[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

96174

 
 

909

 
 

78077

 
 

109

Paid content will be excluded from the download.


Download | Alert*


oval:org.secpod.oval:def:104572
These are the GNU core utilities. This package is the combination of the old GNU fileutils, sh-utils, and textutils packages.

oval:org.secpod.oval:def:1300169
Multiple vulnerabilities has been found and corrected in coreutils: Long line inputs could trigger a segfault in the sort, uniq and join utilities . The updated packages have been patched to correct these issues.

oval:org.secpod.oval:def:106292
389 Directory Server is an LDAPv3 compliant server. The base package includes the LDAP server and command line utilities for server administration.

oval:org.secpod.oval:def:106181
The mod_nss module provides strong cryptography for the Apache Web server via the Secure Sockets Layer and Transport Layer Security protocols using the Network Security Services security library.

oval:org.secpod.oval:def:202927
The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * Information leaks in the Linux kernel could allow a local, unprivileged user to leak kernel memory to user-space. * An information leak was found in the Linux ker ...

oval:org.secpod.oval:def:500856
The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. An uninitialized data structure use flaw was found in BIND when DNSSEC validation was en ...

oval:org.secpod.oval:def:500141
The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. An off-by-one flaw was found in the way BIND processed negative responses with large res ...

oval:org.secpod.oval:def:202586
OpenSSH is OpenBSD"s Secure Shell protocol implementation. These packages include the core files necessary for the OpenSSH client and server. Due to the way the pam_ssh_agent_auth PAM module was built in Red Hat Enterprise Linux 6, the glibc"s error function was called rather than the intended erro ...

oval:org.secpod.oval:def:500817
OpenSSH is OpenBSD"s Secure Shell protocol implementation. These packages include the core files necessary for the OpenSSH client and server. A denial of service flaw was found in the OpenSSH GSSAPI authentication implementation. A remote, authenticated user could use this flaw to make the OpenSSH ...

oval:org.secpod.oval:def:500986
OpenSSH is OpenBSD"s Secure Shell protocol implementation. These packages include the core files necessary for the OpenSSH client and server. Due to the way the pam_ssh_agent_auth PAM module was built in Red Hat Enterprise Linux 6, the glibc"s error function was called rather than the intended erro ...

oval:org.secpod.oval:def:500794
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way the php-cgi executable processed command line arguments when running in CGI mode. A remote attacker could send a specially-crafted request to a PHP script that would result in the query ...

oval:org.secpod.oval:def:501084
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the way PHP parsed deeply nested XML documents. If a PHP application used the xml_parse_into_struct function to parse untrusted XML content, an attacker able to supply specially- ...

oval:org.secpod.oval:def:501548
PostgreSQL is an advanced object-relational database management system . An information leak flaw was found in the way the PostgreSQL database server handled certain error messages. An authenticated database user could possibly obtain the results of a query they did not have privileges to execute by ...

oval:org.secpod.oval:def:21811
The host is installed with Emacs 24.3 and earlier and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to properly handle a symlink attack on a /tmp/Mosaic temporary file. Successful exploitation allows local users to overwrite arbitrary files.

oval:org.secpod.oval:def:21812
The host is installed with Emacs 24.3 and earlier and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to properly handle a symlink attack on a /tmp/tramp temporary file. Successful exploitation allows local users to overwrite arbitrary files.

oval:org.secpod.oval:def:21810
The host is installed with Emacs 24.3 and earlier and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to properly handle a symlink attack on a temporary file under /tmp/esrc/. Successful exploitation allows local users to overwrite arbitrary files.

oval:org.secpod.oval:def:21809
The host is installed with Emacs 24.3 and earlier and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to properly handle a symlink attack on the /tmp/gnus.face.ppm temporary file. Successful exploitation allows local users to overwrite arbitrary files.

oval:org.secpod.oval:def:501376
The kernel packages contain the Linux kernel, the core of any Linux operating system. * An out-of-bounds memory access flaw was found in the Linux kernel"s system call auditing implementation. On a system with existing audit rules defined, a local, unprivileged user could use this flaw to leak kerne ...

oval:org.secpod.oval:def:500152
Mozilla Thunderbird is a standalone mail and newsgroup client. This erratum blacklists a small number of HTTPS certificates. This update also fixes the following bug: * The RHSA-2011:0312 and RHSA-2011:0311 updates introduced a regression, preventing some Java content and plug-ins written in Java f ...

oval:org.secpod.oval:def:501008
The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security . It was discovered that GnuTLS leaked timing information when decrypting TLS/SSL protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use ...

oval:org.secpod.oval:def:500168
Mozilla Thunderbird is a standalone mail and newsgroup client. It was found that a Certificate Authority issued a fraudulent HTTPS certificate. This update renders any HTTPS certificates signed by that CA as untrusted, except for a select few. The now untrusted certificates that were issued before ...

oval:org.secpod.oval:def:500134
Mozilla Thunderbird is a standalone mail and newsgroup client. The RHSA-2011:1243 Thunderbird update rendered HTTPS certificates signed by a certain Certificate Authority as untrusted, but made an exception for a select few. This update removes that exception, rendering every HTTPS certificate sign ...

oval:org.secpod.oval:def:501082
The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * Information leaks in the Linux kernel could allow a local, unprivileged user to leak kernel memory to user-space. * An information leak was found in the Linux ker ...

oval:org.secpod.oval:def:501093
The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A flaw was found in the way the Linux kernel"s Stream Control Transmission Protocol implementation handled duplicate cookies. If a local user queried SCTP connect ...

oval:org.secpod.oval:def:501064
The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security . It was discovered that the fix for the CVE-2013-1619 issue released via RHSA-2013:0588 introduced a regression in the way GnuTLS decrypted TLS/SSL encrypted records when CBC-mode cip ...

oval:org.secpod.oval:def:20410
The RPM package ntp should be installed.

oval:org.secpod.oval:def:20419
Check output of /usr/sbin/sestatus or check if /selinux exists.

oval:org.secpod.oval:def:20404
The RPM package hal should be removed.

oval:org.secpod.oval:def:500775
The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security . A flaw was found in the way GnuTLS decrypted malformed TLS records. This could cause a TLS/SSL client or server to crash when processing a specially-crafted TLS record from a remote ...

oval:org.secpod.oval:def:20465
File permissions for all syslog log files should be set correctly.

oval:org.secpod.oval:def:20466
The RPM package mdadm should be removed.

oval:org.secpod.oval:def:20463
The RPM package vsftpd should be installed.

oval:org.secpod.oval:def:20499
The RPM package ntpdate should be removed.

oval:org.secpod.oval:def:20495
The RPM package libcgroup should be removed.

oval:org.secpod.oval:def:20492
The RPM package at should be removed.

oval:org.secpod.oval:def:20491
The RPM package abrt should be removed.

oval:org.secpod.oval:def:20513
The RPM package cyrus-sasl should be removed.

oval:org.secpod.oval:def:20514
The RPM package sysstat should be removed.

oval:org.secpod.oval:def:20511
The RPM package subscription-manager should be removed.

oval:org.secpod.oval:def:20504
The RPM package psacct should be installed.

oval:org.secpod.oval:def:20503
The RPM package portreserve should be removed.

oval:org.secpod.oval:def:20501
The RPM package oddjob should be removed.

oval:org.secpod.oval:def:20508
The RPM package iputils should be removed.

oval:org.secpod.oval:def:20507
The RPM package quota should be removed.

oval:org.secpod.oval:def:105961
RubyGems is the Ruby standard for publishing and managing third party libraries.

oval:org.secpod.oval:def:500834
MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. A flaw was found in the way MySQL processed HANDLER READ NEXT statements after deleting a record. A remote, authenticated attacker could use this flaw to provide ...

oval:org.secpod.oval:def:500869
The GIMP is an image composition and editing program. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP"s GIF image format plug-in. An attacker could create a specially-crafted GIF image file that, when opened, could cause the GIF plug-in to crash or, potentia ...

oval:org.secpod.oval:def:500813
Python is an interpreted, interactive, object-oriented programming language. A denial of service flaw was found in the implementation of associative arrays in Python. An attacker able to supply a large number of inputs to a Python application that are used as keys when inserting data into an array ...

oval:org.secpod.oval:def:20198
The RPM package openssh-server should be removed.

oval:org.secpod.oval:def:20195
Generic test for x86 architecture to be used by other tests

oval:org.secpod.oval:def:20193
Generic test for x86_64 architecture to be used by other tests

oval:org.secpod.oval:def:106011
RubyGems is the Ruby standard for publishing and managing third party libraries.

oval:org.secpod.oval:def:500001
Red Hat Enterprise Linux 6 is installed

oval:org.secpod.oval:def:500979
The hplip packages contain the Hewlett-Packard Linux Imaging and Printing Project , which provides drivers for Hewlett-Packard printers and multi-function peripherals. Several temporary file handling flaws were found in HPLIP. A local attacker could use these flaws to perform a symbolic link attack, ...

oval:org.secpod.oval:def:500930
The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. DNS64 is used to automatically generate DNS records so IPv6 based clients can access IPv ...

oval:org.secpod.oval:def:20204
The RPM package samba-common should be removed.

oval:org.secpod.oval:def:20201
The RPM package postfix should be installed.

oval:org.secpod.oval:def:20278
The RPM package kexec-tools should be removed.

oval:org.secpod.oval:def:20279
The RPM package smartmontools should be removed.

oval:org.secpod.oval:def:20286
The RPM package nfs-utils should be removed.

oval:org.secpod.oval:def:20267
All syslog log files should be owned by the appropriate group.

oval:org.secpod.oval:def:20276
The RPM package rhnsd should be removed.

oval:org.secpod.oval:def:20249
The RPM package pam_ldap should be removed.

oval:org.secpod.oval:def:20248
Check for pam_ldap.so presence.

oval:org.secpod.oval:def:501474
The mailx packages contain a mail user agent that is used to manage mail using scripts. A flaw was found in the way mailx handled the parsing of email addresses. A syntactically valid email address could allow a local attacker to cause mailx to execute arbitrary shell commands through shell meta-cha ...

oval:org.secpod.oval:def:501097
The hplip packages contain the Hewlett-Packard Linux Imaging and Printing Project , which provides drivers for Hewlett-Packard printers and multi-function peripherals. HPLIP communicated with PolicyKit for authorization via a D-Bus API that is vulnerable to a race condition. This could lead to inten ...

oval:org.secpod.oval:def:20314
The RPM package qpid-cpp-server should be removed.

oval:org.secpod.oval:def:20307
The RPM package dbus should be removed.

oval:org.secpod.oval:def:20302
The RPM package cups should be removed.

oval:org.secpod.oval:def:20300
The RPM package ypbind should be removed.

oval:org.secpod.oval:def:25167
The host is installed with gnutls on Red Hat Enterprise Linux 6 or 7 and is prone to a cross-signature attack vulnerability. A flaw is present in the application, which fails to properly validate whether the two signature algorithms match on certificate import. Successful exploitation could allow at ...

oval:org.secpod.oval:def:20364
The RPM package iptables should be installed.

oval:org.secpod.oval:def:20344
The RPM package policycoreutils should be installed.

oval:org.secpod.oval:def:20354
The RPM package iptables-ipv6 should be installed.

oval:org.secpod.oval:def:501140
Python is an interpreted, interactive, object-oriented programming language. A flaw was found in the way the Python SSL module handled X.509 certificate fields that contain a NULL byte. An attacker could potentially exploit this flaw to conduct man-in-the-middle attacks to spoof SSL servers. Note th ...

oval:org.secpod.oval:def:20342
The RPM package irqbalance should be installed.

oval:org.secpod.oval:def:20331
The RPM package cpuspeed should be removed.

oval:org.secpod.oval:def:20388
The RPM package audit should be installed.

oval:org.secpod.oval:def:20398
The RPM package dhcp should be removed.

oval:org.secpod.oval:def:20394
The RPM package cronie should be installed.

oval:org.secpod.oval:def:500176
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. An uninitialized variable use flaw was found in OpenSSL. This flaw could cause an application using the OpenSSL Certificate Revoca ...

oval:org.secpod.oval:def:500296
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A race condition flaw has been found in the OpenSSL TLS server extension parsing code, which could affect some multithreaded OpenS ...

oval:org.secpod.oval:def:500754
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was discovered that the Datagram Transport Layer Security protocol implementation in OpenSSL leaked timing information when pe ...

oval:org.secpod.oval:def:500773
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A NULL pointer dereference flaw was found in the way OpenSSL parsed Secure/Multipurpose Internet Mail Extensions messages. An att ...

oval:org.secpod.oval:def:500779
Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A flaw in the Samba suite"s Perl-based DCE/RPC IDL compiler, used to generate code to handle RPC calls, ...

oval:org.secpod.oval:def:501001
The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. DNS64 is used to automatically generate DNS records so IPv6 based clients can access IPv ...

oval:org.secpod.oval:def:20438
Directory permissions for /var/log/httpd should be set appropriately.

oval:org.secpod.oval:def:20439
Disable Zeroconf automatic route assignment in the 169.254.0.0 subnet.

oval:org.secpod.oval:def:20436
The squid service should be disabled if possible.

oval:org.secpod.oval:def:20437
The lockd service should be configured to use a static port or a dynamic portmapper port for TCP as appropriate.

oval:org.secpod.oval:def:20434
Plaintext authentication of mail clients should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:20435
A warning banner for all FTP users should be enabled or disabled as appropriate

oval:org.secpod.oval:def:20432
Logging of vsftpd transactions should be enabled or disabled as appropriate

oval:org.secpod.oval:def:20433
The Samba (SMB) service should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:20441
Enable privacy extensions for IPv6

oval:org.secpod.oval:def:20442
The anacron service should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:20440
The disable option will allow the IPv6 module to be inserted, but prevent address assignment and activation of the network stack.

oval:org.secpod.oval:def:20427
The password retry should meet minimum requirements using pam_cracklib

oval:org.secpod.oval:def:20428
Emulation of the rsh command through the ssh server should be disabled (and dependencies are met)

oval:org.secpod.oval:def:20425
Restriction of NFS clients to privileged ports should be enabled or disabled as appropriate

oval:org.secpod.oval:def:20426
The rpcsvcgssd service should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:20423
Checks /etc/inittab to ensure that default runlevel is set to 3.

oval:org.secpod.oval:def:20424
The RPM package dhcpd should be removed.

oval:org.secpod.oval:def:20421
The mountd service should be configured to use a static port or a dynamic portmapper port as appropriate

oval:org.secpod.oval:def:20422
File uploads via vsftpd should be enabled or disabled as appropriate

oval:org.secpod.oval:def:20429
The PATH variable should be set correctly for user root

oval:org.secpod.oval:def:20430
The netfs service should be disabled if possible.

oval:org.secpod.oval:def:20431
Root squashing should be enabled or disabled as appropriate for all NFS shares.

oval:org.secpod.oval:def:20416
The CUPS print service can be configured to broadcast a list of available printers to the network. Other machines on the network, also running the CUPS print service, can be configured to listen to these broadcasts and add and configure these printers for immediate use. By disabling this browsing ca ...

oval:org.secpod.oval:def:20417
The number of allowed failed logins should be set correctly.

oval:org.secpod.oval:def:20414
DHCPDECLINE messages should be accepted or denied by the DHCP server as appropriate

oval:org.secpod.oval:def:20415
By default, locally configured printers will not be shared over the network, but if this functionality has somehow been enabled, these recommendations will disable it again. Be sure to disable outgoing printer list broadcasts, or remote users will still be able to see the locally configured printers ...

oval:org.secpod.oval:def:20412
Root login via SSH should be disabled (and dependencies are met)

oval:org.secpod.oval:def:20413
The nfslock service should be disabled if possible.

oval:org.secpod.oval:def:20411
A remote NTP Server for time synchronization should be specified (and dependencies are met)

oval:org.secpod.oval:def:20420
SSH warning banner should be enabled (and dependencies are met).

oval:org.secpod.oval:def:20405
The haldaemon service should be disabled if possible.

oval:org.secpod.oval:def:20406
The avahi-daemon service should be disabled if possible.

oval:org.secpod.oval:def:20403
The bluetooth service should be disabled if possible.

oval:org.secpod.oval:def:20401
BOOTP queries should be accepted or denied by the DHCP server as appropriate.

oval:org.secpod.oval:def:20402
The RPM package ypserv should be removed.

oval:org.secpod.oval:def:20400
The httpd service should be disabled if possible.

oval:org.secpod.oval:def:20409
The ntpd service should be enable or disable as appropriate.

oval:org.secpod.oval:def:20407
The nodev option should be enabled for all NFS mounts in /etc/fstab.

oval:org.secpod.oval:def:20408
SSH's cryptographic host-based authentication is more secure than .rhosts authentication. However, it is not recommended that hosts unilaterally trust one another, even within an organization.

oval:org.secpod.oval:def:20478
The .netrc files contain login information used to auto-login into FTP servers and reside in the user's home directory. Any .netrc files should be removed.

oval:org.secpod.oval:def:20479
The password hashing algorithm should be set correctly in /etc/login.defs.

oval:org.secpod.oval:def:20476
The number of allowed failed logins should be set correctly.

oval:org.secpod.oval:def:20477
The system's default desktop environment, GNOME, uses a number of different thumbnailer programs to generate thumbnails for any new or modified content in an opened folder. Disable the execution of these thumbnail applications within GNOME.

oval:org.secpod.oval:def:20485
The 'rsyslog' to Accept Messages via TCP, if Acting As Log Server should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:20486
max_log_file_action setting in /etc/audit/auditd.conf is set to a certain action

oval:org.secpod.oval:def:20483
Manually configure addresses for IPv6

oval:org.secpod.oval:def:20484
Define default gateways for IPv6 traffic

oval:org.secpod.oval:def:20481
The direct gnome login warning banner should be set correctly.

oval:org.secpod.oval:def:20482
The RPC IPv6 Support should be configured appropriately based rpc services.

oval:org.secpod.oval:def:20480
The password hashing algorithm should be set correctly in /etc/libuser.conf.

oval:org.secpod.oval:def:20469
The noexec mount option prevents the direct execution of binaries on the mounted filesystem. Users should not be allowed to execute binaries that exist on partitions mounted from removable media (such as a USB key). The noexec option prevents code from being executed directly from the media itself, ...

oval:org.secpod.oval:def:20467
The mdmonitor service should be disabled if possible.

oval:org.secpod.oval:def:20468
Enable the GUI warning banner.

oval:org.secpod.oval:def:20474
Record attempts to alter time through settimeofday.

oval:org.secpod.oval:def:20475
The rexec service should be disabled if possible.

oval:org.secpod.oval:def:20472
The nfs service should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:20473
PermitUserEnvironment should be disabled

oval:org.secpod.oval:def:20470
Test if HostLimit line in logwatch.conf is set appropriately. On a central logserver, you want Logwatch to summarize all syslog entries, including those which did not originate on the logserver itself. The HostLimit setting tells Logwatch to report on all hosts, not just the one on which it is runni ...

oval:org.secpod.oval:def:20471
The RPM package xorg-x11-server-common should be removed.

oval:org.secpod.oval:def:20458
The changing of file permissions and attributes should be audited.

oval:org.secpod.oval:def:20459
The changing of file permissions and attributes should be audited.

oval:org.secpod.oval:def:20456
The changing of file permissions and attributes should be audited.

oval:org.secpod.oval:def:20457
The changing of file permissions and attributes should be audited.

oval:org.secpod.oval:def:20454
The changing of file permissions and attributes should be audited.

oval:org.secpod.oval:def:20455
The changing of file permissions and attributes should be audited.

oval:org.secpod.oval:def:20464
Require the use of TLS for ldap clients.

oval:org.secpod.oval:def:20461
The changing of file permissions and attributes should be audited.

oval:org.secpod.oval:def:20462
IP forwarding should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:20460
The changing of file permissions and attributes should be audited.

oval:org.secpod.oval:def:20449
Record attempts to alter time through /etc/localtime

oval:org.secpod.oval:def:20447
Record attempts to alter time through stime, note that this is only relevant on 32bit architecture.

oval:org.secpod.oval:def:20448
Record attempts to alter time through clock_settime.

oval:org.secpod.oval:def:20445
The kernel runtime parameter "net.ipv6.conf.default.accept_ra" should be set to "0".

oval:org.secpod.oval:def:20446
The kernel runtime parameter "net.ipv6.conf.default.accept_redirects" should be set to "0".

oval:org.secpod.oval:def:20443
Global IPv6 initialization should be disabled.

oval:org.secpod.oval:def:20444
Systems that are using the 64-bit x86 kernel package do not need to install the kernel-PAE package because the 64-bit x86 kernel already includes this support. However, if the system is 32-bit and also supports the PAE and NX features as determined in the previous section, the kernel-PAE package sho ...

oval:org.secpod.oval:def:20452
The changing of file permissions and attributes should be audited.

oval:org.secpod.oval:def:20453
The changing of file permissions and attributes should be audited.

oval:org.secpod.oval:def:20450
The changing of file permissions and attributes should be audited.

oval:org.secpod.oval:def:20451
The changing of file permissions and attributes should be audited.

oval:org.secpod.oval:def:20498
The ntpdate service should be disabled if possible.

oval:org.secpod.oval:def:20489
action_mail_acct setting in /etc/audit/auditd.conf is set to a certain account

oval:org.secpod.oval:def:20487
space_left_action setting in /etc/audit/auditd.conf is set to a certain action

oval:org.secpod.oval:def:20488
admin_space_left_action setting in /etc/audit/auditd.conf is set to a certain action

oval:org.secpod.oval:def:20496
The cgred service should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:20497
The netconsole service should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:20494
The cgconfig service should be disabled if possible.

oval:org.secpod.oval:def:20493
The atd service should be disabled if possible.

oval:org.secpod.oval:def:20490
The abrtd service should be disabled if possible.

oval:org.secpod.oval:def:20515
The sysstat service should be disabled if possible.

oval:org.secpod.oval:def:20516
The certmonger service should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:20512
The saslauthd service should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:20510
The rhsmcertd service should be disabled if possible.

oval:org.secpod.oval:def:20519
The accounts should be configured to expire automatically following password expiration.

oval:org.secpod.oval:def:20517
The '.rhosts' or 'hosts.equiv' files should exists or doesn't exists on the system.

oval:org.secpod.oval:def:20518
The TFTP daemon should use secure mode.

oval:org.secpod.oval:def:20505
The psacct service should be enabled if possible.

oval:org.secpod.oval:def:20502
The portreserve service should be disabled if possible.

oval:org.secpod.oval:def:20500
The oddjobd service should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:20509
The rdisc service should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:20506
The quota_nld service should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:20544
The yum-updatesd service should be disabled

oval:org.secpod.oval:def:20542
File permissions for /bin, /usr/bin, /usr/local/bin, /sbin, /usr/sbin and /usr/local/sbin should be set correctly.

oval:org.secpod.oval:def:20543
The RPM package openswan should be installed.

oval:org.secpod.oval:def:20537
max_log_file setting in /etc/audit/auditd.conf is set to at least a certain value

oval:org.secpod.oval:def:20538
Ctrl-Alt-Del Reboot Activation should be set as appropriate.

oval:org.secpod.oval:def:20535
The RPM package sendmail should be removed.

oval:org.secpod.oval:def:20536
num_logs setting in /etc/audit/auditd.conf is set to at least a certain value

oval:org.secpod.oval:def:20533
Directory permissions for /etc/httpd/conf/ should be set as appropriate.

oval:org.secpod.oval:def:20534
Protect against unnecessary release of information.

oval:org.secpod.oval:def:20531
Dovecot plaintext authentication of clients should be enabled or disabled as necessary

oval:org.secpod.oval:def:20532
In the event temporary or emergency accounts are required, configure the system to terminate them after a documented time period.

oval:org.secpod.oval:def:20539
SSL capabilities should be enabled for the mail server.

oval:org.secpod.oval:def:20540
The apache2 server's ServerSignature value should be set appropriately.

oval:org.secpod.oval:def:20541
The Avahi daemon should be configured to serve via Ipv6 or not as appropriate.

oval:org.secpod.oval:def:20526
The kernel runtime parameter "kernel.dmesg_restrict" should be set to "1".

oval:org.secpod.oval:def:20527
The apache2 server's ServerTokens value should be set appropriately

oval:org.secpod.oval:def:20524
Change the default policy to DROP (from ACCEPT) for the INPUT built-in chain (/etc/sysconfig/ip6tables).

oval:org.secpod.oval:def:20525
Avahi should be configured to accept packets with a TTL field not equal to 255 or not as appropriate.

oval:org.secpod.oval:def:20522
Avahi should be configured to allow other stacks from binding to port 5353 or not as appropriate.

oval:org.secpod.oval:def:20523
The /etc/httpd/conf/* files should have the appropriate permissions.

oval:org.secpod.oval:def:20520
Configure the system to notify users of last logon/access using pam_lastlog.

oval:org.secpod.oval:def:20521
Avahi publishing of IP addresses should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:20528
The pcscd service should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:20529
The HTTPD Proxy Module Support should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:20530
The maximum number of concurrent login sessions per user should meet minimum requirements.

oval:org.secpod.oval:def:20191
Idle activation of the screen lock should be enabled.

oval:org.secpod.oval:def:20192
The kernel module rds should be disabled.

oval:org.secpod.oval:def:20190
System logs are stored in the /var/log directory. Ensure that it has its own partition or logical volume.

oval:org.secpod.oval:def:20199
The SSH ClientAliveCountMax should be set to an appropriate value (and dependencies are met)

oval:org.secpod.oval:def:20197
The sshd service should be disabled if possible.

oval:org.secpod.oval:def:20196
Record Events that Modify the System's Discretionary Access Controls - chmod. The changing of file permissions and attributes should be audited.

oval:org.secpod.oval:def:20194
Record attempts to alter time through adjtimex.

oval:org.secpod.oval:def:20200
The password hashing algorithm should be set correctly in /etc/pam.d/system-auth.

oval:org.secpod.oval:def:20289
The rlogin service should be disabled if possible.

oval:org.secpod.oval:def:20290
The kernel runtime parameter "net.ipv4.ip_forward" should be set to "0".

oval:org.secpod.oval:def:20291
This test makes sure that '/etc/passwd' has proper permission. If the target file or directory has an extended ACL then it will fail the mode check.

oval:org.secpod.oval:def:20298
Remote connections (SSH) from accounts with empty passwords should be disabled (and dependencies are met).

oval:org.secpod.oval:def:20299
Logins through the Direct root Logins Not Allowed should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:20296
The SELinux policy should be set appropriately.

oval:org.secpod.oval:def:20297
The kernel runtime parameter "net.ipv4.icmp_echo_ignore_broadcasts" should be set to "1".

oval:org.secpod.oval:def:20294
The RPM package bind should be removed.

oval:org.secpod.oval:def:20295
The named service should be disabled if possible.

oval:org.secpod.oval:def:20292
The rpcidmapd service should be disabled if possible.

oval:org.secpod.oval:def:20293
All files should be owned by a group

oval:org.secpod.oval:def:20238
The network environment should not be modified by anything other than administrator action. Any change to network parameters should be audited.

oval:org.secpod.oval:def:20239
Audit files deletion events.

oval:org.secpod.oval:def:20236
Ensuring that /var is mounted on its own partition enables the setting of more restrictive mount options, which is used as temporary storage by many program, particularly system services such as daemons. It is not uncommon for the /var directory to contain world-writable directories, installed by ot ...

oval:org.secpod.oval:def:20237
Ensure all yum repositories utilize signature checking.

oval:org.secpod.oval:def:20234
The password lcredit should meet minimum requirements using pam_cracklib

oval:org.secpod.oval:def:20235
The screen saver should be blank.

oval:org.secpod.oval:def:20243
The default umask for all users should be set correctly

oval:org.secpod.oval:def:20244
The kernel module jffs2 should be disabled.

oval:org.secpod.oval:def:20241
Audit actions taken by system administrators on the system.

oval:org.secpod.oval:def:20242
Audit rules should detect modification to system files that hold information about users and groups.

oval:org.secpod.oval:def:20240
Audit rules that detect changes to the system's mandatory access controls (SELinux) are enabled.

oval:org.secpod.oval:def:20229
Audit rules should capture information about session initiation.

oval:org.secpod.oval:def:20227
Idle activation of the screen saver should be enabled.

oval:org.secpod.oval:def:20228
The password ucredit should meet minimum requirements using pam_cracklib

oval:org.secpod.oval:def:20225
Audit rules that detect the mounting of filesystems should be enabled.

oval:org.secpod.oval:def:20226
The /var/tmp directory should be bind mounted to /tmp in order to consolidate temporary storage into one location protected by the same techniques as /tmp.

oval:org.secpod.oval:def:20223
Limit the ciphers to those which are FIPS-approved and only use ciphers in counter (CTR) mode.

oval:org.secpod.oval:def:20224
If user home directories will be stored locally, create a separate partition for /home. If /home will be mounted from another system such as an NFS server, then creating a separate partition is not necessary at this time, and the mountpoint can instead be configured later.

oval:org.secpod.oval:def:20232
The password difok should meet minimum requirements using pam_cracklib

oval:org.secpod.oval:def:20233
It can be dangerous to allow the execution of binaries from world-writable temporary storage directories such as /dev/shm. The noexec mount option prevents binaries from being executed out of /dev/shm.

oval:org.secpod.oval:def:20230
The audit rules should be configured to log information about kernel module loading and unloading.

oval:org.secpod.oval:def:20231
Force a reboot to change audit rules is enabled

oval:org.secpod.oval:def:20218
All password hashes should be shadowed.

oval:org.secpod.oval:def:20219
The nosuid mount option should be set for temporary storage partitions such as /dev/shm. The suid/sgid permissions should not be required in these world-writable directories.

oval:org.secpod.oval:def:20216
The kernel module dccp should be disabled.

oval:org.secpod.oval:def:20217
Audit rules about the Information on the Use of Privileged Commands are enabled

oval:org.secpod.oval:def:20214
Audit logs are stored in the /var/log/audit directory. Ensure that it has its own partition or logical volume. Make absolutely certain that it is large enough to store all audit logs that will be created by the auditing daemon.

oval:org.secpod.oval:def:20215
Change the default policy to DROP (from ACCEPT) for the INPUT built-in chain (/etc/sysconfig/iptables).

oval:org.secpod.oval:def:20212
The kernel module sctp should be disabled.

oval:org.secpod.oval:def:20213
The /tmp directory is a world-writable directory used for temporary file storage. Verify that it has its own partition or logical volume.

oval:org.secpod.oval:def:20221
The Red Hat release and auxiliary key packages are required to be installed.

oval:org.secpod.oval:def:20222
The kernel module freevxfs should be disabled.

oval:org.secpod.oval:def:20220
Legitimate character and block devices should not exist within temporary directories like /tmp. The nodev mount option should be specified for /tmp.

oval:org.secpod.oval:def:20207
The kernel module hfsplus should be disabled.

oval:org.secpod.oval:def:20208
The default umask for all users specified in /etc/login.defs

oval:org.secpod.oval:def:20205
The RPM package net-snmp should be removed.

oval:org.secpod.oval:def:20206
The kernel module cramfs should be disabled.

oval:org.secpod.oval:def:20203
Require samba clients which use smb.conf, such as smbclient, to use packet signing. A Samba client should only communicate with servers who can support SMB packet signing.

oval:org.secpod.oval:def:20202
The postfix service should be enabled if possible.

oval:org.secpod.oval:def:20209
The password dcredit should meet minimum requirements using pam_cracklib

oval:org.secpod.oval:def:20210
The squashfs Kernel Module should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:20211
The password ocredit should meet minimum requirements using pam_cracklib

oval:org.secpod.oval:def:20280
The smartd service should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:20287
The rpcgssd service should be disabled if possible.

oval:org.secpod.oval:def:20288
The RPM package rsh-server should be removed.

oval:org.secpod.oval:def:20285
The nodev mount option prevents files from being interpreted as character or block devices. Legitimate character and block devices should exist in the /dev directory on the root partition or within chroot jails built for system services. All other locations should not allow character and block devic ...

oval:org.secpod.oval:def:20283
The /etc/passwd file should be owned by the appropriate group.

oval:org.secpod.oval:def:20284
The RPM package openldap-servers should be removed.

oval:org.secpod.oval:def:20281
The kernel runtime parameter "net.ipv4.conf.all.secure_redirects" should be set to "0".

oval:org.secpod.oval:def:20282
Preventing direct root login to virtual console devices helps ensure accountability for actions taken on the system using the root account.

oval:org.secpod.oval:def:20269
The environment variable PATH should be set correctly for the root user.

oval:org.secpod.oval:def:20268
The /etc/group file should be owned by the appropriate user.

oval:org.secpod.oval:def:20277
The kdump service should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:20274
The number of allowed failed logins should be set correctly.

oval:org.secpod.oval:def:20275
The rhnsd service should be disabled if possible.

oval:org.secpod.oval:def:20272
The RPM package telnet-server should be removed.

oval:org.secpod.oval:def:20273
The telnet service should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:20270
The allowed period of inactivity before the screensaver is activated.

oval:org.secpod.oval:def:20271
The kernel runtime parameter "net.ipv4.conf.default.secure_redirects" should be set to "0".

oval:org.secpod.oval:def:20258
Legitimate character and block devices should not exist within temporary directories like /dev/shm. The nodev mount option should be specified for /dev/shm.

oval:org.secpod.oval:def:20259
Postfix network listening should be disabled

oval:org.secpod.oval:def:20256
The nosuid mount option should be set for temporary storage partitions such as /tmp. The suid/sgid permissions should not be required in these world-writable directories.

oval:org.secpod.oval:def:20257
The kernel module bluetooth should be disabled.

oval:org.secpod.oval:def:20265
The RPM package rsyslog should be installed.

oval:org.secpod.oval:def:20266
The rsyslog service should be enabled if possible.

oval:org.secpod.oval:def:20263
Syslog logs should be sent to a remote loghost

oval:org.secpod.oval:def:20264
rsyslogd should reject remote messages

oval:org.secpod.oval:def:20261
Require packet signing of clients who mount Samba shares using the mount.cifs program (e.g., those who specify shares in /etc/fstab). To do so, ensure that signing options (either sec=krb5i or sec=ntlmv2i) are used.

oval:org.secpod.oval:def:20262
The kernel module hfs should be disabled.

oval:org.secpod.oval:def:20260
Look for argument audit=1 in the kernel line in /etc/grub.conf.

oval:org.secpod.oval:def:20247
Require the use of TLS for ldap clients.

oval:org.secpod.oval:def:20245
The kernel module udf should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:20246
The RPM package vsftpd should be removed.

oval:org.secpod.oval:def:20254
It can be dangerous to allow the execution of binaries from world-writable temporary storage directories such as /tmp. The noexec mount option prevents binaries from being executed out of /tmp.

oval:org.secpod.oval:def:20255
The passwords to remember should be set correctly.

oval:org.secpod.oval:def:20252
The gpgcheck option should be used to ensure that checking of an RPM package's signature always occurs prior to its installation.

oval:org.secpod.oval:def:20253
Audit rules about the Unauthorized Access Attempts to Files (unsuccessful) are enabled

oval:org.secpod.oval:def:20250
Audit rules should be configured to log successful and unsuccessful logon and logout events.

oval:org.secpod.oval:def:20251
The kernel module tipc should be disabled.

oval:org.secpod.oval:def:20317
The RPM package screen should be installed.

oval:org.secpod.oval:def:20318
The RPM package tftp-server should be removed.

oval:org.secpod.oval:def:20315
The Apache qpidd service should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:20316
The /etc/group file should be owned by the appropriate group.

oval:org.secpod.oval:def:20313
Configure the system boot firmware (historically called BIOS on PC systems) to disallow booting from USB drives

oval:org.secpod.oval:def:20311
The dovecot service should be disabled if possible.

oval:org.secpod.oval:def:20312
The RPM package dovecot should be removed.

oval:org.secpod.oval:def:20319
The /etc/shadow file should be owned by the appropriate user.

oval:org.secpod.oval:def:20320
The vsftpd service should be disabled if possible.

oval:org.secpod.oval:def:20321
File permissions for '/boot/grub/grub.conf' should be set appropriate.

oval:org.secpod.oval:def:20306
The messagebus service should be disabled if possible.

oval:org.secpod.oval:def:20304
The snmpd service should be disabled if possible.

oval:org.secpod.oval:def:20305
The grub boot loader should have password protection enabled.

oval:org.secpod.oval:def:20303
The cups service should be disabled if possible.

oval:org.secpod.oval:def:20301
The ypbind service should be disabled if possible.

oval:org.secpod.oval:def:20308
The kernel runtime parameter "net.ipv4.conf.default.rp_filter" should be set to "1".

oval:org.secpod.oval:def:20309
The default umask for users of the bash shell

oval:org.secpod.oval:def:20310
The SSH idle timeout interval should be set to an appropriate value.

oval:org.secpod.oval:def:20359
The logrotate (syslog rotater) service should be enabled.

oval:org.secpod.oval:def:20357
Look for argument "nousb" in the kernel line in /etc/grub.conf

oval:org.secpod.oval:def:20358
The minimum password age policy should be set appropriately.

oval:org.secpod.oval:def:20355
The ip6tables service should be enabled if possible.

oval:org.secpod.oval:def:20356
The kernel runtime parameter "kernel.exec-shield" should be set to "1".

oval:org.secpod.oval:def:20365
DHCP configuration should be static for all interfaces.

oval:org.secpod.oval:def:20362
Enable warning banner for GUI login

oval:org.secpod.oval:def:20363
The iptables service should be enabled if possible.

oval:org.secpod.oval:def:20360
The kernel runtime parameter "net.ipv4.conf.default.accept_redirects" should be set to "0".

oval:org.secpod.oval:def:20361
The kernel module usb-storage should be disabled.

oval:org.secpod.oval:def:20348
The 'grub.conf' file should be owned by appropriate user. By default, this file is located at /boot/grub/grub.conf or, for EFI systems, at /etc/grub.conf.

oval:org.secpod.oval:def:20349
The kernel runtime parameter "kernel.randomize_va_space" should be set to "2".

oval:org.secpod.oval:def:20346
The kernel runtime parameter "net.ipv4.icmp_ignore_bogus_error_responses" should be set to "1".

oval:org.secpod.oval:def:20347
The rsh service should be disabled if possible.

oval:org.secpod.oval:def:20345
This test makes sure that '/etc/shadow' file permission is setted as appropriate. If the target file or directory has an extended ACL then it will fail the mode check.

oval:org.secpod.oval:def:20353
The RPM package xinetd should be removed.

oval:org.secpod.oval:def:20351
The password minimum length should be set appropriately.

oval:org.secpod.oval:def:20352
The kernel runtime parameter "net.ipv4.conf.all.send_redirects" should be set to "0".

oval:org.secpod.oval:def:20350
The kernel runtime parameter "net.ipv4.conf.default.send_redirects" should be set to "0".

oval:org.secpod.oval:def:20339
The maximum password age policy should meet minimum requirements.

oval:org.secpod.oval:def:20337
The kernel runtime parameter "net.ipv4.conf.all.rp_filter" should be set to "1".

oval:org.secpod.oval:def:20338
The Kernel Parameter for Accepting Source-Routed Packets By Default should be enabled or disabled as appropriate. The kernel runtime parameter "net.ipv4.conf.default.accept_source_route" should be set to "0".

oval:org.secpod.oval:def:20335
The autofs service should be disabled if possible.

oval:org.secpod.oval:def:20336
The RPM package squid should be removed.

oval:org.secpod.oval:def:20333
The system login banner text should be set correctly.

oval:org.secpod.oval:def:20334
The /etc/gshadow file should be owned by the appropriate group.

oval:org.secpod.oval:def:20343
The restorecond service should be enabled if possible.

oval:org.secpod.oval:def:20340
The password warning age should be set appropriately.

oval:org.secpod.oval:def:20341
The irqbalance service should be enabled if possible.

oval:org.secpod.oval:def:20328
The SELinux state should be enforcing the local policy.

oval:org.secpod.oval:def:20329
Only the root account should be assigned a user id of 0.

oval:org.secpod.oval:def:20326
The root account is the only system account that should have a login shell.

oval:org.secpod.oval:def:20327
The '/etc/shadow' file should be owned by the appropriate group.

oval:org.secpod.oval:def:20324
File permissions for '/etc/group' should be set correctly.

oval:org.secpod.oval:def:20325
The SELinux in /etc/grub.conf should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:20322
This test makes sure that '/etc/gshadow' is setted appropriate permission. If the target file or directory has an extended ACL then it will fail the mode check.

oval:org.secpod.oval:def:20323
The /etc/passwd file should be owned by the appropriate user.

oval:org.secpod.oval:def:20332
The cpuspeed service should be disabled if possible.

oval:org.secpod.oval:def:20330
The nosuid option should be enabled for all NFS mounts in /etc/fstab.

oval:org.secpod.oval:def:20399
The RPM package httpd should be removed.

oval:org.secpod.oval:def:20389
If inbound SSH access is not needed, the firewall should disallow or reject access to the SSH port (22).

oval:org.secpod.oval:def:20390
The acpid service should be disabled if possible.

oval:org.secpod.oval:def:20397
The dhcpd service should be disabled if possible.

oval:org.secpod.oval:def:20395
The crond service should be enabled if possible.

oval:org.secpod.oval:def:20396
Only SSH protocol version 2 connections should be permitted.

oval:org.secpod.oval:def:20393
Check if SplitHosts line in logwatch.conf is set appropriately.

oval:org.secpod.oval:def:20391
The lockd service should be configured to use a static port or a dynamic portmapper port for UDP as appropriate.

oval:org.secpod.oval:def:20392
The kernel runtime parameter "net.ipv4.conf.all.log_martians" should be set to "1".

oval:org.secpod.oval:def:20379
The kernel runtime parameter "fs.suid_dumpable" should be set to "0".

oval:org.secpod.oval:def:20377
The requirement for a password to boot into single-user mode should be configured correctly.

oval:org.secpod.oval:def:20378
The ability for users to perform interactive startups should be disabled.

oval:org.secpod.oval:def:20386
All wireless interfaces should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:20387
The auditd service should be enabled if possible.

oval:org.secpod.oval:def:20384
The tftp service should be disabled if possible.

oval:org.secpod.oval:def:20385
The nosuid mount option prevents set-user-identifier (suid) and set-group-identifier (sgid) permissions from taking effect. These permissions allow users to execute binaries with the same permissions as the owner and group of the file respectively. Users should not be allowed to introduce suid and g ...

oval:org.secpod.oval:def:20382
The dynamic DNS feature of the DHCP server should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:20383
The kernel runtime parameter "net.ipv4.tcp_syncookies" should be set to "1".

oval:org.secpod.oval:def:20380
The xinetd service should be disabled if possible.

oval:org.secpod.oval:def:20381
Preventing direct root login to serial port interfaces helps ensure accountability for actions taken on the system using the root account.

oval:org.secpod.oval:def:20368
The /etc/gshadow file should be owned by the appropriate user.

oval:org.secpod.oval:def:20369
The kernel runtime parameter "net.ipv4.conf.all.accept_redirects" should be set to "0".

oval:org.secpod.oval:def:20366
Verify which group owns the grub.conf file.

oval:org.secpod.oval:def:20367
The RPM package aide should be installed.

oval:org.secpod.oval:def:20375
The kernel runtime parameter "net.ipv4.conf.all.accept_source_route" should be set to "0".

oval:org.secpod.oval:def:20376
The file /etc/pam.d/system-auth should not contain the nullok option

oval:org.secpod.oval:def:20373
The default umask for users of the csh shell

oval:org.secpod.oval:def:20374
The system's default desktop environment, GNOME, will mount devices and removable media (such as DVDs, CDs and USB flash drives) whenever they are inserted into the system. Disable automount and autorun within GNOME.

oval:org.secpod.oval:def:20371
All files should be owned by a user

oval:org.secpod.oval:def:20372
Core dumps for all users should be disabled

oval:org.secpod.oval:def:20370
The daemon umask should be set as appropriate

oval:org.secpod.oval:def:21524
The host is installed with FreeRDP through 1.0.2 and is prone to an integer overflow vulnerability. A flaw is present in the application, which fails to handle a large ScopeCount value in a Scope List. Successful exploitation could allow attackers to a denial of service (application crash) or possib ...

oval:org.secpod.oval:def:21808
The host is installed with PPP package before 2.4.7 and is prone to an integer overflow vulnerability. A flaw is present in the application, which fails to properly handle a long word in an options file. Successful exploitation allows attackers to "access privileged options".

oval:org.secpod.oval:def:21834
The host is installed with gpgme before 1.5.1 and is prone to multiple heap-based buffer overflow vulnerabilities. The flaws are present in the application, which fails to properly handle vectors related to "different line lengths in a specific order". Successful exploitation allow remote attackers ...

oval:org.secpod.oval:def:501937
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.5.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:501188
The wget package provides the GNU Wget file retrieval utility for HTTP, HTTPS, and FTP protocols. Wget provides various useful features, such as the ability to work in the background while the user is logged out, recursive retrieval of directories, file name wildcard matching or updating files in de ...

oval:org.secpod.oval:def:501196
The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security . It was discovered that GnuTLS did not correctly handle certain errors that could occur during the verification of an X.509 certificate, causing it to incorrectly report a successful ...

oval:org.secpod.oval:def:24741
The host is installed with gnutls in RHEL 6 and is prone to privilege escalation vulnerabilities. The flaws are present in the application, which fails to properly perform date/time check on CA certificates. Successful exploitation could allow attackers to invoke expired certificates.

oval:org.secpod.oval:def:24735
The host is installed with tcpdump in RHEL 5, 6 or 7 and is prone to a buffer overflow vulnerability. A flaw is present in the application, which fails to properly handle a crafted PPP packet. Successful exploitation could allow attackers to execute arbitrary code or crash the service.

oval:org.secpod.oval:def:501942
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.5.0 Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute ar ...

oval:org.secpod.oval:def:501943
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.5.1 ESR. Security Fix: * A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privil ...

oval:org.secpod.oval:def:501151
The GIMP is an image composition and editing program. A stack-based buffer overflow flaw, a heap-based buffer overflow, and an integer overflow flaw were found in the way GIMP loaded certain X Window System image dump files. A remote attacker could provide a specially crafted XWD image file that, ...

oval:org.secpod.oval:def:501944
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.5.1. Security Fix: * A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary ...

oval:org.secpod.oval:def:500888
The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handled resource records with a large RDATA value. A ma ...

oval:org.secpod.oval:def:701263
linux-ec2: Linux kernel for EC2 Several security issues were fixed in the kernel.

oval:org.secpod.oval:def:701259
linux: Linux kernel Several security issues were fixed in the kernel.

oval:org.secpod.oval:def:601014
Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leak or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2012-2121 Benjamin Herrenschmidt and Jason Baron discovered issues ...

oval:org.secpod.oval:def:701232
linux: Linux kernel Several security issues were fixed in the kernel.

oval:org.secpod.oval:def:701231
linux-ti-omap4: Linux kernel for OMAP4 Several security issues were fixed in the kernel.

oval:org.secpod.oval:def:701229
linux-ec2: Linux kernel for EC2 Several security issues were fixed in the kernel.

oval:org.secpod.oval:def:701212
linux-lts-backport-oneiric: Linux kernel backport from Oneiric Several security issues were fixed in the kernel.

oval:org.secpod.oval:def:701205
linux: Linux kernel Several security issues were fixed in the kernel.

oval:org.secpod.oval:def:501184
OpenLDAP is an open source suite of Lightweight Directory Access Protocol applications and development tools. LDAP is a set of protocols used to access and maintain distributed directory information services over an IP network. The openldap package contains configuration files, libraries, and docum ...

oval:org.secpod.oval:def:501946
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.6.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:501949
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.6.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ...

oval:org.secpod.oval:def:501183
Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A flaw was found in the way ...

oval:org.secpod.oval:def:501182
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:501211
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:501210
Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. S ...

oval:org.secpod.oval:def:501429
Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. N ...

oval:org.secpod.oval:def:501460
Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A ...

oval:org.secpod.oval:def:501463
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:24742
The host is installed with kernel in RHEL 6 and is prone to a buffer overflow vulnerability. A flaw is present in the application, which fails to properly decode encrypted filenames. Successful exploitation could allow attackers to crash the service.

oval:org.secpod.oval:def:24755
The host is installed with kernel on RHEL 6 or 7 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to properly handle race condition which leaves the extended attribute(xattr) empty for a short time window. Successful exploitation could allow attacker ...

oval:org.secpod.oval:def:501613
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. A flaw was found in the way httpd handled HTTP Trailer headers when processing requests using chunked encoding. A malicious client could use Trailer headers to set additional HTTP headers after heade ...

oval:org.secpod.oval:def:23220
The host is installed with Oracle Java SE 6u85 and earlier, 7u72 and earlier or 8u25 and earlier and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle unknown vectors related to Hotspot. Successful exploitation could allow attackers to affect confi ...

oval:org.secpod.oval:def:501552
The kernel packages contain the Linux kernel, the core of any Linux operating system. * It was found that the Linux kernel"s Infiniband subsystem did not properly sanitize input parameters while registering memory regions from user space via the verbs API. A local user with access to a /dev/infiniba ...

oval:org.secpod.oval:def:501471
The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the way BIND followed DNS delegations. A remote at ...

oval:org.secpod.oval:def:24748
The host is installed with kernel on RHEL 6 or 7 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle certain segment registers and thread-local storage (TLS) during a context switch. Successful exploitation could allow unprivi ...

oval:org.secpod.oval:def:500823
OpenLDAP is an open source suite of LDAP applications and development tools. A denial of service flaw was found in the way the OpenLDAP server daemon processed certain search queries requesting only attributes and no values. In certain configurations, a remote attacker could issue a specially-craf ...

oval:org.secpod.oval:def:501171
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A flaw was found in the way OpenSSL determined which hashing algorithm to use when TLS protocol version 1.2 was enabled. This coul ...

oval:org.secpod.oval:def:501219
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. It was found that the mod_dav module did not correctly strip leading white space from certain elements in a parsed XML. In certain httpd configurations that use the mod_dav module , a remote attacker ...

oval:org.secpod.oval:def:501339
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. A race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a thread ...

oval:org.secpod.oval:def:501220
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. An information disclosure flaw was found in the way OpenSSL handled TLS and DTLS Heartbeat Extension packets. A malicious TLS or D ...

oval:org.secpod.oval:def:501177
The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the way BIND handled queries for NSEC3-signed zone ...

oval:org.secpod.oval:def:501268
Mozilla Firefox is an open source web browser. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. A use-after-free flaw was ...

oval:org.secpod.oval:def:501270
Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A ...

oval:org.secpod.oval:def:501319
Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. R ...

oval:org.secpod.oval:def:501340
Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. R ...

oval:org.secpod.oval:def:501372
Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. R ...

oval:org.secpod.oval:def:501300
The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security . A flaw was found in the way GnuTLS parsed session IDs from ServerHello messages of the TLS/SSL handshake. A malicious server could use this flaw to send an excessively long session I ...

oval:org.secpod.oval:def:21831
The host is installed with sendmail before 8.14.9 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to properly handle a custom mail-delivery program. Successful exploitation allows local users to access unintended high-numbered file descriptors.

oval:org.secpod.oval:def:501971
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.7.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:501360
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. It was found that several application-provided XML files, such as web.xml, content.xml, *.tld, *.tagx, and *.jspx, resolved external entities, permitting XML External Entity attacks. An attacker able to de ...

oval:org.secpod.oval:def:501434
Wireshark is a network protocol analyzer. It is used to capture and browse the traffic running on a computer network. Multiple flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the ...

oval:org.secpod.oval:def:24759
The host is installed with wireshark in RHEL 5, 6 or 7 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a crafted packet-trace file. Successful exploitation could allow attackers to execute arbitrary code or crash the service.

oval:org.secpod.oval:def:500164
Virtual Network Computing is a remote display system which allows you to view a computer"s desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. It was disc ...

oval:org.secpod.oval:def:501038
stunnel is a socket wrapper which can provide SSL support to ordinary applications. For example, it can be used in conjunction with imapd to create an SSL-secure IMAP server. An integer conversion issue was found in stunnel when using Microsoft NT LAN Manager authentication with the HTTP CONNECT t ...

oval:org.secpod.oval:def:500714
Ghostscript is a set of software that provides a PostScript interpreter, a set of C procedures and an interpreter for Portable Document Format files. An integer overflow flaw was found in Ghostscript"s TrueType bytecode interpreter. An attacker could create a specially-crafted PostScript or PDF fi ...

oval:org.secpod.oval:def:500862
LibreOffice is an open source, community-developed office productivity suite. It includes the key desktop applications, such as a word processor, spreadsheet application, presentation manager, formula editor, and a drawing program. Multiple heap-based buffer overflow flaws were found in the way Libr ...

oval:org.secpod.oval:def:501972
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.7.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ...

oval:org.secpod.oval:def:701292
linux-ti-omap4: Linux kernel for OMAP4 Several security issues were fixed in the kernel.

oval:org.secpod.oval:def:701293
linux: Linux kernel Several security issues were fixed in the kernel.

oval:org.secpod.oval:def:701272
linux-ti-omap4: Linux kernel for OMAP4 Several security issues were fixed in the kernel.

oval:org.secpod.oval:def:701271
linux: Linux kernel Several security issues were fixed in the kernel.

oval:org.secpod.oval:def:500842
The libtiff packages contain a library of functions for manipulating Tagged Image File Format files. libtiff did not properly convert between signed and unsigned integer values, leading to a buffer overflow. An attacker could use this flaw to create a specially-crafted TIFF file that, when opened, ...

oval:org.secpod.oval:def:500061
The libtiff packages contain a library of functions for manipulating Tagged Image File Format files. A heap-based buffer overflow flaw was found in the way libtiff processed certain TIFF Internet Fax image files, compressed with the CCITT Group 4 compression algorithm. An attacker could use this fl ...

oval:org.secpod.oval:def:24750
The host is installed with libtiff on RHEL 5, 6 or 7 and is prone to an out-of-bounds read vulnerability. A flaw is present in the application, which fails to properly handle crafted data. Successful exploitation could allow attackers to crash the service.

oval:org.secpod.oval:def:24751
The host is installed with libtiff on RHEL 5, 6 or 7 and is prone to multiple out-of-bounds read vulnerabilities. The flaws are present in the application, which fails to properly handle crafted data. Successful exploitation could allow attackers to crash the service.

oval:org.secpod.oval:def:24753
The host is installed with libtiff in RHEL 5, 6 or 7 and is prone to a divide by zero vulnerability. A flaw is present in the application, which fails to properly handle crafted data. Successful exploitation could allow attackers to execute arbitrary code or crash the service.

oval:org.secpod.oval:def:501716
The Jakarta/Apache Commons Collections library provides new interfaces, implementations, and utilities to extend the features of the Java Collections Framework. It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially construc ...

oval:org.secpod.oval:def:501791
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. It was found that the expression language resolver evaluated expressions within a privileged code section. A malicious web application could use this flaw to bypass security manager protections. This updat ...

oval:org.secpod.oval:def:1600256
The tomcat5, tomcat6, and tomcat7 init scripts, as used in the RPM distribution of Tomcat for JBoss Enterprise Web Server 1.0.2 and 2.0.0, and Red Hat Enterprise Linux 5 and 6, allow local users to change the ownership of arbitrary files via a symlink attack on tomcat5-initd.log, tomcat6-initd. ...

oval:org.secpod.oval:def:501072
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. A session fixation flaw was found in the Tomcat FormAuthenticator module. During a narrow window of time, if a remote attacker sent requests while a user was logging in, it could possibly result in the atta ...

oval:org.secpod.oval:def:501175
Augeas is a utility for editing configuration. Augeas parses configuration files in their native formats and transforms them into a tree. Configuration changes are made by manipulating this tree and saving it back into native configuration files. Augeas also uses "lenses" as basic building ...

oval:org.secpod.oval:def:1500297
Updated augeas packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System base score, which gives a ...

oval:org.secpod.oval:def:1600252
Multiple flaws were found in the way Augeas handled configuration files when updating them. An application using Augeas to update configuration files in a directory that is writable to by a different user could have been tricked into overwriting arbitrary files or leaking information via a symbolic ...

oval:org.secpod.oval:def:501141
Augeas is a utility for editing configuration. Augeas parses configuration files in their native formats and transforms them into a tree. Configuration changes are made by manipulating this tree and saving it back into native configuration files. Augeas also uses "lenses" as basic building ...

oval:org.secpod.oval:def:501617
The autofs utility controls the operation of the automount daemon. The daemon automatically mounts file systems when in use and unmounts them when they are not busy. It was found that program-based automounter maps that used interpreted languages such as Python would use standard environment variabl ...

oval:org.secpod.oval:def:500213
The libcgroup packages provide tools and libraries to control and monitor control groups. A heap-based buffer overflow flaw was found in the way libcgroup converted a list of user-provided controllers for a particular task into an array of strings. A local attacker could use this flaw to escalate th ...

oval:org.secpod.oval:def:501129
gc is a Boehm-Demers-Weiser conservative garbage collector for C and C++. It was discovered that gc"s implementation of the malloc and calloc routines did not properly perform parameter sanitization when allocating memory. If an application using gc did not implement application-level validity check ...

oval:org.secpod.oval:def:501030
The boost packages provide free, peer-reviewed, portable C++ source libraries with emphasis on libraries which work well with the C++ Standard Library. A flaw was found in the way the ordered_malloc routine in Boost sanitized the "next_size" and "max_size" parameters when allocating memory. If an ap ...

oval:org.secpod.oval:def:500451
bzip2 is a freely available, high-quality data compressor. It provides both standalone compression and decompression utilities, as well as a shared library for use with other programs. An integer overflow flaw was discovered in the bzip2 decompression routine. This issue could, when decompressing ma ...

oval:org.secpod.oval:def:501146
BusyBox provides a single binary that includes versions of a large number of system commands, including a shell. This can be very useful for recovering from certain types of system failures, particularly those involving broken shared libraries. It was found that the mdev BusyBox utility could create ...

oval:org.secpod.oval:def:501166
This package contains the set of CA certificates chosen by the Mozilla Foundation for use with the Internet Public Key Infrastructure . It was found that a subordinate Certificate Authority mis-issued an intermediate certificate, which could be used to conduct man-in-the-middle attacks. This update ...

oval:org.secpod.oval:def:500283
This package contains the set of CA certificates chosen by the Mozilla Foundation for use with the Internet Public Key Infrastructure . It was found that a Certificate Authority issued fraudulent HTTPS certificates. This update removes that CA"s root certificate from the ca-certificates package, re ...

oval:org.secpod.oval:def:501133
The coreutils package contains the core GNU utilities. It is a combination of the old GNU fileutils, sh-utils, and textutils packages. It was discovered that the sort, uniq, and join utilities did not properly restrict the use of the alloca function. An attacker could use this flaw to crash those ut ...

oval:org.secpod.oval:def:21003
The host is installed with Common Unix Printing System (CUPS) before 1.7.2 and is prone to a cross site scripting vulnerability. A flaw is present in the application, which fails to handle a crafted URL patch. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:501421
CUPS provides a portable printing layer for Linux, UNIX, and similar operating systems. A cross-site scripting flaw was found in the CUPS web interface. An attacker could use this flaw to perform a cross-site scripting attack against users of the CUPS web interface. It was discovered that CUPS all ...

oval:org.secpod.oval:def:500247
The Common UNIX Printing System provides a portable printing layer for UNIX operating systems. A heap-based buffer overflow flaw was found in the Lempel-Ziv-Welch decompression algorithm implementation used by the CUPS GIF image format reader. An attacker could create a malicious GIF image file th ...

oval:org.secpod.oval:def:500886
The libexif packages provide an Exchangeable image file format library. Exif allows metadata to be added to and read from certain types of image files. Multiple flaws were found in the way libexif processed Exif tags. An attacker could create a specially-crafted image file that, when opened in an a ...

oval:org.secpod.oval:def:500820
The cifs-utils package contains tools for mounting and managing shares on Linux using the SMB/CIFS protocol. The CIFS shares can be used as standard Linux file systems. A file existence disclosure flaw was found in mount.cifs. If the tool was installed with the setuid bit set, a local attacker could ...

oval:org.secpod.oval:def:21830
The host is installed with qt, qt3 or qt4 before 5.3 and is prone to a denial of service vulnerability. A flaw is present in the applications, which fail to properly handle invalid width and height values in a GIF image. Successful exploitation allows remote attackers to cause a denial of service (N ...

oval:org.secpod.oval:def:20973
The host is installed with qt 4.6.3 or earlier and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle a malformed request. Successful exploitation could allow attackers to crash the service.

oval:org.secpod.oval:def:501029
Qt is a software toolkit that simplifies the task of writing and maintaining GUI applications for the X Window System. It was discovered that the QSharedMemory class implementation of the Qt toolkit created shared memory segments with insecure permissions. A local attacker could use this flaw to re ...

oval:org.secpod.oval:def:501327
Dovecot is an IMAP server, written with security primarily in mind, for Linux and other UNIX-like systems. It also contains a small POP3 server. It supports mail in both the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. It was discovered that Doveco ...

oval:org.secpod.oval:def:500092
Dovecot is an IMAP server for Linux, UNIX, and similar operating systems, primarily written with security in mind. A flaw was found in the way Dovecot handled SIGCHLD signals. If a large amount of IMAP or POP3 session disconnects caused the Dovecot master process to receive these signals rapidly, it ...

oval:org.secpod.oval:def:500120
eCryptfs is a stacked, cryptographic file system. It is transparent to the underlying file system and provides per-file granularity. eCryptfs is released as a Technology Preview for Red Hat Enterprise Linux 5 and 6. The setuid mount.ecryptfs_private utility allows users to mount an eCryptfs file sys ...

oval:org.secpod.oval:def:501206
The 389 Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. It was discovered that the 389 Directory Server did not properly handle certain SASL-based authentication mechanis ...

oval:org.secpod.oval:def:500832
The 389 Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. A flaw was found in the way the 389 Directory Server daemon handled access control instructions using certificat ...

oval:org.secpod.oval:def:501361
The 389 Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. It was found that when replication was enabled for each attribute in 389 Directory Server, which is the default co ...

oval:org.secpod.oval:def:500980
The 389-ds-base packages provide 389 Directory Server, which is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. A flaw was found in the way 389 Directory Server enforced ACLs after performin ...

oval:org.secpod.oval:def:106121
389 Directory Server is an LDAPv3 compliant server. The base package includes the LDAP server and command line utilities for server administration.

oval:org.secpod.oval:def:501020
The 389 Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. A flaw was found in the way LDAPv3 control data was handled by 389 Directory Server. If a malicious user were able ...

oval:org.secpod.oval:def:1600262
It was discovered that the 389 Directory Server did not properly handle certain Get Effective Rights search queries when the attribute list, which is a part of the query, included several names using the "@" character. An attacker able to submit search queries to the 389 Directory Server could caus ...

oval:org.secpod.oval:def:106550
389 Directory Server is an LDAPv3 compliant server. The base package includes the LDAP server and command line utilities for server administration.

oval:org.secpod.oval:def:501080
The 389 Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. It was discovered that the 389 Directory Server did not honor defined attribute access controls when evaluating se ...

oval:org.secpod.oval:def:501094
The 389 Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. It was discovered that the 389 Directory Server did not properly handle the receipt of certain MOD operations with ...

oval:org.secpod.oval:def:501040
The 389 Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. It was found that the 389 Directory Server did not properly restrict access to entries when the "nsslapd-allo ...

oval:org.secpod.oval:def:1500313
Updated 389-ds-base packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is avail ...

oval:org.secpod.oval:def:501508
The 389 Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. An information disclosure flaw was found in the way the 389 Directory Server stored information in the Changelog t ...

oval:org.secpod.oval:def:501142
The 389 Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. It was discovered that the 389 Directory Server did not properly handle certain Get Effective Rights search queri ...

oval:org.secpod.oval:def:501116
The libtar package contains a C library for manipulating tar archives. The library supports both the strict POSIX tar format and many of the commonly used GNU extensions. Two heap-based buffer overflow flaws were found in the way libtar handled certain archives. If a user were tricked into expanding ...

oval:org.secpod.oval:def:501186
Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. A heap-based buffer overflow flaw was found in the way Pidgin processed certain HTTP responses. A malicious server could send a specially crafted HTTP response, causing ...

oval:org.secpod.oval:def:21813
The host is installed with D-Bus 1.2.x through 1.4.x, 1.6.x before 1.6.20 or 1.8.x before 1.8.4 and is prone to a denial of service vulnerability. A flaw is present in the application, which sends an accessdenied error to the service instead of a client when the client is prohibited from accessing t ...

oval:org.secpod.oval:def:500892
D-Bus is a system for sending messages between applications. It is used for the system-wide message bus service and as a per-user-login-session messaging facility. It was discovered that the D-Bus library honored environment settings even when running with elevated privileges. A local attacker could ...

oval:org.secpod.oval:def:500214
D-Bus is a system for sending messages between applications. It is used for the system-wide message bus service and as a per-user-login-session messaging facility. A denial of service flaw was discovered in the system for sending messages between applications. A local user could send a message with ...

oval:org.secpod.oval:def:500030
NetworkManager is a network link manager that attempts to keep a wired or wireless network connection active at all times. The ifcfg-rh NetworkManager plug-in is used in Red Hat Enterprise Linux distributions to read and write configuration information from the /etc/sysconfig/network-scripts/ifcfg-* ...

oval:org.secpod.oval:def:500128
NetworkManager is a network link manager that attempts to keep a wired or wireless network connection active at all times. It was found that NetworkManager did not properly enforce PolicyKit settings controlling the permissions to configure wireless network sharing. A local, unprivileged user could ...

oval:org.secpod.oval:def:500427
Poppler is a Portable Document Format rendering library, used by applications such as Evince. Two uninitialized pointer use flaws were discovered in poppler. An attacker could create a malicious PDF file that, when opened, would cause applications that use poppler to crash or, potentially, execute ...

oval:org.secpod.oval:def:501204
The udisks package provides a daemon, a D-Bus API, and command line utilities for managing disks and storage devices. A stack-based buffer overflow flaw was found in the way udisks handled files with long path names. A malicious, local user could use this flaw to create a specially crafted directory ...

oval:org.secpod.oval:def:501619
FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service server, designed to allow centralized authentication and authorization for a network. A stack-based buffer overflow was found in the way the FreeRADIUS rlm_pap module handled long password hashe ...

oval:org.secpod.oval:def:500782
FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. Multiple flaws were found in the way FreeType handled TrueType Font , Glyph Bitmap Distribution Format , Windows .fnt and .fon, and PostScript ...

oval:org.secpod.oval:def:500041
FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. These packages provide the FreeType 2 font engine. A flaw was found in the way the FreeType font rendering engine processed certain PostScript ...

oval:org.secpod.oval:def:500490
FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. The freetype packages for Red Hat Enterprise Linux 4 provide both the FreeType 1 and FreeType 2 font engines. The freetype packages for Red Hat ...

oval:org.secpod.oval:def:500962
FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. A flaw was found in the way the FreeType font rendering engine processed certain Glyph Bitmap Distribution Format fonts. If a user loaded a sp ...

oval:org.secpod.oval:def:500174
FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. The freetype packages for Red Hat Enterprise Linux 4 provide both the FreeType 1 and FreeType 2 font engines. The freetype packages for Red Hat ...

oval:org.secpod.oval:def:500289
FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. These packages provide the FreeType 2 font engine. It was found that the FreeType font rendering engine improperly validated certain position v ...

oval:org.secpod.oval:def:500990
The GNU Debugger allows debugging of programs written in C, C++, Java, and other languages by executing them in a controlled fashion and then printing out their data. GDB tried to auto-load certain files from the current working directory when debugging programs. This could result in the execution ...

oval:org.secpod.oval:def:500034
The logrotate utility simplifies the administration of multiple log files, allowing the automatic rotation, compression, removal, and mailing of log files. A shell command injection flaw was found in the way logrotate handled the shred directive. A specially-crafted log file could cause logrotate to ...

oval:org.secpod.oval:def:500354
Git is a fast, scalable, distributed revision control system. A cross-site scripting flaw was found in gitweb, a simple web interface for Git repositories. A remote attacker could perform an XSS attack against victims by tricking them into visiting a specially-crafted gitweb URL. All gitweb users ...

oval:org.secpod.oval:def:500737
The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. An integer overflow flaw, leading to a heap-based buffer overflow, ...

oval:org.secpod.oval:def:500763
The glibc packages provide the standard C and standard math libraries used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. An integer overflow flaw was found in the implementation of the printf functions family. This could allow an attacker to ...

oval:org.secpod.oval:def:500442
The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. It was discovered that the glibc dynamic linker/loader did not han ...

oval:org.secpod.oval:def:501369
The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. An off-by-one heap-based buffer overflow flaw was found in glibc"s ...

oval:org.secpod.oval:def:500078
The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. A flaw was found in the way the ldd utility identified dynamically ...

oval:org.secpod.oval:def:1500188
Updated mesa packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are availabl ...

oval:org.secpod.oval:def:501066
Mesa provides a 3D graphics API that is compatible with Open Graphics Library . It also provides hardware-accelerated drivers for many popular graphics chips. An out-of-bounds access flaw was found in Mesa. If an application using Mesa exposed the Mesa API to untrusted inputs , an attacker could cau ...

oval:org.secpod.oval:def:202895
Mesa provides a 3D graphics API that is compatible with Open Graphics Library . It also provides hardware-accelerated drivers for many popular graphics chips. An out-of-bounds access flaw was found in Mesa. If an application using Mesa exposed the Mesa API to untrusted inputs , an attacker could cau ...

oval:org.secpod.oval:def:501137
Evolution is the integrated collection of email, calendaring, contact management, communications, and personal information management tools for the GNOME desktop environment. A flaw was found in the way Evolution selected GnuPG public keys when encrypting emails. This could result in emails being e ...

oval:org.secpod.oval:def:501179
The librsvg2 packages provide an SVG library based on libart. An XML External Entity expansion flaw was found in the way librsvg2 processed SVG files. If a user were to open a malicious SVG file, a remote attacker could possibly obtain a copy of the local resources that the user had access to. All ...

oval:org.secpod.oval:def:500059
The librsvg2 packages provide an SVG library based on libart. A flaw was found in the way librsvg2 parsed certain SVG files. An attacker could create a specially-crafted SVG file that, when opened, would cause applications that use librsvg2 to crash or, potentially, execute arbitrary code. Red Ha ...

oval:org.secpod.oval:def:500982
Automake is a tool for automatically generating Makefile.in files compliant with the GNU Coding Standards. It was found that the distcheck rule in Automake-generated Makefiles made a directory world-writable when preparing source archives. If a malicious, local user could access this directory, they ...

oval:org.secpod.oval:def:500770
libtasn1 is a library developed for ASN.1 structures management that includes DER encoding and decoding. A flaw was found in the way libtasn1 decoded DER data. An attacker could create carefully-crafted DER encoded input that, when parsed by an application that uses libtasn1 , could cause the app ...

oval:org.secpod.oval:def:501302
The libtasn1 library provides Abstract Syntax Notation One parsing and structures management, and Distinguished Encoding Rules encoding and decoding functions. It was discovered that the asn1_get_bit_der function of the libtasn1 library incorrectly reported the length of ASN.1-encoded data. Specia ...

oval:org.secpod.oval:def:501313
The libtasn1 library provides Abstract Syntax Notation One parsing and structures management, and Distinguished Encoding Rules encoding and decoding functions. It was discovered that the asn1_get_bit_der function of the libtasn1 library incorrectly reported the length of ASN.1-encoded data. Specia ...

oval:org.secpod.oval:def:21826
The host is installed with GnuPG 1.x before 1.4.17 and 2.x before 2.0.24 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle malformed compressed packets, as demonstrated by an a3 01 5b ff byte sequence. Successful exploitation allo ...

oval:org.secpod.oval:def:501298
cURL provides the libcurl library and a command line tool for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. It was found that libcurl could incorrectly reuse existing connections for requests that should have used different or no authentication credentials, w ...

oval:org.secpod.oval:def:500171
cURL provides the libcurl library and a command line tool for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. It was found that cURL always performed credential delegation when authenticating with GSSAPI. A rogue server could use this flaw to obtain the client" ...

oval:org.secpod.oval:def:501049
cURL provides the libcurl library and a command line tool for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. A flaw was found in the way libcurl matched domains associated with cookies. This could lead to cURL or an application linked against libcurl sending t ...

oval:org.secpod.oval:def:501076
cURL provides the libcurl library and a command line tool for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. A heap-based buffer overflow flaw was found in the way libcurl unescaped URLs. A remote attacker could provide a specially-crafted URL that, when proce ...

oval:org.secpod.oval:def:500865
The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. A denial of service flaw was found in the way the dhcpd daemon handled zero-leng ...

oval:org.secpod.oval:def:500989
The dhcp packages provide the Dynamic Host Configuration Protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. A flaw was found in the way the dhcpd daemon handled the expiration ...

oval:org.secpod.oval:def:500071
The kdelibs packages provide libraries for the K Desktop Environment . An input sanitization flaw was found in the KSSL API. An attacker could supply a specially-crafted SSL certificate to an application using KSSL, such as the Konqueror web browser, causing misleading information to be presented ...

oval:org.secpod.oval:def:500917
The kdelibs packages provide libraries for the K Desktop Environment . Konqueror is a web browser. A heap-based buffer overflow flaw was found in the way the CSS parser in kdelibs parsed the location of the source for font faces. A web page containing malicious content could cause an application us ...

oval:org.secpod.oval:def:500918
The kdelibs packages provide libraries for the K Desktop Environment . Konqueror is a web browser. A heap-based buffer overflow flaw was found in the way the CSS parser in kdelibs parsed the location of the source for font faces. A web page containing malicious content could cause an application us ...

oval:org.secpod.oval:def:500193
The kdelibs and kdelibs3 packages provide libraries for the K Desktop Environment . An input sanitization flaw was found in the KSSL API. An attacker could supply a specially-crafted SSL certificate to an application using KSSL, such as the Konqueror web browser, causing misleading information to ...

oval:org.secpod.oval:def:500988
The util-linux-ng packages contain a large variety of low-level system utilities that are necessary for a Linux operating system to function. An information disclosure flaw was found in the way the mount command reported errors. A local attacker could use this flaw to determine the existence of file ...

oval:org.secpod.oval:def:21824
The host is installed with qemu-kvm before 2.1.2 and is prone to a denial of service vulnerability. A flaw is present in the application, which triggers access of an uninitialized socket. Successful exploitation allows local users to cause a denial of service (NULL pointer dereference) by sending a ...

oval:org.secpod.oval:def:501322
KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. Multiple buffer overflow, input validation, and out-of-bounds write flaws were found in the way the virtio, virtio-net, virti ...

oval:org.secpod.oval:def:500123
KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space component for running virtual machines using KVM. It was found that the virtio subsystem in qemu-kvm did not properly validate virtqueue in and out requests from the guest. A privileged guest u ...

oval:org.secpod.oval:def:500269
KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space component for running virtual machines using KVM. A flaw was found in the way qemu-kvm handled VSC_ATR messages when a guest was configured for a CCID USB smart card reader in passthrough mode ...

oval:org.secpod.oval:def:501364
KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. Two integer overflow flaws were found in the QEMU block driver for QCOW version 1 disk images. A user able to alter the QEMU ...

oval:org.secpod.oval:def:501016
KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space component for running virtual machines using KVM. A flaw was found in the way QEMU-KVM emulated the e1000 network interface card when the host was configured to accept jumbo network frames, and ...

oval:org.secpod.oval:def:501077
KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space component for running virtual machines using KVM. An unquoted search path flaw was found in the way the QEMU Guest Agent service installation was performed on Windows. Depending on the permissi ...

oval:org.secpod.oval:def:501135
KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems that is built into the standard Red Hat Enterprise Linux kernel. The qemu-kvm packages form the user-space component for running virtual machines using KVM. A buffer overflow flaw was found ...

oval:org.secpod.oval:def:501111
RealtimeKit is a D-Bus system service that changes the scheduling policy of user processes/threads to SCHED_RR on request. It is intended to be used as a secure mechanism to allow real-time scheduling to be used by normal user processes. It was found that RealtimeKit communicated with PolicyKit for ...

oval:org.secpod.oval:def:500025
The libarchive programming library can create and read several different streaming archive formats, including GNU tar and cpio. It can also read ISO 9660 CD-ROM images. Two heap-based buffer overflow flaws were discovered in libarchive. If a user were tricked into expanding a specially-crafted ISO 9 ...

oval:org.secpod.oval:def:500246
The libcap packages provide a library and tools for getting and setting POSIX capabilities. It was found that capsh did not change into the new root when using the "--chroot" option. An application started via the "capsh --chroot" command could use this flaw to escape the chroot ...

oval:org.secpod.oval:def:21801
The host is installed with libgcrypt before 1.5.4 and is prone to an unspecified vulnerability. A flaw is present in the application, which does not properly perform ciphertext normalization and ciphertext randomizations. Successful exploitation makes it easier for physically proximate attackers to ...

oval:org.secpod.oval:def:501122
The libgcrypt library provides general-purpose implementations of various cryptographic algorithms. It was found that GnuPG was vulnerable to the Yarom/Falkner flush+reload cache side-channel attack on the RSA secret exponent. An attacker able to execute a process on the logical CPU that shared the ...

oval:org.secpod.oval:def:24744
The host is installed with libgcrypt in RHEL 5,6 or 7 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to gain sensitive information.

oval:org.secpod.oval:def:500119
libguestfs is a library for accessing and modifying guest disk images. libguestfs relied on the format auto-detection in QEMU rather than allowing the guest image file format to be specified. A privileged guest user could potentially use this flaw to read arbitrary files on the host that were access ...

oval:org.secpod.oval:def:501144
Libguestfs is a library and set of tools for accessing and modifying guest disk images. It was found that guestfish, which enables shell scripting and command line access to libguestfs, insecurely created the temporary directory used to store the network socket when started in server mode. A local a ...

oval:org.secpod.oval:def:500923
libproxy is a library that handles all the details of proxy configuration. A buffer overflow flaw was found in the way libproxy handled the downloading of proxy auto-configuration files. A malicious server hosting a PAC file or a man-in-the-middle attacker could use this flaw to cause an applicatio ...

oval:org.secpod.oval:def:500007
libsoup is an HTTP client/library implementation for GNOME. A directory traversal flaw was found in libsoup"s SoupServer. If an application used SoupServer to implement an HTTP service, a remote attacker who is able to connect to that service could use this flaw to access any local files accessible ...

oval:org.secpod.oval:def:500706
The libxml2 library is a development toolbox providing the implementation of various XML standards. It was found that the hashing routine used by libxml2 arrays was susceptible to predictable hash collisions. Sending a specially-crafted message to an XML service could result in longer processing tim ...

oval:org.secpod.oval:def:500897
The libxml2 library is a development toolbox providing the implementation of various XML standards. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the way libxml2 handled documents that enable entity expansion. A remote attacker could provide a large, speciall ...

oval:org.secpod.oval:def:501415
The libxml2 library is a development toolbox providing the implementation of various XML standards. A denial of service flaw was found in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML file that, when process ...

oval:org.secpod.oval:def:501005
The libxml2 library is a development toolbox providing the implementation of various XML standards. A denial of service flaw was found in the way libxml2 performed string substitutions when entity values for entity references replacement was enabled. A remote attacker could provide a specially-craft ...

oval:org.secpod.oval:def:500242
Logwatch is a customizable log analysis system. Logwatch parses through your system"s logs for a given period of time and creates a report analyzing areas that you specify, in as much detail as you require. A flaw was found in the way Logwatch processed log files. If an attacker were able to create ...

oval:org.secpod.oval:def:500801
The dynamic LDAP back end is a plug-in for BIND that provides back-end capabilities to LDAP databases. It features support for dynamic updates and internal caching that help to reduce the load on LDAP servers. A flaw was found in the way bind-dyndb-ldap handled LDAP query errors. If a remote attacke ...

oval:org.secpod.oval:def:500166
virt-v2v is a tool for converting and importing virtual machines to libvirt-managed KVM , or Red Hat Enterprise Virtualization. Using virt-v2v to convert a guest that has a password-protected VNC console to a KVM guest removed that password protection from the converted guest: after conversion, a pa ...

oval:org.secpod.oval:def:500160
The libsndfile packages provide a library for reading and writing sound files. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the libsndfile library processed certain Ensoniq PARIS Audio Format audio files. An attacker could create a specially-crafted PAF fi ...

oval:org.secpod.oval:def:601050
It was discovered that applications using the mesa library, a free implementation of the OpenGL API, may crash or execute arbitrary code due to an out of bounds memory access in the library. This vulnerability only affects systems with Intel chipsets. The oldstable distribution is not affected by t ...

oval:org.secpod.oval:def:1600207
An out-of-bounds access flaw was found in Mesa. If an application using Mesa exposed the Mesa API to untrusted inputs , an attacker could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. It was found that Mesa did not cor ...

oval:org.secpod.oval:def:500858
Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center . An uninitialized pointer use flaw was found in the way the MIT Kerberos KDC handled initial authentication re ...

oval:org.secpod.oval:def:500411
Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third party, the Key Distribution Center . An uninitialized pointer use flaw was found in the way the MIT Kerberos KDC handled TGS request messages. A ...

oval:org.secpod.oval:def:500043
Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center . Multiple NULL pointer dereference and assertion failure flaws were found in the MIT Kerberos KDC when it was ...

oval:org.secpod.oval:def:501027
Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center . When a client attempts to use PKINIT to obtain credentials from the KDC, the client can specify, using an iss ...

oval:org.secpod.oval:def:500144
Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center . An invalid free flaw was found in the password-changing capability of the MIT Kerberos administration daemon, ...

oval:org.secpod.oval:def:501042
Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center . A NULL pointer dereference flaw was found in the way the MIT Kerberos KDC processed certain TGS requests. A ...

oval:org.secpod.oval:def:501069
Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center . It was found that kadmind"s kpasswd service did not perform any validation on incoming network packets, causi ...

oval:org.secpod.oval:def:501553
Kerberos is a networked authentication system which allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos KDC. The following security issues are fixed with this release: A use-after-free flaw was found in the way the MIT Kerberos libgssapi_krb5 ...

oval:org.secpod.oval:def:501446
mod_auth_mellon provides a SAML 2.0 authentication module for the Apache HTTP Server. An information disclosure flaw was found in mod_auth_mellon"s session handling that could lead to sessions overlapping in memory. A remote attacker could potentially use this flaw to obtain data from another user"s ...

oval:org.secpod.oval:def:1500298
An updated mod_nss package that fixes one security issue is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is a ...

oval:org.secpod.oval:def:202976
The mod_nss module provides strong cryptography for the Apache HTTP Server via the Secure Sockets Layer and Transport Layer Security protocols, using the Network Security Services security library. A flaw was found in the way mod_nss handled the NSSVerifyClient setting for the per-directory conte ...

oval:org.secpod.oval:def:202979
The mod_nss module provides strong cryptography for the Apache HTTP Server via the Secure Sockets Layer and Transport Layer Security protocols, using the Network Security Services security library. A flaw was found in the way mod_nss handled the NSSVerifyClient setting for the per-directory conte ...

oval:org.secpod.oval:def:106158
The mod_nss module provides strong cryptography for the Apache Web server via the Secure Sockets Layer and Transport Layer Security protocols using the Network Security Services security library.

oval:org.secpod.oval:def:501149
The mod_nss module provides strong cryptography for the Apache HTTP Server via the Secure Sockets Layer and Transport Layer Security protocols, using the Network Security Services security library. A flaw was found in the way mod_nss handled the NSSVerifyClient setting for the per-directory conte ...

oval:org.secpod.oval:def:501402
The mod_wsgi adapter is an Apache module that provides a WSGI-compliant interface for hosting Python-based web applications within Apache. It was found that mod_wsgi did not properly drop privileges if the call to setuid failed. If mod_wsgi was set up to allow unprivileged users to run WSGI applicat ...

oval:org.secpod.oval:def:500984
PC/SC Lite provides a Windows SCard compatible interface for communicating with smart cards, smart card readers, and other security tokens. A stack-based buffer overflow flaw was found in the way pcsc-lite decoded certain attribute values of Answer-to-Reset messages. A local attacker could use this ...

oval:org.secpod.oval:def:501200
Mutt is a text-mode mail user agent. A heap-based buffer overflow flaw was found in the way mutt processed certain email headers. A remote attacker could use this flaw to send an email with specially crafted headers that, when processed, could cause mutt to crash or, potentially, execute arbitrary c ...

oval:org.secpod.oval:def:501623
The net-snmp packages provide various libraries and tools for the Simple Network Management Protocol , including an SNMP library, an extensible agent, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command which us ...

oval:org.secpod.oval:def:501213
The net-snmp packages provide various libraries and tools for the Simple Network Management Protocol , including an SNMP library, an extensible agent, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command which us ...

oval:org.secpod.oval:def:21800
The host is installed with net-snmp 5.7.0 and earlier and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle a crafted SNMP trap message. Successful exploitation allows remote attackers to cause a denial of service.

oval:org.secpod.oval:def:500089
The nfs-utils packages provide a daemon for the kernel Network File System server, and related tools such as the mount.nfs, umount.nfs, and showmount programs. A flaw was found in the way nfs-utils performed IP based authentication of mount requests. In configurations where a directory was exported ...

oval:org.secpod.oval:def:24736
The host is installed with libevent in RHEL 6 or 7 and is prone to a heap based buffer overflow vulnerability. A flaw is present in the application, which fails to properly handle an excessively long input. Successful exploitation could allow attackers to crash the service.

oval:org.secpod.oval:def:500924
nspluginwrapper is a utility which allows 32-bit plug-ins to run in a 64-bit browser environment . It includes the plug-in viewer and a tool for managing plug-in installations and updates. It was not possible for plug-ins wrapped by nspluginwrapper to discover whether the browser was running in Priv ...

oval:org.secpod.oval:def:501169
Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. It was found that a subordinate Certificate Authority mis-issued an intermediate certificate, which could be used to conduct man-in-the-middle atta ...

oval:org.secpod.oval:def:500032
Network Security Services is a set of libraries designed to support the development of security-enabled client and server applications. This erratum blacklists a small number of HTTPS certificates by adding them, flagged as untrusted, to the NSS Builtin Object Token certificate store. Note: This ...

oval:org.secpod.oval:def:500167
Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. It was found that a Certificate Authority issued ...

oval:org.secpod.oval:def:500819
Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. It was found that a Certificate Authority issued ...

oval:org.secpod.oval:def:500959
Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. It was found that a Certificate Authority mis-is ...

oval:org.secpod.oval:def:500228
Network Security Services is a set of libraries designed to support the development of security-enabled client and server applications. It was found that the Malaysia-based Digicert Sdn. Bhd. subordinate Certificate Authority issued HTTPS certificates with weak keys. This update renders any HTTPS ...

oval:org.secpod.oval:def:501330
LZO is a portable lossless data compression library written in ANSI C. An integer overflow flaw was found in the way the lzo library decompressed certain archives compressed with the LZO algorithm. An attacker could create a specially crafted LZO-compressed input that, when decompressed by an applic ...

oval:org.secpod.oval:def:500987
The openchange packages provide libraries to access Microsoft Exchange servers using native protocols. Evolution-MAPI uses these libraries to integrate the Evolution PIM application with Microsoft Exchange servers. A flaw was found in the Samba suite"s Perl-based DCE/RPC IDL compiler. As OpenChange ...

oval:org.secpod.oval:def:1500307
Updated rdma, libibverbs, libmlx4, librdmacm, qperf, perftest, openmpi, compat-openmpi, infinipath-psm, mpitests, and rds-tools packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has r ...

oval:org.secpod.oval:def:501148
Red Hat Enterprise Linux includes a collection of Infiniband and iWARP utilities, libraries and development packages for writing applications that use Remote Direct Memory Access technology. A flaw was found in the way ibutils handled temporary files. A local attacker could use this flaw to cause a ...

oval:org.secpod.oval:def:1600312
A flaw was found in the way ibutils handled temporary files. A local attacker could use this flaw to cause arbitrary files to be overwritten as the root user via a symbolic link attack.It was discovered that librdmacm used a static port to connect to the ib_acm service. A local attacker able to run ...

oval:org.secpod.oval:def:500789
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. Multiple numeric conversion errors, leading to a buffer overflow, were found in the way OpenSSL parsed ASN.1 data from BIO input ...

oval:org.secpod.oval:def:500403
Openswan is a free implementation of Internet Protocol Security and Internet Key Exchange . IPsec uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. Two buffer overflow flaws were found in the ...

oval:org.secpod.oval:def:500014
Openswan is a free implementation of Internet Protocol Security and Internet Key Exchange . IPsec uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. A NULL pointer dereference flaw was found i ...

oval:org.secpod.oval:def:500157
Openswan is a free implementation of Internet Protocol Security and Internet Key Exchange . IPsec uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. A use-after-free flaw was found in the way ...

oval:org.secpod.oval:def:501056
Openswan is a free implementation of Internet Protocol Security and Internet Key Exchange . IPsec uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. When using Opportunistic Encryption, Opensw ...

oval:org.secpod.oval:def:500950
These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. Two improper permission check issues were discovered in the reflection API in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. This er ...

oval:org.secpod.oval:def:501414
The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. Multiple flaws were discovered in the Libraries, 2D, and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java ...

oval:org.secpod.oval:def:501431
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Multiple flaws were discovered in the Libraries, 2D, and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java ...

oval:org.secpod.oval:def:501425
The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. It was discovered that the Libraries component in OpenJDK failed to properly handle ZIP archives that contain entries with a NUL byte used in the file names. An untrusted J ...

oval:org.secpod.oval:def:1500204
Updated kernel packages that fix multiple security issues and various bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, ...

oval:org.secpod.oval:def:1500219
Updated kernel packages that fix multiple security issues and various bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, ...

oval:org.secpod.oval:def:21822
The host is installed with Linux-PAM (aka pam) 1.1.8 and is prone to multiple directory traversal vulnerabilities. The flaws are present in the application, which fails to properly handle a .. (dot dot) in the (1) PAM_RUSER value to the get_ruser function or (2) PAM_TTY value to the check_tty functi ...

oval:org.secpod.oval:def:500991
Pluggable Authentication Modules provide a system whereby administrators can set up authentication policies without having to recompile programs to handle authentication. A stack-based buffer overflow flaw was found in the way the pam_env module parsed users" "~/.pam_environment" files. I ...

oval:org.secpod.oval:def:500827
The php-pecl-apc packages contain APC , the framework for caching and optimization of intermediate PHP code. A cross-site scripting flaw was found in the "apc.php" script, which provides a detailed analysis of the internal workings of APC and is shipped as part of the APC extension docume ...

oval:org.secpod.oval:def:501162
The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel"s TCP/IP protocol suite implementation handled sending of certain UDP packets over sockets that used the UDP_CORK option when the UDP Fragmentation Offload feature wa ...

oval:org.secpod.oval:def:501187
The kernel packages contain the Linux kernel, the core of any Linux operating system. * A buffer overflow flaw was found in the way the qeth_snmp_command function in the Linux kernel"s QETH network device driver implementation handled SNMP IOCTL requests with an out-of-bounds length. A local, unpriv ...

oval:org.secpod.oval:def:500798
The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A flaw was found in the way the Linux kernel"s journal_unmap_buffer function handled buffer head states. On systems that have an ext4 file system with a journal mo ...

oval:org.secpod.oval:def:500760
The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A buffer overflow flaw was found in the way the Linux kernel"s XFS file system implementation handled links with overly long path names. A local, unprivileged user ...

oval:org.secpod.oval:def:500762
The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: * It was found that permissions were not checked properly in the Linux kernel when handling the /proc/[pid]/mem writing functionality. A local, unprivileged user coul ...

oval:org.secpod.oval:def:500784
The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * Numerous reference count leaks were found in the Linux kernel"s block layer I/O context handling implementation. This could allow a local, unprivileged user to cau ...

oval:org.secpod.oval:def:500395
The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * Missing sanity checks in the Intel i915 driver in the Linux kernel could allow a local, unprivileged user to escalate their privileges. * compat_alloc_user_space ...

oval:org.secpod.oval:def:500843
The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A NULL pointer dereference flaw was found in the nf_ct_frag6_reasm function in the Linux kernel"s netfilter IPv6 connection tracking implementation. A remote attac ...

oval:org.secpod.oval:def:500868
The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * An integer overflow flaw was found in the i915_gem_execbuffer2 function in the Intel i915 driver in the Linux kernel. A local, unprivileged user could use this fla ...

oval:org.secpod.oval:def:500822
The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A flaw was found in the way the Linux kernel"s Event Poll subsystem handled large, nested epoll structures. A local, unprivileged user could use this flaw to caus ...

oval:org.secpod.oval:def:500899
The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * An integer overflow flaw was found in the i915_gem_do_execbuffer function in the Intel i915 driver in the Linux kernel. A local, unprivileged user could use this f ...

oval:org.secpod.oval:def:500033
The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: * A use-after-free flaw was found in the Linux kernel"s RPC server sockets implementation. A remote attacker could use this flaw to trigger a denial of service by sen ...

oval:org.secpod.oval:def:500044
The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * An integer underflow flaw, leading to a buffer overflow, was found in the Linux kernel"s Datagram Congestion Control Protocol implementation. This could allow a r ...

oval:org.secpod.oval:def:500046
The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * It was found that the receive hook in the ipip_init function in the ipip module, and in the ipgre_init function in the ip_gre module, could be called before networ ...

oval:org.secpod.oval:def:501381
The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel"s futex subsystem handled reference counting when requeuing futexes during futex_wait. A local, unprivileged user could use this flaw to zero out the reference counter ...

oval:org.secpod.oval:def:501387
The kernel packages contain the Linux kernel, the core of any Linux operating system. * An out-of-bounds memory access flaw was found in the Linux kernel"s system call auditing implementation. On a system with existing audit rules defined, a local, unprivileged user could use this flaw to leak kerne ...

oval:org.secpod.oval:def:501328
The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel"s futex subsystem handled the requeuing of certain Priority Inheritance futexes. A local, unprivileged user could use this flaw to escalate their privileges on the sy ...

oval:org.secpod.oval:def:500096
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security fix: * Using the SG_IO IOCTL to issue SCSI requests to partitions or LVM volumes resulted in the requests being passed to the underlying block device. If a privileged user only had access to a single parti ...

oval:org.secpod.oval:def:500963
The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * It was found that a deadlock could occur in the Out of Memory killer. A process could trigger this deadlock by consuming a large amount of memory, and then causin ...

oval:org.secpod.oval:def:500911
The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: * A flaw was found in the way socket buffers requiring TSO were handled by the sfc driver. If the skb did not fit within the minimum-size of the transmission queue, ...

oval:org.secpod.oval:def:501003
The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: * A race condition was found in the way the Linux kernel"s ptrace implementation handled PTRACE_SETREGS requests when the debuggee was woken due to a SIGKILL signal i ...

oval:org.secpod.oval:def:501026
The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A flaw was found in the way the xen_iret function in the Linux kernel used the DS register. A local, unprivileged user in a 32-bit, para-virtualized Xen hyperviso ...

oval:org.secpod.oval:def:501452
The kernel packages contain the Linux kernel, the core of any Linux operating system. * A race condition flaw was found in the way the Linux kernel"s KVM subsystem handled PIT emulation. A guest user who has access to the PIT I/O ports could use this flaw to crash the host. * A memory corruption f ...

oval:org.secpod.oval:def:501455
The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A flaw was found in the way the Linux kernel"s IPv6 implementation handled certain UDP packets when the UDP Fragmentation Offload feature was enabled. A remote at ...

oval:org.secpod.oval:def:501046
Security: * An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the Intel i915 driver in the Linux kernel handled the allocation of the buffer used for relocation copies. A local user with console access could use this flaw to cause a denial of service or escalate ...

oval:org.secpod.oval:def:501059
The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: * It was found that the Red Hat Enterprise Linux 6.1 kernel update introduced an integer conversion issue in the Linux kernel"s Performance Events implementation. Th ...

oval:org.secpod.oval:def:501068
The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A flaw was found in the way KVM initialized a guest"s registered pv_eoi indication flag when entering the guest. An unprivileged guest user could potentially use ...

oval:org.secpod.oval:def:501073
The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A flaw was found in the way the Linux kernel"s Stream Control Transmission Protocol implementation handled duplicate cookies. If a local user queried SCTP connect ...

oval:org.secpod.oval:def:501079
The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A flaw was found in the tcp_read_sock function in the Linux kernel"s IPv4 TCP/IP protocol suite implementation in the way socket buffers were handled. A local, un ...

oval:org.secpod.oval:def:501112
The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel"s TCP/IP protocol suite implementation handled IPv6 sockets that used the UDP_CORK option. A local, unprivileged user could use this flaw to cause a denial of service. ...

oval:org.secpod.oval:def:501163
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A memory corruption flaw was found in the way the openssl_x509_parse function of the PHP openssl extension parsed X.509 certificates. A remote attacker could use this flaw to provide a malicious self-signed certifi ...

oval:org.secpod.oval:def:501167
Pixman is a pixel manipulation library for the X Window System and Cairo. An integer overflow, which led to a heap-based buffer overflow, was found in the way pixman handled trapezoids. If a remote attacker could trick an application using pixman into rendering a trapezoid shape with specially craft ...

oval:org.secpod.oval:def:501033
Pixman is a pixel manipulation library for the X Window System and Cairo. An integer overflow flaw was discovered in one of pixman"s manipulation routines. If a remote attacker could trick an application using pixman into performing a certain manipulation, it could cause the application to crash or, ...

oval:org.secpod.oval:def:500995
Red Hat Certificate System is an enterprise software system designed to manage enterprise public key infrastructure deployments. PKI Core contains fundamental packages required by Red Hat Certificate System, which comprise the Certificate Authority subsystem. Note: The Certificate Authority compon ...

oval:org.secpod.oval:def:500109
PolicyKit is a toolkit for defining and handling authorizations. A race condition flaw was found in the PolicyKit pkexec utility and polkitd daemon. A local user could use this flaw to appear as a privileged user to pkexec, allowing them to execute arbitrary commands as root by running those command ...

oval:org.secpod.oval:def:501108
PolicyKit is a toolkit for defining and handling authorizations. A race condition was found in the way the PolicyKit pkcheck utility checked process authorization when the process was specified by its process ID via the --process option. A local user could use this flaw to bypass intended PolicyKit ...

oval:org.secpod.oval:def:501193
PostgreSQL is an advanced object-relational database management system . Multiple stack-based buffer overflow flaws were found in the date/time implementation of PostgreSQL. An authenticated database user could provide a specially crafted date/time value that, when processed, could cause PostgreSQL ...

oval:org.secpod.oval:def:500836
PostgreSQL is an advanced object-relational database management system . A flaw was found in the way the crypt password hashing function from the optional PostgreSQL pgcrypto contrib module performed password transformation when used with the DES algorithm. If the password string to be hashed contai ...

oval:org.secpod.oval:def:500800
PostgreSQL is an advanced object-relational database management system . The pg_dump utility inserted object names literally into comments in the SQL script it produces. An unprivileged database user could create an object whose name includes a newline followed by an SQL command. This SQL command mi ...

oval:org.secpod.oval:def:500894
PostgreSQL is an advanced object-relational database management system . It was found that the optional PostgreSQL xml2 contrib module allowed local files and remote URLs to be read and written to with the privileges of the database server when parsing Extensible Stylesheet Language Transformations ...

oval:org.secpod.oval:def:501618
The ppc64-diag packages provide diagnostic tools for Linux on the 64-bit PowerPC platforms. The platform diagnostics write events reported by the firmware to the service log, provide automated responses to urgent events, and notify system administrators or connected service frameworks about the repo ...

oval:org.secpod.oval:def:1500201
Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity rat ...

oval:org.secpod.oval:def:1500220
Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ra ...

oval:org.secpod.oval:def:202932
The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A flaw was found in the tcp_read_sock function in the Linux kernel"s IPv4 TCP/IP protocol suite implementation in the way socket buffers were handled. A local, un ...

oval:org.secpod.oval:def:202925
The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A flaw was found in the way the Linux kernel"s Stream Control Transmission Protocol implementation handled duplicate cookies. If a local user queried SCTP connect ...

oval:org.secpod.oval:def:1500158
Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ra ...

oval:org.secpod.oval:def:202675
Security: * An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the Intel i915 driver in the Linux kernel handled the allocation of the buffer used for relocation copies. A local user with console access could use this flaw to cause a denial of service or escalate ...

oval:org.secpod.oval:def:21825
The host is installed with Python Imaging Library (PIL) and Pillow before 2.3.2 and 2.5.x before 2.5.2 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle a crafted block size. Successful exploitation allows remote attackers to caus ...

oval:org.secpod.oval:def:501876
Twisted is an event-based framework for internet applications. Twisted Web is a complete web server, aimed at hosting web applications using Twisted and Python, but fully able to serve static pages too. Security Fix: * It was discovered that python-twisted-web used the value of the Proxy header from ...

oval:org.secpod.oval:def:500875
Python Paste provides middleware for building and running Python web applications. The python-paste-script package includes paster, a tool for working with and running Python Paste applications. It was discovered that paster did not drop supplementary group privileges when started by the root user. ...

oval:org.secpod.oval:def:501457
YAML is a data serialization format designed for human readability and interaction with scripting languages. LibYAML is a YAML parser and emitter written in C. A buffer overflow flaw was found in the way the libyaml library parsed URLs in YAML documents. An attacker able to load specially crafted YA ...

oval:org.secpod.oval:def:501119
The Simple Protocol for Independent Computing Environments is a remote display protocol for virtual environments. SPICE users can access a virtualized desktop or server from the local system or any system with network access to the server. SPICE is used in Red Hat Enterprise Linux for viewing virtu ...

oval:org.secpod.oval:def:500884
Quagga is a TCP/IP based routing software suite. The Quagga bgpd daemon implements the BGP routing protocol. The Quagga ospfd and ospf6d daemons implement the OSPF routing protocol. A heap-based buffer overflow flaw was found in the way the bgpd daemon processed malformed Extended Communities path ...

oval:org.secpod.oval:def:500298
Quagga is a TCP/IP based routing software suite. The Quagga bgpd daemon implements the BGP routing protocol. A stack-based buffer overflow flaw was found in the way the Quagga bgpd daemon processed certain BGP Route Refresh messages. A configured BGP peer could send a specially-crafted BGP message ...

oval:org.secpod.oval:def:500031
rdesktop is a client for the Remote Desktop Server in Microsoft Windows. It uses the Remote Desktop Protocol to remotely present a user"s desktop. A directory traversal flaw was found in the way rdesktop shared a local path with a remote server. If a user connects to a malicious server with rdeskt ...

oval:org.secpod.oval:def:500960
ABRT is a tool to help users to detect defects in applications and to create a bug report with all the information needed by a maintainer to fix it. It uses a plug-in system to extend its functionality. libreport provides an API for reporting different problems in applications to different bug targ ...

oval:org.secpod.oval:def:500859
The IcedTea-Web project provides a Java web browser plug-in and an implementation of Java Web Start, which is based on the Netx project. It also contains a configuration tool for managing deployment settings for the plug-in and Web Start implementations. An uninitialized pointer use flaw was found i ...

oval:org.secpod.oval:def:500101
The IcedTea-Web project provides a Java web browser plug-in and an implementation of Java Web Start, which is based on the Netx project. It also contains a configuration tool for managing deployment settings for the plug-in and Web Start implementations. A flaw was discovered in the JNLP implementa ...

oval:org.secpod.oval:def:500145
The IcedTea-Web project provides a Java web browser plug-in and an implementation of Java Web Start, which is based on the Netx project. It also contains a configuration tool for managing deployment settings for the plug-in and Web Start implementations. A flaw was found in the same-origin policy im ...

oval:org.secpod.oval:def:500955
Red Hat Identity Management is a centralized authentication, identity management and authorization solution for both traditional and cloud-based enterprise environments. A weakness was found in the way IPA clients communicated with IPA servers when initially attempting to join IPA domains. As there ...

oval:org.secpod.oval:def:500997
Red Hat Identity Management is a centralized authentication, identity management and authorization solution for both traditional and cloud-based enterprise environments. It integrates components of the Red Hat Directory Server, MIT Kerberos, Red Hat Certificate System, NTP, and DNS. It provides web ...

oval:org.secpod.oval:def:500268
Red Hat Identity Management is a centralized authentication, identity management and authorization solution for both traditional and cloud based enterprise environments. It integrates components of the Red Hat Directory Server, MIT Kerberos, Red Hat Certificate System, NTP and DNS. It provides web b ...

oval:org.secpod.oval:def:500006
Kexec allows for booting a Linux kernel from the context of an already running kernel. Kdump used the SSH "StrictHostKeyChecking=no" option when dumping to SSH targets, causing the target kdump server"s SSH host key not to be checked. This could make it easier for a man-in-the-middle atta ...

oval:org.secpod.oval:def:501063
These packages provide a transport-independent RPC implementation. A flaw was found in the way libtirpc decoded RPC requests. A specially-crafted RPC request could cause libtirpc to attempt to free a buffer provided by an application using the library, even when the buffer was not dynamically alloc ...

oval:org.secpod.oval:def:501178
The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. A use-after-free flaw was found in the way several libvirt block APIs handled domai ...

oval:org.secpod.oval:def:501297
The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. It was found that libvirt passes the XML_PARSE_NOENT flag when parsing XML document ...

oval:org.secpod.oval:def:500818
The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Bus and device IDs were ignored when attempting to attach multiple USB devices with ...

oval:org.secpod.oval:def:500872
The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. A flaw was found in libvirtd"s RPC call handling. An attacker able to establish a r ...

oval:org.secpod.oval:def:501347
The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. It was found that libvirt passes the XML_PARSE_NOENT flag when parsing XML document ...

oval:org.secpod.oval:def:500903
The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. A flaw was found in libvirtd"s RPC call handling. An attacker able to establish a r ...

oval:org.secpod.oval:def:500999
The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. It was discovered that libvirt made certain invalid assumptions about dnsmasq"s com ...

oval:org.secpod.oval:def:500126
The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remotely managing virtualized systems. A flaw was found in the way libvirtd handled error reporting for concurrent connection ...

oval:org.secpod.oval:def:501456
The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. An out-of-bounds read flaw was found in the way libvirt"s qemuDomainGetBlockIoTune ...

oval:org.secpod.oval:def:501105
The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. libvirt invokes the PolicyKit pkcheck utility to handle authorization. A race condi ...

oval:org.secpod.oval:def:25180
The host is installed with rhn-client-tools on Red Hat Enterprise Linux 5, 6 or 7 and is prone to a man-in-the-middle attack vulnerability. A flaw is present in the application, which fails to properly handle crafted hostnames. Successful exploitation could allow attackers to prevent registration fr ...

oval:org.secpod.oval:def:500895
The spice-gtk packages provide a GIMP Toolkit widget for SPICE clients. Both Virtual Machine Manager and Virtual Machine Viewer can make use of this widget to access virtual machines using the SPICE protocol. It was discovered that the spice-gtk setuid helper application, spice-client-glib-usb-acl ...

oval:org.secpod.oval:def:501107
The spice-gtk packages provide a GIMP Toolkit widget for SPICE clients. Both Virtual Machine Manager and Virtual Machine Viewer can make use of this widget to access virtual machines using the SPICE protocol. spice-gtk communicated with PolicyKit for authorization via an API that is vulnerable to ...

oval:org.secpod.oval:def:500180
The RPM Package Manager is a command line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages. Multiple flaws were found in the way the RPM library parsed package headers. An attacker could create a specially-crafted RPM package ...

oval:org.secpod.oval:def:501468
The RPM Package Manager is a powerful command line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages. Each software package consists of an archive of files along with information about the package such as its version, descripti ...

oval:org.secpod.oval:def:500831
The rsyslog packages provide an enhanced, multi-threaded syslog daemon. A numeric truncation error, leading to a heap-based buffer overflow, was found in the way the rsyslog imfile module processed text files containing long lines. An attacker could use this flaw to crash the rsyslogd daemon or, pos ...

oval:org.secpod.oval:def:501422
The rsyslog packages provide an enhanced, multi-threaded syslog daemon that supports writing to relational databases, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine grained output format control. A flaw was found in the way rsyslog handled invalid log message p ...

oval:org.secpod.oval:def:500215
The rsyslog packages provide an enhanced, multi-threaded syslog daemon that supports MySQL, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine grained output format control. A two byte buffer overflow flaw was found in the rsyslog daemon"s parseLegacySyslogMsg func ...

oval:org.secpod.oval:def:501417
The rsyslog7 packages provide an enhanced, multi-threaded syslog daemon that supports writing to relational databases, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine grained output format control. A flaw was found in the way rsyslog handled invalid log message ...

oval:org.secpod.oval:def:500035
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. A flaw was found in the way large amounts of memory were allocated on 64-bit systems when using the BigDecimal class. A context-dependent attacker could u ...

oval:org.secpod.oval:def:501017
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. It was discovered that Ruby"s REXML library did not properly restrict XML entity expansion. An attacker could use this flaw to cause a denial of service b ...

oval:org.secpod.oval:def:501466
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Multiple denial of service flaws were found in the way the Ruby REXML XML parser performed expansion of parameter entities. A specially crafted XML d ...

oval:org.secpod.oval:def:501089
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. A flaw was found in Ruby"s SSL client"s hostname identity check when handling certificates that contain hostnames with NULL bytes. An attacker could poten ...

oval:org.secpod.oval:def:25173
The host is installed with ruby on Red Hat Enterprise Linux 5, 6 or 7 and is prone to a RFC 6125 violation vulnerability. A flaw is present in the application, which fails to properly verify host names against X.509 certificate names with wildcards. Successful exploitation could cause Ruby TLS/SSL c ...

oval:org.secpod.oval:def:501150
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. A buffer overflow flaw was found in the way Ruby parsed floating point numbers from their text representation. If an application using Ruby accepted ...

oval:org.secpod.oval:def:1600023
Algorithmic complexity vulnerability in Gem::Version::ANCHORED_VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.2, 1.8.24 through 1.8.26, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service vi ...

oval:org.secpod.oval:def:1500268
An updated rubygems package that fixes three security issues is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are avail ...

oval:org.secpod.oval:def:202952
RubyGems is the Ruby standard for publishing and managing third-party libraries. It was found that RubyGems did not verify SSL connections. This could lead to man-in-the-middle attacks. It was found that, when using RubyGems, the connection could be redirected from HTTPS to HTTP. This could lead to ...

oval:org.secpod.oval:def:105924
RubyGems is the Ruby standard for publishing and managing third party libraries.

oval:org.secpod.oval:def:1600320
Algorithmic complexity vulnerability in Gem::Version::ANCHORED_VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.2, 1.8.24 through 1.8.26, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service vi ...

oval:org.secpod.oval:def:106008
RubyGems is the Ruby standard for publishing and managing third party libraries.

oval:org.secpod.oval:def:1600287
Algorithmic complexity vulnerability in Gem::Version::VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.1, 1.8.24 through 1.8.25, 2.0.x before 2.0.8, and 2.1.x before 2.1.0, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service via a crafte ...

oval:org.secpod.oval:def:500271
rsync is a program for synchronizing files over a network. A memory corruption flaw was found in the way the rsync client processed malformed file list data. If an rsync client used the "--recursive" and "--delete" options without the "--owner" option when connecting to ...

oval:org.secpod.oval:def:500793
Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A flaw was found in the way Samba handled certain Local Security Authority Remote Procedure Calls . An a ...

oval:org.secpod.oval:def:501214
Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. It was found that certain Samba configurations did not enforce the password lockout mechanism. A remote a ...

oval:org.secpod.oval:def:501331
Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A denial of service flaw was found in the way the sys_recvfile function of nmbd, the NetBIOS message bloc ...

oval:org.secpod.oval:def:501154
Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A heap-based buffer overflow flaw was found in the DCE-RPC client code in Samba. A specially crafted DCE- ...

oval:org.secpod.oval:def:38607
The host is installed with samba4 or samba and is prone to an unconditional privilege delegation vulnerability. A flaw is present in the application, which fails to properly handle Kerberos TGT. An attacker who successfully exploited this vulnerability could fully impersonate the authenticated user ...

oval:org.secpod.oval:def:501222
Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. It was found that certain Samba configurations did not enforce the password lockout mechanism. A remote a ...

oval:org.secpod.oval:def:500994
Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A flaw was found in the Samba suite"s Perl-based DCE/RPC IDL compiler, used to generate code to handle R ...

oval:org.secpod.oval:def:501152
Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A heap-based buffer overflow flaw was found in the DCE-RPC client code in Samba. A specially crafted DCE- ...

oval:org.secpod.oval:def:500821
The SBLIM CIM Client is a class library for Java applications that provides access to CIM servers using the CIM Operations over HTTP protocol defined by the DMTF standards. It was found that the Java HashMap implementation was susceptible to predictable hash collisions. SBLIM uses HashMap when pa ...

oval:org.secpod.oval:def:501762
The sos package contains a set of tools that gather information from system hardware, logs and configuration files. The information can then be used for diagnostic purposes and debugging. An insecure temporary file use flaw was found in the way sos created certain sosreport files. A local attacker c ...

oval:org.secpod.oval:def:500130
Sos is a set of tools that gather information about system hardware and configuration. The sosreport utility incorrectly included Certificate-based Red Hat Network private entitlement keys in the resulting archive of debugging information. An attacker able to access the archive could use the keys to ...

oval:org.secpod.oval:def:501301
Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. A denial of service flaw was found in the way Squid processed certain HTTPS requests when the SSL Bump feature was enabled. A remote attacker could send specially crafted requests that co ...

oval:org.secpod.oval:def:500983
Squid is a high-performance proxy caching server for web clients that supports FTP, Gopher, and HTTP data objects. A denial of service flaw was found in the way the Squid Cache Manager processed certain requests. A remote attacker who is able to access the Cache Manager CGI could use this flaw to ca ...

oval:org.secpod.oval:def:500154
Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. An input validation flaw was found in the way Squid calculated the total number of resource records in the answer section of multiple name server responses. An attacker could use this fla ...

oval:org.secpod.oval:def:500111
Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. It was found that string comparison functions in Squid did not properly handle the comparisons of NULL and empty strings. A remote, trusted web client could use this flaw to cause the squ ...

oval:org.secpod.oval:def:500241
Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. A buffer overflow flaw was found in the way Squid parsed replies from remote Gopher servers. A remote user allowed to send Gopher requests to a Squid proxy could possibly use this flaw to ...

oval:org.secpod.oval:def:500985
The System Security Services Daemon provides a set of daemons to manage access to remote directories and authentication mechanisms. It provides an NSS and PAM interface toward the system and a pluggable back-end system to connect to multiple different account sources. It is also the basis to provid ...

oval:org.secpod.oval:def:501028
SSSD provides a set of daemons to manage access to remote directories and authentication mechanisms. It provides NSS and PAM interfaces toward the system and a pluggable back end system to connect to multiple different account sources. When SSSD was configured as a Microsoft Active Directory clie ...

oval:org.secpod.oval:def:21526
The host is installed with System Security Services Daemon (SSSD) 1.11.6 and is prone to Security bypass vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation could allow attackers to bypass access restrictions.

oval:org.secpod.oval:def:501101
SSSD provides a set of daemons to manage access to remote directories and authentication mechanisms. It provides NSS and PAM interfaces toward the system and a pluggable back end system to connect to multiple different account sources. A race condition was found in the way SSSD copied and removed ...

oval:org.secpod.oval:def:500764
SystemTap is an instrumentation system for systems running the Linux kernel. The system allows developers to write scripts to collect data on the operation of the system. An invalid pointer read flaw was found in the way SystemTap handled malformed debugging information in DWARF format. When SystemT ...

oval:org.secpod.oval:def:500159
SystemTap is an instrumentation system for systems running the Linux kernel. The system allows developers to write scripts to collect data on the operation of the system. It was found that SystemTap did not perform proper module path sanity checking if a user specified a custom path to the uprobes m ...

oval:org.secpod.oval:def:500202
SystemTap is an instrumentation system for systems running the Linux kernel, version 2.6. Developers can write scripts to collect data on the operation of the system. Two divide-by-zero flaws were found in the way SystemTap handled malformed debugging information in DWARF format. When SystemTap unpr ...

oval:org.secpod.oval:def:500996
The dnsmasq packages contain Dnsmasq, a lightweight DNS forwarder and DHCP server. It was discovered that dnsmasq, when used in combination with certain libvirtd configurations, could incorrectly process network packets from network interfaces that were intended to be prohibited. A remote, unauthe ...

oval:org.secpod.oval:def:500846
The sudo utility allows system administrators to give certain users the ability to run commands as root. A flaw was found in the way the network matching code in sudo handled multiple IP networks listed in user specification configuration directives. A user, who is authorized to run commands with s ...

oval:org.secpod.oval:def:1500183
Updated tomcat5 packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available ...

oval:org.secpod.oval:def:501062
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. A flaw was found in the way the tomcat5 init script handled the catalina.out log file. A malicious web application deployed on Tomcat could use this flaw to perform a symbolic link attack to change the owne ...

oval:org.secpod.oval:def:202888
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. A flaw was found in the way the tomcat5 init script handled the catalina.out log file. A malicious web application deployed on Tomcat could use this flaw to perform a symbolic link attack to change the owne ...

oval:org.secpod.oval:def:501120
Vino is a Virtual Network Computing server for GNOME. It allows remote users to connect to a running GNOME session using VNC. A denial of service flaw was found in the way Vino handled certain authenticated requests from clients that were in the deferred state. A remote attacker could use this flaw ...

oval:org.secpod.oval:def:500826
X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. A flaw was found in the way the X.Org server handled lock files. A local user with access to the system console could use this f ...

oval:org.secpod.oval:def:500107
X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Multiple input sanitization flaws were found in the X.Org GLX extension. A malicious, authorized client could use these flaws t ...

oval:org.secpod.oval:def:501472
X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Multiple integer overflow flaws and out-of-bounds write flaws were found in the way the X.Org server calculated memory requireme ...

oval:org.secpod.oval:def:501138
X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. A flaw was found in the way the X.org X11 server registered new hot plugged devices. If a local user switched to a different ses ...

oval:org.secpod.oval:def:501115
X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. A use-after-free flaw was found in the way the X.Org server handled ImageText requests. A malicious, authorized client could use ...

oval:org.secpod.oval:def:20998
The host is installed with libX11 before 1.5.99.902 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle unbounded recursion. Successful exploitation could allow attackers to crash the service.

oval:org.secpod.oval:def:20996
The host is installed with libX11 before 1.5.99.902 and is prone to multiple array index vulnerabilities. The flaws are present in the application, which fails to properly handle crafted length or index values. Successful exploitation could allow attackers to execute arbitrary code or crash the serv ...

oval:org.secpod.oval:def:21004
The host is installed with libX11 before 1.5.99.901 and is prone to multiple integer overflow vulnerabilities. The flaws are present in the application, which fails to properly handle vectors related to the (1) XQueryFont, (2) _XF86BigfontQueryFont, (3) XListFontsWithInfo, (4) XGetMotionEvents, (5) ...

oval:org.secpod.oval:def:20983
The host is installed with libXxf86vm before 1.1.3 and is prone to a multiple array index vulnerability. A flaw is present in the application, which fails to handle crafted length or index values to the XF86VidModeGetGammaRamp function. Successful exploitation could allow attackers to execute arbitr ...

oval:org.secpod.oval:def:20980
The host is installed with libxcb before 1.9.1 and is prone to an integer overflow vulnerability. A flaw is present in the application, which fails to handle vectors related to the read_packet function. Successful exploitation could allow attackers to trigger allocation of insufficient memory and a ...

oval:org.secpod.oval:def:20968
The host is installed with libXext before 1.3.2 and is prone to multiple integer overflow vulnerabilities. The flaws are present in the application, which fails to handle vectors related to the (1) XcupGetReservedColormapEntries, (2) XcupStoreColors, (3) XdbeGetVisualInfo, (4) XeviGetVisualInfo, (5) ...

oval:org.secpod.oval:def:20966
The host is installed with libXfixes 5.0 or earlier and is prone to an integer overflow vulnerability. A flaw is present in the application, which fails to properly handle crafted vectors related to the XFixesGetCursorImage function. Successful exploitation could allow attackers to lead to a heap-ba ...

oval:org.secpod.oval:def:21516
The host is installed with libXfont before 1.4.8 or 1.4.9x before 1.4.99.901 and is prone to multiple buffer overflow vulnerabilities. The flaws are present in the application, which fails to handle a crafted xfs protocol reply. Successful exploitation could allow attackers to execute arbitrary code

oval:org.secpod.oval:def:21517
The host is installed with libXfont before 1.4.8 or 1.4.9x before 1.4.99.901 and is prone to multiple integer overflow vulnerabilities. The flaws are present in the application, which fails to handle a crafted xfs reply. Successful exploitation could allow attackers to execute arbitrary code

oval:org.secpod.oval:def:21515
The host is installed with libXfont before 1.4.8 or 1.4.9x before 1.4.99.901 and is prone to multiple integer overflow vulnerabilities. The flaws are present in the application, which fails to handle vectors related to metadata. Successful exploitation could allow attackers to gain privileges by add ...

oval:org.secpod.oval:def:501454
The libXfont packages provide the X.Org libXfont runtime library. X.Org is an open source implementation of the X Window System. A use-after-free flaw was found in the way libXfont processed certain font files when attempting to add a new directory to the font path. A malicious, local user could exp ...

oval:org.secpod.oval:def:20992
The host is installed with libXi before 1.7.2 and is prone to multiple integer overflow vulnerabilities. The flaws are present in the application, which fails to properly handle vectors related to the (1) XGetDeviceControl, (2) XGetFeedbackControl, (3) XGetDeviceDontPropagateList, (4) XGetDeviceMoti ...

oval:org.secpod.oval:def:20976
The host is installed with libXinerama before 1.1.3 and is prone to an integer overflow vulnerability. A flaw is present in the application, which fails to handle crafted vectors related to the XineramaQueryScreens function. Successful exploitation could allow attackers to trigger allocation of insu ...

oval:org.secpod.oval:def:20988
The host is installed with libXrandr before 1.4.1 and is prone to multiple integer overflow vulnerabilities. The flaws are present in the application, which fails to properly handle vectors related to the (1) XRRQueryOutputProperty and (2) XRRQueryProviderProperty functions. Successful exploitation ...

oval:org.secpod.oval:def:20990
The host is installed with libXtst 1.2.1 or earlier and is prone to an integer overflow vulnerability. A flaw is present in the application, which fails to properly handle vectors related to the XRecordGetContext function. Successful exploitation could allow attackers to trigger allocation of insuff ...

oval:org.secpod.oval:def:20975
The host is installed with libXv before 1.0.8 and is prone to multiple buffer overflow vulnerabilities. The flaws are present in the application, which fails to handle crafted length or index values. Successful exploitation could allow attackers to execute arbitrary code or crash the service.

oval:org.secpod.oval:def:20974
The host is installed with libXv before 1.0.8 and is prone to multiple integer overflow vulnerabilities. The flaws are present in the application, which fails to handle crafted vectors related to the (1) XvQueryPortAttributes, (2) XvListImageFormats, and (3) XvCreateImage function. Successful exploi ...

oval:org.secpod.oval:def:501550
The flac packages contain a decoder and an encoder for the FLAC audio file format. A buffer overflow flaw was found in the way flac decoded FLAC audio files. An attacker could create a specially crafted FLAC audio file that could cause an application using the flac library to crash or execute arbit ...

oval:org.secpod.oval:def:20970
The host is installed with libxslt before 1.1.28 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle an empty match attribute in a XSL key to the xsltAddKey function in keys.c or uninitialized variable to the xsltDocumentFunction function in ...

oval:org.secpod.oval:def:501316
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:501375
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:501348
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:501426
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:500172
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. It was found that a Certificate Authority issued a fraudulent HTTPS certificate. This update renders any HTTPS certificates signed by that CA as untrusted, except for a select few. The ...

oval:org.secpod.oval:def:500140
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. This erratum blacklists a small number of HTTPS certificates. All Firefox users should upgrade to these updated packages, which contain a backported patch. After installing the update, ...

oval:org.secpod.oval:def:500234
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. The RHSA-2011:1242 Firefox update rendered HTTPS certificates signed by a certain Certificate Authority as untrusted, but made an exception for a select few. This update removes that e ...

oval:org.secpod.oval:def:1600205
Due to the way the pam_ssh_agent_auth PAM module was built, the glibc"s error function was called rather than the intended error function in pam_ssh_agent_auth to report errors. As these two functions expect different arguments, it was possible for an attacker to cause an application using pam_ssh_a ...

oval:org.secpod.oval:def:1600226
Heap-based buffer overflow in the tg3_read_vpd function in drivers/net/ethernet/broadcom/tg3.c in the Linux kernel before 3.8.6 allows physically proximate attackers to cause a denial of service or possibly execute arbitrary code via crafted firmware that specifies a long string in the Vital Produc ...

oval:org.secpod.oval:def:1600225
A flaw was found in the way mod_nss handled the NSSVerifyClient setting for the per-directory context. When configured to not require a client certificate for the initial connection and only require it for a specific directory, mod_nss failed to enforce this requirement and allowed a client to acces ...

oval:org.secpod.oval:def:1600212
The bt_sock_recvmsg function in net/bluetooth/af_bluetooth.c in the Linux kernel before 3.9-rc7 does not properly initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. The udf_encode_fh f ...

oval:org.secpod.oval:def:1600208
A flaw was found in the way mod_nss handled the NSSVerifyClient setting for the per-directory context. When configured to not require a client certificate for the initial connection and only require it for a specific directory, mod_nss failed to enforce this requirement and allowed a client to acces ...

oval:org.secpod.oval:def:1600231
It was discovered that the sort, uniq, and join utilities did not properly restrict the use of the alloca function. An attacker could use this flaw to crash those utilities by providing long input strings

oval:org.secpod.oval:def:601015
Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leak or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-0160 vladz reported a timing leak with the /dev/ptmx character ...

oval:org.secpod.oval:def:1500202
An updated kernel-uek package that fixes one security issue and multiple bugs is now available for Oracle Enterprise Linux 5. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available from the CVE link inthe References section. The kernel-uek is main comp ...

oval:org.secpod.oval:def:1500203
An updated kernel-uek package that fixes one security issue and multiple bugs is now available for Oracle Enterprise Linux 6. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available from the CVE link inthe References section. The kernel-uek is main comp ...

oval:org.secpod.oval:def:1500208
An updated kernel-uek package that fixes one security issue and multiple bugs is now available for Oracle Enterprise Linux 5. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available from the CVE link in the References section. The kernel-uek is main com ...

oval:org.secpod.oval:def:1500211
An updated kernel-uek package that fixes one security issue and multiple bugs is now available for Oracle Enterprise Linux 5. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available from the CVE link in the References section. The kernel-uek is main com ...

oval:org.secpod.oval:def:1500210
An updated kernel-uek package that fixes one security issue and multiple bugs is now available for Oracle Enterprise Linux 6. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available from the CVE link in the References section. The kernel-uek is main com ...

oval:org.secpod.oval:def:1500212
An updated kernel-uek package that fixes one security issue and multiple bugs is now available for Oracle Enterprise Linux 6. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available from the CVE link inthe References section. The kernel-uek is main comp ...

oval:org.secpod.oval:def:1500230
An updated kernel-uek package that fixes one security issue and multiple bugs is now available for Oracle Enterprise Linux 5. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available from the CVE link inthe References section. The kernel-uek is main comp ...

oval:org.secpod.oval:def:1500240
An updated kernel-uek package that fixes one security issue and multiple bugs is now available for Oracle Enterprise Linux 5. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available from the CVE link inthe References section. The kernel-uek is main comp ...

oval:org.secpod.oval:def:1500251
An updated kernel-uek package that fixes one security issue and multiple bugs is now available for Oracle Enterprise Linux 5. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available from the CVE link in the References section. The kernel-uek is main com ...

oval:org.secpod.oval:def:1500258
An updated kernel-uek package that fixes one security issue and multiple bugs is now available for Oracle Enterprise Linux 6. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available from the CVE link in the References section. The kernel-uek is main com ...

oval:org.secpod.oval:def:1500143
An updated kernel-uek package that fixes one security issue and multiple bugs isnow available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderatesecurity impact. A Common Vulnerability Scoring System base score, which gives a detailed severity ...

oval:org.secpod.oval:def:1500144
An updated kernel-uek package that fixes one security issue and multiple bugs isnow available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderatesecurity impact. A Common Vulnerability Scoring System base score, which gives a detailed severity ...

oval:org.secpod.oval:def:1500318
An updated kernel-uek package that fixes one security issue and multiple bugs is now available for Oracle Enterprise Linux 5. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available from the CVE link in the References section. The kernel-uek is main com ...

oval:org.secpod.oval:def:1500325
An updated kernel-uek package that fixes one security issue and multiple bugs is now available for Oracle Enterprise Linux 5. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available from the CVE link in the References section. The kernel-uek is main com ...

oval:org.secpod.oval:def:1500309
An updated kernel-uek package that fixes one security issue and multiple bugs is now available for Oracle Enterprise Linux 6. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available from the CVE link in the References section. The kernel-uek is main com ...

oval:org.secpod.oval:def:1500314
An updated kernel-uek package that fixes one security issue and multiple bugs is now available for Oracle Enterprise Linux 5. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available from the CVE link in the References section. The kernel-uek is main com ...

oval:org.secpod.oval:def:1500182
Updated tomcat6 packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are available ...

oval:org.secpod.oval:def:1500018
Updated openssh packages that fix one security issue, multiple bugs, andadd various enhancements are now available for Red Hat Enterprise Linux 6.The Red Hat Security Response Team has rated this update as having moderatesecurity impact. A Common Vulnerability Scoring System base score,which gives ...

oval:org.secpod.oval:def:1500319
An updated mod_nss package that fixes one security issue is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is a ...

oval:org.secpod.oval:def:1500323
Updated coreutils packages that fix three security issues, several bugs, and add two enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System base scores, which give det ...

oval:org.secpod.oval:def:501480
The Network Time Protocol is used to synchronize a computer"s time with a referenced time source. Multiple buffer overflow flaws were discovered in ntpd"s crypto_recv, ctl_putdata, and configure functions. A remote attacker could use either of these flaws to send a specially crafted request packet ...

oval:org.secpod.oval:def:24757
The host is installed with ntp on RHEL 6 or 7 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly validate vallen in extension fields. Successful exploitation could allow attackers to disclose sensitive information or overflow the st ...

oval:org.secpod.oval:def:24758
The host is installed with ntp on RHEL 6 or 7 and is prone to an IP ACLs bypass vulnerability. A flaw is present in the application, which fails to properly handle spoofed packets with ::1 source address. Successful exploitation could allow attackers to bypass source IP ACLs on some OSes.

oval:org.secpod.oval:def:501974
The Simple Protocol for Independent Computing Environments is a remote display protocol for virtual environments. SPICE users can access a virtualized desktop or server from the local system or any system with network access to the server. SPICE is used in Red Hat Enterprise Linux for viewing virtu ...

oval:org.secpod.oval:def:501123
The Simple Protocol for Independent Computing Environments is a remote display protocol for virtual environments. SPICE users can access a virtualized desktop or server from the local system or any system with network access to the server. SPICE is used in Red Hat Enterprise Linux for viewing virtu ...

oval:org.secpod.oval:def:501106
The Simple Protocol for Independent Computing Environments is a remote display protocol for virtual environments. SPICE users can access a virtualized desktop or server from the local system or any system with network access to the server. SPICE is used in Red Hat Enterprise Linux for viewing virtu ...

oval:org.secpod.oval:def:501271
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. It was found that when Tomcat processed a series of HTTP requests in which at least one request contained either multiple content-length headers, or one content-length header with a chunked transfer-encodin ...

oval:org.secpod.oval:def:501332
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. It was discovered that Apache Tomcat did not limit the length of chunk sizes when using chunked transfer encoding. A remote attacker could use this flaw to perform a denial of service attack against Tomcat ...

oval:org.secpod.oval:def:501437
The wget package provides the GNU Wget file retrieval utility for HTTP, HTTPS, and FTP protocols. A flaw was found in the way Wget handled symbolic links. A malicious FTP server could allow Wget running in the mirror mode to write an arbitrary file to a location writable to by the user running Wget, ...

oval:org.secpod.oval:def:501984
Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix: * Quick emulator built with the Cirrus CLGD 54xx VGA Emulator support is vulnerabl ...

oval:org.secpod.oval:def:501989
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.8.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:501990
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.8.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ...

oval:org.secpod.oval:def:502006
The coreutils packages contain the GNU Core Utilities and represent a combination of the previously used GNU fileutils, sh-utils, and textutils packages. Security Fix: * A race condition was found in the way su handled the management of child processes. A local authenticated attacker could use this ...

oval:org.secpod.oval:def:25174
The host is installed with byzanz on Red Hat Enterprise Linux 6 and is prone to a heap-based buffer overflow vulnerability. A flaw is present in the application, which fails to properly handle specially-crafted Byzanz debug data recording file. Successful exploitation could allow attackers to execut ...

oval:org.secpod.oval:def:37409
The host is installed with RHEL 6 or 7 and is prone to an integer overflow vulnerability. A flaw is present in the application, which fails to properly handle a maliciously crafted image. Successful exploitation could allow attackers to lead to a heap-based buffer overflow.

oval:org.secpod.oval:def:37410
The host is installed with RHEL 6 or 7 and is prone to an out-of-bounds read vulnerability. A flaw is present in the application, which fails to properly handle a maliciously crafted SGI file. Successful exploitation could allow attackers to disclose sensitive information.

oval:org.secpod.oval:def:502010
The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix: * It was found that the fix for CVE-2015-3148 in curl was incomplete. An application using libcurl with HTTP Negotiate authentic ...

oval:org.secpod.oval:def:501165
OpenJPEG is an open source library for reading and writing image files in JPEG 2000 format. Multiple heap-based buffer overflow flaws were found in OpenJPEG. An attacker could create a specially crafted OpenJPEG image that, when opened, could cause an application using openjpeg to crash or, possibly ...

oval:org.secpod.oval:def:501401
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. PHP"s fileinfo module provides functions used to identify a particular file according to the type of data contained by the file. It was found that the fix for CVE-2012-1571 was incomplete; the File Information ext ...

oval:org.secpod.oval:def:21804
The host is installed with curl 7.17.1 through 7.38.0 and is prone to an information disclosure vulnerability. A flaw is present in the application, which does not properly copy HTTP POST data for an easy handle, which triggers an out-of-bounds read. Successful exploitation allows remote web servers ...

oval:org.secpod.oval:def:21806
The host is installed with curl before 7.38.0 and is prone to an unspecified vulnerability. A flaw is present in the application, which does not properly handle IP addresses in cookie domain names. Successful exploitation allows remote attackers to set cookies for or send arbitrary cookies to certai ...

oval:org.secpod.oval:def:23616
The host is installed with Linux kernel through 3.18.1 and is prone to a denial of service vulnerability. A flaw is present in the application, which does not restrict the number of Rock Ridge continuation entries. Successful exploitation allows local users to cause a denial of service (infinite loo ...

oval:org.secpod.oval:def:501153
The libjpeg-turbo package contains a library of functions for manipulating JPEG images. It also contains simple client programs for accessing the libjpeg functions. An uninitialized memory read issue was found in the way libjpeg-turbo decoded images with missing Start Of Scan JPEG markers or Define ...

oval:org.secpod.oval:def:502016
389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. Security Fix: * An invalid pointer dereference flaw was found in the way 389-ds-base handled LDAP bind reques ...

oval:org.secpod.oval:def:502019
LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and extend ...

oval:org.secpod.oval:def:502024
The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Security Fix: * A denial of service flaw was found in the way BIND handled a query respo ...

oval:org.secpod.oval:def:20994
The host is installed with libXi before 1.7.2 and is prone to a heap-based buffer overflow vulnerability. A flaw is present in the application, which fails to properly handle vectors related to an unexpected sign extension in the XListInputDevices function. Successful exploitation could allow attack ...

oval:org.secpod.oval:def:20995
The host is installed with libXi before 1.7.2 and is prone to multiple array index vulnerabilities. The flaws are present in the application, which fails to properly handle crafted length or index values. Successful exploitation could allow attackers to execute arbitrary code or crash the service.

oval:org.secpod.oval:def:20985
The host is installed with libXt before 1.1.4 and is prone to an array index error vulnerability. A flaw is present in the application, which fails to handle crafted length or index values to the _XtResourceConfigurationEH function. Successful exploitation could allow attackers to execute arbitrary ...

oval:org.secpod.oval:def:20978
The host is installed with libXcursor 1.1.13 and is prone to an integer overflow vulnerability. A flaw is present in the application, which fails to handle crafted vectors related to the _XcursorFileHeaderCreate function. Successful exploitation could allow attackers to trigger allocation of insuffi ...

oval:org.secpod.oval:def:20987
The host is installed with libXt before 1.1.4 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle unchecked function pointers. Successful exploitation could allow attackers to execute arbitrary code or crash the service.

oval:org.secpod.oval:def:501406
The X11 libraries provide library routines that are used within all X Window applications. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the way various X11 client libraries handled certain protocol data. An attacker able to submit invalid protocol data to a ...

oval:org.secpod.oval:def:502029
The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Security Fix: * A denial of service flaw was found in the way BIND handled DNSSEC valida ...

oval:org.secpod.oval:def:502048
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.2.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:502052
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.2.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ...

oval:org.secpod.oval:def:500874
The glibc packages provide the standard C and standard math libraries used by multiple programs on the system. Without these libraries, the Linux system cannot function properly. Multiple integer overflow flaws, leading to stack-based buffer overflows, were found in glibc"s functions for converting ...

oval:org.secpod.oval:def:501168
X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. An integer overflow, which led to a heap-based buffer overflow, was found in the way X.Org server handled trapezoids. A maliciou ...

oval:org.secpod.oval:def:21823
The host is installed with Graphviz 2.34.0 and is prone to a stack-based buffer overflow vulnerability. A flaw is present in the application, which fails to properly handle vectors related to a "badly formed number" and a "long digit list". Successful exploitation allows remote attackers to have uns ...

oval:org.secpod.oval:def:501436
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail function to crash or, possibly, execute arbitrary code with the p ...

oval:org.secpod.oval:def:24734
The host is installed with sox in RHEL 5, 6 or 7 and is prone to an arbitrary code execution vulnerability. A flaw is present in the application, which fails to properly process NIST Sphere and WAV audio files. Successful exploitation could allow attackers to execute arbitrary code with the privileg ...

oval:org.secpod.oval:def:24760
The host is installed with libtiff in RHEL 5, 6 or 7 and is prone to an out-of-bounds read vulnerability. A flaw is present in the application, which fails to properly handle crafted BMP image. Successful exploitation could allow attackers to execute arbitrary code or crash the service.

oval:org.secpod.oval:def:24746
The host is installed with busybox in RHEL 5 or 6 and is prone to an unprivileged arbitrary module load vulnerability. A flaw is present in the application, which fails to handle basename abuse. Successful exploitation could allow attackers to load arbitrary module.

oval:org.secpod.oval:def:500122
Evince is a document viewer. An array index error was found in the DeVice Independent renderer"s PK and VF font file parsers. A DVI file that references a specially-crafted font file could, when opened, cause Evince to crash or, potentially, execute arbitrary code with the privileges of the user ru ...

oval:org.secpod.oval:def:500851
The glibc packages provide the standard C and standard math libraries used by multiple programs on the system. Without these libraries, the Linux system cannot function properly. Multiple errors in glibc"s formatted printing functionality could allow an attacker to bypass FORTIFY_SOURCE protections ...

oval:org.secpod.oval:def:500852
The glibc packages provide the standard C and standard math libraries used by multiple programs on the system. Without these libraries, the Linux system cannot function properly. It was discovered that the formatted printing functionality in glibc did not properly restrict the use of alloca. This co ...

oval:org.secpod.oval:def:500882
KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space component for running virtual machines using KVM. A flaw was found in the way QEMU handled VT100 terminal escape sequences when emulating certain character devices. A guest user with privileges ...

oval:org.secpod.oval:def:501194
The libtiff packages contain a library of functions for manipulating Tagged Image File Format files. A heap-based buffer overflow and a use-after-free flaw were found in the tiff2pdf tool. An attacker could use these flaws to create a specially crafted TIFF file that would cause tiff2pdf to crash o ...

oval:org.secpod.oval:def:501428
The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. An out-of-bounds write flaw was found in the way ...

oval:org.secpod.oval:def:1500265
An updated xinetd package that fixes one security issue is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is av ...

oval:org.secpod.oval:def:1500274
An updated xinetd package that fixes one security issue is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is av ...

oval:org.secpod.oval:def:1300240
Updated xinetd package fixes security vulnerability: It was found that xinetd ignored the user and group configuration directives for services running under the tcpmux-server service. This flaw could cause the associated services to run as root. If there was a flaw in such a service, a remote attack ...

oval:org.secpod.oval:def:202954
The xinetd package provides a secure replacement for inetd, the Internet services daemon. xinetd provides access control for all services based on the address of the remote host and/or on time of access, and can prevent denial-of-access attacks. It was found that xinetd ignored the user and group co ...

oval:org.secpod.oval:def:106013
Xinetd is a secure replacement for inetd, the Internet services daemon. Xinetd provides access control for all services based on the address of the remote host and/or on time of access and can prevent denial-of-access attacks. Xinetd provides extensive logging, has no limit on the number of server a ...

oval:org.secpod.oval:def:1600279
It was found that xinetd ignored the user and group configuration directives for services running under the tcpmux-server service. This flaw could cause the associated services to run as root. If there was a flaw in such a service, a remote attacker could use it to execute arbitrary code with the pr ...

oval:org.secpod.oval:def:501113
The xinetd package provides a secure replacement for inetd, the Internet services daemon. xinetd provides access control for all services based on the address of the remote host and/or on time of access, and can prevent denial-of-access attacks. It was found that xinetd ignored the user and group co ...

oval:org.secpod.oval:def:501357
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. PHP"s fileinfo module provides functions used to identify a particular file according to the type of data contained by the file. Multiple denial of service flaws were found in the way the File Information extensio ...

oval:org.secpod.oval:def:501430
The "file" command is used to identify a particular file according to the type of data contained in the file. The command can identify various file types, including ELF binaries, system libraries, RPM packages, and different graphics formats. Multiple denial of service flaws were found in ...

oval:org.secpod.oval:def:21799
The host is installed with Apache Subversion 1.0.0 through 1.7.x before 1.7.17 or 1.8.x before 1.8.10 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle a crafted authentication realm. Successful exploitation makes it easier ...

oval:org.secpod.oval:def:501499
Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion reposi ...

oval:org.secpod.oval:def:501612
Hivex is a library that can read and write Hive files, undocumented binary files that Windows uses to store the Windows Registry on disk. It was found that hivex attempted to read, and possibly write, beyond its allocated buffer when reading a hive file with a very small size or with a truncated or ...

oval:org.secpod.oval:def:501820
The file command is used to identify a particular file according to the type of data the file contains. It can identify many different file types, including Executable and Linkable Format binary files, system libraries, RPM packages, and different graphics formats. Security Fix: * Multiple flaws we ...

oval:org.secpod.oval:def:501538
The unzip utility is used to list, test, or extract files from a zip archive. A buffer overflow was found in the way unzip uncompressed certain extra fields of a file. A specially crafted Zip archive could cause unzip to crash or, possibly, execute arbitrary code when the archive was tested with unz ...

oval:org.secpod.oval:def:24752
The host is installed with libtiff in RHEL 5, 6 or 7 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle crafted data. Successful exploitation could allow attackers to crash the service.

oval:org.secpod.oval:def:501539
FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. Multiple integer overflow flaws and an integer signedness flaw, leading to heap-based buffer overflows, were found in the way FreeType handled ...

oval:org.secpod.oval:def:502065
The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Security Fix: * A flaw was found in the way BIND handled TSIG authentication for dynamic ...

oval:org.secpod.oval:def:501605
The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security . It was found that GnuTLS did not check activation and expiration dates of CA certificates. This could cause an application using GnuTLS to incorrectly accept a certificate as valid w ...

oval:org.secpod.oval:def:24039
The host is installed with gnutls before 3.1.0 and is prone to a security bypass vulnerability. A flaw is present in the application, which does not verify that the RSA PKCS #1 signature algorithm matches the signature algorithm in the certificate. Successful exploitation could allow remote attacker ...

oval:org.secpod.oval:def:501542
The kernel packages contain the Linux kernel, the core of any Linux operating system. * It was found that the Linux kernel"s Infiniband subsystem did not properly sanitize input parameters while registering memory regions from user space via the verbs API. A local user with access to a /dev/infiniba ...

oval:org.secpod.oval:def:24040
The host is installed with linux kernel before 3.19.1 and is prone to a security bypass vulnerability. A flaw is present in the application, which uses incorrect data types for the results of bitwise left-shift operations. Successful exploitation allows attackers to bypass the ASLR protection mecha ...

oval:org.secpod.oval:def:25163
The host is installed with kernel on Red Hat Enterprise Linux 6 or 7 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to properly handle rename operations. Successful exploitation could allow attackers to escalate privileges on the affected syst ...

oval:org.secpod.oval:def:26768
The host is installed with kernel on RHEL 5, 6, or 7 and is prone to a buffer overflow vulnerability. A flaw is present in the application, which fails to properly handle kernel's virtio-net handled fragmented packets. Successful exploitation could allow attackers to send crafted packets to a target ...

oval:org.secpod.oval:def:501667
KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. A heap buffer overflow flaw was found in the way QEMU"s NE2000 NIC emulation implementation handled certain packets received ...

oval:org.secpod.oval:def:501634
The net-snmp packages provide various libraries and tools for the Simple Network Management Protocol , including an SNMP library, an extensible agent, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command which us ...

oval:org.secpod.oval:def:31664
The host is installed with ntp on Red Hat Enterprise Linux 6 or 7 and is prone to an information leak vulnerability. A flaw is present in the application, which fails to properly handle crafted data. Successful exploitation after several attempts could allow attackers to disclose sensitive informati ...

oval:org.secpod.oval:def:31665
The host is installed with ntp on Red Hat Enterprise Linux 6 or 7 and is prone to an information leak vulnerability. A flaw is present in the application, which fails to properly handle crafted data. Successful exploitation after several attempts could allow attackers to disclose sensitive informati ...

oval:org.secpod.oval:def:501824
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * It was found that reporting emulation failures to user space could lead to either a local or a L2->L1 denial of service. In the case of a local denial of service, an attacker must have access t ...

oval:org.secpod.oval:def:38098
The dracut packages include an event-driven initramfs generator infrastructure based on the udev device manager. The virtual file system, initramfs, is loaded together with the kernel at boot time and initializes the system, so it can read and boot from the root partition. It was discovered that dra ...

oval:org.secpod.oval:def:35564
The host is installed with RHEL 6 or 7 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which incorrectly relies on write system call. Successful exploitation could allow attackers to crash the service.

oval:org.secpod.oval:def:501847
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * A flaw was found in the way certain interfaces of the Linux kernel"s Infiniband subsystem used write as bi-directional ioctl replacement, which could lead to insufficient memory security checks when ...

oval:org.secpod.oval:def:35563
The host is installed with RHEL 6 or 7 and is prone to a command injection vulnerability. A flaw is present in the application, which fails to properly sanitize certain input before passing it to the gnuplot delegate functionality. Successful exploitation could allow attackers to execute arbitrary c ...

oval:org.secpod.oval:def:501973
The libtiff packages contain a library of functions for manipulating Tagged Image File Format files. Security Fix: * Multiple flaws have been discovered in libtiff. A remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code by tricking an ...

oval:org.secpod.oval:def:501981
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * When creating audit records for parameters to executed children processes, an attacker can convince the Linux kernel audit subsystem can create corrupt records which may allow an attacker to misrepr ...

oval:org.secpod.oval:def:501955
The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix: * It was found that the ghostscript functions getenv, filenameforall and .libfile did not h ...

oval:org.secpod.oval:def:502022
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.1.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:502067
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lacked certain checks for the end of a buffer. A remote attacker could trigger a pointer-arithmetic error or possibly c ...

oval:org.secpod.oval:def:501349
The kernel packages contain the Linux kernel, the core of any Linux operating system. * A use-after-free flaw was found in the way the ping_init_sock function of the Linux kernel handled the group_info reference counter. A local, unprivileged user could use this flaw to crash the system or, potentia ...

oval:org.secpod.oval:def:501494
The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel"s SCTP implementation validated INIT chunks when performing Address Configuration Change . A remote attacker could use this flaw to crash the system by sending a speci ...

oval:org.secpod.oval:def:502017
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * A race condition flaw was found in the N_HLDC Linux kernel driver when accessing n_hdlc.tbuf list that can lead to double free. A local, unprivileged user able to set the HDLC line discipline on the ...

oval:org.secpod.oval:def:502050
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap and stack memory regions were adjacent to each other, an attacker could use this flaw to jump ov ...

oval:org.secpod.oval:def:21815
The host is installed with Linux kernel through 3.17.2 and is prone to a denial of service vulnerability. A flaw is present in the application, which miscalculates the number of pages during the handling of a mapping failure. Successful exploitation allows guest OS users to cause a denial of service ...

oval:org.secpod.oval:def:21821
The host is installed with Linux kernel through 3.13.6 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to properly handle unspecified vectors. Successful exploitation allows attackers to obtain sensitive information from kernel memory.

oval:org.secpod.oval:def:25181
The host is installed with xz on Red Hat Enterprise Linux 5, 6 or 7 and is prone to an arbitrary code execution vulnerability. A flaw is present in the application, which fails to properly process filenames containing a semicolon. Successful exploitation could allow attackers to execute arbitrary co ...

oval:org.secpod.oval:def:501940
memcached is a high-performance, distributed memory object caching system, generic in nature, but intended for use in speeding up dynamic web applications by alleviating database load. Security Fix: * Two integer overflow flaws, leading to heap-based buffer overflows, were found in the memcached bin ...

oval:org.secpod.oval:def:501660
OpenLDAP is an open source suite of Lightweight Directory Access Protocol applications and development tools. LDAP is a set of protocols used to access and maintain distributed directory information services over an IP network. The openldap package contains configuration files, libraries, and docum ...

oval:org.secpod.oval:def:500879
These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. It was discovered that the Beans component in OpenJDK did not perform permission checks properly. An untrusted Java application or applet could use this flaw to use classes from restricted packa ...

oval:org.secpod.oval:def:500880
These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. Multiple improper permission check issues were discovered in the Beans component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. A ...

oval:org.secpod.oval:def:701638
mysql-5.5: MySQL database Several security issues were fixed in MySQL.

oval:org.secpod.oval:def:106880
MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files.

oval:org.secpod.oval:def:1300280
A vulnerabilitt has been discovered and corrected in mysql: Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service and possibly execute arbitrary code via a long server version string . The updated packages have been ...

oval:org.secpod.oval:def:106934
MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files.

oval:org.secpod.oval:def:16675
The host is installed with MariaDB before 5.5.35 and is prone to a buffer overflow vulnerability. A flaw is present in the application, which fails to handle a long server version string. Successful exploitation could allow attackers to crash the service or execute arbitrary code.

oval:org.secpod.oval:def:601286
Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.37

oval:org.secpod.oval:def:502045
The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix: * A flaw was found in the way sudo parsed tty info ...

oval:org.secpod.oval:def:501950
Vim is an updated and improved version of the vi editor. Security Fix: * A vulnerability was found in vim in how certain modeline options were treated. An attacker could craft a file that, when opened in vim with modelines enabled, could execute arbitrary commands with privileges of the user runnin ...

oval:org.secpod.oval:def:1600053
It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server

oval:org.secpod.oval:def:1500637
It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server.

oval:org.secpod.oval:def:1500639
It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server.

oval:org.secpod.oval:def:702082
openssl: Secure Socket Layer cryptographic library and tools Details: USN-2232-1 fixed vulnerabilities in OpenSSL. The upstream fix for CVE-2014-0224 caused a regression for certain applications that use renegotiation, such as PostgreSQL. This update fixes the problem. Original advisory USN-2232-1 ...

oval:org.secpod.oval:def:702062
openssl: Secure Socket Layer cryptographic library and tools Details: USN-2232-1 fixed vulnerabilities in OpenSSL. The upstream fix for CVE-2014-0224 caused a regression for certain applications that use tls_session_secret_cb, such as wpa_supplicant. This update fixes the problem. Original advisory ...

oval:org.secpod.oval:def:702068
openssl: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL.

oval:org.secpod.oval:def:1500560
Updated openssl097a and openssl098e packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6 respectively. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System base score, which gives a ...

oval:org.secpod.oval:def:1500586
Updated openssl097a and openssl098e packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6 respectively. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System base score, which gives a ...

oval:org.secpod.oval:def:1500594
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions ...

oval:org.secpod.oval:def:1500551
Updated openssl packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available ...

oval:org.secpod.oval:def:1500558
Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are avail ...

oval:org.secpod.oval:def:1300308
Multiple vulnerabilities has been discovered and corrected in openssl: The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service via a DTLS hello message in an invalid DTLS handsh ...

oval:org.secpod.oval:def:501303
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to us ...

oval:org.secpod.oval:def:501305
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to us ...

oval:org.secpod.oval:def:501304
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying materi ...

oval:org.secpod.oval:def:501306
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to us ...

oval:org.secpod.oval:def:702149
openssl: Secure Socket Layer cryptographic library and tools Details: USN-2232-1 fixed vulnerabilities in OpenSSL. One of the patch backports for Ubuntu 10.04 LTS caused a regression for certain applications. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-2 ...

oval:org.secpod.oval:def:501321
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to us ...

oval:org.secpod.oval:def:501320
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying materi ...

oval:org.secpod.oval:def:19653
The host is installed with OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m or 1.0.1 before 1.0.1h or Oracle Virtualization VirtualBox prior to 3.2.24, 4.0.x before 4.0.26, 4.1.x before 4.1.34, 4.2.x before 4.2.26 or 4.3.x before 4.3.14 and is prone to information disclosure vulnerability. A flaw is pres ...

oval:org.secpod.oval:def:107025
The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols.

oval:org.secpod.oval:def:107028
The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols.

oval:org.secpod.oval:def:26417
openssl: Secure Socket Layer cryptographic library and tools Details: USN-2232-1 fixed vulnerabilities in OpenSSL. The upstream fix for CVE-2014-0224 caused a regression for certain applications that use renegotiation, such as PostgreSQL. This update fixes the problem. Original advisory USN-2232-1 ...

oval:org.secpod.oval:def:26413
openssl: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL.

oval:org.secpod.oval:def:203332
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying materi ...

oval:org.secpod.oval:def:203331
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying materi ...

oval:org.secpod.oval:def:203336
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying materi ...

oval:org.secpod.oval:def:203335
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying materi ...

oval:org.secpod.oval:def:21279
The host is missing a patch containing a security fixes, which affects the following package(s): openssl.base

oval:org.secpod.oval:def:1600137
It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server

oval:org.secpod.oval:def:20982
The host is installed with Python 2.5 before 2.7.7 and is prone to a buffer overflow vulnerability. A flaw is present in the application, which fails to handle a crafted string. Successful exploitation could allow attackers to execute arbitrary code via a crafted string.

oval:org.secpod.oval:def:501427
OpenSSL is a toolkit that implements the Secure Sockets Layer , Transport Layer Security , and Datagram Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. This update adds support for the TLS Fallback Signaling Cipher Suite Value , which can be use ...

oval:org.secpod.oval:def:501462
Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. This update adds support for the TLS Fallback Sig ...

oval:org.secpod.oval:def:500163
The libtiff packages contain a library of functions for manipulating Tagged Image File Format files. A heap-based buffer overflow flaw was found in the way libtiff processed certain TIFF image files that were compressed with the JPEG compression algorithm. An attacker could use this flaw to create ...

oval:org.secpod.oval:def:500236
The kdenetwork packages contain networking applications for the K Desktop Environment . A directory traversal flaw was found in the way KGet, a download manager, handled the "file" element in Metalink files. An attacker could use this flaw to create a specially-crafted Metalink file that, ...

oval:org.secpod.oval:def:500094
Quagga is a TCP/IP based routing software suite. The Quagga bgpd daemon implements the BGP routing protocol. A denial of service flaw was found in the way the Quagga bgpd daemon processed certain route metrics information. A BGP message with a specially-crafted path limit attribute would cause the ...

oval:org.secpod.oval:def:500391
The Common UNIX Printing System provides a portable printing layer for UNIX operating systems. An invalid free flaw was found in the way the CUPS server parsed Internet Printing Protocol packets. A malicious user able to send IPP requests to the CUPS server could use this flaw to crash the CUPS se ...

oval:org.secpod.oval:def:500437
Samba is a suite of programs used by machines to share files, printers, and other information. A missing array boundary checking flaw was found in the way Samba parsed the binary representation of Windows security identifiers . A malicious client could send a specially-crafted SMB request to the Sam ...

oval:org.secpod.oval:def:500365
The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. DHCPv6 is the DHCP protocol version for IPv6 networks. A NULL pointer dereferenc ...

oval:org.secpod.oval:def:500146
MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. The MySQL PolyFromWKB function did not sanity check Well-Known Binary data, which could allow a remote, authenticated attacker to crash mysqld. A flaw in the w ...

oval:org.secpod.oval:def:500387
Concurrent Version System is a version control system that can record the history of your files. An array index error, leading to a heap-based buffer overflow, was found in the way CVS applied certain delta fragment changes from input files in the RCS format. If an attacker in control of a CVS rep ...

oval:org.secpod.oval:def:500231
FUSE can implement a fully functional file system in a user-space program. These packages provide the mount utility, fusermount, the tool used to mount FUSE file systems. Multiple flaws were found in the way fusermount handled the mounting and unmounting of directories when symbolic links were pres ...

oval:org.secpod.oval:def:500239
PostgreSQL is an advanced object-relational database management system . A stack-based buffer overflow flaw was found in the way PostgreSQL processed certain tokens from an SQL query when the intarray module was enabled on a particular database. An authenticated database user running a specially-cra ...

oval:org.secpod.oval:def:500466
SystemTap is an instrumentation system for systems running the Linux kernel, version 2.6. Developers can write scripts to collect data on the operation of the system. staprun, the SystemTap runtime tool, is used for managing SystemTap kernel modules . It was discovered that staprun did not properly ...

oval:org.secpod.oval:def:500085
The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A divide-by-zero flaw was found in the tcp_select_initial_window function in the Linux kernel"s TCP/IP protocol suite implementation. A local, unprivileged user co ...

oval:org.secpod.oval:def:500112
* Buffer overflow in eCryptfs. When /dev/ecryptfs has world writable permissions , a local, unprivileged user could use this flaw to cause a denial of service or possibly escalate their privileges. * Integer overflow in the RDS protocol implementation could allow a local, unprivileged user to cause ...

oval:org.secpod.oval:def:500209
Hewlett-Packard Linux Imaging and Printing provides drivers for Hewlett-Packard printers and multifunction peripherals, and tools for installing, using, and configuring them. A flaw was found in the way certain HPLIP tools discovered devices using the SNMP protocol. If a user ran certain HPLIP tool ...

oval:org.secpod.oval:def:500080
The System Security Services Daemon provides a set of daemons to manage access to remote directories and authentication mechanisms. It provides an NSS and PAM interface toward the system and a pluggable back-end system to connect to multiple different account sources. It is also the basis to provid ...

oval:org.secpod.oval:def:500993
Chip/Smart Card Interface Devices is a USB smart card reader standard followed by most modern smart card readers. The ccid package provides a Generic, USB-based CCID driver for readers, which follow this standard. An integer overflow, leading to an array index error, was found in the way the CCID d ...

oval:org.secpod.oval:def:500177
The GIMP is an image composition and editing program. A heap-based buffer overflow flaw was found in the GIMP"s Paint Shop Pro image file plug-in. An attacker could create a specially-crafted PSP image file that, when opened, could cause the PSP plug-in to crash or, potentially, execute arbitrary ...

oval:org.secpod.oval:def:500023
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way PHP converted certain floating point values from string representation to a number. If a PHP script evaluated an attacker"s input in a numeric context, the PHP interpreter could cause hi ...

oval:org.secpod.oval:def:500118
The Eclipse software development environment provides a set of tools for C/C++ and Java development. A cross-site scripting flaw was found in the Eclipse Help Contents web application. An attacker could use this flaw to perform a cross-site scripting attack against victims by tricking them into vis ...

oval:org.secpod.oval:def:500131
OpenOffice.org is an office productivity suite that includes desktop applications, such as a word processor, spreadsheet application, presentation manager, formula editor, and a drawing program. An array index error and an integer signedness error were found in the way OpenOffice.org parsed certain ...

oval:org.secpod.oval:def:500311
Pluggable Authentication Modules provide a system whereby administrators can set up authentication policies without having to recompile programs that handle authentication. It was discovered that the pam_namespace module executed the external script namespace.init with an unchanged environment inhe ...

oval:org.secpod.oval:def:500132
The scsi-target-utils package contains the daemon and tools to set up and monitor SCSI targets. Currently, iSCSI software and iSER targets are supported. A double-free flaw was found in scsi-target-utils" tgtd daemon. A remote attacker could trigger this flaw by sending carefully-crafted network tra ...

oval:org.secpod.oval:def:500183
The libuser library implements a standardized interface for manipulating and administering user and group accounts. Sample applications that are modeled after applications from the shadow password suite are included in these packages. It was discovered that libuser did not set the password entry co ...

oval:org.secpod.oval:def:500187
Pango is a library used for the layout and rendering of internationalized text. An input sanitization flaw, leading to a heap-based buffer overflow, was found in the way Pango displayed font files when using the FreeType font engine back end. If a user loaded a malformed font file with an applicatio ...

oval:org.secpod.oval:def:500135
The sudo utility allows system administrators to give certain users the ability to run commands as root. A flaw was found in the sudo password checking logic. In configurations where the sudoers settings allowed a user to run a command using sudo with only the group ID changed, sudo failed to promp ...

oval:org.secpod.oval:def:500259
KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space component for running virtual machines using KVM. Virtual Network Computing is a remote display system. A flaw was found in the way the VNC "password" option was handled. Clearing a ...

oval:org.secpod.oval:def:500218
Pango is a library used for the layout and rendering of internationalized text. It was discovered that Pango did not check for memory reallocation failures in the hb_buffer_ensure function. An attacker able to trigger a reallocation failure by passing sufficiently large input to an application using ...

oval:org.secpod.oval:def:500093
Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center . A NULL pointer dereference flaw was found in the way the MIT Kerberos KDC processed principal names that were ...

oval:org.secpod.oval:def:500199
Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center . The Public Key Cryptography for Initial Authentication in Kerberos capability provides support for using pub ...

oval:org.secpod.oval:def:500275
Postfix is a Mail Transport Agent , supporting LDAP, SMTP AUTH , and TLS. It was discovered that Postfix did not flush the received SMTP commands buffer after switching to TLS encryption for an SMTP session. A man-in-the-middle attacker could use this flaw to inject SMTP commands into a victim"s ses ...

oval:org.secpod.oval:def:500278
The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. DHCPv6 is the DHCP protocol version for IPv6 networks. A flaw was found in the w ...

oval:org.secpod.oval:def:500084
The xorg-x11-server-utils package contains a collection of utilities used to modify and query the runtime configuration of the X.Org server. X.Org is an open source implementation of the X Window System. A flaw was found in the X.Org X server resource database utility, xrdb. Certain variables were n ...

oval:org.secpod.oval:def:500000
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security fixes: * An integer overflow flaw in ib_uverbs_poll_cq could allow a local, unprivileged user to cause a denial of service or escalate their privileges. * An integer signedness flaw in drm_modeset_ctl cou ...

oval:org.secpod.oval:def:500212
The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A flaw was found in the sctp_icmp_proto_unreachable function in the Linux kernel"s Stream Control Transmission Protocol implementation. A remote attacker could us ...

oval:org.secpod.oval:def:500265
Mailman is a program used to help manage email discussion lists. Multiple input sanitization flaws were found in the way Mailman displayed usernames of subscribed users on certain pages. If a user who is subscribed to a mailing list were able to trick a victim into visiting one of those pages, they ...

oval:org.secpod.oval:def:500222
Samba is a suite of programs used by machines to share files, printers, and other information. A flaw was found in the way Samba handled file descriptors. If an attacker were able to open a large number of file descriptors on the Samba server, they could flip certain stack bits to "1" valu ...

oval:org.secpod.oval:def:500088
The GNOME Display Manager provides the graphical login screen, shown shortly after boot up, log out, and when user-switching. A race condition flaw was found in the way GDM handled the cache directories used to store users" dmrc and face icon files. A local attacker could use this flaw to trick GDM ...

oval:org.secpod.oval:def:500711
TeX Live is an implementation of TeX. TeX takes a text file and a set of formatting commands as input, and creates a typesetter-independent DeVice Independent file as output. The texlive packages provide a number of utilities, including dvips. TeX Live embeds a copy of t1lib. The t1lib library allo ...

oval:org.secpod.oval:def:500736
The t1lib library allows you to rasterize bitmaps from PostScript Type 1 fonts. Two heap-based buffer overflow flaws were found in the way t1lib processed Adobe Font Metrics files. If a specially-crafted font file was opened by an application linked against t1lib, it could cause the application to ...

oval:org.secpod.oval:def:500066
vsftpd is a secure FTP server for Linux, UNIX, and similar operating systems. A flaw was discovered in the way vsftpd processed file name patterns. An FTP user could use this flaw to cause the vsftpd process to use an excessive amount of CPU time, when processing a request with a specially-crafted ...

oval:org.secpod.oval:def:500028
Avahi is an implementation of the DNS Service Discovery and Multicast DNS specifications for Zero Configuration Networking. It facilitates service discovery on a local network. Avahi and Avahi-aware applications allow you to plug your computer into a network and, with no configuration, view other pe ...

oval:org.secpod.oval:def:500195
The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * Multiple buffer overflow flaws were found in the Linux kernel"s Management Module Support for Message Passing Technology based controllers. A local, unprivileged ...

oval:org.secpod.oval:def:500230
The policycoreutils packages contain the core utilities that are required for the basic operation of a Security-Enhanced Linux system and its policies. It was discovered that the seunshare utility did not enforce proper file permissions on the directory used as an alternate temporary directory moun ...

oval:org.secpod.oval:def:500063
The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * The proc file system could allow a local, unprivileged user to obtain sensitive information or possibly cause integrity issues. * Non-member VLAN packet handling ...

oval:org.secpod.oval:def:500048
The php-pear package contains the PHP Extension and Application Repository , a framework and distribution system for reusable PHP components. It was found that the "pear" command created temporary files in an insecure way when installing packages. A malicious, local user could use this fla ...

oval:org.secpod.oval:def:500223
OpenLDAP is an open source suite of LDAP applications and development tools. A flaw was found in the way OpenLDAP handled authentication failures being passed from an OpenLDAP slave to the master. If OpenLDAP was configured with a chain overlay and it forwarded authentication failures, OpenLDAP wou ...

oval:org.secpod.oval:def:500217
The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remotely managing virtualized systems. It was found that several libvirt API calls did not honor the read-only permission for ...

oval:org.secpod.oval:def:500127
The libtiff packages contain a library of functions for manipulating Tagged Image File Format files. A heap-based buffer overflow flaw was found in the way libtiff processed certain TIFF files encoded with a 4-bit run-length encoding scheme from ThunderScan. An attacker could use this flaw to creat ...

oval:org.secpod.oval:def:500273
The kdelibs packages provide libraries for the K Desktop Environment . A cross-site scripting flaw was found in the way KHTML, the HTML layout engine used by KDE applications such as the Konqueror web browser, displayed certain error pages. A remote attacker could use this flaw to perform a cross-s ...

oval:org.secpod.oval:def:500282
The Simple Protocol for Independent Computing Environments is a remote display protocol used in Red Hat Enterprise Linux for viewing virtualized guests running on the Kernel-based Virtual Machine hypervisor, or on Red Hat Enterprise Virtualization Hypervisor. The spice-xpi package provides a plug- ...

oval:org.secpod.oval:def:500169
Mutt is a text-mode mail user agent. A flaw was found in the way Mutt verified SSL certificates. When a server presented an SSL certificate chain, Mutt could ignore a server hostname check failure. A remote attacker able to get a certificate from a trusted Certificate Authority could use this flaw t ...

oval:org.secpod.oval:def:500203
Perl is a high-level programming language commonly used for system administration utilities and web programming. The Perl CGI module provides resources for preparing and processing Common Gateway Interface based HTTP requests and responses. It was found that the Perl CGI module used a hard-coded va ...

oval:org.secpod.oval:def:500227
The krb5-appl packages provide Kerberos-aware telnet, ftp, rcp, rsh, and rlogin clients and servers. While these have been replaced by tools such as OpenSSH in most environments, they remain in use in others. It was found that gssftp, a Kerberos-aware FTP server, did not properly drop privileges. A ...

oval:org.secpod.oval:def:500079
Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center . A NULL pointer dereference flaw was found in the way the MIT Kerberos KDC processed certain TGS requests. A ...

oval:org.secpod.oval:def:500206
The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * IPv6 fragment identification value generation could allow a remote attacker to disrupt a target system"s networking, preventing legitimate users from accessing its ...

oval:org.secpod.oval:def:500136
The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * An integer overflow flaw in ib_uverbs_poll_cq could allow a local, unprivileged user to cause a denial of service or escalate their privileges. * A race condition ...

oval:org.secpod.oval:def:500232
The util-linux-ng packages contain a large variety of low-level system utilities that are necessary for a Linux operating system to function. Multiple flaws were found in the way the mount and umount commands performed mtab file updates. A local, unprivileged user allowed to mount or unmount file s ...

oval:org.secpod.oval:def:500072
Postfix is a Mail Transport Agent , supporting LDAP, SMTP AUTH , and TLS. A heap-based buffer over-read flaw was found in the way Postfix performed SASL handlers management for SMTP sessions, when Cyrus SASL authentication was enabled. A remote attacker could use this flaw to cause the Postfix smtpd ...

oval:org.secpod.oval:def:500165
KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space component for running virtual machines using KVM. It was found that the virtio-blk driver in qemu-kvm did not properly validate read and write requests from guests. A privileged guest user coul ...

oval:org.secpod.oval:def:500170
The cyrus-imapd packages contain a high-performance mail server with IMAP, POP3, NNTP, and Sieve support. It was discovered that cyrus-imapd did not flush the received commands buffer after switching to TLS encryption for IMAP, LMTP, NNTP, and POP3 sessions. A man-in-the-middle attacker could use th ...

oval:org.secpod.oval:def:500237
Dovecot is an IMAP server for Linux, UNIX, and similar operating systems, primarily written with security in mind. A denial of service flaw was found in the way Dovecot handled NULL characters in certain header names. A mail message with specially-crafted headers could cause the Dovecot child proces ...

oval:org.secpod.oval:def:502033
The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix: * It was found that ghostscript did not properly validate the parameters passed to the .rsd ...

oval:org.secpod.oval:def:25186
The host is installed with hplip on Red Hat Enterprise Linux 6 or 7 and is prone to a man-in-the-middle attack vulnerability. A flaw is present in the application, which fails to handle a key specified by the key's short ID. Successful exploitation could allow attackers to trick users to download ma ...

oval:org.secpod.oval:def:501000
Dovecot is an IMAP server, written with security primarily in mind, for Linux and other UNIX-like systems. It also contains a small POP3 server. It supports mail in either of maildir or mbox formats. The SQL drivers and authentication plug-ins are provided as sub-packages. Two flaws were found in th ...

oval:org.secpod.oval:def:500010
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A signedness issue was found in the way the PHP crypt function handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII character had no effect on ...

oval:org.secpod.oval:def:500204
D-Bus is a system for sending messages between applications. It is used for the system-wide message bus service and as a per-user-login-session messaging facility. A denial of service flaw was found in the way the D-Bus library handled endianness conversion when receiving messages. A local user coul ...

oval:org.secpod.oval:def:500036
PostgreSQL is an advanced object-relational database management system . A signedness issue was found in the way the crypt function in the PostgreSQL pgcrypto module handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII character ...

oval:org.secpod.oval:def:500976
The Core X11 clients packages provide the xorg-x11-utils, xorg-x11-server-utils, and xorg-x11-apps clients that ship with the X Window System. It was found that the x11perfcomp utility included the current working directory in its PATH environment variable. Running x11perfcomp in an attacker-control ...

oval:org.secpod.oval:def:500151
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security fixes: * The maximum file offset handling for ext4 file systems could allow a local, unprivileged user to cause a denial of service. * IPv6 fragment identification value generation could allow a remote at ...

oval:org.secpod.oval:def:500184
The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * Flaws in the AGPGART driver implementation when handling certain IOCTL commands could allow a local user to cause a denial of service or escalate their privileges. ...

oval:org.secpod.oval:def:500190
KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space component for running virtual machines using KVM. It was found that qemu-kvm did not properly drop supplemental group privileges when the root user started guests from the command line with th ...

oval:org.secpod.oval:def:500197
system-config-firewall is a graphical user interface for basic firewall setup. It was found that system-config-firewall used the Python pickle module in an insecure way when sending data to the privileged back-end mechanism. A local user authorized to configure firewall rules using system-config-fi ...

oval:org.secpod.oval:def:500274
The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remotely managing virtualized systems. An integer overflow flaw was found in libvirtd"s RPC call handling. An attacker able t ...

oval:org.secpod.oval:def:500161
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. It was found that Ruby did not reinitialize the PRNG after forking a child process. This could eventually lead to the PRNG returning the same result twic ...

oval:org.secpod.oval:def:500008
Samba is a suite of programs used by machines to share files, printers, and other information. The cifs-utils package contains utilities for mounting and managing CIFS shares. A cross-site scripting flaw was found in the password change page of the Samba Web Administration Tool . If a remote attac ...

oval:org.secpod.oval:def:500150
Security issues: * Using PCI passthrough without interrupt remapping support allowed KVM guests to generate MSI interrupts and thus potentially inject traps. A privileged guest user could use this flaw to crash the host or possibly escalate their privileges on the host. The fix for this issue can pr ...

oval:org.secpod.oval:def:500090
The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. Two denial of service flaws were found in the way the dhcpd daemon handled certa ...

oval:org.secpod.oval:def:500065
The libXfont packages provide the X.Org libXfont runtime library. X.Org is an open source implementation of the X Window System. A buffer overflow flaw was found in the way the libXfont library, used by the X.Org server, handled malformed font files compressed using UNIX compress. A malicious, local ...

oval:org.secpod.oval:def:500097
Foomatic is a comprehensive, spooler-independent database of printers, printer drivers, and driver descriptions. The package also includes spooler-independent command line interfaces to manipulate queues and to print files and manipulate print jobs. foomatic-rip is a print filter written in C. An in ...

oval:org.secpod.oval:def:500791
The libpng packages contain a library of functions for creating and manipulating PNG image format files. A heap-based buffer overflow flaw was found in the way libpng processed tEXt chunks in PNG image files. An attacker could create a specially-crafted PNG image file that, when opened, could cause ...

oval:org.secpod.oval:def:500981
Evolution is the GNOME mailer, calendar, contact manager and communication tool. The components which make up Evolution are tightly integrated with one another and act as a seamless personal information-management tool. The way Evolution handled mailto URLs allowed any file to be attached to the new ...

oval:org.secpod.oval:def:500229
Qt is a software toolkit that simplifies the task of writing and maintaining GUI applications for the X Window System. HarfBuzz is an OpenType text shaping engine. A buffer overflow flaw was found in the harfbuzz module in Qt. If a user loaded a specially-crafted font file with an application linke ...

oval:org.secpod.oval:def:500186
The cyrus-imapd packages contain a high-performance mail server with IMAP, POP3, NNTP, and Sieve support. A buffer overflow flaw was found in the cyrus-imapd NNTP server, nntpd. A remote user able to use the nntpd service could use this flaw to crash the nntpd child process or, possibly, execute arb ...

oval:org.secpod.oval:def:500050
FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. The freetype packages for Red Hat Enterprise Linux 4 provide both the FreeType 1 and FreeType 2 font engines. The freetype packages for Red Hat ...

oval:org.secpod.oval:def:500745
The Apache HTTP Server is a popular web server. It was discovered that the fix for CVE-2011-3368 did not completely address the problem. An attacker could bypass the fix and make a reverse proxy connect to an arbitrary server not directly accessible to the attacker by sending an HTTP version 0.9 re ...

oval:org.secpod.oval:def:500056
The cyrus-imapd packages contain a high-performance mail server with IMAP, POP3, NNTP, and Sieve support. An authentication bypass flaw was found in the cyrus-imapd NNTP server, nntpd. A remote user able to use the nntpd service could use this flaw to read or post newsgroup messages on an NNTP serve ...

oval:org.secpod.oval:def:500129
The ipmitool package contains a command line utility for interfacing with devices that support the Intelligent Platform Management Interface specification. IPMI is an open standard for machine health, inventory, and remote power control. It was discovered that the IPMI event daemon created its pro ...

oval:org.secpod.oval:def:500013
The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. A denial of service flaw was found in the way the dhcpd daemon handled DHCP requ ...

oval:org.secpod.oval:def:500081
JasPer is an implementation of Part 1 of the JPEG 2000 image compression standard. Two heap-based buffer overflow flaws were found in the way JasPer decoded JPEG 2000 compressed image files. An attacker could create a malicious JPEG 2000 compressed image file that, when opened, would cause applicati ...

oval:org.secpod.oval:def:500755
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was found that the hashing routine used by PHP arrays was susceptible to predictable hash collisions. If an HTTP POST request to a PHP application contained many parameters whose names map to the same hash value ...

oval:org.secpod.oval:def:500264
The International Components for Unicode library provides robust and full-featured Unicode services. A stack-based buffer overflow flaw was found in the way ICU performed variant canonicalization for some locale identifiers. If a specially-crafted locale representation was opened in an application ...

oval:org.secpod.oval:def:500761
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. A denial of service flaw was found in the implementation of associative arrays in Ruby. An attacker able to supply a large number of inputs to a Ruby app ...

oval:org.secpod.oval:def:500103
The krb5-appl packages provide Kerberos-aware telnet, ftp, rcp, rsh, and rlogin clients and servers. Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center . A buffer ...

oval:org.secpod.oval:def:500734
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the fix for CVE-2011-4885 introduced an uninitialized memory use flaw. A remote attacker could send a specially-crafted HTTP request to cause the PHP interpreter to crash or, possibly, execu ...

oval:org.secpod.oval:def:500703
KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space component for running virtual machines using KVM. A heap overflow flaw was found in the way QEMU-KVM emulated the e1000 network interface card. A privileged guest user in a virtual machine whos ...

oval:org.secpod.oval:def:500765
Raptor provides parsers for Resource Description Framework files. An XML External Entity expansion flaw was found in the way Raptor processed RDF files. If an application linked against Raptor were to open a specially-crafted RDF file, it could possibly allow a remote attacker to obtain a copy of a ...

oval:org.secpod.oval:def:500777
The RPM Package Manager is a command-line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages. Multiple flaws were found in the way RPM parsed package file headers. An attacker could create a specially-crafted RPM package that, w ...

oval:org.secpod.oval:def:500839
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the PHP XSL extension did not restrict the file writing capability of libxslt. A remote attacker could use this flaw to create or overwrite an arbitrary file that is writable by the user runn ...

oval:org.secpod.oval:def:500741
MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory p ...

oval:org.secpod.oval:def:500795
ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. A flaw was found in the way ImageMagick processed images with malformed Exchangeable image file format metadata. An attacker could create a specially-crafted image file that ...

oval:org.secpod.oval:def:501403
TrouSerS is an implementation of the Trusted Computing Group"s Software Stack specification. You can use TrouSerS to write applications that make use of your TPM hardware. TPM hardware can create, store and use RSA keys securely , verify a platform"s software state using cryptographic hashes and mo ...

oval:org.secpod.oval:def:500709
Concurrent Version System is a version control system that can record the history of your files. A heap-based buffer overflow flaw was found in the way the CVS client handled responses from HTTP proxies. A malicious HTTP proxy could use this flaw to cause the CVS client to crash or, possibly, execu ...

oval:org.secpod.oval:def:500768
SQLAlchemy is an Object Relational Mapper that provides a flexible, high-level interface to SQL databases. It was discovered that SQLAlchemy did not sanitize values for the limit and offset keywords for SQL select statements. If an application using SQLAlchemy accepted values for these keywords, an ...

oval:org.secpod.oval:def:500978
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was found that PHP did not check for carriage returns in HTTP headers, allowing intended HTTP response splitting protections to be bypassed. Depending on the web browser the victim is using, a remote attacker co ...

oval:org.secpod.oval:def:500977
The xinetd package provides a secure replacement for inetd, the Internet services daemon. xinetd provides access control for all services based on the address of the remote host and/or on time of access, and can prevent denial-of-access attacks. When xinetd services are configured with the "TCP ...

oval:org.secpod.oval:def:500807
The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handled zero length resource data records. A malicious ...

oval:org.secpod.oval:def:500830
ABRT is a tool to help users to detect defects in applications and to create a bug report with all the information needed by a maintainer to fix it. It uses a plug-in system to extend its functionality. libreport provides an API for reporting different problems in applications to different bug targ ...

oval:org.secpod.oval:def:500855
Perl DBI is a database access Application Programming Interface for the Perl language. perl-DBD-Pg allows Perl applications to access PostgreSQL database servers. Two format string flaws were found in perl-DBD-Pg. A specially-crafted database warning or error message from a server could cause an ap ...

oval:org.secpod.oval:def:500781
The libtiff packages contain a library of functions for manipulating Tagged Image File Format files. Two integer overflow flaws, leading to heap-based buffer overflows, were found in the way libtiff attempted to allocate space for a tile in a TIFF image file. An attacker could use these flaws to cr ...

oval:org.secpod.oval:def:500815
The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A local, unprivileged user could use an integer overflow flaw in drm_mode_dirtyfb_ioctl to cause a denial of service or escalate their privileges. * A buffer over ...

oval:org.secpod.oval:def:500824
The net-snmp packages provide various libraries and tools for the Simple Network Management Protocol , including an SNMP library, an extensible agent, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command which us ...

oval:org.secpod.oval:def:500898
Apache Qpid is a reliable, cross-platform, asynchronous messaging system that supports the Advanced Message Queuing Protocol in several common programming languages. It was discovered that the Qpid daemon did not allow the number of connections from clients to be restricted. A malicious client cou ...

oval:org.secpod.oval:def:500919
The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A use-after-free flaw was found in the Linux kernel"s memory management subsystem in the way quota handling for huge pages was performed. A local, unprivileged use ...

oval:org.secpod.oval:def:500803
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. An integer underflow flaw, leading to a buffer over-read, was found in the way OpenSSL handled DTLS application data record lengt ...

oval:org.secpod.oval:def:500804
OpenOffice.org is an office productivity suite that includes desktop applications, such as a word processor, spreadsheet application, presentation manager, formula editor, and a drawing program. An integer overflow flaw, leading to a buffer overflow, was found in the way OpenOffice.org processed an ...

oval:org.secpod.oval:def:501620
Red Hat Certificate System is an enterprise software system designed to manage enterprise public key infrastructure deployments. PKI Core contains fundamental packages required by Red Hat Certificate System, which comprise the Certificate Authority subsystem. Multiple cross-site scripting flaws we ...

oval:org.secpod.oval:def:500816
The sos package contains a set of tools that gather information from system hardware, logs and configuration files. The information can then be used for diagnostic purposes and debugging. The sosreport utility collected the Kickstart configuration file , but did not remove the root user"s password f ...

oval:org.secpod.oval:def:500867
OpenLDAP is an open source suite of LDAP applications and development tools. It was found that the OpenLDAP server daemon ignored olcTLSCipherSuite settings. This resulted in the default cipher suite always being used, which could lead to weaker than expected ciphers being accepted during Transport ...

oval:org.secpod.oval:def:500829
libguestfs is a library for accessing and modifying guest disk images. It was found that editing files with virt-edit left said files in a world-readable state . If an administrator on the host used virt-edit to edit a file inside a guest, the file would be left with world-readable permissions. This ...

oval:org.secpod.oval:def:500925
MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory p ...

oval:org.secpod.oval:def:500845
OpenJPEG is an open source library for reading and writing image files in JPEG 2000 format. An input validation flaw, leading to a heap-based buffer overflow, was found in the way OpenJPEG handled the tile number and size in an image tile header. A remote attacker could provide a specially-crafted i ...

oval:org.secpod.oval:def:500863
The dynamic LDAP back end is a plug-in for BIND that provides back-end capabilities to LDAP databases. It features support for dynamic updates and internal caching that help to reduce the load on LDAP servers. A flaw was found in the way bind-dyndb-ldap performed the escaping of names from DNS reque ...

oval:org.secpod.oval:def:500896
OpenJPEG is an open source library for reading and writing image files in JPEG 2000 format. It was found that OpenJPEG failed to sanity-check an image header field before using it. A remote attacker could provide a specially-crafted image file that could cause an application linked against OpenJPEG ...

oval:org.secpod.oval:def:500901
FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service server, designed to allow centralized authentication and authorization for a network. A buffer overflow flaw was discovered in the way radiusd handled the expiration date field in X.509 client c ...

oval:org.secpod.oval:def:500887
Ghostscript is a set of software that provides a PostScript interpreter, a set of C procedures and an interpreter for Portable Document Format files. An integer overflow flaw, leading to a heap-based buffer overflow, was found in Ghostscript"s International Color Consortium Format library . An att ...

oval:org.secpod.oval:def:104224
Dracut contains tools to create a bootable initramfs for 2.6 Linux kernels. Unlike existing implementations, dracut does hard-code as little as possible into the initramfs. Dracut contains various modules which are driven by the event-based udev. Having root on MD, DM, LVM2, LUKS is supported as wel ...

oval:org.secpod.oval:def:104218
Dracut contains tools to create a bootable initramfs for 2.6 Linux kernels. Unlike existing implementations, dracut does hard-code as little as possible into the initramfs. Dracut contains various modules which are driven by the event-based udev. Having root on MD, DM, LVM2, LUKS is supported as wel ...

oval:org.secpod.oval:def:500951
Vino is a Virtual Network Computing server for GNOME. It allows remote users to connect to a running GNOME session using VNC. It was found that Vino transmitted all clipboard activity on the system running Vino to all clients connected to port 5900, even those who had not authenticated. A remote at ...

oval:org.secpod.oval:def:500922
GEGL is a graph-based image processing framework. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the gegl utility processed .ppm image files. An attacker could create a specially-crafted .ppm file that, when opened in gegl, would cause gegl to crash or, pot ...

oval:org.secpod.oval:def:1500305
Updated dracut packages that fix one security issue, several bugs, and add two enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a ...

oval:org.secpod.oval:def:501145
The dracut packages include an event-driven initramfs generator infrastructure based on the udev device manager. The virtual file system, initramfs, is loaded together with the kernel at boot time and initializes the system, so it can read and boot from the root partition. It was discovered that dra ...

oval:org.secpod.oval:def:500998
Red Hat Enterprise Linux includes a collection of InfiniBand and iWARP utilities, libraries and development packages for writing applications that use Remote Direct Memory Access technology. A denial of service flaw was found in the way ibacm managed reference counts for multicast connections. An a ...

oval:org.secpod.oval:def:500967
ELinks is a text-based web browser. ELinks does not display any images, but it does support frames, tables, and most other HTML tags. It was found that ELinks performed client credentials delegation during the client-to-server GSS security mechanisms negotiation. A rogue server could use this flaw t ...

oval:org.secpod.oval:def:500920
The IcedTea-Web project provides a Java web browser plug-in and an implementation of Java Web Start, which is based on the Netx project. It also contains a configuration tool for managing deployment settings for the plug-in and Web Start implementations. A buffer overflow flaw was found in the IcedT ...

oval:org.secpod.oval:def:500932
The libtiff packages contain a library of functions for manipulating Tagged Image File Format files. A heap-based buffer overflow flaw was found in the way libtiff processed certain TIFF images using the Pixar Log Format encoding. An attacker could create a specially-crafted TIFF file that, when op ...

oval:org.secpod.oval:def:500928
The libxml2 library is a development toolbox providing the implementation of various XML standards. A heap-based buffer underflow flaw was found in the way libxml2 decoded certain entities. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked agains ...

oval:org.secpod.oval:def:1500260
Updated kernel packages that fix one security issue, several bugs, and add various enhancements are now available as part of the ongoing support and maintenance of Red Hat Enterprise Linux version 5. This is the tenth regular update. The Red Hat Security Response Team has rated this update as having ...

oval:org.secpod.oval:def:500952
The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * It was found that the Xen hypervisor implementation did not perform range checking on the guest provided values in multiple hypercalls. A privileged guest user cou ...

oval:org.secpod.oval:def:501004
The Common UNIX Printing System provides a portable printing layer for Linux, UNIX, and similar operating systems. It was discovered that CUPS administrative users who are permitted to perform CUPS configuration changes via the CUPS web interface could manipulate the CUPS configuration to gain uni ...

oval:org.secpod.oval:def:500971
Apache Axis is an implementation of SOAP . It can be used to build both web service clients and servers. Apache Axis did not verify that the server hostname matched the domain name in the subject"s Common Name or subjectAltName field in X.509 certificates. This could allow a man-in-the-middle attac ...

oval:org.secpod.oval:def:500974
The Jakarta Commons HttpClient component can be used to build HTTP-aware client applications . The Jakarta Commons HttpClient component did not verify that the server hostname matched the domain name in the subject"s Common Name or subjectAltName field in X.509 certificates. This could allow a man- ...

oval:org.secpod.oval:def:501061
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. A flaw was found in the way the tomcat6 init script handled the tomcat6-initd.log log file. A malicious web application deployed on Tomcat could use this flaw to perform a symbolic link attack to change the ...

oval:org.secpod.oval:def:202890
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. A flaw was found in the way the tomcat6 init script handled the tomcat6-initd.log log file. A malicious web application deployed on Tomcat could use this flaw to perform a symbolic link attack to change the ...

oval:org.secpod.oval:def:501124
The GNU Privacy Guard is a tool for encrypting data and creating digital signatures, compliant with the proposed OpenPGP Internet standard and the S/MIME standard. A denial of service flaw was found in the way GnuPG parsed certain compressed OpenPGP packets. An attacker could use this flaw to send ...

oval:org.secpod.oval:def:501052
The subscription-manager packages provide programs and libraries to allow users to manage subscriptions and yum repositories from the Red Hat Entitlement platform. It was discovered that the rhn-migrate-classic-to-rhsm tool did not verify the Red Hat Network Classic server"s X.509 certificate when m ...

oval:org.secpod.oval:def:500956
The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. A flaw was found in the way libvirtd handled connection cleanup under certain erro ...

oval:org.secpod.oval:def:1500196
An updated kernel-uek package that fixes one security issue and multiple bugs is now available for Oracle Enterprise Linux 5. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available from the CVE link in the References section. The kernel-uek is main com ...

oval:org.secpod.oval:def:1500195
An updated kernel-uek package that fixes one security issue and multiple bugs is now available for Oracle Enterprise Linux 6. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available from the CVE link in the References section. The kernel-uek is main com ...

oval:org.secpod.oval:def:500957
The xorg-x11-drv-qxl package provides an X11 video driver for the QEMU QXL video accelerator. This driver makes it possible to use Red Hat Enterprise Linux 6 as a guest operating system under the KVM kernel module and the QEMU multi-platform emulator, using the SPICE protocol. A flaw was found in th ...

oval:org.secpod.oval:def:501041
The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A flaw was found in the Xen netback driver implementation in the Linux kernel. A privileged guest user with access to a para-virtualized network device could use t ...

oval:org.secpod.oval:def:501139
The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Multiple integer overflow flaws, leading to heap- ...

oval:org.secpod.oval:def:501118
PostgreSQL is an advanced object-relational database management system . An array index error, leading to a heap-based out-of-bounds buffer read flaw, was found in the way PostgreSQL performed certain error processing using enumeration types. An unprivileged database user could issue a specially cra ...

oval:org.secpod.oval:def:501002
dbus-glib is an add-on library to integrate the standard D-Bus library with the GLib main loop and threading model. A flaw was found in the way dbus-glib filtered the message sender when the "NameOwnerChanged" signal was received. This could trick a system service using dbus-glib into be ...

oval:org.secpod.oval:def:501006
The nss-pam-ldapd packages provide the nss-pam-ldapd daemon , which uses a directory server to lookup name service information on behalf of a lightweight nsswitch module. An array index error, leading to a stack-based buffer overflow flaw, was found in the way nss-pam-ldapd managed open file descrip ...

oval:org.secpod.oval:def:501007
Git is a fast, scalable, distributed revision control system. It was discovered that Git"s git-imap-send command, a tool to send a collection of patches from standard input to an IMAP folder, did not properly perform SSL X.509 v3 certificate validation on the IMAP server"s certificate, as it did no ...

oval:org.secpod.oval:def:501346
Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. A race condition was found in the way NSS verifie ...

oval:org.secpod.oval:def:501368
Updated mysql packages that fix several bugs are now available for Red Hat Enterprise Linux 6. MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. This update fixes the following bugs: * Prior to this update, the ...

oval:org.secpod.oval:def:501043
The IcedTea-Web project provides a Java web browser plug-in and an implementation of Java Web Start, which is based on the Netx project. It also contains a configuration tool for managing deployment settings for the plug-in and Web Start implementations. It was discovered that the IcedTea-Web plug-i ...

oval:org.secpod.oval:def:501058
The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. It was found that libvirtd leaked file descriptors when listing all volumes for a p ...

oval:org.secpod.oval:def:501065
KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space component for running virtual machines using KVM. It was found that QEMU Guest Agent created certain files with world-writable permissions when run in daemon mode . An unprivileged guest user ...

oval:org.secpod.oval:def:501143
The sudo utility allows system administrators to give certain users the ability to run commands as root. A flaw was found in the way sudo handled time stamp files. An attacker able to run code as a local user and with the ability to control the system clock could possibly gain additional privileges ...

oval:org.secpod.oval:def:501051
MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory pa ...

oval:org.secpod.oval:def:501400
Apache Xerces for Java is a high performance, standards compliant, validating XML parser written in Java. The xerces-j2 packages provide Xerces-J version 2. A resource consumption issue was found in the way Xerces-J handled XML declarations. A remote attacker could use an XML document with a specia ...

oval:org.secpod.oval:def:501371
Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. A flaw was found in the way Squid handled malformed HTTP Range headers. A remote attacker able to send HTTP requests to the Squid proxy could use this flaw to crash Squid. A buffer overf ...

oval:org.secpod.oval:def:501132
Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. It was discovered that the Samba Web Administration Tool did not protect against being opened in a web p ...

oval:org.secpod.oval:def:501136
Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. An integer overflow flaw was found in the way Samba handled an Extended Attribute list provided by a cli ...

oval:org.secpod.oval:def:501130
The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel handled the creation of temporary IPv6 addresses. If the IPv6 privacy extension was enabled , an attacker on the local network could disable IPv6 temporary address gen ...

oval:org.secpod.oval:def:501176
These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. An input validation flaw was discovered in the font layout engine in the 2D component. A specially crafted font file could trigger Java Virtual Machine memory corruption when processed. An untru ...

oval:org.secpod.oval:def:501180
These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. An input validation flaw was discovered in the font layout engine in the 2D component. A specially crafted font file could trigger a Java Virtual Machine memory corruption when processed. A ...

oval:org.secpod.oval:def:501173
The libXfont packages provide the X.Org libXfont runtime library. X.Org is an open source implementation of the X Window System. A stack-based buffer overflow flaw was found in the way the libXfont library parsed Glyph Bitmap Distribution Format fonts. A malicious, local user could exploit this iss ...

oval:org.secpod.oval:def:501212
The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the get_rx_bufs function in the vhost_net implementation in the Linux kernel handled error conditions reported by the vhost_get_vq_desc function. A privileged guest user could use this ...

oval:org.secpod.oval:def:501267
KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. Multiple integer overflow, input validation, logic error, and buffer overflow flaws were discovered in various QEMU block dri ...

oval:org.secpod.oval:def:1500565
Updated qemu-kvm packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are avail ...

oval:org.secpod.oval:def:106874
QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system , including a processor and various peripherials. It can be used to launch differe ...

oval:org.secpod.oval:def:501293
The libxml2 library is a development toolbox providing the implementation of various XML standards. It was discovered that libxml2 loaded external parameter entities even when entity substitution was disabled. A remote attacker able to provide a specially crafted XML file to an application linked ag ...

oval:org.secpod.oval:def:702202
qemu: Machine emulator and virtualizer - qemu-kvm: Machine emulator and virtualizer Several security issues were fixed in QEMU.

oval:org.secpod.oval:def:601789
Several vulnerabilities were discovered in qemu, a fast processor emulator: * Various security issues have been found in the block qemu drivers. Malformed disk images might result in the execution of arbitrary code. * A NULL pointer dereference in SLIRP may result in denial of service * An informati ...

oval:org.secpod.oval:def:601795
Several vulnerabilities were discovered in qemu-kvm, a full virtualization solution on x86 hardware: * Various security issues have been found in the block qemu drivers. Malformed disk images might result in the execution of arbitrary code. * A NULL pointer dereference in SLIRP may result in denial ...

oval:org.secpod.oval:def:203314
KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. Multiple integer overflow, input validation, logic error, and buffer overflow flaws were discovered in various QEMU block dri ...

oval:org.secpod.oval:def:501185
MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory p ...

oval:org.secpod.oval:def:501190
MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory p ...

oval:org.secpod.oval:def:108038
MariaDB is a community developed branch of MySQL. MariaDB is a multi-user, multi-threaded SQL database server. It is a client/server implementation consisting of a server daemon and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs an ...

oval:org.secpod.oval:def:203034
MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory p ...

oval:org.secpod.oval:def:203028
MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory p ...

oval:org.secpod.oval:def:106863
MariaDB is a community developed branch of MySQL. MariaDB is a multi-user, multi-threaded SQL database server. It is a client/server implementation consisting of a server daemon and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs an ...

oval:org.secpod.oval:def:106909
MariaDB is a community developed branch of MySQL. MariaDB is a multi-user, multi-threaded SQL database server. It is a client/server implementation consisting of a server daemon and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs an ...

oval:org.secpod.oval:def:107461
MariaDB is a community developed branch of MySQL. MariaDB is a multi-user, multi-threaded SQL database server. It is a client/server implementation consisting of a server daemon and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs and ...

oval:org.secpod.oval:def:107444
MariaDB is a community developed branch of MySQL. MariaDB is a multi-user, multi-threaded SQL database server. It is a client/server implementation consisting of a server daemon and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs and ...

oval:org.secpod.oval:def:1600190
This update fixes several vulnerabilities in the MySQL database server. A buffer overflow flaw was found in the way the MySQL command line client tool processed excessively long version strings. If a user connected to a malicious MySQL server via the mysql client, the server could use this flaw to ...

oval:org.secpod.oval:def:1500380
Updated mysql55-mysql packages that fix several security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are a ...

oval:org.secpod.oval:def:1500387
Updated mysql packages that fix several security issues and one bug are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, a ...

oval:org.secpod.oval:def:21827
The host is installed with Graphviz 2.34.0 and is prone to a stack-based buffer overflow vulnerability. A flaw is present in the application, which fails to properly handle a long line in a dot file. Successful exploitation allows remote attackers to have unspecified impact.

oval:org.secpod.oval:def:501393
Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. A flaw was found in the way NSS parsed ASN.1 inp ...

oval:org.secpod.oval:def:501294
The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel"s netfilter connection tracking implementation for Datagram Congestion Control Protocol packets used the skb_header_pointer function. A remote attacker could use this ...

oval:org.secpod.oval:def:501419
OpenSSH is OpenBSD"s SSH protocol implementation. These packages include the core files necessary for both the OpenSSH client and server. It was discovered that OpenSSH clients did not correctly verify DNS SSHFP records. A malicious server could use this flaw to force a connecting client to skip th ...

oval:org.secpod.oval:def:107188
The kernel package contains the Linux kernel , the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc.

oval:org.secpod.oval:def:501329
The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel"s futex subsystem handled the requeuing of certain Priority Inheritance futexes. A local, unprivileged user could use this flaw to escalate their privileges on the sy ...

oval:org.secpod.oval:def:107079
The kernel package contains the Linux kernel , the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc.

oval:org.secpod.oval:def:107096
The kernel package contains the Linux kernel , the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc.

oval:org.secpod.oval:def:107154
The kernel package contains the Linux kernel , the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc.

oval:org.secpod.oval:def:107101
The kernel package contains the Linux kernel , the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc.

oval:org.secpod.oval:def:107133
The kernel package contains the Linux kernel , the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc.

oval:org.secpod.oval:def:1500685
Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are available for ea ...

oval:org.secpod.oval:def:108232
The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. This package contains Windows libraries and development tools.

oval:org.secpod.oval:def:108229
The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. This package contains Windows libraries and development tools.

oval:org.secpod.oval:def:501363
OpenSSL is a toolkit that implements the Secure Sockets Layer , Transport Layer Security , and Datagram Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A race condition was found in the way OpenSSL handled ServerHello messages with an included S ...

oval:org.secpod.oval:def:501365
OpenSSL is a toolkit that implements the Secure Sockets Layer , Transport Layer Security , and Datagram Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was discovered that the OBJ_obj2txt function could fail to properly NUL-terminate its outp ...

oval:org.secpod.oval:def:107332
The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols.

oval:org.secpod.oval:def:107326
The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols.

oval:org.secpod.oval:def:107815
The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols.

oval:org.secpod.oval:def:107818
The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols.

oval:org.secpod.oval:def:1500771
Updated openssl packages that contain a backported patch to mitigate the CVE-2014-3566 issue and fix two security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System ba ...

oval:org.secpod.oval:def:1500775
Updated openssl packages that contain a backported patch to mitigate the CVE-2014-3566 issue are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. OpenSSL is a toolkit that implements the Secure Sockets Layer , Transport ...

oval:org.secpod.oval:def:501356
Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A heap-based buffer overflow flaw was found in Samba"s NetBIOS message block daemon . An attacker on the ...

oval:org.secpod.oval:def:501355
Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A heap-based buffer overflow flaw was found in Samba"s NetBIOS message block daemon . An attacker on the ...

oval:org.secpod.oval:def:23617
The host is installed with LibreOffice before 4.1.1 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle crafted OLE objects. Successful exploitation might allow remote attackers to embed arbitrary data into documents.

oval:org.secpod.oval:def:501379
Apache Axis is an implementation of SOAP . It can be used to build both web service clients and servers. It was discovered that Axis incorrectly extracted the host name from an X.509 certificate subject"s Common Name field. A man-in-the-middle attacker could use this flaw to spoof an SSL server usin ...

oval:org.secpod.oval:def:501380
Jakarta Commons HTTPClient implements the client side of HTTP standards. It was discovered that the HTTPClient incorrectly extracted host name from an X.509 certificate subject"s Common Name field. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.50 ...

oval:org.secpod.oval:def:501377
The procmail program is used for local mail delivery. In addition to just delivering mail, procmail can be used for automatic filtering, presorting, and other mail handling jobs. A heap-based buffer overflow flaw was found in procmail"s formail utility. A remote attacker could send an email with spe ...

oval:org.secpod.oval:def:501432
The kernel packages contain the Linux kernel, the core of any Linux operating system. * A NULL pointer dereference flaw was found in the way the Linux kernel"s Stream Control Transmission Protocol implementation handled simultaneous connections between the same hosts. A remote attacker could use th ...

oval:org.secpod.oval:def:501536
The kernel packages contain the Linux kernel, the core of any Linux operating system. * It was found that the Linux kernel"s Infiniband subsystem did not properly sanitize input parameters while registering memory regions from user space via the verbs API. A local user with access to a /dev/infiniba ...

oval:org.secpod.oval:def:21807
The host is installed with glibc before 2.20 and is prone to an use-after-free vulnerabilities. The flaws are present in the application, which does not copy its path argument in accordance with the POSIX specification. Successful exploitation allows context-dependent attackers to trigger use-after- ...

oval:org.secpod.oval:def:501336
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. It was discovered that the Hotspot component in OpenJDK did not properly verify bytecode from the class files. An untrusted Java application or applet could possibly use th ...

oval:org.secpod.oval:def:501335
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. It was discovered that the Hotspot component in OpenJDK did not properly verify bytecode from the class files. An untrusted Java application or applet could possibly use th ...

oval:org.secpod.oval:def:501343
The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. It was discovered that the Hotspot component in OpenJDK did not properly verify bytecode from the class files. An untrusted Java application or applet could possibly use th ...

oval:org.secpod.oval:def:21833
The host is installed with perl-Data-Dumper before 2.154 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle an array-Reference with many nested Array-References, which triggers a large number of recursive calls to the DD_dump funct ...

oval:org.secpod.oval:def:501416
Kerberos is a networked authentication system which allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos KDC. It was found that if a KDC served multiple realms, certain requests could cause the setup_server_realm function to dereference a NULL ...

oval:org.secpod.oval:def:107266
The kernel package contains the Linux kernel , the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc.

oval:org.secpod.oval:def:107201
The kernel package contains the Linux kernel , the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc.

oval:org.secpod.oval:def:702127
linux: Linux kernel Several security issues were fixed in the kernel.

oval:org.secpod.oval:def:702110
linux-lts-trusty: Block storage devices Several security issues were fixed in the kernel.

oval:org.secpod.oval:def:107303
The kernel package contains the Linux kernel , the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc.

oval:org.secpod.oval:def:107325
The kernel package contains the Linux kernel , the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc.

oval:org.secpod.oval:def:501344
The kernel packages contain the Linux kernel, the core of any Linux operating system. * It was found that the Linux kernel"s ptrace subsystem allowed a traced process" instruction pointer to be set to a non-canonical memory address without forcing the non-sysret code path when returning to user spac ...

oval:org.secpod.oval:def:501545
The setroubleshoot packages provide tools to help diagnose SELinux problems. When Access Vector Cache messages are returned, an alert can be generated that provides information about the problem and helps to track its resolution. It was found that setroubleshoot did not sanitize file names supplied ...

oval:org.secpod.oval:def:502131
Poppler is a Portable Document Format rendering library, used by applications such as Evince. Security Fix: * An integer overflow leading to heap-based buffer overflow was found in the poppler library. An attacker could create a malicious PDF file that would cause applications that use poppler to ...

oval:org.secpod.oval:def:502132
OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fix: * A covert timing channel flaw was found in the way OpenSSH handled authentication of non-existent ...

oval:org.secpod.oval:def:34290
The host is installed with Apple iTunes before 12.4.2 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation allows attackers to crash the service.

oval:org.secpod.oval:def:501979
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * A use-after-free flaw was found in the way the Linux kernel"s Datagram Congestion Control Protocol implementation freed SKB resources for a DCCP_PKT_REQUEST packet when the IPV6_RECVPKTINFO option ...

oval:org.secpod.oval:def:502046
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * A flaw was found in the Linux kernel"s handling of packets with the URG flag. Applications using the splice and tcp_splice_read functionality can allow a remote attacker to force the kernel to enter ...

oval:org.secpod.oval:def:501606
Two cross-site scripting flaws were found in jQuery, which impacted the Identity Management web administrative interface, and could allow an authenticated user to inject arbitrary HTML or web script into the interface. Note: The IdM version provided by this update no longer uses jQuery. Bug fixes: ...

oval:org.secpod.oval:def:501189
Openswan is a free implementation of Internet Protocol Security and Internet Key Exchange . IPsec uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. A NULL pointer dereference flaw was discove ...

oval:org.secpod.oval:def:501216
Xalan-Java is an XSLT processor for transforming XML documents into HTML, text, or other XML document types. It was found that the secure processing feature of Xalan-Java had insufficient restrictions defined for certain properties and features. A remote attacker able to provide Extensible Styleshee ...

oval:org.secpod.oval:def:107366
The kernel package contains the Linux kernel , the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc.

oval:org.secpod.oval:def:107337
The kernel package contains the Linux kernel , the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc.

oval:org.secpod.oval:def:107666
The kernel package contains the Linux kernel , the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc.

oval:org.secpod.oval:def:107479
The kernel package contains the Linux kernel , the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc.

oval:org.secpod.oval:def:107408
The kernel package contains the Linux kernel , the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc.

oval:org.secpod.oval:def:501475
* A flaw was found in the way the Linux kernel handled GS segment register base switching when recovering from a #SS fault on an erroneous return to user space. A local, unprivileged user could use this flaw to escalate their privileges on the system. * A flaw was found in the way the Linux kernel ...

oval:org.secpod.oval:def:501448
LibVNCServer is a library that allows for easy creation of VNC server or client functionality. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way screen sizes were handled by LibVNCServer. A malicious VNC server could use this flaw to cause a client to crash or, ...

oval:org.secpod.oval:def:34615
The host is installed with Squid and is prone to a heap-based buffer overflow vulnerability. A flaw is present in the applications, which fails to handle crafted UDP SNMP request. Successful exploitation allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code.

oval:org.secpod.oval:def:501611
Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme, or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to ...

oval:org.secpod.oval:def:21805
The host is installed with python before 2.7.8 and is prone to an integer overflow vulnerability. A flaw is present in the application, which does not properly handle a large size and offset in a "buffer" function. Successful exploitation allows context-dependent attackers to obtain sensitive inform ...

oval:org.secpod.oval:def:501483
The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. An out-of-bounds read flaw was found in the way g ...

oval:org.secpod.oval:def:108097
The kernel package contains the Linux kernel , the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc.

oval:org.secpod.oval:def:107833
The kernel package contains the Linux kernel , the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc.

oval:org.secpod.oval:def:107813
The kernel package contains the Linux kernel , the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc.

oval:org.secpod.oval:def:108274
The kernel package contains the Linux kernel , the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc.

oval:org.secpod.oval:def:108321
The kernel package contains the Linux kernel , the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc.

oval:org.secpod.oval:def:107870
The kernel package contains the Linux kernel , the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc.

oval:org.secpod.oval:def:107861
The kernel package contains the Linux kernel , the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc.

oval:org.secpod.oval:def:107916
The kernel package contains the Linux kernel , the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc.

oval:org.secpod.oval:def:107937
The kernel package contains the Linux kernel , the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc.

oval:org.secpod.oval:def:108483
The kernel package contains the Linux kernel , the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc.

oval:org.secpod.oval:def:108027
The kernel package contains the Linux kernel , the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc.

oval:org.secpod.oval:def:1500947
The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition inv ...

oval:org.secpod.oval:def:204263
The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel"s XFS file system handled replacing of remote attributes under certain conditions. A local user with access to XFS file system mount could potentially use this flaw to ...

oval:org.secpod.oval:def:501512
The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel"s XFS file system handled replacing of remote attributes under certain conditions. A local user with access to XFS file system mount could potentially use this flaw to ...

oval:org.secpod.oval:def:501560
KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. It was found that the Cirrus blit region checks were insufficient. A privileged guest user could use this flaw to write outsi ...

oval:org.secpod.oval:def:501485
Mozilla Thunderbird is a standalone mail and newsgroup client. Two flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. It was found ...

oval:org.secpod.oval:def:501484
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:24738
The host is installed with tcpdump in RHEL 5, 6 or 7 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle a crafted Ad hoc On-Demand Distance Vector (AODV) packet. Successful exploitation could allow attackers to obtain sensiti ...

oval:org.secpod.oval:def:24739
The host is installed with tcpdump in RHEL 5, 6 or 7 and is prone to multiple integer overflow vulnerabilities. The flaws are present in the application, which fails to properly handle a crafted length value in a Geonet frame. Successful exploitation could allow attackers to crash the service.

oval:org.secpod.oval:def:24740
The host is installed with tcpdump in RHEL 5, 6 or 7 and is prone to an integer underflow vulnerability. A flaw is present in the application, which fails to properly handle a crafted length value in an OLSR frame. Successful exploitation could allow attackers to crash the service.

oval:org.secpod.oval:def:501496
YAML is a data serialization format designed for human readability and interaction with scripting languages. LibYAML is a YAML parser and emitter written in C. An assertion failure was found in the way the libyaml library parsed wrapped strings. An attacker able to load specially crafted YAML input ...

oval:org.secpod.oval:def:501561
The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way seunshare, a utility for running executables under a different security context, used the capng_lock functionality of the libcap-ng library. The subsequent invocation of suid root bina ...

oval:org.secpod.oval:def:500260
Wireshark is a program for monitoring network traffic. Wireshark was previously known as Ethereal. An array index error, leading to a stack-based buffer overflow, was found in the Wireshark ENTTEC dissector. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could ...

oval:org.secpod.oval:def:500810
Expat is a C library written by James Clark for parsing XML documents. A denial of service flaw was found in the implementation of hash arrays in Expat. An attacker could use this flaw to make an application using Expat consume an excessive amount of CPU time by providing a specially-crafted XML fil ...

oval:org.secpod.oval:def:501638
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Multiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which htt ...

oval:org.secpod.oval:def:501574
KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. A flaw was found in the way QEMU"s AMD PCnet Ethernet emulation handled multi-TMD packets with a length above 4096 bytes. A p ...

oval:org.secpod.oval:def:501633
Pluggable Authentication Modules provide a system whereby administrators can set up authentication policies without having to recompile programs to handle authentication. It was discovered that the _unix_run_helper_binary function of PAM"s unix_pam module could write to a blocking pipe, possibly ca ...

oval:org.secpod.oval:def:501816
OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fix: * It was found that the OpenSSH client did not properly enforce the ForwardX11Timeout setting. A m ...

oval:org.secpod.oval:def:501625
The kernel packages contain the Linux kernel, the core of any Linux operating system. Two flaws were found in the way the Linux kernel"s networking implementation handled UDP packets with incorrect checksum values. A remote attacker could potentially use these flaws to trigger an infinite loop in th ...

oval:org.secpod.oval:def:501608
The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handled requests for TKEY DNS resource records. A remot ...

oval:org.secpod.oval:def:501789
OpenSSH is OpenBSD"s SSH protocol implementation. These packages include the core files necessary for both the OpenSSH client and server. It was discovered that the OpenSSH server did not sanitize data received in requests to enable X11 forwarding. An authenticated client with restricted SSH access ...

oval:org.secpod.oval:def:26769
The host is installed with openssh on RHEL 6 or 7 and is prone to a brute-force vulnerability. A flaw is present in the application, which fails to check the list of keyboard-interactive authentication methods for duplicates. Successful exploitation could allow attackers to bypass the MaxAuthTries l ...

oval:org.secpod.oval:def:502028
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.1.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ...

oval:org.secpod.oval:def:602948
libffi, a library used to call code written in one language from code written in a different language, was enforcing an executable stack on the i386 architecture. While this might not be considered a vulnerability by itself, this could be leveraged when exploiting other vulnerabilities, like for exa ...

oval:org.secpod.oval:def:500062
The xerces-j2 packages provide the Apache Xerces2 Java Parser, a high-performance XML parser. A Document Type Definition defines the legal syntax for certain types of files, such as XML files. A flaw was found in the way the Apache Xerces2 Java Parser processed the SYSTEM identifier in DTDs. A rem ...

oval:org.secpod.oval:def:500489
These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. defaultReadObject of the Serialization API could be tricked into setting a volatile field multiple times, which could allow a remote attacker to execute arbitrary code with the privileges of the ...

oval:org.secpod.oval:def:500933
The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * It was found that the RHSA-2012:0862 update did not correctly fix the CVE-2011-4131 issue. A malicious Network File System version 4 server could return a crafted ...

oval:org.secpod.oval:def:500417
The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * a race condition was found in the mac80211 implementation, a framework used for writing drivers for wireless devices. An attacker could trigger this flaw by sendin ...

oval:org.secpod.oval:def:1500321
Updated kernel packages that fix multiple security issues, address several hundred bugs, and add numerous enhancements are now available as part of the ongoing support and maintenance of Red Hat Enterprise Linux version 6. This is the fifth regular update. The Red Hat Security Response Team has rate ...

oval:org.secpod.oval:def:500364
Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third party, the Key Distribution Center . Multiple checksum validation flaws were discovered in the MIT Kerberos implementation. A remote attacker coul ...

oval:org.secpod.oval:def:500457
The Apache Portable Runtime is a portability library used by the Apache HTTP Server and other projects. apr-util is a library which provides additional utility interfaces for APR; including support for XML parsing, LDAP, database interfaces, URI parsing, and more. It was found that certain input co ...

oval:org.secpod.oval:def:500011
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in the way Firefox sanitized HTML content in extensions. If an extension loaded or rendered malicious content using the ParanoidFragmentSink class, it could fail to saf ...

oval:org.secpod.oval:def:500133
Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML content. Malicious HTML content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A flaw was found ...

oval:org.secpod.oval:def:500319
Network Security Services is a set of libraries designed to support the development of security-enabled client and server applications. A flaw was found in the way NSS matched SSL certificates when the certificates had a Common Name containing a wildcard and a partial IP address. NSS incorrectly ac ...

oval:org.secpod.oval:def:500281
Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion reposi ...

oval:org.secpod.oval:def:500460
PostgreSQL is an advanced object-relational database management system . PL/Perl and PL/Tcl allow users to write PostgreSQL functions in the Perl and Tcl languages. The PostgreSQL SECURITY DEFINER parameter, which can be used when creating a new PostgreSQL function, specifies that the function will ...

oval:org.secpod.oval:def:500074
Python is an interpreted, interactive, object-oriented programming language. A flaw was found in the Python urllib and urllib2 libraries where they would not differentiate between different target URLs when handling automatic redirects. This caused Python applications using these modules to follow a ...

oval:org.secpod.oval:def:500338
The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. It was discovered that named did not invalidate previously cached RRSIG records when add ...

oval:org.secpod.oval:def:500445
Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. Multiple NULL pointer dereference flaws were found in the way Pidgin handled Base64 decoding. A remote attacker could use these flaws to crash Pidgin if the target Pidg ...

oval:org.secpod.oval:def:500221
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. It was found that web applications could modify the location of the Tomcat host"s work directory. As web applications deployed on Tomcat have read and write access to this directory, a malicious web applica ...

oval:org.secpod.oval:def:500444
Mozilla Thunderbird is a standalone mail and newsgroup client. A race condition flaw was found in the way Thunderbird handled Document Object Model element properties. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the ...

oval:org.secpod.oval:def:500421
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A race condition flaw was found in the way Firefox handled Document Object Model element properties. Malicious HTML content could cause Firefox to crash or, potentially, execute arbitr ...

oval:org.secpod.oval:def:500449
Mozilla Firefox is an open source web browser. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. A flaw was found in the w ...

oval:org.secpod.oval:def:500410
Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML content. Malicious HTML content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. Note: JavaScript ...

oval:org.secpod.oval:def:500053
WebKitGTK+ is the port of the portable web rendering engine WebKit to the GTK+ platform. Multiple memory corruption flaws were found in WebKit. Malicious web content could cause an application using WebKitGTK+ to crash or, potentially, execute arbitrary code with the privileges of the user running t ...

oval:org.secpod.oval:def:500082
The libxml2 library is a development toolbox providing the implementation of various XML standards. One of those standards is the XML Path Language , which is a language for addressing parts of an XML document. An off-by-one error, leading to a heap-based buffer overflow, was found in the way libxml ...

oval:org.secpod.oval:def:500308
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A ciphersuite downgrade flaw was found in the OpenSSL SSL/TLS server code. A remote attacker could possibly use this flaw to chang ...

oval:org.secpod.oval:def:500362
The libvpx packages provide the VP8 SDK, which allows the encoding and decoding of the VP8 video codec, commonly used with the WebM multimedia container file format. An integer overflow flaw, leading to arbitrary memory writes, was found in libvpx. An attacker could create a specially-crafted video ...

oval:org.secpod.oval:def:500336
Wireshark is a program for monitoring network traffic. Wireshark was previously known as Ethereal. A heap-based buffer overflow flaw was found in the Wireshark Local Download Sharing Service dissector. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could cras ...

oval:org.secpod.oval:def:500125
These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. A flaw was found in the Swing library. Forged TimerEvents could be used to bypass SecurityManager checks, allowing access to otherwise blocked files and directories. A flaw was found in the Hot ...

oval:org.secpod.oval:def:500009
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. A denial of service flaw was found in the way certain strings were converted to Double objects. A remote attacker could use this flaw to cause Tomcat to hang via a specially-crafted HTTP request. A flaw wa ...

oval:org.secpod.oval:def:500100
These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. A denial of service flaw was found in the way certain strings were converted to Double objects. A remote attacker could use this flaw to cause Java-based applications to hang, for instance if th ...

oval:org.secpod.oval:def:501131
OpenSSH is OpenBSD"s Secure Shell protocol implementation. These packages include the core files necessary for the OpenSSH client and server. The default OpenSSH configuration made it easy for remote attackers to exhaust unauthorized connection slots and prevent other users from being able to log i ...

oval:org.secpod.oval:def:500175
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A buffer over-read flaw was discovered in the way OpenSSL parsed the Certificate Status Request TLS extensions in ClientHello TLS ...

oval:org.secpod.oval:def:500070
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could possibly lead to arbitrary code execution with the privileges of the u ...

oval:org.secpod.oval:def:500124
Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML content. An HTML mail message containing malicious content could possibly lead to arbitrary code execution with the privileges of the user running Thunderbird. An arbitrary me ...

oval:org.secpod.oval:def:500004
The Apache Portable Runtime is a portability library used by the Apache HTTP Server and other projects. It provides a free library of C data structures and routines. It was discovered that the apr_fnmatch function used an unconstrained recursion when processing patterns with the "*" wildcard. An at ...

oval:org.secpod.oval:def:500258
The Apache Portable Runtime is a portability library used by the Apache HTTP Server and other projects. It provides a free library of C data structures and routines. The fix for CVE-2011-0419 introduced an infinite loop flaw in the apr_fnmatch function when the APR_FNM_PATHNAME matching flag was u ...

oval:org.secpod.oval:def:500114
Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion reposi ...

oval:org.secpod.oval:def:500148
Wireshark is a program for monitoring network traffic. Wireshark was previously known as Ethereal. A heap-based buffer overflow flaw was found in the Wireshark MAC-LTE dissector. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute ...

oval:org.secpod.oval:def:500225
These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. Integer overflow flaws were found in the way Java2D parsed JPEG images and user-supplied fonts. An attacker could use these flaws to execute arbitrary code with the privileges of the user runnin ...

oval:org.secpod.oval:def:500083
The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. It was discovered that the DHCP client daemon, dhclient, did not sufficiently sa ...

oval:org.secpod.oval:def:500179
The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. The fix for CVE-2010-3847 introduced a regression in the way the d ...

oval:org.secpod.oval:def:500226
Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion reposi ...

oval:org.secpod.oval:def:500194
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in the way Firefox handled malformed JPEG images. A website containing a malicious JPEG image could cause Firefox to crash or, potentially, execute arbitrary code with ...

oval:org.secpod.oval:def:500200
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:500235
Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML content. Malicious HTML content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A dangling pointe ...

oval:org.secpod.oval:def:500261
Mozilla Thunderbird is a standalone mail and newsgroup client. A flaw was found in the way Thunderbird handled malformed JPEG images. An HTML mail message containing a malicious JPEG image could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user runnin ...

oval:org.secpod.oval:def:500178
The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A flaw was discovered in the way BIND handled certain DNS requests. A remote attacker co ...

oval:org.secpod.oval:def:500189
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:500113
Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thun ...

oval:org.secpod.oval:def:500715
XULRunner provides the XUL Runtime environment for applications using the Gecko layout engine. A heap-based buffer overflow flaw was found in the way XULRunner handled PNG images. A web page containing a malicious PNG image could cause an application linked against XULRunner to crash or, potential ...

oval:org.secpod.oval:def:500733
The libpng packages contain a library of functions for creating and manipulating PNG image format files. A heap-based buffer overflow flaw was found in libpng. An attacker could create a specially-crafted PNG image that, when opened, could cause an application using libpng to crash or, possibly, ex ...

oval:org.secpod.oval:def:500749
Mozilla Thunderbird is a standalone mail and newsgroup client. A heap-based buffer overflow flaw was found in the way Thunderbird handled PNG images. An HTML mail message or remote content containing a specially-crafted PNG image could cause Thunderbird to crash or, possibly, execute arbitrary code ...

oval:org.secpod.oval:def:500772
The libpng packages contain a library of functions for creating and manipulating PNG image format files. A heap-based buffer overflow flaw was found in the way libpng processed compressed chunks in PNG image files. An attacker could create a specially-crafted PNG image file that, when opened, could ...

oval:org.secpod.oval:def:500790
Mozilla Thunderbird is a standalone mail and newsgroup client. A flaw was found in Sanitiser for OpenType , used by Thunderbird to help prevent potential exploits in malformed OpenType fonts. Malicious content could cause Thunderbird to crash or, under certain conditions, possibly execute arbitrary ...

oval:org.secpod.oval:def:500788
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in Sanitiser for OpenType , used by Firefox to help prevent potential exploits in malformed OpenType fonts. A web page containing malicious content could cause Firefox ...

oval:org.secpod.oval:def:500067
The Apache HTTP Server is a popular web server. A flaw was found in the way the Apache HTTP Server handled Range HTTP headers. A remote attacker could use this flaw to cause httpd to use an excessive amount of memory and CPU time via HTTP requests with a specially-crafted Range header. All httpd us ...

oval:org.secpod.oval:def:500208
The Apache HTTP Server is a popular web server. It was discovered that the Apache HTTP Server did not properly validate the request URI for proxied requests. In certain configurations, if a reverse proxy used the ProxyPassMatch directive, or if it used the RewriteRule directive with the proxy flag, ...

oval:org.secpod.oval:def:500262
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. APR as mentioned in the CVE-2011-3190 and CVE-2011-2526 descriptions does not refer to APR provided by the apr packages. It refers to the implementation of APR provided by the Tomcat Native library, which ...

oval:org.secpod.oval:def:500849
Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. Malicious content could byp ...

oval:org.secpod.oval:def:500850
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. A malicious web page could ...

oval:org.secpod.oval:def:500196
These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. A flaw was found in the Java RMI registry implementation. A remote RMI client could use this flaw to execute arbitrary code on the RMI server running the registry. A flaw was found in the Java ...

oval:org.secpod.oval:def:500250
Perl is a high-level programming language commonly used for system administration utilities and web programming. A heap-based buffer overflow flaw was found in the way Perl decoded Unicode strings. An attacker could create a malicious Unicode string that, when decoded by a Perl program, would cause ...

oval:org.secpod.oval:def:500155
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in the way Firefox handled certain add-ons. A web page containing malicious content could cause an add-on to grant itself full browser privileges, which could lead to a ...

oval:org.secpod.oval:def:500266
Mozilla Thunderbird is a standalone mail and newsgroup client. A flaw was found in the way Thunderbird handled certain add-ons. Malicious, remote content could cause an add-on to elevate its privileges, which could lead to arbitrary code execution with the privileges of the user running Thunderbird. ...

oval:org.secpod.oval:def:500707
The libxml2 library is a development toolbox providing the implementation of various XML standards. A heap-based buffer overflow flaw was found in the way libxml2 decoded entity references with long names. A remote attacker could provide a specially-crafted XML file that, when opened in an applicati ...

oval:org.secpod.oval:def:500833
Qt is a software toolkit that simplifies the task of writing and maintaining GUI applications for the X Window System. HarfBuzz is an OpenType text shaping engine. A buffer overflow flaw was found in the harfbuzz module in Qt. If a user loaded a specially-crafted font file with an application linke ...

oval:org.secpod.oval:def:500021
The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A flaw was discovered in the way BIND handled certain DNS queries, which caused it to ca ...

oval:org.secpod.oval:def:500058
Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. An input sanitization flaw was found in the way the AOL Open System for Communication in Realtime protocol plug-in in Pidgin, used by the AOL ICQ and AIM instant messa ...

oval:org.secpod.oval:def:500115
Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. Multiple NULL pointer dereference flaws were found in the way the Pidgin Yahoo! Messenger Protocol plug-in handled malformed YMSG packets. A remote attacker could use t ...

oval:org.secpod.oval:def:500778
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. It was found that the Java hashCode method implementation was susceptible to predictable hash collisions. A remote attacker could use this flaw to cause Tomcat to use an excessive amount of CPU time by send ...

oval:org.secpod.oval:def:500786
Wireshark is a program for monitoring network traffic. Wireshark was previously known as Ethereal. Several flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wiresh ...

oval:org.secpod.oval:def:500717
The libvorbis packages contain runtime libraries for use in programs that support Ogg Vorbis. Ogg Vorbis is a fully open, non-proprietary, patent-and royalty-free, general-purpose compressed audio format. A heap-based buffer overflow flaw was found in the way the libvorbis library parsed Ogg Vorbis ...

oval:org.secpod.oval:def:500740
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A use-after-free flaw was found in the way Firefox removed nsDOMAttribute child nodes. In certain circumstances, due to the premature notification of AttributeChildRemoved, a malicious ...

oval:org.secpod.oval:def:500756
Mozilla Thunderbird is a standalone mail and newsgroup client. A use-after-free flaw was found in the way Thunderbird removed nsDOMAttribute child nodes. In certain circumstances, due to the premature notification of AttributeChildRemoved, a malicious script could possibly use this flaw to cause Thu ...

oval:org.secpod.oval:def:500847
Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. A flaw was found in the way the ASN.1 decoder in ...

oval:org.secpod.oval:def:500767
Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. Two flaws were found in the ...

oval:org.secpod.oval:def:500769
Mozilla Firefox is an open source web browser. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. Two flaws were found in t ...

oval:org.secpod.oval:def:500743
These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. It was discovered that Java2D did not properly check graphics rendering objects before passing them to the native renderer. Malicious input, or an untrusted Java application or applet could use ...

oval:org.secpod.oval:def:500812
These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. Multiple flaws were discovered in the CORBA implementation in Java. A malicious Java application or applet could use these flaws to bypass Java sandbox restrictions or modify immutable object d ...

oval:org.secpod.oval:def:500825
These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. Multiple flaws were discovered in the CORBA implementation in Java. A malicious Java application or applet could use these flaws to bypass Java sandbox restrictions or modify immutable object d ...

oval:org.secpod.oval:def:500805
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:500828
The 389 Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. A flaw was found in the way 389 Directory Server handled password changes. If an LDAP user has changed their passw ...

oval:org.secpod.oval:def:500891
libxslt is a library for transforming XML files into other textual formats using the standard XSLT stylesheet transformation mechanism. A heap-based buffer overflow flaw was found in the way libxslt applied templates to nodes selected by certain namespaces. An attacker could use this flaw to create ...

oval:org.secpod.oval:def:500806
Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. Note: CVE-2011-3101 only af ...

oval:org.secpod.oval:def:500853
Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. A flaw was found in the way the Pidgin MSN protocol plug-in processed text that was not encoded in UTF-8. A remote attacker could use this flaw to crash Pidgin by sendi ...

oval:org.secpod.oval:def:500877
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. A web page containing a ma ...

oval:org.secpod.oval:def:500878
Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. Content containing a malici ...

oval:org.secpod.oval:def:500904
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:500905
Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. Two flaws in Thunderbird co ...

oval:org.secpod.oval:def:500908
Mozilla Thunderbird is a standalone mail and newsgroup client. A flaw was found in the way Thunderbird handled security wrappers. Malicious content could cause Thunderbird to execute arbitrary code with the privileges of the user running Thunderbird. Red Hat would like to thank the Mozilla project ...

oval:org.secpod.oval:def:500909
XULRunner provides the XUL Runtime environment for applications using the Gecko layout engine. A flaw was found in the way XULRunner handled security wrappers. A web page containing malicious content could possibly cause an application linked against XULRunner to execute arbitrary code with the pri ...

oval:org.secpod.oval:def:500915
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Multiple flaws were found in the location object implementation in Firefox. Malicious content could be used to perform cross-site scripting attacks, bypass the same-origin policy, or ca ...

oval:org.secpod.oval:def:500916
Mozilla Thunderbird is a standalone mail and newsgroup client. Multiple flaws were found in the location object implementation in Thunderbird. Malicious content could be used to perform cross-site scripting attacks, bypass the same-origin policy, or cause Thunderbird to execute arbitrary code. Red ...

oval:org.secpod.oval:def:500926
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:500927
Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A buffer overflow flaw was ...

oval:org.secpod.oval:def:500992
The httpd packages contain the Apache HTTP Server , which is the namesake project of The Apache Software Foundation. An input sanitization flaw was found in the mod_negotiation Apache HTTP Server module. A remote attacker able to upload or create files with arbitrary names in a directory that has th ...

oval:org.secpod.oval:def:501054
The Apache HTTP Server is a popular web server. Cross-site scripting flaws were found in the mod_proxy_balancer module"s manager web interface. If a remote attacker could trick a user, who was logged into the manager web interface, into visiting a specially-crafted URL, it would lead to arbitrary w ...

oval:org.secpod.oval:def:500913
These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. Multiple improper permission check issues were discovered in the Beans, Libraries, Swing, and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass J ...

oval:org.secpod.oval:def:500914
These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. Multiple improper permission check issues were discovered in the Beans, Swing, and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox ...

oval:org.secpod.oval:def:500906
The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handled certain combinations of resource records. A rem ...

oval:org.secpod.oval:def:500931
MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. A stack-based buffer overflow flaw was found in the user permission checking code in MySQL. An authenticated database user could use this flaw to crash the mysql ...

oval:org.secpod.oval:def:501021
Apache Tomcat is a servlet container. It was found that when an application used FORM authentication, along with another component that calls request.setUserPrincipal before the call to FormAuthenticator#authenticate , it was possible to bypass the security constraint checks in the FORM authenticato ...

oval:org.secpod.oval:def:500969
These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. An improper permission check issue was discovered in the JMX component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. It was discov ...

oval:org.secpod.oval:def:500972
These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. Multiple improper permission check issues were discovered in the JMX and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox res ...

oval:org.secpod.oval:def:501010
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode ...

oval:org.secpod.oval:def:501024
Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. A stack-based buffer overflow flaw was found in the Pidgin MXit protocol plug-in. A malicious server or a remote attacker could use this flaw to crash Pidgin by sending ...

oval:org.secpod.oval:def:500958
MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory p ...

oval:org.secpod.oval:def:500942
Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A flaw was found in the way ...

oval:org.secpod.oval:def:500944
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:501164
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to terminate unexpectedly or, potentially, execute arbit ...

oval:org.secpod.oval:def:501159
Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A flaw was found in the way ...

oval:org.secpod.oval:def:500973
Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. It was found that, after ca ...

oval:org.secpod.oval:def:500975
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:501019
XULRunner provides the XUL Runtime environment for applications using the Gecko layout engine. A flaw was found in the way XULRunner handled malformed web content. A web page containing malicious content could cause an application linked against XULRunner to crash or execute arbitrary code with the ...

oval:org.secpod.oval:def:501023
Mozilla Thunderbird is a standalone mail and newsgroup client. A flaw was found in the processing of malformed content. Malicious content could cause Thunderbird to crash or execute arbitrary code with the privileges of the user running Thunderbird. Red Hat would like to thank the Mozilla project f ...

oval:org.secpod.oval:def:501037
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:501036
Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A flaw was found in the way ...

oval:org.secpod.oval:def:501074
Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. nss-softokn provides an NSS softoken cryptographi ...

oval:org.secpod.oval:def:500966
These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. Multiple improper permission check issues were discovered in the AWT, CORBA, JMX, and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Jav ...

oval:org.secpod.oval:def:500968
These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. Multiple improper permission check issues were discovered in the AWT, CORBA, JMX, Libraries, and Beans components in OpenJDK. An untrusted Java application or applet could use these flaws to byp ...

oval:org.secpod.oval:def:501013
These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. An integer overflow flaw was found in the way the 2D component handled certain sample model instances. A specially-crafted sample model instance could cause Java Virtual Machine memory corruptio ...

oval:org.secpod.oval:def:501012
These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. An integer overflow flaw was found in the way the 2D component handled certain sample model instances. A specially-crafted sample model instance could cause Java Virtual Machine memory corruptio ...

oval:org.secpod.oval:def:501032
Perl is a high-level programming language commonly used for system administration utilities and web programming. A heap overflow flaw was found in Perl. If a Perl application allowed user input to control the count argument of the string repeat operator, an attacker could cause the application to cr ...

oval:org.secpod.oval:def:501055
Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A flaw was found in the way ...

oval:org.secpod.oval:def:501057
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:501083
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:501075
Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. It was found that Thunderbi ...

oval:org.secpod.oval:def:501088
Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A flaw was found in the way ...

oval:org.secpod.oval:def:501091
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:501100
Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A flaw was found in the way ...

oval:org.secpod.oval:def:501103
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:501160
Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. A flaw was found in the way NSS handled invalid h ...

oval:org.secpod.oval:def:501039
Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion reposi ...

oval:org.secpod.oval:def:501198
Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion reposi ...

oval:org.secpod.oval:def:501081
The Apache HTTP Server is a popular web server. A flaw was found in the way the mod_dav module of the Apache HTTP Server handled merge requests. An attacker could use this flaw to send a crafted merge request that contains URIs that are not configured for DAV, causing the httpd child process to cras ...

oval:org.secpod.oval:def:501034
The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the libdns library. A remote attacker could use th ...

oval:org.secpod.oval:def:501095
These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. Multiple flaws were discovered in the ImagingLib and the image attribute, channel, layout and raster processing in the 2D component. An untrusted Java application or applet could possibly use th ...

oval:org.secpod.oval:def:501070
These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. Multiple flaws were discovered in the ImagingLib and the image attribute, channel, layout and raster processing in the 2D component. An untrusted Java application or applet could possibly use th ...

oval:org.secpod.oval:def:501147
Wireshark, previously known as Ethereal, is a network protocol analyzer. It is used to capture and browse the traffic running on a computer network. Two flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, exe ...

oval:org.secpod.oval:def:501127
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Multiple input checking flaws were found in the 2D component native image parsing code. A specially crafted image file could trigger a Java Virtual Machine memory corruptio ...

oval:org.secpod.oval:def:501126
The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. Multiple input checking flaws were found in the 2D component native image parsing code. A specially crafted image file could trigger a Java Virtual Machine memory corruptio ...

oval:org.secpod.oval:def:1500222
Updated bind97 packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available ...

oval:org.secpod.oval:def:1500228
Updated bind packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available fr ...

oval:org.secpod.oval:def:1300211
A vulnerability has been discovered and corrected in bind: The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service ...

oval:org.secpod.oval:def:1500720
Updated bind97 packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available ...

oval:org.secpod.oval:def:202923
The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in BIND. A remote attacker could use this flaw to sen ...

oval:org.secpod.oval:def:202924
The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in BIND. A remote attacker could use this flaw to sen ...

oval:org.secpod.oval:def:106308
BIND is an implementation of the DNS protocols. BIND includes a DNS server , which resolves host names to IP addresses; a resolver library ; and tools for verifying that the DNS server is operating properly.

oval:org.secpod.oval:def:108265
BIND is an implementation of the DNS protocols. BIND includes a DNS server , which resolves host names to IP addresses; a resolver library ; and tools for verifying that the DNS server is operating properly.

oval:org.secpod.oval:def:601076
Maxim Shudrak and the HP Zero Day Initiative reported a denial of service vulnerability in BIND, a DNS server. A specially crafted query that includes malformed rdata can cause named daemon to terminate with an assertion failure while rejecting the malformed query.

oval:org.secpod.oval:def:1600288
A denial of service flaw was found in BIND. A remote attacker could use this flaw to send a specially-crafted DNS query to named that, when processed, would cause named to crash when rejecting the malformed query

oval:org.secpod.oval:def:105776
BIND is an implementation of the DNS protocols. BIND includes a DNS server , which resolves host names to IP addresses; a resolver library ; and tools for verifying that the DNS server is operating properly.

oval:org.secpod.oval:def:501090
The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in BIND. A remote attacker could use this flaw to sen ...

oval:org.secpod.oval:def:501092
The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in BIND. A remote attacker could use this flaw to sen ...

oval:org.secpod.oval:def:1500361
Updated bind packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available fro ...

oval:org.secpod.oval:def:105370
BIND is an implementation of the DNS protocols. BIND includes a DNS server , which resolves host names to IP addresses; a resolver library ; and tools for verifying that the DNS server is operating properly.

oval:org.secpod.oval:def:501125
Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. It was found that the Thund ...

oval:org.secpod.oval:def:501128
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to terminate unexpectedly or, potentially, execute arbit ...

oval:org.secpod.oval:def:501224
The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when pro ...

oval:org.secpod.oval:def:501225
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when pro ...

oval:org.secpod.oval:def:501217
Wireshark is a network protocol analyzer. It is used to capture and browse the traffic running on a computer network. Two flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user ...

oval:org.secpod.oval:def:501570
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. It was discovered that the ChunkedInputFilter in Tomcat did not fail subsequent attempts to read input after malformed chunked encoding was detected. A remote attacker could possibly use this flaw to make T ...

oval:org.secpod.oval:def:501478
JasPer is an implementation of Part 1 of the JPEG 2000 image compression standard. Multiple off-by-one flaws, leading to heap-based buffer overflows, were found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, ex ...

oval:org.secpod.oval:def:24749
The host is installed with libtiff on RHEL 5, 6 or 7 and is prone to an out-of-bounds read vulnerability. A flaw is present in the application, which fails to properly handle crafted tiff image. Successful exploitation could allow attackers to crash the service.

oval:org.secpod.oval:def:501621
The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. It was discovered that sudo did not perform any checks of the TZ ...

oval:org.secpod.oval:def:502140
Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. Security Fix: * It was found that samba did not enforce "SMB signing" when certain configuratio ...

oval:org.secpod.oval:def:502139
Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: * A race condition was found in samba server. A malicious samba clie ...

oval:org.secpod.oval:def:501579
CUPS provides a portable printing layer for Linux, UNIX, and similar operating systems. A string reference count bug was found in cupsd, causing premature freeing of string objects. An attacker can submit a malicious print job that exploits this flaw to dismantle ACLs protecting privileged operation ...

oval:org.secpod.oval:def:502056
Mercurial is a fast, lightweight source control management system designed for efficient handling of very large distributed projects. Security Fix: * A flaw was found in the way "hg serve --stdio" command in Mercurial handled command-line options. A remote, authenticated attacker could use ...

oval:org.secpod.oval:def:502146
Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix: * A use-after-free flaw was found in the TLS 1.2 implementation in the NSS library when client authentication was used. A malicious cl ...

oval:org.secpod.oval:def:502147
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.4.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:500312
The mod_auth_mysql package includes an extension module for the Apache HTTP Server, which can be used to implement web user authentication against a MySQL database. A flaw was found in the way mod_auth_mysql escaped certain multibyte-encoded strings. If mod_auth_mysql was configured to use a multiby ...

oval:org.secpod.oval:def:501045
These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. Multiple flaws were discovered in the font layout engine in the 2D component. An untrusted Java application or applet could possibly use these flaws to trigger Java Virtual Machine memory corrup ...

oval:org.secpod.oval:def:501048
These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. Multiple flaws were discovered in the font layout engine in the 2D component. An untrusted Java application or applet could possibly use these flaws to trigger Java Virtual Machine memory corrup ...

oval:org.secpod.oval:def:502148
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * Kernel memory corruption due to a buffer overflow was found in brcmf_cfg80211_mgmt_tx function in Linux kernels from v3.9-rc1 to v4.13-rc1. The vulnerability can be triggered by sending a crafted NL ...

oval:org.secpod.oval:def:502149
PostgreSQL is an advanced object-relational database management system . Security Fix: * It was found that authenticating to a PostgreSQL database account with an empty password was possible despite libpq"s refusal to send an empty password. A remote attacker could potentially use this flaw to gain ...

oval:org.secpod.oval:def:502054
The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix: * It was found that the original fix for CVE-2017- ...

oval:org.secpod.oval:def:500835
BusyBox provides a single binary that includes versions of a large number of system commands, including a shell. This can be very useful for recovering from certain types of system failures, particularly those involving broken shared libraries. A buffer underflow flaw was found in the way the uncomp ...

oval:org.secpod.oval:def:108338
The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols.

oval:org.secpod.oval:def:501493
The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A heap-based buffer overflow was found in glibc"s ...

oval:org.secpod.oval:def:501622
The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way Linux kernel"s Transparent Huge Pages implementation handled non-huge page migration. A local, unprivileged user could use this flaw to crash the kernel by migrating transparent hugep ...

oval:org.secpod.oval:def:24035
The host is installed with linux kernel before 3.18.5 and is prone to a denial of service vulnerability. A flaw is present in the application, when the guest OS lacks SYSENTER MSR initialization. Successful exploitation allows guest OS users to gain guest OS privileges or cause a denial of service ( ...

oval:org.secpod.oval:def:204242
The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way Linux kernel"s Transparent Huge Pages implementation handled non-huge page migration. A local, unprivileged user could use this flaw to crash the kernel by migrating transparent hugep ...

oval:org.secpod.oval:def:108395
The kernel package contains the Linux kernel , the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc.

oval:org.secpod.oval:def:501505
Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon . A malicious Samba client could send spe ...

oval:org.secpod.oval:def:501504
Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon . A malicious Samba client could send spe ...

oval:org.secpod.oval:def:501628
Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion reposi ...

oval:org.secpod.oval:def:24037
The host is installed with e2fsprogs before 1.42.9-7 on Redhat Enterprise Linux 7 and before 1.42.12-21 on Redhat Enterprise Linux 6 and is prone to a heap-based buffer overflow vulnerability. A flaw is present in the application, which causes a crafted block group descriptor to be marked as dirty. ...

oval:org.secpod.oval:def:501554
X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. A buffer over-read flaw was found in the way the X.Org server handled XkbGetGeometry requests. A malicious, authorized client co ...

oval:org.secpod.oval:def:1501042
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way the PHP module for the Apache httpd web server handled pipelined requests. A remote attacker could use this flaw to trigger the execution of a PHP script in a deinitialized interpreter, ...

oval:org.secpod.oval:def:1501060
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. An uninitialized pointer use flaw was found in PHP"s Exif ex ...

oval:org.secpod.oval:def:203664
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. An uninitialized pointer use flaw was found in PHP"s Exif ex ...

oval:org.secpod.oval:def:501590
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. An uninitialized pointer use flaw was found in PHP"s Exif ex ...

oval:org.secpod.oval:def:108520
The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols.

oval:org.secpod.oval:def:1600028
It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server. Note: In order to exploit this flaw, b ...

oval:org.secpod.oval:def:24041
The host is installed with QT through 3.3.6-26 on Red Hat Enterprise Linux 5, through 4.6.2-28 on Red Hat Enterprise Linux 6, and 4.8.5-8 on Red Hat Enterprise Linux 7 and is prone to a denial of service vulnerability. A flaw is present in the application, which does not properly calculate the masks ...

oval:org.secpod.oval:def:501779
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 protocol. An attacker can potentially use this flaw to de ...

oval:org.secpod.oval:def:1501386
A denial of service flaw was found in the way OpenSSL handled SSLv2 handshake messages. A remote attacker could use this flaw to cause a TLS/SSL server using OpenSSL to exit on a failed assertion if it had both the SSLv2 protocol and EXPORT-grade cipher suites enabled. It was discovered that the SSL ...

oval:org.secpod.oval:def:1501390
A denial of service flaw was found in the way OpenSSL handled SSLv2 handshake messages. A remote attacker could use this flaw to cause a TLS/SSL server using OpenSSL to exit on a failed assertion if it had both the SSLv2 protocol and EXPORT-grade cipher suites enabled. It was discovered that the SSL ...

oval:org.secpod.oval:def:501540
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. An invalid pointer use flaw was found in OpenSSL"s ASN1_TYPE_cmp function. A remote attacker could crash a TLS/SSL client or serve ...

oval:org.secpod.oval:def:23222
The host is installed with Oracle Java SE 5.0u75 and earlier, 6u85 and earlier, 7u72 and earlier or 8u25 and earlier and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle unknown vectors related to Hotspot. Successful exploitation could allow attac ...

oval:org.secpod.oval:def:109119
The OpenJDK runtime environment.

oval:org.secpod.oval:def:1200104
Multiple flaws were discovered in the 2D, CORBA, JMX, Libraries and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. A flaw was found in the way the Libraries component of OpenJDK verified Online Certificate Status Protocol ...

oval:org.secpod.oval:def:203670
The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Multiple flaws were discovered in the 2D, CORBA, JMX, Libraries and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java ...

oval:org.secpod.oval:def:203671
The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Multiple flaws were discovered in the 2D, CORBA, JMX, Libraries and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java ...

oval:org.secpod.oval:def:108866
The OpenJDK runtime environment.

oval:org.secpod.oval:def:501592
The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Multiple flaws were discovered in the 2D, CORBA, JMX, Libraries and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java ...

oval:org.secpod.oval:def:23221
The host is installed with Oracle Java SE 5.0u75 and earlier, 6u85 and earlier, 7u72 and earlier or 8u25 and earlier and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle unknown vectors related to Hotspot. Successful exploitation could allow attac ...

oval:org.secpod.oval:def:601940
Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, information disclosure or denial of service.

oval:org.secpod.oval:def:601937
Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, information disclosure or denial of service.

oval:org.secpod.oval:def:23234
The host is installed with Oracle Java SE 5.0u75 and earlier, 6u85 and earlier, 7u72 and earlier or 8u25 and earlier and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle unknown vectors related to Security. Successful exploitation could allow atta ...

oval:org.secpod.oval:def:23225
The host is installed with Oracle Java SE 5.0u75 and earlier, 6u85 and earlier, 7u72 and earlier or 8u25 and earlier and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to RMI. Successful exploitation could allow attackers to affe ...

oval:org.secpod.oval:def:23224
The host is installed with Oracle Java SE 6u85 and earlier, 7u72 and earlier or 8u25 and earlier and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to JAX-WS. Successful exploitation could allow attackers to affect confidentialit ...

oval:org.secpod.oval:def:203546
The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. A flaw was found in the way the Hotspot component in OpenJDK verified bytecode from the class files. An untrusted Java application or applet could possibly use this flaw to ...

oval:org.secpod.oval:def:203545
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. A flaw was found in the way the Hotspot component in OpenJDK verified bytecode from the class files. An untrusted Java application or applet could possibly use this flaw to ...

oval:org.secpod.oval:def:203543
The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. A flaw was found in the way the Hotspot component in OpenJDK verified bytecode from the class files. An untrusted Java application or applet could possibly use this flaw to ...

oval:org.secpod.oval:def:203548
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. A flaw was found in the way the Hotspot component in OpenJDK verified bytecode from the class files. An untrusted Java application or applet could possibly use this flaw to ...

oval:org.secpod.oval:def:203547
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. A flaw was found in the way the Hotspot component in OpenJDK verified bytecode from the class files. An untrusted Java application or applet could possibly use this flaw to ...

oval:org.secpod.oval:def:203539
The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. A flaw was found in the way the Hotspot component in OpenJDK verified bytecode from the class files. An untrusted Java application or applet could possibly use this flaw to ...

oval:org.secpod.oval:def:23618
The host is missing a patch containing a security fixes, which affects the following package(s): Java

oval:org.secpod.oval:def:1500883
Updated java-1.7.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are avai ...

oval:org.secpod.oval:def:1500886
Updated java-1.7.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are ...

oval:org.secpod.oval:def:1500888
Updated java-1.6.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings ...

oval:org.secpod.oval:def:1500889
Updated java-1.6.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings ...

oval:org.secpod.oval:def:1500891
Updated java-1.7.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are ...

oval:org.secpod.oval:def:1500892
Updated java-1.6.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings ...

oval:org.secpod.oval:def:501486
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. A flaw was found in the way the Hotspot component in OpenJDK verified bytecode from the class files. An untrusted Java application or applet could possibly use this flaw to ...

oval:org.secpod.oval:def:501489
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. A flaw was found in the way the Hotspot component in OpenJDK verified bytecode from the class files. An untrusted Java application or applet could possibly use this flaw to ...

oval:org.secpod.oval:def:501491
The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. A flaw was found in the way the Hotspot component in OpenJDK verified bytecode from the class files. An untrusted Java application or applet could possibly use this flaw to ...

oval:org.secpod.oval:def:1200086
A flaw was found in the way the Hotspot component in OpenJDK verified bytecode from the class files. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions. Multiple improper permission check issues were discovered in the JAX-WS, and RMI components i ...

oval:org.secpod.oval:def:1200041
A flaw was found in the way the Hotspot component in OpenJDK verified bytecode from the class files. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions. Multiple improper permission check issues were discovered in the JAX-WS, and RMI components i ...

oval:org.secpod.oval:def:702395
openjdk-7: Open Source Java implementation Several security issues were fixed in OpenJDK 7.

oval:org.secpod.oval:def:702397
openjdk-6: Open Source Java implementation Several security issues were fixed in OpenJDK 6.

oval:org.secpod.oval:def:24540
The host is installed with MySQL 5.1.73 and earlier on Red Hat Enterprise Linux 6, MySQL 5.0.95 and earlier on Red Hat Enterprise Linux 5, mariadb 5.5.41 and earlier on Red Hat Enterprise Linux 7 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handl ...

oval:org.secpod.oval:def:203540
The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Multiple flaws were found in the way the Hotspot component in OpenJDK verified bytecode from the class files, and in the way this component generated code for bytecode. An ...

oval:org.secpod.oval:def:1200135
Multiple flaws were found in the way the Hotspot component in OpenJDK verified bytecode from the class files, and in the way this component generated code for bytecode. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions. Multiple improper permi ...

oval:org.secpod.oval:def:1500884
Updated java-1.8.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are avai ...

oval:org.secpod.oval:def:501490
The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Multiple flaws were found in the way the Hotspot component in OpenJDK verified bytecode from the class files, and in the way this component generated code for bytecode. An ...

oval:org.secpod.oval:def:108424
MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files.

oval:org.secpod.oval:def:24542
The host is installed with MySQL 5.1.73 and earlier on Red Hat Enterprise Linux 6, MySQL 5.0.95 and earlier on Red Hat Enterprise Linux 5, mariadb 5.5.41 and earlier on Red Hat Enterprise Linux 7 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handl ...

oval:org.secpod.oval:def:501556
The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the ...

oval:org.secpod.oval:def:501557
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the ...

oval:org.secpod.oval:def:501559
The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the ...

oval:org.secpod.oval:def:24539
The host is installed with MySQL 5.1.73 and earlier on Red Hat Enterprise Linux 6, MySQL 5.0.95 and earlier on Red Hat Enterprise Linux 5, mariadb 5.5.41 and earlier on Red Hat Enterprise Linux 7 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handl ...

oval:org.secpod.oval:def:24541
The host is installed with MySQL 5.1.73 and earlier on Red Hat Enterprise Linux 6, MySQL 5.0.95 and earlier on Red Hat Enterprise Linux 5, mariadb 5.5.41 and earlier on Red Hat Enterprise Linux 7 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handl ...

oval:org.secpod.oval:def:24545
The host is installed with MySQL 5.1.73 and earlier on Red Hat Enterprise Linux 6, MySQL 5.0.95 and earlier on Red Hat Enterprise Linux 5, mariadb 5.5.41 and earlier on Red Hat Enterprise Linux 7 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handl ...

oval:org.secpod.oval:def:501602
Wireshark, previously known as Ethereal, is a network protocol analyzer, which is used to capture and browse the traffic running on a computer network. Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or op ...

oval:org.secpod.oval:def:501549
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:501551
Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A ...

oval:org.secpod.oval:def:501565
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:501546
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Two flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the pr ...

oval:org.secpod.oval:def:702453
firefox: Mozilla Open Source web browser Details: USN-2505-1 fixed vulnerabilities in Firefox. This update removed the deprecated "-remote" command-line switch that some older software still depends on. This update fixes the problem. We apologize for the inconvenience. Original advisory US ...

oval:org.secpod.oval:def:702441
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:702446
thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird.

oval:org.secpod.oval:def:601976
Multiple security issues have been found in Icedove, Debian"s version of the Mozilla Thunderbird mail and news client: Multiple memory safety errors and implementation errors may lead to the execution of arbitrary code or information disclosure.

oval:org.secpod.oval:def:601972
Multiple security issues have been found in Iceweasel, Debian"s version of the Mozilla Firefox web browser: Multiple memory safety errors and implementation errors may lead to the execution of arbitrary code or information disclosure.

oval:org.secpod.oval:def:203583
Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A ...

oval:org.secpod.oval:def:203568
Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A ...

oval:org.secpod.oval:def:203567
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:203566
Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A ...

oval:org.secpod.oval:def:203565
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:203569
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:23669
The host is installed with Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fails to properly handle crafted content during IndexedDB index creation. Successful exploit ...

oval:org.secpod.oval:def:23670
The host is missing a critical security update according to Mozilla advisory, MFSA-2015-16. The update is required to fix an use-after-free vulnerability. A flaw is present in the applications, which fails to properly handle crafted content during IndexedDB index creation. Successful exploitation co ...

oval:org.secpod.oval:def:23637
The host is missing a critical security update according to Mozilla advisory, MFSA-2015-16. The update is required to fix an use-after-free vulnerability. A flaw is present in the applications, which fails to properly handle crafted content during IndexedDB index creation. Successful exploitation co ...

oval:org.secpod.oval:def:23636
The host is installed with Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fails to properly handle crafted content during IndexedDB index creation. Successful exploit ...

oval:org.secpod.oval:def:1500916
Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these ...

oval:org.secpod.oval:def:1500917
Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these ...

oval:org.secpod.oval:def:1500919
Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these ...

oval:org.secpod.oval:def:1500920
Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these ...

oval:org.secpod.oval:def:1500938
Multiple unspecified vulnerabilities in the browser engine in Mozilla Thunderbird before 31.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

oval:org.secpod.oval:def:204216
Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A ...

oval:org.secpod.oval:def:501503
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:501507
Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A ...

oval:org.secpod.oval:def:501506
Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A ...

oval:org.secpod.oval:def:501664
libwmf is a library for reading and converting Windows Metafile Format vector graphics. libwmf is used by applications such as GIMP and ImageMagick. It was discovered that libwmf did not correctly process certain WMF with embedded BMP images. By tricking a victim into opening a specially crafted W ...

oval:org.secpod.oval:def:501607
The grep utility searches through textual input for lines that contain a match to a specified pattern and then prints the matching lines. The GNU grep utilities include grep, egrep, and fgrep. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way grep parsed large l ...

oval:org.secpod.oval:def:24042
The host is installed with linux kernel through 2.6.32-504.12.2.el6 on Red Hat Enterprise Linux 6 and through 3.10.0-229.1.2.el7 on Red Hat Enterprise Linux 7 and is prone to a denial of service vulnerability. A flaw is present in the application, where a regular user could remove xattr permissions ...

oval:org.secpod.oval:def:501537
The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handled trust anchor management. A remote attacker coul ...

oval:org.secpod.oval:def:1200076
A use-after-free flaw was found in PHP"s OPcache extension. This flaw could possibly lead to a disclosure of portion of server memory. A NULL pointer dereference flaw was found in PHP"s pgsql extension. A specially crafted table name passed to function as pg_insert or pg_select could cause a PHP app ...

oval:org.secpod.oval:def:1200003
A use-after-free flaw was found in PHP"s OPcache extension. This flaw could possibly lead to a disclosure of portion of server memory. A NULL pointer dereference flaw was found in PHP"s pgsql extension. A specially crafted table name passed to function as pg_insert or pg_select could cause a PHP app ...

oval:org.secpod.oval:def:501858
The libtiff packages contain a library of functions for manipulating Tagged Image File Format files. Security Fix: * Multiple flaws have been discovered in libtiff. A remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code by tricking an ...

oval:org.secpod.oval:def:24036
The host is installed with e2fsprogs before 1.42.9-7 on Redhat Enterprise Linux 7 and before 1.42.12-21 on Redhat Enterprise Linux 6 and is prone to a heap-based buffer overflow vulnerability. A flaw is present in the application, which causes a crafted block group descriptor to be marked as dirty. ...

oval:org.secpod.oval:def:501609
LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and extend ...

oval:org.secpod.oval:def:501562
The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A buffer overflow flaw was found in the way glibc ...

oval:org.secpod.oval:def:501577
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. An invalid free flaw was found in the way OpenSSL handled certain DTLS handshake messages. A malicious DTLS client or server could ...

oval:org.secpod.oval:def:501649
The libXfont package provides the X.Org libXfont runtime library. X.Org is an open source implementation of the X Window System. An integer overflow flaw was found in the way libXfont processed certain Glyph Bitmap Distribution Format fonts. A malicious, local user could use this flaw to crash the ...

oval:org.secpod.oval:def:501788
The kernel packages contain the Linux kernel, the core of any Linux operating system. * It was found that the fix for CVE-2015-1805 incorrectly kept buffer offset and buffer length in sync on a failed atomic read, potentially resulting in a pipe buffer state corruption. A local, unprivileged user co ...

oval:org.secpod.oval:def:501576
The kernel packages contain the Linux kernel, the core of any Linux operating system. * It was found that the Linux kernel"s implementation of vectored pipe read and write functionality did not take into account the I/O vectors that were already processed when retrying after a failed atomic access o ...

oval:org.secpod.oval:def:501615
The libxml2 library is a development toolbox providing the implementation of various XML standards. A denial of service flaw was found in the way the libxml2 library parsed certain XML files. An attacker could provide a specially crafted XML file that, when parsed by an application using libxml2, co ...

oval:org.secpod.oval:def:25183
The host is installed with libidn on Red Hat Enterprise Linux 6 or 7 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle an invalid UTF-8 value. Successful exploitation could allow attackers to disclose sensitive information.

oval:org.secpod.oval:def:108666
The kernel package contains the Linux kernel , the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc.

oval:org.secpod.oval:def:24536
The host is installed with MySQL 5.1.73 and earlier on Red Hat Enterprise Linux 6, MySQL 5.0.95 and earlier on Red Hat Enterprise Linux 5, mariadb 5.5.41 and earlier on Red Hat Enterprise Linux 7 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handl ...

oval:org.secpod.oval:def:24543
The host is installed with MySQL 5.1.73 and earlier on Red Hat Enterprise Linux 6, MySQL 5.0.95 and earlier on Red Hat Enterprise Linux 5, mariadb 5.5.41 and earlier on Red Hat Enterprise Linux 7 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handl ...

oval:org.secpod.oval:def:24544
The host is installed with MySQL 5.1.73 and earlier on Red Hat Enterprise Linux 6, MySQL 5.0.95 and earlier on Red Hat Enterprise Linux 5, mariadb 5.5.41 and earlier on Red Hat Enterprise Linux 7 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handl ...

oval:org.secpod.oval:def:501571
Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A ...

oval:org.secpod.oval:def:501644
Network Security Services is a set of libraries designed to support cross-platform development of security-enabled client and server applications. A flaw was found in the way NSS verified certain ECDSA signatures. Under certain conditions, an attacker could use this flaw to conduct signature forge ...

oval:org.secpod.oval:def:501588
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:501591
Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. I ...

oval:org.secpod.oval:def:501614
Mailman is a program used to help manage e-mail discussion lists. It was found that mailman did not sanitize the list name before passing it to certain MTAs. A local attacker could use this flaw to execute arbitrary code as the user running mailman. It was found that mailman stored private email me ...

oval:org.secpod.oval:def:702513
php5: HTML-embedded scripting language interpreter Several security issues were fixed in PHP.

oval:org.secpod.oval:def:108765
PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ...

oval:org.secpod.oval:def:108766
PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ...

oval:org.secpod.oval:def:1200048
A buffer overflow vulnerability was found in PHP"s phar implementation. See https://bugs.php.net/bug.php?id=69324 for more details. A use-after-free flaw was found in PHP"s phar paths implementation. A malicious script author could possibly use this flaw to disclose certain portions of server memo ...

oval:org.secpod.oval:def:602132
Multiple vulnerabilities have been discovered in PHP: CVE-2015-4025 / CVE-2015-4026 Multiple function didn"t check for NULL bytes in path names. CVE-2015-4024 Denial of service when processing multipart/form-data requests. CVE-2015-4022 Integer overflow in the ftp_genlist function may result in deni ...

oval:org.secpod.oval:def:501624
The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. Multiple flaws were discovered in the 2D, CORBA, JMX, Libraries and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java ...

oval:org.secpod.oval:def:501594
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Multiple flaws were discovered in the 2D, CORBA, JMX, Libraries and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java ...

oval:org.secpod.oval:def:25185
The host is installed with kernel on Red Hat Enterprise Linux 6 or 7 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to properly handle fork(2) and close(2) system calls with an 'int80' entry. Successful exploitation could allow attackers to es ...

oval:org.secpod.oval:def:108760
The kernel package contains the Linux kernel , the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc.

oval:org.secpod.oval:def:25164
The host is installed with kernel on Red Hat Enterprise Linux 6 or 7 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle Router advertisements. Successful exploitation could allow attackers to crash the service.

oval:org.secpod.oval:def:501595
The kernel packages contain the Linux kernel, the core of any Linux operating system. * A NULL pointer dereference flaw was found in the way the Linux kernel"s virtual console implementation handled reference counting when accessing pseudo-terminal device files . A local, unprivileged attacker could ...

oval:org.secpod.oval:def:501616
The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. It was found that the libcurl library did not correctly handle partial literal IP addresses when parsing received HTTP cookies. An attacker ab ...

oval:org.secpod.oval:def:24537
The host is installed with curl 7.29.0 and earlier on Red Hat Enterprise Linux 7 or curl 7.19.7 and earlier on Red Hat Enterprise Linux 6 and is prone to in-correct re-use vulnerability. A flaw is present in the application, which does not properly re-use authenticated negotiate connections. Success ...

oval:org.secpod.oval:def:24538
The host is installed with curl 7.29.0 and earlier on Red Hat Enterprise Linux 7 or curl 7.19.7 and earlier on Red Hat Enterprise Linux 6 and is prone to in-correct re-use vulnerability. A flaw is present in the application, which does not properly re-use NTLM connections. Successful exploitation co ...

oval:org.secpod.oval:def:501586
PostgreSQL is an advanced object-relational database management system . A double-free flaw was found in the connection handling. An unauthenticated attacker could exploit this flaw to crash the PostgreSQL back end by disconnecting at approximately the same time as the authentication time out is tri ...

oval:org.secpod.oval:def:501726
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A NULL pointer derefernce flaw was found in the way OpenSSL verified signatures using the RSA PSS algorithm. A remote attacked cou ...

oval:org.secpod.oval:def:501740
The libldb packages provide an extensible library that implements an LDAP-like API to access remote LDAP servers, or use local TDB databases. A denial of service flaw was found in the ldb_wildcard_compare function of libldb. A remote attacker could send a specially crafted packet that, when processe ...

oval:org.secpod.oval:def:501610
The libuser library implements a standardized interface for manipulating and administering user and group accounts. Sample applications that are modeled after applications from the shadow password suite are included in these packages. Two flaws were found in the way the libuser library handled the ...

oval:org.secpod.oval:def:501650
The Simple Protocol for Independent Computing Environments is a remote display protocol for virtual environments. SPICE users can access a virtualized desktop or server from the local system or any system with network access to the server. SPICE is used in Red Hat Enterprise Linux for viewing virtu ...

oval:org.secpod.oval:def:501589
ABRT is a tool to help users to detect defects in applications and to create a bug report with all the information needed by a maintainer to fix it. It uses a plug-in system to extend its functionality. It was found that ABRT was vulnerable to multiple race condition and symbolic link flaws. A loca ...

oval:org.secpod.oval:def:25176
The host is installed with kernel on Red Hat Enterprise Linux 6 or 7 and is prone to a race condition vulnerability. A flaw is present in the application, which fails to properly handle set file permissions in certain conditions. Successful exploitation could allow attackers to execute crafted file ...

oval:org.secpod.oval:def:25784
php5: HTML-embedded scripting language interpreter Several security issues were fixed in PHP.

oval:org.secpod.oval:def:24535
The host is installed with ntp version 4.2.6 and earlier on Redhat Enterprise Linux 6 or on Redhat Enterprise Linux 7 and is prone to an endless loop vulnerability. A flaw is present in the application, which fails to handle MD5 symmetric keys on big-endian systems. Successful exploitation could all ...

oval:org.secpod.oval:def:1200183
Upstream reports that several bugs have been fixed as well as several security issues into some bundled libraries . All PHP 5.5 users are encouraged to upgrade to this version. Please see the upstream release notes for full details.

oval:org.secpod.oval:def:501841
The Network Time Protocol is used to synchronize a computer"s time with another referenced time source. It was found that because NTP"s access control was based on a source IP address, an attacker could bypass source IP restrictions and send malicious control and configuration packets by spoofing : ...

oval:org.secpod.oval:def:1200078
Upstream reports that several bugs have been fixed as well as several security issues into some bundled libraries . All PHP 5.6 users are encouraged to upgrade to this version. Please see the upstream release notes for full details.

oval:org.secpod.oval:def:702631
php5: HTML-embedded scripting language interpreter Several security issues were fixed in PHP.

oval:org.secpod.oval:def:1200021
Upstream reports that six security-related issues in PHP were fixed in this release, as well as several security issues in bundled sqlite library . All PHP 5.4 users are encouraged to upgrade to this version. Please see the upstream release notes for full details.

oval:org.secpod.oval:def:501632
SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL database w ...

oval:org.secpod.oval:def:501567
KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. An out-of-bounds memory access flaw was found in the way QEMU"s virtual Floppy Disk Controller handled FIFO buffer access wh ...

oval:org.secpod.oval:def:25172
The host is installed with kernel on Red Hat Enterprise Linux 6 or 7 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to properly handle rename operations. Successful exploitation could allow attackers to escalate privileges on the affected system.

oval:org.secpod.oval:def:108880
The kernel package contains the Linux kernel , the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc.

oval:org.secpod.oval:def:502001
The wireshark packages contain a network protocol analyzer used to capture and browse the traffic running on a computer network. Security Fix: * Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a ...

oval:org.secpod.oval:def:109466
RubyGems is the Ruby standard for publishing and managing third party libraries.

oval:org.secpod.oval:def:109430
RubyGems is the Ruby standard for publishing and managing third party libraries.

oval:org.secpod.oval:def:1200026
RubyGems provides the ability of a domain to direct clients to a separate host that is used to fetch gems and make API calls against. This mechanism is implemented via DNS, specificly a SRV record _rubygems._tcp under the original requested domain. RubyGems did not validate the hostname returned in ...

oval:org.secpod.oval:def:1200060
RubyGems provides the ability of a domain to direct clients to a separate host that is used to fetch gems and make API calls against. This mechanism is implemented via DNS, specificly a SRV record _rubygems._tcp under the original requested domain. RubyGems did not validate the hostname returned in ...

oval:org.secpod.oval:def:1200054
RubyGems provides the ability of a domain to direct clients to a separate host that is used to fetch gems and make API calls against. This mechanism is implemented via DNS, specificly a SRV record _rubygems._tcp under the original requested domain. RubyGems did not validate the hostname returned in ...

oval:org.secpod.oval:def:501573
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A flaw was found in the way the TLS protocol composes the Diffie-Hellman key exchange. A man-in-the-middle attacker could use thi ...

oval:org.secpod.oval:def:501584
Network Security Services is a set of libraries designed to support cross-platform development of security-enabled client and server applications. A flaw was found in the way the TLS protocol composes the Diffie-Hellman key exchange. A man-in-the-middle attacker could use this flaw to force the us ...

oval:org.secpod.oval:def:1200186
An integer underflow flaw leading to out-of-bounds memory access was found in the way PHP"s Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened. An integer overflow flaw leading to a heap based buffer overflow was ...

oval:org.secpod.oval:def:1200088
An integer underflow flaw leading to out-of-bounds memory access was found in the way PHP"s Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened. An integer overflow flaw leading to a heap based buffer overflow was ...

oval:org.secpod.oval:def:1200079
An integer underflow flaw leading to out-of-bounds memory access was found in the way PHP"s Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened. An integer overflow flaw leading to a heap based buffer overflow was ...

oval:org.secpod.oval:def:501597
The wpa_supplicant package contains an 802.1X Supplicant with support for WEP, WPA, WPA2 , and various EAP authentication methods. It implements key negotiation with a WPA Authenticator for client stations and controls the roaming and IEEE 802.11 authentication and association of the WLAN driver. An ...

oval:org.secpod.oval:def:501642
gdk-pixbuf is an image loading library that can be extended by loadable modules for new image formats. It is used by toolkits such as GTK+ or clutter. An integer overflow, leading to a heap-based buffer overflow, was found in the way gdk-pixbuf, an image loading library for GNOME, scaled certain bit ...

oval:org.secpod.oval:def:501626
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was discovered in Mozilla Firefox that could be used to violate the same-origin policy and inject web script into a non-privileged part of the built-in PDF file viewer . An attac ...

oval:org.secpod.oval:def:501629
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:501635
Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. N ...

oval:org.secpod.oval:def:501641
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privil ...

oval:org.secpod.oval:def:501658
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:501724
LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and extend ...

oval:org.secpod.oval:def:501600
The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND performed DNSSEC validation. An attacker able to make B ...

oval:org.secpod.oval:def:602213
Multiple vulnerabilities have been discovered in the PHP language: CVE-2015-4598 thoger at redhat dot com discovered that paths containing a NUL character were improperly handled, thus allowing an attacker to manipulate unexpected files on the server. CVE-2015-4643 Max Spelsberg discovered an intege ...

oval:org.secpod.oval:def:501752
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to cra ...

oval:org.secpod.oval:def:203888
MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a newer upstream version: MariaDB . Refer to the MariaDB Release Notes listed in the References section for a complete list of changes. Security Fix: * It wa ...

oval:org.secpod.oval:def:501666
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Multiple flaws were discovered in the CORBA, Libraries, RMI, Serialization, and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to c ...

oval:org.secpod.oval:def:501668
The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Multiple flaws were discovered in the CORBA, Libraries, RMI, Serialization, and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to c ...

oval:org.secpod.oval:def:501680
The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. Multiple flaws were discovered in the CORBA, Libraries, RMI, Serialization, and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to c ...

oval:org.secpod.oval:def:1501424
MariaDB is a community developed branch of MySQL. MariaDB is a multi-user, multi-threaded SQL database server. It is a client/server implementation consisting of a server daemon and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs and ...

oval:org.secpod.oval:def:501798
MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a newer upstream version: MariaDB . Refer to the MariaDB Release Notes listed in the References section for a complete list of changes. Security Fix: * It wa ...

oval:org.secpod.oval:def:1600337
wolfSSL before 3.6.8 does not properly handle faults associated with the Chinese Remainder Theorem process when allowing ephemeral key exchange without low memory optimizations on a server, which makes it easier for remote attackers to obtain private RSA keys by capturing TLS handshakes, also know ...

oval:org.secpod.oval:def:110198
MariaDB is a community developed branch of MySQL. MariaDB is a multi-user, multi-threaded SQL database server. It is a client/server implementation consisting of a server daemon and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs an ...

oval:org.secpod.oval:def:110278
MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files.

oval:org.secpod.oval:def:110258
MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files.

oval:org.secpod.oval:def:110256
MariaDB is a community developed branch of MySQL. MariaDB is a multi-user, multi-threaded SQL database server. It is a client/server implementation consisting of a server daemon and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs an ...

oval:org.secpod.oval:def:501657
KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. An information leak flaw was found in the way QEMU"s RTL8139 emulation implementation processed network packets under RTL8139 ...

oval:org.secpod.oval:def:26773
The host is installed with kernel on RHEL 6, or 7 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to properly handle IRET faults in processing NMIs that occurred during userspace execution. Successful exploitation could allow attackers to gain ...

oval:org.secpod.oval:def:501813
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * A flaw was found in the way the Linux kernel handled IRET faults during the processing of NMIs. An unprivileged, local user could use this flaw to crash the system or, potentially , escalate their p ...

oval:org.secpod.oval:def:501817
The IcedTea-Web project provides a Java web browser plug-in and an implementation of Java Web Start, which is based on the Netx project. It also contains a configuration tool for managing deployment settings for the plug-in and Web Start implementations. IcedTea-Web now also contains PolicyEditor - ...

oval:org.secpod.oval:def:501663
The Simple Protocol for Independent Computing Environments is a remote display protocol for virtual environments. SPICE users can access a virtualized desktop or server from the local system or any system with network access to the server. SPICE is used in Red Hat Enterprise Linux for viewing virtu ...

oval:org.secpod.oval:def:501676
The System Security Services Daemon service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch and the Pluggable Authentication Modules interfaces toward the system, and a pluggable back-end system to connect to ...

oval:org.secpod.oval:def:501686
PostgreSQL is an advanced object-relational database management system . A memory leak error was discovered in the crypt function of the pgCrypto extension. An authenticated attacker could possibly use this flaw to disclose a limited amount of the server memory. All PostgreSQL users are advised to ...

oval:org.secpod.oval:def:501669
The Network Time Protocol is used to synchronize a computer"s time with a referenced time source. It was discovered that ntpd as a client did not correctly check timestamps in Kiss-of-Death packets. A remote attacker could use this flaw to send a crafted Kiss-of-Death packet to an ntpd client that ...

oval:org.secpod.oval:def:501677
libreport provides an API for reporting different problems in applications to different bug targets, such as Bugzilla, FTP, and Trac. ABRT uses libreport. It was found that ABRT may have exposed unintended information to Red Hat Bugzilla during crash reporting. A bug in the libreport library caused ...

oval:org.secpod.oval:def:501747
Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A man-in-the-middle vulnerability was found in the way "connection signing" was implemented by ...

oval:org.secpod.oval:def:501748
Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A denial of service flaw was found in the LDAP server provided by the AD DC in the Samba process daemon. ...

oval:org.secpod.oval:def:501803
Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. The following packages have been upgraded to a newer upstream version: Samba . Ref ...

oval:org.secpod.oval:def:501805
Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: * Multiple flaws were found in Samba"s DCE/RPC protocol implementati ...

oval:org.secpod.oval:def:501648
The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the way BIND parsed certain malformed DNSSEC keys. ...

oval:org.secpod.oval:def:501659
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:501661
Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. T ...

oval:org.secpod.oval:def:501671
Network Security Services is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. A use-after-poison flaw and a heap-based buffer overf ...

oval:org.secpod.oval:def:501673
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:501715
Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A ...

oval:org.secpod.oval:def:501739
Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A ...

oval:org.secpod.oval:def:501732
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:501742
The rpcbind utility is a server that converts RPC program numbers into universal addresses. It must be running on the host to be able to make RPC calls on a server on that machine. A use-after-free flaw related to the PMAP_CALLIT operation and TCP/UDP connections was discovered in rpcbind. A remote ...

oval:org.secpod.oval:def:501766
The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A stack-based buffer overflow was found in the wa ...

oval:org.secpod.oval:def:501783
Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A flaw was found in the way Samba handled ACLs on symbolic links. An authenticated user could use this fl ...

oval:org.secpod.oval:def:501782
Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A flaw was found in the way Samba handled ACLs on symbolic links. An authenticated user could use this fl ...

oval:org.secpod.oval:def:501743
The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security . A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attack ...

oval:org.secpod.oval:def:501744
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packet ...

oval:org.secpod.oval:def:501746
Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS han ...

oval:org.secpod.oval:def:31657
The host is installed with ntp on Red Hat Enterprise Linux 5, 6 or 7 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle a packet with particular autokey operations. Successful exploitation could allow attackers to crash ntpd.

oval:org.secpod.oval:def:31658
The host is installed with ntp on Red Hat Enterprise Linux 5, 6 or 7 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle a packet with particular autokey operations. Successful exploitation could allow attackers to crash ntpd.

oval:org.secpod.oval:def:31663
The host is installed with ntp on Red Hat Enterprise Linux 5, 6 or 7 and is prone to a memory leak vulnerability. A flaw is present in the application, which fails to properly handle crafted data. Successful exploitation after several attempts could cause it to run out of memory

oval:org.secpod.oval:def:31659
The host is installed with ntp on Red Hat Enterprise Linux 5, 6 or 7 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle a packet with particular autokey operations. Successful exploitation could allow attackers to crash ntpd.

oval:org.secpod.oval:def:31662
The host is installed with ntp on Red Hat Enterprise Linux 5, 6 or 7 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle a large number of crafted requests. Successful exploitation could prevent clients from getting a usable reply f ...

oval:org.secpod.oval:def:31660
The host is installed with ntp on Red Hat Enterprise Linux 5, 6 or 7 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle an invalid length field. Successful exploitation could could cause a buffer overflow potentially resulting in m ...

oval:org.secpod.oval:def:31661
The host is installed with ntp on Red Hat Enterprise Linux 5, 6 or 7 and is prone to a buffer overflow vulnerability. A flaw is present in the application, which fails to properly handle crafted data. Successful exploitation could cause a buffer overflow potentially resulting in in null byte being w ...

oval:org.secpod.oval:def:31656
The host is installed with ntp on Red Hat Enterprise Linux 5, 6 or 7 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle a mode 6 or mode 7 packet containing an unusually long data. Successful exploitation could allow attackers to c ...

oval:org.secpod.oval:def:501838
The Network Time Protocol is used to synchronize a computer"s time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service. Security Fix: * It was found that the fix for CVE-2014-9 ...

oval:org.secpod.oval:def:501735
The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the way BIND processed certain records with malfor ...

oval:org.secpod.oval:def:400711
This update for the Linux Kernel 3.12.48-52_27 fixes several issues. The following security bugs were fixed: - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c in the Linux kernel did not ensure that a certain data structure is initialized, which allowed local users to cause a ...

oval:org.secpod.oval:def:400695
This update for the Linux Kernel 3.12.51-52_31 fixes several issues. The following security bugs were fixed: - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c in the Linux kernel did not ensure that a certain data structure is initialized, which allowed local users to cause a ...

oval:org.secpod.oval:def:501728
The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel"s file system implementation handled rename operations in which the source was inside and the destination was outside of a bind mount. A privileged user inside a conta ...

oval:org.secpod.oval:def:501758
The Network Time Protocol is used to synchronize a computer"s time with a referenced time source. It was discovered that ntpd as a client did not correctly check the originate timestamp in received packets. A remote attacker could use this flaw to send a crafted packet to an ntpd client that would ...

oval:org.secpod.oval:def:501720
The libxml2 library is a development toolbox providing the implementation of various XML standards. Several denial of service flaws were found in libxml2, a library providing support for reading, modifying, and writing XML and HTML files. A remote attacker could provide a specially crafted XML or HT ...

oval:org.secpod.oval:def:501995
OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fix: * It was discovered that the OpenSSH sshd daemon fetched PAM environment settings before running t ...

oval:org.secpod.oval:def:501725
The libpng packages contain a library of functions for creating and manipulating PNG image format files. It was discovered that the png_get_PLTE and png_set_PLTE functions of libpng did not correctly calculate the maximum palette sizes for bit depths of less than 8. In case an application tried to ...

oval:org.secpod.oval:def:400694
The SUSE Linux Enterprise 12 SP1 kernel was updated to 3.12.62 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2014-9904: The snd_compress_check_input function in sound/core/compress_offload.c in the ALSA subsystem in the Linux kernel did not properly check fo ...

oval:org.secpod.oval:def:203886
Foomatic is a comprehensive, spooler-independent database of printers, printer drivers, and driver descriptions. The package also includes spooler-independent command line interfaces to manipulate queues and to print files and manipulate print jobs. It was discovered that the unhtmlify function of f ...

oval:org.secpod.oval:def:1501411
Foomatic is a comprehensive, spooler-independent database of printers, printer drivers, and driver descriptions. The package also includes spooler-independent command line interfaces to manipulate queues and to print files and manipulate print jobs. It was discovered that the unhtmlify function of f ...

oval:org.secpod.oval:def:501792
Foomatic is a comprehensive, spooler-independent database of printers, printer drivers, and driver descriptions. The package also includes spooler-independent command line interfaces to manipulate queues and to print files and manipulate print jobs. It was discovered that the unhtmlify function of f ...

oval:org.secpod.oval:def:1600355
It was discovered that foomatic-rip failed to remove all shell special characters from inputs used to construct command lines for external programs run by the filter. An attacker could possibly use this flaw to execute arbitrary commands. It was discovered that the unhtmlify function of foomatic-rip ...

oval:org.secpod.oval:def:501790
Kerberos is a networked authentication system which allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos KDC. A memory leak flaw was found in the krb5_unparse_name function of the MIT Kerberos kadmind service. An authenticated attacker could r ...

oval:org.secpod.oval:def:501756
The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the way BIND processed certain malformed Address P ...

oval:org.secpod.oval:def:502002
The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix: * A stack overflow vulnerability was ...

oval:org.secpod.oval:def:502003
The libguestfs packages contain a library, which is used for accessing and modifying virtual machine disk images. Security Fix: * An integer conversion flaw was found in the way OCaml"s String handled its length. Certain operations on an excessively long String could trigger a buffer overflow or re ...

oval:org.secpod.oval:def:110878
The gd graphics library allows your code to quickly draw images complete with lines, arcs, text, multiple colors, cut and paste from other images, and flood fills, and to write out the result as a PNG or JPEG file. This is particularly useful in Web applications, where PNG and JPEG are two of the fo ...

oval:org.secpod.oval:def:1600430
A stack consumption vulnerability in GD in PHP allows remote attackers to cause a denial of service via a crafted imagefilltoborder call. An integer overflow, leading to a heap-based buffer overflow was found in the imagecreatefromgd2 function of PHP"s gd extension. A remote attacker could use this ...

oval:org.secpod.oval:def:110782
The gd graphics library allows your code to quickly draw images complete with lines, arcs, text, multiple colors, cut and paste from other images, and flood fills, and to write out the result as a PNG or JPEG file. This is particularly useful in Web applications, where PNG and JPEG are two of the fo ...

oval:org.secpod.oval:def:501750
The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to cra ...

oval:org.secpod.oval:def:501755
The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to cra ...

oval:org.secpod.oval:def:702944
mysql-5.6: MySQL database - mysql-5.5: MySQL database Several security issues were fixed in MySQL.

oval:org.secpod.oval:def:602353
Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.47

oval:org.secpod.oval:def:602351
Several issues have been discovered in the MariaDB database server. The vulnerabilities are addressed by upgrading MariaDB to the new upstream version 10.0.23. Please see the MariaDB 10.0 Release Notes for further details: https://mariadb.com/kb/en/mariadb/mariadb-10023-release-notes/

oval:org.secpod.oval:def:501794
The java-1.8.0-openjdk packages contain the latest version of the Open Java Development Kit , OpenJDK 8. These packages provide a fully compliant implementation of Java SE 8. Security Fix: * An improper type safety check was discovered in the Hotspot component. An untrusted Java application or apple ...

oval:org.secpod.oval:def:501793
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit for compiling and executing Java programs. Security Fix: * An improper type safety check was discovered in the Hotspot component. An untrusted Java application or applet cou ...

oval:org.secpod.oval:def:1600404
A double-free flaw was found in the way OpenSSL parsed certain malformed DSA private keys. An attacker could create specially crafted DSA private keys that, when processed by an application compiled against OpenSSL, could cause the application to crash. The ssl_verify_server_cert function in sql-co ...

oval:org.secpod.oval:def:703059
mysql-5.7: MySQL database Several security issues were fixed in MySQL.

oval:org.secpod.oval:def:703057
mysql-5.6: MySQL database - mysql-5.5: MySQL database Several security issues were fixed in MySQL.

oval:org.secpod.oval:def:110496
MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files.

oval:org.secpod.oval:def:110547
MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files.

oval:org.secpod.oval:def:400733
mariadb was updated to version 10.0.25 to fix 25 security issues. These security issues were fixed: - CVE-2016-0505: Unspecified vulnerability allowed remote authenticated users to affect availability via unknown vectors related to Options . - CVE-2016-0546: Unspecified vulnerability allowed local u ...

oval:org.secpod.oval:def:602526
Several issues have been discovered in the MariaDB database server. The vulnerabilities are addressed by upgrading MariaDB to the new upstream version 10.0.25. Please see the MariaDB 10.0 Release Notes for further details: https://mariadb.com/kb/en/mariadb/mariadb-10024-release-notes/ https://mariad ...

oval:org.secpod.oval:def:602477
Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.49

oval:org.secpod.oval:def:501808
The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix: * Multiple flaws were discovered in the Serialization and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to comp ...

oval:org.secpod.oval:def:501809
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix: * Multiple flaws were discovered in the Serialization and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to comp ...

oval:org.secpod.oval:def:501823
The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. Security Fix: * Multiple flaws were discovered in the Serialization and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to comp ...

oval:org.secpod.oval:def:34942
The host is installed with RHEL 6 or 7 and is prone to an out-of-bounds heap read vulnerability. A flaw is present in the application, which fails to handle a malformed input document. Successful exploitation could allow attackers to execute arbitrary code or crash the service.

oval:org.secpod.oval:def:501941
Expat is a C library for parsing XML documents. Security Fix: * An out-of-bounds read flaw was found in the way Expat processed certain input. A remote attacker could send specially crafted XML that, when parsed by an application using the Expat library, would cause that application to crash or, pos ...

oval:org.secpod.oval:def:111219
The Simple Protocol for Independent Computing Environments is a remote display system built for virtual environments which allows you to view a computing 'desktop' environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine a ...

oval:org.secpod.oval:def:110890
The Simple Protocol for Independent Computing Environments is a remote display system built for virtual environments which allows you to view a computing 'desktop' environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine a ...

oval:org.secpod.oval:def:1501490
The Simple Protocol for Independent Computing Environments is a remote display protocol for virtual environments. SPICE users can access a virtualized desktop or server from the local system or any system with network access to the server. SPICE is used in Red Hat Enterprise Linux for viewing virtu ...

oval:org.secpod.oval:def:1501489
The Simple Protocol for Independent Computing Environments is a remote display protocol for virtual environments. SPICE users can access a virtualized desktop or server from the local system or any system with network access to the server. SPICE is used in Red Hat Enterprise Linux for viewing virtu ...

oval:org.secpod.oval:def:203946
The Simple Protocol for Independent Computing Environments is a remote display system built for virtual environments which allows the user to view a computing "desktop" environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine arch ...

oval:org.secpod.oval:def:203945
The Simple Protocol for Independent Computing Environments is a remote display protocol for virtual environments. SPICE users can access a virtualized desktop or server from the local system or any system with network access to the server. SPICE is used in Red Hat Enterprise Linux for viewing virtu ...

oval:org.secpod.oval:def:501835
The Simple Protocol for Independent Computing Environments is a remote display protocol for virtual environments. SPICE users can access a virtualized desktop or server from the local system or any system with network access to the server. SPICE is used in Red Hat Enterprise Linux for viewing virtu ...

oval:org.secpod.oval:def:501834
The Simple Protocol for Independent Computing Environments is a remote display system built for virtual environments which allows the user to view a computing "desktop" environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine arch ...

oval:org.secpod.oval:def:602528
Several vulnerabilities were discovered in spice, a SPICE protocol client and server library. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2016-0749 Jing Zhao of Red Hat discovered a memory allocation flaw, leading to a heap-based buffer overflow in spice"s ...

oval:org.secpod.oval:def:703168
spice: SPICE protocol client and server library Several security issues were fixed in Spice.

oval:org.secpod.oval:def:400806
This update for the Linux Kernel 3.12.55-52_45 fixes several issues. The following security bugs were fixed: - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c in the Linux kernel did not ensure that a certain data structure is initialized, which allowed local users to cause a ...

oval:org.secpod.oval:def:400766
This update for the Linux Kernel 3.12.51-52_39 fixes several issues. The following security bugs were fixed: - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c in the Linux kernel did not ensure that a certain data structure is initialized, which allowed local users to cause a ...

oval:org.secpod.oval:def:400749
This update for the Linux Kernel 3.12.44-52_18 fixes several issues. The following security bugs were fixed: - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c in the Linux kernel did not ensure that a certain data structure is initialized, which allowed local users to cause a ...

oval:org.secpod.oval:def:400728
This update for the Linux Kernel 3.12.51-52_34 fixes several issues. The following security bugs were fixed: - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c in the Linux kernel did not ensure that a certain data structure is initialized, which allowed local users to cause a ...

oval:org.secpod.oval:def:400657
This update for the Linux Kernel 3.12.55-52_42 fixes several issues. The following security bugs were fixed: - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c in the Linux kernel did not ensure that a certain data structure is initialized, which allowed local users to cause a ...

oval:org.secpod.oval:def:501775
PostgreSQL is an advanced object-relational database management system . An integer overflow flaw, leading to a heap-based buffer overflow, was found in the PostgreSQL handling code for regular expressions. A remote attacker could use a specially crafted regular expression to cause PostgreSQL to cra ...

oval:org.secpod.oval:def:501776
The libssh2 packages provide a library that implements the SSHv2 protocol. A type confusion issue was found in the way libssh2 generated ephemeral secrets for the diffie-hellman-group1 and diffie-hellman-group14 key exchange methods. This would cause an SSHv2 Diffie-Hellman handshake to use signific ...

oval:org.secpod.oval:def:501773
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 protocol. An attacker can potentially use this flaw to de ...

oval:org.secpod.oval:def:501822
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to creat ...

oval:org.secpod.oval:def:501969
The squid34 packages provide version 3.4 of Squid, a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fix: * It was found that squid did not properly remove connection specific headers when answering conditional requests using a cached re ...

oval:org.secpod.oval:def:501994
Virtual Network Computing is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. The tigerv ...

oval:org.secpod.oval:def:36409
The host is installed with Perl on RHEL 5, 6 or 7 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploiation could allow attackers to access directories without permissions.

oval:org.secpod.oval:def:501786
The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the way BIND parsed signature records for DNAME re ...

oval:org.secpod.oval:def:501765
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Multiple security flaws were found in the graphite2 font library shipped with Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbi ...

oval:org.secpod.oval:def:110892
The kernel meta package

oval:org.secpod.oval:def:110801
The kernel meta package

oval:org.secpod.oval:def:110812
The kernel meta package

oval:org.secpod.oval:def:501933
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * It was found that stacking a file system over procfs in the Linux kernel could lead to a kernel stack overflow due to deep nesting, as demonstrated by mounting ecryptfs over procfs and creating a re ...

oval:org.secpod.oval:def:501761
KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. An out-of-bounds read/write flaw was discovered in the way QEMU"s Firmware Configuration device emulation processed certain f ...

oval:org.secpod.oval:def:1501504
The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fix: A heap-based buffer overflow flaw was found in the way libxml2 parsed certain crafted XML input. A remote attacker could provide a specially crafted XML file that, when opened in an appl ...

oval:org.secpod.oval:def:1501506
The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fix: A heap-based buffer overflow flaw was found in the way libxml2 parsed certain crafted XML input. A remote attacker could provide a specially crafted XML file that, when opened in an appl ...

oval:org.secpod.oval:def:1600423
A heap-based buffer overflow flaw was found in the way libxml2 parsed certain crafted XML input. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or execute arbitrary code with the permission ...

oval:org.secpod.oval:def:203957
The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fix: A heap-based buffer overflow flaw was found in the way libxml2 parsed certain crafted XML input. A remote attacker could provide a specially crafted XML file that, when opened in an appl ...

oval:org.secpod.oval:def:203956
The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fix: A heap-based buffer overflow flaw was found in the way libxml2 parsed certain crafted XML input. A remote attacker could provide a specially crafted XML file that, when opened in an appl ...

oval:org.secpod.oval:def:400734
This update for libxml2 fixes the following security issues: - CVE-2016-2073, CVE-2015-8806, CVE-2016-1839: A Heap-buffer overread was fixed in libxml2/dict.c [bsc#963963, bsc#965283, bsc#981114]. - CVE-2016-4483: Code was added to avoid an out of bound access when serializing malformed strings [bsc ...

oval:org.secpod.oval:def:501844
The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fix: A heap-based buffer overflow flaw was found in the way libxml2 parsed certain crafted XML input. A remote attacker could provide a specially crafted XML file that, when opened in an appl ...

oval:org.secpod.oval:def:34933
The host is installed with RHEL 6 or 7 and is prone to a heap-based buffer overread vulnerability. A flaw is present in the application, which fails to handle a crafted xml document. Successful exploitation could allow attackers to execute arbitrary code or crash the service.

oval:org.secpod.oval:def:34287
The host is installed with Apple iTunes before 12.4.2 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation allows attackers to crash the service.

oval:org.secpod.oval:def:34941
The host is installed with RHEL 6 or 7 and is prone to a heap-based use-after-free vulnerability. A flaw is present in the application, which fails to handle a crafted xml document. Successful exploitation could allow attackers to execute arbitrary code or crash the service.

oval:org.secpod.oval:def:34936
The host is installed with RHEL 6 or 7 and is prone to a heap-based use-after-free vulnerability. A flaw is present in the application, which fails to handle a crafted xml document. Successful exploitation could allow attackers to execute arbitrary code or crash the service.

oval:org.secpod.oval:def:34937
The host is installed with RHEL 6 or 7 and is prone to a heap-based use-after-free vulnerability. A flaw is present in the application, which fails to handle a crafted xml document. Successful exploitation could allow attackers to execute arbitrary code or crash the service.

oval:org.secpod.oval:def:34934
The host is installed with RHEL 6 or 7 and is prone to a heap-based buffer overread vulnerability. A flaw is present in the application, which fails to handle a crafted xml document. Successful exploitation could allow attackers to execute arbitrary code or crash the service.

oval:org.secpod.oval:def:34935
The host is installed with RHEL 6 or 7 and is prone to a heap-based buffer overflow vulnerability. A flaw is present in the application, which fails to handle a crafted xml document. Successful exploitation could allow attackers to execute arbitrary code or crash the service.

oval:org.secpod.oval:def:34932
The host is installed with RHEL 6 or 7 and is prone to a heap-based buffer overflow vulnerability. A flaw is present in the application, which fails to handle a crafted xml document. Successful exploitation could allow attackers to execute arbitrary code or crash the service.

oval:org.secpod.oval:def:34938
The host is installed with RHEL 6 or 7 and is prone to a heap-based buffer overread vulnerability. A flaw is present in the application, which fails to handle a crafted xml document. Successful exploitation could allow attackers to execute arbitrary code or crash the service.

oval:org.secpod.oval:def:34939
The host is installed with RHEL 6 or 7 and is prone to a heap-based buffer overread vulnerability. A flaw is present in the application, which fails to handle a crafted xml document. Successful exploitation could allow attackers to execute arbitrary code or crash the service.

oval:org.secpod.oval:def:36255
The host is missing a security update according to Apple advisory APPLE-SA-2016-07-18-6. The update is required to fix multiple memory corruption vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows attackers to crash the servi ...

oval:org.secpod.oval:def:501770
Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. R ...

oval:org.secpod.oval:def:501759
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:501777
Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-util package provides a set of utilities for NSS and the Softoken module. A heap-based buffer overflow flaw was found in the way NSS parsed ...

oval:org.secpod.oval:def:501785
Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. M ...

oval:org.secpod.oval:def:501839
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:501801
Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-util packages provide utilities for use with the Network Security Services libraries. Netscape Portable Runtime provides platform independ ...

oval:org.secpod.oval:def:38608
The host is installed with samba4 or samba and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which fails to properly handle kerberos. An attacker who successfully exploited this vulnerability could watch password changes in Samba

oval:org.secpod.oval:def:501853
Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. Security Fix: * A flaw was found in the way Samba initiated signed DCE/RPC connections. A man-in-the-midd ...

oval:org.secpod.oval:def:501996
Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: * It was found that Samba always requested forwardable tickets when ...

oval:org.secpod.oval:def:502005
Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. Security Fix: * It was found that Samba always requested forwardable tickets when using Kerberos authenti ...

oval:org.secpod.oval:def:35816
spice: SPICE protocol client and server library Several security issues were fixed in Spice.

oval:org.secpod.oval:def:36844
The host is installed with OpenSSL or NSS and is prone to a birthday attack vulnerability. A flaw is present in 3DES cipher as used in TLS protocol, which fails to renegotiate running connections. Successful exploitation could allow attackers to recover partial plaintext information.

oval:org.secpod.oval:def:36843
The host is installed with OpenSSL 1.0.1 through 1.0.1t or 1.0.2 through 1.0.2h and is prone to a sweet32 birthday attack vulnerability. A flaw is present in Triple-DES, which fails to handle a crafted Javascript. Successful exploitation allows remote attackers to send enough traffic to cause a coll ...

oval:org.secpod.oval:def:38740
The host is installed with Oracle Java SE through 6u131, 7u121 or 8u112 and is prone to an unspecified vulnerability. A flaw is present in the applications, which fail to handle vectors related to Libraries. Successful exploitation allows attackers to affect Confidentiality.

oval:org.secpod.oval:def:501797
Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work ...

oval:org.secpod.oval:def:501833
The Network Time Protocol is used to synchronize a computer"s time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service. Security Fix: * It was found that when NTP was configure ...

oval:org.secpod.oval:def:501874
The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Security Fix: * A denial of service flaw was found in the way BIND constructed a respons ...

oval:org.secpod.oval:def:501827
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 38.8.0. Security Fix: * Two flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitr ...

oval:org.secpod.oval:def:501812
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.1.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:501836
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.2.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:501846
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.2.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ...

oval:org.secpod.oval:def:501869
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.3.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ...

oval:org.secpod.oval:def:501936
Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-util packages provide utilities for use with the Network Security Services libraries. The following packages have been upgraded to a newer ...

oval:org.secpod.oval:def:501885
The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Security Fix: * A denial of service flaw was found in the way BIND handled packets with ...

oval:org.secpod.oval:def:501983
Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix: * Quick emulator built with the Cirrus CLGD 54xx VGA emulator support is vulnerabl ...

oval:org.secpod.oval:def:703228
linux-snapdragon: Linux kernel for Snapdragon Processors Several security issues were fixed in the kernel.

oval:org.secpod.oval:def:703225
linux-raspi2: Linux kernel for Raspberry Pi 2 Several security issues were fixed in the kernel.

oval:org.secpod.oval:def:501851
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix: * Multiple flaws were discovered in the Hotspot and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to complete ...

oval:org.secpod.oval:def:501850
The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix: * Multiple flaws were discovered in the Hotspot and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to complete ...

oval:org.secpod.oval:def:501867
The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. Security Fix: * An insufficient bytecode verification flaw was discovered in the Hotspot component in OpenJDK. An untrusted Java application or applet could use this flaw t ...

oval:org.secpod.oval:def:35693
The host is installed with RHEL 6 or 7 and is prone to a stack overflow vulnerability. A flaw is present in the application, which fails to properly handle crafted xml file. Successful exploitation could allow attackers to crash the service.

oval:org.secpod.oval:def:501821
KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm packages provide the user-space component for running virtual machines using KVM. Security Fix: * An out-of-bounds read/write access flaw was found in the way QEMU"s VGA emulation with VESA BIOS Extensions ...

oval:org.secpod.oval:def:502000
Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix: * An integer overflow flaw and an out-of-bounds read flaw were found in the way QEM ...

oval:org.secpod.oval:def:501819
ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. Security Fix: * It was discovered that ImageMagick did not properly sanitize certain input before passing it to the delegate functionality. A remote attacker could create a s ...

oval:org.secpod.oval:def:703178
linux: Linux kernel Several security issues were fixed in the kernel.

oval:org.secpod.oval:def:703177
linux-ti-omap4: Linux kernel for OMAP4 Several security issues were fixed in the kernel.

oval:org.secpod.oval:def:703230
linux-ti-omap4: Linux kernel for OMAP4 Several security issues were fixed in the kernel.

oval:org.secpod.oval:def:703233
linux: Linux kernel Several security issues were fixed in the kernel.

oval:org.secpod.oval:def:501830
Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fix: * A buffer overflow flaw was found in the way the Squid cachemgr.cgi utility processed remotely relayed Squid input. When the CGI interface utility is used, a remote attacke ...

oval:org.secpod.oval:def:501832
The "squid34" packages provide version 3.4 of Squid, a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Note that apart from "squid34", this version of Red Hat Enterprise Linux also includes the "squid" packages which ...

oval:org.secpod.oval:def:501999
The quagga packages contain Quagga, the free network-routing software suite that manages TCP/IP based protocols. Quagga supports the BGP4, BGP4+, OSPFv2, OSPFv3, RIPv1, RIPv2, and RIPng protocols, and is intended to be used as a Route Server and Route Reflector. Security Fix: * A stack-based buffer ...

oval:org.secpod.oval:def:35702
The host is installed with Adobe Flash Player before 11.2.202.626 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allow attackers to cause memory corruption or other unspecified impact.

oval:org.secpod.oval:def:35701
The host is installed with Adobe Flash Player before 11.2.202.626 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allow attackers to cause memory corruption or other unspecified impact.

oval:org.secpod.oval:def:35776
The host is installed with Adobe Flash Player before 18.0.0.360 or 19.x, 21.x through 22.x before 22.0.0.192 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation could allow attackers to cause code ...

oval:org.secpod.oval:def:35682
The host is missing a critical update according to Microsoft security bulletin, MS16-083. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fail to properly handle unknown vectors. Successful exploitation allows remote attackers to cause unspecif ...

oval:org.secpod.oval:def:35773
The host is missing a critical update according to Adobe advisory, APSB16-18. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle unknown vectors. Successful exploitation allows remote attackers to cause code execution.

oval:org.secpod.oval:def:35774
The host is missing a critical update according to Adobe advisory, APSB16-18. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle unknown vectors. Successful exploitation allows remote attackers to cause code execution.

oval:org.secpod.oval:def:35811
The host is missing a critical update according to Adobe advisory, APSB16-18. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle unknown vectors. Successful exploitation allows remote attackers to cause code execution.

oval:org.secpod.oval:def:35562
The host is installed with RHEL 6 or 7 and is prone to a heap-based buffer underreads vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:34288
The host is installed with Apple iTunes before 12.4.2 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation allows attackers to crash the service.

oval:org.secpod.oval:def:34289
The host is installed with Apple iTunes before 12.4.2 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation allows attackers to crash the service.

oval:org.secpod.oval:def:34291
The host is installed with Apple iTunes before 12.4.2 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle crafted XML document. Successful exploitation allows attackers to disclose user information.

oval:org.secpod.oval:def:501997
The subscription-manager packages provide programs and libraries to allow users to manage subscriptions and yum repositories from the Red Hat entitlement platform. The subscription-manager-migration-data package provides certificates for migrating a system from the legacy Red Hat Network Classic to ...

oval:org.secpod.oval:def:1501529
Linux kernel Several security issues were fixed in the kernel.

oval:org.secpod.oval:def:1501533
Linux kernel Several security issues were fixed in the kernel.

oval:org.secpod.oval:def:1501530
Linux kernel Several security issues were fixed in the kernel.

oval:org.secpod.oval:def:1501536
Linux kernel Several security issues were fixed in the kernel.

oval:org.secpod.oval:def:1501534
Linux kernel Several security issues were fixed in the kernel.

oval:org.secpod.oval:def:1501539
Linux kernel Several security issues were fixed in the kernel.

oval:org.secpod.oval:def:1501542
Linux kernel Several security issues were fixed in the kernel.

oval:org.secpod.oval:def:400803
This update for the Linux Kernel 3.12.60-52_54 fixes several issues. The following security bugs were fixed: - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c in the Linux kernel did not ensure that a certain data structure is initialized, which allowed local users to cause a ...

oval:org.secpod.oval:def:203979
The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated kernel packages include several security issues and numerous bug fixes, some of which you can see below. Space precludes documenting all of these bug fixes in this advisory. To see the complete list o ...

oval:org.secpod.oval:def:501857
The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated kernel packages include several security issues and numerous bug fixes, some of which you can see below. Space precludes documenting all of these bug fixes in this advisory. To see the complete list o ...

oval:org.secpod.oval:def:400667
This update for the Linux Kernel 3.12.60-52_49 fixes several issues. The following security bugs were fixed: - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c in the Linux kernel did not ensure that a certain data structure is initialized, which allowed local users to cause a ...

oval:org.secpod.oval:def:703231
linux: Linux kernel Several security issues were fixed in the kernel.

oval:org.secpod.oval:def:703222
linux-lts-vivid: Linux hardware enablement kernel from Vivid for Trusty Several security issues were fixed in the kernel.

oval:org.secpod.oval:def:703229
linux-lts-trusty: Linux hardware enablement kernel from Trusty for Precise Several security issues were fixed in the kernel.

oval:org.secpod.oval:def:35691
The host is installed with RHEL 6 or 7 and is prone to a memory allocation vulnerability. A flaw is present in the application, which fails to properly handle crafted symbolic links. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:501842
The setroubleshoot packages provide tools to help diagnose SELinux problems. When Access Vector Cache messages are returned, an alert can be generated that provides information about the problem and helps to track its resolution. The setroubleshoot-plugins package provides a set of analysis plugins ...

oval:org.secpod.oval:def:501837
ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. Security Fix: * It was discovered that ImageMagick did not properly sanitize certain input before using it to invoke processes. A remote attacker could create a specially cra ...

oval:org.secpod.oval:def:112278
This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX stream o ...

oval:org.secpod.oval:def:112275
This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX stream o ...

oval:org.secpod.oval:def:703519
libxml2: GNOME XML library Several security issues were fixed in libxml2.

oval:org.secpod.oval:def:501992
OpenJPEG is an open source library for reading and writing image files in JPEG2000 format. Security Fix: * Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in OpenJPEG. A specially crafted JPEG2000 image could cause an application using OpenJPEG to crash or, potent ...

oval:org.secpod.oval:def:703320
linux: Linux kernel The system could be made to run programs as an administrator.

oval:org.secpod.oval:def:703325
linux-raspi2: Linux kernel for Raspberry Pi 2 The system could be made to run programs as an administrator.

oval:org.secpod.oval:def:703316
linux-snapdragon: Linux kernel for Snapdragon Processors The system could be made to run programs as an administrator.

oval:org.secpod.oval:def:703315
linux: Linux kernel The system could be made to run programs as an administrator.

oval:org.secpod.oval:def:703319
linux-lts-trusty: Linux hardware enablement kernel from Trusty for Precise The system could be made to run programs as an administrator.

oval:org.secpod.oval:def:703318
linux-raspi2: Linux kernel for Raspberry Pi 2 The system could be made to run programs as an administrator.

oval:org.secpod.oval:def:703317
linux-ti-omap4: Linux kernel for OMAP4 The system could be made to run programs as an administrator.

oval:org.secpod.oval:def:1600463
CVE-2016-5195 kernel: mm: privilege escalation via MAP_PRIVATE COW breakageA race condition was found in the way the Linux kernel"s memory subsystem handled the copy-on-write breakage of private read-only memory mappings. An unprivileged local user could use this flaw to gain write access to otherw ...

oval:org.secpod.oval:def:204031
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * A race condition was found in the way the Linux kernel"s memory subsystem handled the copy-on-write breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to ...

oval:org.secpod.oval:def:204030
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * A race condition was found in the way the Linux kernel"s memory subsystem handled the copy-on-write breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to ...

oval:org.secpod.oval:def:204029
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * A race condition was found in the way the Linux kernel"s memory subsystem handled the copy-on-write breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to ...

oval:org.secpod.oval:def:37804
The host installed with kernel package on CentOS 5, 6 or 7 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to properly handle the copy-on-write (COW) breakage of private read-only memory mappings. Successful exploitation could allow attackers t ...

oval:org.secpod.oval:def:37803
The host installed with kernel package on RHEL 5, 6 or 7 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to properly handle the copy-on-write (COW) breakage of private read-only memory mappings. Successful exploitation could allow attackers to ...

oval:org.secpod.oval:def:111472
The kernel meta package

oval:org.secpod.oval:def:111470
The kernel meta package

oval:org.secpod.oval:def:501886
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * A race condition was found in the way the Linux kernel"s memory subsystem handled the copy-on-write breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to ...

oval:org.secpod.oval:def:501888
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * A race condition was found in the way the Linux kernel"s memory subsystem handled the copy-on-write breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to ...

oval:org.secpod.oval:def:501887
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * A race condition was found in the way the Linux kernel"s memory subsystem handled the copy-on-write breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to ...

oval:org.secpod.oval:def:1501609
A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on th ...

oval:org.secpod.oval:def:1501614
A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on th ...

oval:org.secpod.oval:def:1501611
A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on th ...

oval:org.secpod.oval:def:1501612
A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on th ...

oval:org.secpod.oval:def:1501617
A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on t ...

oval:org.secpod.oval:def:1501618
A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on th ...

oval:org.secpod.oval:def:1501616
A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on t ...

oval:org.secpod.oval:def:1501619
A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on th ...

oval:org.secpod.oval:def:602648
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2015-8956 It was discovered that missing input sanitising in RFCOMM Bluetooth socket handling may result in denial of service or information leak. CVE ...

oval:org.secpod.oval:def:1600433
It was found that nfsd is missing permissions check when setting ACL on files, this may allow a local users to gain access to any file by setting a crafted ACL. A flaw was found in the Linux kernel"s keyring handling code, where in key_reject_and_link an uninitialised variable would eventually lead ...

oval:org.secpod.oval:def:602546
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2015-7515, CVE-2016-2184, CVE-2016-2185, CVE-2016-2186, CVE-2016-2187, CVE-2016-3136, CVE-2016-3137, CVE-2016-3138, CVE-2016-3140 Ralf Spenneberg of O ...

oval:org.secpod.oval:def:400664
The SUSE Linux Enterprise 12 kernel was updated to 3.12.60 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2014-9717: fs/namespace.c in the Linux kernel processes MNT_DETACH umount2 system called without verifying that the MNT_LOCKED flag is unset, which allow ...

oval:org.secpod.oval:def:110622
The kernel meta package

oval:org.secpod.oval:def:110623
The kernel meta package

oval:org.secpod.oval:def:501855
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.3.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:501877
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.4.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ...

oval:org.secpod.oval:def:501873
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.4.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:501881
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Security Fix: * It was discovered that the Tomcat packages installed certain configuration files read by the Tomcat initialization script as writeable to the tomcat group. A member of the group or a malicio ...

oval:org.secpod.oval:def:501849
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es): * It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectl ...

oval:org.secpod.oval:def:501863
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix: * It was discovered that PHP did not properly protect against the HTTP_PROXY variable name clash. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a PHP script to ...

oval:org.secpod.oval:def:204128
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix: * A flaw was found in the way certain error conditions were handled by bzread function in PHP. An attacker could use this flaw to upload a specially crafted bz2 archive which, when parsed via the vuln ...

oval:org.secpod.oval:def:501893
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix: * A flaw was found in the way certain error conditions were handled by bzread function in PHP. An attacker could use this flaw to upload a specially crafted bz2 archive which, when parsed via the vuln ...

oval:org.secpod.oval:def:501859
KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm packages provide the user-space component for running virtual machines using KVM. Security Fix: * Quick emulator built with the virtio framework is vulnerable to an unbounded memory allocation issue. It was ...

oval:org.secpod.oval:def:501868
Red Hat Identity Management is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Security Fix: * An insufficient permission check issue was found in the way IPA server treats certificate revocation requests. A ...

oval:org.secpod.oval:def:1501634
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix: * A flaw was found in the way certain error conditions were handled by bzread function in PHP. An attacker could use this flaw to upload a specially crafted bz2 archive which, when parsed via the vuln ...

oval:org.secpod.oval:def:501935
389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. Security Fix: * It was found that 389 Directory Server was vulnerable to a flaw in which the default ACI cou ...

oval:org.secpod.oval:def:501856
Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fix: * It was found that the fix for CVE-2016-4051 released via RHSA-2016:1138 did not properly prevent the stack overflow in the munge_other_line function. A remote attacker cou ...

oval:org.secpod.oval:def:501871
The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file managers. ...

oval:org.secpod.oval:def:1501545
MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a newer upstream version: mariadb . Security Fix: * This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws c ...

oval:org.secpod.oval:def:1600443
It was found that the MariaDB client library did not properly check host names against server identities noted in the X.509 certificates when establishing secure connections using TLS/SSL. A man-in-the-middle attacker could possibly use this flaw to impersonate a server to a client. Unspecified vuln ...

oval:org.secpod.oval:def:203985
MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a newer upstream version: mariadb . Security Fix: * This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws c ...

oval:org.secpod.oval:def:501862
MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a newer upstream version: mariadb . Security Fix: * This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws c ...

oval:org.secpod.oval:def:502027
The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix: * An untrusted library search path flaw was found in the JCE component of OpenJDK. A local attacker could possibly use this flaw to cause a Java application u ...

oval:org.secpod.oval:def:502030
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix: * An untrusted library search path flaw was found in the JCE component of OpenJDK. A local attacker could possibly use this flaw to cause a Java application u ...

oval:org.secpod.oval:def:501884
The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix: * It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy function in certain cases. An untrusted Jav ...

oval:org.secpod.oval:def:501932
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix: * It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy function in certain cases. An untrusted Jav ...

oval:org.secpod.oval:def:501961
The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. Security Fix: * It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy function in certain cases. An untrusted Jav ...

oval:org.secpod.oval:def:1600493
It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrusted inputs. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application. This issue was addres ...

oval:org.secpod.oval:def:204084
The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix: * It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrusted inputs. A remote atta ...

oval:org.secpod.oval:def:204083
The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix: * It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrusted inputs. A remote atta ...

oval:org.secpod.oval:def:703461
openjdk-7: Open Source Java implementation Several security issues were fixed in OpenJDK 7.

oval:org.secpod.oval:def:703468
openjdk-6: Open Source Java implementation Several security issues were fixed in OpenJDK 6.

oval:org.secpod.oval:def:703438
openjdk-8: Open Source Java implementation Several security issues were fixed in OpenJDK 8.

oval:org.secpod.oval:def:204107
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix: * It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrusted inputs. A remote atta ...

oval:org.secpod.oval:def:204109
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix: * It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrusted inputs. A remote atta ...

oval:org.secpod.oval:def:204108
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix: * It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrusted inputs. A remote atta ...

oval:org.secpod.oval:def:501967
The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix: * It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrusted inputs. A remote atta ...

oval:org.secpod.oval:def:1600514
It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrusted inputs. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application. This issue was addres ...

oval:org.secpod.oval:def:501976
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix: * It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrusted inputs. A remote atta ...

oval:org.secpod.oval:def:36404
The host installed with kernel package on RHEL 5, 6 or 7 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle a networking challenge ack. Successful exploitation could allow attackers to determine the shared counter.

oval:org.secpod.oval:def:501864
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: * It ...

oval:org.secpod.oval:def:501866
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: It was found that the RFC 5961 challenge ACK rate limiting as implemented in the Linux kernel"s networking subsystem allowed an off-path attacker to leak certain information about a given connection b ...

oval:org.secpod.oval:def:703253
linux: Linux kernel Several security issues were fixed in the kernel.

oval:org.secpod.oval:def:703251
linux-ti-omap4: Linux kernel for OMAP4 Several security issues were fixed in the kernel.

oval:org.secpod.oval:def:703250
linux-snapdragon: Linux kernel for Snapdragon Processors Several security issues were fixed in the kernel.

oval:org.secpod.oval:def:703256
linux: Linux kernel Several security issues were fixed in the kernel.

oval:org.secpod.oval:def:703255
linux-raspi2: Linux kernel for Raspberry Pi 2 Several security issues were fixed in the kernel.

oval:org.secpod.oval:def:703254
linux-lts-trusty: Linux hardware enablement kernel from Trusty for Precise Several security issues were fixed in the kernel.

oval:org.secpod.oval:def:110832
PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ...

oval:org.secpod.oval:def:110828
PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ...

oval:org.secpod.oval:def:110829
PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ...

oval:org.secpod.oval:def:1501592
A flaw was found in the Linux kernel's keyring handling code, where in key_reject_and_link() an uninitialized variable would eventually lead to arbitrary free address which could allow attacker to use a use-after-free style attack. (CVE-2016-4470, Important). A heap-based buffer overflow vulnerabili ...

oval:org.secpod.oval:def:204020
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * A flaw was found in the Linux kernel"s keyring handling code, where in key_reject_and_link an uninitialized variable would eventually lead to arbitrary free address which could allow attacker to use ...

oval:org.secpod.oval:def:501878
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * A flaw was found in the Linux kernel"s keyring handling code, where in key_reject_and_link an uninitialized variable would eventually lead to arbitrary free address which could allow attacker to use ...

oval:org.secpod.oval:def:36105
libgd2: GD Graphics Library The GD library could be made to crash or run programs if it processed a specially crafted image file.

oval:org.secpod.oval:def:111056
The gd graphics library allows your code to quickly draw images complete with lines, arcs, text, multiple colors, cut and paste from other images, and flood fills, and to write out the result as a PNG or JPEG file. This is particularly useful in Web applications, where PNG and JPEG are two of the fo ...

oval:org.secpod.oval:def:602557
Several vulnerabilities were discovered in libgd2, a library for programmatic graphics creation and manipulation. A remote attacker can take advantage of these flaws to cause a denial-of-service against an application using the libgd2 library , or potentially to execute arbitrary code with the privi ...

oval:org.secpod.oval:def:703200
libgd2: GD Graphics Library The GD library could be made to crash or run programs if it processed a specially crafted image file.

oval:org.secpod.oval:def:36104
libgd2: GD Graphics Library The GD library could be made to crash or run programs if it processed a specially crafted image file.

oval:org.secpod.oval:def:1501558
Security vulnerabilities are present in kernel-uek and dtrace-modules

oval:org.secpod.oval:def:1501562
Security vulnerabilities are present in kernel-uek and dtrace-modules

oval:org.secpod.oval:def:1501583
Several vulnerabilities were discovered in OpenSSL: CVE-2016-2177 Guido Vranken discovered that OpenSSL uses undefined pointer arithmetic. Additional information can be found at https://www.openssl.org/blog/blog/2016/06/27/undefined-pointer-arithmetic/ CVE-2016-2178 Cesar Pereida, Billy Brumley and ...

oval:org.secpod.oval:def:1501581
Several vulnerabilities were discovered in OpenSSL: CVE-2016-2177 Guido Vranken discovered that OpenSSL uses undefined pointer arithmetic. Additional information can be found at https://www.openssl.org/blog/blog/2016/06/27/undefined-pointer-arithmetic/ CVE-2016-2178 Cesar Pereida, Billy Brumley and ...

oval:org.secpod.oval:def:1600457
It was discovered that OpenSSL did not always use constant time operations when computing Digital Signature Algorithm signatures. A local attacker could possibly use this flaw to obtain a private DSA key belonging to another user or service running on the same system. It was discovered that the Dat ...

oval:org.secpod.oval:def:204094
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * A memory leak flaw was found in the way OpenSSL handled TLS status request extension data during session renegotiat ...

oval:org.secpod.oval:def:204093
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * A memory leak flaw was found in the way OpenSSL handled TLS status request extension data during session renegotiat ...

oval:org.secpod.oval:def:37387
openssl: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL.

oval:org.secpod.oval:def:501879
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * A memory leak flaw was found in the way OpenSSL handled TLS status request extension data during session renegotiat ...

oval:org.secpod.oval:def:1501604
The host is installed with OpenSSL or NSS and is prone to a birthday attack vulnerability. A flaw is present in 3DES cipher as used in TLS protocol, which fails to renegotiate running connections. Successful exploitation could allow attackers to recover partial plaintext information.

oval:org.secpod.oval:def:501931
The libgcrypt library provides general-purpose implementations of various cryptographic algorithms. Security Fix: * A design flaw was found in the libgcrypt PRNG . An attacker able to obtain the first 580 bytes of the PRNG output could predict the following 20 bytes. Red Hat would like to thank Fel ...

oval:org.secpod.oval:def:602621
Several vulnerabilities were discovered in OpenSSL: CVE-2016-2177 Guido Vranken discovered that OpenSSL uses undefined pointer arithmetic. Additional information can be found at https://www.openssl.org/blog/blog/2016/06/27/undefined-pointer-arithmetic/ CVE-2016-2178 Cesar Pereida, Billy Brumley and ...

oval:org.secpod.oval:def:703280
openssl: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL.

oval:org.secpod.oval:def:38971
The host is missing a patch containing a security fixes, which affects the following package(s): openssl.base

oval:org.secpod.oval:def:37092
The host is installed with MySQL 5.1.73 and earlier on Red Hat Enterprise Linux 6, mariadb 5.5.50 and earlier on Red Hat Enterprise Linux 7 or mysql55-mysql 5.5.40-2.el5 and earlier and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to properly ha ...

oval:org.secpod.oval:def:501968
MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. Security Fix: * It was discovered that the MySQL logging functionality allowed writing to MySQL configuration files. An administrative database user, or a databa ...

oval:org.secpod.oval:def:501993
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Security Fix: * It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid character ...

oval:org.secpod.oval:def:501945
The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix: * It was discovered that the sudo noexec restricti ...

oval:org.secpod.oval:def:501960
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * A use-after-free vulnerability was found in the kernels socket recvmmsg subsystem. This may allow remote attackers to corrupt memory and may allow execution of arbitrary code. This corruption takes ...

oval:org.secpod.oval:def:501975
The Network Time Protocol is used to synchronize a computer"s time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service. Security Fix: * It was found that when ntp is configured ...

oval:org.secpod.oval:def:502007
The bash packages provide Bash , which is the default shell for Red Hat Enterprise Linux. Security Fix: * An arbitrary command injection flaw was found in the way bash processed the hostname value. A malicious DHCP server could use this flaw to execute arbitrary commands on the DHCP client machines ...

oval:org.secpod.oval:def:37411
The host is installed with policycoreutils on RHEL 6 or 7 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to handle characters pushed into the terminal's input buffer. Successful exploitation could allow an attacker to escape the sandbox.

oval:org.secpod.oval:def:501934
The policycoreutils packages contain the core policy utilities required to manage a SELinux environment. Security Fix: * It was found that the sandbox tool provided in policycoreutils was vulnerable to a TIOCSTI ioctl attack. A specially crafted program executed via the sandbox command could use thi ...

oval:org.secpod.oval:def:501998
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * It was discovered that a remote attacker could leverage the generation of IPv6 atomic fragments to trigger the use of fragmentation in an arbitrary IPv6 flow and could subsequently perform any type ...

oval:org.secpod.oval:def:502031
JasPer is an implementation of Part 1 of the JPEG 2000 image compression standard. Security Fix: Multiple flaws were found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code. Multiple flaws ...

oval:org.secpod.oval:def:502066
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * It was discovered that the HTTP parser in httpd incorrectly allowed certain characters not permitted by the HTTP protocol specification to appear unencoded in HTTP request headers. If ...

oval:org.secpod.oval:def:501925
The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Security Fix: * A denial of service flaw was found in the way BIND handled responses con ...

oval:org.secpod.oval:def:501962
The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Security Fix: * A denial of service flaw was found in the way BIND handled a query respo ...

oval:org.secpod.oval:def:501951
GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer-plugins-bad-free package contains a collection of plug-ins for GStreamer. Security Fix: * An integer overflow flaw, leading to a heap-based buffer overflow, was found in GStreamer"s VMware ...

oval:org.secpod.oval:def:501952
GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license. Security Fix: * Multiple flaws were discovered in GStreamer"s FLC/FLI/FLX m ...

oval:org.secpod.oval:def:502051
The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix: * A flaw was found in the way memory ...

oval:org.secpod.oval:def:502049
The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix: * A flaw was found in the way memory ...

oval:org.secpod.oval:def:1501897
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1501898
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1600716
Glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap ...

oval:org.secpod.oval:def:1501930
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:602946
The Qualys Research Labs discovered various problems in the dynamic linker of the GNU C Library which allow local privilege escalation by clashing the stack. For the full details, please refer to their advisory published at: https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt

oval:org.secpod.oval:def:204521
The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix: * A flaw was found in the way memory ...

oval:org.secpod.oval:def:204519
The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix: * A flaw was found in the way memory ...

oval:org.secpod.oval:def:112499
The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets ...

oval:org.secpod.oval:def:112488
The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets ...

oval:org.secpod.oval:def:703659
glibc: GNU C Library - eglibc: GNU C Library Gnu C library could be made to run programs as an administrator.

oval:org.secpod.oval:def:502117
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix: * It was discovered that the DCG implementation in the RMI component of OpenJDK failed to correctly handle references. A remote attacker could possibly use th ...

oval:org.secpod.oval:def:502069
The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix: * It was discovered that the DCG implementation in the RMI component of OpenJDK failed to correctly handle references. A remote attacker could possibly use th ...

oval:org.secpod.oval:def:502068
FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service server, designed to allow centralized authentication and authorization for a network. Security Fix: * An out-of-bounds write flaw was found in the way FreeRADIUS server handled certain attribute ...

oval:org.secpod.oval:def:502126
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * It was discovered that the httpd"s mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote ...

oval:org.secpod.oval:def:501978
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * An integer underflow leading to an out of bounds read flaw was found in OpenSSL. A remote attacker could possibly u ...

oval:org.secpod.oval:def:502004
The gnutls packages provide the GNU Transport Layer Security library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. The following packages have been upgraded to a later upstream version: gnutls . Security Fix: * A denial of service flaw was found in the way th ...

oval:org.secpod.oval:def:502025
Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-util packages provide utilities for use with the Network Security Services libraries. The following packages have been upgraded to a newer ...

oval:org.secpod.oval:def:703578
nss: Network Security Service library Several security issues were fixed in NSS.

oval:org.secpod.oval:def:502041
Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: * A remote code execution flaw was found in Samba. A malicious authe ...

oval:org.secpod.oval:def:502040
Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. Security Fix: * A remote code execution flaw was found in Samba. A malicious authenticated samba client, ...

oval:org.secpod.oval:def:502043
Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix: * A null pointer dereference flaw was found in the way NSS handled empty SSLv2 messages. An attacker could use this flaw to crash a se ...

oval:org.secpod.oval:def:502032
Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm package provides the user-space component for running virtual machines that use KVM. Security Fix: * A heap buffer overflow flaw was found in QEMU"s Cirrus CLGD 54xx VGA emulator"s V ...

oval:org.secpod.oval:def:502038
The libtirpc packages contain SunLib"s implementation of transport-independent remote procedure call documentation, which includes a library required by programs in the nfs-utils and rpcbind packages. Security Fix: * It was found that due to the way rpcbind uses libtirpc , a memory leak can occur w ...

oval:org.secpod.oval:def:502039
The rpcbind utility is a server that converts Remote Procedure Call program numbers into universal addresses. It must be running on the host to be able to make RPC calls on a server on that machine. Security Fix: * It was found that due to the way rpcbind uses libtirpc , a memory leak can occur whe ...

oval:org.secpod.oval:def:500147
The libpng packages contain a library of functions for creating and manipulating PNG image format files. A buffer overflow flaw was found in the way libpng processed certain PNG image files. An attacker could create a specially-crafted PNG image that, when opened, could cause an application using l ...

oval:org.secpod.oval:def:109133
PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ...

oval:org.secpod.oval:def:109159
PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ...

oval:org.secpod.oval:def:203655
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way the PHP module for the Apache httpd web server handled pipelined requests. A remote attacker could use this flaw to trigger the execution of a PHP script in a deinitialized interpreter, ...

oval:org.secpod.oval:def:501134
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was found that PHP did not properly handle file names with a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access res ...

oval:org.secpod.oval:def:501581
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way the PHP module for the Apache httpd web server handled pipelined requests. A remote attacker could use this flaw to trigger the execution of a PHP script in a deinitialized interpreter, ...

oval:org.secpod.oval:def:501390
The GNU Bourne Again shell is a shell and command language interpreter compatible with the Bourne shell . Bash is the default shell for Red Hat Enterprise Linux. A flaw was found in the way Bash evaluated certain specially crafted environment variables. An attacker could use this flaw to override or ...

oval:org.secpod.oval:def:501394
The GNU Bourne Again shell is a shell and command language interpreter compatible with the Bourne shell . Bash is the default shell for Red Hat Enterprise Linux. It was found that the fix for CVE-2014-6271 was incomplete, and Bash still allowed certain characters to be injected into other environme ...

oval:org.secpod.oval:def:502122
Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work ...

oval:org.secpod.oval:def:703845
libffi: Foreign Function Interface library A security issue was fixed in libffi.

oval:org.secpod.oval:def:42416
A new exploitation technique called key reinstallation attacks (KRACKs) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used group key (GTK) during a group ...

oval:org.secpod.oval:def:502152
The wpa_supplicant packages contain an 802.1X Supplicant with support for WEP, WPA, WPA2 , and various EAP authentication methods. They implement key negotiation with a WPA Authenticator for client stations and controls the roaming and IEEE 802.11 authentication and association of the WLAN driver. S ...

oval:org.secpod.oval:def:42415
A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or inject forged Wi-Fi packets by manipulating cryptograhpic handshakes used by the WPA2 protocol.

oval:org.secpod.oval:def:42414
A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or inject forged Wi-Fi packets by manipulating cryptograhpic handshakes used by the WPA2 protocol.

oval:org.secpod.oval:def:42420
A new exploitation technique called key reinstallation attacks (KRACKs) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used group key (GTK) during a Wirel ...

oval:org.secpod.oval:def:42210
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * A flaw was found in the way the Linux kernel loaded ELF executables. Provided that an application was built as Position Independent Executable , the loader could allow part of that application"s dat ...

oval:org.secpod.oval:def:502145
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * A flaw was found in the way the Linux kernel loaded ELF executables. Provided that an application was built as Position Independent Executable , the loader could allow part of that application"s dat ...

oval:org.secpod.oval:def:24754
The host is installed with mpfr in RHEL 6 or 7 and is prone to a buffer overflow vulnerability. A flaw is present in the application, which fails to properly allocate buffer. Successful exploitation could allow attackers to execute arbitrary code or crash the service.

oval:org.secpod.oval:def:502134
The bluez packages contain the following utilities for use in Bluetooth applications: hcitool, hciattach, hciconfig, bluetoothd, l2ping, start scripts , and pcmcia configuration files. Security Fix: * An information-disclosure flaw was found in the bluetoothd implementation of the Service Discovery ...

oval:org.secpod.oval:def:502137
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * A stack buffer overflow flaw was found in the way the Bluetooth subsystem of the Linux kernel processed pending L2CAP configuration responses from a client. On systems with the stack protection feat ...

oval:org.secpod.oval:def:502144
The dnsmasq packages contain Dnsmasq, a lightweight DNS forwarder and DHCP server. Security Fix: * A heap buffer overflow was found in dnsmasq in the code responsible for building DNS replies. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash or, potentially, exec ...

oval:org.secpod.oval:def:501738
KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. A heap-based buffer overflow flaw was discovered in the way QEMU"s AMD PC-Net II Ethernet Controller emulation received certa ...

CVE    169
CVE-2013-0219
CVE-2011-1576
CVE-2014-0249
CVE-2012-1568
...
*CPE
cpe:/o:redhat:enterprise_linux:6
XCCDF    1
xccdf_org.secpod_benchmark_general_RHEL_6

© 2013 SecPod Technologies