Download
| Alert*
|
oval:org.secpod.oval:def:1502089
The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:602558 Yves Younan of Cisco Talos discovered several vulnerabilities in the MXit protocol support in pidgin, a multi-protocol instant messaging client. A remote attacker can take advantage of these flaws to cause a denial of service , overwrite files, information disclosure, or potentially to execute arbit ... oval:org.secpod.oval:def:106079 Poppler, a PDF rendering library, is a fork of the xpdf PDF viewer developed by Derek Noonburg of Glyph and Cog, LLC. oval:org.secpod.oval:def:34244 poppler: PDF rendering library poppler could be made to crash or run programs if it opened a specially crafted file. oval:org.secpod.oval:def:106073 Poppler, a PDF rendering library, is a fork of the xpdf PDF viewer developed by Derek Noonburg of Glyph and Cog, LLC. oval:org.secpod.oval:def:108443 The FreeType engine is a free and portable font rendering engine, developed to provide advanced font support for a variety of platforms and environments. FreeType is a library which can open and manages font files as well as efficiently load, hint and render individual glyphs. FreeType is not a font ... oval:org.secpod.oval:def:602384 Aris Adamantiadis discovered that libssh, a tiny C SSH library, incorrectly generated a short ephemeral secret for the diffie-hellman-group1 and diffie-hellman-group14 key exchange methods. The resulting secret is 128 bits long, instead of the recommended sizes of 1024 and 2048 bits respectively. Th ... oval:org.secpod.oval:def:602327 David Golden of MongoDB discovered that File::Spec::canonpath in Perl returned untainted strings even if passed tainted input. This defect undermines taint propagation, which is sometimes used to ensure that unvalidated user input does not reach sensitive code. The oldstable distribution is not aff ... oval:org.secpod.oval:def:702969 gtk+2.0: GTK+ graphical user interface library - gtk+3.0: GTK+ graphical user interface library GTK+ could be made to crash or run programs as your login if it processed a specially crafted image. oval:org.secpod.oval:def:702968 eog: Eye of GNOME graphics viewer program Eye of GNOME could be made to crash or run programs as your login if it opened a specially crafted image. oval:org.secpod.oval:def:110328 Photos, like Documents, Music and Videos, is one of the core GNOME applications meant for find and reminding the user about her content. oval:org.secpod.oval:def:703136 glibc: GNU C Library - eglibc: GNU C Library Details: USN-2985-1 fixed vulnerabilities in the GNU C Library. The fix for CVE-2014-9761 introduced a regression which affected applications that use the libm library but were not fully restarted after the upgrade. This update removes the fix for CVE-201 ... oval:org.secpod.oval:def:703000 linux-lts-wily: Linux hardware enablement kernel from Wily for Trusty Details: USN-2908-2 fixed vulnerabilities in the Ubuntu 15.10 Linux kernel backported to Ubuntu 14.04 LTS. An incorrect locking fix caused a regression that broke graphics displays for Ubuntu 14.04 LTS guests running the Ubuntu 15 ... oval:org.secpod.oval:def:33125 The host is installed with Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65 or 8.x before 8.0.27 and is prone to a directory traversal vulnerability. A flaw is present in RequestUtil.java, which fails to handle a /.. (slash dot dot) in a pathname used by a web application in a getResource, getReso ... oval:org.secpod.oval:def:703110 samba: SMB/CIFS file, print, and login server for Unix Details: USN-2950-1 fixed vulnerabilities in Samba. The backported fixes introduced in Ubuntu 12.04 LTS caused interoperability issues. This update fixes compatibility with certain NAS devices, and allows connecting to Samba 3.6 servers by relax ... oval:org.secpod.oval:def:27090 The host is installed with Apple iTunes before 12.3 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a crafted web site. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:702430 freetype: FreeType 2 is a font engine library FreeType could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:27082 The host is installed with Apple iTunes before 12.3 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a crafted web site. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:27084 The host is installed with Apple iTunes before 12.3 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a crafted web site. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:27087 The host is installed with Apple iTunes before 12.3 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a crafted web site. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:27086 The host is installed with Apple iTunes before 12.3 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a crafted web site. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:27089 The host is installed with Apple iTunes before 12.3 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a crafted web site. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:702997 linux-lts-utopic: Linux hardware enablement kernel from Utopic for Trusty Details: USN-2909-1 fixed vulnerabilities in the Ubuntu 14.10 Linux kernel backported to Ubuntu 14.04 LTS. An incorrect locking fix caused a regression that broke graphics displays for Ubuntu 14.04 LTS guests running the Ubunt ... oval:org.secpod.oval:def:702999 linux: Linux kernel Details: USN-2908-1 fixed vulnerabilities in the Linux kernel for Ubuntu 15.10. An incorrect locking fix caused a regression that broke graphics displays for Ubuntu 15.10 guests running within VMWare virtual machines. This update fixes the problem. We apologize for the inconvenie ... oval:org.secpod.oval:def:702998 linux-lts-vivid: Linux hardware enablement kernel from Vivid for Trusty Details: USN-2910-1 fixed vulnerabilities in the Ubuntu 15.04 Linux kernel backported to Ubuntu 14.04 LTS. An incorrect locking fix caused a regression that broke graphics displays for Ubuntu 14.04 LTS guests running the Ubuntu ... oval:org.secpod.oval:def:1800125 Parsing the Rich Text Format character style index was insufficiently checked for validity. Documents can be constructed which dereference an iterator to the first entry of an empty STL container. Fixed In: libreoffice 5.1.4, libreoffice 5.2.0 oval:org.secpod.oval:def:110559 SSH is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the sec ... oval:org.secpod.oval:def:110422 SSH is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the sec ... oval:org.secpod.oval:def:32230 sosreport: Set of tools to gather troubleshooting data from a system sosreport could be made to expose sensitive information or overwrite files as the administrator. oval:org.secpod.oval:def:110588 QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system , including a processor and various peripherials. It can be used to launch differe ... oval:org.secpod.oval:def:110610 QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system , including a processor and various peripherials. It can be used to launch differe ... oval:org.secpod.oval:def:702923 libvirt: Libvirt virtualization toolkit Several security issues were fixed in libvirt. oval:org.secpod.oval:def:110368 QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system , including a processor and various peripherials. It can be used to launch differe ... oval:org.secpod.oval:def:110338 QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system , including a processor and various peripherials. It can be used to launch differe ... oval:org.secpod.oval:def:110318 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:110310 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:400783 This update for glibc fixes the following security issues: - CVE-2015-7547: A stack-based buffer overflow in getaddrinfo allowed remote attackers to cause a crash or execute arbitrary code via crafted and timed DNS responses - CVE-2015-8777: Insufficient checking of LD_POINTER_GUARD environment var ... oval:org.secpod.oval:def:400632 This update for glibc fixes the following security issues: - CVE-2015-7547: A stack-based buffer overflow in getaddrinfo allowed remote attackers to cause a crash or execute arbitrary code via crafted and timed DNS responses - CVE-2015-8777: Insufficient checking of LD_POINTER_GUARD environment var ... oval:org.secpod.oval:def:703131 glibc: GNU C Library - eglibc: GNU C Library Several security issues were fixed in the GNU C Library. oval:org.secpod.oval:def:52414 freetype: FreeType 2 is a font engine library FreeType could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:108438 The FreeType engine is a free and portable font rendering engine, developed to provide advanced font support for a variety of platforms and environments. FreeType is a library which can open and manages font files as well as efficiently load, hint and render individual glyphs. FreeType is not a font ... oval:org.secpod.oval:def:1501997 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:110483 The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets ... oval:org.secpod.oval:def:1600762 Unbounded stack allocation in catopen functionA stack based buffer overflow vulnerability was found in the catopen function. An excessively long string passed to the function could cause it to crash or, potentially, execute arbitrary code.Integer overflow in hcreate and hcreate_rAn integer overflow ... oval:org.secpod.oval:def:602376 Several vulnerabilities have been fixed in the GNU C Library, glibc. The first vulnerability listed below is considered to have critical impact. CVE-2015-7547 The Google Security Team and Red Hat discovered that the glibc host name resolver function, getaddrinfo, when processing AF_UNSPEC queries , ... oval:org.secpod.oval:def:1501806 The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix: * A stack overflow vulnerability was ... oval:org.secpod.oval:def:502002 The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix: * A stack overflow vulnerability was ... oval:org.secpod.oval:def:602373 Several vulnerabilities have been fixed in the GNU C Library, eglibc. The CVE-2015-7547 vulnerability listed below is considered to have critical impact. CVE-2014-8121 Robin Hack discovered that the nss_files database did not correctly implement enumeration interleaved with name-based or ID-based lo ... oval:org.secpod.oval:def:110356 WebKitGTK+ is the port of the portable web rendering engine WebKit to the GTK+ platform. oval:org.secpod.oval:def:703036 webkitgtk: Web content engine library for GTK+ Several security issues were fixed in WebKitGTK+. oval:org.secpod.oval:def:110313 WebKitGTK+ is the port of the portable web rendering engine WebKit to the GTK+ platform. This package contains WebKitGTK+ for GTK+ 3. oval:org.secpod.oval:def:110332 WebKitGTK+ is the port of the portable web rendering engine WebKit to the GTK+ platform. oval:org.secpod.oval:def:26090 The host is installed with Apple Safari before 6.2.8, 7.x before 7.1.8 or 8.x before 8.0.8 and is prone to an arbitrary code execution vulnerability. A flaw is present in the application, which fails to handle a crafted website. Successful exploitation may lead to an unexpected application terminati ... oval:org.secpod.oval:def:26092 The host is installed with Apple Safari before 6.2.8, 7.x before 7.1.8 or 8.x before 8.0.8 and is prone to an arbitrary code execution vulnerability. A flaw is present in the application, which fails to handle a crafted website. Successful exploitation may lead to an unexpected application terminati ... oval:org.secpod.oval:def:26093 The host is installed with Apple Safari before 6.2.8, 7.x before 7.1.8 or 8.x before 8.0.8 and is prone to an arbitrary code execution vulnerability. A flaw is present in the application, which fails to handle a crafted website. Successful exploitation may lead to an unexpected application terminati ... oval:org.secpod.oval:def:26094 The host is installed with Apple Safari before 6.2.8, 7.x before 7.1.8 or 8.x before 8.0.8 and is prone to an arbitrary code execution vulnerability. A flaw is present in the application, which fails to handle a crafted website. Successful exploitation may lead to an unexpected application terminati ... oval:org.secpod.oval:def:26098 The host is installed with Apple Safari before 6.2.8, 7.x before 7.1.8 or 8.x before 8.0.8 and is prone to an information disclosure vulnerability. A flaw is present in the application, which does not properly restrict cookie transmission for report requests. Successful exploitation allows attackers ... oval:org.secpod.oval:def:26086 The host is installed with Apple Safari before 6.2.8, 7.x before 7.1.8 or 8.x before 8.0.8 and is prone to an arbitrary code execution vulnerability. A flaw is present in the application, which fails to handle a crafted website. Successful exploitation may lead to an unexpected application terminati ... oval:org.secpod.oval:def:26088 The host is installed with Apple Safari before 6.2.8, 7.x before 7.1.8 or 8.x before 8.0.8 and is prone to an arbitrary code execution vulnerability. A flaw is present in the application, which fails to handle a crafted website. Successful exploitation may lead to an unexpected application terminati ... oval:org.secpod.oval:def:26102 The host is missing a security update according to Apple advisory, APPLE-SA-2015-08-13-1. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle a crafted web site. Successful exploitation leads to security bypass, arbitrary code execu ... oval:org.secpod.oval:def:400699 samba was updated to fix seven security issues. These security issues were fixed: - CVE-2015-5370: DCERPC server and client were vulnerable to DOS and MITM attacks . - CVE-2016-2110: A man-in-the-middle could have downgraded NTLMSSP authentication . - CVE-2016-2111: Domain controller netlogon member ... oval:org.secpod.oval:def:110394 Samba is the standard Windows interoperability suite of programs for Linux and Unix. oval:org.secpod.oval:def:110395 Samba is the standard Windows interoperability suite of programs for Linux and Unix. oval:org.secpod.oval:def:703098 openssh: secure shell for secure access to remote machines Several security issues were fixed in OpenSSH. oval:org.secpod.oval:def:703053 samba: SMB/CIFS file, print, and login server for Unix Several security issues were fixed in Samba. oval:org.secpod.oval:def:110561 QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system , including a processor and various peripherials. It can be used to launch differe ... oval:org.secpod.oval:def:703159 linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Several security issues were fixed in the kernel. oval:org.secpod.oval:def:110577 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:602467 Shayan Sadigh discovered a vulnerability in OpenSSH: If PAM support is enabled and the sshd PAM configuration is configured to read user- specified environment variables and the "UseLogin" option is enabled, a local user may escalate her privileges to root. In Debian "UseLogin" i ... oval:org.secpod.oval:def:400809 Samba was updated to the 4.2.x codestream, bringing some new features and security fixes . These security issues were fixed: - CVE-2015-5370: DCERPC server and client were vulnerable to DOS and MITM attacks . - CVE-2016-2110: A man-in-the-middle could have downgraded NTLMSSP authentication . - CVE-2 ... oval:org.secpod.oval:def:1800190 CVE-2016-4962, XSA-175: Unsanitised guest input in libxl device handling code. CVE-2016-4480, XSA-176: x86 software guest page walk PS bit handling flaw. CVE-2016-4963, XSA-178: Unsanitised driver domain input in libxl device handling. CVE-2016-3710 CVE-2016-3712, XSA-179: QEMU: Banked access to VGA ... oval:org.secpod.oval:def:703230 linux-ti-omap4: Linux kernel for OMAP4 Several security issues were fixed in the kernel. oval:org.secpod.oval:def:703233 linux: Linux kernel Several security issues were fixed in the kernel. oval:org.secpod.oval:def:1800268 CVE-2016-3157, XSA-171: I/O port access privilege escalation in x86-64 Linux IRET and POPF do not modify EFLAGS.IOPL when executed by code at a privilege level other than zero. Since PV Xen guests run at privilege level 3 , to compensate for this the context switching of EFLAGS.IOPL requires the gue ... oval:org.secpod.oval:def:703349 linux-lts-trusty: Linux hardware enablement kernel from Trusty for Precise Several security issues were fixed in the kernel. oval:org.secpod.oval:def:703347 linux: Linux kernel Several security issues were fixed in the kernel. oval:org.secpod.oval:def:110542 This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor oval:org.secpod.oval:def:203891 Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: * A protocol flaw, publicly referred to as Badlock, was found in the ... oval:org.secpod.oval:def:501995 OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fix: * It was discovered that the OpenSSH sshd daemon fetched PAM environment settings before running t ... oval:org.secpod.oval:def:400672 qemu was updated to fix 37 security issues. These security issues were fixed: - CVE-2016-4439: Avoid OOB access in 53C9X emulation - CVE-2016-4441: Avoid OOB access in 53C9X emulation - CVE-2016-4952: Avoid OOB access in Vmware PV SCSI emulation - CVE-2015-8817: Avoid OOB access in PCI DMA I/O - ... oval:org.secpod.oval:def:110505 QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system , including a processor and various peripherials. It can be used to launch differe ... oval:org.secpod.oval:def:203904 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. Security Fix: * Multiple flaws were found in Samba"s DCE/RPC protocol implementation. A remote, authentic ... oval:org.secpod.oval:def:400637 qemu was updated to fix 29 security issues. These security issues were fixed: - CVE-2016-4439: Avoid OOB access in 53C9X emulation - CVE-2016-4441: Avoid OOB access in 53C9X emulation - CVE-2016-4952: Avoid OOB access in Vmware PV SCSI emulation - CVE-2015-8817: Avoid OOB access in PCI dma I/O - ... oval:org.secpod.oval:def:400618 This update for xen to version 4.5.3 fixes the several issues. These security issues were fixed: - CVE-2016-6258: Potential privilege escalation in PV guests . - CVE-2016-6259: Missing SMAP whitelisting in 32-bit exception / event delivery . - CVE-2016-5337: The megasas_ctrl_get_info function allo ... oval:org.secpod.oval:def:602436 Multiple security vulnerabilities have been fixed in the Tomcat servlet and JSP engine, which may result on bypass of security manager restrictions, information disclosure, denial of service or session fixation. oval:org.secpod.oval:def:110343 Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory e ... oval:org.secpod.oval:def:602469 Multiple security vulnerabilities have been discovered in the Tomcat servlet and JSP engine, which may result in information disclosure, the bypass of CSRF protections and bypass of the SecurityManager. oval:org.secpod.oval:def:33121 The host is installed with Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31 or 9.x before 9.0.0.M3 and is prone to a security bypass vulnerability. A flaw is present in the setGlobalContext method, which does not consider whether ResourceLinkFactory.setGlobalContext callers are authorized. Success ... oval:org.secpod.oval:def:33120 The host is installed with Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31 or 9.x before 9.0.0.M2 and is prone to a security bypass vulnerability. A flaw is present in the application, which does not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catal ... oval:org.secpod.oval:def:33119 The host is installed with Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31 or 9.x before 9.0.0.M2 and is prone to a security bypass vulnerability. A flaw is present in the session-persistence implementation, which mishandles session attributes. Successful exploitation allows re ... oval:org.secpod.oval:def:400782 This update for tomcat fixes the following issues: Tomcat 8 was updated from 8.0.23 to 8.0.32, to fix bugs and security issues. Fixed security issues: * CVE-2015-5174: Directory traversal vulnerability in RequestUtil.java in Apache Tomcat allowed remote authenticated users to bypass intended Securit ... oval:org.secpod.oval:def:1600343 A directory traversal vulnerability in RequestUtil.java was discovered which allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths cal ... oval:org.secpod.oval:def:1600336 ResourceLinkFactory.setGlobalContext is a public method and was discovered to be accessible by web applications running under a security manager without any checks. This allowed a malicious web application to inject a malicious global context that could in turn be used to disrupt other web applicati ... oval:org.secpod.oval:def:1600351 A directory traversal vulnerability in RequestUtil.java was discovered which allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths cal ... oval:org.secpod.oval:def:1600357 ResourceLinkFactory.setGlobalContext is a public method and was discovered to be accessible by web applications running under a security manager without any checks. This allowed a malicious web application to inject a malicious global context that could in turn be used to disrupt other web applicati ... oval:org.secpod.oval:def:400638 This update for tomcat fixes the following security issues. Tomcat has been updated from 7.0.55 to 7.0.68. * CVE-2015-5174: Directory traversal vulnerability in RequestUtil.java in Apache Tomcat allowed remote authenticated users to bypass intended SecurityManager restrictions and list a parent dire ... oval:org.secpod.oval:def:1600384 A directory traversal vulnerability in RequestUtil.java was discovered which allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths cal ... oval:org.secpod.oval:def:33123 The host is installed with Apache Tomcat 7.x before 7.0.66, 8.x before 8.0.30 or 9.x before 9.0.0.M2 and is prone to a session fixation vulnerability. A flaw is present in the session-persistence implementation, which fails to handle different session settings used for deployments of multiple versio ... oval:org.secpod.oval:def:33122 The host is installed with Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31 or 9.x before 9.0.0.M2 and is prone to a security bypass vulnerability. A flaw is present in the Manager and Host Manager applications, which establish sessions and send CSRF tokens for arbitrary new requests. Successful e ... oval:org.secpod.oval:def:33124 The host is installed with Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.67, 8.x before 8.0.30 or 9.x before 9.0.0.M2 and is prone to an information disclosure vulnerability. A flaw is present in the Mapper component, which processes redirects before considering security constraints and Filters. S ... oval:org.secpod.oval:def:1501600 Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Security Fix: * It was discovered that the Tomcat packages installed configuration file /usr/lib/tmpfiles.d/tomcat.conf writeable to the tomcat group. A member of the group or a malicious web application dep ... oval:org.secpod.oval:def:32756 The host is installed with Oracle MySQL through 5.6.27 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails vectors related to DML. Successful exploitation allows remote authenticated users to affect availability. oval:org.secpod.oval:def:1901036 Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect availability via vectors related to DML. oval:org.secpod.oval:def:32740 The host is installed with Oracle MySQL through 5.6.27 or 5.7.9 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails vectors related to DML. Successful exploitation allows remote authenticated users to affect availability. oval:org.secpod.oval:def:32739 The host is installed with Oracle MySQL through 5.6.27 or 5.7.9 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails vectors related to DML. Successful exploitation allows remote authenticated users to affect availability. oval:org.secpod.oval:def:32747 The host is installed with Oracle MySQL through 5.6.27 or 5.7.9 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails unknown vectors related to replication. Successful exploitation allows remote authenticated users to affect availability. oval:org.secpod.oval:def:1901154 Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2016-0504. oval:org.secpod.oval:def:1901258 Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2016-0503. oval:org.secpod.oval:def:1901191 Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to replication. oval:org.secpod.oval:def:502178 Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: * A protocol flaw, publicly referred to as Badlock, was found in the ... oval:org.secpod.oval:def:1501778 Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or potent ... oval:org.secpod.oval:def:1501428 Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. The following packages have been upgraded to a newer upstream version: Samba . Ref ... oval:org.secpod.oval:def:1501429 Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. The following packages have been upgraded to a newer upstream version: Samba . Ref ... oval:org.secpod.oval:def:1501430 Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. The following packages have been upgraded to a newer upstream version: Samba . Ref ... oval:org.secpod.oval:def:1501431 Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. The following packages have been upgraded to a newer upstream version: Samba . Ref ... oval:org.secpod.oval:def:1501432 Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. The following packages have been upgraded to a newer upstream version: Samba . Ref ... oval:org.secpod.oval:def:1501736 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:501805 Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: * Multiple flaws were found in Samba"s DCE/RPC protocol implementati ... oval:org.secpod.oval:def:50337 Integer overflow in the gdk_cairo_set_source_pixbuf function in gdk/gdkcairo.c in GTK+ before 3.9.8, as used in eom, gnome-photos, eog, gambas3, thunar, pinpoint, and possibly other applications, allows remote attackers to cause a denial of service (crash) via a large image file, which triggers a la ... oval:org.secpod.oval:def:501821 KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm packages provide the user-space component for running virtual machines using KVM. Security Fix: * An out-of-bounds read/write access flaw was found in the way QEMU"s VGA emulation with VESA BIOS Extensions ... oval:org.secpod.oval:def:703086 samba: SMB/CIFS file, print, and login server for Unix Details: USN-2950-1 fixed vulnerabilities in Samba. The fixes introduced in Samba 4.3.8 caused certain regressions and interoperability issues. This update resolves some of these issues by updating to Samba 4.3.9 in Ubuntu 14.04 LTS, Ubuntu 15.1 ... oval:org.secpod.oval:def:703085 samba: SMB/CIFS file, print, and login server for Unix Details: USN-2950-1 fixed vulnerabilities in Samba. The fixes introduced in Samba 4.3.8 caused certain regressions and interoperability issues. This update resolves some of these issues by updating to Samba 4.3.9 in Ubuntu 14.04 LTS, Ubuntu 15.1 ... oval:org.secpod.oval:def:703066 libsoup2.4: HTTP client/server library for GNOME Details: USN-2950-1 fixed vulnerabilities in Samba. The updated Samba packages introduced a compatibility issue with NTLM authentication in libsoup. This update fixes the problem. We apologize for the inconvenience. Original advisory This update fixes ... oval:org.secpod.oval:def:602527 The upgrade to Samba 4.2 issued as DSA-3548-1 introduced several upstream regressions and as well a packaging regression causing errors on upgrading the packages. Updated packages are now available to address these problems. oval:org.secpod.oval:def:703069 libtasn1-6: Library to manage ASN.1 structures Details: USN-2957-1 fixed a vulnerability in Libtasn1. This update provides the corresponding update for Ubuntu 16.04 LTS. Original advisory Libtasn1 could be made to hang if it processed specially crafted data. oval:org.secpod.oval:def:602468 Several vulnerabilities have been discovered in the chromium web browser. CVE-2016-1651 An out-of-bounds read issue was discovered in the pdfium library. CVE-2016-1652 A cross-site scripting issue was discovered in extension bindings. CVE-2016-1653 Choongwoo Han discovered an out-of-bounds write iss ... oval:org.secpod.oval:def:602466 Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2015-5370 Jouni Knuutinen from Synopsys discovered flaws in the Samba DCE-RPC code which can lead to denial ... oval:org.secpod.oval:def:602497 Several vulnerabilities were discovered in qemu, a fast processor emulator. CVE-2016-3710 Wei Xiao and Qinghao Tang of 360.cn Inc discovered an out-of-bounds read and write flaw in the QEMU VGA module. A privileged guest user could use this flaw to execute arbitrary code on the host with the privile ... oval:org.secpod.oval:def:703107 qemu: Machine emulator and virtualizer - qemu-kvm: Machine emulator and virtualizer Several security issues were fixed in QEMU. oval:org.secpod.oval:def:501983 Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix: * Quick emulator built with the Cirrus CLGD 54xx VGA emulator support is vulnerabl ... oval:org.secpod.oval:def:34611 qemu: Machine emulator and virtualizer - qemu-kvm: Machine emulator and virtualizer Several security issues were fixed in QEMU. oval:org.secpod.oval:def:502000 Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix: * An integer overflow flaw and an out-of-bounds read flaw were found in the way QEM ... oval:org.secpod.oval:def:1600365 Multiple flaws were found in Samba's DCE/RPC protocol implementation. A remote, authenticated attacker could use these flaws to cause a denial of service against the Samba server or, possibly, execute arbitrary code with the permissions of the user running Samba . This flaw could also be used ... oval:org.secpod.oval:def:602602 Hanno Boeck and Marcin Noga discovered multiple vulnerabilities in libarchive; processing malformed archives may result in denial of service or the execution of arbitrary code. oval:org.secpod.oval:def:1501599 Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Security Fix: * It was discovered that the Tomcat packages installed configuration file /usr/lib/tmpfiles.d/tomcat.conf writeable to the tomcat group. A member of the group or a malicious web application dep ... oval:org.secpod.oval:def:602547 Aleksandar Nikolic discovered that missing input sanitising in the RTF parser in Libreoffice may result in the execution of arbitrary code if a malformed documented is opened. oval:org.secpod.oval:def:703166 linux: Linux kernel Several security issues were fixed in the kernel. oval:org.secpod.oval:def:703154 linux-raspi2: Linux kernel for Raspberry Pi 2 Several security issues were fixed in the kernel. oval:org.secpod.oval:def:501881 Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Security Fix: * It was discovered that the Tomcat packages installed certain configuration files read by the Tomcat initialization script as writeable to the tomcat group. A member of the group or a malicio ... oval:org.secpod.oval:def:703130 samba: SMB/CIFS file, print, and login server for Unix Details: USN-2950-1 fixed vulnerabilities in Samba. USN-2950-3 updated Samba to version 4.3.9, which introduced a regression when using the ntlm_auth tool. This update fixes the problem. Original advisory USN-2950-1 introduced a regression in Sa ... oval:org.secpod.oval:def:1502253 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501959 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501424 MariaDB is a community developed branch of MySQL. MariaDB is a multi-user, multi-threaded SQL database server. It is a client/server implementation consisting of a server daemon and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs and ... oval:org.secpod.oval:def:1901110 Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to DML. oval:org.secpod.oval:def:1901121 Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect integrity via unknown vectors related to encryption. oval:org.secpod.oval:def:110198 MariaDB is a community developed branch of MySQL. MariaDB is a multi-user, multi-threaded SQL database server. It is a client/server implementation consisting of a server daemon and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs an ... oval:org.secpod.oval:def:52682 mysql-5.6: MySQL database - mysql-5.5: MySQL database Several security issues were fixed in MySQL. oval:org.secpod.oval:def:1901332 Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Optimizer. oval:org.secpod.oval:def:32758 The host is installed with Oracle MySQL through 5.5.46 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails unknown vectors related to Optimizer. Successful exploitation allows remote authenticated users to affect availability. oval:org.secpod.oval:def:32753 The host is installed with Oracle MySQL through 5.5.46, through 5.6.27 or 5.7.9 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails vectors related to DML. Successful exploitation allows remote authenticated users to affect availability. oval:org.secpod.oval:def:32754 The host is installed with Oracle MySQL through 5.5.46, through 5.6.27 or 5.7.9 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails unknown vectors related to Optimizer. Successful exploitation allows remote authenticated users to affect availability. oval:org.secpod.oval:def:32746 The host is installed with Oracle MySQL through 5.5.46, through 5.6.27 or 5.7.9 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails vectors related to UDF. Successful exploitation allows remote authenticated users to affect availability. oval:org.secpod.oval:def:32748 The host is installed with Oracle MySQL through 5.5.46, through 5.6.27 or 5.7.9 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails unknown vectors related to encryption. Successful exploitation allows remote authenticated users to affect integrity. oval:org.secpod.oval:def:32742 The host is installed with Oracle MySQL through 5.5.46, through 5.6.27 or 5.7.9 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails unknown vectors related to Client. Successful exploitation allows local users to affect confidentiality, integrity, and avai ... oval:org.secpod.oval:def:1900743 Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Optimizer. oval:org.secpod.oval:def:110278 MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files. oval:org.secpod.oval:def:1900731 Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client. NOTE: the previous ... oval:org.secpod.oval:def:110258 MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files. oval:org.secpod.oval:def:110256 MariaDB is a community developed branch of MySQL. MariaDB is a multi-user, multi-threaded SQL database server. It is a client/server implementation consisting of a server daemon and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs an ... oval:org.secpod.oval:def:203888 MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a newer upstream version: MariaDB . Refer to the MariaDB Release Notes listed in the References section for a complete list of changes. Security Fix: * It wa ... oval:org.secpod.oval:def:602353 Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.47 oval:org.secpod.oval:def:602351 Several issues have been discovered in the MariaDB database server. The vulnerabilities are addressed by upgrading MariaDB to the new upstream version 10.0.23. Please see the MariaDB 10.0 Release Notes for further details: https://mariadb.com/kb/en/mariadb/mariadb-10023-release-notes/ oval:org.secpod.oval:def:501798 MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a newer upstream version: MariaDB . Refer to the MariaDB Release Notes listed in the References section for a complete list of changes. Security Fix: * It wa ... oval:org.secpod.oval:def:1600443 It was found that the MariaDB client library did not properly check host names against server identities noted in the X.509 certificates when establishing secure connections using TLS/SSL. A man-in-the-middle attacker could possibly use this flaw to impersonate a server to a client. Unspecified vuln ... oval:org.secpod.oval:def:1901284 Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to UDF. oval:org.secpod.oval:def:400641 mariadb was updated to version 10.0.25 to fix 25 security issues. These security issues were fixed: - CVE-2016-0505: Unspecified vulnerability allowed remote authenticated users to affect availability via unknown vectors related to Options . - CVE-2016-0546: Unspecified vulnerability allowed local u ... oval:org.secpod.oval:def:1600337 wolfSSL before 3.6.8 does not properly handle faults associated with the Chinese Remainder Theorem process when allowing ephemeral key exchange without low memory optimizations on a server, which makes it easier for remote attackers to obtain private RSA keys by capturing TLS handshakes, also know ... oval:org.secpod.oval:def:1800668 CVE-2016-2047: MariaDB 10.1.10 CVE-2016-0616: MariaDB 10.1.10 CVE-2016-0610: MariaDB 10.1.9 CVE-2016-0609: MariaDB 10.1.10 CVE-2016-0608: MariaDB 10.1.10 CVE-2016-0606: MariaDB 10.1.10 CVE-2016-0600: MariaDB 10.1.10 CVE-2016-0598: MariaDB 10.1.10 CVE-2016-0597: MariaDB 10.1.10 CVE-2016-0596: MariaDB ... oval:org.secpod.oval:def:400733 mariadb was updated to version 10.0.25 to fix 25 security issues. These security issues were fixed: - CVE-2016-0505: Unspecified vulnerability allowed remote authenticated users to affect availability via unknown vectors related to Options . - CVE-2016-0546: Unspecified vulnerability allowed local u ... oval:org.secpod.oval:def:602416 Several vulnerabilities were discovered in JasPer, a library for manipulating JPEG-2000 files. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2016-1577 Jacob Baines discovered a double-free flaw in the jas_iccattrval_destroy function. A remote attacker could ... oval:org.secpod.oval:def:602531 Multiple security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, buffer overflows and other implementation errors may lead to the execution of arbitrary code or spoofing. Wait, Firefox? No more references to Iceweasel? That"s right, Debian no longer applies ... oval:org.secpod.oval:def:602589 Multiple security issues have been found in Icedove, Debian"s version of the Mozilla Thunderbird mail client: Multiple memory safety errors may lead to the execution of arbitrary code or denial of service. oval:org.secpod.oval:def:33674 The host is installed with Apple Mac OS X or Server 10.9.5, 10.10.5 or 10.11.x before 10.11.4 or Apple Safari before 9.1 and is prone to an arbitrary code execution vulnerability. A flaw is present in the application, which fails to properly handle a malicious crafted XML. Successful exploitation co ... oval:org.secpod.oval:def:1501988 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:110473 The kernel meta package oval:org.secpod.oval:def:703164 linux-lts-wily: Linux hardware enablement kernel from Wily for Trusty Several security issues were fixed in the kernel. oval:org.secpod.oval:def:703160 linux-lts-vivid: Linux hardware enablement kernel from Vivid for Trusty Several security issues were fixed in the kernel. oval:org.secpod.oval:def:703158 linux-lts-utopic: Linux hardware enablement kernel from Utopic for Trusty Several security issues were fixed in the kernel. oval:org.secpod.oval:def:110403 The kernel meta package oval:org.secpod.oval:def:1501655 Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. The following packages have been upgraded to a newer upstream version: tomcat . Security Fix: * A CSRF flaw was found in Tomcat"s the index pages for the Manager and Host Manager applications. These applic ... oval:org.secpod.oval:def:111284 Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory e ... oval:org.secpod.oval:def:111287 Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory e ... oval:org.secpod.oval:def:703196 tomcat8: Servlet and JSP engine Tomcat could be made to hang if it received specially crafted network traffic. oval:org.secpod.oval:def:703188 tomcat7: Servlet and JSP engine - tomcat6: Servlet and JSP engine Several security issues were fixed in Tomcat. oval:org.secpod.oval:def:602553 The TERASOLUNA Framework Development Team discovered a denial of service vulnerability in Apache Commons FileUpload, a package to make it easy to add robust, high-performance, file upload capability to servlets and web applications. A remote attacker can take advantage of this flaw by sending file u ... oval:org.secpod.oval:def:602549 The TERASOLUNA Framework Development Team discovered a denial of service vulnerability in Apache Commons FileUpload, a package to make it easy to add robust, high-performance, file upload capability to servlets and web applications. A remote attacker can take advantage of this flaw by sending file u ... oval:org.secpod.oval:def:602545 Multiple security vulnerabilities have been discovered in the Tomcat servlet and JSP engine, which may result in information disclosure, the bypass of CSRF protections, bypass of the SecurityManager or denial of service. oval:org.secpod.oval:def:1600439 A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of the multipart boundary was just below the size of the buffer used to read the uploaded file if the boundary was the typical tens of bytes long. oval:org.secpod.oval:def:35821 The host is installed with Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3 or 9.x before 9.0.0.M7 and is prone to a denial of service vulnerability. A flaw is present in the MultipartStream class in Apache Commons Fileupload, which fails to handle a long boundary string. Succe ... oval:org.secpod.oval:def:35820 tomcat7: Servlet and JSP engine - tomcat6: Servlet and JSP engine Several security issues were fixed in Tomcat. oval:org.secpod.oval:def:35819 tomcat7: Servlet and JSP engine - tomcat6: Servlet and JSP engine Several security issues were fixed in Tomcat. oval:org.secpod.oval:def:602520 Several vulnerabilities have been discovered in the chromium web browser. CVE-2016-1667 Mariusz Mylinski discovered a cross-origin bypass. CVE-2016-1668 Mariusz Mylinski discovered a cross-origin bypass in bindings to v8. CVE-2016-1669 Choongwoo Han discovered a buffer overflow in the v8 javascript ... oval:org.secpod.oval:def:602541 Several vulnerabilities were discovered in libxslt, an XSLT processing runtime library, which could lead to information disclosure or denial-of-service against an application using the libxslt library. oval:org.secpod.oval:def:602320 Several vulnerabilities were discovered in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to use an excessive am ... oval:org.secpod.oval:def:501720 The libxml2 library is a development toolbox providing the implementation of various XML standards. Several denial of service flaws were found in libxml2, a library providing support for reading, modifying, and writing XML and HTML files. A remote attacker could provide a specially crafted XML or HT ... oval:org.secpod.oval:def:27126 The host is missing a security update according to Apple advisory, APPLE-SA-2015-09-16-3. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle crafted data. Successful exploitation could allow attackers to execute arbitrary ... oval:org.secpod.oval:def:1502175 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501818 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501821 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501947 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501966 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:40418 libxslt: XSLT processing library Several security issues were fixed in Libxslt. oval:org.secpod.oval:def:40417 libxslt: XSLT processing library Several security issues were fixed in Libxslt. oval:org.secpod.oval:def:36255 The host is missing a security update according to Apple advisory APPLE-SA-2016-07-18-6. The update is required to fix multiple memory corruption vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows attackers to crash the servi ... oval:org.secpod.oval:def:602524 Several vulnerabilities were discovered in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause a denial-of-service against the applica ... oval:org.secpod.oval:def:34287 The host is installed with Apple iTunes before 12.4.2 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation allows attackers to crash the service. oval:org.secpod.oval:def:36326 The host is missing a security update according to Apple advisory APPLE-SA-2016-07-18-1. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted website. Successful exploitation allows attackers to crash the service, disclose th ... oval:org.secpod.oval:def:34616 The host is missing a security update according to Apple advisory, APPLE-SA-2016-05-16-4. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle unspecified vectors. Successful exploitation could allow remote attackers to caus ... oval:org.secpod.oval:def:34666 The host is installed with Apple Mac OS X or Server 10.9.5, 10.10.5 or 10.11.x before 10.11.5 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle unspecified vectors. Successful exploitation could allow remote attackers to an unexpe ... oval:org.secpod.oval:def:34667 The host is installed with Apple Mac OS X or Server 10.9.5, 10.10.5 or 10.11.x before 10.11.5 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle unspecified vectors. Successful exploitation could allow remote attackers to an unexpe ... oval:org.secpod.oval:def:34664 The host is installed with Apple Mac OS X or Server 10.9.5, 10.10.5 or 10.11.x before 10.11.5 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle unspecified vectors. Successful exploitation could allow remote attackers to an unexpe ... oval:org.secpod.oval:def:34665 The host is installed with Apple Mac OS X or Server 10.9.5, 10.10.5 or 10.11.x before 10.11.5 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle unspecified vectors. Successful exploitation could allow remote attackers to an unexpe ... oval:org.secpod.oval:def:34662 The host is installed with Apple Mac OS X or Server 10.9.5, 10.10.5 or 10.11.x before 10.11.5 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle unspecified vectors. Successful exploitation could allow remote attackers to an unexpe ... oval:org.secpod.oval:def:34663 The host is installed with Apple Mac OS X or Server 10.9.5, 10.10.5 or 10.11.x before 10.11.6 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle unspecified vectors. Successful exploitation could allow remote attackers to have unsp ... oval:org.secpod.oval:def:34660 The host is installed with Apple Mac OS X or Server 10.9.5, 10.10.5 or 10.11.x before 10.11.5 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle unspecified vectors. Successful exploitation could allow remote attackers to an unexpe ... oval:org.secpod.oval:def:34661 The host is installed with Apple Mac OS X or Server 10.9.5, 10.10.5 or 10.11.x before 10.11.5 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle unspecified vectors. Successful exploitation could allow remote attackers to an unexpe ... oval:org.secpod.oval:def:702982 linux-lts-wily: Linux hardware enablement kernel from Wily Several security issues were fixed in the kernel. oval:org.secpod.oval:def:702986 linux-raspi2: Linux kernel for Raspberry Pi 2 Several security issues were fixed in the kernel. oval:org.secpod.oval:def:702984 linux: Linux kernel Several security issues were fixed in the kernel. oval:org.secpod.oval:def:702989 linux-lts-vivid: Linux hardware enablement kernel from Vivid Several security issues were fixed in the kernel. oval:org.secpod.oval:def:702987 linux: Linux kernel Several security issues were fixed in the kernel. oval:org.secpod.oval:def:1501863 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501860 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:703095 linux-raspi2: Linux kernel for Raspberry Pi 2 Several security issues were fixed in the kernel. oval:org.secpod.oval:def:703094 linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Several security issues were fixed in the kernel. oval:org.secpod.oval:def:703093 linux: Linux kernel Several security issues were fixed in the kernel. oval:org.secpod.oval:def:703092 linux-snapdragon: Linux kernel for Snapdragon Processors Several security issues were fixed in the kernel. oval:org.secpod.oval:def:602546 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2015-7515, CVE-2016-2184, CVE-2016-2185, CVE-2016-2186, CVE-2016-2187, CVE-2016-3136, CVE-2016-3137, CVE-2016-3138, CVE-2016-3140 Ralf Spenneberg of O ... oval:org.secpod.oval:def:703163 linux-lts-trusty: Linux hardware enablement kernel from Trusty for Precise Several security issues were fixed in the kernel. oval:org.secpod.oval:def:703162 linux: Linux kernel Several security issues were fixed in the kernel. oval:org.secpod.oval:def:703155 linux-ti-omap4: Linux kernel for OMAP4 Several security issues were fixed in the kernel. oval:org.secpod.oval:def:703138 linux: Linux kernel Several security issues were fixed in the kernel. oval:org.secpod.oval:def:1501819 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501817 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501822 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501820 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1600345 An integer overflow vulnerability was found in xt_alloc_table_info, which on 32-bit systems can lead to small structure allocation and a copy_from_user based heap corruption. In the mark_source_chains function it is possible for a user-supplied ipt_entry structure to have a large next_offset field. ... oval:org.secpod.oval:def:702991 linux-lts-utopic: Linux hardware enablement kernel from Utopic Several security issues were fixed in the kernel. oval:org.secpod.oval:def:702990 linux-lts-trusty: Linux hardware enablement kernel from Trusty Several security issues were fixed in the kernel. |
