It was discovered that the png_get_PLTE and png_set_PLTE functions of libpng did not correctly calculate the maximum palette sizes for bit depths of less than 8. In case an application tried to ...

oval:org.secpod.oval:def:32438
The host is installed with Google Chrome before 48.0.2564.109 and is prone to an arbitrary code execution vulnerability. A flaw is present in the application, which fails to handle a crafted JPEG 2000 image in a PDF document. Successful exploitation allows remote attackers to execute arbitrary code ...

oval:org.secpod.oval:def:33049
The host is installed with Google Chrome before 48.0.2564.109 and is prone to an arbitrary code execution vulnerability. Aflaw is present in the application, which fails to handle a crafted JPEG 2000 image in a PDF document. Successful exploitation allows remote attackers to execute arbitrary code o ...

oval:org.secpod.oval:def:33048
The host is installed with Google Chrome before 48.0.2564.109 and is prone to an arbitrary code execution vulnerability. A flaw is present in the application, which fails to handle a crafted JPEG 2000 image in a PDF document. Successful exploitation allows remote attackers to execute arbitrary code ...

oval:org.secpod.oval:def:1501440
Network Security Services is a set of libraries designed to support cross-platform development of security-enabled client and server applications. A flaw was found in the way NSS verified certain ECDSA signatures. Under certain conditions, an attacker could use this flaw to conduct signature forgery ...

oval:org.secpod.oval:def:36103
The host is installed with LibreOffice before 5.1.4002 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to handle a crafted RTF file, related to stylesheet and supercript tokens. Successful exploitation could allow remote attackers to execute arbitra ...

oval:org.secpod.oval:def:39515
The host is installed with Apple iTunes before 12.6 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to properly handle vectors involving use of the srand function. Successful exploitation could allow context-dependent attackers to defeat cryptograph ...

oval:org.secpod.oval:def:35695
The host is installed with VideoLAN vlc media player before 2.2.4 and is prone to a buffer overflow vulnerability. A flaw is present in the application, which fails to handle a QuickTime IMA file. Successful exploitation could allow remote attackers to cause a denial of service (crash) or possibly e ...

oval:org.secpod.oval:def:39517
The host is installed with Apple iTunes before 12.6 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle crafted identifiers. Successful exploitation could allows context-dependent attackers to cause a denial of service (CPU consumpt ...

oval:org.secpod.oval:def:602570
Multiple vulnerabilities were discovered in the implementation of the Perl programming language. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2016-1238 John Lightsey and Todd Rinaldo reported that the opportunistic loading of optional modules can make many ...

oval:org.secpod.oval:def:602186
The security update for wordpress in DSA 3328 contained a regression. The patch for issue CVE-2015-5622 was faulty. A new package version has been released that backs this patch out pending resolution of the problem.

oval:org.secpod.oval:def:601852
Multiple security issues have been discovered in Wordpress, a web blogging tool, resulting in denial of service or information disclosure. More information can be found in the upstream advisory at https://wordpress.org/news/2014/11/wordpress-4-0-1/ CVE-2014-9031 Jouko Pynnonen discovered an unauthen ...

oval:org.secpod.oval:def:602199
Several vulnerabilities have been fixed in Wordpress, the popular blogging engine. CVE-2015-2213 SQL Injection allowed a remote attacker to compromise the site. CVE-2015-5622 The robustness of the shortcodes HTML tags filter has been improved. The parsing is a bit more strict, which may affect your ...

oval:org.secpod.oval:def:603147
Multiple vulnerabilities in OpenJPEG, a JPEG 2000 image compression / decompression library, may result in denial of service or the execution of arbitrary code if a malformed JPEG 2000 file is processed.

oval:org.secpod.oval:def:602606
It was reported that the update for flex as released in DSA-3653-1 did not completely address CVE-2016-6354 as intended due to problems in the patch handling and regenerated files during the build. Additionally a regression was introduced, causing new warnings when compiling flex generated code. Upd ...

oval:org.secpod.oval:def:602090
Kostya Kortchinsky of the Google Security Team discovered a flaw in the DER parser used to decode SSL/TLS certificates in suricata. A remote attacker can take advantage of this flaw to cause suricata to crash.

oval:org.secpod.oval:def:602142
Michal Zalewski discovered that SQLite3, an implementation of an SQL database engine, did not properly handle precision and width values during floating-point conversions, leading to an integer overflow and a stack-based buffer overflow. This could allow remote attackers to cause a denial of service ...

oval:org.secpod.oval:def:603085
A double-free vulnerability was discovered in the gdImagePngPtr function in libgd2, a library for programmatic graphics creation and manipulation, which may result in denial of service or potentially the execution of arbitrary code if a specially crafted file is processed.

oval:org.secpod.oval:def:602258
The patch applied for CVE-2015-5622 in DSA-3332-1 contained a faulty hunk. This update corrects that problem. For reference, the relevant part of the original advisory text follows. Several vulnerabilities have been fixed in Wordpress, the popular blogging engine. CVE-2015-5622 The robustness of the ...

oval:org.secpod.oval:def:602320
Several vulnerabilities were discovered in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to use an excessive am ...

oval:org.secpod.oval:def:703368
vim: Vi IMproved - enhanced vi editor Vim could be made run programs as your login if it opened a specially crafted file.

oval:org.secpod.oval:def:602547
Aleksandar Nikolic discovered that missing input sanitising in the RTF parser in Libreoffice may result in the execution of arbitrary code if a malformed documented is opened.

oval:org.secpod.oval:def:703212
thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird.

oval:org.secpod.oval:def:703328
mysql-5.7: MySQL database - mysql-5.5: MySQL database Several security issues were fixed in MySQL.

oval:org.secpod.oval:def:602088
Several vulnerabilities were discovered in the qemu virtualisation solution: CVE-2014-9718 It was discovered that the IDE controller emulation is susceptible to denial of service. CVE-2015-1779 Daniel P. Berrange discovered a denial of service vulnerability in the VNC web socket decoder. CVE-2015-27 ...

oval:org.secpod.oval:def:602093
Michal Zalewski discovered multiple vulnerabilities in SQLite, which may result in denial of service or the execution of arbitrary code.

oval:org.secpod.oval:def:702725
qemu: Machine emulator and virtualizer - qemu-kvm: Machine emulator and virtualizer Several security issues were fixed in QEMU.

oval:org.secpod.oval:def:602482
Several security vulnerabilities were found in botan1.10, a C++ library which provides support for many common cryptographic operations, including encryption, authentication, X.509v3 certificates and CRLs. CVE-2015-5726 The BER decoder would crash due to reading from offset 0 of an empty vector if i ...

oval:org.secpod.oval:def:602607
It was discovered that incorrect SASL authentication in the Charybdis IRC server may lead to users impersonating other users.

oval:org.secpod.oval:def:602596
Alexander Sulfrian discovered a buffer overflow in the yy_get_next_buffer function generated by Flex, which may result in denial of service and potentially the execution of code if operating on data from untrusted sources. Affected applications need to be rebuild. bogofilter will be rebuild against ...

oval:org.secpod.oval:def:702942
perl: Practical Extraction and Report Language Perl incorrectly handled the taint attribute.

oval:org.secpod.oval:def:602480
Several vulnerabilities were discovered in imlib2, an image manipulation library. CVE-2011-5326 Kevin Ryde discovered that attempting to draw a 2x1 radi ellipse results in a floating point exception. CVE-2014-9771 It was discovered that an integer overflow could lead to invalid memory reads and unre ...

oval:org.secpod.oval:def:602560
It was discovered that Django, a high-level Python web development framework, is prone to a cross-site scripting vulnerability in the admin"s add/change related popup.

oval:org.secpod.oval:def:703258
imlib2: Image manipulation and rendering library Several security issues were fixed in Imlib2.

oval:org.secpod.oval:def:36988
imlib2: Image manipulation and rendering library Several security issues were fixed in Imlib2.

oval:org.secpod.oval:def:602530
Patrick Coleman discovered that missing input sanitising in the ADPCM decoder of the VLC media player may result in the execution of arbitrary code if a malformed media file is opened.

oval:org.secpod.oval:def:26405
qemu: Machine emulator and virtualizer - qemu-kvm: Machine emulator and virtualizer Several security issues were fixed in QEMU.

oval:org.secpod.oval:def:602586
Tobias Stoeckmann discovered that cache files are insufficiently validated in fontconfig, a generic font configuration library. An attacker can trigger arbitrary free calls, which in turn allows double free attacks and therefore arbitrary code execution. In combination with setuid binaries using cra ...

oval:org.secpod.oval:def:602575
Emilien Gaspar discovered that collectd, a statistics collection and monitoring daemon, incorrectly processed incoming network packets. This resulted in a heap overflow, allowing a remote attacker to either cause a DoS via application crash, or potentially execute arbitrary code. Additionally, secur ...

oval:org.secpod.oval:def:703211
python-django: High-level Python web development framework A security issue was fixed in Django.

oval:org.secpod.oval:def:602532
Marcin "Icewall" Noga of Cisco Talos discovered an out-of-bound read vulnerability in the CInArchive::ReadFileItem method in p7zip, a 7zr file archiver with high compression ratio. A remote attacker can take advantage of this flaw to cause a denial-of-service or, potentially the execution of arbitra ...

oval:org.secpod.oval:def:702874
libxml2: GNOME XML library libxml2 could be made to crash if it opened a specially crafted file.

oval:org.secpod.oval:def:602680
Florian Larysch and Bram Moolenaar discovered that vim, an enhanced vi editor, does not properly validate values for the the "filetype", "syntax" and "keymap" options, which may result in the execution of arbitrary code if a file with a specially crafted modeline is opened.

oval:org.secpod.oval:def:602379
Alexander Izmailov discovered that didiwiki, a wiki implementation, failed to correctly validate user-supplied input, thus allowing a malicious user to access any part of the filesystem.

oval:org.secpod.oval:def:703167
expat: XML parsing C library Several security issues were fixed in Expat.

oval:org.secpod.oval:def:703241
fontconfig: generic font configuration library Fontconfig be made to crash or run programs if it opened a specially crafted file.

oval:org.secpod.oval:def:602263
Several vulnerabilities were discovered in Wordpress, a web blogging tool. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2015-2213 SQL Injection allowed a remote attacker to compromise the site. CVE-2015-5622 The robustness of the shortcodes HTML tags filter ...

oval:org.secpod.oval:def:602485
Several vulnerabilities were discovered in tardiff, a tarball comparison tool. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2015-0857 Rainer Mueller and Florian Weimer discovered that tardiff is prone to shell command injections via shell meta-characters in ...

oval:org.secpod.oval:def:602662
Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.53, which includes additional changes, such as performance improvements, bug fixes, new features, and possibly incompatible changes

oval:org.secpod.oval:def:602531
Multiple security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, buffer overflows and other implementation errors may lead to the execution of arbitrary code or spoofing. Wait, Firefox? No more references to Iceweasel? That"s right, Debian no longer applies ...

oval:org.secpod.oval:def:703150
oxide-qt: Web browser engine for Qt Several security issues were fixed in Oxide.

oval:org.secpod.oval:def:602706
It was discovered that bottle, a WSGI-framework for the Python programming language, did not properly filter "\r\n" sequences when handling redirections. This allowed an attacker to perform CRLF attacks such as HTTP header injection.

oval:org.secpod.oval:def:703183
libreoffice: Office productivity suite LibreOffice could be made to crash or run programs as your login if it opened a specially crafted file.

oval:org.secpod.oval:def:602166
It was discovered that the texttopdf utility, part of cups-filters, was susceptible to multiple heap-based buffer overflows due to improper handling of print jobs with a specially crafted line size. This could allow remote attackers to crash texttopdf or possibly execute arbitrary code.

oval:org.secpod.oval:def:602327
David Golden of MongoDB discovered that File::Spec::canonpath in Perl returned untainted strings even if passed tainted input. This defect undermines taint propagation, which is sometimes used to ensure that unvalidated user input does not reach sensitive code. The oldstable distribution is not aff ...

oval:org.secpod.oval:def:602589
Multiple security issues have been found in Icedove, Debian"s version of the Mozilla Thunderbird mail client: Multiple memory safety errors may lead to the execution of arbitrary code or denial of service.

oval:org.secpod.oval:def:602427
Multiple security issues have been found in the Xen virtualisation solution, which may result in denial of service or information disclosure. The oldstable distribution will be updated in a separate DSA.

oval:org.secpod.oval:def:602087
It was discovered that the fix for CVE-2013-4422 in quassel, a distributed IRC client, was incomplete. This could allow remote attackers to inject SQL queries after a database reconnection .

oval:org.secpod.oval:def:602189
Several vulnerabilities have been found in Wordpress, the popular blogging engine. CVE-2015-3429 The file example.html in the Genericicons icon font package and twentyfifteen Wordpress theme allowed for cross site scripting. CVE-2015-5622 The robustness of the shortcodes HTML tags filter has been im ...

oval:org.secpod.oval:def:603143
It was discovered that the bgpd daemon in the Quagga routing suite does not properly calculate the length of multi-segment AS_PATH UPDATE messages, causing bgpd to drop a session and potentially resulting in loss of network connectivity.

oval:org.secpod.oval:def:703814
libgd2: GD Graphics Library GD library could be made to crash if it opened a specially crafted file.

oval:org.secpod.oval:def:1600294
Two flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding ...

oval:org.secpod.oval:def:1500433
Updated wireshark packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are avai ...

oval:org.secpod.oval:def:203233
Wireshark is a network protocol analyzer. It is used to capture and browse the traffic running on a computer network. Multiple flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the ...

oval:org.secpod.oval:def:602678
It was discovered that wireshark, a network protocol analyzer, contained several vulnerabilities in the dissectors for DCERPC, AllJoyn, DTN, and OpenFlow, that could lead to various crashes, denial-of-service, or execution of arbitrary code.

oval:org.secpod.oval:def:1501102
linux: Linux kernel Several security issues were fixed in the kernel.

oval:org.secpod.oval:def:1501096
linux: Linux kernel Several security issues were fixed in the kernel.

oval:org.secpod.oval:def:204224
LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and extend ...

oval:org.secpod.oval:def:1501108
Moderate: Oracle Linux 5 Unbreakable Enterprise kernel security update.

oval:org.secpod.oval:def:1501116
Moderate: Oracle Linux 5 Unbreakable Enterprise kernel security update.

oval:org.secpod.oval:def:1501441
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.1.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:1501492
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.2.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the p ...

oval:org.secpod.oval:def:1501056
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:1501351
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Multiple security flaws were found in the graphite2 font library shipped with Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbi ...

oval:org.secpod.oval:def:1500388
Updated openldap packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available ...

oval:org.secpod.oval:def:1500856
Updated xorg-x11-server packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are availab ...

oval:org.secpod.oval:def:38789
The host is missing a security update according to Apple advisory, APPLE-SA-2017-01-23-2. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle crafted data. Successful exploitation could allow attackers to execute arbitrary ...

oval:org.secpod.oval:def:38800
The host is installed with Apple Mac OS X or Server 10.12.2 and is prone to an arbitrary code execution vulnerability. A flaw is present in the application, which fails to properly handle certain modeline options. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:38512
The host is installed with Apple Mac OS X or Server 10.12.x through 10.12.1 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle unknown vectors related to curl. Successful exploitation could allow attackers to leak sensitive u ...

oval:org.secpod.oval:def:43012
The host is installed with Apple Mac OS X 10.11.6 or 10.12.6 or before 10.13.1 and is prone to a key reinstallation vulnerability. A flaw is present in the application, which fails to properly handle a logic issue existing in the handling of state. Successful exploitation could allow attackers to fo ...

oval:org.secpod.oval:def:1600444
A heap-based buffer overflow in the parse_packet function in network.c in collectd allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted network packet.

oval:org.secpod.oval:def:603163
A vulnerability has been found in the PostgreSQL database system: Denial of service and potential memory disclosure in the json_populate_recordset and jsonb_populate_recordset functions.

oval:org.secpod.oval:def:1600359
It was found that when an SVN server searched the history of a file or a directory, it would disclose its location in the repository if that file or directory was not readable . An integer overflow was discovered allowing remote attackers to execute arbitrary code via an svn:// protocol string, whi ...

oval:org.secpod.oval:def:1600692
The QuantumTransferMode function in coders/tiff.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service via a small samples per pixel value in a CMYKA TIFF file.The WPG format reader in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial o ...

oval:org.secpod.oval:def:602494
Simon McVittie discovered a cross-site scripting vulnerability in the error reporting of Ikiwiki, a wiki compiler. This update also hardens ikiwiki"s use of imagemagick in the img plugin.

oval:org.secpod.oval:def:42419
A new exploitation technique called key reinstallation attacks (KRACKs) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used integrity group key (IGTK) dur ...

oval:org.secpod.oval:def:42418
A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or inject forged Wi-Fi packets by manipulating cryptograhpic handshakes used by the WPA2 protocol.

oval:org.secpod.oval:def:42420
A new exploitation technique called key reinstallation attacks (KRACKs) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used group key (GTK) during a Wirel ...

oval:org.secpod.oval:def:203642
The wpa_supplicant package contains an 802.1X Supplicant with support for WEP, WPA, WPA2 , and various EAP authentication methods. It implements key negotiation with a WPA Authenticator for client stations and controls the roaming and IEEE 802.11 authentication and association of the WLAN driver. A ...

oval:org.secpod.oval:def:1600812
Privilege escalation flaws were found in the initialization scripts of PostgreSQL. A remote attacker with access to the postgres user account could use these flaws to obtain root access on the server machine.INSERT ... ON CONFLICT DO UPDATE commands in PostgreSQL disclose table contents that the inv ...

oval:org.secpod.oval:def:1600811
Privilege escalation flaws were found in the initialization scripts of PostgreSQL. A remote attacker with access to the postgres user account could use these flaws to obtain root access on the server machine.Invalid json_populate_recordset or jsonb_populate_recordset function calls in PostgreSQL can ...

oval:org.secpod.oval:def:602541
Several vulnerabilities were discovered in libxslt, an XSLT processing runtime library, which could lead to information disclosure or denial-of-service against an application using the libxslt library.

oval:org.secpod.oval:def:702983
libssh: A tiny C SSH library Several security issues were fixed in libssh.

oval:org.secpod.oval:def:602384
Aris Adamantiadis discovered that libssh, a tiny C SSH library, incorrectly generated a short ephemeral secret for the diffie-hellman-group1 and diffie-hellman-group14 key exchange methods. The resulting secret is 128 bits long, instead of the recommended sizes of 1024 and 2048 bits respectively. Th ...

oval:org.secpod.oval:def:33741
The host is installed with PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, or 9.5.x before 9.5.1 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle a large Unicode character range in a regular express ...

oval:org.secpod.oval:def:203860
PostgreSQL is an advanced object-relational database management system . An integer overflow flaw, leading to a heap-based buffer overflow, was found in the PostgreSQL handling code for regular expressions. A remote attacker could use a specially crafted regular expression to cause PostgreSQL to cra ...

oval:org.secpod.oval:def:203853
PostgreSQL is an advanced object-relational database management system . An integer overflow flaw, leading to a heap-based buffer overflow, was found in the PostgreSQL handling code for regular expressions. A remote attacker could use a specially crafted regular expression to cause PostgreSQL to cra ...

oval:org.secpod.oval:def:203852
PostgreSQL is an advanced object-relational database management system . An integer overflow flaw, leading to a heap-based buffer overflow, was found in the PostgreSQL handling code for regular expressions. A remote attacker could use a specially crafted regular expression to cause PostgreSQL to cra ...

oval:org.secpod.oval:def:1600400
An integer overflow flaw, leading to a heap-based buffer overflow, was found in the PostgreSQL handling code for regular expressions. A remote attacker could use a specially crafted regular expression to cause PostgreSQL to crash or possibly execute arbitrary code.

oval:org.secpod.oval:def:1600350
An integer overflow flaw, leading to a heap-based buffer overflow, was found in the PostgreSQL handling code for regular expressions. A remote attacker could use a specially crafted regular expression to cause PostgreSQL to crash or possibly execute arbitrary code.

oval:org.secpod.oval:def:400686
This update for postgresql93 fixes the following issues: - Security and bugfix release 9.3.11: * Fix infinite loops and buffer-overrun problems in regular expressions . * Fix regular-expression compiler to handle loops of constraint arcs . * Prevent certain PL/Java parameters from being set by non-s ...

oval:org.secpod.oval:def:203854
The libssh2 packages provide a library that implements the SSHv2 protocol. A type confusion issue was found in the way libssh2 generated ephemeral secrets for the diffie-hellman-group1 and diffie-hellman-group14 key exchange methods. This would cause an SSHv2 Diffie-Hellman handshake to use signific ...

oval:org.secpod.oval:def:203856
The libssh2 packages provide a library that implements the SSHv2 protocol. A type confusion issue was found in the way libssh2 generated ephemeral secrets for the diffie-hellman-group1 and diffie-hellman-group14 key exchange methods. This would cause an SSHv2 Diffie-Hellman handshake to use signific ...

oval:org.secpod.oval:def:602380
Andreas Schneider reported that libssh2, a SSH2 client-side library, passes the number of bytes to a function that expects number of bits during the SSHv2 handshake when libssh2 is to get a suitable value for "group order" in the Diffie-Hellman negotiation. This weakens significantly the handshake s ...

oval:org.secpod.oval:def:703816
emacs24: GNU Emacs editor Emacs could be made to run programs as your login if it opened a specially crafted file.

oval:org.secpod.oval:def:703813
emacs25: GNU Emacs editor Emacs could be made to run programs as your login if it opened a specially crafted file.

oval:org.secpod.oval:def:1600787
Command injection flaw within "enriched mode" handling:A command injection flaw within the Emacs "enriched mode" handling has been discovered. By tricking an unsuspecting user into opening a specially crafted file using Emacs, a remote attacker could exploit this flaw to execute arbitrary ...

oval:org.secpod.oval:def:204557
GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language , and the capability to read e-mail and news. Security Fix: * A command injection flaw within the Emacs "enriched mode" handling has been discovered. By tric ...

oval:org.secpod.oval:def:603039
Calum Hutton reported that the XML-RPC server in supervisor, a system for controlling process state, does not perform validation on requested XML-RPC methods, allowing an authenticated client to send a malicious XML-RPC request to supervisord that will run arbitrary shell commands on the server as t ...

oval:org.secpod.oval:def:603164
It was discovered that the pg_ctlcluster, pg_createcluster and pg_upgradecluster commands handled symbolic links insecurely which could result in local denial of service by overwriting arbitrary files.

oval:org.secpod.oval:def:202572
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode ...

oval:org.secpod.oval:def:202626
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode ...

oval:org.secpod.oval:def:1600259
It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL or DTLS server as a padding ...

oval:org.secpod.oval:def:43226
postgresql-9.6: Object-relational SQL database - postgresql-9.5: Object-relational SQL database - postgresql-9.3: Object-relational SQL database Several security issues were fixed in PostgreSQL.

oval:org.secpod.oval:def:703874
quagga: BGP/OSPF/RIP routing daemon Several security issues were fixed in Quagga.

oval:org.secpod.oval:def:602707
It was discovered that Tor, a connection-based low-latency anonymous communication system, may read one byte past a buffer when parsing hidden service descriptors. This issue may enable a hostile hidden service to crash Tor clients depending on hardening options and malloc implementation.

oval:org.secpod.oval:def:43225
postgresql-common: PostgreSQL database-cluster manager postgresql-common could be made to overwrite files as the administrator.

oval:org.secpod.oval:def:113435
GNU Wget is a file retrieval utility which can use either the HTTP or FTP protocols. Wget features include the ability to work in the background while you are logged out, recursive retrieval of directories, file name wildcard matching, remote file timestamp storage and comparison, use of Rest with F ...

oval:org.secpod.oval:def:1502044
Several security issues were fixed in wget.

oval:org.secpod.oval:def:603140
Antti Levomaeki, Christian Jalio, Joonas Pihlaja and Juhani Eronen discovered two buffer overflows in the HTTP protocol handler of the Wget download tool, which could result in the execution of arbitrary code when connecting to a malicious HTTP server.

oval:org.secpod.oval:def:1600796
Heap-based buffer overflow in HTTP protocol handlingA heap-based buffer overflow, when processing chunked encoded HTTP responses, was found in wget. By tricking an unsuspecting user into connecting to a malicious HTTP server, an attacker could exploit this flaw to potentially execute arbitrary code. ...

oval:org.secpod.oval:def:703872
wget: retrieves files from the web Several security issues were fixed in Wget.

oval:org.secpod.oval:def:113393
GNU Wget is a file retrieval utility which can use either the HTTP or FTP protocols. Wget features include the ability to work in the background while you are logged out, recursive retrieval of directories, file name wildcard matching, remote file timestamp storage and comparison, use of Rest with F ...

oval:org.secpod.oval:def:204698
The wget packages provide the GNU Wget file retrieval utility for HTTP, HTTPS, and FTP protocols. Security Fix: * A stack-based and a heap-based buffer overflow flaws were found in wget when processing chunked encoded HTTP responses. By tricking an unsuspecting user into connecting to a malicious HT ...

oval:org.secpod.oval:def:32736
The host is installed with Oracle MySQL through 5.5.46, through 5.6.27 or 5.7.9 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails unknown vectors related to Options. Successful exploitation allows remote authenticated users to affect availability.

oval:org.secpod.oval:def:702944
mysql-5.6: MySQL database - mysql-5.5: MySQL database Several security issues were fixed in MySQL.

oval:org.secpod.oval:def:602353
Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.47

oval:org.secpod.oval:def:32742
The host is installed with Oracle MySQL through 5.5.46, through 5.6.27 or 5.7.9 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails unknown vectors related to Client. Successful exploitation allows local users to affect confidentiality, integrity, and avai ...

oval:org.secpod.oval:def:32753
The host is installed with Oracle MySQL through 5.5.46, through 5.6.27 or 5.7.9 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails vectors related to DML. Successful exploitation allows remote authenticated users to affect availability.

oval:org.secpod.oval:def:32755
The host is installed with Oracle MySQL through 5.5.46 or through 5.6.27 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails vectors related to DML. Successful exploitation allows remote authenticated users to affect availability.

oval:org.secpod.oval:def:32754
The host is installed with Oracle MySQL through 5.5.46, through 5.6.27 or 5.7.9 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails unknown vectors related to Optimizer. Successful exploitation allows remote authenticated users to affect availability.

oval:org.secpod.oval:def:32751
The host is installed with Oracle MySQL through 5.5.46, through 5.6.27 or 5.7.9 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails unknown vectors related to InnoDB. Successful exploitation allows remote authenticated users to affect availability.

oval:org.secpod.oval:def:32745
The host is installed with Oracle MySQL through 5.5.46, through 5.6.27 or 5.7.9 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails unknown vectors related to privileges. Successful exploitation allows remote authenticated users to affect availability.

oval:org.secpod.oval:def:32748
The host is installed with Oracle MySQL through 5.5.46, through 5.6.27 or 5.7.9 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails unknown vectors related to encryption. Successful exploitation allows remote authenticated users to affect integrity.

oval:org.secpod.oval:def:32758
The host is installed with Oracle MySQL through 5.5.46 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails unknown vectors related to Optimizer. Successful exploitation allows remote authenticated users to affect availability.

oval:org.secpod.oval:def:32744
The host is installed with Oracle MySQL through 5.6.27 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails unknown vectors related to InnoDB. Successful exploitation allows remote authenticated users to affect availability.

oval:org.secpod.oval:def:1600404
A double-free flaw was found in the way OpenSSL parsed certain malformed DSA private keys. An attacker could create specially crafted DSA private keys that, when processed by an application compiled against OpenSSL, could cause the application to crash. The ssl_verify_server_cert function in sql-co ...

oval:org.secpod.oval:def:400782
This update for tomcat fixes the following issues: Tomcat 8 was updated from 8.0.23 to 8.0.32, to fix bugs and security issues. Fixed security issues: * CVE-2015-5174: Directory traversal vulnerability in RequestUtil.java in Apache Tomcat allowed remote authenticated users to bypass intended Securit ...

oval:org.secpod.oval:def:1600336
ResourceLinkFactory.setGlobalContext is a public method and was discovered to be accessible by web applications running under a security manager without any checks. This allowed a malicious web application to inject a malicious global context that could in turn be used to disrupt other web applicati ...

oval:org.secpod.oval:def:1600357
ResourceLinkFactory.setGlobalContext is a public method and was discovered to be accessible by web applications running under a security manager without any checks. This allowed a malicious web application to inject a malicious global context that could in turn be used to disrupt other web applicati ...

oval:org.secpod.oval:def:1600384
A directory traversal vulnerability in RequestUtil.java was discovered which allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths cal ...

oval:org.secpod.oval:def:33120
The host is installed with Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68 or 8.x before 8.0.31 and is prone to a security bypass vulnerability. A flaw is present in the application, which does not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catalina/core/RestrictedSe ...

oval:org.secpod.oval:def:400638
This update for tomcat fixes the following security issues. Tomcat has been updated from 7.0.55 to 7.0.68. * CVE-2015-5174: Directory traversal vulnerability in RequestUtil.java in Apache Tomcat allowed remote authenticated users to bypass intended SecurityManager restrictions and list a parent dire ...

oval:org.secpod.oval:def:1600483
CVE-2016-0718 : Out-of-bounds read flaw An out-of-bounds read flaw was found in the way Expat processed certain input. A remote attacker could send specially crafted XML that, when parsed by an application using the Expat library, would cause that application to crash or, possibly, execute arbitrary ...

oval:org.secpod.oval:def:204045
Expat is a C library for parsing XML documents. Security Fix: * An out-of-bounds read flaw was found in the way Expat processed certain input. A remote attacker could send specially crafted XML that, when parsed by an application using the Expat library, would cause that application to crash or, pos ...

oval:org.secpod.oval:def:36575
The host is missing an important security update according to Mozilla advisory, MFSA2016-68. The update is required to fix an out-of-bounds read vulnerability. A flaw is present in the application, which fail to handle malformed XML data. Successful exploitation allows remote attackers to read other ...

oval:org.secpod.oval:def:204140
Expat is a C library for parsing XML documents. Security Fix: * An out-of-bounds read flaw was found in the way Expat processed certain input. A remote attacker could send specially crafted XML that, when parsed by an application using the Expat library, would cause that application to crash or, pos ...

oval:org.secpod.oval:def:33119
The host is installed with Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68 or 8.x before 8.0.31 and is prone to a security bypass vulnerability. A flaw is present in the session-persistence implementation, which mishandles session attributes. Successful exploitation allows remote authenticated us ...

oval:org.secpod.oval:def:1501684
Expat is a C library for parsing XML documents. Security Fix: * An out-of-bounds read flaw was found in the way Expat processed certain input. A remote attacker could send specially crafted XML that, when parsed by an application using the Expat library, would cause that application to crash or, pos ...

oval:org.secpod.oval:def:1501685
Expat is a C library for parsing XML documents. Security Fix: * An out-of-bounds read flaw was found in the way Expat processed certain input. A remote attacker could send specially crafted XML that, when parsed by an application using the Expat library, would cause that application to crash or, pos ...

oval:org.secpod.oval:def:34942
The host is installed with RHEL 6 or 7 and is prone to an out-of-bounds heap read vulnerability. A flaw is present in the application, which fails to handle a malformed input document. Successful exploitation could allow attackers to execute arbitrary code or crash the service.

oval:org.secpod.oval:def:33121
The host is installed with Apache Tomcat 7.x before 7.0.68 or 8.x before 8.0.31 and is prone to a security bypass vulnerability. A flaw is present in the setGlobalContext method, which does not consider whether ResourceLinkFactory.setGlobalContext callers are authorized. Successful exploitation allo ...

oval:org.secpod.oval:def:39003
squid3: Web proxy cache server Squid could be made to expose sensitive information over the network.

oval:org.secpod.oval:def:602715
Saulius Lapinskas from Lithuanian State Social Insurance Fund Board discovered that Squid3, a fully featured web proxy cache, does not properly process responses to If-None-Modified HTTP conditional requests, leading to client-specific Cookie data being leaked to other clients. A remote attacker can ...

oval:org.secpod.oval:def:204087
Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fix: * It was found that squid did not properly remove connection specific headers when answering conditional requests using a cached request. A remote attacker could send a spec ...

oval:org.secpod.oval:def:204085
The squid34 packages provide version 3.4 of Squid, a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fix: * It was found that squid did not properly remove connection specific headers when answering conditional requests using a cached re ...

oval:org.secpod.oval:def:703456
squid3: Web proxy cache server Squid could be made to expose sensitive information over the network.

oval:org.secpod.oval:def:1501747
Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fix: * It was found that squid did not properly remove connection specific headers when answering conditional requests using a cached request. A remote attacker could send a spec ...

oval:org.secpod.oval:def:1501748
Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fix: * It was found that squid did not properly remove connection specific headers when answering conditional requests using a cached request. A remote attacker could send a spec ...

oval:org.secpod.oval:def:602757
Ibrahim M. El-Sayed discovered an out-of-bounds heap read vulnerability in the function Type_MLU_Read in liblcms2-2, the Little CMS 2 color management library, which can be triggered by an image with a specially crafted ICC profile and leading to a heap memory leak or denial-of-service for applicati ...

oval:org.secpod.oval:def:42454
The host is installed with Oracle Java SE through 7u151, 8u144 or 9 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to 2D (Little CMS 2). Successful exploitation allows attackers to affect Confidentiality.

oval:org.secpod.oval:def:204141
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix: * It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy function in certain cases. An untrusted Jav ...

oval:org.secpod.oval:def:602775
Several vulnerabilities were discovered in libevent, an asynchronous event notification library. They would lead to Denial Of Service via application crash, or remote code execution.

oval:org.secpod.oval:def:40060
Mozilla Firefox before 53.0, Thunderbird before 52.1, Firefox ESR before 45.9 or 52.x before 52.1 :- Three vulnerabilities were reported in the Libevent library that allow for out-of-bounds reads and denial of service (DoS) attacks: CVE-2016-10195, CVE-2016-10196, and CVE-2016-10197. These were fixe ...

oval:org.secpod.oval:def:1501852
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1501850
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:204495
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.1.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ...

oval:org.secpod.oval:def:204492
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.1.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ...

oval:org.secpod.oval:def:703516
libevent: Asynchronous event notification library Several security issues were fixed in libevent.

oval:org.secpod.oval:def:32959
The host is installed with Mozilla Firefox before 43.0 or Firefox ESR 38.x before 38.6.1 and is prone to an information disclosure vulnerability. A flaw is present in the applications, which fail to handle a crafted graphite smart font. Successful exploitation allows remote attackers to obtain sensi ...

oval:org.secpod.oval:def:1600340
Several vulnerabilities were discovered in Graphite2. An attacker able to trick an unsuspecting user into opening specially crafted font files in an application using Graphite2 could exploit these flaws to cause the application to crash or, potentially, execute arbitrary code with the privileges of ...

oval:org.secpod.oval:def:203906
Graphite2 is a project within SIL"s Non-Roman Script Initiative and Language Software Development groups to provide rendering capabilities for complex non-Roman writing systems. Graphite can be used to create "smart fonts" capable of displaying writing systems with various complex behavior ...

oval:org.secpod.oval:def:34933
The host is installed with RHEL 6 or 7 and is prone to a heap-based buffer overread vulnerability. A flaw is present in the application, which fails to handle a crafted xml document. Successful exploitation could allow attackers to execute arbitrary code or crash the service.

oval:org.secpod.oval:def:33674
The host is installed with Apple Mac OS X or Server 10.9.5, 10.10.5 or 10.11.x before 10.11.4 and is prone to an arbitrary code execution vulnerability. A flaw is present in the application, which fails to properly handle a malicious crafted XML. Successful exploitation could allow remote attackers ...

oval:org.secpod.oval:def:33646
The host is missing a security update according to Apple advisory, APPLE-SA-2016-03-21-6. The update is required to fix multiple memory corruption vulnerabilities. The flaws are present in the application, which fails to properly handle a crafted website. Successful exploitation could allow attacker ...

oval:org.secpod.oval:def:33634
The host is installed with Apple Safari before 9.1 and is prone to a memory corruption vulnerability. A flaw is present in the libxml2, which fails to properly handle a crafted XML file. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:35529
libxml2: GNOME XML library Several security issues were fixed in libxml2.

oval:org.secpod.oval:def:34662
The host is installed with Apple Mac OS X or Server 10.9.5, 10.10.5 or 10.11.x before 10.11.5 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle unspecified vectors. Successful exploitation could allow remote attackers to an unexpe ...

oval:org.secpod.oval:def:34663
The host is installed with Apple Mac OS X or Server 10.9.5, 10.10.5 or 10.11.x before 10.11.6 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle unspecified vectors. Successful exploitation could allow remote attackers to have unsp ...

oval:org.secpod.oval:def:34660
The host is installed with Apple Mac OS X or Server 10.9.5, 10.10.5 or 10.11.x before 10.11.5 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle unspecified vectors. Successful exploitation could allow remote attackers to an unexpe ...

oval:org.secpod.oval:def:34661
The host is installed with Apple Mac OS X or Server 10.9.5, 10.10.5 or 10.11.x before 10.11.5 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle unspecified vectors. Successful exploitation could allow remote attackers to an unexpe ...

oval:org.secpod.oval:def:34941
The host is installed with RHEL 6 or 7 and is prone to a heap-based use-after-free vulnerability. A flaw is present in the application, which fails to handle a crafted xml document. Successful exploitation could allow attackers to execute arbitrary code or crash the service.

oval:org.secpod.oval:def:34936
The host is installed with RHEL 6 or 7 and is prone to a heap-based use-after-free vulnerability. A flaw is present in the application, which fails to handle a crafted xml document. Successful exploitation could allow attackers to execute arbitrary code or crash the service.

oval:org.secpod.oval:def:34934
The host is installed with RHEL 6 or 7 and is prone to a heap-based buffer overread vulnerability. A flaw is present in the application, which fails to handle a crafted xml document. Successful exploitation could allow attackers to execute arbitrary code or crash the service.

oval:org.secpod.oval:def:34935
The host is installed with RHEL 6 or 7 and is prone to a heap-based buffer overflow vulnerability. A flaw is present in the application, which fails to handle a crafted xml document. Successful exploitation could allow attackers to execute arbitrary code or crash the service.

oval:org.secpod.oval:def:34666
The host is installed with Apple Mac OS X or Server 10.9.5, 10.10.5 or 10.11.x before 10.11.5 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle unspecified vectors. Successful exploitation could allow remote attackers to an unexpe ...

oval:org.secpod.oval:def:34667
The host is installed with Apple Mac OS X or Server 10.9.5, 10.10.5 or 10.11.x before 10.11.5 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle unspecified vectors. Successful exploitation could allow remote attackers to an unexpe ...

oval:org.secpod.oval:def:34664
The host is installed with Apple Mac OS X or Server 10.9.5, 10.10.5 or 10.11.x before 10.11.5 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle unspecified vectors. Successful exploitation could allow remote attackers to an unexpe ...

oval:org.secpod.oval:def:34665
The host is installed with Apple Mac OS X or Server 10.9.5, 10.10.5 or 10.11.x before 10.11.5 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle unspecified vectors. Successful exploitation could allow remote attackers to an unexpe ...

oval:org.secpod.oval:def:34937
The host is installed with RHEL 6 or 7 and is prone to a heap-based use-after-free vulnerability. A flaw is present in the application, which fails to handle a crafted xml document. Successful exploitation could allow attackers to execute arbitrary code or crash the service.

oval:org.secpod.oval:def:34932
The host is installed with RHEL 6 or 7 and is prone to a heap-based buffer overflow vulnerability. A flaw is present in the application, which fails to handle a crafted xml document. Successful exploitation could allow attackers to execute arbitrary code or crash the service.

oval:org.secpod.oval:def:34938
The host is installed with RHEL 6 or 7 and is prone to a heap-based buffer overread vulnerability. A flaw is present in the application, which fails to handle a crafted xml document. Successful exploitation could allow attackers to execute arbitrary code or crash the service.

oval:org.secpod.oval:def:34939
The host is installed with RHEL 6 or 7 and is prone to a heap-based buffer overread vulnerability. A flaw is present in the application, which fails to handle a crafted xml document. Successful exploitation could allow attackers to execute arbitrary code or crash the service.

oval:org.secpod.oval:def:602351
Several issues have been discovered in the MariaDB database server. The vulnerabilities are addressed by upgrading MariaDB to the new upstream version 10.0.23. Please see the MariaDB 10.0 Release Notes for further details: https://mariadb.com/kb/en/mariadb/mariadb-10023-release-notes/

oval:org.secpod.oval:def:203979
The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated kernel packages include several security issues and numerous bug fixes, some of which you can see below. Space precludes documenting all of these bug fixes in this advisory. To see the complete list o ...

oval:org.secpod.oval:def:602438
Kostya Kortchinsky discovered a stack-based buffer overflow vulnerability in the VPNv4 NLRI parser in bgpd in quagga, a BGP/OSPF/RIP routing daemon. A remote attacker can exploit this flaw to cause a denial of service , or potentially, execution of arbitrary code, if bgpd is configured with BGP peer ...

oval:org.secpod.oval:def:703037
quagga: BGP/OSPF/RIP routing daemon Quagga could be made to crash or run programs if it received specially crafted network traffic.

oval:org.secpod.oval:def:703157
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:34611
qemu: Machine emulator and virtualizer - qemu-kvm: Machine emulator and virtualizer Several security issues were fixed in QEMU.

oval:org.secpod.oval:def:703107
qemu: Machine emulator and virtualizer - qemu-kvm: Machine emulator and virtualizer Several security issues were fixed in QEMU.

oval:org.secpod.oval:def:400637
qemu was updated to fix 29 security issues. These security issues were fixed: - CVE-2016-4439: Avoid OOB access in 53C9X emulation - CVE-2016-4441: Avoid OOB access in 53C9X emulation - CVE-2016-4952: Avoid OOB access in Vmware PV SCSI emulation - CVE-2015-8817: Avoid OOB access in PCI dma I/O - ...

oval:org.secpod.oval:def:1600383
The following security-related issues were resolved:Buffer over-write in finfo_open with malformed magic file Signedness vulnerability causing heap overflow in libgd Integer overflow in php_raw_url_encode Format string vulnerability in php_snmp_error Invalid memory write in phar on filename containi ...

oval:org.secpod.oval:def:602539
Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development. The vulnerabilities are addressed by upgrading PHP to the new upstream version 5.6.22, which includes additional bug fixes. Please refer to the upstream changelog for more i ...

oval:org.secpod.oval:def:602479
Hans Jerry Illikainen discovered that libgd2, a library for programmatic graphics creation and manipulation, suffers of a signedness vulnerability which may result in a heap overflow when processing specially crafted compressed gd2 data. A remote attacker can take advantage of this flaw to cause an ...

oval:org.secpod.oval:def:34940
The host is installed with RHEL 7 and is prone to a null pointer dereference vulnerability. A flaw is present in the application, which fails to handle a malformed input document. Successful exploitation could allow attackers to execute arbitrary code or crash the service.

oval:org.secpod.oval:def:34931
libgd2: GD Graphics Library The GD library could be made to crash or run programs if it processed a specially crafted image file.

oval:org.secpod.oval:def:1600439
A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of the multipart boundary was just below the size of the buffer used to read the uploaded file if the boundary was the typical tens of bytes long.

oval:org.secpod.oval:def:204119
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. The following packages have been upgraded to a newer upstream version: tomcat . Security Fix: * A CSRF flaw was found in Tomcat"s the index pages for the Manager and Host Manager applications. These applic ...

oval:org.secpod.oval:def:1501655
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. The following packages have been upgraded to a newer upstream version: tomcat . Security Fix: * A CSRF flaw was found in Tomcat"s the index pages for the Manager and Host Manager applications. These applic ...

oval:org.secpod.oval:def:35821
The host is installed with Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36 or 8.5.x before 8.5.3 and is prone to a denial of service vulnerability. A flaw is present in the MultipartStream class in Apache Commons Fileupload, which fails to handle a long boundary string. Successful exploitation al ...

oval:org.secpod.oval:def:1501582
CVE-2016-5403 : The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion. CVE-2016-3710 : The VGA module in QEMU improperly performs bou ...

oval:org.secpod.oval:def:204098
KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm packages provide the user-space component for running virtual machines using KVM. Security Fix: * An out-of-bounds read/write access flaw was found in the way QEMU"s VGA emulation with VESA BIOS Extensions ...

oval:org.secpod.oval:def:204011
KVM is a full virtualization solution for Linux on x86 hardware. Using KVM, one can run multiple virtual machines running unmodified Linux or Windows images. Each virtual machine has private virtualized hardware: a network card, disk, graphics adapter, etc. Security Fix: * An out-of-bounds read/wri ...

oval:org.secpod.oval:def:1501453
KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm packages provide the user-space component for running virtual machines using KVM. Security Fix: * An out-of-bounds read/write access flaw was found in the way QEMU"s VGA emulation with VESA BIOS Extensions su ...

oval:org.secpod.oval:def:1501473
QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system , including a processor and various peripherials. It can be used to launch differe ...

oval:org.secpod.oval:def:34322
qemu: Machine emulator and virtualizer - qemu-kvm: Machine emulator and virtualizer. Incorrect banked access bounds checking in vga module.

oval:org.secpod.oval:def:203931
KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm packages provide the user-space component for running virtual machines using KVM. Security Fix: * An out-of-bounds read/write access flaw was found in the way QEMU"s VGA emulation with VESA BIOS Extensions ...

oval:org.secpod.oval:def:602497
Several vulnerabilities were discovered in qemu, a fast processor emulator. CVE-2016-3710 Wei Xiao and Qinghao Tang of 360.cn Inc discovered an out-of-bounds read and write flaw in the QEMU VGA module. A privileged guest user could use this flaw to execute arbitrary code on the host with the privile ...

oval:org.secpod.oval:def:400618
This update for xen to version 4.5.3 fixes the several issues. These security issues were fixed: - CVE-2016-6258: Potential privilege escalation in PV guests . - CVE-2016-6259: Missing SMAP whitelisting in 32-bit exception / event delivery . - CVE-2016-5337: The megasas_ctrl_get_info function allo ...

oval:org.secpod.oval:def:204166
Kernel-based Virtual Machine is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm packages provide the user-space component for running virtual machines using KVM. Security Fix: * An integer overflow flaw and an out-of-bounds read flaw were found in the way QEMU"s ...

oval:org.secpod.oval:def:1501807
Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix: * An integer overflow flaw and an out-of-bounds read flaw were found in the way QEMU ...

oval:org.secpod.oval:def:1501650
Kernel-based Virtual Machine is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm packages provide the user-space component for running virtual machines using KVM. Security Fix: * An integer overflow flaw and an out-of-bounds read flaw were found in the way QEMU"s ...

oval:org.secpod.oval:def:35562
The host is installed with RHEL 6 or 7 and is prone to a heap-based buffer underreads vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:1600416
A problem was identified in nginx code responsible for saving client request body to a temporary file. A specially crafted request might result in worker process crash due to a NULL pointer dereference while writing client request body to a temporary file.

oval:org.secpod.oval:def:1501680
Several vulnerabilities have been discovered in Linux Kernel and dtrace-modules

oval:org.secpod.oval:def:1501681
Several vulnerabilities have been discovered in Linux Kernel and dtrace-modules

oval:org.secpod.oval:def:602554
Vivian Zhang and Christoph Anton Mitterer discovered that setting an empty VNC password does not work as documented in Libvirt, a virtualisation abstraction library. When the password on a VNC server is set to the empty string, authentication on the VNC server will be disabled, allowing any user to ...

oval:org.secpod.oval:def:1600420
It was discovered that GraphicsMagick did not properly sanitize certain input before using it to invoke processes. A remote attacker could create a specially crafted image that, when processed by an application using GraphicsMagick or an unsuspecting user using the GraphicsMagick utilities, would le ...

oval:org.secpod.oval:def:400720
This update for ImageMagick fixes the following issues: This security issue was fixed: - CVE-2016-5118: Prevent code execution via popen This non-security issue was fixed: - Fix encoding of /Title in generated PDFs

oval:org.secpod.oval:def:703383
c-ares: library for asynchronous name resolves c-ares could be made to crash or run programs if it processed a specially crafted hostname.

oval:org.secpod.oval:def:602633
Gzob Qq discovered that the query-building functions in c-ares, an asynchronous DNS request library would not correctly process crafted query names, resulting in a heap buffer overflow and potentially leading to arbitrary code execution.

oval:org.secpod.oval:def:703321
linux: Linux kernel The system could be made to run programs as an administrator.

oval:org.secpod.oval:def:703320
linux: Linux kernel The system could be made to run programs as an administrator.

oval:org.secpod.oval:def:703325
linux-raspi2: Linux kernel for Raspberry Pi 2 The system could be made to run programs as an administrator.

oval:org.secpod.oval:def:703319
linux-lts-trusty: Linux hardware enablement kernel from Trusty for Precise The system could be made to run programs as an administrator.

oval:org.secpod.oval:def:703318
linux-raspi2: Linux kernel for Raspberry Pi 2 The system could be made to run programs as an administrator.

oval:org.secpod.oval:def:703317
linux-ti-omap4: Linux kernel for OMAP4 The system could be made to run programs as an administrator.

oval:org.secpod.oval:def:1600463
CVE-2016-5195 kernel: mm: privilege escalation via MAP_PRIVATE COW breakageA race condition was found in the way the Linux kernel"s memory subsystem handled the copy-on-write breakage of private read-only memory mappings. An unprivileged local user could use this flaw to gain write access to otherw ...

oval:org.secpod.oval:def:204030
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * A race condition was found in the way the Linux kernel"s memory subsystem handled the copy-on-write breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to ...

oval:org.secpod.oval:def:204029
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * A race condition was found in the way the Linux kernel"s memory subsystem handled the copy-on-write breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to ...

oval:org.secpod.oval:def:37804
The host installed with kernel package on CentOS 5, 6 or 7 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to properly handle the copy-on-write (COW) breakage of private read-only memory mappings. Successful exploitation could allow attackers t ...

oval:org.secpod.oval:def:37803
The host installed with kernel package on RHEL 5, 6 or 7 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to properly handle the copy-on-write (COW) breakage of private read-only memory mappings. Successful exploitation could allow attackers to ...

oval:org.secpod.oval:def:1501608
A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on th ...

oval:org.secpod.oval:def:1501609
A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on th ...

oval:org.secpod.oval:def:1501614
A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on th ...

oval:org.secpod.oval:def:1501611
A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on th ...

oval:org.secpod.oval:def:1501612
A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on th ...

oval:org.secpod.oval:def:1501617
A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on t ...

oval:org.secpod.oval:def:1501615
A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on th ...

oval:org.secpod.oval:def:1501616
A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on t ...

oval:org.secpod.oval:def:602713
Several vulnerabilities have been discovered in GraphicsMagick, a collection of image processing tool, which can cause denial of service attacks, remote file deletion, and remote command execution. This security update removes the full support of PLT/Gnuplot decoder to prevent Gnuplot-shell based sh ...

oval:org.secpod.oval:def:1600434
curl and libcurl before 7.50.1 do not prevent TLS session resumption when the client certificate has changed, which allows remote attackers to bypass intended restrictions by resuming a session. curl and libcurl before 7.50.1 do not check the client certificate when choosing the TLS connection to re ...

oval:org.secpod.oval:def:602578
Several vulnerabilities were discovered in cURL, an URL transfer library: CVE-2016-5419 Bru Rom discovered that libcurl would attempt to resume a TLS session even if the client certificate had changed. CVE-2016-5420 It was discovered that libcurl did not consider client certificates when reusing TLS ...

oval:org.secpod.oval:def:36755
curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl.

oval:org.secpod.oval:def:38510
The host is installed with Apple Mac OS X or Server 10.12.x through 10.12.1 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle unknown vectors related to curl. Successful exploitation could allow attackers to leak sensitive u ...

oval:org.secpod.oval:def:703223
curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl.

oval:org.secpod.oval:def:38564
The host is installed with PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, or 9.5.x before 9.5.4 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to handle a (1) " (double quote), (2) \ (backslash), (3) ca ...

oval:org.secpod.oval:def:38565
The host is installed with PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, or 9.5.x before 9.5.4 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle a CASE expression or inlining of an SQL function. Su ...

oval:org.secpod.oval:def:1600448
A flaw was found in the way PostgreSQL server handled certain SQL statements containing CASE/WHEN commands. A remote, authenticated attacker could use a specially crafted SQL statement to cause PostgreSQL to crash or disclose a few bytes of server memory or possibly execute arbitrary code. A flaw wa ...

oval:org.secpod.oval:def:204153
PostgreSQL is an advanced object-relational database management system . The following packages have been upgraded to a newer upstream version: postgresql . Security Fix: * A flaw was found in the way PostgreSQL server handled certain SQL statements containing CASE/WHEN commands. A remote, authentic ...

oval:org.secpod.oval:def:1501630
PostgreSQL is an advanced object-relational database management system . The following packages have been upgraded to a newer upstream version: postgresql . Security Fix: * A flaw was found in the way PostgreSQL server handled certain SQL statements containing CASE/WHEN commands. A remote, authentic ...

oval:org.secpod.oval:def:602588
Several vulnerabilities have been found in PostgreSQL-9.4, a SQL database system. CVE-2016-5423 Karthikeyan Jambu Rajaraman discovered that nested CASE-WHEN expressions are not properly evaluated, potentially leading to a crash or allowing to disclose portions of server memory. CVE-2016-5424 Nathan ...

oval:org.secpod.oval:def:703239
postgresql-9.5: object-relational SQL database - postgresql-9.3: Object-relational SQL database - postgresql-9.1: Object-relational SQL database Several security issues were fixed in PostgreSQL.

oval:org.secpod.oval:def:38511
The host is installed with Apple Mac OS X or Server 10.12.x through 10.12.1 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle unknown vectors related to curl. Successful exploitation could allow attackers to leak sensitive u ...

oval:org.secpod.oval:def:602667
Several issues have been discovered in the MariaDB database server. The vulnerabilities are addressed by upgrading MariaDB to the new upstream version 10.0.28. Please see the MariaDB 10.0 Release Notes for further details: https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/

oval:org.secpod.oval:def:36104
libgd2: GD Graphics Library The GD library could be made to crash or run programs if it processed a specially crafted image file.

oval:org.secpod.oval:def:1501594
linux: Linux kernel Several security issues were fixed in the kernel.

oval:org.secpod.oval:def:1501595
linux: Linux kernel Several security issues were fixed in the kernel.

oval:org.secpod.oval:def:1501593
linux: Linux kernel Several security issues were fixed in the kernel.

oval:org.secpod.oval:def:1501598
linux: Linux kernel Several security issues were fixed in the kernel.

oval:org.secpod.oval:def:1501596
linux: Linux kernel Several security issues were fixed in the kernel.

oval:org.secpod.oval:def:1501597
linux: Linux kernel Several security issues were fixed in the kernel.

oval:org.secpod.oval:def:36105
libgd2: GD Graphics Library The GD library could be made to crash or run programs if it processed a specially crafted image file.

oval:org.secpod.oval:def:602557
Several vulnerabilities were discovered in libgd2, a library for programmatic graphics creation and manipulation. A remote attacker can take advantage of these flaws to cause a denial-of-service against an application using the libgd2 library , or potentially to execute arbitrary code with the privi ...

oval:org.secpod.oval:def:703200
libgd2: GD Graphics Library The GD library could be made to crash or run programs if it processed a specially crafted image file.

oval:org.secpod.oval:def:1501675
Several vulnerabilities have been discovered in Linux Kernel

oval:org.secpod.oval:def:1501676
Several vulnerabilities have been discovered in Linux Kernel and dtrace-modules

oval:org.secpod.oval:def:1501679
Several vulnerabilities have been discovered in Linux Kernel

oval:org.secpod.oval:def:1501678
Several vulnerabilities have been discovered in Linux Kernel and dtrace-modules

oval:org.secpod.oval:def:602569
Secunia Research at Flexera Software discovered an integer overflow vulnerability within the _gdContributionsAlloc function in libgd2, a library for programmatic graphics creation and manipulation. A remote attacker can take advantage of this flaw to cause a denial-of-service against an application ...

oval:org.secpod.oval:def:703226
libgd2: GD Graphics Library The GD library could be made to crash or run programs if it processed a specially crafted image file.

oval:org.secpod.oval:def:1600447
A design flaw was found in the libgcrypt PRNG . An attacker who can obtain the first 580 bytes of the PRNG output can trivially predict the following 20 bytes.

oval:org.secpod.oval:def:204035
The libgcrypt library provides general-purpose implementations of various cryptographic algorithms. Security Fix: * A design flaw was found in the libgcrypt PRNG . An attacker able to obtain the first 580 bytes of the PRNG output could predict the following 20 bytes. Red Hat would like to thank Fel ...

oval:org.secpod.oval:def:204151
The libgcrypt library provides general-purpose implementations of various cryptographic algorithms. Security Fix: * A design flaw was found in the libgcrypt PRNG . An attacker able to obtain the first 580 bytes of the PRNG output could predict the following 20 bytes. Red Hat would like to thank Fel ...

oval:org.secpod.oval:def:1501649
A design flaw was found in the libgcrypt PRNG (Pseudo-Random Number Generator). An attacker able to obtain the first 580 bytes of the PRNG output could predict the following 20 bytes.

oval:org.secpod.oval:def:1501644
A design flaw was found in the libgcrypt PRNG (Pseudo-Random Number Generator). An attacker able to obtain the first 580 bytes of the PRNG output could predict the following 20 bytes.

oval:org.secpod.oval:def:602593
Felix Doerre and Vladimir Klebanov from the Karlsruhe Institute of Technology discovered a flaw in the mixing functions of GnuPG"s random number generator. An attacker who obtains 4640 bits from the RNG can trivially predict the next 160 bits of output. A first analysis on the impact of this bug for ...

oval:org.secpod.oval:def:602592
Felix Doerre and Vladimir Klebanov from the Karlsruhe Institute of Technology discovered a flaw in the mixing functions of Libgcrypt"s random number generator. An attacker who obtains 4640 bits from the RNG can trivially predict the next 160 bits of output. A first analysis on the impact of this bug ...

oval:org.secpod.oval:def:703240
libgcrypt20: LGPL Crypto library - libgcrypt11: LGPL Crypto library Libgcrypt incorrectly generated random numbers.

oval:org.secpod.oval:def:703238
gnupg: GNU privacy guard - a free PGP replacement GnuPG incorrectly generated random numbers.

oval:org.secpod.oval:def:37886
The host is missing a patch containing security fixes, which affects the following package(s):openssh.base.server and openssh.base.client

oval:org.secpod.oval:def:602648
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2015-8956 It was discovered that missing input sanitising in RFCOMM Bluetooth socket handling may result in denial of service or information leak. CVE ...

oval:org.secpod.oval:def:602683
Chris Evans discovered that the GStreamer 1.0 plugin used to decode files in the FLIC format allowed execution of arbitrary code. Further details can be found in his advisory at https://scarybeastsecurity.blogspot.de/2016/11/0day-exploit-advancing-exploitation.html

oval:org.secpod.oval:def:602682
Chris Evans discovered that the GStreamer 0.10 plugin used to decode files in the FLIC format allowed execution of arbitrary code. Further details can be found in his advisory at https://scarybeastsecurity.blogspot.de/2016/11/0day-exploit-advancing-exploitation.html This update removes the insecure ...

oval:org.secpod.oval:def:204071
GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license. Security Fix: * Multiple flaws were discovered in GStreamer"s FLC/FLI/FLX ...

oval:org.secpod.oval:def:204070
GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license. Security Fix: * Multiple flaws were discovered in GStreamer"s FLC/FLI/FLX m ...

oval:org.secpod.oval:def:204063
GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license. Security Fix: * Multiple flaws were discovered in GStreamer"s FLC/FLI/FLX m ...

oval:org.secpod.oval:def:1501725
GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license. Security Fix: * Multiple flaws were discovered in GStreamer"s FLC/FLI/FLX ...

oval:org.secpod.oval:def:1501718
GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license. Security Fix: * Multiple flaws were discovered in GStreamer"s FLC/FLI/FLX m ...

oval:org.secpod.oval:def:1501724
GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license. Security Fix: * Multiple flaws were discovered in GStreamer"s FLC/FLI/FLX m ...

oval:org.secpod.oval:def:204466
OpenJPEG is an open source library for reading and writing image files in JPEG2000 format. Security Fix: * Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in OpenJPEG. A specially crafted JPEG2000 image could cause an application using OpenJPEG to crash or, potent ...

oval:org.secpod.oval:def:204468
OpenJPEG is an open source library for reading and writing image files in JPEG2000 format. Security Fix: * Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in OpenJPEG. A specially crafted JPEG2000 image could cause an application using OpenJPEG to crash or, potent ...

oval:org.secpod.oval:def:1501798
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1501801
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1600517
Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in OpenJPEG. A specially crafted JPEG2000 image could cause an application using OpenJPEG to crash or, potentially, execute arbitrary code. A vulnerability was found in the patch for CVE-2013-6045 for OpenJPEG. A spe ...

oval:org.secpod.oval:def:40419
The host is installed with LibreOffice before 5.1.6 or 5.2.x before 5.2.2 and is prone to an arbitrary file disclosure vulnerability. A flaw is present in the application, which fails to handle embedded object. Successful exploitation could allow remote attackers to expose details of the environment ...

oval:org.secpod.oval:def:40422
The host is installed with LibreOffice before 5.1.6002 or 5.2.x before 5.2.2002 and is prone to an arbitrary file disclosure vulnerability. A flaw is present in the application, which fails to handle embedded object. Successful exploitation could allow remote attackers to expose details of the envir ...

oval:org.secpod.oval:def:602784
Ben Hayak discovered that objects embedded in Writer and Calc documents may result in information disclosure. Please see https://www.libreoffice.org/about-us/security/advisories/cve-2017-3157/ for additional information.

oval:org.secpod.oval:def:204480
LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and extend ...

oval:org.secpod.oval:def:204473
LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and extend ...

oval:org.secpod.oval:def:703487
libreoffice: Office productivity suite LibreOffice could be made to disclose files if it opened a specially crafted file.

oval:org.secpod.oval:def:1501833
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1501838
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:42580
The host is installed with Apache OpenOffice before 4.1.4 and is prone to an arbitrary file disclosure vulnerability. A flaw is present in the application, which fails to handle a crafted document. Successful exploitation could allow attackers to disclose sensitive information.

oval:org.secpod.oval:def:42585
The host is installed with Apache OpenOffice before 4.1.4 and is prone to an arbitrary file disclosure vulnerability. A flaw is present in the application, which fails to handle a crafted document. Successful exploitation could allow attackers to disclose sensitive information.

oval:org.secpod.oval:def:40418
libxslt: XSLT processing library Several security issues were fixed in Libxslt.

oval:org.secpod.oval:def:40417
libxslt: XSLT processing library Several security issues were fixed in Libxslt.

oval:org.secpod.oval:def:43223
quagga: BGP/OSPF/RIP routing daemon Several security issues were fixed in Quagga.

oval:org.secpod.oval:def:1501803
The quagga packages contain Quagga, the free network-routing software suite that manages TCP/IP based protocols. Quagga supports the BGP4, BGP4+, OSPFv2, OSPFv3, RIPv1, RIPv2, and RIPng protocols, and is intended to be used as a Route Server and Route Reflector. Security Fix: * A stack-based buffer ...

oval:org.secpod.oval:def:1600711
Escape out of git-shellA flaw was found in the way git-shell handled command-line options for the restricted set of git-shell commands. A remote authenticated attacker could use this flaw to bypass git-shell restrictions, to view and manipulate files, by abusing the instance of the less command laun ...

oval:org.secpod.oval:def:602529
Two related issues have been discovered in Expat, a C library for parsing XML. CVE-2012-6702 It was introduced when CVE-2012-0876 was addressed. Stefan Sørensen discovered that the use of the function XML_Parse seeds the random number generator generating repeated outputs for rand calls. ...

oval:org.secpod.oval:def:33739
quagga: BGP/OSPF/RIP routing daemon Quagga could be made to crash or run programs if it received specially crafted network traffic.

oval:org.secpod.oval:def:400567
Chromium was updated to 31.0.1650.57: Stable channel update: - Security Fixes: * CVE-2013-6632: Multiple memory corruption issues. - Update to Chromium 31.0.1650.48 Stable Channel update: - Security fixes: * CVE-2013-6621: Use after free related to speech input elements.. * CVE-2013-6622: Use after ...

oval:org.secpod.oval:def:400570
Security and bugfix update to Chromium 31.0.1650.57 - Update to Chromium 31.0.1650.57: - Security Fixes: * CVE-2013-6632: Multiple memory corruption issues. - Update to Chromium 31.0.1650.48 Stable Channel update: - Security fixes: * CVE-2013-6621: Use after free related to speech input elements.. * ...

oval:org.secpod.oval:def:1501303
The key_gc_unused_keys function in security/keys/gc.c in the Linux kernel allows local users to cause a denial of service (OOPS) via crafted keyctl commands.

oval:org.secpod.oval:def:1501307
Race condition in the IPC object implementation in the Linux kernel allows local users to gain privileges by triggering an ipc_addid call that leads to uid and gid comparisons against uninitialized data, related to msg.c, shm.c, and util.c.

oval:org.secpod.oval:def:1501293
The key_gc_unused_keys function in security/keys/gc.c in the Linux kernel allows local users to cause a denial of service (OOPS) via crafted keyctl commands.

oval:org.secpod.oval:def:1501298
Race condition in the IPC object implementation in the Linux kernel allows local users to gain privileges by triggering an ipc_addid call that leads to uid and gid comparisons against uninitialized data, related to msg.c, shm.c, and util.c.

oval:org.secpod.oval:def:24743
The host is installed with kernel in RHEL 7 and is prone to an unprivileged module load vulnerability. A flaw is present in the application, which fails to properly handle request_module() call. Successful exploitation could allow attackers to load any installed module.

oval:org.secpod.oval:def:1600047
An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execute arbitrary code wi ...

oval:org.secpod.oval:def:1500573
Updated java-1.7.0-openjdk packages that fix various security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, ...

oval:org.secpod.oval:def:1500584
Updated java-1.6.0-openjdk packages that fix various security issues and one bug are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System base scores, which give detailed ...

oval:org.secpod.oval:def:1500587
Updated java-1.6.0-openjdk packages that fix various security issues and one bug are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System base scores, which give detailed ...

oval:org.secpod.oval:def:1500589
Updated java-1.7.0-openjdk packages that fix various security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, ...

oval:org.secpod.oval:def:1500623
An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execute arbitrary code wi ...

oval:org.secpod.oval:def:21291
The host is missing a patch containing a security fixes, which affects the following package(s): Java

oval:org.secpod.oval:def:203311
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when pro ...

oval:org.secpod.oval:def:203310
The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when pro ...

oval:org.secpod.oval:def:203317
The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when pro ...

oval:org.secpod.oval:def:203316
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when pro ...

oval:org.secpod.oval:def:1600146
An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execute arbitrary code wi ...

oval:org.secpod.oval:def:1500949
Stack-based buffer overflow in the ttusbdecfe_dvbs_diseqc_send_master_cmd function in drivers/media/usb/ttusb-dec/ttusbdecfe.c in the Linux kernel before 3.17.4 allows local users to cause a denial of service (system crash) or possibly gain privileges via a large message length in an ioctl call.

oval:org.secpod.oval:def:1500950
Stack-based buffer overflow in the ttusbdecfe_dvbs_diseqc_send_master_cmd function in drivers/media/usb/ttusb-dec/ttusbdecfe.c in the Linux kernel before 3.17.4 allows local users to cause a denial of service (system crash) or possibly gain privileges via a large message length in an ioctl call.

oval:org.secpod.oval:def:1600762
Unbounded stack allocation in catopen functionA stack based buffer overflow vulnerability was found in the catopen function. An excessively long string passed to the function could cause it to crash or, potentially, execute arbitrary code.Integer overflow in hcreate and hcreate_rAn integer overflow ...

oval:org.secpod.oval:def:703141
libgd2: GD Graphics Library The GD library could be made to crash or run programs if it processed a specially crafted image file.

oval:org.secpod.oval:def:1501806
The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix: * A stack overflow vulnerability was ...

oval:org.secpod.oval:def:204271
The Network Time Protocol is used to synchronize a computer"s time with another referenced time source. It was found that because NTP"s access control was based on a source IP address, an attacker could bypass source IP restrictions and send malicious control and configuration packets by spoofing : ...

oval:org.secpod.oval:def:204260
The Network Time Protocol is used to synchronize a computer"s time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service. It was found that because NTP"s access control was based ...

oval:org.secpod.oval:def:34930
libgd2: GD Graphics Library The GD library could be made to crash or run programs if it processed a specially crafted image file.

oval:org.secpod.oval:def:1501243
The remote host is missing a patch containing a security fix, which affects the following package(s): ntp

oval:org.secpod.oval:def:24752
The host is installed with libtiff in RHEL 5, 6 or 7 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle crafted data. Successful exploitation could allow attackers to crash the service.

oval:org.secpod.oval:def:1501135
MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory p ...

oval:org.secpod.oval:def:1501139
MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. It was found that the MySQL client library permitted but did not require a client to use SSL/TLS when establishing a secure connection to a MySQL server using the "--ssl" option. A man-in-the- ...

oval:org.secpod.oval:def:1501092
Multiple vulnerabilities were discovered in the dissectors/parsers for WCP, pcapng and TNEF, which could result in denial of service.

oval:org.secpod.oval:def:203691
MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory p ...

oval:org.secpod.oval:def:203693
MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. It was found that the MySQL client library permitted but did not require a client to use SSL/TLS when establishing a secure connection to a MySQL server using the "--ssl" option. A man-in-the- ...

oval:org.secpod.oval:def:204268
Wireshark, previously known as Ethereal, is a network protocol analyzer, which is used to capture and browse the traffic running on a computer network. Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or op ...

oval:org.secpod.oval:def:204218
The wireshark packages contain a network protocol analyzer used to capture and browse the traffic running on a computer network. Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump f ...

oval:org.secpod.oval:def:1501221
The remote host is missing a patch containing a security fix, which affects the following package(s): wireshark

oval:org.secpod.oval:def:1501086
Multiple vulnerabilities were discovered in ntp, an implementation of the Network Time Protocol: CVE-2015-1798 When configured to use a symmetric key with an NTP peer, ntpd would accept packets without MAC as if they had a valid MAC. This could allow a remote attacker to bypass the packet authentica ...

oval:org.secpod.oval:def:1501145
Stack-based buffer overflow in the get_matching_model_microcode function in arch/x86/kernel/cpu/microcode/intel_early.c in the Linux kernel allows context-dependent attackers to gain privileges by constructing a crafted microcode header and leveraging root privileges for write access to the initrd.

oval:org.secpod.oval:def:1501040
The kernel packages contain the Linux kernel, the core of any Linux operating system. * It was found that the Linux kernel"s implementation of vectored pipe read and write functionality did not take into account the I/O vectors that were already processed when retrying after a failed atomic access o ...

oval:org.secpod.oval:def:1501070
The kernel packages contain the Linux kernel, the core of any Linux operating system. * A NULL pointer dereference flaw was found in the way the Linux kernel"s virtual console implementation handled reference counting when accessing pseudo-terminal device files . A local, unprivileged attacker could ...

oval:org.secpod.oval:def:203648
The kernel packages contain the Linux kernel, the core of any Linux operating system. * It was found that the Linux kernel"s implementation of vectored pipe read and write functionality did not take into account the I/O vectors that were already processed when retrying after a failed atomic access o ...

oval:org.secpod.oval:def:1501118
Network Security Services is a set of libraries designed to support cross-platform development of security-enabled client and server applications. It was found that NSS permitted skipping of the ServerKeyExchange packet during a handshake involving ECDHE . A remote attacker could use this flaw to b ...

oval:org.secpod.oval:def:203697
Network Security Services is a set of libraries designed to support cross-platform development of security-enabled client and server applications. It was found that NSS permitted skipping of the ServerKeyExchange packet during a handshake involving ECDHE . A remote attacker could use this flaw to b ...

oval:org.secpod.oval:def:1501044
arch/x86/kernel/entry_64.S in the Linux kernel before 3.19.2 does not prevent the TS_COMPAT flag from reaching a user-mode task, which might allow local users to bypass the seccomp or audit protection mechanism via a crafted application that uses the (1) fork or (2) close system call, as demonstrate ...

oval:org.secpod.oval:def:1501048
arch/x86/kernel/entry_64.S in the Linux kernel before 3.19.2 does not prevent the TS_COMPAT flag from reaching a user-mode task, which might allow local users to bypass the seccomp or audit protection mechanism via a crafted application that uses the (1) fork or (2) close system call, as demonstrate ...

oval:org.secpod.oval:def:1501049
arch/x86/kernel/entry_64.S in the Linux kernel before 3.19.2 does not prevent the TS_COMPAT flag from reaching a user-mode task, which might allow local users to bypass the seccomp or audit protection mechanism via a crafted application that uses the (1) fork or (2) close system call, as demonstrate ...

oval:org.secpod.oval:def:1501052
arch/x86/kernel/entry_64.S in the Linux kernel before 3.19.2 does not prevent the TS_COMPAT flag from reaching a user-mode task, which might allow local users to bypass the seccomp or audit protection mechanism via a crafted application that uses the (1) fork or (2) close system call, as demonstrate ...

oval:org.secpod.oval:def:1501073
The kernel packages contain the Linux kernel, the core of any Linux operating system. * A NULL pointer dereference flaw was found in the way the Linux kernel"s virtual console implementation handled reference counting when accessing pseudo-terminal device files . A local, unprivileged attacker could ...

oval:org.secpod.oval:def:1501071
The kernel packages contain the Linux kernel, the core of any Linux operating system. * A NULL pointer dereference flaw was found in the way the Linux kernel"s virtual console implementation handled reference counting when accessing pseudo-terminal device files . A local, unprivileged attacker could ...

oval:org.secpod.oval:def:203674
The kernel packages contain the Linux kernel, the core of any Linux operating system. * A NULL pointer dereference flaw was found in the way the Linux kernel"s virtual console implementation handled reference counting when accessing pseudo-terminal device files . A local, unprivileged attacker could ...

oval:org.secpod.oval:def:25185
The host is installed with kernel on Red Hat Enterprise Linux 6 or 7 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to properly handle fork(2) and close(2) system calls with an 'int80' entry. Successful exploitation could allow attackers to es ...

oval:org.secpod.oval:def:25164
The host is installed with kernel on Red Hat Enterprise Linux 6 or 7 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle Router advertisements. Successful exploitation could allow attackers to crash the service.

oval:org.secpod.oval:def:1501055
PostgreSQL is an advanced object-relational database management system . A double-free flaw was found in the connection handling. An unauthenticated attacker could exploit this flaw to crash the PostgreSQL back end by disconnecting at approximately the same time as the authentication time out is tri ...

oval:org.secpod.oval:def:1501054
PostgreSQL is an advanced object-relational database management system . A double-free flaw was found in the connection handling. An unauthenticated attacker could exploit this flaw to crash the PostgreSQL back end by disconnecting at approximately the same time as the authentication time out is tri ...

oval:org.secpod.oval:def:203658
PostgreSQL is an advanced object-relational database management system . A double-free flaw was found in the connection handling. An unauthenticated attacker could exploit this flaw to crash the PostgreSQL back end by disconnecting at approximately the same time as the authentication time out is tri ...

oval:org.secpod.oval:def:203657
PostgreSQL is an advanced object-relational database management system . A double-free flaw was found in the connection handling. An unauthenticated attacker could exploit this flaw to crash the PostgreSQL back end by disconnecting at approximately the same time as the authentication time out is tri ...

oval:org.secpod.oval:def:602111
Several vulnerabilities have been found in PostgreSQL-9.4, a SQL database system. CVE-2015-3165 SSL clients disconnecting just before the authentication timeout expires can cause the server to crash. CVE-2015-3166 The replacement implementation of snprintf failed to check for errors reported by th ...

oval:org.secpod.oval:def:602109
Several vulnerabilities have been found in PostgreSQL-9.1, a SQL database system. CVE-2015-3165 SSL clients disconnecting just before the authentication timeout expires can cause the server to crash. CVE-2015-3166 The replacement implementation of snprintf failed to check for errors reported by th ...

oval:org.secpod.oval:def:602124
The update for postgresql-9.1 in DSA-3269-1 introduced a regression which can causes PostgreSQL to refuse to restart after an unexpected shutdown or when restoring from a binary backup. Updated packages are now available to address this regression. Please refer to the upstream Bug FAQ for additional ...

oval:org.secpod.oval:def:24344
curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl.

oval:org.secpod.oval:def:1501072
The kernel packages contain the Linux kernel, the core of any Linux operating system. * A NULL pointer dereference flaw was found in the way the Linux kernel"s virtual console implementation handled reference counting when accessing pseudo-terminal device files . A local, unprivileged attacker could ...

oval:org.secpod.oval:def:1501075
The kernel packages contain the Linux kernel, the core of any Linux operating system. * A NULL pointer dereference flaw was found in the way the Linux kernel"s virtual console implementation handled reference counting when accessing pseudo-terminal device files . A local, unprivileged attacker could ...

oval:org.secpod.oval:def:203683
The kernel packages contain the Linux kernel, the core of any Linux operating system. * An integer overflow flaw was found in the way the Linux kernel"s netfilter connection tracking implementation loaded extensions. An attacker on a local network could potentially send a sequence of specially craft ...

oval:org.secpod.oval:def:203888
MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a newer upstream version: MariaDB . Refer to the MariaDB Release Notes listed in the References section for a complete list of changes. Security Fix: * It wa ...

oval:org.secpod.oval:def:1501424
MariaDB is a community developed branch of MySQL. MariaDB is a multi-user, multi-threaded SQL database server. It is a client/server implementation consisting of a server daemon and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs and ...

oval:org.secpod.oval:def:1600337
wolfSSL before 3.6.8 does not properly handle faults associated with the Chinese Remainder Theorem process when allowing ephemeral key exchange without low memory optimizations on a server, which makes it easier for remote attackers to obtain private RSA keys by capturing TLS handshakes, also know ...

oval:org.secpod.oval:def:1501600
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Security Fix: * It was discovered that the Tomcat packages installed configuration file /usr/lib/tmpfiles.d/tomcat.conf writeable to the tomcat group. A member of the group or a malicious web application dep ...

oval:org.secpod.oval:def:1600343
A directory traversal vulnerability in RequestUtil.java was discovered which allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths cal ...

oval:org.secpod.oval:def:1600351
A directory traversal vulnerability in RequestUtil.java was discovered which allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths cal ...

oval:org.secpod.oval:def:204129
The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. The following packages have been upgraded to a newer upstream version: libvir ...

oval:org.secpod.oval:def:33123
The host is installed with Apache Tomcat 7.x before 7.0.66 or 8.x before 8.0.30 and is prone to a session fixation vulnerability. A flaw is present in the session-persistence implementation, which fails to handle different session settings used for deployments of multiple versions of the same web ap ...

oval:org.secpod.oval:def:33125
The host is installed with Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65 or 8.x before 8.0.27 and is prone to a directory traversal vulnerability. A flaw is present in RequestUtil.java, which fails to handle a /.. (slash dot dot) in a pathname used by a web application in a getResource, getReso ...

oval:org.secpod.oval:def:33124
The host is installed with Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.67 or 8.x before 8.0.30 and is prone to an information disclosure vulnerability. A flaw is present in the Mapper component, which processes redirects before considering security constraints and Filters. Successful exploitatio ...

oval:org.secpod.oval:def:1501628
The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. The following packages have been upgraded to a newer upstream version: libvir ...

oval:org.secpod.oval:def:33122
The host is installed with Apache Tomcat 7.x before 7.0.68 or 8.x before 8.0.31 and is prone to a security bypass vulnerability. A flaw is present in the Manager and Host Manager applications, which establish sessions and send CSRF tokens for arbitrary new requests. Successful exploitation allows re ...

oval:org.secpod.oval:def:1501465
The Network Time Protocol is used to synchronize a computer"s time with a referenced time source. It was discovered that ntpd as a client did not correctly check timestamps in Kiss-of-Death packets. A remote attacker could use this flaw to send a crafted Kiss-of-Death packet to an ntpd client that w ...

oval:org.secpod.oval:def:204167
The Network Time Protocol is used to synchronize a computer"s time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service. Security Fix: * It was found that the fix for CVE-2014-9 ...

oval:org.secpod.oval:def:204118
The Network Time Protocol is used to synchronize a computer"s time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service. Security Fix: * It was found that the fix for CVE-2014-9 ...

oval:org.secpod.oval:def:1501664
The Network Time Protocol is used to synchronize a computer"s time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service. Security Fix: * It was found that when NTP was configure ...

oval:org.secpod.oval:def:1501194
The Network Time Protocol is used to synchronize a computer"s time with a referenced time source. It was discovered that ntpd as a client did not correctly check timestamps in Kiss-of-Death packets. A remote attacker could use this flaw to send a crafted Kiss-of-Death packet to an ntpd client that ...

oval:org.secpod.oval:def:1501200
The Network Time Protocol is used to synchronize a computer"s time with a referenced time source. It was discovered that ntpd as a client did not correctly check timestamps in Kiss-of-Death packets. A remote attacker could use this flaw to send a crafted Kiss-of-Death packet to an ntpd client that ...

oval:org.secpod.oval:def:203746
The Network Time Protocol is used to synchronize a computer"s time with a referenced time source. It was discovered that ntpd as a client did not correctly check timestamps in Kiss-of-Death packets. A remote attacker could use this flaw to send a crafted Kiss-of-Death packet to an ntpd client that ...

oval:org.secpod.oval:def:203745
The Network Time Protocol is used to synchronize a computer"s time with a referenced time source. It was discovered that ntpd as a client did not correctly check timestamps in Kiss-of-Death packets. A remote attacker could use this flaw to send a crafted Kiss-of-Death packet to an ntpd client that ...

oval:org.secpod.oval:def:34243
The host is installed with OpenSSH through 7.2p2 and is prone to a privilege escalation vulnerability. A flaw is present in session.c in sshd, which fails to handle an LD_PRELOAD environment variable. Successful exploitation could allow local users to gain privileges by triggering a crafted environm ...

oval:org.secpod.oval:def:1600474
It was discovered that the OpenSSH sshd daemon fetched PAM environment settings before running the login program. In configurations with UseLogin=yes and the pam_env PAM module configured to read user environment settings, a local user could use this flaw to execute arbitrary code as root.

oval:org.secpod.oval:def:400775
ntp was updated to version 4.2.8p6 to fix 12 security issues. Also yast2-ntp-client was updated to match some sntp syntax changes. These security issues were fixed: - CVE-2015-8158: Fixed potential infinite loop in ntpq . - CVE-2015-8138: Zero Origin Timestamp Bypass . - CVE-2015-7979: Off-path Den ...

oval:org.secpod.oval:def:204126
OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fix: * It was discovered that the OpenSSH sshd daemon fetched PAM environment settings before running t ...

oval:org.secpod.oval:def:1501810
OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fix: * It was discovered that the OpenSSH sshd daemon fetched PAM environment settings before running t ...

oval:org.secpod.oval:def:1501654
OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fix: * It was discovered that the OpenSSH sshd daemon fetched PAM environment settings before running t ...

oval:org.secpod.oval:def:703038
tiff: Tag Image File Format library LibTIFF could be made to crash or run programs as your login if it opened a specially crafted file.

oval:org.secpod.oval:def:602365
Several vulnerabilities have been found in tiff, a Tag Image File Format library. Multiple out-of-bounds read and write flaws could cause an application using the tiff library to crash.

oval:org.secpod.oval:def:34616
The host is missing a security update according to Apple advisory, APPLE-SA-2016-05-16-4. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle unspecified vectors. Successful exploitation could allow remote attackers to caus ...

oval:org.secpod.oval:def:1600478
A heap-buffer overflow was found in the poppler library. An attacker could create a malicious PDF file that would cause applications that use poppler to crash or, potentially, execute arbitrary code when opened.

oval:org.secpod.oval:def:204137
Poppler is a Portable Document Format rendering library, used by applications such as Evince. Security Fix: * A heap-buffer overflow was found in the poppler library. An attacker could create a malicious PDF file that would cause applications that use poppler to crash or, potentially, execute arbi ...

oval:org.secpod.oval:def:602488
It was discovered that a heap overflow in the Poppler PDF library may result in denial of service and potentially the execution of arbitrary code if a malformed PDF file is opened.

oval:org.secpod.oval:def:1501657
Poppler is a Portable Document Format rendering library, used by applications such as Evince. Security Fix: * A heap-buffer overflow was found in the poppler library. An attacker could create a malicious PDF file that would cause applications that use poppler to crash or, potentially, execute arbi ...

oval:org.secpod.oval:def:1600419
It was discovered that ImageMagick did not properly sanitize certain input before using it to invoke processes. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would lead to arb ...

oval:org.secpod.oval:def:1600430
A stack consumption vulnerability in GD in PHP allows remote attackers to cause a denial of service via a crafted imagefilltoborder call. An integer overflow, leading to a heap-based buffer overflow was found in the imagecreatefromgd2 function of PHP"s gd extension. A remote attacker could use this ...

oval:org.secpod.oval:def:1501499
ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. Security Fix: * It was discovered that ImageMagick did not properly sanitize certain input before using it to invoke processes. A remote attacker could create a specially cra ...

oval:org.secpod.oval:def:1501498
ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. Security Fix: * It was discovered that ImageMagick did not properly sanitize certain input before using it to invoke processes. A remote attacker could create a specially cra ...

oval:org.secpod.oval:def:203951
ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. Security Fix: * It was discovered that ImageMagick did not properly sanitize certain input before using it to invoke processes. A remote attacker could create a specially cra ...

oval:org.secpod.oval:def:203947
ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. Security Fix: * It was discovered that ImageMagick did not properly sanitize certain input before using it to invoke processes. A remote attacker could create a specially cra ...

oval:org.secpod.oval:def:113501
Quagga is free software that operates TCP/IP-based routing protocols. It takes a multi-server and multi-threaded approach to resolving the current complexity of the Internet. Quagga supports Babel, BGP4, BGP4+, BGP4-, IS-IS , OSPFv2, OSPFv3, RIPv1, RIPv2, RIPng, PIM-SSM and NHRP. Quagga is intended ...

oval:org.secpod.oval:def:35553
The host is installed with Mozilla Firefox before 47.0 or Firefox ESR 48.x before 48.2 and is prone to a buffer overflow vulnerability. A flaw is present in the application, which fail to handle unknown vectors. Successful exploitation allows remote attackers to crash service.

oval:org.secpod.oval:def:35551
The host is installed with Mozilla Firefox before 47.0 or Firefox ESR 48.x before 48.2 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fail to handle unknown vectors. Successful exploitation allows remote attackers to crash service.

oval:org.secpod.oval:def:35552
The host is missing a critical security update according to Mozilla advisory, MFSA2016-50. The update is required to fix a buffer overflow vulnerability. A flaw is present in the application, which fail to handle unknown vectors. Successful exploitation allows remote attackers to crash service.

oval:org.secpod.oval:def:35550
The host is missing an important security update according to Mozilla advisory, MFSA2016-51. The update is required to fix an use-after-free vulnerability. A flaw is present in the application, which fail to handle unknown vectors. Successful exploitation allows remote attackers to crash service.

oval:org.secpod.oval:def:35548
The host is missing an important security update according to Mozilla advisory, MFSA2016-52. The update is required to fix an addressbar spoofing vulnerability. A flaw is present in the application, which fail to handle unknown vectors. Successful exploitation allows remote attackers to mask the tru ...

oval:org.secpod.oval:def:35549
The host is installed with Mozilla Firefox before 47.0 or Firefox ESR 48.x before 48.2 and is prone to an addressbar spoofing vulnerability. A flaw is present in the application, which fail to handle unknown vectors. Successful exploitation allows remote attackers to mask the true site URL, allowing ...

oval:org.secpod.oval:def:35540
The host is missing an important security update according to Mozilla advisory, MFSA2016-56. The update is required to fix an use-after-free vulnerability. A flaw is present in the application, which fail to handle unknown vectors. Successful exploitation allows remote attackers to cause potentially ...

oval:org.secpod.oval:def:35541
The host is installed with Mozilla Firefox before 47.0 or Firefox ESR 48.x before 48.2 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fail to handle unknown vectors. Successful exploitation allows remote attackers to cause potentially exploitable crash w ...

oval:org.secpod.oval:def:35537
The host is installed with Mozilla Firefox before 47.0 or Firefox ESR 48.x before 48.2 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fail to handle unknown vectors. Successful exploitation allows remote attackers to escalate permissions, spoofing a ...

oval:org.secpod.oval:def:35536
The host is missing an important security update according to Mozilla advisory, MFSA2016-58. The update is required to fix a privilege escalation vulnerability. A flaw is present in the application, which fail to handle unknown vectors. Successful exploitation allows remote attackers to escalate per ...

oval:org.secpod.oval:def:703913
libxfont: X11 font rasterisation library - libxfont1: X11 font rasterisation library - libxfont2: X11 font rasterisation library libXfont could be made to access arbitrary files, including special device files.

oval:org.secpod.oval:def:603166
Several vulnerabilities have been found in the PostgreSQL database system: CVE-2017-15098 Denial of service and potential memory disclosure in the json_populate_recordset and jsonb_populate_recordset functions CVE-2017-15099 Insufficient permissions checks in "INSERT ... ON CONFLICT DO UPDATE&q ...

oval:org.secpod.oval:def:703885
postgresql-9.6: Object-relational SQL database - postgresql-9.5: Object-relational SQL database - postgresql-9.3: Object-relational SQL database Several security issues were fixed in PostgreSQL.

oval:org.secpod.oval:def:603190
Adam Collard discovered that Bazaar, an easy to use distributed version control system, did not correctly handle maliciously constructed bzr+ssh URLs, allowing a remote attackers to run an arbitrary shell command.

oval:org.secpod.oval:def:113735
The transfig utility creates a makefile which translates FIG or PIC figures into a specified LaTeX graphics language . Transfig is used to create TeX documents which are portable . Install transfig if you need a utility for translating FIG or PIC figures into certain graphics languages.

oval:org.secpod.oval:def:113491
The gd graphics library allows your code to quickly draw images complete with lines, arcs, text, multiple colors, cut and paste from other images, and flood fills, and to write out the result as a PNG or JPEG file. This is particularly useful in Web applications, where PNG and JPEG are two of the fo ...

oval:org.secpod.oval:def:113556
The Apache HTTP Server is a powerful, efficient, and extensible web server.

oval:org.secpod.oval:def:113578
Quagga is free software that operates TCP/IP-based routing protocols. It takes a multi-server and multi-threaded approach to resolving the current complexity of the Internet. Quagga supports Babel, BGP4, BGP4+, BGP4-, IS-IS , OSPFv2, OSPFv3, RIPv1, RIPv2, RIPng, PIM-SSM and NHRP. Quagga is intended ...

oval:org.secpod.oval:def:113524
GNU Wget is a file retrieval utility which can use either the HTTP or FTP protocols. Wget features include the ability to work in the background while you are logged out, recursive retrieval of directories, file name wildcard matching, remote file timestamp storage and comparison, use of Rest with F ...

oval:org.secpod.oval:def:113613
Emacs is a powerful, customizable, self-documenting, modeless text editor. Emacs contains special code editing features, a scripting language , and the capability to read mail, news, and more without leaving the editor. This package provides an emacs binary with support for X windows.

oval:org.secpod.oval:def:113645
A library for reading and converting Windows MetaFile vector graphics .

oval:org.secpod.oval:def:113751
The transfig utility creates a makefile which translates FIG or PIC figures into a specified LaTeX graphics language . Transfig is used to create TeX documents which are portable . Install transfig if you need a utility for translating FIG or PIC figures into certain graphics languages.

oval:org.secpod.oval:def:400813
MozillaFirefox was updated to 45.3.0 ESR to fix the following issues : * MFSA 2016-62/CVE-2016-2835/CVE-2016-2836 Miscellaneous memory safety hazards * MFSA 2016-63/CVE-2016-2830 Favicon network connection can persist when page is closed * MFSA 2016-64/CVE-2016-2838 Buffer overflow rendering SVG wi ...

oval:org.secpod.oval:def:400815
MozillaFirefox, MozillaFirefox-branding-SLE, mozilla-nss and mozilla-nspr were updated to fix nine security issues. MozillaFirefox was updated to version 45.2.0 ESR. mozilla-nss was updated to version 3.21.1. These security issues were fixed: - CVE-2016-2834: Memory safety bugs in NSS . - CVE-2016- ...

oval:org.secpod.oval:def:703526
freetype: FreeType 2 is a font engine library FreeType could be made to crash or run programs if it opened a specially crafted font file.

oval:org.secpod.oval:def:204128
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix: * A flaw was found in the way certain error conditions were handled by bzread function in PHP. An attacker could use this flaw to upload a specially crafted bz2 archive which, when parsed via the vuln ...

oval:org.secpod.oval:def:1501634
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix: * A flaw was found in the way certain error conditions were handled by bzread function in PHP. An attacker could use this flaw to upload a specially crafted bz2 archive which, when parsed via the vuln ...

oval:org.secpod.oval:def:1600492
It was found that the ghostscript functions getenv, file name for all and .libfile did not honor the -dSAFER option, usually used when processing untrusted documents, leading to information disclosure. A specially crafted postscript document could read environment variable, list directory and retrie ...

oval:org.secpod.oval:def:204068
The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix: * It was found that the ghostscript functions getenv, filenameforall and .libfile did not h ...

oval:org.secpod.oval:def:204067
The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix: * It was found that the ghostscript functions getenv, filenameforall and .libfile did not h ...

oval:org.secpod.oval:def:1501720
The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix: * It was found that the ghostscript functions getenv, filenameforall and .libfile did not h ...

oval:org.secpod.oval:def:1501721
The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix: * It was found that the ghostscript functions getenv, filenameforall and .libfile did not h ...

oval:org.secpod.oval:def:42417
A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or inject forged Wi-Fi packets by manipulating cryptograhpic handshakes used by the WPA2 protocol.

oval:org.secpod.oval:def:42415
A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or inject forged Wi-Fi packets by manipulating cryptograhpic handshakes used by the WPA2 protocol.

oval:org.secpod.oval:def:43011
The host is installed with Apple Mac OS X 10.11.6 or 10.12.6 or before 10.13.1 and is prone to a key reinstallation vulnerability. A flaw is present in the application, which fails to properly handle a logic issue existing in the handling of state. Successful exploitation could allow attackers to fo ...

oval:org.secpod.oval:def:40402
The host is missing a critical security update according to Mozilla advisory, MFSA2017-13. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code o ...

oval:org.secpod.oval:def:40091
The host is missing a critical security update according to Mozilla advisory, MFSA2017-10. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code o ...

oval:org.secpod.oval:def:40092
The host is missing a critical security update according to Mozilla advisory, MFSA2017-11. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code o ...

oval:org.secpod.oval:def:40093
The host is missing a critical security update according to Mozilla advisory, MFSA2017-12. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code o ...

oval:org.secpod.oval:def:40131
The host is missing a critical security update according to Mozilla advisory, MFSA2017-11. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code o ...

oval:org.secpod.oval:def:40132
The host is missing a critical security update according to Mozilla advisory, MFSA2017-12. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code o ...

oval:org.secpod.oval:def:40130
The host is missing a critical security update according to Mozilla advisory, MFSA2017-10. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code o ...

oval:org.secpod.oval:def:602853
It was discovered that icu, the International Components for Unicode library, did not correctly validate its input. An attacker could use this problem to trigger an out-of-bound write through a heap-based buffer overflow, thus causing a denial of service via application crash, or potential execution ...

oval:org.secpod.oval:def:703583
icu: International Components for Unicode library Several security issues were fixed in ICU.

oval:org.secpod.oval:def:602864
Several vulnerabilities were discovered in Freetype. Opening malformed fonts may result in denial of service or the execution of arbitrary code.

oval:org.secpod.oval:def:703585
freetype: FreeType 2 is a font engine library FreeType could be made to crash or run programs if it opened a specially crafted font file.

oval:org.secpod.oval:def:703614
freetype: FreeType 2 is a font engine library FreeType could be made to crash or run programs if it opened a specially crafted font file.

oval:org.secpod.oval:def:703803
apache2: Apache HTTP server Apache HTTP Server could be made to expose sensitive information over the network.

oval:org.secpod.oval:def:1502033
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502039
Several security issues were fixed in httpd.

oval:org.secpod.oval:def:603112
Hanno Boeck discovered that incorrect parsing of Limit directives of .htaccess files by the Apache HTTP Server could result in memory disclosure.

oval:org.secpod.oval:def:1600776
Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user"s .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. The attacker sends an unauthenticated OPTIONS HTTP request when attempting to read secret data. ...

oval:org.secpod.oval:def:204571
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker ...

oval:org.secpod.oval:def:204577
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker ...

oval:org.secpod.oval:def:43037
The host is installed with Apple Mac OS X 10.13.1 or 10.12.6 or 10.11.6 and is prone to an information disclosure vulnerability. The flaw is present in the application, which fails to properly handle multiple issues. Successful exploitation could allow attackers to obtain sensitive information that ...

oval:org.secpod.oval:def:1600027
The implementation of the ORDER BY SQL statement in Zend_Db_Select of Zend Framework 1 contains a potential SQL injection when the query string passed contains parentheses, as discussed in http://framework.zend.com/security/advisory/ZF2014-04.

oval:org.secpod.oval:def:602096
Multiple vulnerabilities were discovered in Zend Framework, a PHP framework. Except for CVE-2015-3154, all these issues were already fixed in the version initially shipped with Jessie. CVE-2014-2681 Lukas Reschke reported a lack of protection against XML External Entity injection attacks in some fun ...

oval:org.secpod.oval:def:602115
The update for zendframework issued as DSA-3265-1 introduced a regression preventing the use of non-string or non-stringable objects as header values. A fix for this problem is now applied, along with the final patch for CVE-2015-3154. For reference the original advisory text follows. Multiple vulne ...

oval:org.secpod.oval:def:203841
The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A stack-based buffer overflow was found in the way ...

oval:org.secpod.oval:def:203845
The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A stack-based buffer overflow was found in the wa ...

oval:org.secpod.oval:def:400783
This update for glibc fixes the following security issues: - CVE-2015-7547: A stack-based buffer overflow in getaddrinfo allowed remote attackers to cause a crash or execute arbitrary code via crafted and timed DNS responses - CVE-2015-8777: Insufficient checking of LD_POINTER_GUARD environment var ...

oval:org.secpod.oval:def:400752
This update for java-1_7_1-ibm fixes the following issues by updating to 7.1-3.30 : - CVE-2015-5041: Could could have invoked non-public interface methods under certain circumstances - CVE-2015-7575: The TLS protocol could allow weaker than expected security caused by a collision attack when using t ...

oval:org.secpod.oval:def:1600387
A stack-based buffer overflow flaw was found in the send_dg and send_vc functions, used by getaddrinfo and other higher-level interfaces of glibc. A remote attacker able to cause an application to call either of these functions could use this flaw to execute arbitrary code with the permissions of th ...

oval:org.secpod.oval:def:1501349
The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A stack-based buffer overflow was found in the way th ...

oval:org.secpod.oval:def:1501348
The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A stack-based buffer overflow was found in the way th ...

oval:org.secpod.oval:def:400632
This update for glibc fixes the following security issues: - CVE-2015-7547: A stack-based buffer overflow in getaddrinfo allowed remote attackers to cause a crash or execute arbitrary code via crafted and timed DNS responses - CVE-2015-8777: Insufficient checking of LD_POINTER_GUARD environment var ...

oval:org.secpod.oval:def:34892
The host is missing a patch containing a security fixes, which affects the following package(s): Java

oval:org.secpod.oval:def:602639
Several vulnerabilities were discovered in NSS, the cryptography library developed by the Mozilla project. CVE-2015-4000 David Adrian et al. reported that it may be feasible to attack Diffie-Hellman-based cipher suites in certain circumstances, compromising the confidentiality and integrity of data ...

oval:org.secpod.oval:def:603238
It was discovered that gifsicle, a tool for manipulating GIF image files, contained a flaw that could lead to arbitrary code execution.

oval:org.secpod.oval:def:501719
The libxml2 library is a development toolbox providing the implementation of various XML standards. Several denial of service flaws were found in libxml2, a library providing support for reading, modifying, and writing XML and HTML files. A remote attacker could provide a specially crafted XML or HT ...

oval:org.secpod.oval:def:501720
The libxml2 library is a development toolbox providing the implementation of various XML standards. Several denial of service flaws were found in libxml2, a library providing support for reading, modifying, and writing XML and HTML files. A remote attacker could provide a specially crafted XML or HT ...

oval:org.secpod.oval:def:501776
The libssh2 packages provide a library that implements the SSHv2 protocol. A type confusion issue was found in the way libssh2 generated ephemeral secrets for the diffie-hellman-group1 and diffie-hellman-group14 key exchange methods. This would cause an SSHv2 Diffie-Hellman handshake to use signific ...

oval:org.secpod.oval:def:501798
MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a newer upstream version: MariaDB . Refer to the MariaDB Release Notes listed in the References section for a complete list of changes. Security Fix: * It wa ...

oval:org.secpod.oval:def:501815
KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm packages provide the user-space component for running virtual machines using KVM. Security Fix: * An out-of-bounds read/write access flaw was found in the way QEMU"s VGA emulation with VESA BIOS Extensions ...

oval:org.secpod.oval:def:501821
KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm packages provide the user-space component for running virtual machines using KVM. Security Fix: * An out-of-bounds read/write access flaw was found in the way QEMU"s VGA emulation with VESA BIOS Extensions ...

oval:org.secpod.oval:def:501836
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.2.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:501846
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.2.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ...

oval:org.secpod.oval:def:501886
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * A race condition was found in the way the Linux kernel"s memory subsystem handled the copy-on-write breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to ...

oval:org.secpod.oval:def:501887
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * A race condition was found in the way the Linux kernel"s memory subsystem handled the copy-on-write breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to ...

oval:org.secpod.oval:def:501890
Fontconfig is designed to locate fonts within the system and select them according to requirements specified by applications. Security Fix: * It was found that cache files were insufficiently validated in fontconfig. A local attacker could create a specially crafted cache file to trigger arbitrary f ...

oval:org.secpod.oval:def:501893
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix: * A flaw was found in the way certain error conditions were handled by bzread function in PHP. An attacker could use this flaw to upload a specially crafted bz2 archive which, when parsed via the vuln ...

oval:org.secpod.oval:def:501904
Kernel-based Virtual Machine is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm packages provide the user-space component for running virtual machines using KVM. Security Fix: * An integer overflow flaw and an out-of-bounds read flaw were found in the way QEMU"s ...

oval:org.secpod.oval:def:501918
The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. The following packages have been upgraded to a newer upstream version: libvir ...

oval:org.secpod.oval:def:501924
PostgreSQL is an advanced object-relational database management system . The following packages have been upgraded to a newer upstream version: postgresql . Security Fix: * A flaw was found in the way PostgreSQL server handled certain SQL statements containing CASE/WHEN commands. A remote, authentic ...

oval:org.secpod.oval:def:501931
The libgcrypt library provides general-purpose implementations of various cryptographic algorithms. Security Fix: * A design flaw was found in the libgcrypt PRNG . An attacker able to obtain the first 580 bytes of the PRNG output could predict the following 20 bytes. Red Hat would like to thank Fel ...

oval:org.secpod.oval:def:501950
Vim is an updated and improved version of the vi editor. Security Fix: * A vulnerability was found in vim in how certain modeline options were treated. An attacker could craft a file that, when opened in vim with modelines enabled, could execute arbitrary commands with privileges of the user runnin ...

oval:org.secpod.oval:def:501952
GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license. Security Fix: * Multiple flaws were discovered in GStreamer"s FLC/FLI/FLX m ...

oval:org.secpod.oval:def:501957
GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license. Security Fix: * Multiple flaws were discovered in GStreamer"s FLC/FLI/FLX ...

oval:org.secpod.oval:def:501958
GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license. Security Fix: * Multiple flaws were discovered in GStreamer"s FLC/FLI/FLX m ...

oval:org.secpod.oval:def:501969
The squid34 packages provide version 3.4 of Squid, a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fix: * It was found that squid did not properly remove connection specific headers when answering conditional requests using a cached re ...

oval:org.secpod.oval:def:501970
Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fix: * It was found that squid did not properly remove connection specific headers when answering conditional requests using a cached request. A remote attacker could send a spec ...

oval:org.secpod.oval:def:501999
The quagga packages contain Quagga, the free network-routing software suite that manages TCP/IP based protocols. Quagga supports the BGP4, BGP4+, OSPFv2, OSPFv3, RIPv1, RIPv2, and RIPng protocols, and is intended to be used as a Route Server and Route Reflector. Security Fix: * A stack-based buffer ...

oval:org.secpod.oval:def:502000
Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix: * An integer overflow flaw and an out-of-bounds read flaw were found in the way QEM ...

oval:org.secpod.oval:def:502014
LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and extend ...

oval:org.secpod.oval:def:502019
LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and extend ...

oval:org.secpod.oval:def:502028
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.1.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ...

oval:org.secpod.oval:def:502138
GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language , and the capability to read e-mail and news. Security Fix: * A command injection flaw within the Emacs "enriched mode" handling has been discovered. By tric ...

oval:org.secpod.oval:def:35555
The host is installed with Mozilla Firefox before 47.0, Mozilla Thunderbird 8.x before 48.2 or Firefox ESR 48.x before 48.2 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fail to handle unknown vectors. Successful exploitation allows remote attackers t ...

oval:org.secpod.oval:def:35554
The host is missing a critical security update according to Mozilla advisory, MFSA2016-49. The update is required to fix multiple memory corruption vulnerabilities. The flaws are present in the application, which fail to handle unknown vectors. Successful exploitation allows remote attackers to run ...

oval:org.secpod.oval:def:40407
The host is missing a critical security update according to Mozilla advisory, MFSA2017-13. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code o ...

oval:org.secpod.oval:def:40099
Mozilla Firefox before 53.0, Thunderbird before 52.1, Firefox ESR before 45.9 or 52.x before 52.1 :- Three vulnerabilities were reported in the Libevent library that allow for out-of-bounds reads and denial of service (DoS) attacks: CVE-2016-10195, CVE-2016-10196, and CVE-2016-10197. These were fixe ...

oval:org.secpod.oval:def:35568
The host is installed with RHEL 7 and is prone to an out of bounds read vulnerability. A flaw is present in the application, which incorrectly relies on write system call. Successful exploitation could allow attackers to crash the service.

oval:org.secpod.oval:def:34287
The host is installed with Apple iTunes before 12.4.2 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation allows attackers to crash the service.

oval:org.secpod.oval:def:39506
The host is installed with Apple iTunes before 12.6 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle crafted identifiers in an XML document. Successful exploitation allows attackers to cause a denial of service (CPU consumption).

oval:org.secpod.oval:def:39504
The host is installed with Apple iTunes before 12.6 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to handle vectors involving use of the srand function. Successful exploitation allows attackers to defeat cryptographic protection mechanisms.

oval:org.secpod.oval:def:703800
linux-hwe: Linux hardware enablement kernel Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:703801
linux: Linux kernel - linux-raspi2: Linux kernel for Raspberry Pi 2 Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:1502030
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502042
Several security issues were fixed in Linux kernel, python-perf and perf.

oval:org.secpod.oval:def:1502043
Several security issues were fixed in Linux kernel, python-perf and perf.

oval:org.secpod.oval:def:603111
Several vulnerabilities have been discovered in the Linux kernel that may lead to privilege escalation, denial of service or information leaks. CVE-2017-7518 Andy Lutomirski discovered that KVM is prone to an incorrect debug exception error occurring while emulating a syscall instruction. A process ...

oval:org.secpod.oval:def:502135
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * A stack buffer overflow flaw was found in the way the Bluetooth subsystem of the Linux kernel processed pending L2CAP configuration responses from a client. On systems with the stack protection feat ...

oval:org.secpod.oval:def:502137
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * A stack buffer overflow flaw was found in the way the Bluetooth subsystem of the Linux kernel processed pending L2CAP configuration responses from a client. On systems with the stack protection feat ...

oval:org.secpod.oval:def:1600794
stack buffer overflow in the native Bluetooth stackA stack buffer overflow flaw was found in the way the Bluetooth subsystem of the Linux kernel processed pending L2CAP configuration responses from a client. On systems with the stack protection feature enabled in the kernel , an unauthenticated atta ...

oval:org.secpod.oval:def:204554
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * A stack buffer overflow flaw was found in the way the Bluetooth subsystem of the Linux kernel processed pending L2CAP configuration responses from a client. On systems with the stack protection feat ...

oval:org.secpod.oval:def:204553
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * A stack buffer overflow flaw was found in the way the Bluetooth subsystem of the Linux kernel processed pending L2CAP configuration responses from a client. On systems with the stack protection feat ...

oval:org.secpod.oval:def:603233
Stephan Zeisberg discovered that poco, a collection of open source C++ class libraries, did not correctly validate file paths in ZIP archives. An attacker could leverage this flaw to create or overwrite arbitrary files.

oval:org.secpod.oval:def:113941
Bottle is a fast and simple micro-framework for small web-applications. It offers request dispatching with URL parameter support, Templates, a built-in HTTP Server and adapters for many third party WSGI/HTTP-server and template engines. All in a single file and with no dependencies other than the P ...

oval:org.secpod.oval:def:113954
The POCO C++ Libraries are open source C++ class libraries that simplify and accelerate the development of network-centric, portable applications in C++. The POCO C++ Libraries are built strictly on standard ANSI/ISO C++, including the standard library.

oval:org.secpod.oval:def:113917
Bottle is a fast and simple micro-framework for small web-applications. It offers request dispatching with URL parameter support, Templates, a built-in HTTP Server and adapters for many third party WSGI/HTTP-server and template engines. All in a single file and with no dependencies other than the P ...

oval:org.secpod.oval:def:113907
Transmission is a free, lightweight BitTorrent client. It features a simple, intuitive interface on top on an efficient, cross-platform back-end.

oval:org.secpod.oval:def:113943
The POCO C++ Libraries are open source C++ class libraries that simplify and accelerate the development of network-centric, portable applications in C++. The POCO C++ Libraries are built strictly on standard ANSI/ISO C++, including the standard library.

oval:org.secpod.oval:def:603162
Marcin Noga discovered two vulnerabilities in LibreOffice, which could result in the execution of arbitrary code if a malformed PPT or DOC document is opened.

oval:org.secpod.oval:def:703880
libreoffice: Office productivity suite LibreOffice could be made to crash or run programs as your login if it opened a specially crafted file.

oval:org.secpod.oval:def:42583
The host is installed with Apache OpenOffice before 4.1.4 and is prone to an out-of-bounds write vulnerability. A flaw is present in the application, which fails to handle a crafted document. Successful exploitation could allow attackers to crash the service or execute arbitrary code.

oval:org.secpod.oval:def:42582
The host is installed with Apache OpenOffice before 4.1.4 and is prone to an out-of-bounds write vulnerability. A flaw is present in the application, which fails to handle a crafted document. Successful exploitation could allow attackers to crash the service or execute arbitrary code.

oval:org.secpod.oval:def:42588
The host is installed with Apache OpenOffice before 4.1.4 and is prone to an out-of-bounds write vulnerability. A flaw is present in the application, which fails to handle a crafted document. Successful exploitation could allow attackers to crash the service or execute arbitrary code.

oval:org.secpod.oval:def:42587
The host is installed with Apache OpenOffice before 4.1.4 and is prone to an out-of-bounds write vulnerability. A flaw is present in the application, which fails to handle a crafted document. Successful exploitation could allow attackers to crash the service or execute arbitrary code.

oval:org.secpod.oval:def:703918
linux-firmware: Firmware for Linux kernel drivers Several security issues were fixed in linux-firmware.

oval:org.secpod.oval:def:42413
The host is missing a security update KB4042723

oval:org.secpod.oval:def:42412
A spoofing vulnerability exists in the Windows implementation of wireless networking. An attacker who successfully exploited this vulnerability could potentially replay broadcast and/or multicast traffic to hosts on a WPA or WPA 2-protected wireless network. Multiple conditions would need to be met ...

oval:org.secpod.oval:def:42416
A new exploitation technique called key reinstallation attacks (KRACKs) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used group key (GTK) during a group ...

oval:org.secpod.oval:def:43014
The host is installed with Apple Mac OS X 10.11.6 or 10.12.6 or before 10.13.1 and is prone to a key reinstallation vulnerability. A flaw is present in the application, which fails to properly handle a logic issue existing in the handling of state. Successful exploitation could allow attackers to fo ...

oval:org.secpod.oval:def:1502070
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:204711
Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. Security Fix: * A use-after-free flaw was found in the way samba servers handled certain SMB1 requests. A ...

oval:org.secpod.oval:def:204706
Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: * A use-after-free flaw was found in the way samba servers handled c ...

oval:org.secpod.oval:def:603183
Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2017-14746 Yihan Lian and Zhibin Hu of Qihoo 360 GearTeam discovered a use-after-free vulnerability allowing ...

oval:org.secpod.oval:def:502196
Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: * A use-after-free flaw was found in the way samba servers handled c ...

oval:org.secpod.oval:def:1600822
Use-after-free in processing SMB1 requestsA use-after-free flaw was found in the way samba servers handled certain SMB1 requests. An unauthenticated attacker could send specially-crafted SMB1 requests to cause the server to crash or execute arbitrary code. Server heap-memory disclosureA memory discl ...

oval:org.secpod.oval:def:113525
Samba is the standard Windows interoperability suite of programs for Linux and Unix.

oval:org.secpod.oval:def:703891
samba: SMB/CIFS file, print, and login server for Unix Several security issues were fixed in Samba.

oval:org.secpod.oval:def:502200
Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. Security Fix: * A use-after-free flaw was found in the way samba servers handled certain SMB1 requests. A ...

oval:org.secpod.oval:def:113679
Samba is the standard Windows interoperability suite of programs for Linux and Unix.

oval:org.secpod.oval:def:603186
Two vulnerabilities were discovered in the Open Ticket Request System which could result in disclosure of database credentials or the execution of arbitrary shell commands by logged-in agents.

oval:org.secpod.oval:def:603171
Joseph Bisch discovered that Konversation, an user friendly Internet Relay Chat client for KDE, could crash when parsing certain IRC color formatting codes.

oval:org.secpod.oval:def:113576
A simple and easy to use IRC client with support for strikeout; multi-channel joins; away / unaway messages; ignore list functionality; support for foreign language characters; auto-connect to server; optional timestamps to chat windows; configurable background colors and much more

oval:org.secpod.oval:def:113609
A simple and easy to use IRC client with support for strikeout; multi-channel joins; away / unaway messages; ignore list functionality; support for foreign language characters; auto-connect to server; optional timestamps to chat windows; configurable background colors and much more

oval:org.secpod.oval:def:113607
A simple and easy to use IRC client with support for strikeout; multi-channel joins; away / unaway messages; ignore list functionality; support for foreign language characters; auto-connect to server; optional timestamps to chat windows; configurable background colors and much more

oval:org.secpod.oval:def:603167
Wen Bin discovered that bchunk, an application that converts a CD image in bin/cue format into a set of iso and cdr/wav tracks files, did not properly check its input. This would allow malicious users to crash the application or potentially execute arbitrary code.

oval:org.secpod.oval:def:603214
Several vulnerabilities were discovered in rsync, a fast, versatile, remote file-copying tool, allowing a remote attacker to bypass intended access restrictions or cause a denial of service.

oval:org.secpod.oval:def:703910
libxcursor: X11 cursor management library libxcursor could be made to crash or run programs if it opened a specially crafted file.

oval:org.secpod.oval:def:603205
It was discovered that libXcursor, a X cursor management library, is prone to several heap overflows when parsing malicious files. An attacker can take advantage of these flaws for arbitrary code execution, if a user is tricked into processing a specially crafted cursor file.

oval:org.secpod.oval:def:603176
Rod Widdowson of Steading System Software LLP discovered a coding error in the "Dynamic" metadata plugin of the Shibboleth Service Provider, causing the plugin to fail configuring itself with the filters provided and omitting whatever checks they are intended to perform.

oval:org.secpod.oval:def:603175
Rod Widdowson of Steading System Software LLP discovered a coding error in the OpenSAML library, causing the DynamicMetadataProvider class to fail configuring itself with the filters provided and omitting whatever checks they are intended to perform.

oval:org.secpod.oval:def:603216
Two vulnerabilities were discovered in the Open Ticket Request System which could result in information disclosure or the execution of arbitrary shell commands by logged-in agents.

oval:org.secpod.oval:def:603207
It was discovered that wireshark, a network protocol analyzer, contained several vulnerabilities in the dissectors for CIP Safety, IWARP_MPA, NetBIOS, Profinet I/O and AMQP, which result in denial of dervice or the execution of arbitrary code.

oval:org.secpod.oval:def:113856
Metapackage with installs wireshark-cli and wireshark-qt.

oval:org.secpod.oval:def:603215
It was discovered that malformed jumbogram packets could result in denial of service against OpenAFS, an implementation of the Andrew distributed file system.

oval:org.secpod.oval:def:603218
Francesco Sirocco discovered a flaw in otrs2, the Open Ticket Request System, which could result in session information disclosure when cookie support is disabled. A remote attacker can take advantage of this flaw to take over an agent"s session if the agent is tricked into clicking a link in a spec ...

oval:org.secpod.oval:def:113871
GIMP is a powerful image composition and editing program, which can be extremely useful for creating logos and other graphics for webpages. GIMP has many of the tools and filters you would expect to find in similar commercial offerings, and some interesting extras as well. GIMP provides a large ima ...

oval:org.secpod.oval:def:603227
Several vulnerabilities were discovered in GIMP, the GNU Image Manipulation Program, which could result in denial of service or potentially the execution of arbitrary code if malformed files are opened.

oval:org.secpod.oval:def:1502082
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:603160
It was discovered that libpam4j, a Java library wrapper for the integration of PAM did not call pam_acct_mgmt during authentication. As such a user who has a valid password, but a deactivated or disabled account could still log in.

oval:org.secpod.oval:def:703314
linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty The system could be made to run programs as an administrator.

oval:org.secpod.oval:def:703315
linux: Linux kernel The system could be made to run programs as an administrator.

oval:org.secpod.oval:def:703316
linux-snapdragon: Linux kernel for Snapdragon Processors The system could be made to run programs as an administrator.

oval:org.secpod.oval:def:703323
linux: Linux kernel The system could be made to run programs as an administrator.

oval:org.secpod.oval:def:703805
linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-gke: Linux kernel for Google Container Engine systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors Se ...

oval:org.secpod.oval:def:703806
linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:1600832
Transmission relies on X-Transmission-Session-Id for access control, which allows remote attackers to execute arbitrary RPC commands, and consequently write to arbitrary files, via POST requests to /transmission/rpc in conjunction with a DNS rebinding attack

oval:org.secpod.oval:def:603244
Josef Gajdusek discovered that OpenOCD, a JTAG debugger for ARM and MIPS, was vulnerable to Cross Protocol Scripting attacks. An attacker could craft a HTML page that, when visited by a victim running OpenOCD, could execute arbitrary commands on the victims host. This fix also sets the OpenOCD defau ...

oval:org.secpod.oval:def:603132
Several vulnerabilities have been discovered in the X.Org X server. An attacker who"s able to connect to an X server could cause a denial of service or potentially the execution of arbitrary code.

oval:org.secpod.oval:def:703861
xorg-server: X.Org X11 server - xorg-server-hwe-16.04: X.Org X11 server - xorg-server-lts-xenial: X.Org X11 server Several security issues were fixed in the X.Org X server.

oval:org.secpod.oval:def:1502089
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502088
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:113486
The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols.

oval:org.secpod.oval:def:113480
The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols.

oval:org.secpod.oval:def:603154
Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2017-3735 It was discovered that OpenSSL is prone to a one-byte buffer overread while parsing a malformed IPAddressFamily ex ...

oval:org.secpod.oval:def:603153
Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2017-3735 It was discovered that OpenSSL is prone to a one-byte buffer overread while parsing a malformed IPAddressFamily ex ...

oval:org.secpod.oval:def:113571
The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols.

oval:org.secpod.oval:def:703881
openssl: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL.

oval:org.secpod.oval:def:43224
openssl: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL.

oval:org.secpod.oval:def:43056
The host is installed with Apple Mac OS X 10.13.1 or 10.12.6 or 10.11.6 and is prone to an out-of-bounds read vulnerability. The flaw is present in the application, which fails to properly handle an out-of-bounds read issue, which existed in X.509 IPAddressFamily parsing. Successful exploitation all ...

oval:org.secpod.oval:def:603237
Philip Huppert discovered the Shibboleth service provider is vulnerable to impersonation attacks and information disclosure due to mishandling of DTDs in the XMLTooling XML parsing library. For additional details please refer to the upstream advisory at https://shibboleth.net/community/advisories/se ...

oval:org.secpod.oval:def:603184
Tobias Schneider discovered that libspring-ldap-java, a Java library for Spring-based applications using the Lightweight Directory Access Protocol, would under some circumstances allow authentication with a correct username but an arbitrary password.

oval:org.secpod.oval:def:33051
The host is installed with Google Chrome before 48.0.2564.116 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows remote attackers to bypass the blink same origin policy and a sandbox protect ...

oval:org.secpod.oval:def:33050
The host is installed with Google Chrome before 48.0.2564.116 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows remote attackers to bypass the blink same origin policy and a sandbox protect ...

oval:org.secpod.oval:def:400765
The SUSE Linux Enterprise 12 SP1 kernel was updated to 3.12.57 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2015-8812: A flaw was found in the CXGB3 kernel driver when the network was considered congested. The kernel would incorrectly misinterpret the conge ...

oval:org.secpod.oval:def:1501545
MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a newer upstream version: mariadb . Security Fix: * This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws c ...

oval:org.secpod.oval:def:1600443
It was found that the MariaDB client library did not properly check host names against server identities noted in the X.509 certificates when establishing secure connections using TLS/SSL. A man-in-the-middle attacker could possibly use this flaw to impersonate a server to a client. Unspecified vuln ...

oval:org.secpod.oval:def:203985
MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a newer upstream version: mariadb . Security Fix: * This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws c ...

oval:org.secpod.oval:def:400664
The SUSE Linux Enterprise 12 kernel was updated to 3.12.60 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2014-9717: fs/namespace.c in the Linux kernel processes MNT_DETACH umount2 system called without verifying that the MNT_LOCKED flag is unset, which allow ...

oval:org.secpod.oval:def:602546
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2015-7515, CVE-2016-2184, CVE-2016-2185, CVE-2016-2186, CVE-2016-2187, CVE-2016-3136, CVE-2016-3137, CVE-2016-3138, CVE-2016-3140 Ralf Spenneberg of O ...

oval:org.secpod.oval:def:204097
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * It was found that the Linux kernel"s IPv6 implementation mishandled socket options. A local attacker could abuse concurrent access to the socket options to escalate their privileges, or cause a deni ...

oval:org.secpod.oval:def:703802
linux: Linux kernel Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:16572
The host is installed with Google Chrome before 32.0.1700.77 and is prone to unspecified security vulnerability. A flaw is present in the application, which fails to handle the closing of an untrusted signin confirm dialog. Successful exploitation allows attackers to trigger a sync with an arbitrary ...

oval:org.secpod.oval:def:16570
The host is installed with Google Chrome before 32.0.1700.77 and is prone to use-after-free vulnerability. A flaw is present in the application, which fails to handle vectors related to the shutting down of a worker process. Successful exploitation allows attackers to cause a denial of service or po ...

oval:org.secpod.oval:def:16566
The host is installed with Google Chrome before 32.0.1700.77 and is prone to unspecified security vulnerability. A flaw is present in the application, which fails to handle the closing of an untrusted signin confirm dialog. Successful exploitation allows attackers to trigger a sync with an arbitrary ...

oval:org.secpod.oval:def:16564
The host is installed with Google Chrome before 32.0.1700.77 and is prone to use-after-free vulnerability. A flaw is present in the application, which fails to handle vectors related to the shutting down of a worker process. Successful exploitation allows attackers to cause a denial of service or po ...

oval:org.secpod.oval:def:16664
The host is installed with Google Chrome before 32.0.1700.102 and is prone to use-after-free vulnerability. A flaw is present in the application, which fails to handle vectors involving a zero-size SVG image. Successful exploitation allows remote attackers to cause a denial of service or possibly ha ...

oval:org.secpod.oval:def:16668
The host is installed with Google Chrome before 32.0.1700.102 and is prone to use-after-free vulnerability. A flaw is present in the application, which fails to handle vectors involving a zero-size SVG image. Successful exploitation allows remote attackers to cause a denial of service or possibly ha ...

oval:org.secpod.oval:def:17075
The host is installed with Google Chrome before 33.0.1750.152 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to handle unknown vectors. Successful exploitation could allow attackers to cause a denial of service (memory corruption) or possibly have ...

oval:org.secpod.oval:def:17074
The host is installed with Google Chrome before 33.0.1750.152 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to handle unknown vectors. Successful exploitation could allow attackers to cause a denial of service (memory corruption) or possibly have ...

oval:org.secpod.oval:def:20586
The host is installed with Google Chrome before 36.0.1985.125 and is prone to multiple integer overflow vulnerabilities. The flaws are present in the application, which fails to properly handle unknown vectors. Successful exploitation allows remote attackers to cause a denial of service or possibly ...

oval:org.secpod.oval:def:20584
The host is installed with Google Chrome before 36.0.1985.125 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to properly handle a crafted file. Successful exploitation allows remote attackers to bypass the Same Origin Policy.

oval:org.secpod.oval:def:20585
The host is installed with Google Chrome before 36.0.1985.125 and is prone to multiple integer overflow vulnerabilities. The flaws are present in the application, which fails to properly handle unknown vectors. Successful exploitation allows remote attackers to cause a denial of service or possibly ...

oval:org.secpod.oval:def:20583
The host is installed with Google Chrome before 36.0.1985.125 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to properly handle a crafted file. Successful exploitation allows remote attackers to bypass the Same Origin Policy.

oval:org.secpod.oval:def:1501035
The wpa_supplicant package contains an 802.1X Supplicant with support for WEP, WPA, WPA2 , and various EAP authentication methods. It implements key negotiation with a WPA Authenticator for client stations and controls the roaming and IEEE 802.11 authentication and association of the WLAN driver. A ...

oval:org.secpod.oval:def:400709
xen was updated to fix 44 security issues. These security issues were fixed: - CVE-2013-4533: Buffer overflow in the pxa2xx_ssp_load function in hw/arm/pxa2xx.c allowed remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted s->rx_level value in a savevm ima ...

oval:org.secpod.oval:def:400737
xen was updated to fix 46 security issues. These security issues were fixed: - CVE-2013-4527: Buffer overflow in hw/timer/hpet.c might have allowed remote attackers to execute arbitrary code via vectors related to the number of timers . - CVE-2013-4529: Buffer overflow in hw/pci/pcie_aer.c allowed r ...

oval:org.secpod.oval:def:400672
qemu was updated to fix 37 security issues. These security issues were fixed: - CVE-2016-4439: Avoid OOB access in 53C9X emulation - CVE-2016-4441: Avoid OOB access in 53C9X emulation - CVE-2016-4952: Avoid OOB access in Vmware PV SCSI emulation - CVE-2015-8817: Avoid OOB access in PCI DMA I/O - ...

oval:org.secpod.oval:def:400694
The SUSE Linux Enterprise 12 SP1 kernel was updated to 3.12.62 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2014-9904: The snd_compress_check_input function in sound/core/compress_offload.c in the ALSA subsystem in the Linux kernel did not properly check fo ...

oval:org.secpod.oval:def:39507
The host is missing a critical security update according to Apple advisory, APPLE-SA-2017-03-22-1. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle crafted vectors. Successful exploitation allows attackers to execute arb ...

oval:org.secpod.oval:def:39508
The host is missing a security update according to Apple advisory, APPLE-SA-2017-03-22-2. The update is required to fix multiple vulnerabilities in Apple iTunes. The flaws are present in SQLite and expat which fails to handle vectors related to iTunes, crafted xml files. Successful exploitation coul ...

oval:org.secpod.oval:def:400755
This update for expat fixes the following issues: Security issue fixed: - CVE-2016-0718: Fix Expat XML parser that mishandles certain kinds of malformed input documents. - CVE-2015-1283: Fix multiple integer overflows

oval:org.secpod.oval:def:24197
The host is installed with Google Chrome before 42.0.2311.90 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code or crash the service.

oval:org.secpod.oval:def:24198
The host is installed with Google Chrome before 42.0.2311.90 and is prone to an out-of-bounds vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code or crash the service.

oval:org.secpod.oval:def:24199
The host is installed with Google Chrome before 42.0.2311.90 and is prone to an out-of-bounds vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code or crash the service.

oval:org.secpod.oval:def:24192
The host is installed with Google Chrome before 42.0.2311.90 and is prone to a cross-origin bypass vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to bypass cross origin vulnerability.

oval:org.secpod.oval:def:24193
The host is installed with Google Chrome before 42.0.2311.90 and is prone to a cross-origin bypass vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to bypass cross origin vulnerability.

oval:org.secpod.oval:def:24194
The host is installed with Google Chrome before 42.0.2311.90 and is prone to a cross-origin bypass vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to bypass cross origin.

oval:org.secpod.oval:def:24195
The host is installed with Google Chrome before 42.0.2311.90 and is prone to a cross-origin bypass vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to bypass cross origin.

oval:org.secpod.oval:def:24196
The host is installed with Google Chrome before 42.0.2311.90 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code or crash the service.

oval:org.secpod.oval:def:703172
xmlrpc-c: Lightweight RPC library based on XML and HTTP Several security issues were fixed in XML-RPC for C and C++.

oval:org.secpod.oval:def:24200
The host is installed with Google Chrome before 42.0.2311.90 and is prone to an out-of-bounds read vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code or crash the service.

oval:org.secpod.oval:def:24201
The host is installed with Google Chrome before 42.0.2311.90 and is prone to an out-of-bounds read vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code or crash the service.

oval:org.secpod.oval:def:25532
The host is installed with Google Chrome before 44.0.2403.89 and is prone to multiple vulnerabilities. The flaws are present in the application, which fails to handle unknown vectors. Successful exploitation could allow attackers to crash the service.

oval:org.secpod.oval:def:24202
The host is installed with Google Chrome before 42.0.2311.90 and is prone to a tap-jacking vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code or crash the service.

oval:org.secpod.oval:def:25533
The host is installed with Google Chrome before 44.0.2403.89 and is prone to multiple vulnerabilities. The flaws are present in the application, which fails to handle unknown vectors. Successful exploitation could allow attackers to crash the service.

oval:org.secpod.oval:def:24203
The host is installed with Google Chrome before 42.0.2311.90 and is prone to a tap-jacking vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code or crash the service.

oval:org.secpod.oval:def:25534
The host is installed with Google Chrome before 44.0.2403.89 and is prone to a man-in-the-middle attack vulnerability. A flaw is present in the application, which fails to use an HTTPS session for downloading a Hunspell dictionary. Successful exploitation could allow attackers to produce unspecified ...

oval:org.secpod.oval:def:24204
The host is installed with Google Chrome before 42.0.2311.90 and is prone to a type-confusion vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code or crash the service.

oval:org.secpod.oval:def:25535
The host is installed with Google Chrome before 44.0.2403.89 and is prone to a man-in-the-middle attack vulnerability. A flaw is present in the application, which fails to use an HTTPS session for downloading a Hunspell dictionary. Successful exploitation could allow attackers to produce unspecified ...

oval:org.secpod.oval:def:25569
The host is installed with Google Chrome before 44.0.2403.89 and is prone to an uninitialized memory read vulnerability. A flaw is present in the application, which fails to properly handle converter names with initial x- substrings. Successful exploitation could allow remote attackers to crash the ...

oval:org.secpod.oval:def:25558
The host is installed with Google Chrome before 44.0.2403.89 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to properly handle an abort action before a certain write operation. Successful exploitation could allow remote attackers to crash the servi ...

oval:org.secpod.oval:def:25559
The host is installed with Google Chrome before 44.0.2403.89 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to properly handle an abort action before a certain write operation. Successful exploitation could allow remote attackers to crash the servi ...

oval:org.secpod.oval:def:25561
The host is installed with Google Chrome before 44.0.2403.89 and is prone to an arbitrary code execution vulnerability. A flaw is present in the application, which fails to properly handle a crafted file. Successful exploitation could allow remote attackers to execute arbitrary code.

oval:org.secpod.oval:def:25562
The host is installed with Google Chrome before 44.0.2403.89 and is prone to a heap-based buffer overflow vulnerability. A flaw is present in the application, which fails to properly handle an invalid JPEG2000 data in a PDF document. Successful exploitation could allow remote attackers to crash the ...

oval:org.secpod.oval:def:25563
The host is installed with Google Chrome before 44.0.2403.89 and is prone to a heap-based buffer overflow vulnerability. A flaw is present in the application, which fails to properly handle an invalid JPEG2000 data in a PDF document. Successful exploitation could allow remote attackers to crash the ...

oval:org.secpod.oval:def:25564
The host is installed with Google Chrome before 44.0.2403.89 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to properly handle crafted data. Successful exploitation could allow remote attackers to crash the service or cause unspecified impact.

oval:org.secpod.oval:def:25565
The host is installed with Google Chrome before 44.0.2403.89 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to properly handle crafted data. Successful exploitation could allow remote attackers to crash the service or cause unspecified impact.

oval:org.secpod.oval:def:25566
The host is installed with Google Chrome before 44.0.2403.89 and is prone to a heap-based buffer overflow vulnerability. A flaw is present in the application, which fails to properly handle a crafted PDF document that triggers a large memory allocation. Successful exploitation could allow remote att ...

oval:org.secpod.oval:def:25567
The host is installed with Google Chrome before 44.0.2403.89 and is prone to a heap-based buffer overflow vulnerability. A flaw is present in the application, which fails to properly handle a crafted PDF document that triggers a large memory allocation. Successful exploitation could allow remote att ...

oval:org.secpod.oval:def:25568
The host is installed with Google Chrome before 44.0.2403.89 and is prone to an uninitialized memory read vulnerability. A flaw is present in the application, which fails to properly handle converter names with initial x- substrings. Successful exploitation could allow remote attackers to crash the ...

oval:org.secpod.oval:def:25560
The host is installed with Google Chrome before 44.0.2403.89 and is prone to an arbitrary code execution vulnerability. A flaw is present in the application, which fails to properly handle a crafted file. Successful exploitation could allow remote attackers to execute arbitrary code.

oval:org.secpod.oval:def:24216
The host is installed with Google Chrome before 42.0.2311.90 and is prone to multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code or crash the service.

oval:org.secpod.oval:def:25547
The host is installed with Google Chrome before 44.0.2403.89 and is prone to multiple use-after-free vulnerabilities. The flaws are present in the application, which fails to properly handle a crafted PDF document. Successful exploitation could allow attackers to crash the service.

oval:org.secpod.oval:def:24217
The host is installed with Google Chrome before 42.0.2311.90 and is prone to multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code or crash the service.

oval:org.secpod.oval:def:25548
The host is installed with Google Chrome before 44.0.2403.89 and is prone to a content security bypass vulnerability. A flaw is present in the application, which fails to properly determine the V8 context of a microtask. Successful exploitation could allow attackers to bypass Content Security Policy ...

oval:org.secpod.oval:def:25549
The host is installed with Google Chrome before 44.0.2403.89 and is prone to a content security bypass vulnerability. A flaw is present in the application, which fails to properly determine the V8 context of a microtask. Successful exploitation could allow attackers to bypass Content Security Policy ...

oval:org.secpod.oval:def:25550
The host is installed with Google Chrome before 44.0.2403.89 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle crafted serialized data. Successful exploitation could allow attackers to crash the service.

oval:org.secpod.oval:def:25551
The host is installed with Google Chrome before 44.0.2403.89 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle crafted serialized data. Successful exploitation could allow attackers to crash the service.

oval:org.secpod.oval:def:25552
The host is installed with Google Chrome before 44.0.2403.89 and is prone to an integer overflow vulnerability. A flaw is present in the application, which fails to properly handle large height and stride values. Successful exploitation could allow attackers to crash the service (heap-based buffer o ...

oval:org.secpod.oval:def:25553
The host is installed with Google Chrome before 44.0.2403.89 and is prone to an integer overflow vulnerability. A flaw is present in the application, which fails to properly handle large height and stride values. Successful exploitation could allow attackers to crash the service(heap-based buffer ov ...

oval:org.secpod.oval:def:25554
The host is installed with Google Chrome before 44.0.2403.89 and is prone to an URL spoofing vulnerability. A flaw is present in the application, which fails to ensure that a PDF document's modal dialog is closed upon navigation to an interstitial page. Successful exploitation could allow remote att ...

oval:org.secpod.oval:def:25555
The host is installed with Google Chrome before 44.0.2403.89 and is prone to an URL spoofing vulnerability. A flaw is present in the application, which fails to ensure that a PDF document's modal dialog is closed upon navigation to an interstitial page. Successful exploitation could allow remote att ...

oval:org.secpod.oval:def:25556
The host is installed with Google Chrome before 44.0.2403.89 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to perform certain validity checks for accessibility-tree data structures. Successful exploitation could allow remote attackers to crash the ...

oval:org.secpod.oval:def:25557
The host is installed with Google Chrome before 44.0.2403.89 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to perform certain validity checks for accessibility-tree data structures. Successful exploitation could allow remote attackers to crash the ...

oval:org.secpod.oval:def:24205
The host is installed with Google Chrome before 42.0.2311.90 and is prone to a type-confusion vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code or crash the service.

oval:org.secpod.oval:def:25536
The host is installed with Google Chrome before 44.0.2403.89 and is prone to a same origin bypass vulnerability. A flaw is present in the application, which improperly limits the cases in which a Cascading Style Sheets (CSS) document is required to have the text/css content type. Successful exploita ...

oval:org.secpod.oval:def:24206
The host is installed with Google Chrome before 42.0.2311.90 and is prone to a HSTS bypass vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code or crash the service.

oval:org.secpod.oval:def:25537
The host is installed with Google Chrome before 44.0.2403.89 and is prone to a same origin bypass vulnerability. A flaw is present in the application, which improperly limits the cases in which a Cascading Style Sheets (CSS) document is required to have the text/css content type. Successful exploita ...

oval:org.secpod.oval:def:24207
The host is installed with Google Chrome before 42.0.2311.90 and is prone to a HSTS bypass vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code or crash the service.

oval:org.secpod.oval:def:25538
The host is installed with Google Chrome before 44.0.2403.89 and is prone to an universal XSS vulnerability. A flaw is present in the application, which fails to properly apply a certain V8 context restriction. Successful exploitation could allow attackers to inject arbitrary web script.

oval:org.secpod.oval:def:25539
The host is installed with Google Chrome before 44.0.2403.89 and is prone to an universal XSS vulnerability. A flaw is present in the application, which fails to properly apply a certain V8 context restriction. Successful exploitation could allow attackers to inject arbitrary web script.

oval:org.secpod.oval:def:25540
The host is installed with Google Chrome before 44.0.2403.89 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly choose a truncation function. Successful exploitation could allow attackers to disclose sensitive information.

oval:org.secpod.oval:def:25541
The host is installed with Google Chrome before 44.0.2403.89 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly choose a truncation function. Successful exploitation could allow attackers to disclose sensitive information.

oval:org.secpod.oval:def:25546
The host is installed with Google Chrome before 44.0.2403.89 and is prone to multiple use-after-free vulnerabilities. The flaws are present in the application, which fails to properly handle a crafted PDF document. Successful exploitation could allow attackers to crash the service.

oval:org.secpod.oval:def:26796
The host is installed with Google Chrome before 42.0.2311.90 and is prone to a denial of service vulnerability. A flaw is present in the application, which does not always ask the user before proceeding with CONTENT_SETTINGS_TYPE_FULLSCREEN and CONTENT_SETTINGS_TYPE_MOUSELOCK changes. Successful exp ...

oval:org.secpod.oval:def:26795
The host is installed with Google Chrome before 42.0.2311.90 and is prone to a denial of service vulnerability. A flaw is present in the application, which does not always ask the user before proceeding with CONTENT_SETTINGS_TYPE_FULLSCREEN and CONTENT_SETTINGS_TYPE_MOUSELOCK changes. Successful exp ...

oval:org.secpod.oval:def:26799
The host is installed with Google Chrome before 42.0.2311.90 and is prone to an information disclosure vulnerability. A flaw is present in the application, which does not always display "Media: Allowed by you" in a Permissions table after the user has granted camera permission to a web site. Success ...

oval:org.secpod.oval:def:26802
The host is installed with Google Chrome before 42.0.2311.90 and is prone to multiple unspecifies vulnerabilities. The flaws are present in the application, which fails to handle unknown vectors. Successful exploitation could allow attackers to cause a denial of service or possibly have other impact ...

oval:org.secpod.oval:def:26801
The host is installed with Google Chrome before 42.0.2311.90 and is prone to multiple unspecifies vulnerabilities. The flaws are present in the application, which fails to handle unknown vectors. Successful exploitation could allow attackers to cause a denial of service or possibly have other impact ...

oval:org.secpod.oval:def:26800
The host is installed with Google Chrome before 42.0.2311.90 and is prone to an information disclosure vulnerability. A flaw is present in the application, which does not always display "Media: Allowed by you" in a Permissions table after the user has granted camera permission to a web site. Success ...

oval:org.secpod.oval:def:37854
The host is missing a security update according to Apple advisory, APPLE-SA-2016-10-27-1. The update is required to fix multiple arbitrary code execution vulnerabilities. The flaws are present in the application, which fails to handle unknown vectors. Successful exploitation allows attackers to caus ...

oval:org.secpod.oval:def:37844
The host is installed with Xcode before 8.1 on Apple Mac OS X 10.11.5 or later and is prone to an arbitrary code execution vulnerability. A flaw is present in the Node.js, which fails to handle unknown vectors. Successful exploitation allows attackers to cause unexpected application termination or a ...

oval:org.secpod.oval:def:34392
The host is installed with Google Chrome before 50.0.2661.102 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle crafted JavaScript code. Successful exploitation allows remote attackers to cause a denial of service (buffer overflow) or poss ...

oval:org.secpod.oval:def:34391
The host is installed with Google Chrome before 50.0.2661.102 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle crafted JavaScript code. Successful exploitation allows remote attackers to cause a denial of service (buffer overflow) or poss ...

oval:org.secpod.oval:def:602520
Several vulnerabilities have been discovered in the chromium web browser. CVE-2016-1667 Mariusz Mylinski discovered a cross-origin bypass. CVE-2016-1668 Mariusz Mylinski discovered a cross-origin bypass in bindings to v8. CVE-2016-1669 Choongwoo Han discovered a buffer overflow in the v8 javascript ...

oval:org.secpod.oval:def:34404
The host is installed with Google Chrome before 50.0.2661.102 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle crafted JavaScript code. Successful exploitation allows remote attackers to cause a denial of service (buffer overflow) or poss ...

oval:org.secpod.oval:def:43036
The host is installed with Apple Mac OS 10.13.1 or 10.12.6 or 10.11.6 and is prone to multiple vulnerabilities. The flaw is present in the application, which fails to properly handle multiple issues. Successful exploitation allows remote attackers to execute arbitrary code or read restricted memory.

oval:org.secpod.oval:def:42486
The host is installed with Google Chrome before 62.0.3202.62 and is prone to an UI spoofing vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:42489
The host is installed with Google Chrome before 62.0.3202.62 and is prone to an URL spoofing vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:42488
The host is installed with Google Chrome before 62.0.3202.62 and is prone to an out-of-bounds read vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to disclose sensitive information.

oval:org.secpod.oval:def:42487
The host is installed with Google Chrome before 62.0.3202.62 and is prone to a content security bypass vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:42492
The host is installed with Google Chrome before 62.0.3202.62 and is prone to an incorrect registry key handling vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:42491
The host is installed with Google Chrome before 62.0.3202.62 and is prone to an out-of-bounds access vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:42490
The host is installed with Google Chrome before 62.0.3202.62 and is prone to an URL spoofing vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:42509
The host is installed with Google Chrome before 62.0.3202.62 and is prone to a UI spoofing vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:42508
The host is installed with Google Chrome before 62.0.3202.62 and is prone to a UI spoofing vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:42512
The host is installed with Google Chrome before 62.0.3202.62 and is prone to an out of bounds read vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:42511
The host is installed with Google Chrome before 62.0.3202.62 and is prone to a content security bypass vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:42510
The host is installed with Google Chrome before 62.0.3202.62 and is prone to a content security bypass vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:42516
The host is installed with Google Chrome before 62.0.3202.62 and is prone to an URL spoofing vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:42515
The host is installed with Google Chrome before 62.0.3202.62 and is prone to an URL spoofing vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:42514
The host is installed with Google Chrome before 62.0.3202.62 and is prone to an URL spoofing vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:42513
The host is installed with Google Chrome before 62.0.3202.62 and is prone to an out of bounds read vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:42519
The host is installed with Google Chrome before 62.0.3202.62 and is prone to an extension limitation bypass vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:42518
The host is installed with Google Chrome before 62.0.3202.62 and is prone to an extension limitation bypass vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:42517
The host is installed with Google Chrome before 62.0.3202.62 and is prone to an URL spoofing vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:42521
The host is installed with Google Chrome before 62.0.3202.62 and is prone to an incorrect registry key handling vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:42520
The host is installed with Google Chrome before 62.0.3202.62 and is prone to an incorrect registry key handling vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:603157
Several vulnerabilities have been discovered in the chromium web browser. In addition, this message serves as an announcement that security support for chromium in the oldstable release , Debian 8, is now discontinued. Debian 8 chromium users that desire continued security updates are strongly encou ...

oval:org.secpod.oval:def:113669
Chromium is an open-source web browser, powered by WebKit .

oval:org.secpod.oval:def:113714
Qt5 - QtWebEngine components.

oval:org.secpod.oval:def:113704
Qt5 - QtWebEngine components.

oval:org.secpod.oval:def:113701
Qt5 - QtWebEngine components.

oval:org.secpod.oval:def:113859
Chromium is an open-source web browser, powered by WebKit .

oval:org.secpod.oval:def:42501
The host is installed with Google Chrome before 62.0.3202.62 and is prone to a use-after-free vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to crash the service.

oval:org.secpod.oval:def:42538
The host is installed with Google Chrome before 62.0.3202.62 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:42539
The host is installed with Google Chrome before 62.0.3202.62 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:603265
Lalith Rallabhandi discovered that OmniAuth, a Ruby library for implementing multi-provider authentication in web applications, mishandled and leaked sensitive information. An attacker with access to the callback environment, such as in the case of a crafted web application, can request authenticati ...

oval:org.secpod.oval:def:1600840
Infinite loop issue triggered by invalid OPEN message allows denial-of-serviceAn infinite loop vulnerability was discovered in Quagga. A BGP peer could send specially crafted packets that would cause the daemon to enter an infinite loop, denying service and consuming CPU until it is restarted.Double ...

oval:org.secpod.oval:def:44095
quagga: BGP/OSPF/RIP routing daemon Several security issues were fixed in Quagga.

oval:org.secpod.oval:def:603272
Several vulnerabilities have been discovered in Quagga, a routing daemon. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2018-5378 It was discovered that the Quagga BGP daemon, bgpd, does not properly bounds check data sent with a NOTIFY to a peer, if an attrib ...

oval:org.secpod.oval:def:703986
quagga: BGP/OSPF/RIP routing daemon Several security issues were fixed in Quagga.

oval:org.secpod.oval:def:603275
Jonas Klempel reported that tomcat-native, a library giving Tomcat access to the Apache Portable Runtime library"s network connection implementation and random-number generator, does not properly handle fields longer than 127 bytes when parsing the AIA-Extension field of a client certificate. If O ...

oval:org.secpod.oval:def:38101
The host is installed with Wireshark 2.0.x before 2.0.7 or 2.2.x before 2.2.2 and is prone to a denial of service vulnerability. A flaw is present in the OpenFlow dissector, which fails to properly handle network traffic or a capture file. Successful exploitation allow attackers to crash the service ...

oval:org.secpod.oval:def:38102
The host is installed with Wireshark 2.0.x before 2.0.8 or 2.2.x before 2.2.2 and is prone to an unspecified vulnerability. A flaw is present in the OpenFlow dissector, which fails to properly handle network traffic or a capture file. Successful exploitation allow attackers to crash the service by f ...

oval:org.secpod.oval:def:38103
The host is installed with Wireshark 2.0.x before 2.0.8 or 2.2.x before 2.2.2 and is prone to a denial of service vulnerability. A flaw is present in the AllJoyn dissector, which fails to properly handle network traffic or a capture file. Successful exploitation allow attackers to crash the service ...

oval:org.secpod.oval:def:38104
The host is installed with Wireshark 2.0.x before 2.0.8 or 2.2.x before 2.2.2 and is prone to an use-after-free vulnerability. A flaw is present in the DCERPC dissector, which fails to properly handle network traffic or a capture file. Successful exploitation allow attackers to crash the service wit ...

oval:org.secpod.oval:def:43222
The host is installed with Wireshark 2.4.0 to 2.4.2 or 2.2.0 to 2.2.10 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to properly handle the NetBIOS dissector issue. Successful exploitation allows attackers to cause an application crash.

oval:org.secpod.oval:def:43221
The host is installed with Wireshark 2.4.0 to 2.4.2 or 2.2.0 to 2.2.10 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to properly handle the IWARP_MPA dissector issue. Successful exploitation allows attackers to cause an application crash.

oval:org.secpod.oval:def:43220
The host is installed with Wireshark 2.4.0 to 2.4.2 or 2.2.0 to 2.2.10 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to properly handle the CIP safety dissector issue. Successful exploitation allows attackers to cause an application crash.

oval:org.secpod.oval:def:603137
Liao Xinxi discovered that jackson-databind, a Java library used to parse JSON and other data formats, did not properly validate user input before attemtping deserialization. This allowed an attacker to perform code execution by providing maliciously crafted input.

oval:org.secpod.oval:def:1501253
The flaws were found in the way the Linux kernel's file system implementation handled rename operations in which the source was inside and the destination was outside of a bind mount. A privileged user inside a container could use this flaw to escape the bind mount and, potentially, escalate their p ...

oval:org.secpod.oval:def:44451
The host is installed with PostgreSQL 10.x before 10.1, 9.3.x before 9.3.20, 9.4.x before 9.4.15, 9.5.x before 9.5.10 or 9.6.x before 9.6.6 and is prone to a memory disclosure vulnerability. The flaw present in the application fails to handle the json function call issue. Successful exploitation all ...

oval:org.secpod.oval:def:603296
Several vulnerabilities have been discovered in the Dovecot email server. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2017-14461 Aleksandar Nikolic of Cisco Talos and "flxflndy" discovered that Dovecot does not properly parse invalid email addresses, which m ...

oval:org.secpod.oval:def:704003
dovecot: IMAP and POP3 email server Several security issues were fixed in Dovecot.

oval:org.secpod.oval:def:703988
libvirt: Libvirt virtualization toolkit Several security issues were fixed in libvirt.

oval:org.secpod.oval:def:43027
The host is installed with Wireshark 2.4.0 to 2.4.2 or 2.2.0 to 2.2.10 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to properly handle the CIP Safety dissector issue. Successful exploitation allows attackers to cause an application crash.

oval:org.secpod.oval:def:43028
The host is installed with Wireshark 2.4.0 to 2.4.2 or 2.2.0 to 2.2.10 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to properly handle the IWARP_MPA dissector issue. Successful exploitation allows attackers to cause an application crash.

oval:org.secpod.oval:def:43029
The host is installed with Wireshark 2.4.0 to 2.4.2 or 2.2.0 to 2.2.10 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to properly handle the NetBIOS dissector issue. Successful exploitation allows attackers to cause an application crash.

oval:org.secpod.oval:def:38108
The host is installed with Wireshark 2.0.x before 2.0.8 or 2.2.x before 2.2.2 and is prone to a denial of service vulnerability. A flaw is present in the OpenFlow dissector, which fails to properly handle network traffic or a capture file. Successful exploitation allow attackers to crash the service ...

oval:org.secpod.oval:def:38109
The host is installed with Wireshark 2.0.x before 2.0.8 or 2.2.x before 2.2.2 and is prone to an unspecified vulnerability. A flaw is present in the OpenFlow dissector, which fails to properly handle network traffic or a capture file. Successful exploitation allow attackers to crash the service by f ...

oval:org.secpod.oval:def:38110
The host is installed with Wireshark 2.0.x before 2.0.8 or 2.2.x before 2.2.2 and is prone to a denial of service vulnerability. A flaw is present in the AllJoyn dissector, which fails to properly handle network traffic or a capture file. Successful exploitation allow attackers to crash the service ...

oval:org.secpod.oval:def:38111
The host is installed with Wireshark 2.0.x before 2.0.8 or 2.2.x before 2.2.2 and is prone to an use-after-free vulnerability. A flaw is present in the DCERPC dissector, which fails to properly handle network traffic or a capture file. Successful exploitation allow attackers to crash the service wit ...

oval:org.secpod.oval:def:113957
curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+passwo ...

oval:org.secpod.oval:def:113962
curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+passwo ...

oval:org.secpod.oval:def:603251
Two vulnerabilities were discovered in cURL, an URL transfer library. CVE-2018-1000005 Zhouyihai Ding discovered an out-of-bounds read in the code handling HTTP/2 trailers. This issue doesn"t affect the oldstable distribution . CVE-2018-1000007 Craig de Stigter discovered that authentication data mi ...

oval:org.secpod.oval:def:603267
Meh Chang discovered a buffer overflow flaw in a utility function used in the SMTP listener of Exim, a mail transport agent. A remote attacker can take advantage of this flaw to cause a denial of service, or potentially the execution of arbitrary code via a specially crafted message.

oval:org.secpod.oval:def:114047
Exim is a message transfer agent developed at the University of Cambridge for use on Unix systems connected to the Internet. It is freely available under the terms of the GNU General Public Licence. In style it is similar to Smail 3, but its facilities are more general. There is a great deal of fle ...

oval:org.secpod.oval:def:114046
Exim is a message transfer agent developed at the University of Cambridge for use on Unix systems connected to the Internet. It is freely available under the terms of the GNU General Public Licence. In style it is similar to Smail 3, but its facilities are more general. There is a great deal of fle ...

oval:org.secpod.oval:def:703980
exim4: Exim is a mail transport agent Exim could be made to crash or run programs if it received specially crafted network traffic.

oval:org.secpod.oval:def:1501599
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Security Fix: * It was discovered that the Tomcat packages installed configuration file /usr/lib/tmpfiles.d/tomcat.conf writeable to the tomcat group. A member of the group or a malicious web application dep ...

oval:org.secpod.oval:def:204021
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Security Fix: * It was discovered that the Tomcat packages installed certain configuration files read by the Tomcat initialization script as writeable to the tomcat group. A member of the group or a malicio ...

oval:org.secpod.oval:def:204023
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Security Fix: * It was discovered that the Tomcat packages installed configuration file /usr/lib/tmpfiles.d/tomcat.conf writeable to the tomcat group. A member of the group or a malicious web application de ...

oval:org.secpod.oval:def:204707
The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix: * A buffer overrun flaw was found in the IMAP handler of libcurl. By tricking an unsuspecting user into connecting to a maliciou ...

oval:org.secpod.oval:def:603139
Brian Carpenter, Geeknik Labs and 0xd34db347 discovered that cURL, an URL transfer library, incorrectly parsed an IMAP FETCH response with size 0, leading to an out-of-bounds read.

oval:org.secpod.oval:def:502197
The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix: * A buffer overrun flaw was found in the IMAP handler of libcurl. By tricking an unsuspecting user into connecting to a maliciou ...

oval:org.secpod.oval:def:1600808
IMAP FETCH response out of bounds read:A buffer overrun flaw was found in the IMAP handler of libcurl. By tricking an unsuspecting user into connecting to a malicious IMAP server, an attacker could exploit this flaw to potentially cause information disclosure or crash the application

oval:org.secpod.oval:def:113611
curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+passwo ...

oval:org.secpod.oval:def:703862
curl: HTTP, HTTPS, and FTP client and client libraries curl could be made to crash or run programs if it received specially crafted network traffic.

oval:org.secpod.oval:def:113387
curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+passwo ...

oval:org.secpod.oval:def:114006
p7zip is a port of 7za.exe for Unix. 7-Zip is a file archiver with a very high compression ratio

oval:org.secpod.oval:def:114011
p7zip is a port of 7za.exe for Unix. 7-Zip is a file archiver with a very high compression ratio

oval:org.secpod.oval:def:113993
p7zip is a port of 7za.exe for Unix. 7-Zip is a file archiver with a very high compression ratio

oval:org.secpod.oval:def:113980
p7zip is a port of 7za.exe for Unix. 7-Zip is a file archiver with a very high compression ratio

oval:org.secpod.oval:def:603258
"landave" discovered a heap-based buffer overflow vulnerability in the NCompress::NShrink::CDecoder::CodeReal method in p7zip, a 7zr file archiver with high compression ratio. A remote attacker can take advantage of this flaw to cause a denial-of-service or, potentially the execution of arbitrary co ...

oval:org.secpod.oval:def:1600831
The NTLM authentication feature in curl and libcurl before 7.57.0 on 32-bit platforms allows attackers to cause a denial of service or possibly have unspecified other impact via vectors involving long user and password fields. The FTP wildcard function in curl and libcurl before 7.57.0 allows remot ...

oval:org.secpod.oval:def:603189
Two vulnerabilities were discovered in cURL, an URL transfer library. CVE-2017-8816 Alex Nichols discovered a buffer overrun flaw in the NTLM authentication code which can be triggered on 32bit systems where an integer overflow might occur when calculating the size of a memory allocation. CVE-2017-8 ...

oval:org.secpod.oval:def:703912
curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl.

oval:org.secpod.oval:def:43626
The host is installed with Apple Mac OS X 10.13.2 and is prone to a denial of service vulnerability. The flaw is present in the application, which fails to properly handle an out-of-bounds read issue. Successful exploitation allows attackers to cause a denial of service.

oval:org.secpod.oval:def:43228
curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl.

oval:org.secpod.oval:def:113718
curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+passwo ...

oval:org.secpod.oval:def:113749
curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+passwo ...

oval:org.secpod.oval:def:113977
Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS l ...

oval:org.secpod.oval:def:603278
Several vulnerabilities have been discovered in Squid3, a fully featured web proxy cache. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2018-1000024 Louis Dion-Marcil discovered that Squid does not properly handle processing of certain ESI responses. A remote ...

oval:org.secpod.oval:def:703974
squid3: Web proxy cache server Several security issues were fixed in Squid.

oval:org.secpod.oval:def:114081
X.Org X11 libXfont2 runtime library

oval:org.secpod.oval:def:114102
This is a simple library designed to help locate and load cursors. Cursors can be loaded from files or memory. A library of common cursors exists which map to the standard X cursor names.Cursors can exist in several sizes and the library automatically picks the best size.

oval:org.secpod.oval:def:114106
This is a simple library designed to help locate and load cursors. Cursors can be loaded from files or memory. A library of common cursors exists which map to the standard X cursor names.Cursors can exist in several sizes and the library automatically picks the best size.

oval:org.secpod.oval:def:114084
X.Org X11 libXfont2 runtime library

oval:org.secpod.oval:def:114092
X.Org X11 libXfont runtime library

oval:org.secpod.oval:def:114077
Quagga is free software that operates TCP/IP-based routing protocols. It takes a multi-server and multi-threaded approach to resolving the current complexity of the Internet. Quagga supports Babel, BGP4, BGP4+, BGP4-, IS-IS , OSPFv2, OSPFv3, RIPv1, RIPv2, RIPng, PIM-SSM and NHRP. Quagga is intended ...

oval:org.secpod.oval:def:114082
Quagga is free software that operates TCP/IP-based routing protocols. It takes a multi-server and multi-threaded approach to resolving the current complexity of the Internet. Quagga supports Babel, BGP4, BGP4+, BGP4-, IS-IS , OSPFv2, OSPFv3, RIPv1, RIPv2, RIPng, PIM-SSM and NHRP. Quagga is intended ...

oval:org.secpod.oval:def:114093
X.Org X11 libXfont runtime library

oval:org.secpod.oval:def:114056
GIMP is a powerful image composition and editing program, which can be extremely useful for creating logos and other graphics for webpages. GIMP has many of the tools and filters you would expect to find in similar commercial offerings, and some interesting extras as well. GIMP provides a large ima ...

oval:org.secpod.oval:def:1600848
Buffer overflow in b64decode function, possibly leading to remote code execution:An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. By sending a handcrafted message, a buffer overflow may happen. This can be used to execute code remotely

oval:org.secpod.oval:def:204760
The quagga packages contain Quagga, the free network-routing software suite that manages TCP/IP based protocols. Quagga supports the BGP4, BGP4+, OSPFv2, OSPFv3, RIPv1, RIPv2, and RIPng protocols, and is intended to be used as a Route Server and Route Reflector. Security Fix: * quagga: Double free v ...

oval:org.secpod.oval:def:603316
Marios Nicolaides discovered that the PHP plugin in uWSGI, a fast, self-healing application container server, does not properly handle a DOCUMENT_ROOT check during use of the --php-docroot option, allowing a remote attacker to mount a directory traversal attack and gain unauthorized read access to s ...

oval:org.secpod.oval:def:24906
The host is installed with Google Chrome before 43.0.2357.65 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to handle a crafted document. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:24905
The host is installed with Google Chrome before 43.0.2357.65 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to handle a crafted document. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:602177
Several vulnerabilities were discovered in the chromium web browser. CVE-2015-1266 Intended access restrictions could be bypassed for certain URLs like chrome://gpu. CVE-2015-1267 A way to bypass the Same Origin Policy was discovered. CVE-2015-1268 Mariusz Mlynski also discovered a way to bypass the ...

oval:org.secpod.oval:def:34398
The host is installed with Google Chrome before 50.0.2661.102 and is prone to a same origin policy bypass vulnerability. A flaw is present in the application, which fails to handle a crafted web site. Successful exploitation allows remote attackers to bypass the Same Origin Policy.

oval:org.secpod.oval:def:34399
The host is installed with Google Chrome before 50.0.2661.102 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle crafted JavaScript code. Successful exploitation allows remote attackers to cause a denial of service (buffer overflow) or poss ...

oval:org.secpod.oval:def:34397
The host is installed with Google Chrome before 50.0.2661.102 and is prone to a same origin policy bypass vulnerability. A flaw is present in the application, which fails to handle a crafted web site. Successful exploitation allows remote attackers to bypass the Same Origin Policy.

oval:org.secpod.oval:def:34763
The host is installed with Google Chrome before 51.0.2704.63 and is prone to a CSP bypass vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34764
The host is installed with Google Chrome before 51.0.2704.63 and is prone to an out-of-bound vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34761
The host is installed with Google Chrome before 51.0.2704.63 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34762
The host is installed with Google Chrome before 51.0.2704.63 and is prone to a heap based overflow vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34760
The host is installed with Google Chrome before 51.0.2704.63 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34758
The host is installed with Google Chrome before 51.0.2704.63 and is prone to a type confusion vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34759
The host is installed with Google Chrome before 51.0.2704.63 and is prone to a heap based overflow vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34756
The host is installed with Google Chrome before 51.0.2704.63 and is prone to a cross-origin bypass vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34757
The host is installed with Google Chrome before 51.0.2704.63 and is prone to a cross-origin bypass vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34754
The host is installed with Google Chrome before 51.0.2704.63 and is prone to a cross-origin bypass vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34755
The host is installed with Google Chrome before 51.0.2704.63 and is prone to a cross-origin bypass vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34753
The host is installed with Google Chrome before 51.0.2704.63 and is prone to a cross-origin bypass vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34776
The host is installed with Google Chrome before 51.0.2704.63 and is prone to multiple vulnerabilities. The flaws are present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34774
The host is installed with Google Chrome before 51.0.2704.63 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34775
The host is installed with Google Chrome before 51.0.2704.63 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34772
The host is installed with Google Chrome before 51.0.2704.63 and is prone to a heap based buffer-overflow vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34773
The host is installed with Google Chrome before 51.0.2704.63 and is prone to a cross-origin bypass vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34770
The host is installed with Google Chrome before 51.0.2704.63 and is prone to a heap buffer overflow vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34771
The host is installed with Google Chrome before 51.0.2704.63 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34769
The host is installed with Google Chrome before 51.0.2704.63 and is prone to an out-of-bounds read vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34767
The host is installed with Google Chrome before 51.0.2704.63 and is prone to an out-of-bounds read vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34768
The host is installed with Google Chrome before 51.0.2704.63 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34766
The host is installed with Google Chrome before 51.0.2704.63 and is prone to an out-of-bounds read vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:42550
The host is installed with Google Chrome before 62.0.3202.62 and is prone to an UI spoofing vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34395
The host is missing a high severity security update according to Google advisory. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34396
The host is missing a high severity security update according to Google advisory. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34777
The host is missing a high severity security update according to Google advisory. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:24899
The host is installed with Google Chrome before 42.0.2311.135 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to handle a MutationObserver object that is not currently registered. Successful exploitation could allow attackers to cause a denial of se ...

oval:org.secpod.oval:def:24900
The host is installed with Google Chrome before 42.0.2311.135 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to handle a MutationObserver object that is not currently registered. Successful exploitation could allow attackers to cause a denial of se ...

oval:org.secpod.oval:def:24901
The host is installed with Google Chrome before 42.0.2311.135 and is prone to multiple unspecified vulnerabilities. The flaws are present in the application, which fails to handle unknown vectors. Successful exploitation could allow attackers to cause a denial of service or possibly have other impac ...

oval:org.secpod.oval:def:24902
The host is installed with Google Chrome before 42.0.2311.135 and is prone to multiple unspecified vulnerabilities. The flaws are present in the application, which fails to handle unknown vectors. Successful exploitation could allow attackers to cause a denial of service or possibly have other impac ...

oval:org.secpod.oval:def:34751
The host is missing a high severity security update according to Google advisory. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34752
The host is missing a high severity security update according to Google advisory. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:34802
The host is missing a high severity security update according to Google advisory. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:703071
oxide-qt: Web browser engine for Qt Several security issues were fixed in Oxide.

oval:org.secpod.oval:def:34002
The host is installed with Google Chrome before 50.0.2661.75 and is prone to multiple unspecified vulnerabilities. The flaws are present in the application, which fails to handle unknown vectors. Successful exploitation allow attackers to cause a denial service or possibly have other impact.

oval:org.secpod.oval:def:34000
The host is installed with Google Chrome before 50.0.2661.75 and is prone to an address bar spoofing vulnerability. A flaw is present in the application, which fails to handle a crafted URL. Successful exploitation allows remote attackers to spoof the address bar.

oval:org.secpod.oval:def:34001
The host is installed with Google Chrome before 50.0.2661.75 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle a crafted extension. Successful exploitation allows remote attackers to bypass the same origin policy and obtain sensitive ...

oval:org.secpod.oval:def:602468
Several vulnerabilities have been discovered in the chromium web browser. CVE-2016-1651 An out-of-bounds read issue was discovered in the pdfium library. CVE-2016-1652 A cross-site scripting issue was discovered in extension bindings. CVE-2016-1653 Choongwoo Han discovered an out-of-bounds write iss ...

oval:org.secpod.oval:def:34030
The host is installed with Google Chrome before 50.0.2661.75 and is prone to a cross-site scripting vulnerability. A flaw is present in the application, which fails to handle a crafted web site. Successful exploitation of this vulnerability allow remote attackers to inject arbitrary web script or HT ...

oval:org.secpod.oval:def:34037
The host is installed with Google Chrome before 50.0.2661.75 and is prone to multiple unspecified vulnerabilities. The flaws are present in the application, which fails to handle unknown vectors. Successful exploitation allow attackers to cause a denial service or possibly have other impact.

oval:org.secpod.oval:def:34035
The host is installed with Google Chrome before 50.0.2661.75 and is prone to an address bar spoofing vulnerability. A flaw is present in the application, which fails to handle a crafted URL. Successful exploitation allows remote attackers to spoof the address bar.

oval:org.secpod.oval:def:34036
The host is installed with Google Chrome before 50.0.2661.75 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle a crafted extension. Successful exploitation allows remote attackers to bypass the same origin policy and obtain sensitive ...

oval:org.secpod.oval:def:34033
The host is installed with Google Chrome before 50.0.2661.75 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle unknown vectors. Successful exploitation allows remote attackers to cause a denial of service (invalid read operation).

oval:org.secpod.oval:def:34034
The host is installed with Google Chrome before 50.0.2661.75 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to handle a crafted extension. Successful exploitation of this vulnerability allows remote attackers to cause a denial of service (use-after ...

oval:org.secpod.oval:def:34031
The host is installed with Google Chrome before 50.0.2661.75 and is prone to an out-of-bounds vulnerability. A flaw is present in the application, which fails to handle a crafted JavaScript code that triggers an out-of-bounds write operation. Successful exploitation of this vulnerability allow remot ...

oval:org.secpod.oval:def:34032
The host is installed with Google Chrome before 50.0.2661.75 and is prone to an out-of-bounds vulnerability. A flaw is present in the application, which fails to handle a crafted JPEG 2000 data in a PDF document. Successful exploitation of this vulnerability allow remote attackers to obtain sensitiv ...

oval:org.secpod.oval:def:34028
The host is installed with Google Chrome before 50.0.2661.75 and is prone to multiple unspecified vulnerabilities. The flaws are present in the application, which fails to handle unknown vectors. Successful exploitation allow attackers to cause a denial service or possibly have other impact.

oval:org.secpod.oval:def:34029
The host is missing a high severity security update according to Google advisory. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle a specially crafted data. Successful exploitation allow an attacker to execute arbitrary code in t ...

oval:org.secpod.oval:def:34026
The host is installed with Google Chrome before 50.0.2661.75 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle a crafted extension. Successful exploitation allows remote attackers to bypass the same origin policy and obtain sensitive ...

oval:org.secpod.oval:def:34027
The host is installed with Google Chrome before 50.0.2661.75 and is prone to multiple unspecified vulnerabilities. The flaws are present in the application, which fails to handle unknown vectors. Successful exploitation allow attackers to cause a denial service or possibly have other impact.

oval:org.secpod.oval:def:34024
The host is installed with Google Chrome before 50.0.2661.75 and is prone to an address bar spoofing vulnerability. A flaw is present in the application, which fails to handle a crafted URL. Successful exploitation allows remote attackers to spoof the address bar.

oval:org.secpod.oval:def:34025
The host is installed with Google Chrome before 50.0.2661.75 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle a crafted extension. Successful exploitation allows remote attackers to bypass the same origin policy and obtain sensitive ...

oval:org.secpod.oval:def:34022
The host is installed with Google Chrome before 50.0.2661.75 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to handle a crafted extension. Successful exploitation of this vulnerability allows remote attackers to cause a denial of service (use-after ...

oval:org.secpod.oval:def:34023
The host is installed with Google Chrome before 50.0.2661.75 and is prone to an address bar spoofing vulnerability. A flaw is present in the application, which fails to handle a crafted URL. Successful exploitation allows remote attackers to spoof the address bar.

oval:org.secpod.oval:def:34020
The host is installed with Google Chrome before 50.0.2661.75 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle unknown vectors. Successful exploitation allows remote attackers to cause a denial of service (invalid read operation).

oval:org.secpod.oval:def:34021
The host is installed with Google Chrome before 50.0.2661.75 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to handle a crafted extension. Successful exploitation of this vulnerability allows remote attackers to cause a denial of service (use-after ...

oval:org.secpod.oval:def:34019
The host is installed with Google Chrome before 50.0.2661.75 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle unknown vectors. Successful exploitation allows remote attackers to cause a denial of service (invalid read operation).

oval:org.secpod.oval:def:34017
The host is installed with Google Chrome before 50.0.2661.75 and is prone to an out-of-bounds vulnerability. A flaw is present in the application, which fails to handle a crafted JPEG 2000 data in a PDF document. Successful exploitation of this vulnerability allow remote attackers to obtain sensitiv ...

oval:org.secpod.oval:def:34018
The host is installed with Google Chrome before 50.0.2661.75 and is prone to an out-of-bounds vulnerability. A flaw is present in the application, which fails to handle a crafted JPEG 2000 data in a PDF document. Successful exploitation of this vulnerability allow remote attackers to obtain sensitiv ...

oval:org.secpod.oval:def:34015
The host is installed with Google Chrome before 50.0.2661.75 and is prone to an out-of-bounds vulnerability. A flaw is present in the application, which fails to handle a crafted JavaScript code that triggers an out-of-bounds write operation. Successful exploitation of this vulnerability allow remot ...

oval:org.secpod.oval:def:34016
The host is installed with Google Chrome before 50.0.2661.75 and is prone to an out-of-bounds vulnerability. A flaw is present in the application, which fails to handle a crafted JavaScript code that triggers an out-of-bounds write operation. Successful exploitation of this vulnerability allow remot ...

oval:org.secpod.oval:def:34013
The host is installed with Google Chrome before 50.0.2661.75 and is prone to a cross-site scripting vulnerability. A flaw is present in the application, which fails to handle a crafted web site. Successful exploitation of this vulnerability allow remote attackers to inject arbitrary web script or HT ...

oval:org.secpod.oval:def:34014
The host is installed with Google Chrome before 50.0.2661.75 and is prone to a cross-site scripting vulnerability. A flaw is present in the application, which fails to handle a crafted web site. Successful exploitation of this vulnerability allow remote attackers to inject arbitrary web script or HT ...

oval:org.secpod.oval:def:34011
The host is missing a high severity security update according to Google advisory. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle a specially crafted data. Successful exploitation allow an attacker to execute arbitrary code in t ...

oval:org.secpod.oval:def:34012
The host is missing a high severity security update according to Google advisory. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle a specially crafted data. Successful exploitation allow an attacker to execute arbitrary code in t ...

oval:org.secpod.oval:def:33999
The host is installed with Google Chrome before 50.0.2661.75 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to handle a crafted extension. Successful exploitation of this vulnerability allows remote attackers to cause a denial of service (use-after ...

oval:org.secpod.oval:def:33996
The host is installed with Google Chrome before 50.0.2661.75 and is prone to an out-of-bounds vulnerability. A flaw is present in the application, which fails to handle a crafted JavaScript code that triggers an out-of-bounds write operation. Successful exploitation of this vulnerability allow remot ...

oval:org.secpod.oval:def:33995
The host is installed with Google Chrome before 50.0.2661.75 and is prone to a cross-site scripting vulnerability. A flaw is present in the application, which fails to handle a crafted web site. Successful exploitation of this vulnerability allow remote attackers to inject arbitrary web script or HT ...

oval:org.secpod.oval:def:33998
The host is installed with Google Chrome before 50.0.2661.75 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle unknown vectors. Successful exploitation allows remote attackers to cause a denial of service (invalid read operation).

oval:org.secpod.oval:def:33997
The host is installed with Google Chrome before 50.0.2661.75 and is prone to an out-of-bounds vulnerability. A flaw is present in the application, which fails to handle a crafted JPEG 2000 data in a PDF document. Successful exploitation of this vulnerability allow remote attackers to obtain sensitiv ...

oval:org.secpod.oval:def:24917
The host is installed with Google Chrome before 43.0.2357.65 and is prone to a denial of service vulnerability. A flaw is present in the application, which does not properly handle an insufficient number of values in an feColorMatrix filter. Successful exploitation could allow attackers to cause a d ...

oval:org.secpod.oval:def:24918
The host is installed with Google Chrome before 43.0.2357.65 and is prone to a denial of service vulnerability. A flaw is present in the application, which does not properly handle an insufficient number of values in an feColorMatrix filter. Successful exploitation could allow attackers to cause a d ...

oval:org.secpod.oval:def:24910
The host is installed with Google Chrome before 43.0.2357.65 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to handle a crafted document. Successful exploitation could allow attackers to cause a denial of service or possibly have unspecified other ...

oval:org.secpod.oval:def:24911
The host is installed with Google Chrome before 43.0.2357.65 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to handle vectors that trigger a write operation with a large amount of data, related to the PartialCircularBuffer::Write and PartialCircula ...

oval:org.secpod.oval:def:24912
The host is installed with Google Chrome before 43.0.2357.65 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to handle vectors that trigger a write operation with a large amount of data, related to the PartialCircularBuffer::Write and PartialCircula ...

oval:org.secpod.oval:def:24913
The host is installed with Google Chrome before 43.0.2357.65 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to handle crafted JavaScript code that appends a child to a SCRIPT element, related to the insert and executeReparentTask functions. Success ...

oval:org.secpod.oval:def:24914
The host is installed with Google Chrome before 43.0.2357.65 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to handle crafted JavaScript code that appends a child to a SCRIPT element, related to the insert and executeReparentTask functions. Success ...

oval:org.secpod.oval:def:24915
The host is installed with Google Chrome before 43.0.2357.65 and is prone to a security bypass vulnerability. A flaw is present in the application, which enables the inheritance of the designMode attribute. Successful exploitation could allow attackers to bypass the Same Origin Policy.

oval:org.secpod.oval:def:24916
The host is installed with Google Chrome before 43.0.2357.65 and is prone to a security bypass vulnerability. A flaw is present in the application, which enables the inheritance of the designMode attribute. Successful exploitation could allow attackers to bypass the Same Origin Policy.

oval:org.secpod.oval:def:24907
The host is installed with Google Chrome before 43.0.2357.65 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to handle stop action for an audio track. Successful exploitation could allow attackers to cause a denial of service (heap memory corruption ...

oval:org.secpod.oval:def:24908
The host is installed with Google Chrome before 43.0.2357.65 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to handle stop action for an audio track. Successful exploitation could allow attackers to cause a denial of service (heap memory corruption ...

oval:org.secpod.oval:def:24909
The host is installed with Google Chrome before 43.0.2357.65 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to handle a crafted document. Successful exploitation could allow attackers to cause a denial of service or possibly have unspecified other ...

oval:org.secpod.oval:def:24921
The host is installed with Google Chrome before 43.0.2357.65 and is prone to a denial of service vulnerability. A flaw is present in the application, which does not properly initialize memory. Successful exploitation could allow attackers to cause a denial of service or possibly have unspecified oth ...

oval:org.secpod.oval:def:24922
The host is installed with Google Chrome before 43.0.2357.65 and is prone to a denial of service vulnerability. A flaw is present in the application, which does not properly initialize memory. Successful exploitation could allow attackers to cause a denial of service or possibly have unspecified oth ...

oval:org.secpod.oval:def:24923
The host is installed with Google Chrome before 43.0.2357.65 and is prone to multiple use-after-free vulnerabilities. The flaws are present in the application, which fails to handle a crafted JavaScript code that executes upon completion of a getUserMedia request. Successful exploitation could allow ...

oval:org.secpod.oval:def:24924
The host is installed with Google Chrome before 43.0.2357.65 and is prone to multiple use-after-free vulnerabilities. The flaws are present in the application, which fails to handle a crafted JavaScript code that executes upon completion of a getUserMedia request. Successful exploitation could allow ...

oval:org.secpod.oval:def:1501504
The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fix: A heap-based buffer overflow flaw was found in the way libxml2 parsed certain crafted XML input. A remote attacker could provide a specially crafted XML file that, when opened in an appl ...

oval:org.secpod.oval:def:1501506
The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fix: A heap-based buffer overflow flaw was found in the way libxml2 parsed certain crafted XML input. A remote attacker could provide a specially crafted XML file that, when opened in an appl ...

oval:org.secpod.oval:def:1600423
A heap-based buffer overflow flaw was found in the way libxml2 parsed certain crafted XML input. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or execute arbitrary code with the permission ...

oval:org.secpod.oval:def:34290
The host is installed with Apple iTunes before 12.4.2 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation allows attackers to crash the service.

oval:org.secpod.oval:def:35693
The host is installed with RHEL 6 or 7 and is prone to a stack overflow vulnerability. A flaw is present in the application, which fails to properly handle crafted xml file. Successful exploitation could allow attackers to crash the service.

oval:org.secpod.oval:def:203957
The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fix: A heap-based buffer overflow flaw was found in the way libxml2 parsed certain crafted XML input. A remote attacker could provide a specially crafted XML file that, when opened in an appl ...

oval:org.secpod.oval:def:203956
The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fix: A heap-based buffer overflow flaw was found in the way libxml2 parsed certain crafted XML input. A remote attacker could provide a specially crafted XML file that, when opened in an appl ...

oval:org.secpod.oval:def:400734
This update for libxml2 fixes the following security issues: - CVE-2016-2073, CVE-2015-8806, CVE-2016-1839: A Heap-buffer overread was fixed in libxml2/dict.c [bsc#963963, bsc#965283, bsc#981114]. - CVE-2016-4483: Code was added to avoid an out of bound access when serializing malformed strings [bsc ...

oval:org.secpod.oval:def:602524
Several vulnerabilities were discovered in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause a denial-of-service against the applica ...

oval:org.secpod.oval:def:703151
libxml2: GNOME XML library Several security issues were fixed in libxml2.

oval:org.secpod.oval:def:501844
The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fix: A heap-based buffer overflow flaw was found in the way libxml2 parsed certain crafted XML input. A remote attacker could provide a specially crafted XML file that, when opened in an appl ...

oval:org.secpod.oval:def:36255
The host is missing a security update according to Apple advisory APPLE-SA-2016-07-18-6. The update is required to fix multiple memory corruption vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows attackers to crash the servi ...

oval:org.secpod.oval:def:36326
The host is missing a security update according to Apple advisory APPLE-SA-2016-07-18-1. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted website. Successful exploitation allows attackers to crash the service, disclose th ...

oval:org.secpod.oval:def:36314
The host is installed with Apple Mac OS X or Server 10.9.5, 10.10.5 or 10.11.x before 10.11.6 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle unspecified vectors. Successful exploitation could allow remote attackers to have unsp ...

oval:org.secpod.oval:def:602558
Yves Younan of Cisco Talos discovered several vulnerabilities in the MXit protocol support in pidgin, a multi-protocol instant messaging client. A remote attacker can take advantage of these flaws to cause a denial of service , overwrite files, information disclosure, or potentially to execute arbit ...

oval:org.secpod.oval:def:40380
The host is installed with Pidgin before 2.11.0 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle the MXIT protocol. Successful exploitation allows attackers to cause an application crash.

oval:org.secpod.oval:def:40381
The host is installed with Pidgin before 2.11.0 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle the MXIT protocol. Successful exploitation allows attackers to cause an application crash.

oval:org.secpod.oval:def:40384
The host is installed with Pidgin before 2.11.0 and is prone to a null pointer dereference vulnerability. A flaw is present in the application, which fails to properly handle the MXIT protocol. Successful exploitation allows attackers to potentially result in a denial of service.

oval:org.secpod.oval:def:40385
The host is installed with Pidgin before 2.11.0 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle the MXIT protocol. Successful exploitation allows attackers to send invalid data.

oval:org.secpod.oval:def:40382
The host is installed with Pidgin before 2.11.0 and is prone to an out-of-bounds read vulnerability. A flaw is present in the application, which fails to properly handle the MXIT protocol. Successful exploitation allows attackers to trigger an out-of-bounds read vulnerability.

oval:org.secpod.oval:def:40383
The host is installed with Pidgin before 2.11.0 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle the MXIT protocol. Successful exploitation allows attackers to cause code execution or memory disclosure.

oval:org.secpod.oval:def:40388
The host is installed with Pidgin before 2.11.0 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle the MXIT protocol. Successful exploitation allows attackers to cause out-of-bounds read.

oval:org.secpod.oval:def:40389
The host is installed with Pidgin before 2.11.0 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle the MXIT protocol. Successful exploitation allows attackers to cause an out-of-bounds write leading to memory disclosure and code ex ...

oval:org.secpod.oval:def:40386
The host is installed with Pidgin before 2.11.0 and is prone to a out-of-bounds write vulnerability. A flaw is present in the application, which fails to properly handle the MXIT protocol. Successful exploitation allows attackers to cause memory corruption resulting in code execution.

oval:org.secpod.oval:def:40387
The host is installed with Pidgin before 2.11.0 and is prone to a out-of-bounds read vulnerability. A flaw is present in the application, which fails to properly handle the MXIT protocol. Successful exploitation allows attackers to cause denial of service or copy data from memory to the file.

oval:org.secpod.oval:def:40391
The host is installed with Pidgin before 2.11.0 and is prone to a buffer overflow vulnerability. A flaw is present in the application, which fails to properly handle the MXIT data. Successful exploitation allows attackers to send an invalid size for a packet which will trigger a buffer overflow.

oval:org.secpod.oval:def:40392
The host is installed with Pidgin before 2.11.0 and is prone to a buffer overflow vulnerability. A flaw is present in the application, which fails to properly handle the MXIT data. Successful exploitation allows attackers to send a negative content-length in response to a HTTP request triggering the ...

oval:org.secpod.oval:def:40390
The host is installed with Pidgin before 2.11.0 and is prone to an out-of-bounds read vulnerability. A flaw is present in the application, which fails to properly handle the MXIT contact information. Successful exploitation allows attackers to cause an out-of-bounds read.

oval:org.secpod.oval:def:40395
The host is installed with Pidgin before 2.11.0 and is prone to an out-of-bounds read vulnerability. A flaw is present in the application, which fails to properly handle a crafted MXIT data. Successful exploitation allows attackers to convince users to enter a particular string which would then get ...

oval:org.secpod.oval:def:40396
The host is installed with Pidgin before 2.11.0 and is prone to a directory traversal vulnerability. A flaw is present in the application, which fails to properly handle a crafted MXIT data. Successful exploitation allows attackers to provide an invalid filename for a splash image.

oval:org.secpod.oval:def:40393
The host is installed with Pidgin before 2.11.0 and is prone to a buffer overflow vulnerability. A flaw is present in the application, which fails to properly handle the MXIT data. Successful exploitation allows attackers to send negative length values to trigger this vulnerability.

oval:org.secpod.oval:def:703204
pidgin: graphical multi-protocol instant messaging client for X Pidgin could be made to crash or run programs if it received specially crafted network traffic.

oval:org.secpod.oval:def:1600454
After testing original CVE-2016-5420 patch, it was discovered that libcurl built on top of NSS still incorrectly re-uses client certificates if a certificate from file is used for one TLS connection but no certificate is set for a subsequent TLS connection.

oval:org.secpod.oval:def:204134
The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix: * It was found that the libcurl library did not prevent TLS session resumption when the client certificate had changed. An attac ...

oval:org.secpod.oval:def:1501656
The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix: * It was found that the libcurl library did not prevent TLS session resumption when the client certificate had changed. An attac ...

oval:org.secpod.oval:def:38489
The host is missing a critical security update according to Apple advisory, APPLE-SA-2016-12-13-1. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle crafted data. Successful exploitation could allow attackers to execute a ...

oval:org.secpod.oval:def:501913
The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix: * It was found that the libcurl library did not prevent TLS session resumption when the client certificate had changed. An attac ...

oval:org.secpod.oval:def:703118
oxide-qt: Web browser engine for Qt Several security issues were fixed in Oxide.

oval:org.secpod.oval:def:36986
The host is installed with Wireshark 2.0.x before 2.0.6 and is prone to a denial of service vulnerability. A flaw is present in the IPMI trace dissector, which does not properly consider whether a string is constant. Successful exploitation allows remote attackers to cause a denial of service (use-a ...

oval:org.secpod.oval:def:36976
The host is installed with Wireshark 2.0.x before 2.0.6 and is prone to a denial of service vulnerability. A flaw is present in the IPMI trace dissector, which does not properly consider whether a string is constant. Successful exploitation allows remote attackers to cause a denial of service (use-a ...

oval:org.secpod.oval:def:36985
The host is installed with Wireshark 2.0.x before 2.0.6 and is prone to a denial of service vulnerability. A flaw is present in the Catapult DCT2000 dissector, which fails to handle a malformed packet. Successful exploitation allows remote attackers to cause a denial of service (application crash).

oval:org.secpod.oval:def:36984
The host is installed with Wireshark 2.0.x before 2.0.6 and is prone to a denial of service vulnerability. A flaw is present in the UMTS FP dissector, which does not ensure that memory is allocated for certain data structures. Successful exploitation allows remote attackers to cause a denial of serv ...

oval:org.secpod.oval:def:36975
The host is installed with Wireshark 2.0.x before 2.0.6 and is prone to a denial of service vulnerability. A flaw is present in the Catapult DCT2000 dissector, which fails to handle a malformed packet. Successful exploitation allows remote attackers to cause a denial of service (application crash).

oval:org.secpod.oval:def:36974
The host is installed with Wireshark 2.0.x before 2.0.6 and is prone to a denial of service vulnerability. A flaw is present in the UMTS FP dissector, which does not ensure that memory is allocated for certain data structures. Successful exploitation allows remote attackers to cause a denial of serv ...

oval:org.secpod.oval:def:36983
The host is installed with Wireshark 2.0.x before 2.0.6 and is prone to a denial of service vulnerability. A flaw is present in the Catapult DCT2000 dissector, which does not restrict the number of channels. Successful exploitation allows remote attackers to cause a denial of service (buffer over-re ...

oval:org.secpod.oval:def:36982
The host is installed with Wireshark 2.0.x before 2.0.6 and is prone to a denial of service vulnerability. A flaw is present in the H.225 dissector, which calls snprintf with one of its input buffers as the output buffer. Successful exploitation allows remote attackers to cause a denial of service ( ...

oval:org.secpod.oval:def:36973
The host is installed with Wireshark 2.0.x before 2.0.6 and is prone to a denial of service vulnerability. A flaw is present in the Catapult DCT2000 dissector, which does not restrict the number of channels. Successful exploitation allows remote attackers to cause a denial of service (buffer over-re ...

oval:org.secpod.oval:def:36972
The host is installed with Wireshark 2.0.x before 2.0.6 and is prone to a denial of service vulnerability. A flaw is present in the H.225 dissector, which calls snprintf with one of its input buffers as the output buffer. Successful exploitation allows remote attackers to cause a denial of service ( ...

oval:org.secpod.oval:def:602619
Multiple vulnerabilities were discovered in the dissectors for H.225, Catapult DCT2000, UMTS FP and IPMI, which could result in denial of service or the execution of arbitrary code.

oval:org.secpod.oval:def:1501568
The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file managers. ...

oval:org.secpod.oval:def:1600453
A flaw was found in the way libarchive handled hardlink archive entries of non-zero size. Combined with flaws in libarchive"s file system sandboxing, this issue could cause an application using libarchive to overwrite arbitrary files with arbitrary data from the archive. Multiple out-of-bounds write ...

oval:org.secpod.oval:def:204001
The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file managers. ...

oval:org.secpod.oval:def:400781
libarchive was updated to fix 20 security issues. These security issues were fixed: - CVE-2015-8918: Overlapping memcpy in CAB parser . - CVE-2015-8919: Heap out of bounds read in LHA/LZH parser . - CVE-2015-8920: Stack out of bounds read in ar parser . - CVE-2015-8921: Global out of bounds read in ...

oval:org.secpod.oval:def:1501571
The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file managers. ...

oval:org.secpod.oval:def:204000
The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file managers. ...

oval:org.secpod.oval:def:1800226
An out-of-bounds read in cmstypes.c in Type_MLU_Read function was found, leading to heap memory leak triggered by crafted ICC profile. Patch:

oval:org.secpod.oval:def:1800913
CVE-2016-10195: dns remote stack over read vulnerability; Fixed in libevent 2.1.6

oval:org.secpod.oval:def:1800558
CVE-2017-7867: Heap-buffer overflow in utext_setNativeIndex function

oval:org.secpod.oval:def:1800609
A vulnerability has been found where an authenticated client can send a malicious XML-RPC request to supervisord that will run arbitrary shell commands on the server. The commands will be run as the same user as supervisord. Depending on how supervisord has been configured, this may be root. Affecte ...

oval:org.secpod.oval:def:1800719
An attacker can craft an RSS item with shell code in the title and/or URL. When you bookmark such an item, your shell will execute that code. Newsbeuter versions 0.7 through 2.9 are affected.

oval:org.secpod.oval:def:1800087
CVE-2017-12837: Heap-based buffer overflow in the regular expression compiler in PERL before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service via a crafted regular expression with the case-insensitive modifier.

oval:org.secpod.oval:def:1800178
An IMAP FETCH response line indicates the size of the returned data, in number of bytes. When that response says the data is zero bytes, libcurl would pass on that data with a pointer and the size to the deliver-data function. Affected versions: libcurl 7.20.0 to and including 7.56.0 Not affected ...

oval:org.secpod.oval:def:1800286
CVE-2017-12172: Start scripts permit database administrator to modify root-owned files CVE-2017-15098: Memory disclosure in JSON functions CVE-2017-15099: INSERT ... ON CONFLICT DO UPDATE fails to enforce SELECT privileges Fixed In: postgresql 9.2.24, postgresql 9.3.20, postgresql 9.4.15, postgresql ...

oval:org.secpod.oval:def:1800466
CVE-2017-14746: Use-after-free vulnerability. Affected Versions: All versions of Samba from 4.0.0 onwards. Fixed In: Samba 4.7.3, 4.6.11 and 4.5.15

oval:org.secpod.oval:def:1800458
A non-privileged X client can instruct X server running under root to open any file by creating own directory with "fonts.dir","fonts.alias" or any font file being a symbolic link to any other file in the system. X server will then open it. This can be issue with special files such as /dev/watchdog. ...

oval:org.secpod.oval:def:1800465
It is possible to trigger heap overflows due to an integer overflow while parsing images and a signedness issue while parsing comments.The integer overflow occurs because the chosen limit 0x10000 for dimensions is too large for 32 bit systems, because each pixel takes4 bytes. Properly chosen values ...

oval:org.secpod.oval:def:1800162
CVE-2017-16548: The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing "\0" character in an xattr name, which allows remote attackers to cause a denial of service or possibly have unspecified other impact by sending crafted data to the daemon.

oval:org.secpod.oval:def:1800488
CVE-2017-6362: Double-free in gdImagePngPtr. Double free vulnerability in the gdImagePngPtr function in libgd2 before 2.2.5 allows remote attackers to cause a denial of service via vectors related to a palette with no colors. Fixed In Version: libgd 2.2.5

oval:org.secpod.oval:def:1800399
CVE-2018-1000024: Incorrect pointer handling when processing ESI Responses can lead to denial of service; Due to incorrect pointer handling, Squid versions 3.x and 4.x are vulnerable to a denial of service attack when processing ESI responses. This problem allows a remote server delivering certain ...

oval:org.secpod.oval:def:1800564
A vulnerability has been found where an authenticated client can send a malicious XML-RPC request to supervisord that will run arbitrary shell commands on the server. The commands will be run as the same user as supervisord. Depending on how supervisord has been configured, this may be root. Affecte ...

oval:org.secpod.oval:def:1800557
An attacker can craft an RSS item with shell code in the title and/or URL. When you bookmark such an item, your shell will execute that code. Newsbeuter versions 0.7 through 2.9 are affected.

oval:org.secpod.oval:def:1800584
GNU Emacs before 25.3 allows remote attackers to execute arbitrary code via email with crafted "Content-Type: text/enriched" data containing an x-display XML element that specifies execution of shell commands, related to an unsafe text/enriched extension in lisp/textmodes/enriched.el, and unsafe Gnu ...

oval:org.secpod.oval:def:1800364
Improper Neutralization of Special Elements used in an OS Command in the podcast playback function of Podbeuter in Newsbeuter 0.3 through 2.9 allows remote attackers to perform user-assisted code execution by crafting an RSS item with a media enclosure that includes shell metacharacters in its file ...

oval:org.secpod.oval:def:1800391
An IMAP FETCH response line indicates the size of the returned data, in number of bytes. When that response says the data is zero bytes, libcurl would pass on that data with a pointer and the size to the deliver-data function. Affected versions:¶ libcurl 7.20.0 to and including 7.56.0 Not aff ...

oval:org.secpod.oval:def:1800642
CVE-2017-17083: NetBIOS dissector crash¶ Affected versions: 2.4.0 to 2.4.2, 2.2.0 to 2.2.10 Fixed versions: 2.4.3, 2.2.11

oval:org.secpod.oval:def:1800474
In Exim 4.90 and earlier, there is a buffer overflow in an utility function, if some pre-conditions are met. Using a handcrafted message, remote code execution seems to be possible.

oval:org.secpod.oval:def:603195
Multiple vulnerabilities have been found in Tor, a connection-based low-latency anonymous communication system.

oval:org.secpod.oval:def:113785
The Tor network is a group of volunteer-operated servers that allows people to improve their privacy and security on the Internet. Tor's users employ this network by connecting through a series of virtual tunnels rather than making a direct connection, thus allowing both organizations and indivi ...

oval:org.secpod.oval:def:113786
The Tor network is a group of volunteer-operated servers that allows people to improve their privacy and security on the Internet. Tor's users employ this network by connecting through a series of virtual tunnels rather than making a direct connection, thus allowing both organizations and indivi ...

oval:org.secpod.oval:def:1800554
CVE-2017-3735: Malformed X.509 IPAdressFamily could cause OOB read. If an X.509 certificate has a malformed IPAddressFamily extension,OpenSSL could do a one-byte buffer overread. The most likely result would be an erroneous display of the certificate in text format. Fixed In Version: openssl 1.0.2m, ...

oval:org.secpod.oval:def:1800125
Parsing the Rich Text Format character style index was insufficiently checked for validity. Documents can be constructed which dereference an iterator to the first entry of an empty STL container. Fixed In: libreoffice 5.1.4, libreoffice 5.2.0

oval:org.secpod.oval:def:1800148
It is possible to trigger heap overflows due to an integer overflow while parsing images and a signedness issue while parsing comments.The integer overflow occurs because the chosen limit 0x10000 for dimensions is too large for 32 bit systems, because each pixel takes4 bytes. Properly chosen values ...

oval:org.secpod.oval:def:1800264
CVE-2016-5423: CASE/WHEN with in lining can cause untrusted pointer dereference. Fixed In Version: postgresql 9.5.4, postgresql 9.4.9, postgresql 9.3.14, postgresql 9.2.18, postgresql 9.1.23 CVE-2016-5424: database and role names with embedded special characters can allow code injection during admi ...

oval:org.secpod.oval:def:1800289
CVE-2018-1000024: Incorrect pointer handling when processing ESI Responses can lead to denial of service. Due to incorrect pointer handling, Squid versions 3.x and 4.x are vulnerable to a denial of service attack when processing ESI responses. This problem allows a remote server delivering certain ...

oval:org.secpod.oval:def:1800302
CVE-2016-1238: loading of modules from current directory Fixed In Version: perl 5.22.3, perl 5.24.1

oval:org.secpod.oval:def:1800361
CVE-2016-10195: dns remote stack overread vulnerability. Fixed in libevent 2.1.6

oval:org.secpod.oval:def:1800369
The aspath_put function in bgpd/bgp_aspath.c in Quagga before 1.2.2 allows remote attackers to cause a denial of service via BGP UPDATE messages, because AS_PATH size calculation for long paths counts certain bytes twice and consequently constructs an invalid message.

oval:org.secpod.oval:def:1800374
Incorrect SASL authentication in the CharybdisIRC server may lead to users impersonating other users. Fixed In Version: 3.5.3.

oval:org.secpod.oval:def:1800383
x86: inconsistent cachability flags on guest mappings. Multiple mappings of the same physical page with different cachability setting can cause problems. While one category affects only guests themselves , the other category being Machine Check exceptions can be fatal to entire hosts.

oval:org.secpod.oval:def:1800390
An attacker can craft an RSS item with shell code in the title and/or URL. When you bookmark such an item, your shell will execute that code. Newsbeuter versions 0.7 through 2.9 are affected.

oval:org.secpod.oval:def:1800393
Buffer overflow in the DecodeAdpcmImaQT function in modules/codec/adpcm.c in VideoLAN VLC media player before 2.2.4 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted QuickTime IMA file.

oval:org.secpod.oval:def:1800397
CVE-2016-7440: mariadb 5.5.53, mariadb 10.1.19 CVE-2016-5584: mariadb 5.5.53, mariadb 10.1.19 Reference:

oval:org.secpod.oval:def:1800407
A vulnerability has been found where an authenticated client can send a malicious XML-RPC request to supervisord that will run arbitrary shell commands on the server. The commands will be run as the same user as supervisord. Depending on how supervisord has been configured, this may be root. Affecte ...

oval:org.secpod.oval:def:1800429
The bgp_nlri_parse_vpnv4 function in bgp_mplsvpn.c in the VPNv4 NLRI parser in bgpd in Quagga before 1.0.20160309, when a certain VPNv4 configuration is used, relies on a Labeled-VPN SAFI routes-data length field during a data copy, which allows remote attackers to execute arbitrary code or cause a ...

oval:org.secpod.oval:def:1800464
A heap overflow in collectd"s network plugin which can be triggered remotely and is potentially exploitable. Fixed In Version: collectd 5.5.2, collectd 5.4.3

oval:org.secpod.oval:def:1800469
Improper Neutralization of Special Elements used in an OS Command in the podcast playback function of Podbeuter in Newsbeuter 0.3 through 2.9 allows remote attackers to perform user-assisted code execution by crafting an RSS item with a media enclosure that includes shell metacharacters in its file ...

oval:org.secpod.oval:def:1800486
libcurl would attempt to resume a TLS session even if the client certificate had changed. That is unacceptable since a server by specification is allowed to skip the client certificate check on resume, and may instead use the old identity which was established by the previous certificate . libcurl s ...

oval:org.secpod.oval:def:1800496
It was found that setting VNC password to empty string doesn"t work in a way as it"s documented. The documented semantics of setting the password to an empty string are that it disables all access to the VNC server, however in fact it allows all users access with no authentication required instead.

oval:org.secpod.oval:def:1800505
CVE-2016-5419: TLS session resumption client cert bypass. Fixed In Version: curl 7.50.1 CVE-2016-5420: Re-using connection with wrong client cert. Fixed In Version: curl 7.50.1 CVE-2016-5421: Use of connection struct after free. Fixed In Version: curl 7.50.1

oval:org.secpod.oval:def:1800581
CVE-2017-14746: Use-after-free vulnerability. Affected Versions: All versions of Samba from 4.0.0 onwards. Fixed In: Samba 4.7.3, 4.6.11 and 4.5.15

oval:org.secpod.oval:def:1800665
CVE-2017-16548: The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing "\0" character in an xattr name, which allows remote attackers to cause a denial of service or possibly have unspecified other impact by sending crafted data to the daemon.

oval:org.secpod.oval:def:1800681
CVE-2017-6362: Double-free in gdImagePngPtr. Double free vulnerability in the gdImagePngPtr function in libgd2 before 2.2.5 allows remote attackers to cause a denial of service via vectors related to a palette with no colors. Fixed In Version: libgd 2.2.5

oval:org.secpod.oval:def:1800748
A design flaw was found in the libgcrypt PRNG . An attacker who can obtain the first 580 bytes of the PRNG output, can trivially predict the following 20 bytes. Fixed In Version: libgcrypt 1.7.3, libgcrypt 1.6.6, libgcrypt 1.5.6, gnupg 1.4.21

oval:org.secpod.oval:def:1800916
A vulnerability was found in Vim which would allow arbitrary shell commands to be run if a user opened a file with a malicious modeline. This is due to lack of validation of values for a few options. Those options" values are then used in Vim"s scripts to build a command string that"s evaluated by : ...

oval:org.secpod.oval:def:114110
Transmission is a free, lightweight BitTorrent client. It features a simple, intuitive interface on top on an efficient, cross-platform back-end.

oval:org.secpod.oval:def:1800943
CVE-2018-6758: The uwsgi_expand_path function in core/utils.c in Unbit uWSGI through 2.0.15 has a stack-based buffer overflow via a large directory length.

oval:org.secpod.oval:def:1800949
CVE-2018-6758: The uwsgi_expand_path function in core/utils.c in Unbit uWSGI through 2.0.15 has a stack-based buffer overflow via a large directory length.

oval:org.secpod.oval:def:1800951
CVE-2018-7490: uwsgi before 2.0.17 mishandles a DOCUMENT_ROOT check during use of the --php-docroot option, allowing directory traversal. Fixed In Version:¶ uwsgi 2.0.17

oval:org.secpod.oval:def:44840
The host is installed with Apple Mac OS X 10.11.6 or 10.12.6 and is prone to an integer overflow vulnerability. A flaw is present in the application, which fails to properly handle bounds checking. Successful exploitation leads to integer overflow.

oval:org.secpod.oval:def:114228
Dovecot is an IMAP server for Linux/UNIX-like systems, written with security primarily in mind. It also contains a small POP3 server. It supports mail in either of maildir or mbox formats. The SQL drivers and authentication plug-ins are in their subpackages.

oval:org.secpod.oval:def:114255
The bchunk package contains a UNIX/C rewrite of the BinChunker program. BinChunker converts a CD image in a .bin/.cue format into a set of .iso and .cdr tracks. The .bin/.cue format is used by some non-UNIX CD-writing software, but is not supported on most other CD-writing programs.

oval:org.secpod.oval:def:114245
The bchunk package contains a UNIX/C rewrite of the BinChunker program. BinChunker converts a CD image in a .bin/.cue format into a set of .iso and .cdr tracks. The .bin/.cue format is used by some non-UNIX CD-writing software, but is not supported on most other CD-writing programs.

oval:org.secpod.oval:def:114274
Equipped with a powerful blend of features, Drupal is a Content Management System written in PHP that can support a variety of websites ranging from personal weblogs to large community-driven websites. Drupal is highly configurable, skinnable, and secure.

oval:org.secpod.oval:def:114273
Equipped with a powerful blend of features, Drupal is a Content Management System written in PHP that can support a variety of websites ranging from personal weblogs to large community-driven websites. Drupal is highly configurable, skinnable, and secure.

oval:org.secpod.oval:def:110869
Perl is a high-level programming language with roots in C, sed, awk and shell scripting. Perl is good at handling processes and files, and is especially good at handling text. Perl's hallmarks are practicality and efficiency. While it is used to do a lot of different things, Perl's most comm ...

oval:org.secpod.oval:def:110874
Perl is a high-level programming language with roots in C, sed, awk and shell scripting. Perl is good at handling processes and files, and is especially good at handling text. Perl's hallmarks are practicality and efficiency. While it is used to do a lot of different things, Perl's most comm ...

oval:org.secpod.oval:def:110885
Perl is a high-level programming language with roots in C, sed, awk and shell scripting. Perl is good at handling processes and files, and is especially good at handling text. Perl's hallmarks are practicality and efficiency. While it is used to do a lot of different things, Perl's most comm ...

oval:org.secpod.oval:def:113157
The kernel meta package

oval:org.secpod.oval:def:113249
The kernel meta package

oval:org.secpod.oval:def:704051
perl: Practical Extraction and Report Language Several security issues were fixed in Perl.

oval:org.secpod.oval:def:45092
perl: Practical Extraction and Report Language Several security issues were fixed in Perl.

oval:org.secpod.oval:def:114282
The kernel meta package

CVE    726
CVE-2015-8327
CVE-2015-8560
CVE-2016-9119
CVE-2016-0787
...
*CPE
cpe:/o:debian:debian_linux:8.0

© 2013 SecPod Technologies