Download
| Alert*
|
oval:org.secpod.oval:def:1801608
In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn"t reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclo ... oval:org.secpod.oval:def:61062 The host is missing a high severity security update according to Google advisory. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows attackers to have unspecified impact. oval:org.secpod.oval:def:504691 libxslt is a library for transforming XML files into other textual formats using the standard XSLT stylesheet transformation mechanism. Security Fix: * libxslt: xsltCheckRead and xsltCheckWrite routines security bypass by crafted URL * libxslt: use after free in xsltCopyText in transform.c could l ... oval:org.secpod.oval:def:1601410 libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded. In xsltCopyText in transform.c ... oval:org.secpod.oval:def:61113 The host is installed with Google Chrome before 80.0.3987.87, or Oracle Java SE through 8u241 and is prone to multiple vulnerabilities. The flaws are present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact. oval:org.secpod.oval:def:61112 The host is installed with Google Chrome before 80.0.3987.87, or Oracle Java SE through 8u241 and is prone to multiple vulnerabilities. The flaws are present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact. oval:org.secpod.oval:def:61111 The host is missing a high severity security update according to Google advisory. The update is required to fix a multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows attackers to have unspecified impact. oval:org.secpod.oval:def:61110 The host is missing a high severity security update according to Google advisory. The update is required to fix a multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows attackers to have unspecified impact. oval:org.secpod.oval:def:1601384 libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded. In xsltCopyText in transform.c ... oval:org.secpod.oval:def:89050286 This update for libxslt fixes the following issues: Security issues fixed: - CVE-2019-13118: Fixed a read of uninitialized stack data . - CVE-2019-13117: Fixed a uninitialized read which allowed to discern whether a byte on the stack contains certain special characters . - CVE-2019-18197: Fixed a da ... oval:org.secpod.oval:def:505571 Chromium is an open-source web browser, powered by WebKit . This update upgrades Chromium to version 80.0.3987.87. Security Fix: * chromium-browser: Integer overflow in JavaScript * chromium-browser: Type Confusion in JavaScript * chromium-browser: Insufficient policy enforcement in storage * chr ... oval:org.secpod.oval:def:61024 The host is installed with Google Chrome before 80.0.3987.87, Microsoft Edge (Chromium-based) before 80.0.361.48, or Oracle Java SE through 8u241 and is prone to multiple vulnerabilities. The flaws are present in the application, which fails to handle unspecified vectors. Successful exploitation all ... oval:org.secpod.oval:def:61023 The host is missing a high severity security update according to Google advisory. The update is required to fix a Multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows attackers to have unspecified impact. oval:org.secpod.oval:def:67961 libxslt is a library for transforming XML files into other textual formats using the standard XSLT stylesheet transformation mechanism. Security Fix: * libxslt: xsltCheckRead and xsltCheckWrite routines security bypass by crafted URL * libxslt: use after free in xsltCopyText in transform.c could l ... oval:org.secpod.oval:def:89000054 This update for libxslt fixes the following issue: - CVE-2019-18197: Fixed a dangling pointer in xsltCopyText which may have led to information disclosure . oval:org.secpod.oval:def:2105257 In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn"t reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclo ... oval:org.secpod.oval:def:504297 libxslt is a library for transforming XML files into other textual formats using the standard XSLT stylesheet transformation mechanism. Security Fix: * libxslt: xsltCheckRead and xsltCheckWrite routines security bypass by crafted URL * libxslt: use after free in xsltCopyText in transform.c could l ... oval:org.secpod.oval:def:2500095 libxslt is a library for transforming XML files into other textual formats using the standard XSLT stylesheet transformation mechanism. oval:org.secpod.oval:def:1504269 [1.1.28-6.0.1] - Added libxslt-oracle-enterprise.patch and replaced doc/redhat.gif in tarball [1.1.28-6] - Fix CVE-2019-18197 - Fix CVE-2019-11068 oval:org.secpod.oval:def:705248 libxslt: XSLT processing library Several security issues were fixed in Libxslt. oval:org.secpod.oval:def:59599 libxslt: XSLT processing library Several security issues were fixed in Libxslt. oval:org.secpod.oval:def:89000662 This update for libxslt fixes the following issue: - CVE-2019-18197: Fixed a dangling pointer in xsltCopyText which may have led to information disclosure . oval:org.secpod.oval:def:1700444 libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded. In xsltCopyText in transform.c ... oval:org.secpod.oval:def:1504030 [1.1.32-5.0.1] - Added libxslt-oracle-enterprise.patch and replaced doc/redhat.gif in tarball [1.1.32-5] - Fix CVE-2019-18197 - Fix CVE-2019-11068 oval:org.secpod.oval:def:61063 The host is installed with Google Chrome before 80.0.3987.87, Microsoft Edge (Chromium-based) before 80.0.361.48, Oracle Java SE through 8u241, or Amazon Corretto through 8u241 and is prone to multiple vulnerabilities in XML vulnerability. The flaws are present in the application, which fails to han ... |
