[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*


oval:org.secpod.oval:def:52076
apport: automatically generate crash reports for debugging Details: USN-3480-2 fixed regressions in Apport. The update introduced a new regression in the container support. This update addresses the problem. We apologize for the inconvenience. Original advisory USN-3480-2 introduced regressions in A ...

oval:org.secpod.oval:def:51937
apport: automatically generate crash reports for debugging Details: USN-3480-1 fixed vulnerabilities in Apport. The fix for CVE-2017-14177 introduced a regression in the ability to handle crashes for users that configured their systems to use the Upstart init system in Linux Mint 18.x LTS. The fix f ...

oval:org.secpod.oval:def:51993
firefox: Mozilla Open Source web browser Details: USN-3544-1 fixed vulnerabilities in Firefox. The update caused a web compatibility regression and a tab crash during printing in some circumstances. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3544-1 cause ...

oval:org.secpod.oval:def:704163
linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-kvm: Linux kernel for cloud environments - linux-oem: Linux kernel for OEM processors Deta ...

oval:org.secpod.oval:def:51075
linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-kvm: Linux kernel for cloud environments - linux-oem: Linux kernel for OEM processors Deta ...

oval:org.secpod.oval:def:1600858
Weak ElGamal key parameters in PublicKey/ElGamal.py allow attackers to obtain sensitive information by reading ciphertext:lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates weak ElGamal key parameters, which allows attackers to obtain sensitive information by reading ciphertext data ...

oval:org.secpod.oval:def:1600885
Malicious patch files cause ed to execute arbitrary commandsGNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation can result in code execution. This attack appear to be exploitable via a patch file processed via th ...

oval:org.secpod.oval:def:54107
gpac: GPAC Project on Advanced Content GPAC could be made to crash or run programs as your login if it opened a specially crafted file.

oval:org.secpod.oval:def:1502089
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:115202
The kernel meta package

oval:org.secpod.oval:def:1800992
Memcached version 1.5.5 contains an Insufficient Control of Network Message Volume vulnerability in the UDP support of the memcached server that can result in denial of service via network flood . This attack appear to be exploitable via network connectivity to port 11211 UDP. Fixed In Version:&par ...

oval:org.secpod.oval:def:1800996
Memcached version 1.5.5 contains an Insufficient Control of Network Message Volume vulnerability in the UDP support of the memcached server that can result in denial of service via network flood . This attack appear to be exploitable via network connectivity to port 11211 UDP. Fixed In Version:&par ...

oval:org.secpod.oval:def:1800997
Memcached version 1.5.5 contains an Insufficient Control of Network Message Volume vulnerability in the UDP support of the memcached server that can result in denial of service via network flood . This attack appear to be exploitable via network connectivity to port 11211 UDP. Fixed In Version:&par ...

oval:org.secpod.oval:def:1800203
CVE-2018-5205: When using incomplete escape codes, Irssi may access data beyond the end of the string. Affected Versions: All Irssi versions. Fixed In: Irssi 1.0.6

oval:org.secpod.oval:def:1800299
An error within the "LibRaw::xtrans_interpolate" function can be exploited to cause an invalid read memory access and subsequently cause a crash via a specially crafted TIFF image. Fixed In Version:¶ LibRaw 0.18.6

oval:org.secpod.oval:def:1801080
CVE-2018-14349: Heap Overflow in imap/command.c¶ Fixed In Version:¶ mutt 1.10.1

oval:org.secpod.oval:def:1801082
CVE-2018-14349: Heap Overflow in imap/command.c¶ Fixed In Version:¶ mutt 1.10.1

oval:org.secpod.oval:def:1801083
CVE-2018-14349: Heap Overflow in imap/command.c¶ Fixed In Version:¶ mutt 1.10.1

oval:org.secpod.oval:def:1801084
CVE-2018-14349: Heap Overflow in imap/command.c¶ Fixed In Version:¶ mutt 1.10.1

oval:org.secpod.oval:def:1600860
Heap-based buffer overflow in mspack/lzxd.cmspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted CHM file. Out-of-bounds access in the PDF parser A VMSF_DELTA memory corruption was ...

oval:org.secpod.oval:def:1800969
CVE-2018-0202: Out-of-bounds access in the PDF parser¶ Fixed In Version:¶ clamav 0.99.4

oval:org.secpod.oval:def:1800970
CVE-2018-0202: Out-of-bounds access in the PDF parser¶ Fixed In Version:¶ clamav 0.99.4

oval:org.secpod.oval:def:1800973
CVE-2018-0202: Out-of-bounds access in the PDF parser¶ Fixed In Version:¶ clamav 0.99.4

oval:org.secpod.oval:def:1800967
CVE-2018-0202: Out-of-bounds access in the PDF parser¶ Fixed In Version:¶ clamav 0.99.4

oval:org.secpod.oval:def:1600989
do_bid_note in readelf.c in libmagic.a has a stack-based buffer over-read, related to file_printf and file_vprintf. do_core_note in readelf.c in libmagic.a has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360 . do_core_note in readelf.c in libm ...

oval:org.secpod.oval:def:1801178
CVE-2017-15232: libjpeg-turbo 1.5.2 has a NULL Pointer Dereference in jdpostct.c and jquant1.c via a crafted JPEG file.

oval:org.secpod.oval:def:1801180
CVE-2017-15232: libjpeg-turbo 1.5.2 has a NULL Pointer Dereference in jdpostct.c and jquant1.c via a crafted JPEG file.

oval:org.secpod.oval:def:1801181
CVE-2017-15232: libjpeg-turbo 1.5.2 has a NULL Pointer Dereference in jdpostct.c and jquant1.c via a crafted JPEG file.

oval:org.secpod.oval:def:1801182
CVE-2018-1152: libjpeg-turbo 1.5.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted BMP image.

oval:org.secpod.oval:def:1600975
_XcursorThemeInherits in library.c in libXcursor allows remote attackers to cause denial of service or potentially code execution via a one-byte heap overflow

oval:org.secpod.oval:def:54589
python-gnupg: Python wrapper for the GNU Privacy Guard Several security issues were fixed in python-gnupg

oval:org.secpod.oval:def:1601054
It was discovered that zsh does not properly validate the shebang of input files and it truncates it to the first 64 bytes. A local attacker may use this flaw to make zsh execute a different binary than what is expected, named with a substring of the shebang one.

oval:org.secpod.oval:def:1600951
There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot.h. A crafted input will lead to a remote denial of service attack.The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler allows remote attackers to cause a denial of service via a crafted PDF file, a ...

oval:org.secpod.oval:def:1600922
A null pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval function of libxml2 when parsing invalid XPath expression. Applications processing untrusted XSL format inputs with the use of libxml2 library may be vulnerable to denial of service attack due to crash of the applicati ...

oval:org.secpod.oval:def:51142
texlive-bin: TeX Live: path search library for TeX Several security issues were fixed in Tex Live.

oval:org.secpod.oval:def:704346
texlive-bin: TeX Live: path search library for TeX Several security issues were fixed in Tex Live.

oval:org.secpod.oval:def:1600881
Null pointer dereference due to mishandling of ldap_get_dn return value allows denial-of-service by malicious LDAP server or man-in-the-middle attackerAn issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. ext/ldap/ldap.c allows remote LDAP se ...

oval:org.secpod.oval:def:1600863
Stack-based buffer under-read in ext/standard/http_fopen_wrapper.c:php_stream_url_wrap_http_ex function when parsing HTTP response allows denial of serviceIn PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and 7.2.x through 7.2.2, there is a stack-based buffer under-read while parsing ...

oval:org.secpod.oval:def:1600861
Stack-based buffer under-read in ext/standard/http_fopen_wrapper.c:php_stream_url_wrap_http_ex function when parsing HTTP response allows denial of service:In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and 7.2.x through 7.2.2, there is a stack-based buffer under-read while parsin ...

oval:org.secpod.oval:def:54584
It was discovered that a buffer overflow in the RTSP parser of the GStreamer media framework may result in the execution of arbitrary code if a malformed RSTP stream is opened.

oval:org.secpod.oval:def:1801298
spice versions 0.5.2 through 0.14.1 are vulnerable to an out-of-bounds read due to an off-by-one error in memslot_get_virt. This may lead to a denial-of-service, or, in the worst case, code-execution by unauthenticated attackers. Fixed In Version:¶ spice 0.14.2

oval:org.secpod.oval:def:1801353
spice versions 0.5.2 through 0.14.1 are vulnerable to an out-of-bounds read due to an off-by-one error in memslot_get_virt. This may lead to a denial-of-service, or, in the worst case, code-execution by unauthenticated attackers. Fixed In Version:¶ spice 0.14.2

oval:org.secpod.oval:def:1801304
spice versions 0.5.2 through 0.14.1 are vulnerable to an out-of-bounds read due to an off-by-one error in memslot_get_virt. This may lead to a denial-of-service, or, in the worst case, code-execution by unauthenticated attackers. Fixed In Version:¶ spice 0.14.2

oval:org.secpod.oval:def:1801305
spice versions 0.5.2 through 0.14.1 are vulnerable to an out-of-bounds read due to an off-by-one error in memslot_get_virt. This may lead to a denial-of-service, or, in the worst case, code-execution by unauthenticated attackers. Fixed In Version:¶ spice 0.14.2

oval:org.secpod.oval:def:1801262
CVE-2018-12900: Heap-based buffer overflow in the cpSeparateBufToContigBuf function resulting in a denial of service¶ Heap-based buffer overflow in the cpSeparateBufToContigBuf function in tiffcp.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service or possibly have unspecifi ...

oval:org.secpod.oval:def:1801264
CVE-2018-12900: Heap-based buffer overflow in the cpSeparateBufToContigBuf function resulting in a denial of service¶ Heap-based buffer overflow in the cpSeparateBufToContigBuf function in tiffcp.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service or possibly have unspecifi ...

oval:org.secpod.oval:def:1801265
CVE-2018-12900: Heap-based buffer overflow in the cpSeparateBufToContigBuf function resulting in a denial of service¶ Heap-based buffer overflow in the cpSeparateBufToContigBuf function in tiffcp.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service or possibly have unspecifi ...

oval:org.secpod.oval:def:1600956
An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one chara ...

oval:org.secpod.oval:def:1600964
nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption. This issue affects nginx compiled with the ngx_http_v2_module if the 'http2' option of the 'listen' directive is used in a configuration f ...

oval:org.secpod.oval:def:1801253
CVE-2018-16843: Excessive memory consumption via flaw in HTTP/2 implementation¶ Affected Versions:¶ nginx 1.9.5 - 1.15.5. Fixed In Version:¶ nginx 1.15.6, nginx 1.14.1

oval:org.secpod.oval:def:1801255
CVE-2018-16843: Excessive memory consumption via flaw in HTTP/2 implementation¶ Affected Versions:¶ nginx 1.9.5 - 1.15.5. Fixed In Version:¶ nginx 1.15.6, nginx 1.14.1

oval:org.secpod.oval:def:1801104
CVE-2017-9935: In LibTIFF 4.0.8, there is a heap-based buffer overflow in the t2p_write_pdf function in tools/tiff2pdf.c. This heap overflow could lead to different damages. For example, a crafted TIFF document can lead to an out-of-bounds read in TIFFCleanup, an invalid free in TIFFClose or t2p_fre ...

oval:org.secpod.oval:def:1801105
CVE-2017-9935: In LibTIFF 4.0.8, there is a heap-based buffer overflow in the t2p_write_pdf function in tools/tiff2pdf.c. This heap overflow could lead to different damages. For example, a crafted TIFF document can lead to an out-of-bounds read in TIFFCleanup, an invalid free in TIFFClose or t2p_fre ...

oval:org.secpod.oval:def:1801106
CVE-2017-9935: In LibTIFF 4.0.8, there is a heap-based buffer overflow in the t2p_write_pdf function in tools/tiff2pdf.c. This heap overflow could lead to different damages. For example, a crafted TIFF document can lead to an out-of-bounds read in TIFFCleanup, an invalid free in TIFFClose or t2p_fre ...

oval:org.secpod.oval:def:1801107
CVE-2017-9935: In LibTIFF 4.0.8, there is a heap-based buffer overflow in the t2p_write_pdf function in tools/tiff2pdf.c. This heap overflow could lead to different damages. For example, a crafted TIFF document can lead to an out-of-bounds read in TIFFCleanup, an invalid free in TIFFClose or t2p_fre ...

oval:org.secpod.oval:def:1800959
In LibTIFF 4.0.9, there is an uncontrolled resource consumption in the TIFFSetDirectory function of tif_dir.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tif file. This occurs because the declared number of directory entries is not validated against ...

oval:org.secpod.oval:def:1800956
In LibTIFF 4.0.9, there is an uncontrolled resource consumption in the TIFFSetDirectory function of tif_dir.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tif file. This occurs because the declared number of directory entries is not validated against ...

oval:org.secpod.oval:def:1800957
In LibTIFF 4.0.9, there is an uncontrolled resource consumption in the TIFFSetDirectory function of tif_dir.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tif file. This occurs because the declared number of directory entries is not validated against ...

oval:org.secpod.oval:def:43620
The host is missing a critical security update according to Mozilla advisory, MFSA2018-03. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ...

oval:org.secpod.oval:def:43778
The host is missing a critical security update according to Mozilla advisory, MFSA2018-04. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ...

oval:org.secpod.oval:def:1600848
Buffer overflow in b64decode function, possibly leading to remote code execution:An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. By sending a handcrafted message, a buffer overflow may happen. This can be used to execute code remotely

oval:org.secpod.oval:def:1600840
Infinite loop issue triggered by invalid OPEN message allows denial-of-serviceAn infinite loop vulnerability was discovered in Quagga. A BGP peer could send specially crafted packets that would cause the daemon to enter an infinite loop, denying service and consuming CPU until it is restarted.Double ...

oval:org.secpod.oval:def:1600930
The Squid Software Foundation Squid HTTP Caching Proxy contains a NULL Pointer Dereference vulnerability in HTTP Response X-Forwarded-For header processing that can result in Denial of Service to all clients of the proxy. This attack appear to be exploitable via Remote HTTP server responding with an ...

oval:org.secpod.oval:def:1800289
CVE-2018-1000024: Incorrect pointer handling when processing ESI Responses can lead to denial of service. Due to incorrect pointer handling, Squid versions 3.x and 4.x are vulnerable to a denial of service attack when processing ESI responses. This problem allows a remote server delivering certain ...

oval:org.secpod.oval:def:1800865
CVE-2018-1000024: Incorrect pointer handling when processing ESI Responses can lead to denial of service¶ Due to incorrect pointer handling, Squid versions 3.x and 4.x are vulnerable to a denial of service attack when processing ESI responses. This problem allows a remote server delivering ce ...

oval:org.secpod.oval:def:1600868
Buffer overflow in dhclient possibly allowing code execution triggered by malicious serverAn out-of-bound memory access flaw was found in the way dhclient processed a DHCP response packet. A malicious DHCP server could potentially use this flaw to crash dhclient processes running on DHCP client mach ...

oval:org.secpod.oval:def:43070
The host is installed with Google Chrome before 63.0.3239.84 and is prone to a integer overflow vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:1600864
Vorbis audio processing out of bounds write:An out of bounds write flaw was found in the processing of vorbis audio data. A maliciously crafted file or audio stream could cause the application to crash or, potentially, execute arbitrary code

oval:org.secpod.oval:def:1600893
A cookie injection flaw was found in wget. An attacker can create a malicious website which, when accessed, overrides cookies belonging to arbitrary domains.

oval:org.secpod.oval:def:1800980
CVE-2018-5150: Memory safety bugs CVE-2018-5154: Use-after-free with SVG animations and clip paths CVE-2018-5155: Use-after-free with SVG animations and text paths CVE-2018-5157: Same-origin bypass of PDF Viewer to view protected PDF files CVE-2018-5158: Malicious PDF can inject JavaScript into PDF ...

oval:org.secpod.oval:def:1801011
GnuPG before version 2.2.8 does not properly sanitize original filenames of signed or encrypted messages allowing for the insertion of line feeds and other control characters. An attacker could exploit this by injecting such characters to craft status messages and fake the validity of signatures.

oval:org.secpod.oval:def:1801014
GnuPG before version 2.2.8 does not properly sanitize original filenames of signed or encrypted messages allowing for the insertion of line feeds and other control characters. An attacker could exploit this by injecting such characters to craft status messages and fake the validity of signatures.

oval:org.secpod.oval:def:1801009
GnuPG before version 2.2.8 does not properly sanitize original filenames of signed or encrypted messages allowing for the insertion of line feeds and other control characters. An attacker could exploit this by injecting such characters to craft status messages and fake the validity of signatures.

oval:org.secpod.oval:def:1800700
CVE-2017-9147: LibTIFF 4.0.7 has an invalid read in the _TIFFVGetField function in tif_dir.c, which might allow remote attackers to cause a denial of service via a crafted TIFF file. Reference: Patch: CVE-2017-9403: In LibTIFF 4.0.7, a memory leak vulnerability was found in the function TIFFReadDir ...

oval:org.secpod.oval:def:1800068
CVE-2017-9936: In LibTIFF 4.0.8, there is a memory leak in tif_jbig.c. A crafted TIFF document can lead to a memory leak resulting in a remote denial of service attack. Reference:¶ Patch:¶ CVE-2017-10688: In LibTIFF 4.0.8, there is a assertion abort in the TIFFWriteDirectoryTagCheckedLong8 ...

oval:org.secpod.oval:def:1600822
Use-after-free in processing SMB1 requestsA use-after-free flaw was found in the way samba servers handled certain SMB1 requests. An unauthenticated attacker could send specially-crafted SMB1 requests to cause the server to crash or execute arbitrary code. Server heap-memory disclosureA memory discl ...

oval:org.secpod.oval:def:603190
Adam Collard discovered that Bazaar, an easy to use distributed version control system, did not correctly handle maliciously constructed bzr+ssh URLs, allowing a remote attackers to run an arbitrary shell command.

oval:org.secpod.oval:def:1800690
Bazaar through 2.7.0, when Subprocess SSH is used, allows remote attackers to execute arbitrary commands via a bzr+ssh URL with an initial dash character in the hostname Fixed In Version:¶ bzr 3.0

oval:org.secpod.oval:def:53199
Adam Collard discovered that Bazaar, an easy to use distributed version control system, did not correctly handle maliciously constructed bzr+ssh URLs, allowing a remote attackers to run an arbitrary shell command.

oval:org.secpod.oval:def:1800148
It is possible to trigger heap overflows due to an integer overflow while parsing images and a signedness issue while parsing comments.The integer overflow occurs because the chosen limit 0x10000 for dimensions is too large for 32 bit systems, because each pixel takes4 bytes. Properly chosen values ...

oval:org.secpod.oval:def:1800759
It is possible to trigger heap overflows due to an integer overflow while parsing images and a signedness issue while parsing comments.The integer overflow occurs because the chosen limit 0x10000 for dimensions is too large for 32 bit systems, because each pixel takes4 bytes. Properly chosen values ...

oval:org.secpod.oval:def:43076
The host is missing a critical severity security update according to Google advisory. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:1800926
CVE-2018-1050: Denial of Service Attack on external print server. Affected Versions All versions of Samba from 4.0.0 onwards. Fixed In Version Samba 4.7.6, 4.6.14 and 4.5.16.

oval:org.secpod.oval:def:1800962
CVE-2018-1050: Denial of Service Attack on external print server. Affected Versions:¶ All versions of Samba from 4.0.0 onwards. Fixed In Version:¶ Samba 4.7.6, 4.6.14 and 4.5.16.

oval:org.secpod.oval:def:1800963
CVE-2018-1050: Denial of Service Attack on external print server. Affected Versions:¶ All versions of Samba from 4.0.0 onwards. Fixed In Version:¶ Samba 4.7.6, 4.6.14 and 4.5.16.

oval:org.secpod.oval:def:1800964
CVE-2018-1050: Denial of Service Attack on external print server. Affected Versions:¶ All versions of Samba from 4.0.0 onwards. Fixed In Version:¶ Samba 4.7.6, 4.6.14 and 4.5.16.

oval:org.secpod.oval:def:1600843
Out-of-bounds read in code handling HTTP/2 trailers:libcurl contains an out bounds read in code handling HTTP/2 trailers. It was reported that reading an HTTP/2 trailer could mess up future trailers since the stored size was one byte less than required. The problem is that the code that creates HTT ...

oval:org.secpod.oval:def:1600871
FTP path trickery leads to NIL byte out of bounds write:It was found that libcurl did not safely parse FTP URLs when using the CURLOPT_FTP_FILEMETHOD method. An attacker, able to provide a specially crafted FTP URL to an application using libcurl, could write a NULL byte at an arbitrary location, re ...

oval:org.secpod.oval:def:1801159
The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to iterate over the password and generate output into the allocated storage buffer. On sy ...

oval:org.secpod.oval:def:1801174
The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to iterate over the password and generate output into the allocated storage buffer. On sy ...

oval:org.secpod.oval:def:1801175
The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to iterate over the password and generate output into the allocated storage buffer. On sy ...

oval:org.secpod.oval:def:1801161
The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to iterate over the password and generate output into the allocated storage buffer. On sy ...

oval:org.secpod.oval:def:1600950
curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently ...

oval:org.secpod.oval:def:1800928
CVE-2018-1000120: FTP path trickery leads to NIL byte out of bounds write¶ Affected versions:¶ curl 7.12.3 to and including curl 7.58.0 Not affected versions:¶ curl = 7.59.0

oval:org.secpod.oval:def:1800930
CVE-2018-1000120: FTP path trickery leads to NIL byte out of bounds write¶ Affected versions:¶ curl 7.12.3 to and including curl 7.58.0 Not affected versions:¶ curl = 7.59.0

oval:org.secpod.oval:def:1800931
CVE-2018-1000120: FTP path trickery leads to NIL byte out of bounds write¶ Affected versions:¶ curl 7.12.3 to and including curl 7.58.0 Not affected versions:¶ curl = 7.59.0

oval:org.secpod.oval:def:1800947
CVE-2018-1000120: FTP path trickery leads to NIL byte out of bounds write¶ Affected versions curl 7.12.3 to and including curl 7.58.0 Not affected versions curl = 7.59.0

oval:org.secpod.oval:def:1800161
CVE-2018-1000005: HTTP/2 trailer out-of-bounds read. Affected versions: libcurl 7.49.0 to and including 7.57.0 Not affected versions: libcurl = 7.58.0

oval:org.secpod.oval:def:1800705
CVE-2018-1000005: HTTP/2 trailer out-of-bounds read¶ Affected versions:¶ libcurl 7.49.0 to and including 7.57.0 Not affected versions:¶ libcurl = 7.58.0

oval:org.secpod.oval:def:49674
perl: Practical Extraction and Report Language Several security issues were fixed in Perl.

oval:org.secpod.oval:def:49782
linux: Linux kernel - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:702991
linux-lts-utopic: Linux hardware enablement kernel from Utopic Several security issues were fixed in the kernel.

oval:org.secpod.oval:def:702997
linux-lts-utopic: Linux hardware enablement kernel from Utopic for Trusty Details: USN-2909-1 fixed vulnerabilities in the Ubuntu 14.10 Linux kernel backported to Ubuntu 14.04 LTS. An incorrect locking fix caused a regression that broke graphics displays for Ubuntu 14.04 LTS guests running the Ubunt ...

oval:org.secpod.oval:def:702999
linux: Linux kernel Details: USN-2908-1 fixed vulnerabilities in the Linux kernel for Ubuntu 15.10. An incorrect locking fix caused a regression that broke graphics displays for Ubuntu 15.10 guests running within VMWare virtual machines. This update fixes the problem. We apologize for the inconvenie ...

oval:org.secpod.oval:def:702998
linux-lts-vivid: Linux hardware enablement kernel from Vivid for Trusty Details: USN-2910-1 fixed vulnerabilities in the Ubuntu 15.04 Linux kernel backported to Ubuntu 14.04 LTS. An incorrect locking fix caused a regression that broke graphics displays for Ubuntu 14.04 LTS guests running the Ubuntu ...

oval:org.secpod.oval:def:49022
nginx: small, powerful, scalable web/proxy server Several security issues were fixed in nginx.

oval:org.secpod.oval:def:53954
php7.2: HTML-embedded scripting language interpreter - php7.0: HTML-embedded scripting language interpreter Several security issues were fixed in PHP.

oval:org.secpod.oval:def:703690
libgcrypt20: LGPL Crypto library - libgcrypt11: LGPL Crypto library Several security issues were fixed in Libgcrypt.

oval:org.secpod.oval:def:49284
The host is missing a high severity security update according to Google advisory. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:49255
The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix: * It was discovered that the ghostscript /invalidaccess checks fail under certain condition ...

oval:org.secpod.oval:def:49217
The host is installed with Artifex Ghostscript before 9.26 and is prone to a type confusion vulnerability. A flaw is present in the application, which fails to properly handle psi/zicc.c component. Successful exploitation could allow attackers to bypass intended access restrictions because of a setc ...

oval:org.secpod.oval:def:49218
The host is installed with Artifex Ghostscript before 9.26 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to properly handle psi/zdevice2.c component. Successful exploitation could allow attackers to bypass intended access restrictions because avai ...

oval:org.secpod.oval:def:49215
The host is installed with Artifex Ghostscript before 9.26 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to properly handle LockSafetyParams device parameter. Successful exploitation could allow attackers to bypass security restrictions on the sys ...

oval:org.secpod.oval:def:49216
The host is installed with Artifex Ghostscript before 9.26 and is prone to a type confusion vulnerability. A flaw is present in the application, which fails to properly handle psi/zfjbig2.c component. Successful exploitation could allow attackers to bypass intended access restrictions because of a J ...

oval:org.secpod.oval:def:204731
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.5.2. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ...

oval:org.secpod.oval:def:204706
Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: * A use-after-free flaw was found in the way samba servers handled c ...

oval:org.secpod.oval:def:204770
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.7.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7 * Mozilla: Buffer overflow manipulating SVG animatedPathSegList * Mozilla: Out-of-bounds write with malformed IP ...

oval:org.secpod.oval:def:204774
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.7.0. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7 * Mozilla: Memory safety bugs fixed in Firefox ESR 52.7 * Mozilla: Vorbis audio processing out o ...

oval:org.secpod.oval:def:204772
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 52.7.2 ESR. Security Fix: * Mozilla: Vorbis audio processing out of bounds write For more details about the security issue, including the impact, ...

oval:org.secpod.oval:def:204763
Mailman is a program used to help manage e-mail discussion lists. Security Fix: * mailman: Cross-site scripting vulnerability in web UI For more details about the security issue, including the impact, a CVSS score, and other related information, refer to the CVE page listed in the References secti ...

oval:org.secpod.oval:def:204760
The quagga packages contain Quagga, the free network-routing software suite that manages TCP/IP based protocols. Quagga supports the BGP4, BGP4+, OSPFv2, OSPFv3, RIPv1, RIPv2, and RIPng protocols, and is intended to be used as a Route Server and Route Reflector. Security Fix: * quagga: Double free v ...

oval:org.secpod.oval:def:204767
The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable ...

oval:org.secpod.oval:def:204751
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.6.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ...

oval:org.secpod.oval:def:204755
LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and extend ...

oval:org.secpod.oval:def:204754
The gcab package contains a utility for managing the Cabinet archives. It can list, extract, and create Microsoft cabinet files. Security Fix: * gcab: Extracting malformed .cab files causes stack smashing potentially leading to arbitrary code execution For more details about the security issue, in ...

oval:org.secpod.oval:def:204745
The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable ...

oval:org.secpod.oval:def:204743
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.6.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:48097
libssh versions 0.6 and above have an authentication bypass vulnerability in the server code. By presenting the server an SSH2_MSG_USERAUTH_SUCCESS message in place of the SSH2_MSG_USERAUTH_REQUEST message which the server would expect to initiate authentication, the attacker could successfully auth ...

oval:org.secpod.oval:def:48009
libssh versions 0.6 and above have an authentication bypass vulnerability in the server code. By presenting the server an SSH2_MSG_USERAUTH_SUCCESS message in place of the SSH2_MSG_USERAUTH_REQUEST message which the server would expect to initiate authentication, the attacker could successfully auth ...

oval:org.secpod.oval:def:204850
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.1.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1, and Firefox ESR 52.9 * Mozilla: Buffer overflow usin ...

oval:org.secpod.oval:def:204855
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.9.1. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1, and Firefox ESR 52.9 * Mozilla: Buffer overflow using computed size of canvas element * Mozilla: Use ...

oval:org.secpod.oval:def:703000
linux-lts-wily: Linux hardware enablement kernel from Wily for Trusty Details: USN-2908-2 fixed vulnerabilities in the Ubuntu 15.10 Linux kernel backported to Ubuntu 14.04 LTS. An incorrect locking fix caused a regression that broke graphics displays for Ubuntu 14.04 LTS guests running the Ubuntu 15 ...

oval:org.secpod.oval:def:204821
LibVNCServer is a C library that enables you to implement VNC server functionality into own programs. Security Fix: * libvncserver: Improper input sanitization in rfbProcessClientNormalMessage in rfbserver.c For more details about the security issue, including the impact, a CVSS score, and other re ...

oval:org.secpod.oval:def:204820
The libvorbis package contains runtime libraries for use in programs that support Ogg Vorbis, a fully open, non-proprietary, patent- and royalty-free, general-purpose compressed format for audio and music at fixed and variable bitrates. Security Fix: * Mozilla: Vorbis audio processing out of bounds ...

oval:org.secpod.oval:def:204825
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 52.8.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8 * Mozilla: Backport critical security fixes in Ski ...

oval:org.secpod.oval:def:204891
The SpamAssassin tool provides a way to reduce unsolicited commercial email from incoming email. Security Fix: * spamassassin: Certain unclosed tags in crafted emails allow for scan timeouts and result in denial of service * spamassassin: Local user code injection in the meta rule syntax For more ...

oval:org.secpod.oval:def:204890
The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix: * It was discovered that the ghostscript /invalidaccess checks fail under certain condition ...

oval:org.secpod.oval:def:204886
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.2.1 ESR. Security Fix: * Mozilla: Crash in TransportSecurityInfo due to cached data * Mozilla: Setting a master password post-Firefox 58 does no ...

oval:org.secpod.oval:def:204871
PostgreSQL is an advanced object-relational database management system . The following packages have been upgraded to a later upstream version: postgresql . Security Fix: * postgresql: Certain host connection parameters defeat client-side security defenses For more details about the security issue ...

oval:org.secpod.oval:def:204875
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.2.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 62 and Firefox ESR 60.2 * Mozilla: Use-after-free in driver timers * Mozi ...

oval:org.secpod.oval:def:204868
Mutt is a low resource, highly configurable, text-based MIME e-mail client. Mutt supports most e-mail storing formats, such as mbox and Maildir, as well as most protocols, including POP3 and IMAP. Security Fix: * mutt: Remote code injection vulnerability to an IMAP mailbox * mutt: Remote Code Execu ...

oval:org.secpod.oval:def:703883
postgresql-common: PostgreSQL database-cluster manager postgresql-common could be made to overwrite files as the administrator.

oval:org.secpod.oval:def:204814
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.8.0. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8 * Mozilla: Backport critical security fixes in Skia * Mozilla: Use-after-free with SVG animations ...

oval:org.secpod.oval:def:204813
The procps-ng packages contain a set of system utilities that provide system information, including ps, free, skill, pkill, pgrep, snice, tload, top, uptime, vmstat, w, watch, and pwdx. Security Fix: * procps-ng, procps: Integer overflows leading to heap overflow in file2strvec * procps-ng, procps: ...

oval:org.secpod.oval:def:204819
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 52.7.3 ESR. Security Fix: * firefox: Use-after-free in compositor potentially allows code execution For more details about the security issue, incl ...

oval:org.secpod.oval:def:204818
The patch program applies diff files to originals. The diff command is used to compare an original to a changed file. Diff lists the changes made to the file. A person who has the original file can then use the patch command with the diff file to add the changes to their original file . Patch should ...

oval:org.secpod.oval:def:48182
The host is installed with Artifex Ghostscript through 9.25 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to properly handle vectors involving the 1policy operator. Successful exploitation could allow attackers to bypass a sandbox protection mecha ...

oval:org.secpod.oval:def:204574
The wpa_supplicant packages contain an 802.1X Supplicant with support for WEP, WPA, WPA2 , and various EAP authentication methods. They implement key negotiation with a WPA Authenticator for client stations and controls the roaming and IEEE 802.11 authentication and association of the WLAN driver. S ...

oval:org.secpod.oval:def:204563
The dnsmasq packages contain Dnsmasq, a lightweight DNS forwarder and DHCP server. Security Fix: * A heap buffer overflow was found in dnsmasq in the code responsible for building DNS replies. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash or, potentially, exec ...

oval:org.secpod.oval:def:33125
The host is installed with Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65 or 8.x before 8.0.27 and is prone to a directory traversal vulnerability. A flaw is present in RequestUtil.java, which fails to handle a /.. (slash dot dot) in a pathname used by a web application in a getResource, getReso ...

oval:org.secpod.oval:def:703110
samba: SMB/CIFS file, print, and login server for Unix Details: USN-2950-1 fixed vulnerabilities in Samba. The backported fixes introduced in Ubuntu 12.04 LTS caused interoperability issues. This update fixes compatibility with certain NAS devices, and allows connecting to Samba 3.6 servers by relax ...

oval:org.secpod.oval:def:703974
squid3: Web proxy cache server Several security issues were fixed in Squid.

oval:org.secpod.oval:def:49637
The host is installed with Google Chrome before 71.0.3578.80 and is prone to a use after free vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:49638
The host is installed with Google Chrome before 71.0.3578.80 and is prone to a use after free vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:49646
The host is missing a high severity security update according to Google advisory. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:49645
The host is missing a high severity security update according to Google advisory. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:703245
libidn: implementation of IETF IDN specifications Several security issues were fixed in Libidn.

oval:org.secpod.oval:def:1801090
In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.

oval:org.secpod.oval:def:1801091
In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.

oval:org.secpod.oval:def:1801087
In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.

oval:org.secpod.oval:def:1801089
In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.

oval:org.secpod.oval:def:1600971
An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file header extensions could cause a one or two byte overwrite.An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the TOLOWER macro for CHM decom ...

oval:org.secpod.oval:def:1600941
Paramiko contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity. This issue does not affect instances where only the ssh client functionality of the paramiko library is used.

oval:org.secpod.oval:def:1801333
Python Paramiko through versions 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5 and 1.17.6 is vulnerable to an authentication bypass in paramiko/auth_handler.py. A remote attacker could exploit this vulnerability in paramiko SSH servers to execute arbitrary code. Fixed In Version:¶ python-paramiko 2 ...

oval:org.secpod.oval:def:1801336
Python Paramiko through versions 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5 and 1.17.6 is vulnerable to an authentication bypass in paramiko/auth_handler.py. A remote attacker could exploit this vulnerability in paramiko SSH servers to execute arbitrary code. Fixed In Version:¶ python-paramiko 2 ...

oval:org.secpod.oval:def:1801329
Python Paramiko through versions 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5 and 1.17.6 is vulnerable to an authentication bypass in paramiko/auth_handler.py. A remote attacker could exploit this vulnerability in paramiko SSH servers to execute arbitrary code. Fixed In Version:¶ python-paramiko 2 ...

oval:org.secpod.oval:def:1800125
Parsing the Rich Text Format character style index was insufficiently checked for validity. Documents can be constructed which dereference an iterator to the first entry of an empty STL container. Fixed In: libreoffice 5.1.4, libreoffice 5.2.0

oval:org.secpod.oval:def:42353
The host is missing an important security update 4041681

oval:org.secpod.oval:def:42357
The host is missing an important security update KB4041690

oval:org.secpod.oval:def:42359
The host is missing an important security update KB4041687

oval:org.secpod.oval:def:42361
The host is missing an important security update KB4041693

oval:org.secpod.oval:def:42364
The host is missing an important security update 4041678

oval:org.secpod.oval:def:42363
The host is missing an important security update 4041679

oval:org.secpod.oval:def:1600903
The fs/ext4/inline.c:ext4_read_inline_data function in the Linux kernel performs a memcpy with an untrusted length value in certain circumstances involving a crafted filesystem that stores the system.data extended attribute value in a dedicated inode. The unbound copy can cause memory corruption or ...

oval:org.secpod.oval:def:42417
A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or inject forged Wi-Fi packets by manipulating cryptograhpic handshakes used by the WPA2 protocol.

oval:org.secpod.oval:def:42416
A new exploitation technique called key reinstallation attacks (KRACKs) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used group key (GTK) during a group ...

oval:org.secpod.oval:def:42415
A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or inject forged Wi-Fi packets by manipulating cryptograhpic handshakes used by the WPA2 protocol.

oval:org.secpod.oval:def:42414
A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or inject forged Wi-Fi packets by manipulating cryptograhpic handshakes used by the WPA2 protocol.

oval:org.secpod.oval:def:42419
A new exploitation technique called key reinstallation attacks (KRACKs) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used integrity group key (IGTK) dur ...

oval:org.secpod.oval:def:42418
A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or inject forged Wi-Fi packets by manipulating cryptograhpic handshakes used by the WPA2 protocol.

oval:org.secpod.oval:def:42420
A new exploitation technique called key reinstallation attacks (KRACKs) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used group key (GTK) during a Wirel ...

oval:org.secpod.oval:def:43010
The host is installed with Apple Mac OS X 10.11.6 or 10.12.6 or before 10.13.1 and is prone to a key reinstallation vulnerability. A flaw is present in the application, which fails to properly handle a logic issue existing in the handling of state. Successful exploitation could allow attackers to fo ...

oval:org.secpod.oval:def:43014
The host is installed with Apple Mac OS X 10.11.6 or 10.12.6 or before 10.13.1 and is prone to a key reinstallation vulnerability. A flaw is present in the application, which fails to properly handle a logic issue existing in the handling of state. Successful exploitation could allow attackers to fo ...

oval:org.secpod.oval:def:43012
The host is installed with Apple Mac OS X 10.11.6 or 10.12.6 or before 10.13.1 and is prone to a key reinstallation vulnerability. A flaw is present in the application, which fails to properly handle a logic issue existing in the handling of state. Successful exploitation could allow attackers to fo ...

oval:org.secpod.oval:def:43011
The host is installed with Apple Mac OS X 10.11.6 or 10.12.6 or before 10.13.1 and is prone to a key reinstallation vulnerability. A flaw is present in the application, which fails to properly handle a logic issue existing in the handling of state. Successful exploitation could allow attackers to fo ...

oval:org.secpod.oval:def:1600916
exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP 7.2.x before 7.2.8 allows remote attackers to cause a denial of service via a crafted JPEG file.exif_read_from_impl in ext/exif/exif.c in PHP 7.2.x through 7.2.7 allows attackers to trigger a use-after-free because it closes a stream that it ...

oval:org.secpod.oval:def:1600913
exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, and 7.1.x before 7.1.20, allows remote attackers to cause a denial of service via a crafted JPEG file.An issue was discovered in PHP before 5.6.37, 7.0.x before 7.0.31, and 7.1.x before 7.1.20. An Integer Ov ...

oval:org.secpod.oval:def:54515
php7.2: HTML-embedded scripting language interpreter - php7.0: HTML-embedded scripting language interpreter Several security issues were fixed in PHP.

oval:org.secpod.oval:def:1600927
A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq were used with "host" or "hostaddr" connection parameters from untrusted input, attackers could b ...

oval:org.secpod.oval:def:1600960
A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq were used with "host" or "hostaddr" connection parameters from untrusted input, attackers could b ...

oval:org.secpod.oval:def:1600914
Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.5.60 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability ...

oval:org.secpod.oval:def:1600889
Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of ...

oval:org.secpod.oval:def:1600887
Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromis ...

oval:org.secpod.oval:def:204867
MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a later upstream version: mariadb . Security Fix: * mysql: Client programs unspecified vulnerability * mysql: Server: DML unspecified vulnerability * my ...

oval:org.secpod.oval:def:1600900
A data validation flaw was found in the way gnupg processes file names during decryption and signature validation. An attacker may be able to inject messages into gnupg verbose message logging which may have the potential to bypass the integrity of signature authentication mechanisms and could have ...

oval:org.secpod.oval:def:204851
The GNU Privacy Guard is a tool for encrypting data and creating digital signatures, compliant with OpenPGP and S/MIME standards. Security Fix: * gnupg2: Improper sanitization of filenames allows for the display of fake status messages and the bypass of signature verification For more details abou ...

oval:org.secpod.oval:def:1600890
Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of ...

oval:org.secpod.oval:def:1600869
Uncontrolled search path element in pg_dump and other client applicationsA flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. An attacker with a user account could use this flaw to execute code with the permissions of superuser in the database

oval:org.secpod.oval:def:1600982
Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of ...

oval:org.secpod.oval:def:1600991
Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Succe ...

oval:org.secpod.oval:def:502544
The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix: * ghostscript: incomplete fix for CVE-2018-16509 For more details about the security issue ...

oval:org.secpod.oval:def:1502399
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:204790
The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix: * glibc: realpath buffer underflow w ...

oval:org.secpod.oval:def:703528
glibc: GNU C Library - eglibc: GNU C Library Several security issues were fixed in the GNU C Library.

oval:org.secpod.oval:def:110610
QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system , including a processor and various peripherials. It can be used to launch differe ...

oval:org.secpod.oval:def:110588
QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system , including a processor and various peripherials. It can be used to launch differe ...

oval:org.secpod.oval:def:110368
QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system , including a processor and various peripherials. It can be used to launch differe ...

oval:org.secpod.oval:def:110338
QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system , including a processor and various peripherials. It can be used to launch differe ...

oval:org.secpod.oval:def:110318
This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor

oval:org.secpod.oval:def:110310
This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor

oval:org.secpod.oval:def:1600920
A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq were used with "host" or "hostaddr" connection parameters from untrusted input, attackers could b ...

oval:org.secpod.oval:def:1600929
A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq were used with "host" or "hostaddr" connection parameters from untrusted input, attackers could b ...

oval:org.secpod.oval:def:1600948
A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq were used with "host" or "hostaddr" connection parameters from untrusted input, attackers could b ...

oval:org.secpod.oval:def:116923
PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ...

oval:org.secpod.oval:def:116921
PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ...

oval:org.secpod.oval:def:1601055
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information d ...

oval:org.secpod.oval:def:53040
The host is missing a critical security update according to Mozilla advisory, MFSA2019-08. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code.

oval:org.secpod.oval:def:54108
thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird.

oval:org.secpod.oval:def:54509
libxslt: XSLT processing library Libxslt could be made to expose sensitive information if it received a specially crafted file.

oval:org.secpod.oval:def:49185
systemd: system and service manager Details: USN-3816-1 fixed several vulnerabilities in systemd. However, the fix for CVE-2018-6954 was not sufficient. This update provides the remaining fixes. We apologize for the inconvenience. Original advisory systemd-tmpfiles could be made to change ownership ...

oval:org.secpod.oval:def:49174
systemd: system and service manager Several security issues were fixed in systemd.

oval:org.secpod.oval:def:49175
systemd: system and service manager Several security issues were fixed in systemd.

oval:org.secpod.oval:def:114286
The kernel meta package

oval:org.secpod.oval:def:114809
curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+passwo ...

oval:org.secpod.oval:def:54406
lua5.3: Simple, extensible, embeddable programming language Lua could be made to crash if it received a specially crafted script.

oval:org.secpod.oval:def:57799
lua5.3: Simple, extensible, embeddable programming language Lua could be made to crash if it received a specially crafted script.

oval:org.secpod.oval:def:1801422
Lua 5.3.5 has a use-after-free in lua_upvaluejoin in lapi.c. For example, a crash outcome might be achieved by an attacker who is able to trigger a debug.upvaluejoin call in which the arguments have certain relationships.

oval:org.secpod.oval:def:1801423
Lua 5.3.5 has a use-after-free in lua_upvaluejoin in lapi.c. For example, a crash outcome might be achieved by an attacker who is able to trigger a debug.upvaluejoin call in which the arguments have certain relationships.

oval:org.secpod.oval:def:1801424
Lua 5.3.5 has a use-after-free in lua_upvaluejoin in lapi.c. For example, a crash outcome might be achieved by an attacker who is able to trigger a debug.upvaluejoin call in which the arguments have certain relationships.

oval:org.secpod.oval:def:57784
lua5.3: Simple, extensible, embeddable programming language Lua could be made to crash if it received a specially crafted script.

oval:org.secpod.oval:def:1801417
Lua 5.3.5 has a use-after-free in lua_upvaluejoin in lapi.c. For example, a crash outcome might be achieved by an attacker who is able to trigger a debug.upvaluejoin call in which the arguments have certain relationships.

oval:org.secpod.oval:def:116048
MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files.

oval:org.secpod.oval:def:116061
The file command is used to identify a particular file according to the type of data contained by the file. File can identify many different file types, including ELF binaries, system libraries, RPM packages, and different graphics formats.

oval:org.secpod.oval:def:116108
The file command is used to identify a particular file according to the type of data contained by the file. File can identify many different file types, including ELF binaries, system libraries, RPM packages, and different graphics formats.

oval:org.secpod.oval:def:204575
The wpa_supplicant packages contain an 802.1X Supplicant with support for WEP, WPA, WPA2 , and various EAP authentication methods. They implement key negotiation with a WPA Authenticator for client stations and controls the roaming and IEEE 802.11 authentication and association of the WLAN driver. S ...

oval:org.secpod.oval:def:204565
The dnsmasq packages contain Dnsmasq, a lightweight DNS forwarder and DHCP server. Security Fix: * A heap buffer overflow was found in dnsmasq in the code responsible for building DNS replies. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash or, potentially, exec ...

oval:org.secpod.oval:def:204732
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.5.2. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ...

oval:org.secpod.oval:def:204711
Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. Security Fix: * A use-after-free flaw was found in the way samba servers handled certain SMB1 requests. A ...

oval:org.secpod.oval:def:204771
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 52.7.2 ESR. Security Fix: * Mozilla: Vorbis audio processing out of bounds write For more details about the security issue, including the impact, ...

oval:org.secpod.oval:def:204778
The patch program applies diff files to originals. The diff command is used to compare an original to a changed file. Diff lists the changes made to the file. A person who has the original file can then use the patch command with the diff file to add the changes to their original file . Patch should ...

oval:org.secpod.oval:def:204776
The libvorbis package contains runtime libraries for use in programs that support Ogg Vorbis, a fully open, non-proprietary, patent- and royalty-free, general-purpose compressed format for audio and music at fixed and variable bitrates. Security Fix: * Mozilla: Vorbis audio processing out of bounds ...

oval:org.secpod.oval:def:204775
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.7.0. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7 * Mozilla: Memory safety bugs fixed in Firefox ESR 52.7 * Mozilla: Vorbis audio processing out o ...

oval:org.secpod.oval:def:204779
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 52.7.3 ESR. Security Fix: * firefox: Use-after-free in compositor potentially allows code execution For more details about the security issue, incl ...

oval:org.secpod.oval:def:204766
Mailman is a program used to help manage e-mail discussion lists. Security Fix: * mailman: Cross-site scripting vulnerability in web UI For more details about the security issue, including the impact, a CVSS score, and other related information, refer to the CVE page listed in the References secti ...

oval:org.secpod.oval:def:204764
LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and extend ...

oval:org.secpod.oval:def:204769
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.7.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7 * Mozilla: Buffer overflow manipulating SVG animatedPathSegList * Mozilla: Out-of-bounds write with malformed IP ...

oval:org.secpod.oval:def:204750
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.6.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ...

oval:org.secpod.oval:def:204756
The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable ...

oval:org.secpod.oval:def:204742
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.6.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:204853
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.1.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1, and Firefox ESR 52.9 * Mozilla: Buffer overflow usin ...

oval:org.secpod.oval:def:204858
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.9.1. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1, and Firefox ESR 52.9 * Mozilla: Buffer overflow using computed size of canvas element * Mozilla: Use ...

oval:org.secpod.oval:def:204840
The zsh shell is a command interpreter usable as an interactive login shell and as a shell script command processor. Zsh resembles the ksh shell , but includes many enhancements. Zsh supports command-line editing, built-in spelling correction, programmable command completion, shell functions , a his ...

oval:org.secpod.oval:def:204843
Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: * samba: Null pointer indirection in printer server process For mor ...

oval:org.secpod.oval:def:204846
Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. Security Fix: * samba: Null pointer indirection in printer server process For more details about the sec ...

oval:org.secpod.oval:def:204849
The GNU Privacy Guard is a tool for encrypting data and creating digital signatures, compliant with OpenPGP and S/MIME standards. Security Fix: * gnupg2: Improper sanitization of filenames allows for the display of fake status messages and the bypass of signature verification For more details abou ...

oval:org.secpod.oval:def:204833
The procps packages contain a set of system utilities that provide system information. The procps packages include the following utilities: ps, free, skill, pkill, pgrep, snice, tload, top, uptime, vmstat, w, watch, pwdx, sysctl, pmap, and slabtop. Security Fix: * procps-ng, procps: Integer overflow ...

oval:org.secpod.oval:def:204898
The python-paramiko package provides a Python module that implements the SSH2 protocol for encrypted and authenticated connections to remote machines. Unlike SSL, the SSH2 protocol does not require hierarchical certificates signed by a powerful central authority. The protocol also includes the abili ...

oval:org.secpod.oval:def:204897
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.2.1. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 62 and Firefox ESR 60.2 * Mozilla: Use-after-free in driver timers * Mozilla: Use-after-free in IndexedDB * Mozilla: Prox ...

oval:org.secpod.oval:def:204884
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.2.1 ESR. Security Fix: * Mozilla: Crash in TransportSecurityInfo due to cached data * Mozilla: Setting a master password post-Firefox 58 does no ...

oval:org.secpod.oval:def:204874
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.2.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 62 and Firefox ESR 60.2 * Mozilla: Use-after-free in driver timers * Mozi ...

oval:org.secpod.oval:def:204869
Mutt is a low resource, highly configurable, text-based MIME e-mail client. Mutt supports most e-mail storing formats, such as mbox and Maildir, as well as most protocols, including POP3 and IMAP. Security Fix: * mutt: Remote code injection vulnerability to an IMAP mailbox * mutt: Remote Code Execu ...

oval:org.secpod.oval:def:204812
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.8.0. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8 * Mozilla: Backport critical security fixes in Skia * Mozilla: Use-after-free with SVG animations ...

oval:org.secpod.oval:def:204801
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 52.8.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8 * Mozilla: Backport critical security fixes in Ski ...

oval:org.secpod.oval:def:42413
The host is missing a security update KB4042723

oval:org.secpod.oval:def:54585
pacemaker: Cluster resource manager Several security issues were fixed in Pacemaker.

oval:org.secpod.oval:def:54581
pacemaker: Cluster resource manager Several security issues were fixed in Pacemaker.

oval:org.secpod.oval:def:502596
The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes usi ...

oval:org.secpod.oval:def:205153
The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes usi ...

oval:org.secpod.oval:def:1801349
CVE-2018-18500: Use-after-free parsing HTML5 stream CVE-2018-18501: Memory safety bugs CVE-2018-18505: Privilege escalation through IPC channel messages Fixed In Version:¶ Firefox ESR 60.5

oval:org.secpod.oval:def:1901437
QEMU, through version 2.10 and through version 3.1.0, is vulnerable to an out-of-bounds read of up to 128 bytes in the hw/i2c/i2c-ddc.c:i2c_ddc function. A local attacker with permission to execute i2c commands could exploit this to read stack memory of the qemu process on the host.

oval:org.secpod.oval:def:116981
MariaDB is a community developed branch of MySQL - a multi-user, multi-threaded SQL database server. It is a client/server implementation consisting of a server daemon and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs and generic ...

oval:org.secpod.oval:def:116551
Pacemaker is an advanced, scalable High-Availability cluster resource manager for Corosync, CMAN and/or Linux-HA. It supports more than 16 node clusters with significant capabilities for managing resources and dependencies. It will run scripts at initialization, when machines go up or down, when rel ...

oval:org.secpod.oval:def:116552
Pacemaker is an advanced, scalable High-Availability cluster resource manager. It supports more than 16 node clusters with significant capabilities for managing resources and dependencies. It will run scripts at initialization, when machines go up or down, when related resources fail and can be conf ...

oval:org.secpod.oval:def:1801392
libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded.

oval:org.secpod.oval:def:1801396
libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded.

oval:org.secpod.oval:def:1801398
libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded.

oval:org.secpod.oval:def:1801385
libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded.

oval:org.secpod.oval:def:116161
QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system , including a processor and various peripherials. It can be used to launch differe ...

oval:org.secpod.oval:def:116101
systemd is a system and service manager that runs as PID 1 and starts the rest of the system. It provides aggressive parallelization capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, keeps track of processes using Linux control groups, mainta ...

oval:org.secpod.oval:def:116022
systemd is a system and service manager that runs as PID 1 and starts the rest of the system. It provides aggressive parallelization capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, keeps track of processes using Linux control groups, mainta ...

oval:org.secpod.oval:def:117136
This package provides useful conversion utilities based on Ghostscript software, for converting PS, PDF and other document formats between each other. Ghostscript is a suite of software providing an interpreter for Adobe Systems' PostScript and Portable Document Format page description languag ...

oval:org.secpod.oval:def:116172
Python 3.5 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.5, see other distributions that support it, such as CentOS or RHEL with Software Co ...

oval:org.secpod.oval:def:116166
Python 3.5 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.5, see other distributions that support it, such as CentOS or RHEL with Software Co ...

oval:org.secpod.oval:def:116220
poppler is a PDF rendering library.

oval:org.secpod.oval:def:116212
poppler is a PDF rendering library.

oval:org.secpod.oval:def:117138
The OpenSSL toolkit provides support for secure communications between machines. This version of OpenSSL package contains only the libraries and is provided for compatibility with previous releases and software that does not support compilation with OpenSSL-1.1.

oval:org.secpod.oval:def:116132
This package provides Django in version 1.11 LTS, the last release to support Python 2. Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle.

oval:org.secpod.oval:def:116126
This package provides Django in version 1.11 LTS, the last release to support Python 2. Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle.

oval:org.secpod.oval:def:116059
Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle.

oval:org.secpod.oval:def:116056
Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle.

oval:org.secpod.oval:def:1801363
A vulnerability was found in Django before versions 2.2b1, 2.1.6, 2.0.11, 1.11.19. If django.utils.numberformat.format, used by contrib.admin as well as the the floatformat, filesizeformat, and intcomma templates filters, received a Decimal with a large number of digits or a large exponent, it could ...

oval:org.secpod.oval:def:1801335
A vulnerability was found in Django before versions 2.2b1, 2.1.6, 2.0.11, 1.11.19. If django.utils.numberformat.format, used by contrib.admin as well as the the floatformat, filesizeformat, and intcomma templates filters, received a Decimal with a large number of digits or a large exponent, it could ...

oval:org.secpod.oval:def:1801338
A vulnerability was found in Django before versions 2.2b1, 2.1.6, 2.0.11, 1.11.19. If django.utils.numberformat.format, used by contrib.admin as well as the the floatformat, filesizeformat, and intcomma templates filters, received a Decimal with a large number of digits or a large exponent, it could ...

oval:org.secpod.oval:def:1801327
A vulnerability was found in Django before versions 2.2b1, 2.1.6, 2.0.11, 1.11.19. If django.utils.numberformat.format, used by contrib.admin as well as the the floatformat, filesizeformat, and intcomma templates filters, received a Decimal with a large number of digits or a large exponent, it could ...

oval:org.secpod.oval:def:116154
Libarchive is a programming library that can create and read several different streaming archive formats, including most popular tar variants, several cpio formats, and both BSD and GNU ar variants. It can also write shar archives and read ISO9660 CDROM images and ZIP archives.

oval:org.secpod.oval:def:116228
Libarchive is a programming library that can create and read several different streaming archive formats, including most popular tar variants, several cpio formats, and both BSD and GNU ar variants. It can also write shar archives and read ISO9660 CDROM images and ZIP archives.

oval:org.secpod.oval:def:116197
poppler is a PDF rendering library.

oval:org.secpod.oval:def:116120
MinGW Windows Poppler library.

oval:org.secpod.oval:def:116116
MinGW Windows Poppler library.

oval:org.secpod.oval:def:116027
poppler is a PDF rendering library.

oval:org.secpod.oval:def:116443
SSH is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the sec ...

oval:org.secpod.oval:def:1801356
CVE-2018-20685: In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side.

oval:org.secpod.oval:def:1801334
CVE-2018-20685: In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side.

oval:org.secpod.oval:def:1801326
CVE-2018-20685: In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side.

oval:org.secpod.oval:def:1801328
CVE-2018-20685: In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side.

oval:org.secpod.oval:def:1600984
The GD Graphics Library has a double free in the gdImage*Ptr functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE: PHP is unaffected

oval:org.secpod.oval:def:1801183
CVE-2018-4246 Processing maliciously crafted web content may lead to arbitrary code execution. A type confusion issue was addressed with improved memory handling. Versions affected: WebKitGTK+ before 2.20.4 CVE-2018-4261 Processing maliciously crafted web content may lead to arbitrary code execution ...

oval:org.secpod.oval:def:1801319
Django before versions 1.11.18, 2.0.10 and 2.1.5 is vulnerable to content spoofing via crafted URL in the default 404 page. An attacker could craft a malicious URL that could make spoofed content appear on the default page generated by the django.views.defaults.page_not_found view. Fixed In Version: ...

oval:org.secpod.oval:def:1801325
Django before versions 1.11.18, 2.0.10 and 2.1.5 is vulnerable to content spoofing via crafted URL in the default 404 page. An attacker could craft a malicious URL that could make spoofed content appear on the default page generated by the django.views.defaults.page_not_found view. Fixed In Version: ...

oval:org.secpod.oval:def:1901301
QEMU can have an infinite loop in hw/rdma/vmw/pvrdma_dev_ring.c because return values are not checked .

oval:org.secpod.oval:def:2000326
A flaw was found in qemu Media Transfer Protocol . The code opening files in usb_mtp_get_object and usb_mtp_get_partial_object and directories in usb_mtp_object_readdir doesn"t consider that the underlying filesystem may have changed since the time lstat was called in usb_mtp_object_alloc, a classic ...

oval:org.secpod.oval:def:704851
qemu: Machine emulator and virtualizer Several security issues were fixed in QEMU.

oval:org.secpod.oval:def:1901101
hw/rdma/vmw/pvrdma_cmd.c in QEMU allows create_cq and create_qp memory leaks because errors are mishandled.

oval:org.secpod.oval:def:1900087
A flaw was found in qemu Media Transfer Protocol . The code opening files in usb_mtp_get_object and usb_mtp_get_partial_object and directories in usb_mtp_object_readdir doesn"t consider that the underlying file system may have changed since the time lstat was called in usb_mtp_object_alloc, a classi ...

oval:org.secpod.oval:def:1801260
CVE-2018-18311: Integer overflow leading to buffer overflow¶ A flaw was found in Perl versions 5.8.0 through 5.28. An Integer overflow leading to buffer overflow in Perl_my_setenv function in util.c Fixed In Version:¶ perl 5.29.1, perl 5.26.3

oval:org.secpod.oval:def:1801258
CVE-2018-18311: Integer overflow leading to buffer overflow¶ A flaw was found in Perl versions 5.8.0 through 5.28. An Integer overflow leading to buffer overflow in Perl_my_setenv function in util.c Fixed In Version:¶ perl 5.29.1, perl 5.26.3

oval:org.secpod.oval:def:1801259
CVE-2018-18311: Integer overflow leading to buffer overflow¶ A flaw was found in Perl versions 5.8.0 through 5.28. An Integer overflow leading to buffer overflow in Perl_my_setenv function in util.c Fixed In Version:¶ perl 5.29.1, perl 5.26.3

oval:org.secpod.oval:def:116250
WavPack is a completely open audio compression format providing lossless, high-quality lossy, and a unique hybrid compression mode. Although the technology is loosely based on previous versions of WavPack, the new version 4 format has been designed from the ground up to offer unparalleled performanc ...

oval:org.secpod.oval:def:1801351
CVE-2018-19840: The function WavpackPackInit in pack_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service via a crafted wav audio file because WavpackSetConfiguration64 mishandles a sample rate of zero.

oval:org.secpod.oval:def:1801314
CVE-2018-19840: The function WavpackPackInit in pack_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service via a crafted wav audio file because WavpackSetConfiguration64 mishandles a sample rate of zero.

oval:org.secpod.oval:def:1801306
CVE-2018-19840: The function WavpackPackInit in pack_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service via a crafted wav audio file because WavpackSetConfiguration64 mishandles a sample rate of zero.

oval:org.secpod.oval:def:1801308
CVE-2018-19840: The function WavpackPackInit in pack_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service via a crafted wav audio file because WavpackSetConfiguration64 mishandles a sample rate of zero.

oval:org.secpod.oval:def:116204
A third-party plugin for the Pidgin multi-protocol instant messenger. It implements the extended version of SIP/SIMPLE used by various products: * Skype for Business * Microsoft Office 365 * Microsoft Business Productivity Online Suite * Microsoft Lync Server * Microsoft Office Communications Serve ...

oval:org.secpod.oval:def:116201
gnome-boxes lets you easily create, setup, access, and use: * remote machines * remote virtual machines * local virtual machines * When technology permits, set up access for applications on local virtual machines

oval:org.secpod.oval:def:116227
Remmina is a remote desktop client written in GTK+, aiming to be useful for system administrators and travelers, who need to work with lots of remote computers in front of either large monitors or tiny net-books. Remmina supports multiple network protocols in an integrated and consistent user interf ...

oval:org.secpod.oval:def:116233
The xfreerdp & wlfreerdp Remote Desktop Protocol clients from the FreeRDP project. xfreerdp & wlfreerdp can connect to RDP servers such as Microsoft Windows machines, xrdp and VirtualBox.

oval:org.secpod.oval:def:116065
gnome-boxes lets you easily create, setup, access, and use: * remote machines * remote virtual machines * local virtual machines * When technology permits, set up access for applications on local virtual machines

oval:org.secpod.oval:def:116058
The xfreerdp & wlfreerdp Remote Desktop Protocol clients from the FreeRDP project. xfreerdp & wlfreerdp can connect to RDP servers such as Microsoft Windows machines, xrdp and VirtualBox.

oval:org.secpod.oval:def:116050
Remmina is a remote desktop client written in GTK+, aiming to be useful for system administrators and travelers, who need to work with lots of remote computers in front of either large monitors or tiny net-books. Remmina supports multiple network protocols in an integrated and consistent user interf ...

oval:org.secpod.oval:def:116072
A third-party plugin for the Pidgin multi-protocol instant messenger. It implements the extended version of SIP/SIMPLE used by various products: * Skype for Business * Microsoft Office 365 * Microsoft Business Productivity Online Suite * Microsoft Lync Server * Microsoft Office Communications Serve ...

oval:org.secpod.oval:def:1801394
CVE-2018-8786: FreeRDP prior to version 2.0.0-rc4 contains an Integer Truncation that leads to a Heap-Based Buffer Overflow in function update_read_bitmap_update and results in a memory corruption and probably even a remote code execution.

oval:org.secpod.oval:def:1801261
CVE-2018-19409: An issue was discovered in Artifex Ghostscript before 9.26. LockSafetyParams is not checked correctly if another device is used. Fixed In Version:¶ ghostscript 9.26

oval:org.secpod.oval:def:1801263
CVE-2018-19409: An issue was discovered in Artifex Ghostscript before 9.26. LockSafetyParams is not checked correctly if another device is used. Fixed In Version:¶ ghostscript 9.26

oval:org.secpod.oval:def:1801266
CVE-2018-19409: An issue was discovered in Artifex Ghostscript before 9.26. LockSafetyParams is not checked correctly if another device is used. Fixed In Version:¶ ghostscript 9.26

oval:org.secpod.oval:def:114193
Chromium is an open-source web browser, powered by WebKit .

oval:org.secpod.oval:def:1600974
A heap use-after-free flaw was found in curl related to closing an easy handle. When closing and cleaning up an #039;easy#039; handle in the `Curl_close` function, the library code first frees a struct and might then subsequently erroneously write to a struct field within that already freed struct. ...

oval:org.secpod.oval:def:1801193
The gmp plugin in strongSwan before 5.7.1 has a Buffer Overflow via a crafted certificate, the vulnerability was introduced with the patch that fixes CVE-2018-16151/2.

oval:org.secpod.oval:def:1801196
The gmp plugin in strongSwan before 5.7.1 has a Buffer Overflow via a crafted certificate, the vulnerability was introduced with the patch that fixes CVE-2018-16151/2.

oval:org.secpod.oval:def:1801197
The gmp plugin in strongSwan before 5.7.1 has a Buffer Overflow via a crafted certificate, the vulnerability was introduced with the patch that fixes CVE-2018-16151/2.

oval:org.secpod.oval:def:1801189
The gmp plugin in strongSwan before 5.7.1 has a Buffer Overflow via a crafted certificate, the vulnerability was introduced with the patch that fixes CVE-2018-16151/2.

oval:org.secpod.oval:def:1801187
CVE-2018-16151: In verify_emsa_pkcs1_signature in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data after the encoded algorithm OID during PKCS#1 v1.5 signature verification. Similar to the flaw in the same ...

oval:org.secpod.oval:def:1600943
Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by contructing an XML document that would cause pathological hash collisions in Expat's internal data structures, ...

oval:org.secpod.oval:def:1600967
Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by contructing an XML document that would cause pathological hash collisions in Expat's internal data structures, ...

oval:org.secpod.oval:def:1600937
A flaw was found in the way a local user on the SpamAssassin server could inject code in the meta rule syntax. This could cause the arbitrary code execution on the server when these rules are being processed.A potential Remote Code Execution bug exists with the PDFInfo plugin in Apache SpamAssassin ...

oval:org.secpod.oval:def:1801559
An issue was discovered in Artifex Ghostscript before 9.25. Incorrect "restoration of privilege" checking when running out of stack during exception handling could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction. This is due to an incomplete fix fo ...

oval:org.secpod.oval:def:1801533
An issue was discovered in Artifex Ghostscript before 9.25. Incorrect "restoration of privilege" checking when running out of stack during exception handling could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction. This is due to an incomplete fix fo ...

oval:org.secpod.oval:def:1502317
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1600969
It was discovered that the ghostscript /invalidaccess checks fail under certain conditions. An attacker could possibly exploit this to bypass the -dSAFER protection and, for example, execute arbitrary shell commands via a specially crafted PostScript document.

oval:org.secpod.oval:def:1801158
CVE-2018-10194: The set_text_distance function in devices/vector/gdevpdts.c in the pdfwrite component in Artifex Ghostscript through 9.22 does not prevent overflows in text-positioning calculation, which allows remote attackers to cause a denial of service or possibly have unspecified other impact ...

oval:org.secpod.oval:def:1801173
CVE-2018-10194: The set_text_distance function in devices/vector/gdevpdts.c in the pdfwrite component in Artifex Ghostscript through 9.22 does not prevent overflows in text-positioning calculation, which allows remote attackers to cause a denial of service or possibly have unspecified other impact ...

oval:org.secpod.oval:def:1801162
CVE-2018-10194: The set_text_distance function in devices/vector/gdevpdts.c in the pdfwrite component in Artifex Ghostscript through 9.22 does not prevent overflows in text-positioning calculation, which allows remote attackers to cause a denial of service or possibly have unspecified other impact ...

oval:org.secpod.oval:def:1801168
CVE-2018-10194: The set_text_distance function in devices/vector/gdevpdts.c in the pdfwrite component in Artifex Ghostscript through 9.22 does not prevent overflows in text-positioning calculation, which allows remote attackers to cause a denial of service or possibly have unspecified other impact ...

oval:org.secpod.oval:def:1801199
CVE-2018-14598: Crash on invalid reply in XListExtensions in ListExt.c¶ An issue was discovered in ListExt.c:XListExtensions and GetFPath.c:XGetFontPath in libX11 through version 1.6.5. A malicious server can send a reply in which the first string overflows, causing a variable to be set to NULL ...

oval:org.secpod.oval:def:1801204
CVE-2018-14598: Crash on invalid reply in XListExtensions in ListExt.c¶ An issue was discovered in ListExt.c:XListExtensions and GetFPath.c:XGetFontPath in libX11 through version 1.6.5. A malicious server can send a reply in which the first string overflows, causing a variable to be set to NULL ...

oval:org.secpod.oval:def:1801205
CVE-2018-14598: Crash on invalid reply in XListExtensions in ListExt.c¶ An issue was discovered in ListExt.c:XListExtensions and GetFPath.c:XGetFontPath in libX11 through version 1.6.5. A malicious server can send a reply in which the first string overflows, causing a variable to be set to NULL ...

oval:org.secpod.oval:def:1801206
CVE-2018-14598: Crash on invalid reply in XListExtensions in ListExt.c¶ An issue was discovered in ListExt.c:XListExtensions and GetFPath.c:XGetFontPath in libX11 through version 1.6.5. A malicious server can send a reply in which the first string overflows, causing a variable to be set to NULL ...

oval:org.secpod.oval:def:1801184
Libgd version 2.2.5 contains a Double Free Vulnerability vulnerability in gdImageBmpPtr Function that can result in Remote Code Execution . This attack appear to be exploitable via Specially Crafted Jpeg Image can trigger double free. This vulnerability appears to have been fixed in after commit ac1 ...

oval:org.secpod.oval:def:1801185
Libgd version 2.2.5 contains a Double Free Vulnerability vulnerability in gdImageBmpPtr Function that can result in Remote Code Execution . This attack appear to be exploitable via Specially Crafted Jpeg Image can trigger double free. This vulnerability appears to have been fixed in after commit ac1 ...

oval:org.secpod.oval:def:1801186
Libgd version 2.2.5 contains a Double Free Vulnerability vulnerability in gdImageBmpPtr Function that can result in Remote Code Execution . This attack appear to be exploitable via Specially Crafted Jpeg Image can trigger double free. This vulnerability appears to have been fixed in after commit ac1 ...

oval:org.secpod.oval:def:1801188
Libgd version 2.2.5 contains a Double Free Vulnerability vulnerability in gdImageBmpPtr Function that can result in Remote Code Execution . This attack appear to be exploitable via Specially Crafted Jpeg Image can trigger double free. This vulnerability appears to have been fixed in after commit ac1 ...

oval:org.secpod.oval:def:1600904
Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue and tcp_prune_ofo_queue for every incoming packet which can lead to a denial of service. An attacker can induce a denial of service condition by sending specially modified packets within ongoing TCP sessi ...

oval:org.secpod.oval:def:1800171
- Mitigate a flush+reload side-channel attack on RSA secret keys dubbed "Sliding right into disaster". For details see < [CVE-2017-7526] Looks like libgcrypt needs to be fixed in stable branches.

oval:org.secpod.oval:def:1600877
DOS via regular expression catastrophic backtracking in apop method in pop3libA flaw was found in the way catastrophic backtracking was implemented in python's pop3lib's apop method. An attacker could use this flaw to cause denial of service. DOS via regular expression backtracking in diff ...

oval:org.secpod.oval:def:1600952
A flaw was found in the way catastrophic backtracking was implemented in python's pop3lib's apop method. An attacker could use this flaw to cause denial of service.A flaw was found in the way catastrophic backtracking was implemented in python's difflib.IS_LINE_JUNK method. An attacke ...

oval:org.secpod.oval:def:1801021
Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. ...

oval:org.secpod.oval:def:1801022
Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. ...

oval:org.secpod.oval:def:1801019
Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. ...

oval:org.secpod.oval:def:1801005
A flaw was found in strongSwan VPN"s charon server prior to version 5.6.3. In stroke_socket.c, a missing packet length check could allow a integer underflow, which may lead to resource exhaustion and denial of service while reading from the socket. A remote attacker with local user credentials may ...

oval:org.secpod.oval:def:114969
PostgreSQL is an advanced Object-Relational database management system . The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine as t ...

oval:org.secpod.oval:def:1600955
A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq were used with "host" or "hostaddr" connection parameters from untrusted input, attackers could b ...

oval:org.secpod.oval:def:1600947
A buffer overflow flaw was found in the zsh shell symbolic link resolver. A local, unprivileged user can create a specially crafted directory path which leads to a buffer overflow in the context of the user trying to do a symbolic link resolution in the aforementioned path. If the user affected is p ...

oval:org.secpod.oval:def:1600918
Because of an implementation bug the PA-RISC CRYPTO_memcmp function is effectively reduced to only comparing the least significant bit of each byte. This allows an attacker to forge messages that would be considered as authenticated in an amount of tries lower than that guaranteed by the security cl ...

oval:org.secpod.oval:def:1600915
Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.7.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability ca ...

oval:org.secpod.oval:def:1600912
Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.6.40 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can ...

oval:org.secpod.oval:def:1600954
Libgcrypt allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacke ...

oval:org.secpod.oval:def:1600862
Cross-site scripting vulnerability in web UIA cross-site scripting flaw was found in mailman. An attacker, able to trick the user into visiting a specific URL, can execute arbitrary web scripts on the user's side and force the victim to perform unintended actions. CSRF protection missing in t ...

oval:org.secpod.oval:def:1600880
Fragmentation attacks possible when EDNS0 is enabledThe DNS stub resolver in the GNU C Library before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation.Buffer overflow in glob ...

oval:org.secpod.oval:def:1800920
- Mitigate a flush+reload side-channel attack on RSA secret keys dubbed "Sliding right into disaster". For details see < [CVE-2017-7526] Looks like libgcrypt needs to be fixed in stable branches.

oval:org.secpod.oval:def:1800802
- Mitigate a flush+reload side-channel attack on RSA secret keys dubbed "Sliding right into disaster". For details see < [CVE-2017-7526] Looks like libgcrypt needs to be fixed in stable branches.

oval:org.secpod.oval:def:1501965
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:113857
Chromium is an open-source web browser, powered by WebKit .

oval:org.secpod.oval:def:43116
The host is missing a critical severity security update according to Google advisory. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:43115
The host is missing a critical severity security update according to Google advisory. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:43136
The host is missing a critical severity security update according to Google advisory. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:114033
Qt5 - QtWebEngine components.

oval:org.secpod.oval:def:114053
Qt5 - QtWebEngine components.

oval:org.secpod.oval:def:115365
Chromium is an open-source web browser, powered by WebKit .

oval:org.secpod.oval:def:115437
Chromium is an open-source web browser, powered by WebKit .

oval:org.secpod.oval:def:115234
Chromium is an open-source web browser, powered by WebKit .

oval:org.secpod.oval:def:49590
The host is missing a high severity security update according to Google advisory. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:53475
Several vulnerabilities have been discovered in the chromium web browser. CVE-2018-17480 Guang Gong discovered an out-of-bounds write issue in the v8 javascript library. CVE-2018-17481 Several use-after-free issues were discovered in the pdfium library. CVE-2018-18335 A buffer overflow issue was dis ...

oval:org.secpod.oval:def:503199
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * kernel: nfs: use-after-free in svc_process_common * kernel: insufficient input validation in kernel mode driver in Intel i915 graphics leads to privilege escalation * kernel: nfs: NULL pointer der ...

oval:org.secpod.oval:def:44802
The host is missing a security update according to Apple advisory, APPLE-SA-2018-3-29-8. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly perform input validation. Successful exploitation could allow attackers to disclose sensi ...

oval:org.secpod.oval:def:603586
Several vulnerabilities have been discovered in the chromium web browser. CVE-2018-17480 Guang Gong discovered an out-of-bounds write issue in the v8 javascript library. CVE-2018-17481 Several use-after-free issues were discovered in the pdfium library. CVE-2018-18335 A buffer overflow issue was dis ...

oval:org.secpod.oval:def:1900675
hw/rdma/vmw/pvrdma_main.c in QEMU does not implement a read operation , which allows attackers to cause a denial of service .

oval:org.secpod.oval:def:1901552
A flaw was found in qemu Media Transfer Protocol before version 3.1.0. A path traversal in the in usb_mtp_write_data function in hw/usb/dev-mtp.c due to an improper filename sanitization. When the guest device is mounted in read-write mode, this allows to read/write arbitrary files which may lead d ...

oval:org.secpod.oval:def:114224
The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols.

oval:org.secpod.oval:def:114223
The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols.

oval:org.secpod.oval:def:114546
The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets ...

oval:org.secpod.oval:def:115085
The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets ...

oval:org.secpod.oval:def:113555
Dnsmasq is lightweight, easy to configure DNS forwarder and DHCP server. It is designed to provide DNS and, optionally, DHCP, to a small network. It can serve the names of local machines which are not in the global DNS. The DHCP server integrates with the DNS server and allows machines with DHCP-all ...

oval:org.secpod.oval:def:49586
The host is installed with Google Chrome before 71.0.3578.80, Thunderbird before 60.5.1, Firefox before 65.0.1 or Firefox ESR before 60.5.1 and is prone to a use after free vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows ...

oval:org.secpod.oval:def:45895
The host is missing a security update according to Apple advisory, APPLE-SA-2018-06-01-3. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle crafted data. Successful exploitation could allow attackers to execute arbitrary ...

oval:org.secpod.oval:def:45896
The host is missing a security update according to Apple advisory, APPLE-SA-2018-06-01-3. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle crafted data. Successful exploitation could allow attackers to execute arbitrary ...

oval:org.secpod.oval:def:45944
The host is missing a security update according to Apple advisory, APPLE-SA-2018-06-01-2. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly perform input validation. Successful exploitation could allow attackers to cause arbitra ...

oval:org.secpod.oval:def:205146
GNOME is the default desktop environment of Red Hat Enterprise Linux. Security Fix: * libsoup: Crash in soup_cookie_jar.c:get_cookies on empty hostnames * poppler: Infinite recursion in fofi/FoFiType1C.cc:FoFiType1C::cvtGlyph function allows denial of service * libgxps: heap based buffer over read ...

oval:org.secpod.oval:def:43640
Mozilla Firefox before 58.0 or Firefox ESR before 52.6 or Thunderbird before 52.6 :- Mozilla developers and community members reported memory safety bugs present in Firefox, Firefox ESR and Thunderbird. Some of these bugs showed evidence of memory corruption and we presume that with enough effort th ...

oval:org.secpod.oval:def:43641
Mozilla Firefox before 58.0 or Firefox ESR before 52.6 :- A use-after-free vulnerability can occur during WebRTC connections when interacting with the DTMF timers. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:43642
Mozilla Firefox before 58.0 or Firefox ESR before 52.6 or Thunderbird before 52.6 :- An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 8 GB of RAM. This results in the use of uninitialized memory, resulting in a potentially e ...

oval:org.secpod.oval:def:43643
Mozilla Firefox before 58.0 or Firefox ESR before 52.6 or Thunderbird before 52.6 :- A use-after-free vulnerability can occur during XSL transformations when the source document for the transformation is manipulated by script content during the transformation. This results in a potentially exploitab ...

oval:org.secpod.oval:def:43644
Mozilla Firefox before 58.0 or Firefox ESR before 52.6 or Thunderbird before 52.6 :- A use-after-free vulnerability can occur when form input elements, focus, and selections are manipulated by script content. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:43645
Mozilla Firefox before 58.0 or Firefox ESR before 52.6 or Thunderbird before 52.6 :- A use-after-free vulnerability can occur when the widget listener is holding strong references to browser objects that have previously been freed, resulting in a potentially exploitable crash when these references a ...

oval:org.secpod.oval:def:43646
Mozilla Firefox before 58.0 or Firefox ESR before 52.6 or Thunderbird before 52.6 :- A use-after-free vulnerability can occur when manipulating HTML media elements with media streams, resulting in a potentially exploitable crash.

oval:org.secpod.oval:def:43647
Mozilla Firefox before 58.0 or Firefox ESR before 52.6 or Thunderbird before 52.6 :- A use-after-free vulnerability can occur during mouse event handling due to issues with multiprocess support. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:43648
Mozilla Firefox before 58.0 or Firefox ESR before 52.6 or Thunderbird before 52.6 :- A use-after-free vulnerability can occur during font face manipulation when a font face is freed while still in use, resulting in a potentially exploitable crash.

oval:org.secpod.oval:def:43649
Mozilla Firefox before 58.0 or Firefox ESR before 52.6 or Thunderbird before 52.6 :- If right-to-left text is used in the addressbar with left-to-right alignment, it is possible in some circumstances to scroll this text to spoof the displayed URL. This issue could result in the wrong URL being displ ...

oval:org.secpod.oval:def:43651
Mozilla Firefox before 58.0 :- Mozilla developers and community members reported memory safety bugs present in Firefox. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.

oval:org.secpod.oval:def:43652
Mozilla Firefox before 58.0 :- A use-after-free vulnerability can occur when the thread for a Web Worker is freed from memory prematurely instead of from memory in the main thread while cancelling fetch operations.

oval:org.secpod.oval:def:43653
Mozilla Firefox before 58.0 :- A heap buffer overflow vulnerability may occur in WebAssembly during Memory/Table resizing, resulting in a potentially exploitable crash.

oval:org.secpod.oval:def:43654
Mozilla Firefox before 58.0 :- A heap buffer overflow vulnerability may occur in WebAssembly when shrinkElements is called followed by garbage collection on memory that is now uninitialized. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:43655
Mozilla Firefox before 58.0 :- A use-after-free vulnerability can occur when arguments passed to the IsPotentiallyScrollable function are freed while still in use by scripts. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:43656
Mozilla Firefox before 58.0 :- A use-after-free vulnerability can occur when manipulating floating first-letter style elements, resulting in a potentially exploitable crash.

oval:org.secpod.oval:def:43657
Mozilla Firefox before 58.0 :- WebExtensions can bypass user prompts to first save and then open an arbitrarily downloaded file. This can result in an executable file running with local user privileges without explicit user consent.

oval:org.secpod.oval:def:43658
Mozilla Firefox before 58.0 :- Style editor traffic in the Developer Tools can be routed through a service worker hosted on a third party website if a user selects error links when these tools are open. This can allow style editor information used within Developer Tools to leak cross-origin.

oval:org.secpod.oval:def:43659
Mozilla Firefox before 58.0 :- The printing process can bypass local access protections to read files available through symlinks, bypassing local file restrictions. The printing process requires files in a specific format so arbitrary data cannot be read but it is possible that some local file infor ...

oval:org.secpod.oval:def:43660
Mozilla Firefox before 58.0 :- A Blob URL can violate origin attribute segregation, allowing it to be accessed from a private browsing tab and for data to be passed between the private browsing tab and a normal tab. This could allow for the leaking of private information specific to the private brow ...

oval:org.secpod.oval:def:43661
Mozilla Firefox before 58.0 :- An audio capture session can started under an incorrect origin from the site making the capture request. Users are still prompted to allow the request but the prompt can display the wrong origin, leading to user confusion about which site is making the request to captu ...

oval:org.secpod.oval:def:43662
Mozilla Firefox before 58.0 :- A potential integer overflow in the DoCrypt function of WebCrypto was identified. If a means was found of exploiting it, it could result in an out-of-bounds write.

oval:org.secpod.oval:def:43663
Mozilla Firefox before 58.0 :- When the text of a specially formatted URL is dragged to the addressbar from page content, the displayed URL can be spoofed to show a different site than the one loaded. This allows for phishing attacks where a malicious page can spoof the identify of another site.

oval:org.secpod.oval:def:43664
Mozilla Firefox before 58.0 :- Development Tools panels of an extension are required to load URLs for the panels as relative URLs from the extension manifest file but this requirement was not enforced in all instances. This could allow the development tools panel for the extension to load a URL that ...

oval:org.secpod.oval:def:43665
Mozilla Firefox before 58.0 :- The browser.identity.launchWebAuthFlow function of WebExtensions is only allowed to load content over https: but this requirement was not properly enforced. This can potentially allow privileged pages to be loaded by the extension.

oval:org.secpod.oval:def:43666
Mozilla Firefox before 58.0 :- If an existing cookie is changed to be HttpOnly while a document is open, the original value remains accessible through script until that document is closed. Network requests correctly use the changed HttpOnly cookie.

oval:org.secpod.oval:def:43667
Mozilla Firefox before 58.0 :- If an HTTP authentication prompt is triggered by a background network request from a page or extension, it is displayed over the currently loaded foreground page. Although the prompt contains the real domain making the request, this can result in user confusion about t ...

oval:org.secpod.oval:def:43668
Mozilla Firefox before 58.0 :- WebExtensions with the ActiveTab permission are able to access frames hosted within the active tab even if the frames are cross-origin. Malicious extensions can inject frames from arbitrary origins into the loaded page and then interact with them, bypassing same-origin ...

oval:org.secpod.oval:def:43669
Mozilla Firefox before 58.0 :- The screenshot images displayed in the Activity Stream page displayed when a new tab is opened is created from the meta tags of websites. An issue was discovered where the page could attempt to create these images through file: URLs from the local file system. This loa ...

oval:org.secpod.oval:def:43670
Mozilla Firefox before 58.0 :- The reader view will display cross-origin content when CORS headers are set to prohibit the loading of cross-origin content by a site. This could allow access to content that should be restricted in reader view.

oval:org.secpod.oval:def:43673
The host is missing a critical security update according to Mozilla advisory, MFSA2018-02. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ...

oval:org.secpod.oval:def:43674
The host is missing a critical security update according to Mozilla advisory, MFSA2018-03. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ...

oval:org.secpod.oval:def:43779
The host is missing a critical security update according to Mozilla advisory, MFSA2018-04. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ...

oval:org.secpod.oval:def:1502308
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:502357
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.2.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 62 and Firefox ESR 60.2 * Mozilla: Use-after-free in driver timers * Mozi ...

oval:org.secpod.oval:def:502356
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.2.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 62 and Firefox ESR 60.2 * Mozilla: Use-after-free in driver timers * Mozi ...

oval:org.secpod.oval:def:115584
SNMP is a protocol used for network management. The NET-SNMP project includes various SNMP tools: an extensible agent, an SNMP library, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command which uses SNMP, and a ...

oval:org.secpod.oval:def:1801282
CVE-2018-1000807: Use-after-free in X509 object handling¶ Python Cryptographic Authority pyopenssl version before 17.5.0 has a use-after-free vulnerability in X509 object handling. This can result in a denial of service or potentially even code execution.

oval:org.secpod.oval:def:1801284
CVE-2018-1000807: Use-after-free in X509 object handling¶ Python Cryptographic Authority pyopenssl version before 17.5.0 has a use-after-free vulnerability in X509 object handling. This can result in a denial of service or potentially even code execution.

oval:org.secpod.oval:def:1801288
CVE-2018-1000807: Use-after-free in X509 object handling¶ Python Cryptographic Authority pyopenssl version before 17.5.0 has a use-after-free vulnerability in X509 object handling. This can result in a denial of service or potentially even code execution.

oval:org.secpod.oval:def:1600837
SingleEntryRegistry incorrect setup of deserialization filter It was discovered that the JMX component of OpenJDK failed to properly set the deserialization filter for the SingleEntryRegistry in certain cases. A remote attacker could possibly use this flaw to bypass intended deserialization restrict ...

oval:org.secpod.oval:def:1600857
DerValue unbounded memory allocation:It was discovered that the Libraries component of OpenJDK failed to sufficiently limit the amount of memory allocated when reading DER encoded input. A remote attacker could possibly use this flaw to make a Java application use an excessive amount of memory if it ...

oval:org.secpod.oval:def:204733
The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix: * Multiple flaws were found in the Hotspot and AWT components of OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java ...

oval:org.secpod.oval:def:204735
The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix: * Multiple flaws were found in the Hotspot and AWT components of OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java ...

oval:org.secpod.oval:def:204752
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix: * A flaw was found in the AWT component of OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. ...

oval:org.secpod.oval:def:204753
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix: * A flaw was found in the AWT component of OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. ...

oval:org.secpod.oval:def:1600884
Unbounded memory allocation during deserialization in NamedNodeMapImpl Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE . Supported versions that are affected are Java SE: 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerabi ...

oval:org.secpod.oval:def:1600876
Unbounded memory allocation during deserialization in Container Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE . Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerabi ...

oval:org.secpod.oval:def:204781
The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix: * OpenJDK: incorrect handling of Reference clones can lead to sandbox bypass * OpenJDK: unrestricted deserialization of data from JCEKS key stores * OpenJ ...

oval:org.secpod.oval:def:204782
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix: * OpenJDK: incorrect handling of Reference clones can lead to sandbox bypass * OpenJDK: unrestricted deserialization of data from JCEKS key stores * OpenJ ...

oval:org.secpod.oval:def:204824
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix: * OpenJDK: incorrect handling of Reference clones can lead to sandbox bypass * OpenJDK: unrestricted deserialization of data from JCEKS key stores * OpenJ ...

oval:org.secpod.oval:def:204829
The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix: * OpenJDK: incorrect handling of Reference clones can lead to sandbox bypass * OpenJDK: unrestricted deserialization of data from JCEKS key stores * OpenJ ...

oval:org.secpod.oval:def:603587
Multiple security issues were found in PHP, a widely-used open source general purpose scripting language: The EXIF module was susceptible to denial of service/information disclosure when parsing malformed images, the Apache module allowed cross-site-scripting via the body of a Transfer-Encoding: chu ...

oval:org.secpod.oval:def:702982
linux-lts-wily: Linux hardware enablement kernel from Wily Several security issues were fixed in the kernel.

oval:org.secpod.oval:def:702986
linux-raspi2: Linux kernel for Raspberry Pi 2 Several security issues were fixed in the kernel.

oval:org.secpod.oval:def:702984
linux: Linux kernel Several security issues were fixed in the kernel.

oval:org.secpod.oval:def:702989
linux-lts-vivid: Linux hardware enablement kernel from Vivid Several security issues were fixed in the kernel.

oval:org.secpod.oval:def:702987
linux: Linux kernel Several security issues were fixed in the kernel.

oval:org.secpod.oval:def:703349
linux-lts-trusty: Linux hardware enablement kernel from Trusty for Precise Several security issues were fixed in the kernel.

oval:org.secpod.oval:def:703347
linux: Linux kernel Several security issues were fixed in the kernel.

oval:org.secpod.oval:def:703321
linux: Linux kernel The system could be made to run programs as an administrator.

oval:org.secpod.oval:def:703320
linux: Linux kernel The system could be made to run programs as an administrator.

oval:org.secpod.oval:def:203891
Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: * A protocol flaw, publicly referred to as Badlock, was found in the ...

oval:org.secpod.oval:def:703325
linux-raspi2: Linux kernel for Raspberry Pi 2 The system could be made to run programs as an administrator.

oval:org.secpod.oval:def:703315
linux: Linux kernel The system could be made to run programs as an administrator.

oval:org.secpod.oval:def:703314
linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty The system could be made to run programs as an administrator.

oval:org.secpod.oval:def:703319
linux-lts-trusty: Linux hardware enablement kernel from Trusty for Precise The system could be made to run programs as an administrator.

oval:org.secpod.oval:def:703317
linux-ti-omap4: Linux kernel for OMAP4 The system could be made to run programs as an administrator.

oval:org.secpod.oval:def:203904
Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. Security Fix: * Multiple flaws were found in Samba"s DCE/RPC protocol implementation. A remote, authentic ...

oval:org.secpod.oval:def:702990
linux-lts-trusty: Linux hardware enablement kernel from Trusty Several security issues were fixed in the kernel.

oval:org.secpod.oval:def:110394
Samba is the standard Windows interoperability suite of programs for Linux and Unix.

oval:org.secpod.oval:def:110395
Samba is the standard Windows interoperability suite of programs for Linux and Unix.

oval:org.secpod.oval:def:400809
Samba was updated to the 4.2.x codestream, bringing some new features and security fixes . These security issues were fixed: - CVE-2015-5370: DCERPC server and client were vulnerable to DOS and MITM attacks . - CVE-2016-2110: A man-in-the-middle could have downgraded NTLMSSP authentication . - CVE-2 ...

oval:org.secpod.oval:def:1800190
CVE-2016-4962, XSA-175: Unsanitised guest input in libxl device handling code. CVE-2016-4480, XSA-176: x86 software guest page walk PS bit handling flaw. CVE-2016-4963, XSA-178: Unsanitised driver domain input in libxl device handling. CVE-2016-3710 CVE-2016-3712, XSA-179: QEMU: Banked access to VGA ...

oval:org.secpod.oval:def:703053
samba: SMB/CIFS file, print, and login server for Unix Several security issues were fixed in Samba.

oval:org.secpod.oval:def:110561
QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system , including a processor and various peripherials. It can be used to launch differe ...

oval:org.secpod.oval:def:110577
This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor

oval:org.secpod.oval:def:1800268
CVE-2016-3157, XSA-171: I/O port access privilege escalation in x86-64 Linux IRET and POPF do not modify EFLAGS.IOPL when executed by code at a privilege level other than zero. Since PV Xen guests run at privilege level 3 , to compensate for this the context switching of EFLAGS.IOPL requires the gue ...

oval:org.secpod.oval:def:110542
This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor

oval:org.secpod.oval:def:110505
QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system , including a processor and various peripherials. It can be used to launch differe ...

oval:org.secpod.oval:def:400699
samba was updated to fix seven security issues. These security issues were fixed: - CVE-2015-5370: DCERPC server and client were vulnerable to DOS and MITM attacks . - CVE-2016-2110: A man-in-the-middle could have downgraded NTLMSSP authentication . - CVE-2016-2111: Domain controller netlogon member ...

oval:org.secpod.oval:def:703159
linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Several security issues were fixed in the kernel.

oval:org.secpod.oval:def:400672
qemu was updated to fix 37 security issues. These security issues were fixed: - CVE-2016-4439: Avoid OOB access in 53C9X emulation - CVE-2016-4441: Avoid OOB access in 53C9X emulation - CVE-2016-4952: Avoid OOB access in Vmware PV SCSI emulation - CVE-2015-8817: Avoid OOB access in PCI DMA I/O - ...

oval:org.secpod.oval:def:400637
qemu was updated to fix 29 security issues. These security issues were fixed: - CVE-2016-4439: Avoid OOB access in 53C9X emulation - CVE-2016-4441: Avoid OOB access in 53C9X emulation - CVE-2016-4952: Avoid OOB access in Vmware PV SCSI emulation - CVE-2015-8817: Avoid OOB access in PCI dma I/O - ...

oval:org.secpod.oval:def:400618
This update for xen to version 4.5.3 fixes the several issues. These security issues were fixed: - CVE-2016-6258: Potential privilege escalation in PV guests . - CVE-2016-6259: Missing SMAP whitelisting in 32-bit exception / event delivery . - CVE-2016-5337: The megasas_ctrl_get_info function allo ...

oval:org.secpod.oval:def:703230
linux-ti-omap4: Linux kernel for OMAP4 Several security issues were fixed in the kernel.

oval:org.secpod.oval:def:703233
linux: Linux kernel Several security issues were fixed in the kernel.

oval:org.secpod.oval:def:1600909
The defaults settings for the CORS filter provided in Apache Tomcat are insecure and enable 'supportsCredentials' for all origins. It is expected that users of the CORS filter will have configured it appropriately for their environment rather than using it in the default configuration. The ...

oval:org.secpod.oval:def:116193
Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory e ...

oval:org.secpod.oval:def:1600945
When the default servlet in Apache Tomcat versions 7.0.23 to 7.0.90 returned a redirect to a directory a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice.

oval:org.secpod.oval:def:1600906
The defaults settings for the CORS filter provided in Apache Tomcat are insecure and enable 'supportsCredentials' for all origins. It is expected that users of the CORS filter will have configured it appropriately for their environment rather than using it in the default configuration. The ...

oval:org.secpod.oval:def:204892
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Security Fix: * tomcat: A bug in the UTF-8 decoder can lead to DoS For more details about the security issue, including the impact, a CVSS score, and other related information, refer to the CVE page listed ...

oval:org.secpod.oval:def:1800937
CVE-2018-7536: Denial-of-service possibility in urlize and urlizetrunc template filters¶ The django.utils.html.urlize function was extremely slow to evaluate certain inputs due to catastrophic backtracking vulnerabilities in two regular expressions . The urlize function is used to implement the ...

oval:org.secpod.oval:def:1800938
CVE-2018-7536: Denial-of-service possibility in urlize and urlizetrunc template filters¶ The django.utils.html.urlize function was extremely slow to evaluate certain inputs due to catastrophic backtracking vulnerabilities in two regular expressions . The urlize function is used to implement the ...

oval:org.secpod.oval:def:1800944
CVE-2018-7536: Denial-of-service possibility in urlize and urlizetrunc template filters¶ The django.utils.html.urlize function was extremely slow to evaluate certain inputs due to catastrophic backtracking vulnerabilities in two regular expressions . The urlize function is used to implement the ...

oval:org.secpod.oval:def:1800952
CVE-2018-7536: Denial-of-service possibility in urlize and urlizetrunc template filters¶ The django.utils.html.urlize function was extremely slow to evaluate certain inputs due to catastrophic backtracking vulnerabilities in two regular expressions . The urlize function is used to implement the ...

oval:org.secpod.oval:def:602436
Multiple security vulnerabilities have been fixed in the Tomcat servlet and JSP engine, which may result on bypass of security manager restrictions, information disclosure, denial of service or session fixation.

oval:org.secpod.oval:def:400782
This update for tomcat fixes the following issues: Tomcat 8 was updated from 8.0.23 to 8.0.32, to fix bugs and security issues. Fixed security issues: * CVE-2015-5174: Directory traversal vulnerability in RequestUtil.java in Apache Tomcat allowed remote authenticated users to bypass intended Securit ...

oval:org.secpod.oval:def:1600343
A directory traversal vulnerability in RequestUtil.java was discovered which allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths cal ...

oval:org.secpod.oval:def:1600336
ResourceLinkFactory.setGlobalContext is a public method and was discovered to be accessible by web applications running under a security manager without any checks. This allowed a malicious web application to inject a malicious global context that could in turn be used to disrupt other web applicati ...

oval:org.secpod.oval:def:1600351
A directory traversal vulnerability in RequestUtil.java was discovered which allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths cal ...

oval:org.secpod.oval:def:1600357
ResourceLinkFactory.setGlobalContext is a public method and was discovered to be accessible by web applications running under a security manager without any checks. This allowed a malicious web application to inject a malicious global context that could in turn be used to disrupt other web applicati ...

oval:org.secpod.oval:def:1600384
A directory traversal vulnerability in RequestUtil.java was discovered which allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths cal ...

oval:org.secpod.oval:def:602469
Multiple security vulnerabilities have been discovered in the Tomcat servlet and JSP engine, which may result in information disclosure, the bypass of CSRF protections and bypass of the SecurityManager.

oval:org.secpod.oval:def:33121
The host is installed with Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31 or 9.x before 9.0.0.M3 and is prone to a security bypass vulnerability. A flaw is present in the setGlobalContext method, which does not consider whether ResourceLinkFactory.setGlobalContext callers are authorized. Success ...

oval:org.secpod.oval:def:33120
The host is installed with Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31 or 9.x before 9.0.0.M2 and is prone to a security bypass vulnerability. A flaw is present in the application, which does not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catal ...

oval:org.secpod.oval:def:33119
The host is installed with Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31 or 9.x before 9.0.0.M2 and is prone to a security bypass vulnerability. A flaw is present in the session-persistence implementation, which mishandles session attributes. Successful exploitation allows re ...

oval:org.secpod.oval:def:400638
This update for tomcat fixes the following security issues. Tomcat has been updated from 7.0.55 to 7.0.68. * CVE-2015-5174: Directory traversal vulnerability in RequestUtil.java in Apache Tomcat allowed remote authenticated users to bypass intended SecurityManager restrictions and list a parent dire ...

oval:org.secpod.oval:def:110343
Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory e ...

oval:org.secpod.oval:def:1501600
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Security Fix: * It was discovered that the Tomcat packages installed configuration file /usr/lib/tmpfiles.d/tomcat.conf writeable to the tomcat group. A member of the group or a malicious web application dep ...

oval:org.secpod.oval:def:33123
The host is installed with Apache Tomcat 7.x before 7.0.66, 8.x before 8.0.30 or 9.x before 9.0.0.M2 and is prone to a session fixation vulnerability. A flaw is present in the session-persistence implementation, which fails to handle different session settings used for deployments of multiple versio ...

oval:org.secpod.oval:def:33122
The host is installed with Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31 or 9.x before 9.0.0.M2 and is prone to a security bypass vulnerability. A flaw is present in the Manager and Host Manager applications, which establish sessions and send CSRF tokens for arbitrary new requests. Successful e ...

oval:org.secpod.oval:def:33124
The host is installed with Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.67, 8.x before 8.0.30 or 9.x before 9.0.0.M2 and is prone to an information disclosure vulnerability. A flaw is present in the Mapper component, which processes redirects before considering security constraints and Filters. S ...

oval:org.secpod.oval:def:1700134
An improper input validation was found in function __zzip_fetch_disk_trailer of ZZIPlib, up to 0.13.68, that could lead to a crash in __zzip_parse_root_directory function of zzip/ip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file.A memory lea ...

oval:org.secpod.oval:def:115244
The patch program applies diff files to originals. The diff command is used to compare an original to a changed file. Diff lists the changes made to the file. A person who has the original file can then use the patch command with the diff file to add the changes to their original file . Patch should ...

oval:org.secpod.oval:def:704925
python-gnupg: Python wrapper for the GNU Privacy Guard Several security issues were fixed in python-gnupg

oval:org.secpod.oval:def:1901892
A use-after-free defect was discovered in pacemaker that can possibly lead to unsolicited information disclosure in the log outputs.

oval:org.secpod.oval:def:704909
pacemaker: Cluster resource manager Several security issues were fixed in Pacemaker.

oval:org.secpod.oval:def:502736
The Pacemaker cluster resource manager is a collection of technologies working together to maintain data integrity and application availability in the event of failures. Security Fix: * pacemaker: Insufficient local IPC client-server authentication on the client"s side can lead to local privesc * p ...

oval:org.secpod.oval:def:39490
glibc: GNU C Library - eglibc: GNU C Library Several security issues were fixed in the GNU C Library.

oval:org.secpod.oval:def:113977
Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS l ...

oval:org.secpod.oval:def:603164
It was discovered that the pg_ctlcluster, pg_createcluster and pg_upgradecluster commands handled symbolic links insecurely which could result in local denial of service by overwriting arbitrary files.

oval:org.secpod.oval:def:1800593
CVE-2016-6263: Crash when given invalid UTF-8 data on input CVE-2015-8948: Out-of-bounds read due to use of fgets with fixed-size buffer CVE-2016-6262: Out-of-bounds read when reading zero byte as input CVE-2016-6261: Out of bounds stack read in idna_to_ascii_4i Fixed In Version: libidn 1.33

oval:org.secpod.oval:def:1800542
An attacker who learns the EdDSA session key from side-channel observation during the signing process, can easily recover the long-term secret key. Storing the session key in secure memory ensures that constant time point operations are used in the MPI library. Fixed In Version: libgcrypt 1.7.7 Refe ...

oval:org.secpod.oval:def:1800562
An attacker who learns the EdDSA session key from side-channel observation during the signing process, can easily recover the long-term secret key. Storing the session key in secure memory ensures that constant time point operations are used in the MPI library. Fixed In Version libgcrypt 1.7.7 Refer ...

oval:org.secpod.oval:def:603278
Several vulnerabilities have been discovered in Squid3, a fully featured web proxy cache. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2018-1000024 Louis Dion-Marcil discovered that Squid does not properly handle processing of certain ESI responses. A remote ...

oval:org.secpod.oval:def:1800667
CVE-2018-1000024: Incorrect pointer handling when processing ESI Responses can lead to denial of service Due to incorrect pointer handling, Squid versions 3.x and 4.x are vulnerable to a denial of service attack when processing ESI responses. This problem allows a remote server delivering certain ...

oval:org.secpod.oval:def:704079
curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl.

oval:org.secpod.oval:def:704073
php7.2: HTML-embedded scripting language interpreter - php7.1: HTML-embedded scripting language interpreter - php7.0: HTML-embedded scripting language interpreter - php5: HTML-embedded scripting language interpreter Several security issues were fixed in PHP.

oval:org.secpod.oval:def:704051
perl: Practical Extraction and Report Language Several security issues were fixed in Perl.

oval:org.secpod.oval:def:1800399
CVE-2018-1000024: Incorrect pointer handling when processing ESI Responses can lead to denial of service; Due to incorrect pointer handling, Squid versions 3.x and 4.x are vulnerable to a denial of service attack when processing ESI responses. This problem allows a remote server delivering certain ...

oval:org.secpod.oval:def:45546
php7.2: HTML-embedded scripting language interpreter - php7.1: HTML-embedded scripting language interpreter - php7.0: HTML-embedded scripting language interpreter - php5: HTML-embedded scripting language interpreter Several security issues were fixed in PHP.

oval:org.secpod.oval:def:53176
It was discovered that the pg_ctlcluster, pg_createcluster and pg_upgradecluster commands handled symbolic links insecurely which could result in local denial of service by overwriting arbitrary files.

oval:org.secpod.oval:def:603399
OSS-fuzz, assisted by Max Dymond, discovered that cURL, an URL transfer library, could be tricked into reading data beyond the end of a heap based buffer when parsing invalid headers in an RTSP response.

oval:org.secpod.oval:def:41167
libgcrypt20: LGPL Crypto library - libgcrypt11: LGPL Crypto library Several security issues were fixed in Libgcrypt.

oval:org.secpod.oval:def:43822
squid3: Web proxy cache server Several security issues were fixed in Squid.

oval:org.secpod.oval:def:603445
Several vulnerabilities were found in PHP, a widely-used open source general purpose scripting language: CVE-2018-7584 Buffer underread in parsing HTTP responses CVE-2018-10545 Dumpable FPM child processes allowed the bypass of opcache access controls CVE-2018-10546 Denial of service via infinite lo ...

oval:org.secpod.oval:def:45660
curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl.

oval:org.secpod.oval:def:53257
Several vulnerabilities have been discovered in Squid3, a fully featured web proxy cache. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2018-1000024 Louis Dion-Marcil discovered that Squid does not properly handle processing of certain ESI responses. A remote ...

oval:org.secpod.oval:def:53329
OSS-fuzz, assisted by Max Dymond, discovered that cURL, an URL transfer library, could be tricked into reading data beyond the end of a heap based buffer when parsing invalid headers in an RTSP response.

oval:org.secpod.oval:def:51532
postgresql-common: PostgreSQL database-cluster manager postgresql-common could be made to overwrite files as the administrator.

oval:org.secpod.oval:def:51534
squid3: Web proxy cache server Several security issues were fixed in Squid.

oval:org.secpod.oval:def:51537
curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl.

oval:org.secpod.oval:def:51524
libgcrypt20: LGPL Crypto library - libgcrypt11: LGPL Crypto library Several security issues were fixed in Libgcrypt.

oval:org.secpod.oval:def:52912
squid3: Web proxy cache server Several security issues were fixed in Squid.

oval:org.secpod.oval:def:52922
perl: Practical Extraction and Report Language Several security issues were fixed in Perl.

oval:org.secpod.oval:def:36851
libidn: implementation of IETF IDN specifications Several security issues were fixed in Libidn.

oval:org.secpod.oval:def:43225
postgresql-common: PostgreSQL database-cluster manager postgresql-common could be made to overwrite files as the administrator.

oval:org.secpod.oval:def:1700054
Curl version curl 7.54.1 to and including curl 7.59.0 contains a CWE-122: Heap-based Buffer Overflow vulnerability in denial of service and more that can result in curl might overflow a heap based memory buffer when closing down an FTP connection with very long server command replies.Curl version cu ...

oval:org.secpod.oval:def:114538
curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+passwo ...

oval:org.secpod.oval:def:51040
curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl.

oval:org.secpod.oval:def:113356
The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets ...

oval:org.secpod.oval:def:602603
Hanno Boeck discovered multiple vulnerabilities in libidn, the GNU library for Internationalized Domain Names, allowing a remote attacker to cause a denial of service against an application using the libidn library .

oval:org.secpod.oval:def:115699
MinGW Windows Poppler library.

oval:org.secpod.oval:def:51165
python2.7: An interactive high-level object-oriented language - python3.5: An interactive high-level object-oriented language - python3.4: An interactive high-level object-oriented language Several security issues were fixed in Python.

oval:org.secpod.oval:def:51176
poppler: PDF rendering library Several security issues were fixed in poppler.

oval:org.secpod.oval:def:115605
Python 3.6 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.6, see other distributions that support it, such as CentOS or RHEL with Software Co ...

oval:org.secpod.oval:def:2000180
slirp: heap buffer overflow in tcp_emu

oval:org.secpod.oval:def:1502480
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502422
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:49675
perl: Practical Extraction and Report Language Several security issues were fixed in Perl.

oval:org.secpod.oval:def:34611
qemu: Machine emulator and virtualizer - qemu-kvm: Machine emulator and virtualizer Several security issues were fixed in QEMU.

oval:org.secpod.oval:def:1700156
FreeRDP prior to version 2.0.0-rc4 contains an Out-Of-Bounds Write of up to 4 bytes in function nsc_rle_decode that results in a memory corruption and possibly even a remote code execution.FreeRDP prior to version 2.0.0-rc4 contains an Integer Overflow that leads to a Heap-Based Buffer Overflow in f ...

oval:org.secpod.oval:def:2000279
v9fs_wstat in hw/9pfs/9p.c in QEMU allows guest OS users to cause a denial of service because of a race condition during file renaming.

oval:org.secpod.oval:def:2000224
hw/9pfs/cofile.c and hw/9pfs/9p.c in QEMU can modify an fid path while it is being accessed by a second thread, leading to a use-after-free outcome.

oval:org.secpod.oval:def:1700104
Python#039;s elementtree C accelerator failed to initialise Expat#039;s hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by contructing an XML document that would cause pathological hash collisions in Expat#039;s internal data structures, co ...

oval:org.secpod.oval:def:502637
FreeRDP is a free implementation of the Remote Desktop Protocol , released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. Security Fix: * freerdp: Integer truncation leading to heap-based buffer overflow in update_re ...

oval:org.secpod.oval:def:47236
postgresql-10: object-relational SQL database - postgresql-9.5: Object-relational SQL database - postgresql-9.3: Object-relational SQL database Several security issues were fixed in PostgreSQL.

oval:org.secpod.oval:def:115448
Python 3.7 package for developers. This package exists to allow developers to test their code against a newer version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.7, update your Fedora to a newer version once Python 3.7 is stable.

oval:org.secpod.oval:def:54426
pacemaker: Cluster resource manager Several security issues were fixed in Pacemaker.

oval:org.secpod.oval:def:115460
Python 3.3 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.3, see other distributions that support it, such as CentOS or RHEL with Software Co ...

oval:org.secpod.oval:def:115412
Python 3.5 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.5, see other distributions that support it, such as CentOS or RHEL with Software Co ...

oval:org.secpod.oval:def:115400
Python 2.6 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 2.6, see other distributions that support it, such as CentOS or RHEL 6.

oval:org.secpod.oval:def:1901884
A flaw was found in the way pacemaker"s client-server authentication was implemented. A local attacker could use this flaw and combine it with other IPC weaknesses, to achieve local privilege escalation.

oval:org.secpod.oval:def:2000382
Exiv2::Internal::PngChunk::parseTXTChunk in Exiv2 v0.26 allows remote attackers to cause a denial of service via a crafted image file, a different vulnerability than CVE-2018-10999.

oval:org.secpod.oval:def:114956
PostgreSQL is an advanced Object-Relational database management system . The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine as t ...

oval:org.secpod.oval:def:1901881
A flaw was found in pacemaker. An insufficient verification inflicted preference of uncontrolled processes can lead to DoS

oval:org.secpod.oval:def:503195
Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix: * QEMU: slirp: heap buffer overflow in tcp_emu For more details about the security ...

oval:org.secpod.oval:def:47263
The host is installed with PostgreSQL 10.x before 10.5, 9.6.x before 9.6.10, 9.5.x before 9.5.14, 9.4.x before 9.4.19, and 9.3.x before 9.3.24 and is prone to a security bypass vulnerability. The flaw present in the application's libpq component where it fails to properly reset its internal state be ...

oval:org.secpod.oval:def:47262
The host is installed with PostgreSQL 10.x before 10.5, 9.6.x before 9.6.10, 9.5.x before 9.5.14, 9.4.x before 9.4.19, and 9.3.x before 9.3.24 and is prone to a security bypass vulnerability. The flaw present in the application's libpq component where it fails to properly reset its internal state be ...

oval:org.secpod.oval:def:114974
Python 3.4 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.4, see other distributions that support it, such as CentOS or RHEL with Software Co ...

oval:org.secpod.oval:def:48685
curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl.

oval:org.secpod.oval:def:115576
Python 3.4 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.4, see other distributions that support it, such as CentOS or RHEL with Software Co ...

oval:org.secpod.oval:def:49184
systemd: system and service manager Details: USN-3816-1 fixed several vulnerabilities in systemd. However, the fix for CVE-2018-6954 was not sufficient. This update provides the remaining fixes. We apologize for the inconvenience. Original advisory systemd-tmpfiles could be made to change ownership ...

oval:org.secpod.oval:def:115566
Python is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3 package provides the "python3" executable: the ...

oval:org.secpod.oval:def:50186
The host is installed with python before versions 2.7.15 or 3.4.9 and is prone to a denial-of-service vulnerability. The flaw is present in the application, which fails to properly handle catastrophic backtracking in difflib.IS_LINE_JUNK method. Successful exploitation allow context-dependent attack ...

oval:org.secpod.oval:def:114269
The python3-docs package contains documentation on the Python 3 programming language and interpreter. Install the python3-docs package if you'd like to use the documentation for the Python 3 language.

oval:org.secpod.oval:def:114264
The python3-docs package contains documentation on the Python 3 programming language and interpreter. Install the python3-docs package if you'd like to use the documentation for the Python 3 language.

oval:org.secpod.oval:def:50187
The host is installed with python 2.7.0 is prone to a denial-of-service vulnerability. The flaw is present in the application, which fails to properly handle the passage of unfiltered user input to the function. Successful exploitation allow attackers to cause a denial of service, information gain v ...

oval:org.secpod.oval:def:114260
pip is a package management system used to install and manage software packages written in Python. Many packages can be found in the Python Package Index . pip is a recursive acronym that can stand for either "Pip Installs Packages" or "Pip Installs Python".

oval:org.secpod.oval:def:115585
Perl is a high-level programming language with roots in C, sed, awk and shell scripting. Perl is good at handling processes and files, and is especially good at handling text. Perl's hallmarks are practicality and efficiency. While it is used to do a lot of different things, Perl's most comm ...

oval:org.secpod.oval:def:49173
python2.7: An interactive high-level object-oriented language - python3.5: An interactive high-level object-oriented language - python3.4: An interactive high-level object-oriented language Several security issues were fixed in Python.

oval:org.secpod.oval:def:603432
Two vulnerabilities were discovered in strongSwan, an IKE/IPsec suite. CVE-2018-5388 The stroke plugin did not verify the message length when reading from its control socket. This vulnerability could lead to denial of service. On Debian write access to the socket requires root permission on default ...

oval:org.secpod.oval:def:502000
Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix: * An integer overflow flaw and an out-of-bounds read flaw were found in the way QEM ...

oval:org.secpod.oval:def:114271
Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to v ...

oval:org.secpod.oval:def:114270
It uses mostly the same techniques for finding packages, so packages that were made easy_installable should be pip-installable as well.

oval:org.secpod.oval:def:114272
Python is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readibility. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3 package provides the "python3" executable: the ...

oval:org.secpod.oval:def:205241
Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix: * QEMU: slirp: heap buffer overflow in tcp_emu For more details about the security ...

oval:org.secpod.oval:def:53353
Two vulnerabilities were discovered in strongSwan, an IKE/IPsec suite. CVE-2018-5388 The stroke plugin did not verify the message length when reading from its control socket. This vulnerability could lead to denial of service. On Debian write access to the socket requires root permission on default ...

oval:org.secpod.oval:def:51541
python2.7: An interactive high-level object-oriented language - python3.5: An interactive high-level object-oriented language - python3.4: An interactive high-level object-oriented language Several security issues were fixed in Python.

oval:org.secpod.oval:def:51544
poppler: PDF rendering library Several security issues were fixed in poppler.

oval:org.secpod.oval:def:49256
poppler: PDF rendering library Several security issues were fixed in poppler.

oval:org.secpod.oval:def:704285
postgresql-10: object-relational SQL database - postgresql-9.5: Object-relational SQL database - postgresql-9.3: Object-relational SQL database Several security issues were fixed in PostgreSQL.

oval:org.secpod.oval:def:603530
Sze Yiu Chau and his team from Purdue University and The University of Iowa found several issues in the gmp plugin for strongSwan, an IKE/IPsec suite. Problems in the parsing and verification of RSA signatures could lead to a Bleichenbacher-style low-exponent signature forgery in certificates and du ...

oval:org.secpod.oval:def:603531
Multiple security issues were discovered in Python: ElementTree failed to initialise Expat"s hash salt, two denial of service issues were found in difflib and poplib and the shutil module was affected by a command injection vulnerability.

oval:org.secpod.oval:def:603567
Two vulnerabilities were discovered in cURL, an URL transfer library. CVE-2018-16839 Harry Sintonen discovered that, on systems with a 32 bit size_t, an integer overflow would be triggered when a SASL user name longer than 2GB is used. This would in turn cause a very small buffer to be allocated ins ...

oval:org.secpod.oval:def:603581
Multiple vulnerabilities were discovered in the implementation of the Perl programming language. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2018-18311 Jayakrishna Menon and Christophe Hauser discovered an integer overflow vulnerability in Perl_my_setenv l ...

oval:org.secpod.oval:def:47530
php7.2: HTML-embedded scripting language interpreter - php7.0: HTML-embedded scripting language interpreter - php5: HTML-embedded scripting language interpreter Several security issues were fixed in PHP.

oval:org.secpod.oval:def:115296
curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+passwo ...

oval:org.secpod.oval:def:115255
Python 2 is an old version of the language that is incompatible with the 3.x line of releases. The language is mostly the same, but many details, especially how built-in objects like dictionaries and strings work, have changed considerably, and a lot of deprecated features have finally been removed ...

oval:org.secpod.oval:def:115252
Python 2 is an old version of the language that is incompatible with the 3.x line of releases. The language is mostly the same, but many details, especially how built-in objects like dictionaries and strings work, have changed considerably, and a lot of deprecated features have finally been removed ...

oval:org.secpod.oval:def:115243
The strongSwan IPsec implementation supports both the IKEv1 and IKEv2 key exchange protocols in conjunction with the native NETKEY IPsec stack of the Linux kernel.

oval:org.secpod.oval:def:115241
The strongSwan IPsec implementation supports both the IKEv1 and IKEv2 key exchange protocols in conjunction with the native NETKEY IPsec stack of the Linux kernel.

oval:org.secpod.oval:def:115275
Python 2.6 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 2.6, see other distributions that support it, such as CentOS or RHEL 6.

oval:org.secpod.oval:def:115271
Python 3.5 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.5, see other distributions that support it, such as CentOS or RHEL with Software Co ...

oval:org.secpod.oval:def:502178
Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: * A protocol flaw, publicly referred to as Badlock, was found in the ...

oval:org.secpod.oval:def:1501428
Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. The following packages have been upgraded to a newer upstream version: Samba . Ref ...

oval:org.secpod.oval:def:1501429
Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. The following packages have been upgraded to a newer upstream version: Samba . Ref ...

oval:org.secpod.oval:def:115359
Python 2 is an old version of the language that is incompatible with the 3.x line of releases. The language is mostly the same, but many details, especially how built-in objects like dictionaries and strings work, have changed considerably, and a lot of deprecated features have finally been removed ...

oval:org.secpod.oval:def:1501430
Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. The following packages have been upgraded to a newer upstream version: Samba . Ref ...

oval:org.secpod.oval:def:1501431
Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. The following packages have been upgraded to a newer upstream version: Samba . Ref ...

oval:org.secpod.oval:def:1501432
Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. The following packages have been upgraded to a newer upstream version: Samba . Ref ...

oval:org.secpod.oval:def:115306
Python is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3 package provides the "python3" executable: the ...

oval:org.secpod.oval:def:115308
The strongSwan IPsec implementation supports both the IKEv1 and IKEv2 key exchange protocols in conjunction with the native NETKEY IPsec stack of the Linux kernel.

oval:org.secpod.oval:def:53429
Multiple security issues were discovered in Python: ElementTree failed to initialise Expat"s hash salt, two denial of service issues were found in difflib and poplib and the shutil module was affected by a command injection vulnerability.

oval:org.secpod.oval:def:48010
libssh versions 0.6 and above have an authentication bypass vulnerability in the server code. By presenting the server an SSH2_MSG_USERAUTH_SUCCESS message in place of the SSH2_MSG_USERAUTH_REQUEST message which the server would expect to initiate authentication, the attacker could successfully auth ...

oval:org.secpod.oval:def:703086
samba: SMB/CIFS file, print, and login server for Unix Details: USN-2950-1 fixed vulnerabilities in Samba. The fixes introduced in Samba 4.3.8 caused certain regressions and interoperability issues. This update resolves some of these issues by updating to Samba 4.3.9 in Ubuntu 14.04 LTS, Ubuntu 15.1 ...

oval:org.secpod.oval:def:703085
samba: SMB/CIFS file, print, and login server for Unix Details: USN-2950-1 fixed vulnerabilities in Samba. The fixes introduced in Samba 4.3.8 caused certain regressions and interoperability issues. This update resolves some of these issues by updating to Samba 4.3.9 in Ubuntu 14.04 LTS, Ubuntu 15.1 ...

oval:org.secpod.oval:def:703066
libsoup2.4: HTTP client/server library for GNOME Details: USN-2950-1 fixed vulnerabilities in Samba. The updated Samba packages introduced a compatibility issue with NTLM authentication in libsoup. This update fixes the problem. We apologize for the inconvenience. Original advisory This update fixes ...

oval:org.secpod.oval:def:703069
libtasn1-6: Library to manage ASN.1 structures Details: USN-2957-1 fixed a vulnerability in Libtasn1. This update provides the corresponding update for Ubuntu 16.04 LTS. Original advisory Libtasn1 could be made to hang if it processed specially crafted data.

oval:org.secpod.oval:def:704387
python2.7: An interactive high-level object-oriented language - python3.5: An interactive high-level object-oriented language - python3.4: An interactive high-level object-oriented language Several security issues were fixed in Python.

oval:org.secpod.oval:def:52960
freerdp2: RDP client for Windows Terminal Services - freerdp: RDP client for Windows Terminal Services Several security issues were fixed in FreeRDP.

oval:org.secpod.oval:def:47604
strongswan: IPsec VPN solution Several security issues were fixed in strongSwan.

oval:org.secpod.oval:def:1600365
Multiple flaws were found in Samba's DCE/RPC protocol implementation. A remote, authenticated attacker could use these flaws to cause a denial of service against the Samba server or, possibly, execute arbitrary code with the permissions of the user running Samba . This flaw could also be used ...

oval:org.secpod.oval:def:115380
curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+passwo ...

oval:org.secpod.oval:def:1501778
Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or potent ...

oval:org.secpod.oval:def:114595
The strongSwan IPsec implementation supports both the IKEv1 and IKEv2 key exchange protocols in conjunction with the native NETKEY IPsec stack of the Linux kernel.

oval:org.secpod.oval:def:114563
The strongSwan IPsec implementation supports both the IKEv1 and IKEv2 key exchange protocols in conjunction with the native NETKEY IPsec stack of the Linux kernel.

oval:org.secpod.oval:def:1501736
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1700079
A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq were used with quot;hostquot; or quot;hostaddrquot; connection parameters from untrusted input, attackers could bypas ...

oval:org.secpod.oval:def:501805
Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: * Multiple flaws were found in Samba"s DCE/RPC protocol implementati ...

oval:org.secpod.oval:def:501821
KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm packages provide the user-space component for running virtual machines using KVM. Security Fix: * An out-of-bounds read/write access flaw was found in the way QEMU"s VGA emulation with VESA BIOS Extensions ...

oval:org.secpod.oval:def:602527
The upgrade to Samba 4.2 issued as DSA-3548-1 introduced several upstream regressions and as well a packaging regression causing errors on upgrading the packages. Updated packages are now available to address these problems.

oval:org.secpod.oval:def:602468
Several vulnerabilities have been discovered in the chromium web browser. CVE-2016-1651 An out-of-bounds read issue was discovered in the pdfium library. CVE-2016-1652 A cross-site scripting issue was discovered in extension bindings. CVE-2016-1653 Choongwoo Han discovered an out-of-bounds write iss ...

oval:org.secpod.oval:def:602466
Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2015-5370 Jouni Knuutinen from Synopsys discovered flaws in the Samba DCE-RPC code which can lead to denial ...

oval:org.secpod.oval:def:602497
Several vulnerabilities were discovered in qemu, a fast processor emulator. CVE-2016-3710 Wei Xiao and Qinghao Tang of 360.cn Inc discovered an out-of-bounds read and write flaw in the QEMU VGA module. A privileged guest user could use this flaw to execute arbitrary code on the host with the privile ...

oval:org.secpod.oval:def:703107
qemu: Machine emulator and virtualizer - qemu-kvm: Machine emulator and virtualizer Several security issues were fixed in QEMU.

oval:org.secpod.oval:def:704426
freerdp2: RDP client for Windows Terminal Services - freerdp: RDP client for Windows Terminal Services Several security issues were fixed in FreeRDP.

oval:org.secpod.oval:def:1502299
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:704414
poppler: PDF rendering library Several security issues were fixed in poppler.

oval:org.secpod.oval:def:502353
PostgreSQL is an advanced object-relational database management system . The following packages have been upgraded to a later upstream version: postgresql . Security Fix: * postgresql: Certain host connection parameters defeat client-side security defenses For more details about the security issue ...

oval:org.secpod.oval:def:205144
Perl is a high-level programming language that is commonly used for system administration utilities and web programming. Security Fix: * perl: Integer overflow leading to buffer overflow in Perl_my_setenv For more details about the security issue, including the impact, a CVSS score, and other relat ...

oval:org.secpod.oval:def:51021
strongswan: IPsec VPN solution Several security issues were fixed in strongSwan.

oval:org.secpod.oval:def:205185
FreeRDP is a free implementation of the Remote Desktop Protocol , released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. Security Fix: * freerdp: Integer truncation leading to heap-based buffer overflow in update_re ...

oval:org.secpod.oval:def:114642
The strongSwan IPsec implementation supports both the IKEv1 and IKEv2 key exchange protocols in conjunction with the native NETKEY IPsec stack of the Linux kernel.

oval:org.secpod.oval:def:501983
Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix: * Quick emulator built with the Cirrus CLGD 54xx VGA emulator support is vulnerabl ...

oval:org.secpod.oval:def:115133
Python 2 is an old version of the language that is incompatible with the 3.x line of releases. The language is mostly the same, but many details, especially how built-in objects like dictionaries and strings work, have changed considerably, and a lot of deprecated features have finally been removed ...

oval:org.secpod.oval:def:115158
Python 2 is an old version of the language that is incompatible with the 3.x line of releases. The language is mostly the same, but many details, especially how built-in objects like dictionaries and strings work, have changed considerably, and a lot of deprecated features have finally been removed ...

oval:org.secpod.oval:def:1800506
CVE-2016-9013: User with hardcoded password created when running tests on Oracle. When running tests with an Oracle database, Django creates a temporary database user. In older versions, if a password isn"t manually specified in the database settings TEST dictionary, a hardcoded password is used. Th ...

oval:org.secpod.oval:def:602724
Peter Wu discovered that a use-after-free in the pscd PC/SC daemon of PCSC-Lite might result in denial of service or potentially privilege escalation.

oval:org.secpod.oval:def:703369
python-cryptography: Cryptography Python library python-cryptography could generate incorrect keys.

oval:org.secpod.oval:def:703337
python-django: High-level Python web development framework Several security issues were fixed in Django.

oval:org.secpod.oval:def:703323
linux: Linux kernel The system could be made to run programs as an administrator.

oval:org.secpod.oval:def:703316
linux-snapdragon: Linux kernel for Snapdragon Processors The system could be made to run programs as an administrator.

oval:org.secpod.oval:def:703318
linux-raspi2: Linux kernel for Raspberry Pi 2 The system could be made to run programs as an administrator.

oval:org.secpod.oval:def:602859
Several vulnerabilities were discovered in Django, a high-level Python web development framework. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2016-9013 Marti Raudsepp reported that a user with a hardcoded password is created when running tests with an Orac ...

oval:org.secpod.oval:def:703435
pcsc-lite: Middleware to access a smart card using PC/SC PCSC-Lite could be made to crash or run programs as an administrator if it received specially crafted input.

oval:org.secpod.oval:def:1501599
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Security Fix: * It was discovered that the Tomcat packages installed configuration file /usr/lib/tmpfiles.d/tomcat.conf writeable to the tomcat group. A member of the group or a malicious web application dep ...

oval:org.secpod.oval:def:1600403
The Linux kernel did not properly suppress hugetlbfs support in x86 PV guests, which could allow local PV guest users to cause a denial of service by attempting to access a hugetlbfs mapped area. A flaw was found in the way the Linux kernel's ASN.1 DER decoder processed certain certificate fil ...

oval:org.secpod.oval:def:703171
haproxy: fast and reliable load balancing reverse proxy HAProxy could be made to crash if it received specially crafted network traffic.

oval:org.secpod.oval:def:602547
Aleksandar Nikolic discovered that missing input sanitising in the RTF parser in Libreoffice may result in the execution of arbitrary code if a malformed documented is opened.

oval:org.secpod.oval:def:703166
linux: Linux kernel Several security issues were fixed in the kernel.

oval:org.secpod.oval:def:703154
linux-raspi2: Linux kernel for Raspberry Pi 2 Several security issues were fixed in the kernel.

oval:org.secpod.oval:def:501881
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Security Fix: * It was discovered that the Tomcat packages installed certain configuration files read by the Tomcat initialization script as writeable to the tomcat group. A member of the group or a malicio ...

oval:org.secpod.oval:def:501887
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * A race condition was found in the way the Linux kernel"s memory subsystem handled the copy-on-write breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to ...

oval:org.secpod.oval:def:703130
samba: SMB/CIFS file, print, and login server for Unix Details: USN-2950-1 fixed vulnerabilities in Samba. USN-2950-3 updated Samba to version 4.3.9, which introduced a regression when using the ntlm_auth tool. This update fixes the problem. Original advisory USN-2950-1 introduced a regression in Sa ...

oval:org.secpod.oval:def:602602
Hanno Boeck and Marcin Noga discovered multiple vulnerabilities in libarchive; processing malformed archives may result in denial of service or the execution of arbitrary code.

oval:org.secpod.oval:def:602648
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2015-8956 It was discovered that missing input sanitising in RFCOMM Bluetooth socket handling may result in denial of service or information leak. CVE ...

oval:org.secpod.oval:def:602593
Felix Doerre and Vladimir Klebanov from the Karlsruhe Institute of Technology discovered a flaw in the mixing functions of GnuPG"s random number generator. An attacker who obtains 4640 bits from the RNG can trivially predict the next 160 bits of output. A first analysis on the impact of this bug for ...

oval:org.secpod.oval:def:602592
Felix Doerre and Vladimir Klebanov from the Karlsruhe Institute of Technology discovered a flaw in the mixing functions of Libgcrypt"s random number generator. An attacker who obtains 4640 bits from the RNG can trivially predict the next 160 bits of output. A first analysis on the impact of this bug ...

oval:org.secpod.oval:def:703240
libgcrypt20: LGPL Crypto library - libgcrypt11: LGPL Crypto library Libgcrypt incorrectly generated random numbers.

oval:org.secpod.oval:def:703238
gnupg: GNU privacy guard - a free PGP replacement GnuPG incorrectly generated random numbers.

oval:org.secpod.oval:def:114363
GNU Wget is a file retrieval utility which can use either the HTTP or FTP protocols. Wget features include the ability to work in the background while you are logged out, recursive retrieval of directories, file name wildcard matching, remote file timestamp storage and comparison, use of Rest with F ...

oval:org.secpod.oval:def:114364
GNU Wget is a file retrieval utility which can use either the HTTP or FTP protocols. Wget features include the ability to work in the background while you are logged out, recursive retrieval of directories, file name wildcard matching, remote file timestamp storage and comparison, use of Rest with F ...

oval:org.secpod.oval:def:114336
MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files.

oval:org.secpod.oval:def:114331
MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files.

oval:org.secpod.oval:def:51970
irssi: terminal based IRC client Several security issues were fixed in Irssi.

oval:org.secpod.oval:def:51981
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:51980
gcab: Microsoft Cabinet file manipulation tool gcab could be made to crash or run programs if it opened a specially crafted file.

oval:org.secpod.oval:def:51984
thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird.

oval:org.secpod.oval:def:51992
exim4: Exim is a mail transport agent Exim could be made to crash or run programs if it received specially crafted network traffic.

oval:org.secpod.oval:def:51994
advancecomp: collection of recompression utilities AdvanceCOMP could be made to crash or run programs if it opened a specially crafted file.

oval:org.secpod.oval:def:51995
quagga: BGP/OSPF/RIP routing daemon Several security issues were fixed in Quagga.

oval:org.secpod.oval:def:113951
gcab is a tool to manipulate Cabinet archive.

oval:org.secpod.oval:def:113939
The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets ...

oval:org.secpod.oval:def:113910
Irssi is a modular IRC client with Perl scripting. Only text-mode frontend is currently supported. The GTK/GNOME frontend is no longer being maintained.

oval:org.secpod.oval:def:113909
Irssi is a modular IRC client with Perl scripting. Only text-mode frontend is currently supported. The GTK/GNOME frontend is no longer being maintained.

oval:org.secpod.oval:def:113932
The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets ...

oval:org.secpod.oval:def:603116
Felix Wilhelm, Fermin J. Serna, Gabriel Campana, Kevin Hamacher, Ron Bowes and Gynvael Coldwind of the Google Security Team discovered several vulnerabilities in dnsmasq, a small caching DNS proxy and DHCP/TFTP server, which may result in denial of service, information leak or the execution of arbit ...

oval:org.secpod.oval:def:1800581
CVE-2017-14746: Use-after-free vulnerability. Affected Versions: All versions of Samba from 4.0.0 onwards. Fixed In: Samba 4.7.3, 4.6.11 and 4.5.15

oval:org.secpod.oval:def:603131
Mathy Vanhoef of the imec-DistriNet research group of KU Leuven discovered multiple vulnerabilities in the WPA protocol, used for authentication in wireless networks. Those vulnerabilities applies to both the access point and the station . An attacker exploiting the vulnerabilities could force the ...

oval:org.secpod.oval:def:603183
Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2017-14746 Yihan Lian and Zhibin Hu of Qihoo 360 GearTeam discovered a use-after-free vulnerability allowing ...

oval:org.secpod.oval:def:113156
A library for reading and converting Windows MetaFile vector graphics .

oval:org.secpod.oval:def:1501894
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:113104
CVS is a version control system that can record the history of your files . CVS only stores the differences between versions, instead of every version of every file you have ever created. CVS also keeps a log of who, when, and why changes occurred. CVS is very helpful for managing releases and cont ...

oval:org.secpod.oval:def:113100
CVS is a version control system that can record the history of your files . CVS only stores the differences between versions, instead of every version of every file you have ever created. CVS also keeps a log of who, when, and why changes occurred. CVS is very helpful for managing releases and cont ...

oval:org.secpod.oval:def:602873
Timo Schmid of ERNW GmbH discovered that the Git git-shell, a restricted login shell for Git-only SSH access, allows a user to run an interactive pager by causing it to spawn "git upload-pack --help".

oval:org.secpod.oval:def:44095
quagga: BGP/OSPF/RIP routing daemon Several security issues were fixed in Quagga.

oval:org.secpod.oval:def:1600711
Escape out of git-shellA flaw was found in the way git-shell handled command-line options for the restricted set of git-shell commands. A remote authenticated attacker could use this flaw to bypass git-shell restrictions, to view and manipulate files, by abusing the instance of the less command laun ...

oval:org.secpod.oval:def:603225
Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code, denial of service, information disclosure or spoofing of sender"s email addresses.

oval:org.secpod.oval:def:1600780
Information leak in the DHCPv6 relay codeAn information leak was found in dnsmasq in the DHCPv6 relay code. An attacker on the local network could send crafted DHCPv6 packets to dnsmasq causing it to forward the contents of process memory, potentially leaking sensitive data. Memory exhaustion vulner ...

oval:org.secpod.oval:def:603248
Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees, integer overflows and other implementation errors may lead to the execution of arbitrary code, denial of service or URL spoofing.

oval:org.secpod.oval:def:603249
It was discovered that gcab, a Microsoft Cabinet file manipulation tool, is prone to a stack-based buffer overflow vulnerability when extracting .cab files. An attacker can take advantage of this flaw to cause a denial-of-service or, potentially the execution of arbitrary code with the privileges of ...

oval:org.secpod.oval:def:603267
Meh Chang discovered a buffer overflow flaw in a utility function used in the SMTP listener of Exim, a mail transport agent. A remote attacker can take advantage of this flaw to cause a denial of service, or potentially the execution of arbitrary code via a specially crafted message.

oval:org.secpod.oval:def:603255
Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code, denial of service or URL spoofing.

oval:org.secpod.oval:def:603272
Several vulnerabilities have been discovered in Quagga, a routing daemon. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2018-5378 It was discovered that the Quagga BGP daemon, bgpd, does not properly bounds check data sent with a NOTIFY to a peer, if an attrib ...

oval:org.secpod.oval:def:113679
Samba is the standard Windows interoperability suite of programs for Linux and Unix.

oval:org.secpod.oval:def:112363
Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The git rpm installs common set of tools which are usually using with small amount of dependencies. To install all git packages, incl ...

oval:org.secpod.oval:def:113645
A library for reading and converting Windows MetaFile vector graphics .

oval:org.secpod.oval:def:703599
git: fast, scalable, distributed revision control system Git could be made to expose sensitive information over the network.

oval:org.secpod.oval:def:603342
Multiple vulnerabilities have been discovered in Irssi, a terminal-based IRC client which can result in denial of service.

oval:org.secpod.oval:def:53194
Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2017-14746 Yihan Lian and Zhibin Hu of Qihoo 360 GearTeam discovered a use-after-free vulnerability allowing ...

oval:org.secpod.oval:def:53114
It was discovered that CVS, a centralised version control system, did not correctly handle maliciously constructed repository URLs, which allowed an attacker to run an arbitrary shell command.

oval:org.secpod.oval:def:53126
A double-free vulnerability was discovered in the gdImagePngPtr function in libgd2, a library for programmatic graphics creation and manipulation, which may result in denial of service or potentially the execution of arbitrary code if a specially crafted file is processed.

oval:org.secpod.oval:def:53145
Felix Wilhelm, Fermin J. Serna, Gabriel Campana, Kevin Hamacher, Ron Bowes and Gynvael Coldwind of the Google Security Team discovered several vulnerabilities in dnsmasq, a small caching DNS proxy and DHCP/TFTP server, which may result in denial of service, information leak or the execution of arbit ...

oval:org.secpod.oval:def:53155
Mathy Vanhoef of the imec-DistriNet research group of KU Leuven discovered multiple vulnerabilities in the WPA protocol, used for authentication in wireless networks. Those vulnerabilities applies to both the access point and the station . An attacker exploiting the vulnerabilities could force the ...

oval:org.secpod.oval:def:114173
This is a Cross Compiled version of the GNU C Library, which can be used to compile and link binaries for the arm-linux-gnu platform, instead of for the native platform.

oval:org.secpod.oval:def:114170
This is a Cross Compiled version of the GNU C Library, which can be used to compile and link binaries for the arm-linux-gnu platform, instead of for the native platform.

oval:org.secpod.oval:def:53220
Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code, denial of service, information disclosure or spoofing of sender"s email addresses.

oval:org.secpod.oval:def:115542
MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files.

oval:org.secpod.oval:def:112423
Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The git rpm installs common set of tools which are usually using with small amount of dependencies. To install all git packages, incl ...

oval:org.secpod.oval:def:1800460
CVE-2017-14746: Use-after-free vulnerability. Affected Versions All versions of Samba from 4.0.0 onwards. Fixed In Samba 4.7.3, 4.6.11 and 4.5.15

oval:org.secpod.oval:def:1800466
CVE-2017-14746: Use-after-free vulnerability. Affected Versions: All versions of Samba from 4.0.0 onwards. Fixed In: Samba 4.7.3, 4.6.11 and 4.5.15

oval:org.secpod.oval:def:53294
Multiple vulnerabilities have been discovered in Irssi, a terminal-based IRC client which can result in denial of service.

oval:org.secpod.oval:def:1800458
A non-privileged X client can instruct X server running under root to open any file by creating own directory with "fonts.dir","fonts.alias" or any font file being a symbolic link to any other file in the system. X server will then open it. This can be issue with special files such as /dev/watchdog. ...

oval:org.secpod.oval:def:1800474
In Exim 4.90 and earlier, there is a buffer overflow in an utility function, if some pre-conditions are met. Using a handcrafted message, remote code execution seems to be possible.

oval:org.secpod.oval:def:53235
Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees, integer overflows and other implementation errors may lead to the execution of arbitrary code, denial of service or URL spoofing.

oval:org.secpod.oval:def:53236
It was discovered that gcab, a Microsoft Cabinet file manipulation tool, is prone to a stack-based buffer overflow vulnerability when extracting .cab files. An attacker can take advantage of this flaw to cause a denial-of-service or, potentially the execution of arbitrary code with the privileges of ...

oval:org.secpod.oval:def:53253
Several vulnerabilities have been discovered in Quagga, a routing daemon. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2018-5378 It was discovered that the Quagga BGP daemon, bgpd, does not properly bounds check data sent with a NOTIFY to a peer, if an attrib ...

oval:org.secpod.oval:def:53249
Meh Chang discovered a buffer overflow flaw in a utility function used in the SMTP listener of Exim, a mail transport agent. A remote attacker can take advantage of this flaw to cause a denial of service, or potentially the execution of arbitrary code via a specially crafted message.

oval:org.secpod.oval:def:703828
dnsmasq: Small caching DNS proxy and DHCP/TFTP server Several security issues were fixed in Dnsmasq.

oval:org.secpod.oval:def:703814
libgd2: GD Graphics Library GD library could be made to crash if it opened a specially crafted file.

oval:org.secpod.oval:def:113422
hostapd is a user space daemon for access point and authentication servers. It implements IEEE 802.11 access point management, IEEE 802.1X/WPA/WPA2/EAP Authenticators and RADIUS authentication server. hostapd is designed to be a "daemon" program that runs in the back-ground and acts as the ...

oval:org.secpod.oval:def:1502012
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:113418
hostapd is a user space daemon for access point and authentication servers. It implements IEEE 802.11 access point management, IEEE 802.1X/WPA/WPA2/EAP Authenticators and RADIUS authentication server. hostapd is designed to be a "daemon" program that runs in the back-ground and acts as the ...

oval:org.secpod.oval:def:1502067
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502070
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502020
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502038
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502037
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:603571
Several issues have been discovered in the MariaDB database server. The vulnerabilities are addressed by upgrading MariaDB to the new upstream version 10.1.37. Please see the MariaDB 10.1 Release Notes for further details: https://mariadb.com/kb/en/mariadb/mariadb-10127-release-notes/ https://mariad ...

oval:org.secpod.oval:def:703775
cvs: Concurrent Versions System cvs could be made run programs as your login if it opened a specially crafted cvs repository.

oval:org.secpod.oval:def:703955
glibc: GNU C Library - eglibc: GNU C Library Several security issues were fixed in the GNU C library.

oval:org.secpod.oval:def:703946
irssi: terminal based IRC client Several security issues were fixed in Irssi.

oval:org.secpod.oval:def:502196
Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: * A use-after-free flaw was found in the way samba servers handled c ...

oval:org.secpod.oval:def:53464
Several issues have been discovered in the MariaDB database server. The vulnerabilities are addressed by upgrading MariaDB to the new upstream version 10.1.37. Please see the MariaDB 10.1 Release Notes for further details: https://mariadb.com/kb/en/mariadb/mariadb-10127-release-notes/ https://mariad ...

oval:org.secpod.oval:def:703918
linux-firmware: Firmware for Linux kernel drivers Several security issues were fixed in linux-firmware.

oval:org.secpod.oval:def:703910
libxcursor: X11 cursor management library libxcursor could be made to crash or run programs if it opened a specially crafted file.

oval:org.secpod.oval:def:703913
libxfont: X11 font rasterisation library - libxfont1: X11 font rasterisation library - libxfont2: X11 font rasterisation library libXfont could be made to access arbitrary files, including special device files.

oval:org.secpod.oval:def:502144
The dnsmasq packages contain Dnsmasq, a lightweight DNS forwarder and DHCP server. Security Fix: * A heap buffer overflow was found in dnsmasq in the code responsible for building DNS replies. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash or, potentially, exec ...

oval:org.secpod.oval:def:502143
The dnsmasq packages contain Dnsmasq, a lightweight DNS forwarder and DHCP server. Security Fix: * A heap buffer overflow was found in dnsmasq in the code responsible for building DNS replies. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash or, potentially, exec ...

oval:org.secpod.oval:def:502151
The wpa_supplicant packages contain an 802.1X Supplicant with support for WEP, WPA, WPA2 , and various EAP authentication methods. They implement key negotiation with a WPA Authenticator for client stations and controls the roaming and IEEE 802.11 authentication and association of the WLAN driver. S ...

oval:org.secpod.oval:def:502152
The wpa_supplicant packages contain an 802.1X Supplicant with support for WEP, WPA, WPA2 , and various EAP authentication methods. They implement key negotiation with a WPA Authenticator for client stations and controls the roaming and IEEE 802.11 authentication and association of the WLAN driver. S ...

oval:org.secpod.oval:def:113572
wpa_supplicant is a WPA Supplicant for Linux, BSD and Windows with support for WPA and WPA2 . Supplicant is the IEEE 802.1X/WPA component that is used in the client stations. It implements key negotiation with a WPA Authenticator and it controls the roaming and IEEE 802.11 authentication/association ...

oval:org.secpod.oval:def:113525
Samba is the standard Windows interoperability suite of programs for Linux and Unix.

oval:org.secpod.oval:def:113604
Dnsmasq is lightweight, easy to configure DNS forwarder and DHCP server. It is designed to provide DNS and, optionally, DHCP, to a small network. It can serve the names of local machines which are not in the global DNS. The DHCP server integrates with the DNS server and allows machines with DHCP-all ...

oval:org.secpod.oval:def:113605
hostapd is a user space daemon for access point and authentication servers. It implements IEEE 802.11 access point management, IEEE 802.1X/WPA/WPA2/EAP Authenticators and RADIUS authentication server. hostapd is designed to be a "daemon" program that runs in the back-ground and acts as the ...

oval:org.secpod.oval:def:114084
X.Org X11 libXfont2 runtime library

oval:org.secpod.oval:def:114082
Quagga is free software that operates TCP/IP-based routing protocols. It takes a multi-server and multi-threaded approach to resolving the current complexity of the Internet. Quagga supports Babel, BGP4, BGP4+, BGP4-, IS-IS , OSPFv2, OSPFv3, RIPv1, RIPv2, RIPng, PIM-SSM and NHRP. Quagga is intended ...

oval:org.secpod.oval:def:114081
X.Org X11 libXfont2 runtime library

oval:org.secpod.oval:def:502219
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.5.2. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ...

oval:org.secpod.oval:def:114077
Quagga is free software that operates TCP/IP-based routing protocols. It takes a multi-server and multi-threaded approach to resolving the current complexity of the Internet. Quagga supports Babel, BGP4, BGP4+, BGP4-, IS-IS , OSPFv2, OSPFv3, RIPv1, RIPv2, RIPng, PIM-SSM and NHRP. Quagga is intended ...

oval:org.secpod.oval:def:703891
samba: SMB/CIFS file, print, and login server for Unix Several security issues were fixed in Samba.

oval:org.secpod.oval:def:703890
apport: automatically generate crash reports for debugging Details: USN-3480-1 fixed vulnerabilities in Apport. The fix for CVE-2017-14177 introduced a regression in the ability to handle crashes for users that configured their systems to use the Upstart init system in Ubuntu 16.04 LTS and Ubuntu 17 ...

oval:org.secpod.oval:def:502234
The gcab package contains a utility for managing the Cabinet archives. It can list, extract, and create Microsoft cabinet files. Security Fix: * gcab: Extracting malformed .cab files causes stack smashing potentially leading to arbitrary code execution For more details about the security issue, in ...

oval:org.secpod.oval:def:502233
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.6.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ...

oval:org.secpod.oval:def:502237
The quagga packages contain Quagga, the free network-routing software suite that manages TCP/IP based protocols. Quagga supports the BGP4, BGP4+, OSPFv2, OSPFv3, RIPv1, RIPv2, and RIPng protocols, and is intended to be used as a Route Server and Route Reflector. Security Fix: * quagga: Double free v ...

oval:org.secpod.oval:def:114093
X.Org X11 libXfont runtime library

oval:org.secpod.oval:def:114092
X.Org X11 libXfont runtime library

oval:org.secpod.oval:def:703887
apport: automatically generate crash reports for debugging Apport could be tricked into creating files as an administrator, resulting in denial of service or privilege escalation.

oval:org.secpod.oval:def:114047
Exim is a message transfer agent developed at the University of Cambridge for use on Unix systems connected to the Internet. It is freely available under the terms of the GNU General Public Licence. In style it is similar to Smail 3, but its facilities are more general. There is a great deal of fle ...

oval:org.secpod.oval:def:114046
Exim is a message transfer agent developed at the University of Cambridge for use on Unix systems connected to the Internet. It is freely available under the terms of the GNU General Public Licence. In style it is similar to Smail 3, but its facilities are more general. There is a great deal of fle ...

oval:org.secpod.oval:def:703860
wpa: client support for WPA and WPA2 Several security issues were fixed in wpa_supplicant.

oval:org.secpod.oval:def:114062
gcab is a tool to manipulate Cabinet archive.

oval:org.secpod.oval:def:502200
Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. Security Fix: * A use-after-free flaw was found in the way samba servers handled certain SMB1 requests. A ...

oval:org.secpod.oval:def:113295
Dnsmasq is lightweight, easy to configure DNS forwarder and DHCP server. It is designed to provide DNS and, optionally, DHCP, to a small network. It can serve the names of local machines which are not in the global DNS. The DHCP server integrates with the DNS server and allows machines with DHCP-all ...

oval:org.secpod.oval:def:502266
The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix: * glibc: realpath buffer underflow w ...

oval:org.secpod.oval:def:1700076
Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.5.57 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability c ...

oval:org.secpod.oval:def:113247
A library for reading and converting Windows MetaFile vector graphics .

oval:org.secpod.oval:def:114534
LibRaw is a library for reading RAW files obtained from digital photo cameras . LibRaw is based on the source codes of the dcraw utility, where part of drawbacks have already been eliminated and part will be fixed in future.

oval:org.secpod.oval:def:1900922
Memory safety bugs were reported in Firefox 57 and Firefox ESR 52.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, an ...

oval:org.secpod.oval:def:1502294
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:43359
The host is installed with Mozilla Thunderbird before 52.5.2 and is prone to an address spoofing vulnerability. A flaw is present in the application, which fails to properly handle null character. Successful exploitation could allow attackers to modify the message body.

oval:org.secpod.oval:def:43360
The host is missing a security update according to Mozilla advisory, MFSA 2017-30. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle to crafted data. Successful exploitation could allow attackers to disclose sensitive information, ...

oval:org.secpod.oval:def:502349
MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a later upstream version: mariadb . Security Fix: * mysql: Client programs unspecified vulnerability * mysql: Server: DML unspecified vulnerability * my ...

oval:org.secpod.oval:def:115062
MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files.

oval:org.secpod.oval:def:703982
firefox: Mozilla Open Source web browser Details: USN-3544-1 fixed vulnerabilities in Firefox. The update caused a web compatibility regression and a tab crash during printing in some circumstances. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-3544-1 cause ...

oval:org.secpod.oval:def:703980
exim4: Exim is a mail transport agent Exim could be made to crash or run programs if it received specially crafted network traffic.

oval:org.secpod.oval:def:703986
quagga: BGP/OSPF/RIP routing daemon Several security issues were fixed in Quagga.

oval:org.secpod.oval:def:703984
advancecomp: collection of recompression utilities AdvanceCOMP could be made to crash or run programs if it opened a specially crafted file.

oval:org.secpod.oval:def:703970
thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird.

oval:org.secpod.oval:def:703965
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:703964
gcab: Microsoft Cabinet file manipulation tool gcab could be made to crash or run programs if it opened a specially crafted file.

oval:org.secpod.oval:def:43355
The host is missing a security update according to Mozilla advisory, MFSA 2017-30. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle to crafted data. Successful exploitation could allow attackers to disclose sensitive information, ...

oval:org.secpod.oval:def:43354
The host is installed with Mozilla Thunderbird before 52.5.2 and is prone to an address spoofing vulnerability. A flaw is present in the application, which fails to properly handle null character. Successful exploitation could allow attackers to modify the message body.

oval:org.secpod.oval:def:113341
Dnsmasq is lightweight, easy to configure DNS forwarder and DHCP server. It is designed to provide DNS and, optionally, DHCP, to a small network. It can serve the names of local machines which are not in the global DNS. The DHCP server integrates with the DNS server and allows machines with DHCP-all ...

oval:org.secpod.oval:def:113319
wpa_supplicant is a WPA Supplicant for Linux, BSD and Windows with support for WPA and WPA2 . Supplicant is the IEEE 802.1X/WPA component that is used in the client stations. It implements key negotiation with a WPA Authenticator and it controls the roaming and IEEE 802.11 authentication/association ...

oval:org.secpod.oval:def:1502100
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502101
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:113323
wpa_supplicant is a WPA Supplicant for Linux, BSD and Windows with support for WPA and WPA2 . Supplicant is the IEEE 802.1X/WPA component that is used in the client stations. It implements key negotiation with a WPA Authenticator and it controls the roaming and IEEE 802.11 authentication/association ...

oval:org.secpod.oval:def:1502130
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502131
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:51882
cvs: Concurrent Versions System cvs could be made run programs as your login if it opened a specially crafted cvs repository.

oval:org.secpod.oval:def:51934
apport: automatically generate crash reports for debugging Apport could be tricked into creating files as an administrator, resulting in denial of service or privilege escalation.

oval:org.secpod.oval:def:51938
samba: SMB/CIFS file, print, and login server for Unix Several security issues were fixed in Samba.

oval:org.secpod.oval:def:51954
linux-firmware: Firmware for Linux kernel drivers Several security issues were fixed in linux-firmware.

oval:org.secpod.oval:def:1502141
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:51908
dnsmasq: Small caching DNS proxy and DHCP/TFTP server Several security issues were fixed in Dnsmasq.

oval:org.secpod.oval:def:51902
libgd2: GD Graphics Library GD library could be made to crash if it opened a specially crafted file.

oval:org.secpod.oval:def:51919
wpa: client support for WPA and WPA2 Several security issues were fixed in wpa_supplicant.

oval:org.secpod.oval:def:1502176
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:603048
It was discovered that CVS, a centralised version control system, did not correctly handle maliciously constructed repository URLs, which allowed an attacker to run an arbitrary shell command.

oval:org.secpod.oval:def:115193
Liblouis is an open-source braille translator and back-translator named in honor of Louis Braille. It features support for computer and literary braille, supports contracted and uncontracted translation for many languages and has support for hyphenation. New languages can easily be added through tab ...

oval:org.secpod.oval:def:603085
A double-free vulnerability was discovered in the gdImagePngPtr function in libgd2, a library for programmatic graphics creation and manipulation, which may result in denial of service or potentially the execution of arbitrary code if a specially crafted file is processed.

oval:org.secpod.oval:def:115691
MinGW Windows Poppler library.

oval:org.secpod.oval:def:2001407
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. watchOS before 4.3 is affected. The issue involves the fetch API in the "WebKit" component. It allows ...

oval:org.secpod.oval:def:113047
Contains backends, filters, and other software that was once part of the core CUPS distribution but is no longer maintained by Apple Inc. In addition it contains additional filters developed independently of Apple, especially filters for the PDF-centric printing workflow introduced by OpenPrinting.

oval:org.secpod.oval:def:113048
QPDF is a command-line program that does structural, content-preserving transformations on PDF files. It could have been called something like pdf-to-pdf. It includes support for merging and splitting PDFs and to manipulate the list of pages in a PDF file. It is not a PDF viewer or a program capable ...

oval:org.secpod.oval:def:114379
The patch program applies diff files to originals. The diff command is used to compare an original to a changed file. Diff lists the changes made to the file. A person who has the original file can then use the patch command with the diff file to add the changes to their original file . Patch should ...

oval:org.secpod.oval:def:114373
DHCP

oval:org.secpod.oval:def:114375
The patch program applies diff files to originals. The diff command is used to compare an original to a changed file. Diff lists the changes made to the file. A person who has the original file can then use the patch command with the diff file to add the changes to their original file . Patch should ...

oval:org.secpod.oval:def:114372
LibRaw is a library for reading RAW files obtained from digital photo cameras . LibRaw is based on the source codes of the dcraw utility, where part of drawbacks have already been eliminated and part will be fixed in future.

oval:org.secpod.oval:def:1800517
CVE-2017-9147: LibTIFF 4.0.7 has an invalid read in the _TIFFVGetField function in tif_dir.c, which might allow remote attackers to cause a denial of service via a crafted TIFF file. Reference Patch CVE-2017-9403: In LibTIFF 4.0.7, a memory leak vulnerability was found in the function TIFFReadDirEn ...

oval:org.secpod.oval:def:44801
The host is installed with Apple iCloud before 7.4, Apple iTunes before 12.7.4 or Google Chrome before 68.0.3440.75 and is prone to a cross-origin information disclosure vulnerability. A flaw is present in the application, which fails to properly perform input validation. Successful exploitation cou ...

oval:org.secpod.oval:def:114327
memcached is a high-performance, distributed memory object caching system, generic in nature, but intended for use in speeding up dynamic web applications by alleviating database load.

oval:org.secpod.oval:def:114326
LibreOffice is an Open Source, community-developed, office productivity suite. It includes the key desktop applications, such as a word processor, spreadsheet, presentation manager, formula editor and drawing program, with a user interface and feature set similar to other office suites. Sophisticate ...

oval:org.secpod.oval:def:44800
The host is installed with Apple iCloud before 7.4 or Apple iTunes before 12.7.4 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly perform input validation. Successful exploitation could allow attackers to crash the service.

oval:org.secpod.oval:def:114323
QPDF is a command-line program that does structural, content-preserving transformations on PDF files. It could have been called something like pdf-to-pdf. It includes support for merging and splitting PDFs and to manipulate the list of pages in a PDF file. It is not a PDF viewer or a program capable ...

oval:org.secpod.oval:def:44812
The host is installed with Apple Safari before 11.1 and is prone to a memory corrpution vulnerability. A flaw is present in the applications, which fails to properly handle a malicious website. Successful exploitation may lead to arbitrary code execution.

oval:org.secpod.oval:def:44813
The host is installed with Apple Safari before 11.1 and is prone to a memory corrpution vulnerability. A flaw is present in the applications, which fails to properly handle a malicious website. Successful exploitation may lead to arbitrary code execution.

oval:org.secpod.oval:def:44814
The host is installed with Apple Safari before 11.1 and is prone to a memory corrpution vulnerability. A flaw is present in the applications, which fails to properly handle a malicious website. Successful exploitation may lead to arbitrary code execution.

oval:org.secpod.oval:def:44815
The host is installed with Apple Safari before 11.1 and is prone to a memory corrpution vulnerability. A flaw is present in the applications, which fails to properly handle a malicious website. Successful exploitation may lead to arbitrary code execution.

oval:org.secpod.oval:def:44811
The host is installed with Apple Safari before 11.1 and is prone to a memory corrupution vulnerability. A flaw is present in the applications, which fails to properly handle a malicious website. Successful exploitation may lead to arbitrary code execution.

oval:org.secpod.oval:def:44817
The host is installed with Apple Safari before 11.1 and is prone to a memory corrpution vulnerability. A flaw is present in the applications, which fails to properly handle a malicious website. Successful exploitation may lead to arbitrary code execution.

oval:org.secpod.oval:def:44818
The host is installed with Apple Safari before 11.1 and is prone to a memory corrpution vulnerability. A flaw is present in the applications, which fails to properly handle a malicious website. Successful exploitation may lead to arbitrary code execution.

oval:org.secpod.oval:def:44819
The host is installed with Apple Safari before 11.1 and is prone to a memory corrpution vulnerability. A flaw is present in the applications, which fails to properly handle a malicious website. Successful exploitation may lead to arbitrary code execution.

oval:org.secpod.oval:def:44823
The host is installed with Apple Safari before 11.1 and is prone to a memory corrpution vulnerability. A flaw is present in the applications, which fails to properly handle a malicious website. Successful exploitation may lead to arbitrary code execution.

oval:org.secpod.oval:def:44824
The host is installed with Apple Safari before 11.1 and is prone to a memory corrpution vulnerability. A flaw is present in the applications, which fails to properly handle a malicious website. Successful exploitation may lead to arbitrary code execution.

oval:org.secpod.oval:def:44825
The host is installed with Apple Safari before 11.1 and is prone to a memory corrpution vulnerability. A flaw is present in the applications, which fails to properly handle a malicious website. Successful exploitation may lead to arbitrary code execution.

oval:org.secpod.oval:def:44826
The host is installed with Apple Safari before 11.1 and is prone to a memory corrpution vulnerability. A flaw is present in the applications, which fails to properly handle a malicious website. Successful exploitation may lead to arbitrary code execution.

oval:org.secpod.oval:def:44820
The host is installed with Apple Safari before 11.1 and is prone to a memory corrpution vulnerability. A flaw is present in the applications, which fails to properly handle a malicious website. Successful exploitation may lead to arbitrary code execution.

oval:org.secpod.oval:def:44821
The host is installed with Apple Safari before 11.1 and is prone to a memory corrpution vulnerability. A flaw is present in the applications, which fails to properly handle a malicious website. Successful exploitation may lead to arbitrary code execution.

oval:org.secpod.oval:def:114344
The zsh shell is a command interpreter usable as an interactive login shell and as a shell script command processor. Zsh resembles the ksh shell , but includes many enhancements. Zsh supports command line editing, built-in spelling correction, programmable command completion, shell functions , a his ...

oval:org.secpod.oval:def:44827
The host is installed with Apple Safari before 11.1 and is prone to an unspecified vulnerability. An array indexing issue existed in the handling of a function in javascript core. Successful exploitation may lead to an ASSERT failure.

oval:org.secpod.oval:def:44829
The host is installed with Apple Safari before 11.1 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fails to properly handle a maliciously crafted web content. Successful exploitation may lead to a denial of service.

oval:org.secpod.oval:def:51112
mozjs52: SpiderMonkey JavaScript library Several security issues were fixed in Spidermonkey.

oval:org.secpod.oval:def:44830
The host is installed with Apple Safari before 11.1 or Google Chrome before 68.0.3440.75 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fails to properly handle a maliciously crafted web content. Successful exploitation may lead to a denial of service ...

oval:org.secpod.oval:def:44831
The host is missing a security update according to Apple advisory, APPLE-SA-2018-3-29-6. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly perform input validation. Successful exploitation could allow attackers to disclose sensi ...

oval:org.secpod.oval:def:2000168
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" compone ...

oval:org.secpod.oval:def:2000156
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" compone ...

oval:org.secpod.oval:def:114303
The libtiff package contains a library of functions for manipulating TIFF image format files. TIFF is a widely used file format for bitmapped images. TIFF files usually end in the .tif extension and they are often quite large. The libtiff package should be installed if you need to manipulate TIFF f ...

oval:org.secpod.oval:def:1900721
Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Su ...

oval:org.secpod.oval:def:1900737
Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromis ...

oval:org.secpod.oval:def:2000129
An issue was discovered in Exempi through 2.4.4. XMPFiles/source/FormatSupport/WEBP_Support.cpp does not check whether a bitstream has a NULL value, leading to a NULL pointer dereference in the WEBP::VP8XChunk class.

oval:org.secpod.oval:def:2000127
An issue was discovered in Exempi through 2.4.4. There is a stack-based buffer over-read in the PostScript_MetaHandler::ParsePSFile function in XMPFiles/source/FileHandlers/PostScript_Handler.cpp.

oval:org.secpod.oval:def:2001473
An issue was discovered in ZZIPlib 0.13.68. There is a bus error caused by the __zzip_parse_root_directory function of zip.c. Attackers could leverage this vulnerability to cause a denial of service via a crafted zip file.

oval:org.secpod.oval:def:2001476
In ImageMagick 7.0.6-10 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allow remote attackers to cause a denial of service via a crafted file.

oval:org.secpod.oval:def:1900795
Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Succe ...

oval:org.secpod.oval:def:2001460
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" compone ...

oval:org.secpod.oval:def:2000109
libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service via a crafted PDF document, related to releaseResolved functions, aka qpdf-infiniteloop1.

oval:org.secpod.oval:def:51999
libreoffice: Office productivity suite LibreOffice would allow unintended access to files over the network.

oval:org.secpod.oval:def:2000106
An issue was discovered in ZZIPlib 0.13.68. An invalid memory address dereference was discovered in zzip_disk_fread in mmapped.c. The vulnerability causes an application crash, which leads to denial of service.

oval:org.secpod.oval:def:2000105
ImageMagick 7.0.7-22 Q16 has memory leaks in the ReadDCMImage function in coders/dcm.c.

oval:org.secpod.oval:def:2001434
An issue was discovered in Exempi through 2.4.4. A certain case of a 0xffffffff length is mishandled in XMPFiles/source/FormatSupport/PSIR_FileWriter.cpp, leading to a heap-based buffer over-read in the PSD_MetaHandler::CacheFileData function.

oval:org.secpod.oval:def:113957
curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+passwo ...

oval:org.secpod.oval:def:113962
curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+passwo ...

oval:org.secpod.oval:def:2000194
An error within the "LibRaw::unpack" function in LibRaw versions prior to 0.18.7 can be exploited to trigger a NULL pointer dereference.

oval:org.secpod.oval:def:2000190
lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates weak ElGamal key parameters, which allows attackers to obtain sensitive information by reading ciphertext data . The Decisional Diffie-Hellman assumption does not hold for PyCrypto"s ElGamal implementation.

oval:org.secpod.oval:def:1901165
Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of t ...

oval:org.secpod.oval:def:113073
QPDF is a command-line program that does structural, content-preserving transformations on PDF files. It could have been called something like pdf-to-pdf. It includes support for merging and splitting PDFs and to manipulate the list of pages in a PDF file. It is not a PDF viewer or a program capable ...

oval:org.secpod.oval:def:113065
Contains backends, filters, and other software that was once part of the core CUPS distribution but is no longer maintained by Apple Inc. In addition it contains additional filters developed independently of Apple, especially filters for the PDF-centric printing workflow introduced by OpenPrinting.

oval:org.secpod.oval:def:114485
LibRaw is a library for reading RAW files obtained from digital photo cameras . LibRaw is based on the source codes of the dcraw utility, where part of drawbacks have already been eliminated and part will be fixed in future.

oval:org.secpod.oval:def:114482
MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files.

oval:org.secpod.oval:def:2000204
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the "WebKit" component. It allows remote attackers t ...

oval:org.secpod.oval:def:2001542
Zsh before version 5.4.2-test-1 is vulnerable to a buffer overflow in the shell autocomplete functionality. A local unprivileged user can create a specially crafted directory path which leads to code execution in the context of the user who tries to use autocomplete to traverse the before mentioned ...

oval:org.secpod.oval:def:114437
The patch program applies diff files to originals. The diff command is used to compare an original to a changed file. Diff lists the changes made to the file. A person who has the original file can then use the patch command with the diff file to add the changes to their original file . Patch should ...

oval:org.secpod.oval:def:114431
MinGW Windows LibRaw library.

oval:org.secpod.oval:def:114469
MinGW Windows LibRaw library.

oval:org.secpod.oval:def:1901337
Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Su ...

oval:org.secpod.oval:def:115784
Ogg Vorbis is a fully open, non-proprietary, patent- and royalty-free, general-purpose compressed audio format for audio and music at fixed and variable bitrates from 16 to 128 kbps/channel. This package contains the MinGW Windows cross compiled libvorbis library.

oval:org.secpod.oval:def:2000295
In ImageMagick 7.0.7-12 Q16, there are memory leaks in MontageImageCommand in MagickWand/montage.c.

oval:org.secpod.oval:def:1502343
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502344
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:2000271
An error within the "LibRaw::xtrans_interpolate" function in LibRaw versions prior to 0.18.6 can be exploited to cause an invalid read memory access and subsequently a Denial of Service condition.

oval:org.secpod.oval:def:2000269
zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the exec.c:hashcmd function. A local attacker could exploit this to cause a denial of service.

oval:org.secpod.oval:def:2000282
An error within the "kodak_radc_load_raw" function related to the "buf" variable in LibRaw versions prior to 0.18.7 can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash.

oval:org.secpod.oval:def:114411
WebKitGTK+ is the port of the portable web rendering engine WebKit to the GTK+ platform. This package contains WebKit2 based WebKitGTK+ for GTK+ 3.

oval:org.secpod.oval:def:2001592
In ZZIPlib 0.13.68, there is an uncontrolled memory allocation and a crash in the __zzip_parse_root_directory function of zzip/zip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file.

oval:org.secpod.oval:def:2001597
The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.88 are insecure and enable "supportsCredentials" for all origins. It is expected that users of the CORS filter will have configured it appropriately for their en ...

oval:org.secpod.oval:def:1700124
The nss-pem package provides the PEM file reader for Network Security Services implemented as a PKCS#11 module. This update contains fixes related to CURL security updates, specifically updating an object ID when reusing a certificate

oval:org.secpod.oval:def:1502323
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1700107
A null pointer dereference flaw was found in Samba RPC external printer service. An attacker could use this flaw to cause the printer spooler service to crash.A heap-buffer overflow was found in the way samba clients processed extra long filename in a directory listing. A malicious samba server coul ...

oval:org.secpod.oval:def:603205
It was discovered that libXcursor, a X cursor management library, is prone to several heap overflows when parsing malicious files. An attacker can take advantage of these flaws for arbitrary code execution, if a user is tricked into processing a specially crafted cursor file.

oval:org.secpod.oval:def:53092
Multiple vulnerabilities have been discovered in the libtiff library and the included tools, which may result in denial of service or the execution of arbitrary code.

oval:org.secpod.oval:def:1901277
Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of ...

oval:org.secpod.oval:def:603268
Mikhail Klementev, Ronnie Goodrich and Andrew Krasichkov discovered that missing restrictions in the implementation of the WEBSERVICE function in LibreOffice could result in the disclosure of arbitrary files readable by the user who opens a malformed document.

oval:org.secpod.oval:def:603269
Mikhail Klementev, Ronnie Goodrich and Andrew Krasichkov discovered that missing restrictions in the implementation of the WEBSERVICE function in LibreOffice could result in the disclosure of arbitrary files readable by the user who opens a malformed document.

oval:org.secpod.oval:def:603266
Calum Hutton and the Mailman team discovered a cross site scripting and information leak vulnerability in the user options page. A remote attacker could use a crafted URL to steal cookie information or to fish for whether a user is subscribed to a list with a private roster.

oval:org.secpod.oval:def:1800697
CVE-2018-1000005: HTTP/2 trailer out-of-bounds read; Affected versions: libcurl 7.49.0 to and including 7.57.0 Not affected versions: libcurl = 7.58.0

oval:org.secpod.oval:def:603251
Two vulnerabilities were discovered in cURL, an URL transfer library. CVE-2018-1000005 Zhouyihai Ding discovered an out-of-bounds read in the code handling HTTP/2 trailers. This issue doesn"t affect the oldstable distribution . CVE-2018-1000007 Craig de Stigter discovered that authentication data mi ...

oval:org.secpod.oval:def:603252
Multiple vulnerabilities have been discovered in the libtiff library and the included tools, which may result in denial of service or the execution of arbitrary code.

oval:org.secpod.oval:def:1901263
Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of ...

oval:org.secpod.oval:def:46785
The host is installed with Google Chrome before 68.0.3440.75 and is prone to a cross origin information leak vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to disclose sensitive information.

oval:org.secpod.oval:def:46780
The host is installed with Google Chrome before 68.0.3440.75 and is prone to a cross origin information leak vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:603296
Several vulnerabilities have been discovered in the Dovecot email server. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2017-14461 Aleksandar Nikolic of Cisco Talos and "flxflndy" discovered that Dovecot does not properly parse invalid email addresses, which m ...

oval:org.secpod.oval:def:1800670
CVE-2017-9147: LibTIFF 4.0.7 has an invalid read in the _TIFFVGetField function in tif_dir.c, which might allow remote attackers to cause a denial of service via a crafted TIFF file. CVE-2017-9403: In LibTIFF 4.0.7, a memory leak vulnerability was found in the function TIFFReadDirEntryLong8Array i ...

oval:org.secpod.oval:def:114117
Clam AntiVirus is an anti-virus toolkit for UNIX. The main purpose of this software is the integration with mail servers . The package provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via Internet. The programs are based on a shared li ...

oval:org.secpod.oval:def:115441
Python 3.3 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.3, see other distributions that support it, such as CentOS or RHEL with Software Co ...

oval:org.secpod.oval:def:114112
PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ...

oval:org.secpod.oval:def:2000335
libjpeg-turbo 1.5.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted BMP image.

oval:org.secpod.oval:def:114144
Mailman is software to help manage email discussion lists, much like Majordomo and Smartmail. Unlike most similar products, Mailman gives each mailing list a webpage, and allows users to subscribe, unsubscribe, etc. over the Web. Even the list manager can administer his or her list entirely from the ...

oval:org.secpod.oval:def:46817
The host is installed with Google Chrome before 68.0.3440.75 and is prone to a cross origin information leak vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to disclose sensitive information.

oval:org.secpod.oval:def:114138
Samba is the standard Windows interoperability suite of programs for Linux and Unix.

oval:org.secpod.oval:def:114134
An extensible library that implements an LDAP like API to access remote LDAP servers, or use local tdb databases.

oval:org.secpod.oval:def:114106
This is a simple library designed to help locate and load cursors. Cursors can be loaded from files or memory. A library of common cursors exists which map to the standard X cursor names.Cursors can exist in several sizes and the library automatically picks the best size.

oval:org.secpod.oval:def:2001604
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" com ...

oval:org.secpod.oval:def:114102
This is a simple library designed to help locate and load cursors. Cursors can be loaded from files or memory. A library of common cursors exists which map to the standard X cursor names.Cursors can exist in several sizes and the library automatically picks the best size.

oval:org.secpod.oval:def:704099
python-oslo.middleware: WSGI middleware components for OpenStack Applications using Oslo middleware could be made to expose sensitive information.

oval:org.secpod.oval:def:704095
thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird.

oval:org.secpod.oval:def:704091
procps: /proc file system utilities Several security issues were fixed in procps-ng.

oval:org.secpod.oval:def:704071
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:704072
openjdk-8: Open Source Java implementation Several security issues were fixed in OpenJDK 8.

oval:org.secpod.oval:def:114990
Samba is the standard Windows interoperability suite of programs for Linux and Unix.

oval:org.secpod.oval:def:1901839
An error within the "LibRaw::xtrans_interpolate" function in LibRaw versions prior to 0.18.6 can be exploited to cause an invalid read memory access and subsequently a Denial of Service condition.

oval:org.secpod.oval:def:704068
webkit2gtk: Web content engine library for GTK+ A security issue was fixed in WebKitGTK+.

oval:org.secpod.oval:def:704066
qpdf: tools for transforming and inspecting PDF files Several security issues were fixed in QPDF.

oval:org.secpod.oval:def:704062
webkit2gtk: Web content engine library for GTK+ Several security issues were fixed in WebKitGTK+.

oval:org.secpod.oval:def:704063
mysql-5.7: MySQL database Details: USN-3629-1 fixed vulnerabilities in MySQL. This update provides the corresponding updates for Ubuntu 18.04 LTS. Original advisory Several security issues were fixed in MySQL.

oval:org.secpod.oval:def:2000389
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" compone ...

oval:org.secpod.oval:def:704053
mysql-5.7: MySQL database - mysql-5.5: MySQL database Several security issues were fixed in MySQL.

oval:org.secpod.oval:def:602980
Multiple vulnerabilities have been discovered in the libtiff library and the included tools, which may result in denial of service or the execution of arbitrary code.

oval:org.secpod.oval:def:704048
wayland: Wayland compositor infrastructure Wayland could be made to crash or run programs if it opened a specially crafted file.

oval:org.secpod.oval:def:704035
openjdk-8: Open Source Java implementation Several security issues were fixed in OpenJDK 8.

oval:org.secpod.oval:def:704036
openjdk-7: Open Source Java implementation Several security issues were fixed in OpenJDK 7.

oval:org.secpod.oval:def:704037
libraw: raw image decoder library LibRaw could be made to crash or run programs as your login if it opened a specially crafted file.

oval:org.secpod.oval:def:704031
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:704032
openssl: Secure Socket Layer cryptographic library and tools OpenSSL could be made to crash if it received specially crafted network traffic.

oval:org.secpod.oval:def:704034
thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird.

oval:org.secpod.oval:def:704039
python-crypto: cryptographic algorithms and protocols for Python Python Crypto could expose sensitive information.

oval:org.secpod.oval:def:704024
libvorbis: The Vorbis General Audio Compression Codec libvorbis could be made to crash or run programs as your login if it opened a specially crafted file.

oval:org.secpod.oval:def:603404
The Qualys Research Labs discovered multiple vulnerabilities in procps, a set of command line and full screen utilities for browsing procfs. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2018-1122 top read its configuration from the current working directory ...

oval:org.secpod.oval:def:704027
screen-resolution-extra: Extension for the GNOME screen resolution applet Screen Resolution Extra could be tricked into bypassing PolicyKit authorizations.

oval:org.secpod.oval:def:704020
tiff: Tag Image File Format library LibTIFF could be made to crash or run programs as your login if it opened a specially crafted file.

oval:org.secpod.oval:def:603408
Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code, denial of service or attacks on encrypted emails.

oval:org.secpod.oval:def:603409
Gabriel Corona discovered that xdg-utils, a set of tools for desktop environment integration, is vulnerable to argument injection attacks. If the environment variable BROWSER in the victim host has a "%s" and the victim opens a link crafted by an attacker with xdg-open, the malicious party ...

oval:org.secpod.oval:def:704029
icu: International Components for Unicode library ICU could be made to crash if it received specially crafted input.

oval:org.secpod.oval:def:704013
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:704015
memcached: high-performance memory object caching system Memcached could be made to crash if it received specially crafted network traffic.

oval:org.secpod.oval:def:114976
Python 3.4 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.4, see other distributions that support it, such as CentOS or RHEL with Software Co ...

oval:org.secpod.oval:def:704012
curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl.

oval:org.secpod.oval:def:704003
dovecot: IMAP and POP3 email server Several security issues were fixed in Dovecot.

oval:org.secpod.oval:def:603308
Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2018-1050 It was discovered that Samba is prone to a denial of service attack when the RPC spoolss service i ...

oval:org.secpod.oval:def:704004
python-django: High-level Python web development framework Several security issues were fixed in Django.

oval:org.secpod.oval:def:704000
isc-dhcp: DHCP server and client Several security issues were fixed in DHCP.

oval:org.secpod.oval:def:704001
memcached: high-performance memory object caching system Several security issues were fixed in Memcached.

oval:org.secpod.oval:def:603302
Several vulnerabilities have been discovered in the ISC DHCP client, relay and server. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2017-3144 It was discovered that the DHCP server does not properly clean up closed OMAPI connections, which can lead to exhaust ...

oval:org.secpod.oval:def:603309
Multiple vulnerabilities were discovered in cURL, an URL transfer library. CVE-2018-1000120 Duy Phan Thanh discovered that curl could be fooled into writing a zero byte out of bounds when curl is told to work on an FTP URL with the setting to only issue a single CWD command, if the directory part of ...

oval:org.secpod.oval:def:704006
clamav: Anti-virus utility for Unix Several security issues were fixed in ClamAV.

oval:org.secpod.oval:def:704008
samba: SMB/CIFS file, print, and login server for Unix Several security issues were fixed in Samba.

oval:org.secpod.oval:def:704009
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:603329
It was discovered that an integer overflow in the International Components for Unicode library could result in denial of service and potentially the execution of arbitrary code.

oval:org.secpod.oval:def:603317
Richard Zhu and Huzaifa Sidhpurwala discovered that an out-of-bounds memory write when playing Vorbis media files could result in the execution of arbitrary code.

oval:org.secpod.oval:def:603315
Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in denial of service, sandbox bypass, execution of arbitrary code, incorrect LDAP/GSS authentication, insecure use of cryptography or bypass of deserialisation restrictions.

oval:org.secpod.oval:def:603312
Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors and other implementation errors may lead to the execution of arbitrary code, denial of service or information disclosure.

oval:org.secpod.oval:def:603313
Richard Zhu discovered that an out-of-bounds memory write in the codeboook parsing code of the Libvorbis multimedia library could result in the execution of arbitrary code.

oval:org.secpod.oval:def:603341
James Davis discovered two issues in Django, a high-level Python web development framework, that can lead to a denial-of-service attack. An attacker with control on the input of the django.utils.html.urlize function or django.utils.text.Truncator"s chars and words methods could craft a string that m ...

oval:org.secpod.oval:def:603338
Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2017-3738 David Benjamin of Google reported an overflow bug in the AVX2 Montgomery multiplication procedure used in exponent ...

oval:org.secpod.oval:def:603337
It was discovered that constructed ASN.1 types with a recursive definition could exceed the stack, potentially leading to a denial of service. Details can be found in the upstream advisory: https://www.openssl.org/news/secadv/20180327.txt

oval:org.secpod.oval:def:603335
Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code, denial of service or information disclosure.

oval:org.secpod.oval:def:603333
It was discovered that a use-after-free in the compositor of Firefox can result in the execution of arbitrary code.

oval:org.secpod.oval:def:603353
Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in denial of service, sandbox bypass, execution of arbitrary code, incorrect LDAP/GSS authentication, insecure use of cryptography or bypass of deserialisation restrictions.

oval:org.secpod.oval:def:45541
The host is missing a critical security update according to Mozilla advisory, MFSA2018-11. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ...

oval:org.secpod.oval:def:45542
The host is missing a critical security update according to Mozilla advisory, MFSA2018-12. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ...

oval:org.secpod.oval:def:603377
Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in denial of service, sandbox bypass, execution of arbitrary code or bypass of JAR signature validation.

oval:org.secpod.oval:def:603370
Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.60, which includes additional changes

oval:org.secpod.oval:def:603394
Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors and other implementation errors may lead to the execution of arbitrary code or denial of service.

oval:org.secpod.oval:def:46823
The host is installed with Google Chrome before 68.0.3440.75 and is prone to a cross origin information leak vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:114165
Ogg Vorbis is a fully open, non-proprietary, patent- and royalty-free, general-purpose compressed audio format for audio and music at fixed and variable bitrates. The libvorbis package contains runtime libraries for use in programs that support Ogg Vorbis.

oval:org.secpod.oval:def:114167
curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+passwo ...

oval:org.secpod.oval:def:114161
The patch program applies diff files to originals. The diff command is used to compare an original to a changed file. Diff lists the changes made to the file. A person who has the original file can then use the patch command with the diff file to add the changes to their original file . Patch should ...

oval:org.secpod.oval:def:114150
Samba is the standard Windows interoperability suite of programs for Linux and Unix.

oval:org.secpod.oval:def:114152
curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+passwo ...

oval:org.secpod.oval:def:45516
Mozilla Firefox before 60.0 or Firefox ESR before 52.8 : Same-origin protections for the PDF viewer can be bypassed, allowing a malicious site to intercept messages meant for the viewer. This could allow the site to retrieve PDF files restricted to viewing by an authenticated user on a third-party w ...

oval:org.secpod.oval:def:45517
Mozilla Firefox before 60.0 or Firefox ESR before 52.8 : The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. This JavaScript can then be run with the permissions of the PDF viewer by its worker.

oval:org.secpod.oval:def:45518
>Mozilla Firefox before 60.0, Firefox, Thunderbird or ESR before 52.8 : An integer overflow can occur in the Skia library due to 32-bit integer use in an array without integer overflow checks, resulting in possible out-of-bounds writes. This could lead to a potentially exploitable crash triggerable ...

oval:org.secpod.oval:def:45513
The host is missing a critical security update according to Mozilla advisory, MFSA2018-12. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ...

oval:org.secpod.oval:def:114186
Ogg Vorbis is a fully open, non-proprietary, patent- and royalty-free, general-purpose compressed audio format for audio and music at fixed and variable bitrates. The libvorbis package contains runtime libraries for use in programs that support Ogg Vorbis.

oval:org.secpod.oval:def:1800316
CVE-2018-1000005: HTTP/2 trailer out-of-bounds read Affected versions libcurl 7.49.0 to and including 7.57.0 Not affected versions libcurl = 7.58.0

oval:org.secpod.oval:def:2000464
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the "WebKit" component. It allows remote attackers t ...

oval:org.secpod.oval:def:46916
The host is missing a security update according to Mozilla advisory, MFSA2018-19. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle the crafted data. Successful exploitation could allow attackers to disclose sensitive information, ...

oval:org.secpod.oval:def:114239
Exempi provides a library for easy parsing of XMP metadata. It is a port of Adobe XMP SDK to work on UNIX and to be build with GNU automake. It includes XMPCore and XMPFiles.

oval:org.secpod.oval:def:46917
The host is missing a critical security update according to Mozilla advisory, MFSA2018-19. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ...

oval:org.secpod.oval:def:53204
It was discovered that libXcursor, a X cursor management library, is prone to several heap overflows when parsing malicious files. An attacker can take advantage of these flaws for arbitrary code execution, if a user is tricked into processing a specially crafted cursor file.

oval:org.secpod.oval:def:114263
The OpenSSL toolkit provides support for secure communications between machines. This version of OpenSSL package contains only the libraries and is provided for compatibility with previous releases and software that does not support compilation with OpenSSL-1.1.

oval:org.secpod.oval:def:114262
The OpenSSL toolkit provides support for secure communications between machines. This version of OpenSSL package contains only the libraries and is provided for compatibility with previous releases and software that does not support compilation with OpenSSL-1.1.

oval:org.secpod.oval:def:114208
The libtiff package contains a library of functions for manipulating TIFF image format files. TIFF is a widely used file format for bitmapped images. TIFF files usually end in the .tif extension and they are often quite large. The libtiff package should be installed if you need to manipulate TIFF f ...

oval:org.secpod.oval:def:2000406
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" compone ...

oval:org.secpod.oval:def:114228
Dovecot is an IMAP server for Linux/UNIX-like systems, written with security primarily in mind. It also contains a small POP3 server. It supports mail in either of maildir or mbox formats. The SQL drivers and authentication plug-ins are in their subpackages.

oval:org.secpod.oval:def:704199
xdg-utils: desktop integration utilities from freedesktop.org xdg-utils could be made to run arbitrary code if it received a specially crafted input.

oval:org.secpod.oval:def:704192
liblouis: Braille translation library - utilities Several security issues were fixed in Liblouis.

oval:org.secpod.oval:def:704190
libraw: raw image decoder library Several security issues were fixed in LibRaw.

oval:org.secpod.oval:def:704191
apport: automatically generate crash reports for debugging Details: USN-3480-2 fixed regressions in Apport. The update introduced a new regression in the container support. This update addresses the problem. We apologize for the inconvenience. Original advisory USN-3480-2 introduced regressions in A ...

oval:org.secpod.oval:def:704177
curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl.

oval:org.secpod.oval:def:704173
libarchive-zip-perl: Perl module for manipulation of ZIP archives Archive Zip module could be made to expose sensitive information if it received a specially crafted input.

oval:org.secpod.oval:def:704167
zsh: shell with lots of features Several security issues were fixed in Zsh.

oval:org.secpod.oval:def:704164
clamav: Anti-virus utility for Unix ClamAV could be made to hang if it opened a specially crafted file.

oval:org.secpod.oval:def:704166
tomcat8: Servlet and JSP engine - tomcat7: Servlet and JSP engine Several security issues were fixed in Tomcat.

oval:org.secpod.oval:def:704158
thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird.

oval:org.secpod.oval:def:704145
zziplib: library providing read access on ZIP-archives - library zziplib could be made to crash or run programs as your login if it opened a specially crafted file.

oval:org.secpod.oval:def:704147
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:603516
Multiple security issues have been found in Thunderbird: Multiple memory safety errors and use-after-frees may lead to the execution of arbitrary code or denial of service. Debian follows the Thunderbird upstream releases. Support for the 52.x series has ended, so starting with this update we"re now ...

oval:org.secpod.oval:def:704133
openjdk-7: Open Source Java implementation Several security issues were fixed in OpenJDK 7.

oval:org.secpod.oval:def:603428
Jakub Wilk discovered a directory traversal flaw in the Archive::Tar module, allowing an attacker to overwrite any file writable by the extracting user via a specially crafted tar archive.

oval:org.secpod.oval:def:704124
gnupg2: GNU privacy guard - a free PGP replacement Details: USN-3675-1 fixed a vulnerability in GnuPG 2 for Ubuntu 18.04 LTS and Ubuntu 17.10. This update provides the corresponding update for GnuPG 2 in Ubuntu 16.04 LTS and Ubuntu 14.04 LTS. Original advisory GnuPG 2 could be made to present validi ...

oval:org.secpod.oval:def:603424
Marcus Brinkmann discovered that GnuGPG performed insufficient sanitisation of file names displayed in status messages, which could be abused to fake the verification status of a signed email. Details can be found in the upstream advisory at https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/00 ...

oval:org.secpod.oval:def:603425
Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in denial of service, sandbox bypass, execution of arbitrary code or bypass of JAR signature validation.

oval:org.secpod.oval:def:46109
The host is missing a critical security update according to Mozilla advisory, MFSA2018-16. The update is required to fix multiple vulnerabilities. A flaw is present in the application, which fails to handle crafted data. Successful exploitation allows attackers to crash an application.

oval:org.secpod.oval:def:603423
Marcus Brinkmann discovered that GnuGPG performed insufficient sanitisation of file names displayed in status messages, which could be abused to fake the verification status of a signed email. Details can be found in the upstream advisory at https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/00 ...

oval:org.secpod.oval:def:603420
Marcus Brinkmann discovered that GnuGPG performed insufficient sanitisation of file names displayed in status messages, which could be abused to fake the verification status of a signed email. Details can be found in the upstream advisory at https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/00 ...

oval:org.secpod.oval:def:704127
webkit2gtk: Web content engine library for GTK+ Several security issues were fixed in WebKitGTK+.

oval:org.secpod.oval:def:46110
The host is missing a critical security update according to Mozilla advisory, MFSA2018-17. The update is required to fix multiple vulnerabilities. A flaw is present in the application, which fails to handle crafted data. Successful exploitation allows attackers to crash an application.

oval:org.secpod.oval:def:704128
mozjs52: SpiderMonkey JavaScript library Several security issues were fixed in Spidermonkey.

oval:org.secpod.oval:def:603418
Several vulnerabilities were discovered in memcached, a high-performance memory object caching system. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2017-9951 Daniel Shapira reported a heap-based buffer over-read in memcached triggered by specially crafted ...

oval:org.secpod.oval:def:704111
gnupg2: GNU privacy guard - a free PGP replacement - gnupg: GNU privacy guard - a free PGP replacement Several security issues were fixed in GnuPG.

oval:org.secpod.oval:def:704101
exempi: library to parse XMP metadata Exempi could be made to crash or run programs if it opened a specially crafted file.

oval:org.secpod.oval:def:46129
The host is missing a critical security update according to Mozilla advisory, MFSA2018-15. The update is required to fix multiple vulnerabilities. A flaw is present in the application, which fails to handle crafted data. Successful exploitation allows attackers to crash an application.

oval:org.secpod.oval:def:46130
The host is missing a critical security update according to Mozilla advisory, MFSA2018-16. The update is required to fix multiple vulnerabilities. A flaw is present in the application, which fails to handle crafted data. Successful exploitation allows attackers to crash an application.

oval:org.secpod.oval:def:603440
Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors and other implementation errors may lead to the execution of arbitrary code, denial of service, cross-site request forgery or information disclosure.

oval:org.secpod.oval:def:46131
The host is missing a critical security update according to Mozilla advisory, MFSA2018-17. The update is required to fix multiple vulnerabilities. A flaw is present in the application, which fails to handle crafted data. Successful exploitation allows attackers to crash an application.

oval:org.secpod.oval:def:46134
Mozilla Firefox 61, Mozilla Thunderbird 60.0, Mozilla Firefox ESR 52.9 and 60.1: A use-after-free vulnerability can occur when deleting an code input/code element during a mutation event handler triggered by focusing that element. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:46133
Mozilla Firefox 61, Mozilla Thunderbird 60.0, Mozilla Firefox ESR 52.9 and 60.1: A buffer overflow can occur when rendering canvas content while adjusting the height and width of the 'canvas' element dynamically, causing data to be written outside of the currently computed boundaries. This results i ...

oval:org.secpod.oval:def:46139
Mozilla Firefox 61, Mozilla Thunderbird 60.0, Mozilla Firefox ESR 52.9 and 60.1: A compromised IPC child process can escape the content sandbox and list the names of arbitrary files on the file system without user consent or interaction. This could result in exposure of private local files.

oval:org.secpod.oval:def:46148
Mozilla Firefox 61, Mozilla Thunderbird 60.0, Mozilla Firefox ESR 52.9 and 60.1: Mozilla developers and community members Alex Gaynor, Christoph Diehl, Christian Holler, Jason Kratzer, David Major, Jon Coppeard, Nicolas B. Pierron, Jason Kratzer, Marcia Knous, and Ronald Crane reported memory safety ...

oval:org.secpod.oval:def:46145
Mozilla Firefox 61, Mozilla Thunderbird 60.0, Mozilla Firefox ESR 52.9 and 60.1: A vulnerability can occur when capturing a media stream when the media source type is changed as the capture is occuring. This can result in stream data being cast to the wrong type causing a potentially exploitable cra ...

oval:org.secpod.oval:def:1800498
An error within the "LibRaw::xtrans_interpolate" function can be exploited to cause an invalid read memory access and subsequently cause a crash via a specially crafted TIFF image. Fixed In Version: LibRaw 0.18.6

oval:org.secpod.oval:def:603451
Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code, denial of service or attacks on encrypted emails.

oval:org.secpod.oval:def:44398
The host is installed with LibreOffice before 5.4.5 or 6.x before 6.0.1 and is prone to an arbitrary file read vulnerability. A flaw is present in the application, which fails to properly handle =WEBSERVICE calls in a document. Successful exploitation could allow remote attackers to read arbitrary f ...

oval:org.secpod.oval:def:44394
The host is installed with LibreOffice before 5.4.5 or 6.0 before 6.0.1 and is prone to an arbitrary file read vulnerability. A flaw is present in the application, which fails to properly handle =WEBSERVICE calls in a document. Successful exploitation could allow remote attackers to read arbitrary f ...

oval:org.secpod.oval:def:113809
LibRaw is a library for reading RAW files obtained from digital photo cameras . LibRaw is based on the source codes of the dcraw utility, where part of drawbacks have already been eliminated and part will be fixed in future.

oval:org.secpod.oval:def:53281
Richard Zhu and Huzaifa Sidhpurwala discovered that an out-of-bounds memory write when playing Vorbis media files could result in the execution of arbitrary code.

oval:org.secpod.oval:def:53285
It was discovered that an integer overflow in the International Components for Unicode library could result in denial of service and potentially the execution of arbitrary code.

oval:org.secpod.oval:def:53288
It was discovered that a use-after-free in the compositor of Firefox can result in the execution of arbitrary code.

oval:org.secpod.oval:def:53279
Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in denial of service, sandbox bypass, execution of arbitrary code, incorrect LDAP/GSS authentication, insecure use of cryptography or bypass of deserialisation restrictions.

oval:org.secpod.oval:def:1800465
It is possible to trigger heap overflows due to an integer overflow while parsing images and a signedness issue while parsing comments.The integer overflow occurs because the chosen limit 0x10000 for dimensions is too large for 32 bit systems, because each pixel takes4 bytes. Properly chosen values ...

oval:org.secpod.oval:def:1901048
Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Succe ...

oval:org.secpod.oval:def:53291
It was discovered that constructed ASN.1 types with a recursive definition could exceed the stack, potentially leading to a denial of service. Details can be found in the upstream advisory: https://www.openssl.org/news/secadv/20180327.txt

oval:org.secpod.oval:def:45668
The host is missing a critical security update according to Mozilla advisory, MFSA2018-13. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ...

oval:org.secpod.oval:def:53292
Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2017-3738 David Benjamin of Google reported an overflow bug in the AVX2 Montgomery multiplication procedure used in exponent ...

oval:org.secpod.oval:def:53289
Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code, denial of service or information disclosure.

oval:org.secpod.oval:def:45680
The host is missing a critical security update according to Mozilla advisory, MFSA2018-13. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ...

oval:org.secpod.oval:def:53239
Multiple vulnerabilities have been discovered in the libtiff library and the included tools, which may result in denial of service or the execution of arbitrary code.

oval:org.secpod.oval:def:53238
Two vulnerabilities were discovered in cURL, an URL transfer library. CVE-2018-1000005 Zhouyihai Ding discovered an out-of-bounds read in the code handling HTTP/2 trailers. This issue doesn"t affect the oldstable distribution . CVE-2018-1000007 Craig de Stigter discovered that authentication data mi ...

oval:org.secpod.oval:def:1800421
LibreOffice Calc supports a WEBSERVICE function to obtain data by URL. Vulnerable versions of LibreOffice allow WEBSERVICE to take a local file URL which can be used to inject local files into the spreadsheet without warning the user. Subsequent formulas can operate on that inserted data and constr ...

oval:org.secpod.oval:def:53250
Mikhail Klementev, Ronnie Goodrich and Andrew Krasichkov discovered that missing restrictions in the implementation of the WEBSERVICE function in LibreOffice could result in the disclosure of arbitrary files readable by the user who opens a malformed document.

oval:org.secpod.oval:def:53248
Calum Hutton and the Mailman team discovered a cross site scripting and information leak vulnerability in the user options page. A remote attacker could use a crafted URL to steal cookie information or to fish for whether a user is subscribed to a list with a private roster.

oval:org.secpod.oval:def:1901066
Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Succ ...

oval:org.secpod.oval:def:53270
Several vulnerabilities have been discovered in the ISC DHCP client, relay and server. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2017-3144 It was discovered that the DHCP server does not properly clean up closed OMAPI connections, which can lead to exhaust ...

oval:org.secpod.oval:def:53273
Multiple vulnerabilities were discovered in cURL, an URL transfer library. CVE-2018-1000120 Duy Phan Thanh discovered that curl could be fooled into writing a zero byte out of bounds when curl is told to work on an FTP URL with the setting to only issue a single CWD command, if the directory part of ...

oval:org.secpod.oval:def:53272
Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2018-1050 It was discovered that Samba is prone to a denial of service attack when the RPC spoolss service i ...

oval:org.secpod.oval:def:53277
Richard Zhu discovered that an out-of-bounds memory write in the codeboook parsing code of the Libvorbis multimedia library could result in the execution of arbitrary code.

oval:org.secpod.oval:def:53276
Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors and other implementation errors may lead to the execution of arbitrary code, denial of service or information disclosure.

oval:org.secpod.oval:def:114292
memcached is a high-performance, distributed memory object caching system, generic in nature, but intended for use in speeding up dynamic web applications by alleviating database load.

oval:org.secpod.oval:def:2000570
In ZZIPlib 0.13.67, there is a bus error caused by loading of a misaligned address in __zzip_fetch_disk_trailer . Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file.

oval:org.secpod.oval:def:53311
Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in denial of service, sandbox bypass, execution of arbitrary code or bypass of JAR signature validation.

oval:org.secpod.oval:def:53332
The Qualys Research Labs discovered multiple vulnerabilities in procps, a set of command line and full screen utilities for browsing procfs. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2018-1122 top read its configuration from the current working directory ...

oval:org.secpod.oval:def:53324
Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors and other implementation errors may lead to the execution of arbitrary code or denial of service.

oval:org.secpod.oval:def:52010
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:52012
curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl.

oval:org.secpod.oval:def:52003
isc-dhcp: DHCP server and client Several security issues were fixed in DHCP.

oval:org.secpod.oval:def:52004
memcached: high-performance memory object caching system Several security issues were fixed in Memcached.

oval:org.secpod.oval:def:53335
Gabriel Corona discovered that xdg-utils, a set of tools for desktop environment integration, is vulnerable to argument injection attacks. If the environment variable BROWSER in the victim host has a "%s" and the victim opens a link crafted by an attacker with xdg-open, the malicious party ...

oval:org.secpod.oval:def:52007
python-django: High-level Python web development framework Several security issues were fixed in Django.

oval:org.secpod.oval:def:52006
dovecot: IMAP and POP3 email server Several security issues were fixed in Dovecot.

oval:org.secpod.oval:def:52009
samba: SMB/CIFS file, print, and login server for Unix Several security issues were fixed in Samba.

oval:org.secpod.oval:def:52008
clamav: Anti-virus utility for Unix Several security issues were fixed in ClamAV.

oval:org.secpod.oval:def:53350
Jakub Wilk discovered a directory traversal flaw in the Archive::Tar module, allowing an attacker to overwrite any file writable by the extracting user via a specially crafted tar archive.

oval:org.secpod.oval:def:52021
icu: International Components for Unicode library ICU could be made to crash if it received specially crafted input.

oval:org.secpod.oval:def:52020
screen-resolution-extra: Extension for the GNOME screen resolution applet Screen Resolution Extra could be tricked into bypassing PolicyKit authorizations.

oval:org.secpod.oval:def:52023
openssl: Secure Socket Layer cryptographic library and tools OpenSSL could be made to crash if it received specially crafted network traffic.

oval:org.secpod.oval:def:52022
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:52013
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:53344
Several vulnerabilities were discovered in memcached, a high-performance memory object caching system. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2017-9951 Daniel Shapira reported a heap-based buffer over-read in memcached triggered by specially crafted ...

oval:org.secpod.oval:def:52016
tiff: Tag Image File Format library LibTIFF could be made to crash or run programs as your login if it opened a specially crafted file.

oval:org.secpod.oval:def:53346
Marcus Brinkmann discovered that GnuGPG performed insufficient sanitisation of file names displayed in status messages, which could be abused to fake the verification status of a signed email. Details can be found in the upstream advisory at https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/00 ...

oval:org.secpod.oval:def:52015
memcached: high-performance memory object caching system Memcached could be made to crash if it received specially crafted network traffic.

oval:org.secpod.oval:def:52018
libvorbis: The Vorbis General Audio Compression Codec libvorbis could be made to crash or run programs as your login if it opened a specially crafted file.

oval:org.secpod.oval:def:53349
Marcus Brinkmann discovered that GnuGPG performed insufficient sanitisation of file names displayed in status messages, which could be abused to fake the verification status of a signed email. Details can be found in the upstream advisory at https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/00 ...

oval:org.secpod.oval:def:2000555
In ImageMagick 7.0.7-17 Q16, there is a Memory Leak in ReadPWPImage in coders/pwp.c.

oval:org.secpod.oval:def:2000518
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" compone ...

oval:org.secpod.oval:def:114769
The libjpeg-turbo package contains a library of functions for manipulating JPEG images.

oval:org.secpod.oval:def:114752
GnuPG is a GNU utility for encrypting data and creating digital signatures. GnuPG has advanced key management capabilities and is compliant with the proposed OpenPGP Internet standard described in RFC2440. Since GnuPG doesn't use any patented algorithm, it is not compatible with any version of ...

oval:org.secpod.oval:def:704295
mozjs52: SpiderMonkey JavaScript library Several security issues were fixed in Spidermonkey.

oval:org.secpod.oval:def:114726
This package contains dcraw, a command line tool to decode raw image data downloaded from digital cameras.

oval:org.secpod.oval:def:114728
WebKitGTK+ is the port of the portable web rendering engine WebKit to the GTK+ platform. This package contains WebKitGTK+ for GTK+ 3.

oval:org.secpod.oval:def:46158
The host is missing a critical security update according to Mozilla advisory, MFSA2018-18. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ...

oval:org.secpod.oval:def:46154
The host is missing a security update according to Mozilla advisory, MFSA2018-18. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle the crafted data. Successful exploitation could allow attackers to disclose sensitive information, ...

oval:org.secpod.oval:def:603532
Multiple security issues were discovered in Python: ElementTree failed to initialise Expat"s hash salt, two denial of service issues were found in difflib and poplib and a buffer overflow in PyString_DecodeEscape.

oval:org.secpod.oval:def:52919
openjdk-7: Open Source Java implementation Several security issues were fixed in OpenJDK 7.

oval:org.secpod.oval:def:704223
irssi: terminal based IRC client Several security issues were fixed in Irssi.

oval:org.secpod.oval:def:114823
A comprehensive, modular and portable cryptographic toolkit that provides developers with a vast array of well known published block ciphers, one-way hash functions, chaining modes, pseudo-random number generators, public key cryptography and a plethora of other routines. Designed from the ground up ...

oval:org.secpod.oval:def:704211
postgresql-9.6: Object-relational SQL database - postgresql-9.5: Object-relational SQL database - postgresql-9.3: Object-relational SQL database PostgreSQL could be made to expose sensitive information.

oval:org.secpod.oval:def:704213
mailman: Powerful, web-based mailing list manager Mailman could be made to run arbitrary code.

oval:org.secpod.oval:def:114816
The Archive::Zip module allows a Perl program to create, manipulate, read, and write Zip archive files. Zip archives can be created, or you can read from existing zip files. Once created, they can be written to files, streams, or strings. Members can be added, removed, extracted, replaced, rearrange ...

oval:org.secpod.oval:def:114812
The Archive::Zip module allows a Perl program to create, manipulate, read, and write Zip archive files. Zip archives can be created, or you can read from existing zip files. Once created, they can be written to files, streams, or strings. Members can be added, removed, extracted, replaced, rearrange ...

oval:org.secpod.oval:def:52930
openjdk-7: Open Source Java implementation Several security issues were fixed in OpenJDK 7.

oval:org.secpod.oval:def:704209
patch: Apply a diff file to an original Several security issues were fixed in Patch.

oval:org.secpod.oval:def:603583
Multiple vulnerabilities have been discovered in the libtiff library and the included tools, which may result in denial of service or the execution of arbitrary code if malformed image files are processed.

oval:org.secpod.oval:def:704204
perl: Practical Extraction and Report Language Perl could be made to overwrite arbitrary files if it received a specially crafted archive file.

oval:org.secpod.oval:def:52069
curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl.

oval:org.secpod.oval:def:2000606
In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allow remote attackers to cause a denial of service via a crafted file.

oval:org.secpod.oval:def:52087
postgresql-9.6: Object-relational SQL database - postgresql-9.5: Object-relational SQL database - postgresql-9.3: Object-relational SQL database PostgreSQL could be made to expose sensitive information.

oval:org.secpod.oval:def:52086
patch: Apply a diff file to an original Several security issues were fixed in Patch.

oval:org.secpod.oval:def:52089
mailman: Powerful, web-based mailing list manager Mailman could be made to run arbitrary code.

oval:org.secpod.oval:def:2000617
libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service via a crafted PDF document, related to unparse functions, aka qpdf-infiniteloop3.

oval:org.secpod.oval:def:43130
The host is installed with Google Chrome before 63.0.3239.84 and is prone to an integer overflow vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:52095
irssi: terminal based IRC client Several security issues were fixed in Irssi.

oval:org.secpod.oval:def:115257
The patch program applies diff files to originals. The diff command is used to compare an original to a changed file. Diff lists the changes made to the file. A person who has the original file can then use the patch command with the diff file to add the changes to their original file . Patch should ...

oval:org.secpod.oval:def:53360
Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors and other implementation errors may lead to the execution of arbitrary code, denial of service, cross-site request forgery or information disclosure.

oval:org.secpod.oval:def:52033
wayland: Wayland compositor infrastructure Wayland could be made to crash or run programs if it opened a specially crafted file.

oval:org.secpod.oval:def:52025
openjdk-8: Open Source Java implementation Several security issues were fixed in OpenJDK 8.

oval:org.secpod.oval:def:52024
thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird.

oval:org.secpod.oval:def:52027
python-crypto: cryptographic algorithms and protocols for Python Python Crypto could expose sensitive information.

oval:org.secpod.oval:def:52026
libraw: raw image decoder library LibRaw could be made to crash or run programs as your login if it opened a specially crafted file.

oval:org.secpod.oval:def:115246
Clam AntiVirus is an anti-virus toolkit for UNIX. The main purpose of this software is the integration with mail servers . The package provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via Internet. The programs are based on a shared li ...

oval:org.secpod.oval:def:52041
qpdf: tools for transforming and inspecting PDF files Several security issues were fixed in QPDF.

oval:org.secpod.oval:def:52040
webkit2gtk: Web content engine library for GTK+ Several security issues were fixed in WebKitGTK+.

oval:org.secpod.oval:def:52042
openjdk-8: Open Source Java implementation Several security issues were fixed in OpenJDK 8.

oval:org.secpod.oval:def:52035
mysql-5.7: MySQL database - mysql-5.5: MySQL database Several security issues were fixed in MySQL.

oval:org.secpod.oval:def:53368
Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code, denial of service or attacks on encrypted emails.

oval:org.secpod.oval:def:45753
The host is installed with Apache Tomcat 9.x before 9.0.9, 7.0.41 before 7.0.89, 8.x before 8.0.53 or 8.5.x before 8.5.32 and is prone to a security bypass vulnerability. A flaw is present in application, which fails to properly handle CORS filter settings issue. Successful exploitation allow attack ...

oval:org.secpod.oval:def:52052
gnupg2: GNU privacy guard - a free PGP replacement Details: This update provides the corresponding update for GnuPG 2 in Linux Mint 18.x LTS and Linux Mint 17.x LTS. Original advisory GnuPG 2 could be made to present validity information incorrectly.

oval:org.secpod.oval:def:115272
Python 3.5 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.5, see other distributions that support it, such as CentOS or RHEL with Software Co ...

oval:org.secpod.oval:def:115274
Python 2.6 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 2.6, see other distributions that support it, such as CentOS or RHEL 6.

oval:org.secpod.oval:def:52048
exempi: library to parse XMP metadata Exempi could be made to crash or run programs if it opened a specially crafted file.

oval:org.secpod.oval:def:43104
The host is installed with Google Chrome before 63.0.3239.84 and is prone to an integer overflow vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:43103
The host is installed with Google Chrome before 63.0.3239.84 and is prone to an integer overflow vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:52061
tomcat8: Servlet and JSP engine - tomcat7: Servlet and JSP engine Several security issues were fixed in Tomcat.

oval:org.secpod.oval:def:52062
zsh: shell with lots of features Several security issues were fixed in Zsh.

oval:org.secpod.oval:def:114005
LibreOffice is an Open Source, community-developed, office productivity suite. It includes the key desktop applications, such as a word processor, spreadsheet, presentation manager, formula editor and drawing program, with a user interface and feature set similar to other office suites. Sophisticate ...

oval:org.secpod.oval:def:114022
The patch program applies diff files to originals. The diff command is used to compare an original to a changed file. Diff lists the changes made to the file. A person who has the original file can then use the patch command with the diff file to add the changes to their original file . Patch should ...

oval:org.secpod.oval:def:114016
The zziplib library is intentionally lightweight, it offers the ability to easily extract data from files archived in a single zip file. Applications can bundle files into a single zip archive and access them. The implementation is based only on the subset of compression with the zlib algorithm whi ...

oval:org.secpod.oval:def:53472
Multiple vulnerabilities have been discovered in the libtiff library and the included tools, which may result in denial of service or the execution of arbitrary code if malformed image files are processed.

oval:org.secpod.oval:def:53404
Several issues were discovered in the Tomcat servlet and JSP engine. They could lead to unauthorized access to protected resources, denial-of-service, or information leak.

oval:org.secpod.oval:def:53430
Multiple security issues were discovered in Python: ElementTree failed to initialise Expat"s hash salt, two denial of service issues were found in difflib and poplib and a buffer overflow in PyString_DecodeEscape.

oval:org.secpod.oval:def:2001121
In LibTIFF 4.0.7, the program processes BMP images without verifying that biWidth and biHeight in the bitmap-information header match the actual input, leading to a heap-based buffer over-read in bmp2tiff.

oval:org.secpod.oval:def:114841
This package contains dcraw, a command line tool to decode raw image data downloaded from digital cameras.

oval:org.secpod.oval:def:114860
The zziplib library is intentionally lightweight, it offers the ability to easily extract data from files archived in a single zip file. Applications can bundle files into a single zip archive and access them. The implementation is based only on the subset of compression with the zlib algorithm whi ...

oval:org.secpod.oval:def:114931
poppler is a PDF rendering library.

oval:org.secpod.oval:def:114080
PyCrypto is a collection of both secure hash functions , and various encryption algorithms .

oval:org.secpod.oval:def:114079
PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ...

oval:org.secpod.oval:def:502222
The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix: * Multiple flaws were found in the Hotspot and AWT components of OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java ...

oval:org.secpod.oval:def:502229
The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable ...

oval:org.secpod.oval:def:502235
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix: * A flaw was found in the AWT component of OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. ...

oval:org.secpod.oval:def:502239
LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and extend ...

oval:org.secpod.oval:def:502243
The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable ...

oval:org.secpod.oval:def:502242
The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable ...

oval:org.secpod.oval:def:502245
LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and extend ...

oval:org.secpod.oval:def:502244
Mailman is a program used to help manage e-mail discussion lists. Security Fix: * mailman: Cross-site scripting vulnerability in web UI For more details about the security issue, including the impact, a CVSS score, and other related information, refer to the CVE page listed in the References secti ...

oval:org.secpod.oval:def:114097
Clam AntiVirus is an anti-virus toolkit for UNIX. The main purpose of this software is the integration with mail servers . The package provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via Internet. The programs are based on a shared li ...

oval:org.secpod.oval:def:502246
Mailman is a program used to help manage e-mail discussion lists. Security Fix: * mailman: Cross-site scripting vulnerability in web UI For more details about the security issue, including the impact, a CVSS score, and other related information, refer to the CVE page listed in the References secti ...

oval:org.secpod.oval:def:45857
The host is installed with PostgreSQL 10.x before 10.2, 9.3.x before 9.3.21, 9.4.x before 9.4.16, 9.5.x before 9.5.11 or 9.6.x before 9.6.7 and is prone to an information disclosure vulnerability. The flaw present in the application fails to handle issues in pg_upgrade function. Successful exploitat ...

oval:org.secpod.oval:def:114039
Irssi is a modular IRC client with Perl scripting. Only text-mode frontend is currently supported. The GTK/GNOME frontend is no longer being maintained.

oval:org.secpod.oval:def:114038
Irssi is a modular IRC client with Perl scripting. Only text-mode frontend is currently supported. The GTK/GNOME frontend is no longer being maintained.

oval:org.secpod.oval:def:114052
PyCrypto is a collection of both secure hash functions , and various encryption algorithms .

oval:org.secpod.oval:def:45890
The host is installed with Apple iCloud before 7.5 or Apple iTunes before 12.7.5 and is prone to an arbitrary code execution vulnerability. A flaw is present in the application, which fails to properly handle maliciously crafted web content. Successful exploitation could allow attackers to execute a ...

oval:org.secpod.oval:def:502293
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 52.8.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8 * Mozilla: Backport critical security fixes in Ski ...

oval:org.secpod.oval:def:45942
The host is installed with Apple Safari before 11.1.1 and is prone to an arbitrary code execution vulnerability. A flaw is present in the applications, which fails to properly handle memory issues. Successful exploitation may lead to arbitrary code execution.

oval:org.secpod.oval:def:53567
The host is installed with Apple Mac OS X 10.12.6, 10.13.6 or 10.14.3 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to properly handle an issue in perl. Successful exploitation allows an attacker to cause unspecified impact.

oval:org.secpod.oval:def:1700092
An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service.

oval:org.secpod.oval:def:502250
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.7.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7 * Mozilla: Buffer overflow manipulating SVG animatedPathSegList * Mozilla: Out-of-bounds write with malformed IP ...

oval:org.secpod.oval:def:502252
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 52.7.2 ESR. Security Fix: * Mozilla: Vorbis audio processing out of bounds write For more details about the security issue, including the impact, ...

oval:org.secpod.oval:def:502251
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.7.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7 * Mozilla: Buffer overflow manipulating SVG animatedPathSegList * Mozilla: Out-of-bounds write with malformed IP ...

oval:org.secpod.oval:def:502258
The libvorbis package contains runtime libraries for use in programs that support Ogg Vorbis, a fully open, non-proprietary, patent- and royalty-free, general-purpose compressed format for audio and music at fixed and variable bitrates. Security Fix: * Mozilla: Vorbis audio processing out of bounds ...

oval:org.secpod.oval:def:502257
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.7.0. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7 * Mozilla: Memory safety bugs fixed in Firefox ESR 52.7 * Mozilla: Vorbis audio processing out o ...

oval:org.secpod.oval:def:502259
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.7.0. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7 * Mozilla: Memory safety bugs fixed in Firefox ESR 52.7 * Mozilla: Vorbis audio processing out o ...

oval:org.secpod.oval:def:45901
The host is installed with Apple Mac OS X 10.13.4 and is prone to a stack buffer overflow vulnerability. A flaw is present in the application, which fails to properly handle php version less than 7.1.16. Successful exploitation allows attackers to execute arbitrary code in the context of the affecte ...

oval:org.secpod.oval:def:114553
The xdg-utils package is a set of simple scripts that provide basic desktop integration functions for any Free Desktop, such as Linux. They are intended to provide a set of defacto standards. This means that: * Third party software developers can rely on these xdg-utils for all of their simple integ ...

oval:org.secpod.oval:def:502261
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 52.7.3 ESR. Security Fix: * firefox: Use-after-free in compositor potentially allows code execution For more details about the security issue, incl ...

oval:org.secpod.oval:def:114550
The procps package contains a set of system utilities that provide system information. Procps includes ps, free, skill, pkill, pgrep, snice, tload, top, uptime, vmstat, w, watch and pwdx. The ps command displays a snapshot of running processes. The top command provides a repetitive update of the sta ...

oval:org.secpod.oval:def:502263
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 52.7.3 ESR. Security Fix: * firefox: Use-after-free in compositor potentially allows code execution For more details about the security issue, incl ...

oval:org.secpod.oval:def:502269
The libvorbis package contains runtime libraries for use in programs that support Ogg Vorbis, a fully open, non-proprietary, patent- and royalty-free, general-purpose compressed format for audio and music at fixed and variable bitrates. Security Fix: * Mozilla: Vorbis audio processing out of bounds ...

oval:org.secpod.oval:def:502276
The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix: * OpenJDK: incorrect handling of Reference clones can lead to sandbox bypass * OpenJDK: unrestricted deserialization of data from JCEKS key stores * OpenJ ...

oval:org.secpod.oval:def:502278
The patch program applies diff files to originals. The diff command is used to compare an original to a changed file. Diff lists the changes made to the file. A person who has the original file can then use the patch command with the diff file to add the changes to their original file . Patch should ...

oval:org.secpod.oval:def:52201
php7.1: HTML-embedded scripting language interpreter - php7.0: HTML-embedded scripting language interpreter - php5: HTML-embedded scripting language interpreter Several security issues were fixed in PHP.

oval:org.secpod.oval:def:502277
The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix: * OpenJDK: incorrect handling of Reference clones can lead to sandbox bypass * OpenJDK: unrestricted deserialization of data from JCEKS key stores * OpenJ ...

oval:org.secpod.oval:def:502279
The patch program applies diff files to originals. The diff command is used to compare an original to a changed file. Diff lists the changes made to the file. A person who has the original file can then use the patch command with the diff file to add the changes to their original file . Patch should ...

oval:org.secpod.oval:def:1700072
Use-after-free when appending DOM nodes Use-after-free using focus Compromised IPC child process can list local filenames Buffer overflow using computed size of canvas element Using form to exfiltrate encrypted mail part by pressing enter in form field S/MIME plaintext can be leaked through HTML rep ...

oval:org.secpod.oval:def:502285
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix: * OpenJDK: incorrect handling of Reference clones can lead to sandbox bypass * OpenJDK: unrestricted deserialization of data from JCEKS key stores * OpenJ ...

oval:org.secpod.oval:def:502284
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix: * OpenJDK: incorrect handling of Reference clones can lead to sandbox bypass * OpenJDK: unrestricted deserialization of data from JCEKS key stores * OpenJ ...

oval:org.secpod.oval:def:502289
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 52.8.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8 * Mozilla: Backport critical security fixes in Ski ...

oval:org.secpod.oval:def:1700066
A data validation flaw was found in the way gnupg processes file names during decryption and signature validation. An attacker may be able to inject messages into gnupg verbose message logging which may have the potential to bypass the integrity of signature authentication mechanisms and could have ...

oval:org.secpod.oval:def:114529
The xdg-utils package is a set of simple scripts that provide basic desktop integration functions for any Free Desktop, such as Linux. They are intended to provide a set of defacto standards. This means that: * Third party software developers can rely on these xdg-utils for all of their simple integ ...

oval:org.secpod.oval:def:114528
The xdg-utils package is a set of simple scripts that provide basic desktop integration functions for any Free Desktop, such as Linux. They are intended to provide a set of defacto standards. This means that: * Third party software developers can rely on these xdg-utils for all of their simple integ ...

oval:org.secpod.oval:def:1700050
Multiple integer overflows leading to heap corruption flaws were discovered in file2strvec. These vulnerabilities can lead to privilege escalation for a local attacker who can create entries in procfs by starting processes, which will lead to crashes or arbitrary code execution in proc utilities run ...

oval:org.secpod.oval:def:1502232
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502237
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502234
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502235
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1700046
The following CVEs are fixed in the updated thunderbird package:CVE-2018-5161 : Hang via malformed headersCVE-2018-5162 : Encrypted mail leaks plaintext through src attributeCVE-2018-5183 : Backport critical security fixes in SkiaCVE-2018-5155 : Use-after-free with SVG animations and text pathsCVE-2 ...

oval:org.secpod.oval:def:114543
MariaDB is a community developed branch of MySQL. MariaDB is a multi-user, multi-threaded SQL database server. It is a client/server implementation consisting of a server daemon and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs an ...

oval:org.secpod.oval:def:114541
WebKitGTK+ is the port of the portable web rendering engine WebKit to the GTK+ platform. This package contains WebKitGTK+ for GTK+ 3.

oval:org.secpod.oval:def:1700037
Malicious patch files cause ed to execute arbitrary commandsGNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation can result in code execution. This attack appear to be exploitable via a patch file processed via th ...

oval:org.secpod.oval:def:1700036
1553531: Stack-based buffer overflow in exec.c:hashcmdzsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the exec.c:hashcmd function. A local attacker could exploit this to cause a denial of service.Stack-based buffer overflow in gen_matches_files at compctl.cA buffer overfl ...

oval:org.secpod.oval:def:1700030
Unbounded memory allocation during deserialization in Container Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE . Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerabi ...

oval:org.secpod.oval:def:1700034
Unbounded memory allocation during deserialization in NamedNodeMapImpl Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE . Supported versions that are affected are Java SE: 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerabi ...

oval:org.secpod.oval:def:114539
The procps package contains a set of system utilities that provide system information. Procps includes ps, free, skill, pkill, pgrep, snice, tload, top, uptime, vmstat, w, watch and pwdx. The ps command displays a snapshot of running processes. The top command provides a repetitive update of the sta ...

oval:org.secpod.oval:def:1502253
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502259
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1700024
FTP path trickery leads to NIL byte out of bounds write:It was found that libcurl did not safely parse FTP URLs when using the CURLOPT_FTP_FILEMETHOD method. An attacker, able to provide a specially crafted FTP URL to an application using libcurl, could write a NULL byte at an arbitrary location, re ...

oval:org.secpod.oval:def:1700021
Buffer overflow in dhclient possibly allowing code execution triggered by malicious serverAn out-of-bound memory access flaw was found in the way dhclient processed a DHCP response packet. A malicious DHCP server could potentially use this flaw to crash dhclient processes running on DHCP client mach ...

oval:org.secpod.oval:def:1700015
Vorbis audio processing out of bounds write :An out of bounds write flaw was found in the processing of vorbis audio data. A maliciously crafted file or audio stream could cause the application to crash or, potentially, execute arbitrary code

oval:org.secpod.oval:def:1700018
Cross-site scripting vulnerability in web UIA cross-site scripting flaw was found in mailman. An attacker, able to trick the user into visiting a specific URL, can execute arbitrary web scripts on the user#039;s side and force the victim to perform unintended actions

oval:org.secpod.oval:def:1700010
Omapi code doesn"t free socket descriptors when empty message is received allowing denial-of-serviceIt was found that the DHCP daemon did not properly clean up closed OMAPI connections in certain cases. A remote attacker able to connect to the OMAPI port could use this flaw to exhaust file descripto ...

oval:org.secpod.oval:def:1700005
SingleEntryRegistry incorrect setup of deserialization filter It was discovered that the JMX component of OpenJDK failed to properly set the deserialization filter for the SingleEntryRegistry in certain cases. A remote attacker could possibly use this flaw to bypass intended deserialization restrict ...

oval:org.secpod.oval:def:1700004
HTTP authentication leak in redirectslibcurl might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response ...

oval:org.secpod.oval:def:1502211
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502212
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:115092
The zziplib library is intentionally lightweight, it offers the ability to easily extract data from files archived in a single zip file. Applications can bundle files into a single zip archive and access them. The implementation is based only on the subset of compression with the zlib algorithm whi ...

oval:org.secpod.oval:def:1502264
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1900953
Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Succe ...

oval:org.secpod.oval:def:1502272
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502273
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502278
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502279
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1900934
Vulnerability in the MySQL Server component of Oracle MySQL. Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of th ...

oval:org.secpod.oval:def:502331
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.1.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1, and Firefox ESR 52.9 * Mozilla: Buffer overflow usin ...

oval:org.secpod.oval:def:502330
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.1.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1, and Firefox ESR 52.9 * Mozilla: Buffer overflow usin ...

oval:org.secpod.oval:def:115054
Ghostscript is a set of software that provides a PostScript interpreter, a set of C procedures and an interpreter for Portable Document Format files. Ghostscript translates PostScript code into many common, bitmapped formats, like those understood by your printer or screen. Ghostscript is normally ...

oval:org.secpod.oval:def:502335
The GNU Privacy Guard is a tool for encrypting data and creating digital signatures, compliant with OpenPGP and S/MIME standards. Security Fix: * gnupg2: Improper sanitization of filenames allows for the display of fake status messages and the bypass of signature verification For more details abou ...

oval:org.secpod.oval:def:502334
The GNU Privacy Guard is a tool for encrypting data and creating digital signatures, compliant with OpenPGP and S/MIME standards. Security Fix: * gnupg2: Improper sanitization of filenames allows for the display of fake status messages and the bypass of signature verification For more details abou ...

oval:org.secpod.oval:def:502339
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.9.1. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1, and Firefox ESR 52.9 * Mozilla: Buffer overflow using computed size of canvas element * Mozilla: Use ...

oval:org.secpod.oval:def:502340
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.9.1. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1, and Firefox ESR 52.9 * Mozilla: Buffer overflow using computed size of canvas element * Mozilla: Use ...

oval:org.secpod.oval:def:115074
Tools and utilities for developing with icu.

oval:org.secpod.oval:def:115060
Ghostscript is a set of software that provides a PostScript interpreter, a set of C procedures and an interpreter for Portable Document Format files. Ghostscript translates PostScript code into many common, bitmapped formats, like those understood by your printer or screen. Ghostscript is normally ...

oval:org.secpod.oval:def:703990
libreoffice: Office productivity suite LibreOffice would allow unintended access to files over the network.

oval:org.secpod.oval:def:502306
The procps-ng packages contain a set of system utilities that provide system information, including ps, free, skill, pkill, pgrep, snice, tload, top, uptime, vmstat, w, watch, and pwdx. Security Fix: * procps-ng, procps: Integer overflows leading to heap overflow in file2strvec * procps-ng, procps: ...

oval:org.secpod.oval:def:502308
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.8.0. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8 * Mozilla: Backport critical security fixes in Skia * Mozilla: Use-after-free with SVG animations ...

oval:org.secpod.oval:def:502307
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.8.0. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8 * Mozilla: Backport critical security fixes in Skia * Mozilla: Use-after-free with SVG animations ...

oval:org.secpod.oval:def:502311
The procps packages contain a set of system utilities that provide system information. The procps packages include the following utilities: ps, free, skill, pkill, pgrep, snice, tload, top, uptime, vmstat, w, watch, pwdx, sysctl, pmap, and slabtop. Security Fix: * procps-ng, procps: Integer overflow ...

oval:org.secpod.oval:def:502318
Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: * samba: Null pointer indirection in printer server process For mor ...

oval:org.secpod.oval:def:115028
Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory e ...

oval:org.secpod.oval:def:502320
Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. Security Fix: * samba: Null pointer indirection in printer server process For more details about the sec ...

oval:org.secpod.oval:def:44720
Mozilla Firefox before 59.0 : A use-after-free vulnerability can occur when manipulating elements, events, and selection ranges during editor operations. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:44721
Mozilla Firefox ESR before 52.7 or Thunderbird before 52.7 : An integer overflow can occur during conversion of text to some Unicode character sets due to an unchecked length parameter.

oval:org.secpod.oval:def:44722
Mozilla Firefox ESR before 52.7 or Thunderbird before 52.7 : Mozilla developers reported memory safety bugs present in Firefox ESR. These bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.

oval:org.secpod.oval:def:44733
The host is missing a critical security update according to Mozilla advisory, MFSA2018-07. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ...

oval:org.secpod.oval:def:44734
The host is missing a critical security update according to Mozilla advisory, MFSA2018-06. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ...

oval:org.secpod.oval:def:44739
php7.1: HTML-embedded scripting language interpreter - php7.0: HTML-embedded scripting language interpreter - php5: HTML-embedded scripting language interpreter Several security issues were fixed in PHP.

oval:org.secpod.oval:def:205139
Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. The following packages have been upgraded to a later upstream version: samba . Se ...

oval:org.secpod.oval:def:51044
procps: /proc file system utilities Several security issues were fixed in procps-ng.

oval:org.secpod.oval:def:51035
mysql-5.7: MySQL database Details: USN-3629-1 fixed vulnerabilities in MySQL. This update provides the corresponding updates for Linux Mint 19.x LTS. Original advisory Several security issues were fixed in MySQL.

oval:org.secpod.oval:def:51039
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:115103
The zsh shell is a command interpreter usable as an interactive login shell and as a shell script command processor. Zsh resembles the ksh shell , but includes many enhancements. Zsh supports command line editing, built-in spelling correction, programmable command completion, shell functions , a his ...

oval:org.secpod.oval:def:51050
gnupg2: GNU privacy guard - a free PGP replacement - gnupg: GNU privacy guard - a free PGP replacement Several security issues were fixed in GnuPG.

oval:org.secpod.oval:def:51045
thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird.

oval:org.secpod.oval:def:502373
The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix: * It was discovered that the ghostscript /invalidaccess checks fail under certain condition ...

oval:org.secpod.oval:def:502374
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Security Fix: * tomcat: A bug in the UTF-8 decoder can lead to DoS For more details about the security issue, including the impact, a CVSS score, and other related information, refer to the CVE page listed ...

oval:org.secpod.oval:def:44700
Mozilla Firefox ESR before 52.7 or Thunderbird before 52.7 : An integer overflow can occur during conversion of text to some Unicode character sets due to an unchecked length parameter.

oval:org.secpod.oval:def:44701
Mozilla Firefox ESR before 52.7 or Thunderbird before 52.7 : Mozilla developers reported memory safety bugs present in Firefox ESR. These bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.

oval:org.secpod.oval:def:44714
Mozilla Firefox before 59.0, Firefox ESR before 52.7 or Thunderbird before 52.7 : Mozilla developers and community members reported memory safety bugs present in Firefox and Firefox ESR. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these ...

oval:org.secpod.oval:def:44715
Mozilla Firefox before 59.0, Firefox ESR before 52.7 or Thunderbird before 52.7 : A buffer overflow can occur when manipulating the SVG animatedPathSegList through script. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:44716
Mozilla Firefox before 59.0, Firefox ESR before 52.7 or Thunderbird before 52.7 : A lack of parameter validation on IPC messages results in a potential out-of-bounds write through malformed IPC messages. This can potentially allow for sandbox escape through memory corruption in the parent process.

oval:org.secpod.oval:def:44712
The host is missing a critical security update according to Mozilla advisory, MFSA2018-07. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ...

oval:org.secpod.oval:def:44717
Mozilla Firefox before 59.0 or Firefox ESR before 52.7 : When packets with a mismatched RTP payload type are sent in WebRTC connections, in some circumstances a potentially exploitable crash is triggered.

oval:org.secpod.oval:def:44718
Mozilla Firefox before 59.0 or Firefox ESR before 52.7 : Under certain circumstances the fetch() API can return transient local copies of resources that were sent with a no-store or no-cache cache header instead of downloading a copy from the network as it should. This can result in previously store ...

oval:org.secpod.oval:def:44719
Mozilla Firefox before 59.0 : Mozilla developers and community members reported memory safety bugs present in Firefox. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.

oval:org.secpod.oval:def:114649
WebKitGTK+ is the port of the portable web rendering engine WebKit to the GTK+ platform. This package contains WebKit2 based WebKitGTK+ for GTK+ 3.

oval:org.secpod.oval:def:114641
The libtiff package contains a library of functions for manipulating TIFF image format files. TIFF is a widely used file format for bitmapped images. TIFF files usually end in the .tif extension and they are often quite large. The libtiff package should be installed if you need to manipulate TIFF f ...

oval:org.secpod.oval:def:1502108
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:114639
GnuPG is a GNU utility for encrypting data and creating digital signatures. GnuPG has advanced key management capabilities and is compliant with the proposed OpenPGP Internet standard described in RFC2440. Since GnuPG doesn't use any patented algorithm, it is not compatible with any version of ...

oval:org.secpod.oval:def:1502111
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:114667
MariaDB is a community developed branch of MySQL. MariaDB is a multi-user, multi-threaded SQL database server. It is a client/server implementation consisting of a server daemon and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs an ...

oval:org.secpod.oval:def:114669
GnuPG is a GNU utility for encrypting data and creating digital signatures. GnuPG has advanced key management capabilities and is compliant with the proposed OpenPGP Internet standard described in RFC2440. Since GnuPG doesn't use any patented algorithm, it is not compatible with any version of ...

oval:org.secpod.oval:def:114666
GnuPG is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440 and the S/MIME standard as describe ...

oval:org.secpod.oval:def:114665
Archive::Tar provides an object oriented mechanism for handling tar files. It provides class methods for quick and easy files handling while also allowing for the creation of tar file objects for custom manipulation. If you have the IO::Zlib module installed, Archive::Tar will also support compresse ...

oval:org.secpod.oval:def:114660
GnuPG is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440 and the S/MIME standard as describe ...

oval:org.secpod.oval:def:114662
This is a library that defines common error values for all GnuPG components. Among these are GPG, GPGSM, GPGME, GPG-Agent, libgcrypt, pinentry, SmartCard Daemon and possibly more in the future.

oval:org.secpod.oval:def:114657
This is a library that defines common error values for all GnuPG components. Among these are GPG, GPGSM, GPGME, GPG-Agent, libgcrypt, pinentry, SmartCard Daemon and possibly more in the future.

oval:org.secpod.oval:def:114659
Archive::Tar provides an object oriented mechanism for handling tar files. It provides class methods for quick and easy files handling while also allowing for the creation of tar file objects for custom manipulation. If you have the IO::Zlib module installed, Archive::Tar will also support compresse ...

oval:org.secpod.oval:def:1502135
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502139
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:45188
The host is installed with Oracle MySQL Server through 5.5.59, 5.6.39 or 5.7.21 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to Server: Replication. Successful exploitation allows attackers to affect Confidentiality, Integr ...

oval:org.secpod.oval:def:2000022
An issue was discovered in GNU patch through 2.7.6. There is a segmentation fault, associated with a NULL pointer dereference, leading to a denial of service in the intuit_diff_type function in pch.c, aka a "mangled rename" issue.

oval:org.secpod.oval:def:45193
The host is installed with Oracle MySQL Server through 5.6.39 or 5.7.21 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to InnoDB. Successful exploitation allows attackers to affect Availability.

oval:org.secpod.oval:def:45195
The host is installed with Oracle MySQL Server through 5.5.59, 5.6.39 or 5.7.21 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to Server: Locking. Successful exploitation allows attackers to affect Availability.

oval:org.secpod.oval:def:45191
The host is installed with Oracle MySQL Server through 5.5.59, 5.6.39 or 5.7.21 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to Client programs. Successful exploitation allows attackers to affect Availability.

oval:org.secpod.oval:def:1901503
Memory safety bugs were reported in Firefox 58 and Firefox ESR 52.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.7, Firefox ESR < 52.7, an ...

oval:org.secpod.oval:def:114609
The libtiff package contains a library of functions for manipulating TIFF image format files. TIFF is a widely used file format for bitmapped images. TIFF files usually end in the .tif extension and they are often quite large. The libtiff package should be installed if you need to manipulate TIFF f ...

oval:org.secpod.oval:def:1502181
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502184
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502185
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:112976
QPDF is a command-line program that does structural, content-preserving transformations on PDF files. It could have been called something like pdf-to-pdf. It includes support for merging and splitting PDFs and to manipulate the list of pages in a PDF file. It is not a PDF viewer or a program capable ...

oval:org.secpod.oval:def:1502194
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502198
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:51948
libxcursor: X11 cursor management library libxcursor could be made to crash or run programs if it opened a specially crafted file.

oval:org.secpod.oval:def:114705
MariaDB is a community developed branch of MySQL. MariaDB is a multi-user, multi-threaded SQL database server. It is a client/server implementation consisting of a server daemon and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs an ...

oval:org.secpod.oval:def:45299
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:45298
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:45215
The host is installed with Oracle MySQL Server through 5.5.59, 5.6.39 or 5.7.21 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to InnoDB. Successful exploitation allows attackers to affect Availability.

oval:org.secpod.oval:def:1502145
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502148
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502149
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502146
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502147
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502151
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502152
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502155
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502153
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502154
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502159
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502162
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502163
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502160
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502166
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502164
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502179
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:45203
The host is installed with Oracle MySQL Server through 5.5.59, 5.6.39 or 5.7.21 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to Server: Optimizer. Successful exploitation allows attackers to affect Availability.

oval:org.secpod.oval:def:45204
The host is installed with Oracle MySQL Server through 5.6.39 or 5.7.21 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to InnoDB. Successful exploitation allows attackers to affect Availability.

oval:org.secpod.oval:def:45205
The host is installed with Oracle MySQL Server through 5.6.39 or 5.7.21 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to InnoDB. Successful exploitation allows attackers to affect Availability.

oval:org.secpod.oval:def:45207
The host is installed with Oracle MySQL Server through 5.6.39 or 5.7.21 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to InnoDB. Successful exploitation allows attackers to affect Integrity and Availability.

oval:org.secpod.oval:def:45211
The host is installed with Oracle MySQL Server through 5.5.59, 5.6.39 or 5.7.21 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to Server: DDL. Successful exploitation allows attackers to affect Confidentiality.

oval:org.secpod.oval:def:45213
The host is installed with Oracle MySQL Server through 5.5.59, 5.6.39 or 5.7.21 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to Server: DDL. Successful exploitation allows attackers to affect Availability.

oval:org.secpod.oval:def:44769
The host is missing a critical security update according to Mozilla advisory, MFSA2018-09. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ...

oval:org.secpod.oval:def:44764
Mozilla Firefox before 59.0.1 or Firefox ESR before 52.7.2 : An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest.

oval:org.secpod.oval:def:44765
The host is missing a critical security update according to Mozilla advisory, MFSA2018-08. The update is required to fix out-of-bound memory write vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to crash the se ...

oval:org.secpod.oval:def:51060
webkit2gtk: Web content engine library for GTK+ Several security issues were fixed in WebKitGTK+.

oval:org.secpod.oval:def:51061
mozjs52: SpiderMonkey JavaScript library Several security issues were fixed in Spidermonkey.

oval:org.secpod.oval:def:51066
zziplib: library providing read access on ZIP-archives - library zziplib could be made to crash or run programs as your login if it opened a specially crafted file.

oval:org.secpod.oval:def:44770
The host is missing a critical security update according to Mozilla advisory, MFSA2018-09. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ...

oval:org.secpod.oval:def:44776
Mozilla Firefox before 59.0.2 or Firefox ESR before 52.7.3 : A use-after-free vulnerability can occur in the compositor during certain graphics operations when a raw pointer is used instead of a reference counted one. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:44777
The host is missing a important security update according to Mozilla advisory, MFSA2018-10. The update is required to fix use-after-free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to crash the service.

oval:org.secpod.oval:def:51074
thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird.

oval:org.secpod.oval:def:51068
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:44783
The host is installed with Apple iCloud before 7.4 or Apple iTunes before 12.7.4 and is prone to multiple memory corruption vulnerabilities. The flaws are present in the application, which fails to properly handle crafted data. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:44784
The host is installed with Apple iCloud before 7.4 or Apple iTunes before 12.7.4 and is prone to multiple memory corruption vulnerabilities. The flaws are present in the application, which fails to properly handle crafted data. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:44785
The host is installed with Apple iCloud before 7.4 or Apple iTunes before 12.7.4 and is prone to multiple memory corruption vulnerabilities. The flaws are present in the application, which fails to properly handle crafted data. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:44786
The host is installed with Apple iCloud before 7.4 or Apple iTunes before 12.7.4 and is prone to multiple memory corruption vulnerabilities. The flaws are present in the application, which fails to properly handle crafted data. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:44787
The host is installed with Apple iCloud before 7.4 or Apple iTunes before 12.7.4 and is prone to multiple memory corruption vulnerabilities. The flaws are present in the application, which fails to properly handle crafted data. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:44789
The host is installed with Apple iCloud before 7.4 or Apple iTunes before 12.7.4 and is prone to multiple memory corruption vulnerabilities. The flaws are present in the application, which fails to properly handle crafted data. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:51086
xdg-utils: desktop integration utilities from freedesktop.org xdg-utils could be made to run arbitrary code if it received a specially crafted input.

oval:org.secpod.oval:def:51088
perl: Practical Extraction and Report Language Perl could be made to overwrite arbitrary files if it received a specially crafted archive file.

oval:org.secpod.oval:def:44793
The host is installed with Apple iCloud before 7.4 or Apple iTunes before 12.7.4 and is prone to multiple memory corruption vulnerabilities. The flaws are present in the application, which fails to properly handle crafted data. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:44795
The host is installed with Apple iCloud before 7.4 or Apple iTunes before 12.7.4 and is prone to multiple memory corruption vulnerabilities. The flaws are present in the application, which fails to properly handle crafted data. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:44796
The host is installed with Apple iCloud before 7.4 or Apple iTunes before 12.7.4 and is prone to multiple memory corruption vulnerabilities. The flaws are present in the application, which fails to properly handle crafted data. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:44790
The host is installed with Apple iCloud before 7.4 or Apple iTunes before 12.7.4 and is prone to multiple memory corruption vulnerabilities. The flaws are present in the application, which fails to properly handle crafted data. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:44791
The host is installed with Apple iCloud before 7.4 or Apple iTunes before 12.7.4 and is prone to multiple memory corruption vulnerabilities. The flaws are present in the application, which fails to properly handle crafted data. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:44792
The host is installed with Apple iCloud before 7.4 or Apple iTunes before 12.7.4 and is prone to multiple memory corruption vulnerabilities. The flaws are present in the application, which fails to properly handle crafted data. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:44797
The host is installed with Apple iCloud before 7.4 or Apple iTunes before 12.7.4 and is prone to multiple memory corruption vulnerabilities. The flaws are present in the application, which fails to properly handle crafted data. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:44798
The host is installed with Apple iCloud before 7.4 or Apple iTunes before 12.7.4 and is prone to multiple memory corruption vulnerabilities. The flaws are present in the application, which fails to properly handle crafted data. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:44799
The host is installed with Apple iCloud before 7.4 or Apple iTunes before 12.7.4 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle a function in javascript core. Successful exploitation could allow attackers to cause an ASSERT fai ...

oval:org.secpod.oval:def:51143
clamav: Anti-virus utility for Unix ClamAV could be made to crash if it opened a specially crafted file.

oval:org.secpod.oval:def:51133
ghostscript: PostScript and PDF interpreter Several security issues were fixed in Ghostscript.

oval:org.secpod.oval:def:51137
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:51150
mysql-5.7: MySQL database - mysql-5.5: MySQL database Several security issues were fixed in MySQL.

oval:org.secpod.oval:def:51154
ghostscript: PostScript and PDF interpreter Several security issues were fixed in Ghostscript.

oval:org.secpod.oval:def:51145
net-snmp: SNMP server and applications Net-SNMP could be made to crash if it received specially crafted network traffic.

oval:org.secpod.oval:def:51144
requests: elegant and simple HTTP library for Python Requests could be made to expose sensitive information if it received a specially crafted HTTP header.

oval:org.secpod.oval:def:51147
moin: Collaborative hypertext environment MoinMoin could be made to expose sensitive information if it received a specially crafted input.

oval:org.secpod.oval:def:51146
thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird.

oval:org.secpod.oval:def:51149
paramiko: Python SSH2 library Paramiko could allow unintended access to network services.

oval:org.secpod.oval:def:51148
libssh: A tiny C SSH library libssh could allow unintended access to network services.

oval:org.secpod.oval:def:51160
spamassassin: Perl-based spam filter using text analysis Several security issues were fixed in SpamAssassin.

oval:org.secpod.oval:def:51163
libmspack: library for Microsoft compression formats Several security issues were fixed in libmspack.

oval:org.secpod.oval:def:51162
nginx: small, powerful, scalable web/proxy server Several security issues were fixed in nginx.

oval:org.secpod.oval:def:51164
gettext: GNU Internationalization utilities gettext could be made to execute arbitrary code if it received a specially crafted message.

oval:org.secpod.oval:def:51155
network-manager: Network connection manager NetworkManager could be made to crash or run programs if it received specially crafted network traffic.

oval:org.secpod.oval:def:51158
libxkbcommon: library interface to the XKB compiler - development files Details: USN-3786-1 fixed several vulnerabilities in libxkbcommon. This update provides the corresponding update for Linux Mint 19.x LTS. Original advisory Several security issues were fixed in libxkbcommon.

oval:org.secpod.oval:def:51157
systemd: system and service manager systemd-networkd could be made to crash or run programs if it received specially crafted network traffic.

oval:org.secpod.oval:def:1502409
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:51170
samba: SMB/CIFS file, print, and login server for Unix Several security issues were fixed in Samba.

oval:org.secpod.oval:def:51174
ghostscript: PostScript and PDF interpreter Several security issues were fixed in Ghostscript.

oval:org.secpod.oval:def:51168
systemd: system and service manager Details: USN-3816-1 fixed several vulnerabilities in systemd. However, the fix for CVE-2018-6954 was not sufficient. This update provides the remaining fixes. We apologize for the inconvenience. Original advisory systemd-tmpfiles could be made to change ownership ...

oval:org.secpod.oval:def:51100
libmspack: library for Microsoft compression formats Several security issues were fixed in libmspack.

oval:org.secpod.oval:def:51107
wpa: client support for WPA and WPA2 wpa_supplicant and hostapd could be made to expose sensitive information if it received a crafted message.

oval:org.secpod.oval:def:51120
zsh: shell with lots of features Zsh could be made to execute arbitrary code if it received a specially crafted script.

oval:org.secpod.oval:def:51114
libgd2: GD Graphics Library Several security issues were fixed in GD.

oval:org.secpod.oval:def:51116
poppler: PDF rendering library poppler could be made to crash if it received specially crafted PDF file.

oval:org.secpod.oval:def:51118
libtirpc: transport-independent RPC library - development files Several security issues were fixed in libtirpc.

oval:org.secpod.oval:def:51117
libx11: X11 client-side library Several security issues were fixed in libx11.

oval:org.secpod.oval:def:51119
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:115664
lxml is a Pythonic, mature binding for the libxml2 and libxslt libraries. It provides safe and convenient access to these libraries using the ElementTree It extends the ElementTree API significantly to offer support for XPath, RelaxNG, XML Schema, XSLT, C14N and much more.To contact the project, go ...

oval:org.secpod.oval:def:51132
strongswan: IPsec VPN solution strongSwan could be made to crash or run programs if it received specially crafted network traffic.

oval:org.secpod.oval:def:51125
curl: HTTP, HTTPS, and FTP client and client libraries curl could be made to run arbitrary code if it received a specially crafted input.

oval:org.secpod.oval:def:51128
glib2.0: GLib Input, Output and Streaming Library Several security issues were fixed in GLib.

oval:org.secpod.oval:def:1900717
Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.6.40 and prior, 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Succe ...

oval:org.secpod.oval:def:2001466
An error within the "rollei_load_raw" function in LibRaw versions prior to 0.18.9 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash.

oval:org.secpod.oval:def:2000126
An integer overflow error within the "parse_qt" function in LibRaw versions prior to 0.18.12 can be exploited to trigger an infinite loop via a specially crafted Apple QuickTime file.

oval:org.secpod.oval:def:2000112
Unchecked NULL pointer usage in xkbcommon before 0.8.1 could be used by local attackers to crash the xkbcommon parser by supplying a crafted keymap file, because the XkbFile for an xkb_geometry section was mishandled.

oval:org.secpod.oval:def:112559
Libgcrypt is a general purpose crypto library based on the code used in GNU Privacy Guard. This is a development version.

oval:org.secpod.oval:def:2001440
An error within the "nikon_coolscan_load_raw" function in LibRaw versions prior to 0.18.9 can be exploited to trigger a NULL pointer dereference.

oval:org.secpod.oval:def:112621
Libgcrypt is a general purpose crypto library based on the code used in GNU Privacy Guard. This is a development version.

oval:org.secpod.oval:def:46696
The host is installed with Oracle MySQL Server through 5.5.60 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to Server: Security: Privileges. Successful exploitation allows attackers to affect Availability.

oval:org.secpod.oval:def:46699
The host is installed with Oracle MySQL Server through 5.5.60, 5.6.40 or 5.7.22 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to Server: Options. Successful exploitation allows attackers to affect Confidentiality and Integri ...

oval:org.secpod.oval:def:46692
The host is installed with Oracle MySQL Server through 5.5.60, 5.6.40 or 5.7.22 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to MyISAM. Successful exploitation allows attackers to affect Integrity.

oval:org.secpod.oval:def:502586
The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix: * ghostscript: Incorrect free logic in pagedevice replacement * ghostscript: Incorrect &q ...

oval:org.secpod.oval:def:502590
The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes usi ...

oval:org.secpod.oval:def:51180
wavpack: audio codec - encoder and decoder Several security issues were fixed in WavPack.

oval:org.secpod.oval:def:51187
python-django: High-level Python web development framework Django could be made to expose spoofed information over the network.

oval:org.secpod.oval:def:51186
nss: Network Security Service library Several security issues were fixed in NSS.

oval:org.secpod.oval:def:51177
libraw: raw image decoder library LibRaw could be made to crash or run programs as your login if it opened a specially crafted file.

oval:org.secpod.oval:def:502534
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.2.1. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 62 and Firefox ESR 60.2 * Mozilla: Use-after-free in driver timers * Mozilla: Use-after-free in IndexedDB * Mozilla: Prox ...

oval:org.secpod.oval:def:502539
NetworkManager is a system network service that manages network devices and connections, attempting to keep active network connectivity when available. Its capabilities include managing Ethernet, wireless, mobile broadband , and PPPoE devices, as well as providing VPN integration with a variety of d ...

oval:org.secpod.oval:def:51191
systemd: system and service manager Several security issues were fixed in systemd.

oval:org.secpod.oval:def:502540
The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix: * ghostscript: .tempfile file permission issues * ghostscript: shading_param incomplete t ...

oval:org.secpod.oval:def:502543
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fix: * ruby: OpenSSL::X509::Name equality check does not work correctly For more details about the security issue, including the impact, a ...

oval:org.secpod.oval:def:502545
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fix: * ruby: OpenSSL::X509::Name equality check does not work correctly For more details about the security issue, including the impact, a ...

oval:org.secpod.oval:def:2001509
When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice.

oval:org.secpod.oval:def:1900037
Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.6.41 and prior, 5.7.23and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Succes ...

oval:org.secpod.oval:def:114432
GNU Wget is a file retrieval utility which can use either the HTTP or FTP protocols. Wget features include the ability to work in the background while you are logged out, recursive retrieval of directories, file name wildcard matching, remote file timestamp storage and comparison, use of Rest with F ...

oval:org.secpod.oval:def:1700180
An off-by-one error has been discovered in libX11 in functions XGetFontPath, XListExtensions, and XListFonts. An attacker who can either configure a malicious X server or modify the data coming from one could use this flaw to make the program crash or have other unspecified effects, caused by the me ...

oval:org.secpod.oval:def:115740
systemd is a system and service manager that runs as PID 1 and starts the rest of the system. It provides aggressive parallelization capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, keeps track of processes using Linux control groups, mainta ...

oval:org.secpod.oval:def:2000247
An error within the "parse_minolta" function in LibRaw versions prior to 0.18.11 can be exploited to trigger an infinite loop via a specially crafted file.

oval:org.secpod.oval:def:1700126
Large syslogd messages sent to journald can cause stack corruption, causing journald to crash. The version of systemd on Amazon Linux 2 is not vulnerable to privilege escalation in this case. Large native messages to journald can cause stack corruption, leading to possible local privilege escalation ...

oval:org.secpod.oval:def:1700112
An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to crash systemd-journald or escalate privileges.It was disc ...

oval:org.secpod.oval:def:1700111
curl is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to iterate over t ...

oval:org.secpod.oval:def:2001554
A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are systemd versions up to and includ ...

oval:org.secpod.oval:def:1502330
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1700101
An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within range of the Access Point and client can abuse the vulnerability to recover sensitive informat ...

oval:org.secpod.oval:def:502624
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Security Fix: * tomcat: Open redirect in default servlet For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page ...

oval:org.secpod.oval:def:53090
Daniel J. Bernstein, Joachim Breitner, Daniel Genkin, Leon Groot Bruinderink, Nadia Heninger, Tanja Lange, Christine van Vredendaal and Yuval Yarom discovered that Libgcrypt is prone to a local side-channel attack allowing full key recovery for RSA-1024. See https://eprint.iacr.org/2017/627 for deta ...

oval:org.secpod.oval:def:1502393
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502391
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502397
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502398
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:603290
Joonun Jang discovered several problems in wavpack, an audio compression format suite. Incorrect processing of input resulted in several heap- and stack-based buffer overflows, leading to application crash or potential code execution.

oval:org.secpod.oval:def:115451
The purpose of libmspack is to provide both compression and decompression of some loosely related file formats used by Microsoft.

oval:org.secpod.oval:def:115454
cabextract is a program which can extract files from cabinet archives.

oval:org.secpod.oval:def:114118
WavPack is a completely open audio compression format providing lossless, high-quality lossy, and a unique hybrid compression mode. Although the technology is loosely based on previous versions of WavPack, the new version 4 format has been designed from the ground up to offer unparalleled performanc ...

oval:org.secpod.oval:def:115477
cabextract is a program which can extract files from cabinet archives.

oval:org.secpod.oval:def:115479
The purpose of libmspack is to provide both compression and decompression of some loosely related file formats used by Microsoft.

oval:org.secpod.oval:def:115461
Most existing Python modules for sending HTTP requests are extremely verbose and cumbersome. Pythons built-in urllib2 module provides most of the HTTP capabilities you should need, but the API is thoroughly broken. This library is designed to make HTTP requests easy for developers.

oval:org.secpod.oval:def:2000311
The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network.

oval:org.secpod.oval:def:115416
Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks . It is simple, straight-forward, and extensible.

oval:org.secpod.oval:def:50000
The host is installed with Artifex Ghostscript through 9.25 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to properly handle vectors involving errorhandler setup. Successful exploitation could allow attackers to bypass a sandbox protection mechani ...

oval:org.secpod.oval:def:50001
The host is installed with Artifex Ghostscript through 9.25 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to properly handle exposure of system operators in the saved execution stack in an error object. Successful exploitation could allow attacker ...

oval:org.secpod.oval:def:1901004
Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Su ...

oval:org.secpod.oval:def:115438
The GNU gettext package provides a set of tools and documentation for producing multi-lingual messages in programs. Tools include a set of conventions about how programs should be written to support message catalogs, a directory and file naming organization for the message catalogs, a runtime librar ...

oval:org.secpod.oval:def:114107
WavPack is a completely open audio compression format providing lossless, high-quality lossy, and a unique hybrid compression mode. Although the technology is loosely based on previous versions of WavPack, the new version 4 format has been designed from the ground up to offer unparalleled performanc ...

oval:org.secpod.oval:def:602975
Daniel J. Bernstein, Joachim Breitner, Daniel Genkin, Leon Groot Bruinderink, Nadia Heninger, Tanja Lange, Christine van Vredendaal and Yuval Yarom discovered that Libgcrypt is prone to a local side-channel attack allowing full key recovery for RSA-1024. See https://eprint.iacr.org/2017/627 for deta ...

oval:org.secpod.oval:def:2000392
Python Cryptographic Authority pyopenssl version prior to version 17.5.0 contains a CWE-416: Use After Free vulnerability in X509 object handling that can result in Use after free can lead to possible denial of service or remote code execution.. This attack appear to be exploitable via Depends on th ...

oval:org.secpod.oval:def:47256
libxml2: GNOME XML library Several security issues were fixed in libxml2.

oval:org.secpod.oval:def:47269
The host is installed with Artifex Ghostscript before 9.23 and is prone to a type confusion vulnerability. A flaw is present in the application, which fails to properly handle the .shfill operator. Successful exploitation could allow attackers to supply crafted postScript files to crash the interpre ...

oval:org.secpod.oval:def:47268
The host is installed with Artifex Ghostscript before 9.23 and is prone to a type confusion vulnerability. A flaw is present in the application, which fails to properly handle the LockDistillerParams parameter. Successful exploitation could allow attackers to crash the interpreter or execute code.

oval:org.secpod.oval:def:2000347
Python Cryptographic Authority pyopenssl version Before 17.5.0 contains a CWE - 401 : Failure to Release Memory Before Removing Last Reference vulnerability in PKCS #12 Store that can result in Denial of service if memory runs low or is exhausted. This attack appear to be exploitable via Depends upo ...

oval:org.secpod.oval:def:47267
The host is installed with Artifex Ghostscript before 9.23 and is prone to an arbitrary code execution vulnerability. A flaw is present in the application, which fails to properly handle the uninitialized memory access in the aesdecode operator. Successful exploitation could allow attackers to crash ...

oval:org.secpod.oval:def:2000364
In GNOME GLib 2.56.1, g_markup_parse_context_end_parse in gmarkup.c has a NULL pointer dereference.

oval:org.secpod.oval:def:114975
wpa_supplicant is a WPA Supplicant for Linux, BSD and Windows with support for WPA and WPA2 . Supplicant is the IEEE 802.1X/WPA component that is used in the client stations. It implements key negotiation with a WPA Authenticator and it controls the roaming and IEEE 802.11 authentication/association ...

oval:org.secpod.oval:def:47270
The host is installed with Artifex Ghostscript before 9.23 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to properly handle .tempfile restrictions and write files. Successful exploitation could allow attackers to supply malicious postScript files ...

oval:org.secpod.oval:def:603354
A buffer-overflow vulnerability was discovered in Sharutils, a set of utilities handle Shell Archives. An attacker with control on the input of the unshar command, could crash the application or execute arbitrary code in the its context.

oval:org.secpod.oval:def:603395
Harry Sintonen discovered that wget, a network utility to retrieve files from the web, does not properly handle "\r\n" from continuation lines while parsing the Set-Cookie HTTP header. A malicious web server could use this flaw to inject arbitrary cookies to the cookie jar file, adding new or replac ...

oval:org.secpod.oval:def:50175
In systemd before 240-1, a popular init system and service manager for most Linux operating systems, that could allow unprivileged local attackers or malicious programs to gain root access on the targeted systems.

oval:org.secpod.oval:def:50167
An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data.

oval:org.secpod.oval:def:50168
An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to crash systemd-journald or escalate his privileges.

oval:org.secpod.oval:def:50169
An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when many entries are sent to the journal socket. A local attacker, or a remote one if systemd-journal-remote is used, may use this flaw to crash systemd-jou ...

oval:org.secpod.oval:def:50176
In systemd before 240-1, a popular init system and service manager for most Linux operating systems, that could allow unprivileged local attackers or malicious programs to gain root access on the targeted systems.

oval:org.secpod.oval:def:50177
In systemd before 240-1, a popular init system and service manager for most Linux operating systems, that could allow unprivileged local attackers or malicious programs to gain root access on the targeted systems.

oval:org.secpod.oval:def:2000431
GNOME GLib 2.56.1 has an out-of-bounds read vulnerability in g_markup_parse_context_parse in gmarkup.c, related to utf8_str.

oval:org.secpod.oval:def:115595
Samba is the standard Windows interoperability suite of programs for Linux and Unix.

oval:org.secpod.oval:def:503286
MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a later upstream version: mariadb . Security Fix: * mysql: MyISAM unspecified vulnerability * mysql: Server: Security: Privileges unspecified vulnerabilit ...

oval:org.secpod.oval:def:115591
Samba is the standard Windows interoperability suite of programs for Linux and Unix.

oval:org.secpod.oval:def:115528
Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage.

oval:org.secpod.oval:def:115548
MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files.

oval:org.secpod.oval:def:115546
The GNU gettext package provides a set of tools and documentation for producing multi-lingual messages in programs. Tools include a set of conventions about how programs should be written to support message catalogs, a directory and file naming organization for the message catalogs, a runtime librar ...

oval:org.secpod.oval:def:503255
The zsh shell is a command interpreter usable as an interactive login shell and as a shell script command processor. Zsh resembles the ksh shell , but includes many enhancements. Zsh supports command-line editing, built-in spelling correction, programmable command completion, shell functions , a his ...

oval:org.secpod.oval:def:704178
mutt: text-based mailreader supporting MIME, GPG, PGP and threading Several security issues were fixed in Mutt.

oval:org.secpod.oval:def:2000496
ImageMagick 7.0.8-5 has a memory leak vulnerability in the function ReadOneJNGImage in coders/png.c.

oval:org.secpod.oval:def:47379
Mozilla Firefox 62 : Mozilla developers and community members Christian Holler, Looben Yang, Jesse Ruderman, Sebastian Hengst, Nicolas Grunbaum, and Gary Kwong reported memory safety bugs present in Firefox 61. Some of these bugs showed evidence of memory corruption and we presume that with enough e ...

oval:org.secpod.oval:def:47382
Mozilla Firefox 62, Mozilla Firefox ESR 60.2, Mozilla Thunderbird 60.2.1 : A use-after-free vulnerability can occur when an IndexedDB index is deleted while still in use by JavaScript code that is providing payload values to be stored. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:47381
Mozilla Firefox 62, Mozilla Firefox ESR 60.2, Mozilla Thunderbird 60.2.1 : A use-after-free vulnerability can occur when refresh driver timers are refreshed in some circumstances during shutdown when the timer is deleted while still in use. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:47384
Mozilla Firefox 62, Mozilla Firefox ESR 60.2.1, Mozilla Thunderbird 60.2.1 : If a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the data was ...

oval:org.secpod.oval:def:47380
Mozilla Firefox 62Mozilla Firefox ESR 60.2, Mozilla Thunderbird 60.2.1 : Mozilla developers and community members Alex Gaynor, Boris Zbarsky, Christoph Diehl, Christian Holler, Jason Kratzer, Jed Davis, Tyson Smith, Bogdan Tara, Karl Tomlinson, Mats Palmgren, Nika Layzell, Ted Campbell, and Andrei C ...

oval:org.secpod.oval:def:603515
Tavis Ormandy discovered multiple vulnerabilites in Ghostscript, an interpreter for the PostScript language, which could result in the execution of arbitrary code if a malformed Postscript file is processed .

oval:org.secpod.oval:def:47397
The host is installed with Artifex Ghostscript before 9.24 and is prone to a use-after-free vulnerability. A flaw is present in the application, which fails to properly handle the builtin PDF14 converter. Successful exploitation could allow attackers to supply crafted postScript files to crash the i ...

oval:org.secpod.oval:def:47396
The host is installed with Artifex Ghostscript before 9.24 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to properly handle .tempfile restrictions and write files. Successful exploitation could allow attackers to supply malicious postScript files ...

oval:org.secpod.oval:def:47399
The host is installed with Artifex Ghostscript before 9.24 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle the stack-size checking during error handling. Successful exploitation could allow attackers to supply crafted postScript files to ...

oval:org.secpod.oval:def:2000477
Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. This can result in memory corruption and denial of service. This may be exploitable when a victim opens a specially crafted PDF fil ...

oval:org.secpod.oval:def:47398
The host is installed with Artifex Ghostscript before 9.24 and is prone to a denial of service vulnerability. A flaw is present in the application, which uses incorrect free logic in pagedevice. Successful exploitation could allow attackers to supply crafted postScript files to crash the interpreter ...

oval:org.secpod.oval:def:704129
libgcrypt20: LGPL Crypto library - libgcrypt11: LGPL Crypto library Libgcrypt could be made to expose sensitive information.

oval:org.secpod.oval:def:1901095
Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Succe ...

oval:org.secpod.oval:def:603433
It was discovered that Libgcrypt is prone to a local side-channel attack allowing recovery of ECDSA private keys.

oval:org.secpod.oval:def:47400
The host is installed with Artifex Ghostscript before 9.24 and is prone to a type confusion vulnerability. A flaw is present in the application, which uses gssetresolution and gsgetresolution parameters. Successful exploitation could allow attackers to supply crafted postScript files to crash the in ...

oval:org.secpod.oval:def:47403
The host is installed with Artifex Ghostscript before 9.24 and is prone to a type confusion vulnerability. A flaw is present in the application, which fails to properly handle the ztype parameter. Successful exploitation could allow attackers to supply crafted postScript files to crash the interpret ...

oval:org.secpod.oval:def:47402
The host is installed with Artifex Ghostscript before 9.24 and is prone to a denial of service vulnerability. A flaw is present in the application, which uses incorrect exec stack handling in the "CS" and "SC" PDF primitives. Successful exploitation could allow attackers to supply crafted postScript ...

oval:org.secpod.oval:def:47404
The host is installed with Artifex Ghostscript before 9.24 and is prone to a type confusion vulnerability. A flaw is present in the application, which fails to properly handle the setcolor function. Successful exploitation could allow attackers to supply crafted postScript files to crash the interpr ...

oval:org.secpod.oval:def:53299
A buffer-overflow vulnerability was discovered in Sharutils, a set of utilities handle Shell Archives. An attacker with control on the input of the unshar command, could crash the application or execute arbitrary code in the its context.

oval:org.secpod.oval:def:53261
Joonun Jang discovered several problems in wavpack, an audio compression format suite. Incorrect processing of input resulted in several heap- and stack-based buffer overflows, leading to application crash or potential code execution.

oval:org.secpod.oval:def:115201
Clam AntiVirus is an anti-virus toolkit for UNIX. The main purpose of this software is the integration with mail servers . The package provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via Internet. The programs are based on a shared li ...

oval:org.secpod.oval:def:53325
Harry Sintonen discovered that wget, a network utility to retrieve files from the web, does not properly handle "\r\n" from continuation lines while parsing the Set-Cookie HTTP header. A malicious web server could use this flaw to inject arbitrary cookies to the cookie jar file, adding new or replac ...

oval:org.secpod.oval:def:115232
Paramiko is a module for python 2.3 or greater that implements the SSH2 protocol for secure connections to remote machines. Unlike SSL , the SSH2 protocol does not require hierarchical certificates signed by a powerful central authority. You may know SSH2 as the protocol that replaced telnet and r ...

oval:org.secpod.oval:def:53354
It was discovered that Libgcrypt is prone to a local side-channel attack allowing recovery of ECDSA private keys.

oval:org.secpod.oval:def:2000520
An issue was discovered in zsh before 5.6. The beginning of a #! script file was mishandled, potentially leading to an execve call to a program named on the second line.

oval:org.secpod.oval:def:2000536
In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11.4.1, tvOS before 11.4.1, iCloud for Windows before 7.6, multiple memory corruption issues were addressed with improved memory handling.

oval:org.secpod.oval:def:2000535
Unchecked NULL pointer usage in ResolveStateAndPredicate in xkbcomp/compat.c in xkbcommon before 0.8.2 could be used by local attackers to crash the xkbcommon parser by supplying a crafted keymap file with a no-op modmask expression.

oval:org.secpod.oval:def:2000519
An infinite loop when reaching EOL unexpectedly in compose/parser.c in xkbcommon before 0.8.1 could be used by local attackers to cause a denial of service during parsing of crafted keymap files.

oval:org.secpod.oval:def:114765
Botan is a BSD-licensed crypto library written in C++. It provides a wide variety of basic cryptographic algorithms, X.509 certificates and CRLs, PKCS \#10 certificate requests, a filter/pipe message processing system, and a wide variety of other features, all written in portable C++. The API refere ...

oval:org.secpod.oval:def:52869
libgcrypt20: LGPL Crypto library - libgcrypt11: LGPL Crypto library Several security issues were fixed in Libgcrypt.

oval:org.secpod.oval:def:114753
Libsoup is an HTTP library implementation in C. It was originally part of a SOAP implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. libsoup uses the Glib main loop and is designed to work well with GTK applications. This enables GNOME application ...

oval:org.secpod.oval:def:51542
systemd: system and service manager Details: USN-3816-1 fixed several vulnerabilities in systemd. However, the fix for CVE-2018-6954 was not sufficient. This update provides the remaining fixes. We apologize for the inconvenience. Original advisory systemd-tmpfiles could be made to change ownership ...

oval:org.secpod.oval:def:603605
The Qualys Research Labs discovered multiple vulnerabilities in systemd-journald. Two memory corruption flaws, via attacker-controlled allocas and an out-of-bounds read flaw leading to an information leak , could allow an attacker to cause a denial of service or the execution of arbitrary code. Fur ...

oval:org.secpod.oval:def:603602
It was discovered that malformed URLs could spoof the content of the default 404 page of Django, a Python web development framework.

oval:org.secpod.oval:def:114771
Botan is a BSD-licensed crypto library written in C++. It provides a wide variety of basic cryptographic algorithms, X.509 certificates and CRLs, PKCS \#10 certificate requests, a filter/pipe message processing system, and a wide variety of other features, all written in portable C++. The API refere ...

oval:org.secpod.oval:def:704288
wpa: client support for WPA and WPA2 wpa_supplicant and hostapd could be made to expose sensitive information if it received a crafted message.

oval:org.secpod.oval:def:704284
webkit2gtk: Web content engine library for GTK+ Several security issues were fixed in WebKitGTK+.

oval:org.secpod.oval:def:704282
libxml2: GNOME XML library Several security issues were fixed in libxml2.

oval:org.secpod.oval:def:704272
- gnupg: GNU privacy guard - a free PGP replacement GnuPG could be made to expose sensitive information.

oval:org.secpod.oval:def:114748
Libsoup is an HTTP library implementation in C. It was originally part of a SOAP implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. libsoup uses the Glib main loop and is designed to work well with GTK applications. This enables GNOME application ...

oval:org.secpod.oval:def:704250
libxcursor: X11 cursor management library libxcursor could be made to crash or run programs if it opened a specially crafted file.

oval:org.secpod.oval:def:704244
mysql-5.7: MySQL database - mysql-5.5: MySQL database Several security issues were fixed in MySQL.

oval:org.secpod.oval:def:603547
Nitin Venkatesh discovered a cross-site scripting vulnerability in moin, a Python clone of WikiWiki. A remote attacker can conduct cross-site scripting attacks via the GUI editor"s link dialogue. This only affects installations which have set up fckeditor .

oval:org.secpod.oval:def:704247
libmspack: library for Microsoft compression formats Several security issues were fixed in libmspack.

oval:org.secpod.oval:def:603542
Magnus Klaaborg Stubman discovered a NULL pointer dereference bug in net-snmp, a suite of Simple Network Management Protocol applications, allowing a remote, authenticated attacker to crash the snmpd process .

oval:org.secpod.oval:def:47565
The host is installed with Artifex Ghostscript before 9.25 and is prone to an arbitrary code execution vulnerability. A flaw is present in the application, which fails to properly handle crafted postscript. Successful exploitation could allow attackers to potentially overwrite or replace error handl ...

oval:org.secpod.oval:def:704249
clamav: Anti-virus utility for Unix Details: USN-3728-1 fixed several vulnerabilities in libmspack. In Ubuntu 14.04 libmspack is included into ClamAV. This update provides the corresponding update for Ubuntu 14.04 LTS. Original advisory Several security issues were fixed in ClamAV.

oval:org.secpod.oval:def:704233
sharutils: shar, unshar, uuencode, uudecode Sharutils could be made to execute arbitrary code if it opened a specially crafted file.

oval:org.secpod.oval:def:603538
Two security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code inside the sandboxed content process.

oval:org.secpod.oval:def:603537
Google"s OSS-Fuzz revealed an exploitable bug in the gmp plugin caused by the patch that fixes CVE-2018-16151 and CVE-2018-16151 . An attacker could trigger it using crafted certificates with RSA keys with very small moduli. Verifying signatures with such keys would cause an integer underflow and su ...

oval:org.secpod.oval:def:704237
evolution-data-server: Evolution suite data server Evolution Data Server could be made to expose sensitive information over the network.

oval:org.secpod.oval:def:704238
clamav: Anti-virus utility for Unix Details: USN-3722-1 fixed vulnerabilities in ClamAV. The updated ClamAV version removed some configuration options which caused the daemon to fail to start in environments where the ClamAV configuration file was manually edited. This update fixes the problem. We a ...

oval:org.secpod.oval:def:704224
wavpack: audio codec - encoder and decoder WavPack could be made to crash if it opened a specially crafted file.

oval:org.secpod.oval:def:704225
libsoup2.4: HTTP client/server library for GNOME libsoup could be made to crash if it received a specially crafted input.

oval:org.secpod.oval:def:603568
Several vulnerabilities were discovered in Ghostscript, the GPL PostScript/PDF interpreter, which may result in denial of service, disclosure of existence and size of arbitrary files, or the execution of arbitrary code if a malformed Postscript file is processed . This update rebases ghostscript for ...

oval:org.secpod.oval:def:603565
Three vulnerabilities were discovered in Nginx, a high-performance web and reverse proxy server, which could in denial of service in processing HTTP/2 or server memory disclosure in the ngx_http_mp4_module module .

oval:org.secpod.oval:def:603562
Several vulnerabilities have been discovered in the interpreter for the Ruby language. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2018-16395 Tyler Eckstein reported that the equality check of OpenSSL::X509::Name could return true for non-equal objects. If ...

oval:org.secpod.oval:def:704229
liblouis: Braille translation library - utilities Several security issues were fixed in Liblouis.

oval:org.secpod.oval:def:603554
Multiple security issues have been found in Thunderbird: Multiple memory safety errors and use-after-frees may lead to the execution of arbitrary code or denial of service.

oval:org.secpod.oval:def:603550
Peter Winter-Smith of NCC Group discovered that libssh, a tiny C SSH library, contains an authentication bypass vulnerability in the server code. An attacker can take advantage of this flaw to successfully authenticate without any credentials by presenting the server an SSH2_MSG_USERAUTH_SUCCESS mes ...

oval:org.secpod.oval:def:704216
wget: retrieves files from the web Wget could be made to inject arbitrary cookie values.

oval:org.secpod.oval:def:704217
postgresql-9.6: Object-relational SQL database - postgresql-9.5: Object-relational SQL database - postgresql-9.3: Object-relational SQL database PostgreSQL could be made to execute arbitrary code.

oval:org.secpod.oval:def:47518
The host is installed with Artifex Ghostscript before 9.25 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to properly handle an exception during incorrect "restoration of privilege" checking when running out of stack. Successful exploitation c ...

oval:org.secpod.oval:def:603576
Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2018-14629 Florian Stuelpner discovered that Samba is vulnerable to infinite query recursion caused by CNAME ...

oval:org.secpod.oval:def:603575
Several vulnerabilities were discovered in Ghostscript, the GPL PostScript/PDF interpreter, which may result in denial of service or the execution of arbitrary code if a malformed Postscript file is processed . This update rebases ghostscript for stretch to the upstream version 9.26 which includes a ...

oval:org.secpod.oval:def:115295
NetworkManager is a system service that manages network interfaces and connections based on user or automatic configuration. It supports Ethernet, Bridge, Bond, VLAN, Team, InfiniBand, Wi-Fi, mobile broadband , PPPoE and other devices, and supports a variety of different VPN services.

oval:org.secpod.oval:def:115287
Most existing Python modules for sending HTTP requests are extremely verbose and cumbersome. Pythons built-in urllib2 module provides most of the HTTP capabilities you should need, but the API is thoroughly broken. This library is designed to make HTTP requests easy for developers.

oval:org.secpod.oval:def:115289
systemd is a system and service manager that runs as PID 1 and starts the rest of the system. It provides aggressive parallelization capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, keeps track of processes using Linux control groups, mainta ...

oval:org.secpod.oval:def:2000614
A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnera ...

oval:org.secpod.oval:def:2000612
Unchecked NULL pointer usage in ExprResolveLhs in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash the xkbcommon parser by supplying a crafted keymap file that triggers an xkb_intern_atom failure.

oval:org.secpod.oval:def:52091
postgresql-9.6: Object-relational SQL database - postgresql-9.5: Object-relational SQL database - postgresql-9.3: Object-relational SQL database PostgreSQL could be made to execute arbitrary code.

oval:org.secpod.oval:def:52096
wavpack: audio codec - encoder and decoder WavPack could be made to crash if it opened a specially crafted file.

oval:org.secpod.oval:def:115256
Paramiko is a module for python 2.3 or greater that implements the SSH2 protocol for secure connections to remote machines. Unlike SSL , the SSH2 protocol does not require hierarchical certificates signed by a powerful central authority. You may know SSH2 as the protocol that replaced telnet and r ...

oval:org.secpod.oval:def:115261
The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, transfer files, use a secure and transparent tunnel for your remote prog ...

oval:org.secpod.oval:def:115260
The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, transfer files, use a secure and transparent tunnel for your remote prog ...

oval:org.secpod.oval:def:52111
libxml2: GNOME XML library Several security issues were fixed in libxml2.

oval:org.secpod.oval:def:52101
sharutils: shar, unshar, uuencode, uudecode Sharutils could be made to execute arbitrary code if it opened a specially crafted file.

oval:org.secpod.oval:def:52106
- gnupg: GNU privacy guard - a free PGP replacement GnuPG could be made to expose sensitive information.

oval:org.secpod.oval:def:115327
The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, transfer files, use a secure and transparent tunnel for your remote prog ...

oval:org.secpod.oval:def:115323
Most existing Python modules for sending HTTP requests are extremely verbose and cumbersome. Pythons built-in urllib2 module provides most of the HTTP capabilities you should need, but the API is thoroughly broken. This library is designed to make HTTP requests easy for developers.

oval:org.secpod.oval:def:52120
libxkbcommon: library interface to the XKB compiler - development files Several security issues were fixed in libxkbcommon.

oval:org.secpod.oval:def:52121
tomcat8: Servlet and JSP engine - tomcat7: Servlet and JSP engine Tomcat could be made to redirect to arbitrary locations.

oval:org.secpod.oval:def:52124
systemd: system and service manager Several security issues were fixed in systemd.

oval:org.secpod.oval:def:52123
pyopenssl: Python wrapper around the OpenSSL library Several security issues were fixed in pyOpenSSL.

oval:org.secpod.oval:def:115346
systemd is a system and service manager that runs as PID 1 and starts the rest of the system. It provides aggressive parallelization capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, keeps track of processes using Linux control groups, mainta ...

oval:org.secpod.oval:def:53468
Several vulnerabilities were discovered in Ghostscript, the GPL PostScript/PDF interpreter, which may result in denial of service or the execution of arbitrary code if a malformed Postscript file is processed . This update rebases ghostscript for stretch to the upstream version 9.26 which includes a ...

oval:org.secpod.oval:def:53417
Tavis Ormandy discovered multiple vulnerabilites in Ghostscript, an interpreter for the PostScript language, which could result in the execution of arbitrary code if a malformed Postscript file is processed .

oval:org.secpod.oval:def:114899
This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX stream o ...

oval:org.secpod.oval:def:52943
clamav: Anti-virus utility for Unix Details: USN-3728-1 fixed several vulnerabilities in libmspack. In Linux Mint 17.x libmspack is included into ClamAV. This update provides the corresponding update for Linux Mint 17.x LTS. Original advisory Several security issues were fixed in ClamAV.

oval:org.secpod.oval:def:704396
systemd: system and service manager Details: USN-3816-1 fixed several vulnerabilities in systemd. However, the fix for CVE-2018-6954 was not sufficient. This update provides the remaining fixes. We apologize for the inconvenience. Original advisory systemd-tmpfiles could be made to change ownership ...

oval:org.secpod.oval:def:52955
clamav: Anti-virus utility for Unix Details: USN-3814-1 fixed several vulnerabilities in libmspack. In Linux Mint 17.x libmspack is included into ClamAV. This update provides the corresponding update for Linux Mint 17.x LTS. Original advisory Several security issues were fixed in ClamAV.

oval:org.secpod.oval:def:704388
clamav: Anti-virus utility for Unix Details: USN-3814-1 fixed several vulnerabilities in libmspack. In Ubuntu 14.04 libmspack is included into ClamAV. This update provides the corresponding update for Ubuntu 14.04 LTS. Original advisory Several security issues were fixed in ClamAV.

oval:org.secpod.oval:def:704383
libmspack: library for Microsoft compression formats Several security issues were fixed in libmspack.

oval:org.secpod.oval:def:704384
gettext: GNU Internationalization utilities gettext could be made to execute arbitrary code if it received a specially crafted message.

oval:org.secpod.oval:def:704385
systemd: system and service manager Several security issues were fixed in systemd.

oval:org.secpod.oval:def:114867
poppler is a PDF rendering library.

oval:org.secpod.oval:def:114862
Mutt is a small but very powerful text-based MIME mail client. Mutt is highly configurable, and is well suited to the mail power user with advanced features like key bindings, keyboard macros, mail threading, regular expression searches and a powerful pattern matching language for selecting groups o ...

oval:org.secpod.oval:def:704381
nginx: small, powerful, scalable web/proxy server Several security issues were fixed in nginx.

oval:org.secpod.oval:def:704382
pyopenssl: Python wrapper around the OpenSSL library Several security issues were fixed in pyOpenSSL.

oval:org.secpod.oval:def:46294
The host is installed with Apple iCloud before 7.6 or Apple iTunes before 12.8 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle crafted content. Successful exploitation could allow attackers to crash the service.

oval:org.secpod.oval:def:205321
MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a later upstream version: mariadb . Security Fix: * mysql: MyISAM unspecified vulnerability * mysql: Server: Security: Privileges unspecified vulnerabilit ...

oval:org.secpod.oval:def:46290
The host is installed with Apple iCloud before 7.6 or Apple iTunes before 12.8 and is prone to a cross-origin data bypass vulnerability. A flaw is present in the application, which fails to properly perform audio taint tracking. Successful exploitation could allow attackers to exfiltrate audio data ...

oval:org.secpod.oval:def:114859
Mutt is a small but very powerful text-based MIME mail client. Mutt is highly configurable, and is well suited to the mail power user with advanced features like key bindings, keyboard macros, mail threading, regular expression searches and a powerful pattern matching language for selecting groups o ...

oval:org.secpod.oval:def:704376
spamassassin: Perl-based spam filter using text analysis Several security issues were fixed in SpamAssassin.

oval:org.secpod.oval:def:704372
ruby2.5: Interpreter of object-oriented scripting language Ruby - ruby2.3: Object-oriented scripting language - ruby1.9.1: Object-oriented scripting language - ruby2.0: Object-oriented scripting language Several security issues were fixed in Ruby.

oval:org.secpod.oval:def:704373
systemd: system and service manager systemd-networkd could be made to crash or run programs if it received specially crafted network traffic.

oval:org.secpod.oval:def:704374
libxkbcommon: library interface to the XKB compiler - development files Details: USN-3786-1 fixed several vulnerabilities in libxkbcommon. This update provides the corresponding update for Ubuntu 18.04 LTS. Original advisory Several security issues were fixed in libxkbcommon.

oval:org.secpod.oval:def:704371
network-manager: Network connection manager NetworkManager could be made to crash or run programs if it received specially crafted network traffic.

oval:org.secpod.oval:def:205312
The zsh shell is a command interpreter usable as an interactive login shell and as a shell script command processor. Zsh resembles the ksh shell , but includes many enhancements. Zsh supports command-line editing, built-in spelling correction, programmable command completion, shell functions , a his ...

oval:org.secpod.oval:def:704365
libssh: A tiny C SSH library Details: USN-3795-1 fixed a vulnerability in libssh. This update provides the corresponding update for Ubuntu 18.10. Original advisory libssh could allow unintended access to network services.

oval:org.secpod.oval:def:704366
requests: elegant and simple HTTP library for Python Details: USN-3790-1 fixed vulnerabilities in Requests. This update provides the corresponding update for Ubuntu 18.10 Original advisory Requests could be made to expose sensitive information if it received a specially crafted HTTP header.

oval:org.secpod.oval:def:114924
The purpose of libmspack is to provide both compression and decompression of some loosely related file formats used by Microsoft.

oval:org.secpod.oval:def:704367
paramiko: Python SSH2 library Details: USN-3796-1 fixed a vulnerability in Paramiko. This update provides the corresponding update for Ubuntu 18.10. Original advisory Paramiko could allow unintended access to network services.

oval:org.secpod.oval:def:704362
texlive-bin: TeX Live: path search library for TeX Details: USN-3788-1 fixed vulnerabilities in Tex Live. This update provides the corresponding update for Ubuntu 18.10 Original advisory Several security issues were fixed in Tex Live.

oval:org.secpod.oval:def:704364
net-snmp: SNMP server and applications Details: USN-3792-1 fixed a vulnerability in Net-SNMP. This update provides the corresponding update for Ubuntu 18.10. Original advisory Net-SNMP could be made to crash if it received specially crafted network traffic.

oval:org.secpod.oval:def:704369
ghostscript: PostScript and PDF interpreter Several security issues were fixed in Ghostscript.

oval:org.secpod.oval:def:114914
This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX stream o ...

oval:org.secpod.oval:def:704356
mysql-5.7: MySQL database - mysql-5.5: MySQL database Several security issues were fixed in MySQL.

oval:org.secpod.oval:def:704350
thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird.

oval:org.secpod.oval:def:704351
moin: Collaborative hypertext environment MoinMoin could be made to expose sensitive information if it received a specially crafted input.

oval:org.secpod.oval:def:704352
libssh: A tiny C SSH library libssh could allow unintended access to network services.

oval:org.secpod.oval:def:704353
paramiko: Python SSH2 library Paramiko could allow unintended access to network services.

oval:org.secpod.oval:def:704344
tomcat8: Servlet and JSP engine - tomcat7: Servlet and JSP engine Tomcat could be made to redirect to arbitrary locations.

oval:org.secpod.oval:def:114948
MinGW Windows LibRaw library.

oval:org.secpod.oval:def:704340
libxkbcommon: library interface to the XKB compiler - development files Several security issues were fixed in libxkbcommon.

oval:org.secpod.oval:def:704347
clamav: Anti-virus utility for Unix ClamAV could be made to crash if it opened a specially crafted file.

oval:org.secpod.oval:def:704348
requests: elegant and simple HTTP library for Python Requests could be made to expose sensitive information if it received a specially crafted HTTP header.

oval:org.secpod.oval:def:704349
net-snmp: SNMP server and applications Net-SNMP could be made to crash if it received specially crafted network traffic.

oval:org.secpod.oval:def:704335
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:114933
MinGW Windows LibRaw library.

oval:org.secpod.oval:def:46304
The host is missing a security update according to Apple advisory, APPLE-SA-2018-7-9-5. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle a malicious website. Successful exploitation could allow attackers to spoof address bars or ...

oval:org.secpod.oval:def:46307
The host is installed with Apple Safari before 11.1.2 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to properly handle a malicious website. Successful exploitation allows attackers to exfiltrate cross-origin the sound fetched through audio elements.

oval:org.secpod.oval:def:704320
glib2.0: GLib Input, Output and Streaming Library Several security issues were fixed in GLib.

oval:org.secpod.oval:def:46311
The host is installed with Apple Safari before 11.1.2 and is prone to an arbitrary code execution vulnerability. A flaw is present in the application, which fails to properly handle multiple memory corruption issues. Successful exploitation allows attackers to lead to arbitrary code execution.

oval:org.secpod.oval:def:704326
mutt: text-based mailreader supporting MIME, GPG, PGP and threading Details: USN-3719-1 fixed vulnerabilities in Mutt. Unfortunately, the fixes were not correctly applied to the packaging for Mutt in Ubuntu 16.04 LTS. This update corrects the oversight. We apologize for the inconvenience. Original a ...

oval:org.secpod.oval:def:704327
strongswan: IPsec VPN solution strongSwan could be made to crash or run programs if it received specially crafted network traffic.

oval:org.secpod.oval:def:704328
ghostscript: PostScript and PDF interpreter Several security issues were fixed in Ghostscript.

oval:org.secpod.oval:def:704310
transfig: Utilities for converting XFig figure files transfig could be made to execute arbitrary code if it received a specially crafted FIG file.

oval:org.secpod.oval:def:704311
zsh: shell with lots of features Zsh could be made to execute arbitrary code if it received a specially crafted script.

oval:org.secpod.oval:def:704318
php7.2: HTML-embedded scripting language interpreter - php7.0: HTML-embedded scripting language interpreter - php5: HTML-embedded scripting language interpreter Several security issues were fixed in PHP.

oval:org.secpod.oval:def:704316
curl: HTTP, HTTPS, and FTP client and client libraries curl could be made to run arbitrary code if it received a specially crafted input.

oval:org.secpod.oval:def:704307
libx11: X11 client-side library Several security issues were fixed in libx11.

oval:org.secpod.oval:def:704308
libtirpc: transport-independent RPC library - development files Several security issues were fixed in libtirpc.

oval:org.secpod.oval:def:704309
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:704304
libgd2: GD Graphics Library Several security issues were fixed in GD.

oval:org.secpod.oval:def:704306
poppler: PDF rendering library poppler could be made to crash if it received specially crafted PDF file.

oval:org.secpod.oval:def:114088
WavPack is a completely open audio compression format providing lossless, high-quality lossy, and a unique hybrid compression mode. Although the technology is loosely based on previous versions of WavPack, the new version 4 format has been designed from the ground up to offer unparalleled performanc ...

oval:org.secpod.oval:def:47606
The host is missing a moderate security update according to Mozilla advisory, MFSA2018-23. The update is required to fix a denial of service vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation allows attackers to crash an application.

oval:org.secpod.oval:def:47623
The host is missing a moderate security update according to Mozilla advisory, MFSA2018-23. The update is required to fix a denial of service vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation allows attackers to crash an application.

oval:org.secpod.oval:def:47622
The host is missing a moderate security update according to Mozilla advisory, MFSA2018-22. The update is required to fix a denial of service vulnerability. A flaw is present in the application, which fails to handle the TransportSecurityInfo used for SSL. Successful exploitation allows attackers to ...

oval:org.secpod.oval:def:47624
Mozilla Firefox 62.0.2, Mozilla Firefox ESR 60.2.1, Mozilla Thunderbird 60.2.1 : A potentially exploitable crash in TransportSecurityInfo used for SSL can be triggered by data stored in the local cache in the user profile directory. This issue is only exploitable in combination with another vulnerab ...

oval:org.secpod.oval:def:46303
The host is missing a security update according to Apple advisory, APPLE-SA-2018-7-9-7. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle crafted data. Successful exploitation could allow attackers to execute arbitrary co ...

oval:org.secpod.oval:def:46302
The host is missing a security update according to Apple advisory, APPLE-SA-2018-7-9-6. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle crafted data. Successful exploitation could allow attackers to execute arbitrary co ...

oval:org.secpod.oval:def:45859
The host is installed with PostgreSQL 9.3 through 10 and is prone to a privilege escalation vulnerability. The flaw present in the application fails to prevent a user from modifying the behavior of a query for other users.. Successful exploitation allows attackers to execute code with the permission ...

oval:org.secpod.oval:def:115374
NetworkManager is a system service that manages network interfaces and connections based on user or automatic configuration. It supports Ethernet, Bridge, Bond, VLAN, Team, InfiniBand, Wi-Fi, mobile broadband , PPPoE and other devices, and supports a variety of different VPN services.

oval:org.secpod.oval:def:53491
The Qualys Research Labs discovered multiple vulnerabilities in systemd-journald. Two memory corruption flaws, via attacker-controlled allocas and an out-of-bounds read flaw leading to an information leak , could allow an attacker to cause a denial of service or the execution of arbitrary code. Fur ...

oval:org.secpod.oval:def:53488
It was discovered that malformed URLs could spoof the content of the default 404 page of Django, a Python web development framework.

oval:org.secpod.oval:def:114061
WavPack is a completely open audio compression format providing lossless, high-quality lossy, and a unique hybrid compression mode. Although the technology is loosely based on previous versions of WavPack, the new version 4 format has been designed from the ground up to offer unparalleled performanc ...

oval:org.secpod.oval:def:115385
Clam AntiVirus is an anti-virus toolkit for UNIX. The main purpose of this software is the integration with mail servers . The package provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via Internet. The programs are based on a shared li ...

oval:org.secpod.oval:def:115383
Paramiko is a module for python 2.3 or greater that implements the SSH2 protocol for secure connections to remote machines. Unlike SSL , the SSH2 protocol does not require hierarchical certificates signed by a powerful central authority. You may know SSH2 as the protocol that replaced telnet and r ...

oval:org.secpod.oval:def:1900116
Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.6.41 and prior, 5.7.23and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Succes ...

oval:org.secpod.oval:def:1700090
A flaw was found in the way SpamAssassin processes HTML email containing unclosed HTML tags. A carefully crafted mail message could cause SpamAssassin to consume significant resources. If a large number of these messages are sent, a denial of service could occur potentially delaying or preventing th ...

oval:org.secpod.oval:def:1700098
A cookie injection flaw was found in wget. An attacker can create a malicious website which, when accessed, overrides cookies belonging to arbitrary domains.

oval:org.secpod.oval:def:1901486
Vulnerability in the MySQL Client component of Oracle MySQL . Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior, 5.7.22 and prior and 8.0.11 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromis ...

oval:org.secpod.oval:def:114552
WavPack is a completely open audio compression format providing lossless, high-quality lossy, and a unique hybrid compression mode. Although the technology is loosely based on previous versions of WavPack, the new version 4 format has been designed from the ground up to offer unparalleled performanc ...

oval:org.secpod.oval:def:1700084
An issue was discovered in zsh before 5.6. The beginning of a #! script file was mishandled, potentially leading to an execve call to a program named on the second line.It was discovered that zsh does not properly validate the shebang of input files and it truncates it to the first 64 bytes. A local ...

oval:org.secpod.oval:def:52202
nginx: small, powerful, scalable web/proxy server Several security issues were fixed in nginx.

oval:org.secpod.oval:def:1700075
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c does not forbid characters that may have unsafe interaction with message-cache pathnames, as demonstrated by a #039;/#039; character.An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They al ...

oval:org.secpod.oval:def:1502257
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:115098
The gd graphics library allows your code to quickly draw images complete with lines, arcs, text, multiple colors, cut and paste from other images, and flood fills, and to write out the result as a PNG or JPEG file. This is particularly useful in Web applications, where PNG and JPEG are two of the fo ...

oval:org.secpod.oval:def:115097
MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files.

oval:org.secpod.oval:def:704432
nss: Network Security Service library Several security issues were fixed in NSS.

oval:org.secpod.oval:def:704433
python-django: High-level Python web development framework Django could be made to expose spoofed information over the network.

oval:org.secpod.oval:def:704437
systemd: system and service manager Several security issues were fixed in systemd.

oval:org.secpod.oval:def:704422
lxml: pythonic binding for the libxml2 and libxslt libraries lxml could allow cross-site scripting attacks.

oval:org.secpod.oval:def:1502298
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502297
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:704419
wavpack: audio codec - encoder and decoder Several security issues were fixed in WavPack.

oval:org.secpod.oval:def:704416
libraw: raw image decoder library LibRaw could be made to crash or run programs as your login if it opened a specially crafted file.

oval:org.secpod.oval:def:704400
samba: SMB/CIFS file, print, and login server for Unix Several security issues were fixed in Samba.

oval:org.secpod.oval:def:1900063
Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server exe ...

oval:org.secpod.oval:def:1900066
Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.5.61and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise M ...

oval:org.secpod.oval:def:115059
The gd graphics library allows your code to quickly draw images complete with lines, arcs, text, multiple colors, cut and paste from other images, and flood fills, and to write out the result as a PNG or JPEG file. This is particularly useful in Web applications, where PNG and JPEG are two of the fo ...

oval:org.secpod.oval:def:704407
ghostscript: PostScript and PDF interpreter Several security issues were fixed in Ghostscript.

oval:org.secpod.oval:def:115047
MariaDB is a community developed branch of MySQL. MariaDB is a multi-user, multi-threaded SQL database server. It is a client/server implementation consisting of a server daemon and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs an ...

oval:org.secpod.oval:def:115041
MariaDB is a community developed branch of MySQL. MariaDB is a multi-user, multi-threaded SQL database server. It is a client/server implementation consisting of a server daemon and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs an ...

oval:org.secpod.oval:def:115078
This package provides useful conversion utilities based on Ghostscript software, for converting PS, PDF and other document formats between each other. Ghostscript is a suite of software providing an interpreter for Adobe Systems' PostScript and Portable Document Format page description languag ...

oval:org.secpod.oval:def:502352
Mutt is a low resource, highly configurable, text-based MIME e-mail client. Mutt supports most e-mail storing formats, such as mbox and Maildir, as well as most protocols, including POP3 and IMAP. Security Fix: * mutt: Remote code injection vulnerability to an IMAP mailbox * mutt: Remote Code Execu ...

oval:org.secpod.oval:def:502368
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.2.1 ESR. Security Fix: * Mozilla: Crash in TransportSecurityInfo due to cached data * Mozilla: Setting a master password post-Firefox 58 does no ...

oval:org.secpod.oval:def:502367
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.2.1 ESR. Security Fix: * Mozilla: Crash in TransportSecurityInfo due to cached data * Mozilla: Setting a master password post-Firefox 58 does no ...

oval:org.secpod.oval:def:115061
This package provides useful conversion utilities based on Ghostscript software, for converting PS, PDF and other document formats between each other. Ghostscript is a suite of software providing an interpreter for Adobe Systems' PostScript and Portable Document Format page description languag ...

oval:org.secpod.oval:def:115011
wpa_supplicant is a WPA Supplicant for Linux, BSD and Windows with support for WPA and WPA2 . Supplicant is the IEEE 802.1X/WPA component that is used in the client stations. It implements key negotiation with a WPA Authenticator and it controls the roaming and IEEE 802.11 authentication/association ...

oval:org.secpod.oval:def:2000801
An issue was discovered in zsh before 5.6. Shebang lines exceeding 64 characters were truncated, potentially leading to an execve call to a program name that is a substring of the intended one.

oval:org.secpod.oval:def:502316
The zsh shell is a command interpreter usable as an interactive login shell and as a shell script command processor. Zsh resembles the ksh shell , but includes many enhancements. Zsh supports command-line editing, built-in spelling correction, programmable command completion, shell functions , a his ...

oval:org.secpod.oval:def:1900096
Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.6.41 and prior, 5.7.23and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Succes ...

oval:org.secpod.oval:def:115027
libxkbcommon is the X.Org library for compiling XKB maps into formats usable by the X Server or other display servers.

oval:org.secpod.oval:def:205142
The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes usi ...

oval:org.secpod.oval:def:51019
libxml2: GNOME XML library Several security issues were fixed in libxml2.

oval:org.secpod.oval:def:205132
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fix: * ruby: OpenSSL::X509::Name equality check does not work correctly For more details about the security issue, including the impact, a ...

oval:org.secpod.oval:def:205133
The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix: * ghostscript: .tempfile file permission issues * ghostscript: shading_param incomplete t ...

oval:org.secpod.oval:def:51025
systemd: system and service manager Several security issues were fixed in systemd.

oval:org.secpod.oval:def:205135
The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix: * ghostscript: Incorrect free logic in pagedevice replacement * ghostscript: Incorrect &q ...

oval:org.secpod.oval:def:205120
NetworkManager is a system network service that manages network devices and connections, attempting to keep active network connectivity when available. Its capabilities include managing Ethernet, wireless, mobile broadband , and PPPoE devices, as well as providing VPN integration with a variety of d ...

oval:org.secpod.oval:def:115117
curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+passwo ...

oval:org.secpod.oval:def:205127
The python-paramiko package provides a Python module that implements the SSH2 protocol for encrypted and authenticated connections to remote machines. Unlike SSL, the SSH2 protocol does not require hierarchical certificates signed by a powerful central authority. The protocol also includes the abili ...

oval:org.secpod.oval:def:115106
The zsh shell is a command interpreter usable as an interactive login shell and as a shell script command processor. Zsh resembles the ksh shell , but includes many enhancements. Zsh supports command line editing, built-in spelling correction, programmable command completion, shell functions , a his ...

oval:org.secpod.oval:def:115100
This package provides useful conversion utilities based on Ghostscript software, for converting PS, PDF and other document formats between each other. Ghostscript is a suite of software providing an interpreter for Adobe Systems' PostScript and Portable Document Format page description languag ...

oval:org.secpod.oval:def:115102
curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+passwo ...

oval:org.secpod.oval:def:502372
The SpamAssassin tool provides a way to reduce unsolicited commercial email from incoming email. Security Fix: * spamassassin: Certain unclosed tags in crafted emails allow for scan timeouts and result in denial of service * spamassassin: Local user code injection in the meta rule syntax For more ...

oval:org.secpod.oval:def:205171
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Security Fix: * tomcat: Open redirect in default servlet For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page ...

oval:org.secpod.oval:def:114663
Libgcrypt is a general purpose crypto library based on the code used in GNU Privacy Guard. This is a development version.

oval:org.secpod.oval:def:114655
Libgcrypt is a general purpose crypto library based on the code used in GNU Privacy Guard. This is a development version.

oval:org.secpod.oval:def:115930
Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory e ...

oval:org.secpod.oval:def:115925
This package provides useful conversion utilities based on Ghostscript software, for converting PS, PDF and other document formats between each other. Ghostscript is a suite of software providing an interpreter for Adobe Systems' PostScript and Portable Document Format page description languag ...

oval:org.secpod.oval:def:115956
This package provides useful conversion utilities based on Ghostscript software, for converting PS, PDF and other document formats between each other. Ghostscript is a suite of software providing an interpreter for Adobe Systems' PostScript and Portable Document Format page description languag ...

oval:org.secpod.oval:def:115952
systemd is a system and service manager that runs as PID 1 and starts the rest of the system. It provides aggressive parallelization capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, keeps track of processes using Linux control groups, mainta ...

oval:org.secpod.oval:def:1901496
When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice.

oval:org.secpod.oval:def:47869
The host is missing a critical security update according to Mozilla advisory, MFSA2018-24. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code.

oval:org.secpod.oval:def:47874
The host is missing a critical security update according to Mozilla advisory, MFSA2018-25. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ...

oval:org.secpod.oval:def:47876
The host is missing a critical security update according to Mozilla advisory, MFSA2018-25. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ...

oval:org.secpod.oval:def:47875
The host is installed with Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 or 7.0.23 to 7.0.90 and is prone to an open redirection vulnerability. A flaw is present in the application which fails to handle the issue in default servlet which returned a redirect to a directory. Successful ex ...

oval:org.secpod.oval:def:47870
Mozilla Firefox 62.0.3, Mozilla Firefox ESR 60.2.2 : A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. This leaks a memory address to the calling function which can be used as ...

oval:org.secpod.oval:def:51062
libgcrypt20: LGPL Crypto library - libgcrypt11: LGPL Crypto library Libgcrypt could be made to expose sensitive information.

oval:org.secpod.oval:def:115126
SpamAssassin provides you with a way to reduce if not completely eliminate Unsolicited Commercial Email from your incoming email. It can be invoked by a MDA such as sendmail or postfix, or can be called from a procmail script, .forward file, etc. It uses a genetic-algorithm evolved scoring system t ...

oval:org.secpod.oval:def:115157
SpamAssassin provides you with a way to reduce if not completely eliminate Unsolicited Commercial Email from your incoming email. It can be invoked by a MDA such as sendmail or postfix, or can be called from a procmail script, .forward file, etc. It uses a genetic-algorithm evolved scoring system t ...

oval:org.secpod.oval:def:115156
libxkbcommon is the X.Org library for compiling XKB maps into formats usable by the X Server or other display servers.

oval:org.secpod.oval:def:603087
Daniel J. Bernstein, Joachim Breitner, Daniel Genkin, Leon Groot Bruinderink, Nadia Heninger, Tanja Lange, Christine van Vredendaal and Yuval Yarom discovered that GnuPG is prone to a local side-channel attack allowing full key recovery for RSA-1024.

oval:org.secpod.oval:def:51092
wget: retrieves files from the web Wget could be made to inject arbitrary cookie values.

oval:org.secpod.oval:def:1502408
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:51175
linux-aws: Linux kernel for Amazon Web Services systems Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:51101
linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-kvm: Linux kernel for cloud environments - linux-oem: Linux kernel for OEM processors - li ...

oval:org.secpod.oval:def:1502467
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502466
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:2000186
GPAC version 0.7.2 and earlier has a Buffer Overflow vulnerability in the gf_sm_load_init function in scene_manager.c in libgpac_static.a.

oval:org.secpod.oval:def:1900757
An issue was discovered in MP4Box in GPAC 0.7.1. There is a heap-based buffer over-read in the isomedia/box_dump.c function hdlr_dump.

oval:org.secpod.oval:def:1502475
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502476
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1900725
Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Succe ...

oval:org.secpod.oval:def:2000163
libarchive version commit bf9aec176c6748f0ee7a678c5f9f9555b9a757c1 onwards contains a CWE-125: Out-of-bounds Read vulnerability in 7zip decompression, archive_read_support_format_7zip.c, header_bytes that can result in a crash . This attack appears to be exploitable via the victim opening a special ...

oval:org.secpod.oval:def:1502428
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:2001456
An issue was discovered in MP4Box in GPAC 0.7.1. There is a heap-based buffer over-read in the isomedia/box_dump.c function hdlr_dump.

oval:org.secpod.oval:def:1502429
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502436
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502437
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502445
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502444
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502449
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502447
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1900776
do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360.

oval:org.secpod.oval:def:704660
libgd2: GD Graphics Library Several security issues were fixed in GD.

oval:org.secpod.oval:def:704653
gnome-keyring: GNOME keyring services GNOME Keyring could be made to expose sensitive information.

oval:org.secpod.oval:def:704654
thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird.

oval:org.secpod.oval:def:704655
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:704657
openssl1.0: Secure Socket Layer cryptographic library and tools - openssl: Secure Socket Layer cryptographic library and tools OpenSSL could be made to expose sensitive information over the network.

oval:org.secpod.oval:def:45313
The host is installed with LibreOffice before 5.4.6.1 or 6.x before 6.0.2001 and is prone to a heap-based buffer overflow vulnerability. A flaw is present in the application, which fails to properly validate a customizations index. Successful exploitation could allow remote attackers to crash the se ...

oval:org.secpod.oval:def:1901135
do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused.

oval:org.secpod.oval:def:45314
The host is installed with LibreOffice before 5.4.5 or 6.x before 6.0.1 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to properly handle an incorrect integer data type in the StgSmallStrm class. Successful exploitation could allow remote attackers ...

oval:org.secpod.oval:def:502599
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.5.0 ESR. Security Fix: * Mozilla: Use-after-free parsing HTML5 stream * Mozilla: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5 * ...

oval:org.secpod.oval:def:51194
libcaca: text mode graphics utilities Several security issues were fixed in libcaca.

oval:org.secpod.oval:def:51196
tiff: Tag Image File Format library LibTIFF could be made to crash or run programs as your login if it opened a specially crafted file.

oval:org.secpod.oval:def:51195
libarchive: Library to read/write archive files Several security issues were fixed in libarchive.

oval:org.secpod.oval:def:51197
poppler: PDF rendering library Several security issues were fixed in poppler.

oval:org.secpod.oval:def:51199
ghostscript: PostScript and PDF interpreter Ghostscript could be made to crash, access files, or run programs if it opened a specially crafted file.

oval:org.secpod.oval:def:1901181
do_bid_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printf and file_vprintf.

oval:org.secpod.oval:def:704805
openssh: secure shell for secure access to remote machines Details: USN-3885-1 fixed vulnerabilities in OpenSSH. It was discovered that the fix for CVE-2019-6111 turned out to be incomplete. This update fixes the problem. Original advisory One of the fixes in USN-3885-1 was incomplete.

oval:org.secpod.oval:def:1900026
The GD Graphics Library 2.2.5 has a double free in thegdImage*Ptr functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE:PHP is unaffected.

oval:org.secpod.oval:def:51215
libarchive: Library to read/write archive files Several security issues were fixed in libarchive.

oval:org.secpod.oval:def:51214
openssh: secure shell for secure access to remote machines Several security issues were fixed in OpenSSH.

oval:org.secpod.oval:def:51217
poppler: PDF rendering library Several security issues were fixed in poppler.

oval:org.secpod.oval:def:51218
python-django: High-level Python web development framework Django could be made to consume resources if it received specially crafted network traffic.

oval:org.secpod.oval:def:51222
systemd: system and service manager systemd could be made to crash if it received specially a crafted D-Bus message.

oval:org.secpod.oval:def:51228
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:51227
thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird.

oval:org.secpod.oval:def:51229
openssl1.0: Secure Socket Layer cryptographic library and tools - openssl: Secure Socket Layer cryptographic library and tools OpenSSL could be made to expose sensitive information over the network.

oval:org.secpod.oval:def:1900007
The libtiff-toolsFdOpen function in tif_unix.c in Liblibtiff-tools 4.0.10 has a memory leak,as demonstrated by pal2rgb.

oval:org.secpod.oval:def:115794
poppler is a PDF rendering library.

oval:org.secpod.oval:def:1700178
An issue was discovered in OpenSSH. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned . A malicious scp server can overwrite arbitrary fil ...

oval:org.secpod.oval:def:1700163
When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration file or if a PAC file is loaded locally, this PAC file can specify that requests to the localhost are to be sent through the proxy to another server. This behavior is disallowed by default when a proxy is manual ...

oval:org.secpod.oval:def:2000288
There is an illegal WRITE memory access at common-image.c in libcaca-dev 0.99.beta19 for 4bpp data.

oval:org.secpod.oval:def:51200
mysql-5.7: MySQL database Several security issues were fixed in MySQL.

oval:org.secpod.oval:def:1700148
Spice, versions 0.5.2 through 0.14.0, are vulnerable to an out-of-bounds read due to an off-by-one error in memslot_get_virt. This may lead to a denial of service, or, in the worst case, code-execution by unauthenticated attackers.

oval:org.secpod.oval:def:51204
spice: SPICE protocol client and server library Spice could be made to crash or run programs if it received specially crafted network traffic.

oval:org.secpod.oval:def:51207
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:51209
avahi: Avahi IPv4LL network address configuration daemon Several security issues were fixed in Avahi.

oval:org.secpod.oval:def:1700139
It was found that bus_process_object in bus-objects.c allocates a buffer on the stack large enough to temporarily store the object path specified in the incoming message. A malicious unprivileged local user to send a message which results in the stack pointer moving outside of the bounds of the curr ...

oval:org.secpod.oval:def:2001594
In pam/gkr-pam-module.c in GNOME Keyring before 3.27.2, the user"s password is kept in a session-child process spawned from the LightDM daemon. This can expose the credential in cleartext.

oval:org.secpod.oval:def:2000261
A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class in pdfdetach.

oval:org.secpod.oval:def:1502313
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502312
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1700115
The GD Graphics Library 2.2.5 has a double free in the gdImage*Ptr functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE: PHP is unaffected.

oval:org.secpod.oval:def:2000239
An issue was discovered in LibTIFF 4.0.9. There is a NULL pointer dereference in the function LZWDecode in the file tif_lzw.c.

oval:org.secpod.oval:def:502612
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.5.1 ESR. Security Fix: * chromium-browser, mozilla: Use after free in Skia * mozilla: Integer overflow in Skia For more details about the secur ...

oval:org.secpod.oval:def:502614
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.5.1 ESR. Security Fix: * chromium-browser, mozilla: Use after free in Skia * mozilla: Integer overflow in Skia For more details about the secur ...

oval:org.secpod.oval:def:502613
The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes usi ...

oval:org.secpod.oval:def:502617
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * kernel: MIDI driver race condition leads to a double-free For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the ...

oval:org.secpod.oval:def:502629
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.6.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6 * Mozilla: Use-after-free when removing in-use DOM ...

oval:org.secpod.oval:def:502628
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.6.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6 * Mozilla: Use-after-free when removing in-use DOM ...

oval:org.secpod.oval:def:502634
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.6.1. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6 * Mozilla: Use-after-free when removing in-use DOM elements * Mozilla: Type inference is incorrect ...

oval:org.secpod.oval:def:502636
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.6.1. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6 * Mozilla: Use-after-free when removing in-use DOM elements * Mozilla: Type inference is incorrect ...

oval:org.secpod.oval:def:1900823
GPAC version 0.7.2 and earlier has a Buffer Overflow vulnerability in the gf_sm_load_init function in scene_manager.c in libgpac_static.a.

oval:org.secpod.oval:def:50800
The host is missing a high security update according to Mozilla advisory, MFSA2019-05. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code.

oval:org.secpod.oval:def:50803
The host is missing a high security update according to Mozilla advisory, MFSA2019-04. The update is required to fix multiple vulnerabilities. A flaw is present in the application, which fails to handle crafted data. Successful exploitation allows attackers to crash an application.

oval:org.secpod.oval:def:50804
The host is missing a high security update according to Mozilla advisory, MFSA2019-05. The update is required to fix multiple vulnerabilities. A flaw is present in the application, which fails to handle crafted data. Successful exploitation allows attackers to crash an application.

oval:org.secpod.oval:def:1900827
In GPAC 0.7.2, gf_text_get_utf8_line in media_tools/text_import.c in libgpac_static.a allows an out-of-bounds write because a certain -1 return value is mishandled.

oval:org.secpod.oval:def:502601
The Simple Protocol for Independent Computing Environments is a remote display system built for virtual environments which allows the user to view a computing "desktop" environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine arch ...

oval:org.secpod.oval:def:502600
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.5.0 ESR. Security Fix: * Mozilla: Use-after-free parsing HTML5 stream * Mozilla: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5 * ...

oval:org.secpod.oval:def:502602
The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix: * ghostscript: use-after-free in copydevice handling * ghostscript: access bypass in psi/ ...

oval:org.secpod.oval:def:502607
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.5.0. Security Fix: * Mozilla: Use-after-free parsing HTML5 stream * Mozilla: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5 * Mozilla: Privilege escalation through IPC channel ...

oval:org.secpod.oval:def:502606
The Simple Protocol for Independent Computing Environments is a remote display protocol for virtual environments. SPICE users can access a virtualized desktop or server from the local system or any system with network access to the server. SPICE is used in Red Hat Enterprise Linux for viewing virtu ...

oval:org.secpod.oval:def:502608
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.5.0. Security Fix: * Mozilla: Use-after-free parsing HTML5 stream * Mozilla: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5 * Mozilla: Privilege escalation through IPC channel ...

oval:org.secpod.oval:def:502690
The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes usi ...

oval:org.secpod.oval:def:502692
The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix: * ghostscript: superexec operator is available * ghostscript: forceput in DefineResource ...

oval:org.secpod.oval:def:53065
The host is installed with Artifex Ghostscript through 9.26 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to properly handle the system operators. Successful exploitation could allow attackers to perform remote code execution.

oval:org.secpod.oval:def:502655
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.6.1 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6 * Mozilla: Use-after-free when removing in-use DO ...

oval:org.secpod.oval:def:53010
linux-gcp: Linux kernel for Google Cloud Platform systems - linux-hwe: Linux hardware enablement kernel Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:53007
linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-hwe: Linux hardware enablement kernel The system could be made unavailable if it received specially crafted network traffic.

oval:org.secpod.oval:def:53020
The host is missing a critical security update according to Mozilla advisory, MFSA2019-08. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code.

oval:org.secpod.oval:def:53018
file: Tool to determine file types Several security issues were fixed in file.

oval:org.secpod.oval:def:2000309
There is an illegal WRITE memory access at caca/file.c in libcaca-dev 0.99.beta19.

oval:org.secpod.oval:def:2001615
do_core_note in readelf.c in libmagic.a in file 5.35 allows remote attackers to cause a denial of service or possibly have unspecified other impact.

oval:org.secpod.oval:def:50880
The host is missing a high security update according to Mozilla advisory, MFSA2019-06. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to crash the service.

oval:org.secpod.oval:def:1901854
libxslt1-dev through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded.

oval:org.secpod.oval:def:2000345
avahi-daemon in Avahi through 0.6.32 and 0.7 inadvertently responds to IPv6 unicast queries with source addresses that are not on-link, which allows remote attackers to cause a denial of service and may cause information leakage by obtaining potentially sensitive information from the responding dev ...

oval:org.secpod.oval:def:502707
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.6.1. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6 * Mozilla: Use-after-free when removing in-use DOM elements * Mozilla: Type inference is incorrec ...

oval:org.secpod.oval:def:50953
The host is missing a high security update according to Mozilla advisory, MFSA2019-06. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to crash the service.

oval:org.secpod.oval:def:704899
libxslt: XSLT processing library Libxslt could be made to expose sensitive information if it received a specially crafted file.

oval:org.secpod.oval:def:704880
lua5.3: Simple, extensible, embeddable programming language Lua could be made to crash if it received a specially crafted script.

oval:org.secpod.oval:def:603372
Two vulnerabilities were discovered in LibreOffice"s code to parse MS Word and Structured Storage files, which could result in denial of service and potentially the execution of arbitrary code if a malformed file is opened.

oval:org.secpod.oval:def:704853
thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird.

oval:org.secpod.oval:def:704856
gpac: GPAC Project on Advanced Content GPAC could be made to crash or run programs as your login if it opened a specially crafted file.

oval:org.secpod.oval:def:704846
php7.2: HTML-embedded scripting language interpreter - php7.0: HTML-embedded scripting language interpreter Several security issues were fixed in PHP.

oval:org.secpod.oval:def:704827
file: Tool to determine file types Several security issues were fixed in file.

oval:org.secpod.oval:def:1900685
An issue was discovered in MP4Box in GPAC 0.7.1. The function urn_Read in isomedia/box_code_base.c has a heap-based buffer over-read.

oval:org.secpod.oval:def:50195
The host is installed with OpenSSH through 7.9p1 or WinSCP through 5.13 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to properly handle an issue in the scp client utility. Successful exploitation could allow a malicious scp server to write arbitr ...

oval:org.secpod.oval:def:50199
CVE-2019-6111 openssh: Improper validation of object names allows malicious server to overwrite files via scp client

oval:org.secpod.oval:def:1901120
0-byte record padding oracle

oval:org.secpod.oval:def:115526
The libtiff package contains a library of functions for manipulating TIFF image format files. TIFF is a widely used file format for bitmapped images. TIFF files usually end in the .tif extension and they are often quite large. The libtiff package should be installed if you need to manipulate TIFF f ...

oval:org.secpod.oval:def:115525
The libtiff package contains a library of functions for manipulating TIFF image format files. TIFF is a widely used file format for bitmapped images. TIFF files usually end in the .tif extension and they are often quite large. The libtiff package should be installed if you need to manipulate TIFF f ...

oval:org.secpod.oval:def:1502595
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:2000482
The TIFFFdOpen function in tif_unix.c in LibTIFF 4.0.10 has a memory leak, as demonstrated by pal2rgb.

oval:org.secpod.oval:def:503314
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * openssl: 0-byte record padding oracle For more details about the security issue, including the impact, a CVSS scor ...

oval:org.secpod.oval:def:1901079
GPAC version 0.7.2 and earlier has a buffer overflow vulnerability in the cat_multiple_files function in applications/mp4box/fileimport.c when MP4Box is used for a local directory containing crafted filenames.

oval:org.secpod.oval:def:2000574
In GPAC through 0.7.2, gf_text_get_utf8_line in media_tools/text_import.c in libgpac_static.a allows an out-of-bounds write because of missing szLineConv bounds checking.

oval:org.secpod.oval:def:1901676
GPAC MP4Box version 0.7.1 and earlier contains a Buffer Overflow vulnerability in src/isomedia/avc_ext.c lines 2417 to 2420 that can result in Heap chunks being modified, this could lead to RCE. This attack appear to be exploitable via an attacker supplied MP4 file that when run by the victim may re ...

oval:org.secpod.oval:def:1901684
GPAC through 0.7.1 has a Buffer Overflow in the gf_media_avc_read_sps function in media_tools/av_parsers.c, a different vulnerability than CVE-2018-1000100.

oval:org.secpod.oval:def:1901688
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_TIFF.

oval:org.secpod.oval:def:205247
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * openssl: 0-byte record padding oracle For more details about the security issue, including the impact, a CVSS scor ...

oval:org.secpod.oval:def:2000546
There is an illegal WRITE memory access at common-image.c in libcaca-dev 0.99.beta19 for 1bpp data.

oval:org.secpod.oval:def:2000554
Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Succ ...

oval:org.secpod.oval:def:1901698
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the maker_note->offset relationship to value_len.

oval:org.secpod.oval:def:50268
scp client missing received object name validation

oval:org.secpod.oval:def:53308
Two vulnerabilities were discovered in LibreOffice"s code to parse MS Word and Structured Storage files, which could result in denial of service and potentially the execution of arbitrary code if a malformed file is opened.

oval:org.secpod.oval:def:50201
In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename.

oval:org.secpod.oval:def:603627
Multiple vulnerabilities have been discovered in libgd2, a library for programmatic graphics creation and manipulation, which may result in denial of service or potentially the execution of arbitrary code if a malformed file is processed.

oval:org.secpod.oval:def:603629
Multiple vulnerabilities were discovered in cURL, an URL transfer library. CVE-2018-16890 Wenxiang Qian of Tencent Blade Team discovered that the function handling incoming NTLM type-2 messages does not validate incoming data correctly and is subject to an integer overflow vulnerability, which could ...

oval:org.secpod.oval:def:603616
Christophe Fergeau discovered an out-of-bounds read vulnerability in spice, a SPICE protocol client and server library, which might result in denial of service , or possibly, execution of arbitrary code.

oval:org.secpod.oval:def:603612
Tavis Ormandy discovered a vulnerability in Ghostscript, the GPL PostScript/PDF interpreter, which may result in denial of service or the execution of arbitrary code if a malformed Postscript file is processed .

oval:org.secpod.oval:def:603618
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or privilege escalation.

oval:org.secpod.oval:def:603643
Chris Coulson discovered a flaw in systemd leading to denial of service. An unprivileged user could take advantage of this issue to crash PID1 by sending a specially crafted D-Bus message on the system bus.

oval:org.secpod.oval:def:603637
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.

oval:org.secpod.oval:def:603638
Multiple security issues have been found in the Thunderbird mail client, which could lead to the execution of arbitrary code, denial of service or spoofing of S/MIME signatures.

oval:org.secpod.oval:def:704251
linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-kvm: Linux kernel for cloud environments - linux-oem: Linux kernel for OEM processors - li ...

oval:org.secpod.oval:def:603630
Harry Sintonen from F-Secure Corporation discovered multiple vulnerabilities in OpenSSH, an implementation of the SSH protocol suite. All the vulnerabilities are in found in the scp client implementing the SCP protocol. CVE-2018-20685 Due to improper directory name validation, the scp client allows ...

oval:org.secpod.oval:def:603597
Multiple security issues were found in libarchive, a multi-format archive and compression library: Processing malformed RAR archives could result in denial of service or the execution of arbitrary code and malformed WARC, LHarc, ISO, Xar or CAB archives could result in denial of service.

oval:org.secpod.oval:def:1902003
An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned . A malicious scp server can overwrite arbitrary ...

oval:org.secpod.oval:def:2000615
do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360.

oval:org.secpod.oval:def:2000666
GPAC version 0.7.2 and earlier has a buffer overflow vulnerability in the cat_multiple_files function in applications/mp4box/fileimport.c when MP4Box is used for a local directory containing crafted filenames.

oval:org.secpod.oval:def:52135
libreoffice: Office productivity suite Several security issues were fixed in LibreOffice.

oval:org.secpod.oval:def:52137
gnome-keyring: GNOME keyring services GNOME Keyring could be made to expose sensitive information.

oval:org.secpod.oval:def:1900480
libical-dev 1.0 allows remote attackers to cause a denial of service via a crafted ics file.

oval:org.secpod.oval:def:1901711
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the data_len variable.

oval:org.secpod.oval:def:1901713
An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. Due to the way rename across filesystems is implemented, it is possible that file being renamed is briefly available with wrong permissions while the rename is ongoing, thus enabling unauthorized users to acce ...

oval:org.secpod.oval:def:1901700
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an Invalid Read in exif_process_SOFn.

oval:org.secpod.oval:def:52968
openssh: secure shell for secure access to remote machines Details: USN-3885-1 fixed vulnerabilities in OpenSSH. It was discovered that the fix for CVE-2019-6111 turned out to be incomplete. This update fixes the problem. Original advisory One of the fixes in USN-3885-1 was incomplete.

oval:org.secpod.oval:def:52967
libgd2: GD Graphics Library Several security issues were fixed in GD.

oval:org.secpod.oval:def:603679
It was found that a security update of OpenSSH, an implementation of the SSH protocol suite, was incomplete. This update did not completely fix CVE-2019-6111, an arbitrary file overwrite vulnerability in the scp client implementing the SCP protocol.

oval:org.secpod.oval:def:603677
Juraj Somorovsky, Robert Merget and Nimrod Aviram discovered a padding oracle attack in OpenSSL.

oval:org.secpod.oval:def:2001184
Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Succe ...

oval:org.secpod.oval:def:53484
Multiple security issues were found in libarchive, a multi-format archive and compression library: Processing malformed RAR archives could result in denial of service or the execution of arbitrary code and malformed WARC, LHarc, ISO, Xar or CAB archives could result in denial of service.

oval:org.secpod.oval:def:53497
Tavis Ormandy discovered a vulnerability in Ghostscript, the GPL PostScript/PDF interpreter, which may result in denial of service or the execution of arbitrary code if a malformed Postscript file is processed .

oval:org.secpod.oval:def:53499
Christophe Fergeau discovered an out-of-bounds read vulnerability in spice, a SPICE protocol client and server library, which might result in denial of service , or possibly, execution of arbitrary code.

oval:org.secpod.oval:def:1900117
In Liblibtiff-tools 4.0.9, there is a NULL pointer dereference in the libtiff-toolsWriteDirectorySec function in tif_dirwrite.c that will lead to a denial of service attack, as demonstrated by libtiff-tools set.

oval:org.secpod.oval:def:53510
Harry Sintonen from F-Secure Corporation discovered multiple vulnerabilities in OpenSSH, an implementation of the SSH protocol suite. All the vulnerabilities are in found in the scp client implementing the SCP protocol. CVE-2018-20685 Due to improper directory name validation, the scp client allows ...

oval:org.secpod.oval:def:53516
Multiple security issues have been found in the Thunderbird mail client, which could lead to the execution of arbitrary code, denial of service or spoofing of S/MIME signatures.

oval:org.secpod.oval:def:53515
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.

oval:org.secpod.oval:def:53521
Chris Coulson discovered a flaw in systemd leading to denial of service. An unprivileged user could take advantage of this issue to crash PID1 by sending a specially crafted D-Bus message on the system bus.

oval:org.secpod.oval:def:53527
Juraj Somorovsky, Robert Merget and Nimrod Aviram discovered a padding oracle attack in OpenSSL.

oval:org.secpod.oval:def:53529
It was found that a security update of OpenSSH, an implementation of the SSH protocol suite, was incomplete. This update did not completely fix CVE-2019-6111, an arbitrary file overwrite vulnerability in the scp client implementing the SCP protocol.

oval:org.secpod.oval:def:1700063
Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue and tcp_prune_ofo_queue for every incoming packet which can lead to a denial of service. An attacker can induce a denial of service condition by sending specially modified packets within ongoing TCP sessi ...

oval:org.secpod.oval:def:1700061
The fs/ext4/inline.c:ext4_read_inline_data function in the Linux kernel performs a memcpy with an untrusted length value in certain circumstances involving a crafted filesystem that stores the system.data extended attribute value in a dedicated inode. The unbound copy can cause memory corruption or ...

oval:org.secpod.oval:def:1900985
Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Succ ...

oval:org.secpod.oval:def:603829
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.

oval:org.secpod.oval:def:50461
The host is missing a critical security update according to Mozilla advisory, MFSA2019-01. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code.

oval:org.secpod.oval:def:50453
The host is missing a critical security update according to Mozilla advisory, MFSA2019-02. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code.

oval:org.secpod.oval:def:50472
It was found that ghostscript could leak sensitive operators on the operand stack when a pseudo-operator pushes a subroutine. A specially crafted PostScript file could use this flaw to escape the -dSAFER protection in order to, for example, have access to the file system and execute commands.

oval:org.secpod.oval:def:50462
The host is missing a critical security update according to Mozilla advisory, MFSA2019-02. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code.

oval:org.secpod.oval:def:50463
Mozilla Firefox 65, Mozilla Firefox ESR 60.5 and Mozilla Thunderbird 60.5: A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements. This results in the stream parser object being freed while still in use, leading to a potentially exploitable crash.

oval:org.secpod.oval:def:50464
Mozilla Firefox 64, Mozilla Firefox ESR 60.4 and Mozilla Thunderbird 60.5: Mozilla developers and community members Alex Gaynor, Christoph Diehl, Steven Crane, Jason Kratzer, Gary Kwong, and Christian Holler reported memory safety bugs present in Firefox 64 and Firefox ESR 60.4. Some of these bugs s ...

oval:org.secpod.oval:def:50468
Mozilla Firefox 65, Mozilla Firefox ESR 60.5 and Mozilla Thunderbird 60.5: An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC endpoints and server parents during IPC process creation. This authentication is insuffic ...

oval:org.secpod.oval:def:50469
Mozilla Firefox 65 : When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration (PAC) file or if a PAC file is loaded locally, this PAC file can specify that requests to the localhost are to be sent through the proxy to another server. This behavior is disallowed by defa ...

oval:org.secpod.oval:def:603838
Multiple security issues have been found in the Thunderbird mail client, which could lead to the execution of arbitrary code or denial of service.

oval:org.secpod.oval:def:53501
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or privilege escalation.

oval:org.secpod.oval:def:53508
Multiple vulnerabilities have been discovered in libgd2, a library for programmatic graphics creation and manipulation, which may result in denial of service or potentially the execution of arbitrary code if a malformed file is processed.

oval:org.secpod.oval:def:115815
Lua is a powerful light-weight programming language designed for extending applications. Lua is also frequently used as a general-purpose, stand-alone language. Lua is free software. Lua combines simple procedural syntax with powerful data description constructs based on associative arrays and exten ...

oval:org.secpod.oval:def:704499
systemd: system and service manager systemd could be made to crash if it received specially a crafted D-Bus message.

oval:org.secpod.oval:def:704493
python-django: High-level Python web development framework Django could be made to consume resources if it received specially crafted network traffic.

oval:org.secpod.oval:def:704490
libarchive: Library to read/write archive files Several security issues were fixed in libarchive.

oval:org.secpod.oval:def:704492
poppler: PDF rendering library Several security issues were fixed in poppler.

oval:org.secpod.oval:def:704486
libreoffice: Office productivity suite Several security issues were fixed in LibreOffice.

oval:org.secpod.oval:def:704487
curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl.

oval:org.secpod.oval:def:704489
openssh: secure shell for secure access to remote machines Several security issues were fixed in OpenSSH.

oval:org.secpod.oval:def:704475
avahi: Avahi IPv4LL network address configuration daemon Several security issues were fixed in Avahi.

oval:org.secpod.oval:def:704473
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:704465
linux-gcp: Linux kernel for Google Cloud Platform systems - linux-hwe: Linux hardware enablement kernel Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:115917
A library for reading and converting Windows MetaFile vector graphics .

oval:org.secpod.oval:def:704462
linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-hwe: Linux hardware enablement kernel The system could be made unavailable if it received specially crafted network traffic.

oval:org.secpod.oval:def:115913
A library for reading and converting Windows MetaFile vector graphics .

oval:org.secpod.oval:def:50503
Mozilla Thunderbird 60.5 : A vulnerability in the Libical libary used by Thunderbird can allow remote attackers to cause a denial of service (use-after-free) via a crafted ICS calendar file.

oval:org.secpod.oval:def:50504
The host is missing a critical security update according to Mozilla advisory, MFSA2019-03. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code.

oval:org.secpod.oval:def:50506
Mozilla Thunderbird 60.5: A vulnerability in the Libical libary used by Thunderbird can allow remote attackers to cause a denial of service (use-after-free) via a crafted ICS calendar file.

oval:org.secpod.oval:def:50507
The host is missing a critical security update according to Mozilla advisory, MFSA2019-03. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code.

oval:org.secpod.oval:def:704468
spice: SPICE protocol client and server library Spice could be made to crash or run programs if it received specially crafted network traffic.

oval:org.secpod.oval:def:115907
The libtiff package contains a library of functions for manipulating TIFF image format files. TIFF is a widely used file format for bitmapped images. TIFF files usually end in the .tif extension and they are often quite large. The libtiff package should be installed if you need to manipulate TIFF f ...

oval:org.secpod.oval:def:115909
The Simple Protocol for Independent Computing Environments is a remote display system built for virtual environments which allows you to view a computing 'desktop' environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine a ...

oval:org.secpod.oval:def:115905
poppler is a PDF rendering library.

oval:org.secpod.oval:def:704450
ghostscript: PostScript and PDF interpreter Ghostscript could be made to crash, access files, or run programs if it opened a specially crafted file.

oval:org.secpod.oval:def:704451
mysql-5.7: MySQL database Several security issues were fixed in MySQL.

oval:org.secpod.oval:def:704440
libcaca: text mode graphics utilities Several security issues were fixed in libcaca.

oval:org.secpod.oval:def:704441
libarchive: Library to read/write archive files Several security issues were fixed in libarchive.

oval:org.secpod.oval:def:704447
tiff: Tag Image File Format library LibTIFF could be made to crash or run programs as your login if it opened a specially crafted file.

oval:org.secpod.oval:def:704448
poppler: PDF rendering library Several security issues were fixed in poppler.

oval:org.secpod.oval:def:1502285
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:704408
linux-aws: Linux kernel for Amazon Web Services systems Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:1900077
A NULL pointer dereference in the function _libtiff-tools memcmp at tif_unix.c in Liblibtiff-tools 4.0.9 allows an attacker to cause a denial-of-service through a crafted libtiff-tools file. This vulnerability can be triggered by the executable libtiff-tool scp.

oval:org.secpod.oval:def:51029
linux: Linux kernel - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:114689
This package contains the tools/ directory from the kernel source and the supporting documentation.

oval:org.secpod.oval:def:205181
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.6.1. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6 * Mozilla: Use-after-free when removing in-use DOM elements * Mozilla: Type inference is incorrect ...

oval:org.secpod.oval:def:205175
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.6.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6 * Mozilla: Use-after-free when removing in-use DOM ...

oval:org.secpod.oval:def:205176
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.6.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6 * Mozilla: Use-after-free when removing in-use DOM ...

oval:org.secpod.oval:def:205179
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.6.1. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6 * Mozilla: Use-after-free when removing in-use DOM elements * Mozilla: Type inference is incorrect ...

oval:org.secpod.oval:def:205163
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * kernel: MIDI driver race condition leads to a double-free For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the ...

oval:org.secpod.oval:def:205160
The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes usi ...

oval:org.secpod.oval:def:205161
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.5.1 ESR. Security Fix: * chromium-browser, mozilla: Use after free in Skia * mozilla: Integer overflow in Skia For more details about the secur ...

oval:org.secpod.oval:def:205162
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.5.1 ESR. Security Fix: * chromium-browser, mozilla: Use after free in Skia * mozilla: Integer overflow in Skia For more details about the secur ...

oval:org.secpod.oval:def:205154
The Simple Protocol for Independent Computing Environments is a remote display protocol for virtual environments. SPICE users can access a virtualized desktop or server from the local system or any system with network access to the server. SPICE is used in Red Hat Enterprise Linux for viewing virtu ...

oval:org.secpod.oval:def:114699
The kernel meta package

oval:org.secpod.oval:def:205155
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.5.0. Security Fix: * Mozilla: Use-after-free parsing HTML5 stream * Mozilla: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5 * Mozilla: Privilege escalation through IPC channel ...

oval:org.secpod.oval:def:205150
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.5.0 ESR. Security Fix: * Mozilla: Use-after-free parsing HTML5 stream * Mozilla: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5 * ...

oval:org.secpod.oval:def:205151
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.5.0 ESR. Security Fix: * Mozilla: Use-after-free parsing HTML5 stream * Mozilla: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5 * ...

oval:org.secpod.oval:def:205156
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.5.0. Security Fix: * Mozilla: Use-after-free parsing HTML5 stream * Mozilla: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5 * Mozilla: Privilege escalation through IPC channel ...

oval:org.secpod.oval:def:205157
The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix: * ghostscript: use-after-free in copydevice handling * ghostscript: access bypass in psi/ ...

oval:org.secpod.oval:def:205158
The Simple Protocol for Independent Computing Environments is a remote display system built for virtual environments which allows the user to view a computing "desktop" environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine arch ...

oval:org.secpod.oval:def:115966
The libtiff package contains a library of functions for manipulating TIFF image format files. TIFF is a widely used file format for bitmapped images. TIFF files usually end in the .tif extension and they are often quite large. The libtiff package should be installed if you need to manipulate TIFF f ...

oval:org.secpod.oval:def:1901515
In GPAC through 0.7.2, gf_text_get_utf8_line in media_tools/text_import.c in libgpac_static.a allows an out-of-bounds write because of missing szLineConv bounds checking.

oval:org.secpod.oval:def:115926
curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+passwo ...

oval:org.secpod.oval:def:115949
MinGW Windows Poppler library.

oval:org.secpod.oval:def:50619
curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl.

oval:org.secpod.oval:def:45294
The host is installed with LibreOffice before 5.4.6.1 or 6.x before 6.0.2.1 and is prone to a heap-based buffer overflow vulnerability. A flaw is present in the application, which fails to properly validate a customizations index. Successful exploitation could allow remote attackers to crash the ser ...

oval:org.secpod.oval:def:45295
The host is installed with LibreOffice before 5.4.5 or 6.x before 6.0.1 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to properly handle an incorrect integer data type in the StgSmallStrm class. Successful exploitation could allow remote attackers ...

oval:org.secpod.oval:def:502650
The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix: * ghostscript: missing attack vector protections for CVE-2019-6116 For more details about ...

oval:org.secpod.oval:def:53013
poppler: PDF rendering library poppler could be made to crash if it opened a specially crafted file.

oval:org.secpod.oval:def:704912
php7.2: HTML-embedded scripting language interpreter - php7.0: HTML-embedded scripting language interpreter Several security issues were fixed in PHP.

oval:org.secpod.oval:def:1901894
Heap-buffer-overflow in exif_iif_add_value in EXIF

oval:org.secpod.oval:def:1901893
Heap-buffer-overflow in php_ifd_get32s

oval:org.secpod.oval:def:704814
poppler: PDF rendering library poppler could be made to crash if it opened a specially crafted file.

oval:org.secpod.oval:def:1502501
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:114291
This package contains the Corosync Cluster Engine Executive, several default APIs and libraries, default configuration files, and an init script.

oval:org.secpod.oval:def:603544
This update fixes several vulnerabilities in Imagemagick, a graphical software suite. Various memory handling problems or incomplete input sanitising have been found in the coders for BMP, DIB, PICT, DCM, CUT and PSD.

oval:org.secpod.oval:def:52970
poppler: PDF rendering library poppler could be made to crash if it opened a specially crafted file.

oval:org.secpod.oval:def:603942
Joe Vennix discovered an authentication bypass vulnerability in dbus, an asynchronous inter-process communication system. The implementation of the DBUS_COOKIE_SHA1 authentication mechanism was susceptible to a symbolic link attack. A local attacker could take advantage of this flaw to bypass authen ...

oval:org.secpod.oval:def:705010
dbus: simple interprocess messaging system DBus could allow unintended access to services.

oval:org.secpod.oval:def:705114
php7.2: HTML-embedded scripting language interpreter - php7.0: HTML-embedded scripting language interpreter PHP could be made to crash or execute arbitrary code if it received specially crafted image.

oval:org.secpod.oval:def:705116
mariadb-10.3: MariaDB database Details: USN-4070-1 fixed multiple vulnerabilities in MySQL. This update provides the corresponding fixes for CVE-2019-2737, CVE-2019-2739, CVE-2019-2740, CVE-2019-2758, CVE-2019-2805, CVE-2019-2628, CVE-2019-2627, CVE-2019-2614 in MariaDB 10.3. Ubuntu 19.04 has been u ...

oval:org.secpod.oval:def:604537
Multiple security issues were found in PHP, a widely-used open source general purpose scripting language: Missing sanitising in the EXIF extension and the iconv_mime_decode_headers function could result in information disclosure or denial of service.

oval:org.secpod.oval:def:604535
Multiple security issues were found in PHP, a widely-used open source general purpose scripting language: Missing sanitising in the EXIF extension and the iconv_mime_decode_headers function could result in information disclosure or denial of service.

oval:org.secpod.oval:def:58365
php7.2: HTML-embedded scripting language interpreter - php7.0: HTML-embedded scripting language interpreter PHP could be made to crash or execute arbitrary code if it received specially crafted image.

oval:org.secpod.oval:def:503315
MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs. The following packages have been upgraded to a later upstream version: mysql . Security Fix: * mysql: Server: Replication multiple unspecified vulnerabilities * mysql ...

oval:org.secpod.oval:def:55512
mariadb-10.1: MariaDB database Details: USN-3957-1 fixed multiple vulnerabilities in MySQL. This update provides the corresponding fixes for CVE-2019-2614 and CVE-2019-2627 in MariaDB 10.1. Linux Mint 19.x LTS has been updated to MariaDB 10.1.40. In addition to security fixes, the updated package co ...

oval:org.secpod.oval:def:1501959
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1901898
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multipl ...

oval:org.secpod.oval:def:704044
libvncserver: vnc server library LibVNCServer could be made to crash, expose sensitive information, or run programs if it received specially crafted network traffic.

oval:org.secpod.oval:def:114190
LibVNCServer makes writing a VNC server easy. It hides the programmer from the tedious task of managing clients and compression schemata.

oval:org.secpod.oval:def:114235
LibVNCServer makes writing a VNC server easy. It hides the programmer from the tedious task of managing clients and compression schemata.

oval:org.secpod.oval:def:603419
Alexander Peslyak discovered that insufficient input sanitising of RFB packets in LibVNCServer could result in the disclosure of memory contents.

oval:org.secpod.oval:def:1901905
[Unknown description]

oval:org.secpod.oval:def:1901903
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple proto ...

oval:org.secpod.oval:def:704996
mariadb-10.1: MariaDB database Details: USN-3957-1 fixed multiple vulnerabilities in MySQL. This update provides the corresponding fixes for CVE-2019-2614 and CVE-2019-2627 in MariaDB 10.1. Ubuntu 18.04 LTS has been updated to MariaDB 10.1.40. In addition to security fixes, the updated package conta ...

oval:org.secpod.oval:def:53345
Alexander Peslyak discovered that insufficient input sanitising of RFB packets in LibVNCServer could result in the disclosure of memory contents.

oval:org.secpod.oval:def:52030
libvncserver: vnc server library LibVNCServer could be made to crash, expose sensitive information, or run programs if it received specially crafted network traffic.

oval:org.secpod.oval:def:502264
LibVNCServer is a C library that enables you to implement VNC server functionality into own programs. Security Fix: * libvncserver: Improper input sanitization in rfbProcessClientNormalMessage in rfbserver.c For more details about the security issue, including the impact, a CVSS score, and other re ...

oval:org.secpod.oval:def:1700039
Improper input sanitization in rfbProcessClientNormalMessage in rfbserver.cAn issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified ...

oval:org.secpod.oval:def:603855
It was discovered that a buffer overflow in the RTSP parser of the GStreamer media framework may result in the execution of arbitrary code if a malformed RSTP stream is opened.

oval:org.secpod.oval:def:1502180
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:53014
tiff: Tag Image File Format library LibTIFF could be made to crash or run programs as your login if it opened a specially crafted file.

oval:org.secpod.oval:def:704026
tiff: Tag Image File Format library LibTIFF could be made to crash or run programs as your login if it opened a specially crafted file.

oval:org.secpod.oval:def:704820
tiff: Tag Image File Format library LibTIFF could be made to crash or run programs as your login if it opened a specially crafted file.

oval:org.secpod.oval:def:115529
The libtiff package contains a library of functions for manipulating TIFF image format files. TIFF is a widely used file format for bitmapped images. TIFF files usually end in the .tif extension and they are often quite large. The libtiff package should be installed if you need to manipulate TIFF f ...

oval:org.secpod.oval:def:52019
tiff: Tag Image File Format library LibTIFF could be made to crash or run programs as your login if it opened a specially crafted file.

oval:org.secpod.oval:def:115258
The libtiff package contains a library of functions for manipulating TIFF image format files. TIFF is a widely used file format for bitmapped images. TIFF files usually end in the .tif extension and they are often quite large. The libtiff package should be installed if you need to manipulate TIFF f ...

oval:org.secpod.oval:def:115360
The libtiff package contains a library of functions for manipulating TIFF image format files. TIFF is a widely used file format for bitmapped images. TIFF files usually end in the .tif extension and they are often quite large. The libtiff package should be installed if you need to manipulate TIFF f ...

oval:org.secpod.oval:def:1900138
libtiff-toolsWriteScanline in tif_write.c in Liblibtiff-tools 3.8.2 has a heap-based buffer over-read, as demonstrated by bmp2libtiff-tools.

oval:org.secpod.oval:def:113996
The w3m program is a pager that can also be used as a text-mode Web browser. If you want to display the inline images on w3m, you need to install w3m-img package as well.

oval:org.secpod.oval:def:704220
w3m: WWW browsable pager with excellent tables/frames support Several security issues were fixed in w3m.

oval:org.secpod.oval:def:52093
w3m: WWW browsable pager with excellent tables/frames support Several security issues were fixed in w3m.

oval:org.secpod.oval:def:46697
The host is installed with Oracle MySQL Server through 5.6.40, 5.7.22 or 8.0.11 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to InnoDB. Successful exploitation allows attackers to affect Integrity and Availability.

oval:org.secpod.oval:def:46693
The host is installed with Oracle MySQL Server through 5.7.22 or 8.0.11 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to InnoDB. Successful exploitation allows attackers to affect Integrity and Availability.

oval:org.secpod.oval:def:50210
The host is installed with Oracle MySQL Server through 5.7.24 or 8.0.13 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to Server: Optimizer. Successful exploitation allows attackers to affect Availability.

oval:org.secpod.oval:def:50211
The host is installed with Oracle MySQL Server through 5.7.24 or 8.0.13 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to Server: Parser. Successful exploitation allows attackers to affect Availability.

oval:org.secpod.oval:def:50213
The host is installed with Oracle MySQL Server through 5.6.42, 5.7.24 or 8.0.13 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to Server: Parser. Successful exploitation allows attackers to affect Availability.

oval:org.secpod.oval:def:50214
The host is installed with Oracle MySQL Server through 5.6.42, 5.7.24 or 8.0.13 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to Server: Optimizer. Successful exploitation allows attackers to affect Availability.

oval:org.secpod.oval:def:50225
The host is installed with Oracle MySQL Server through 5.6.42, 5.7.24 or 8.0.13 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to Server: Optimizer. Successful exploitation allows attackers to affect Availability.

oval:org.secpod.oval:def:48130
The host is installed with Oracle MySQL Server through 5.7.23 or 8.0.12 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to InnoDB. Successful exploitation allows attackers to affect Availability.

oval:org.secpod.oval:def:48102
The host is installed with Oracle MySQL Server through 5.6.41, 5.7.23 or 8.0.12 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to InnoDB. Successful exploitation allows attackers to affect Availability.

oval:org.secpod.oval:def:48103
The host is installed with Oracle MySQL Server through 5.6.41, 5.7.23 or 8.0.12 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to InnoDB. Successful exploitation allows attackers to affect Availability.

oval:org.secpod.oval:def:48101
The host is installed with Oracle MySQL Server through 5.6.41, 5.7.23 or 8.0.12 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to InnoDB. Successful exploitation allows attackers to affect Availability.

oval:org.secpod.oval:def:48110
The host is installed with Oracle MySQL Server through 5.7.23 or 8.0.12 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to InnoDB. Successful exploitation allows attackers to affect Integrity and Availability.

oval:org.secpod.oval:def:48118
The host is installed with Oracle MySQL Server through 5.7.23 or 8.0.12 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to InnoDB. Successful exploitation allows attackers to affect Availability.

oval:org.secpod.oval:def:48116
The host is installed with Oracle MySQL Server through 5.7.23 or 8.0.12 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to InnoDB. Successful exploitation allows attackers to affect Availability.

oval:org.secpod.oval:def:48114
The host is installed with Oracle MySQL Server through 5.5.61, 5.6.41, 5.7.23 or 8.0.12 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to Client programs. Successful exploitation allows attackers to affect Availability.

oval:org.secpod.oval:def:48119
The host is installed with Oracle MySQL Server through 5.7.23 or 8.0.12 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to InnoDB. Successful exploitation allows attackers to affect Availability.

oval:org.secpod.oval:def:48128
The host is installed with Oracle MySQL Server through 5.5.61, 5.6.41, 5.7.23 or 8.0.12 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to Server: Storage Engines. Successful exploitation allows attackers to affect Availabilit ...

oval:org.secpod.oval:def:44771
The host is installed with OpenSSL 1.1.0 before 1.1.0h or OpenSSL 1.0.2b before 1.0.2n or MySQL Server prior to 5.6.40, 5.7.22 or 8.0.11 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle malicious input to a stack. Successful expl ...

oval:org.secpod.oval:def:54331
The host is installed with Oracle MySQL Server through 5.6.43, 5.7.25 or 8.0.15 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to Server: Compiling (OpenSSL). Successful exploitation allows attackers to affect Confidentiality ...

oval:org.secpod.oval:def:54344
The host is installed with Oracle MySQL Server through 5.6.43, 5.7.25 or 8.0.15 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to Server: Replication. Successful exploitation allows attackers to affect Availability.

oval:org.secpod.oval:def:54351
The host is installed with Oracle MySQL Server through 5.6.43, 5.7.25 or 8.0.15 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to Server: Security: Privileges. Successful exploitation allows attackers to affect Availability.

oval:org.secpod.oval:def:54352
The host is installed with Oracle MySQL Server through 5.7.25 or 8.0.15 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to InnoDB. Successful exploitation allows attackers to affect Availability.

oval:org.secpod.oval:def:50989
The host is installed with OpenSSL 1.0.2 through 1.0.2q or Oracle MySQL Server through 5.6.43, 5.7.25 or 8.0.15 and is prone to a padding oracle attack vulnerability. The vulnerability is present in the SSL_shutdown() method used in conjunction with non-stitched ciphersuites. On successful exploitat ...

oval:org.secpod.oval:def:50230
The host is installed with Oracle MySQL Server through 5.6.42, 5.7.24 or 8.0.13 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to Server: Replication. Successful exploitation allows attackers to affect Confidentiality and Int ...

oval:org.secpod.oval:def:50227
The host is installed with Oracle MySQL Server through 5.6.42, 5.7.24 or 8.0.13 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to Server: Replication. Successful exploitation allows attackers to affect Availability.

oval:org.secpod.oval:def:50228
The host is installed with Oracle MySQL Server through 5.7.24 or 8.0.13 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to Server: Security: Privileges. Successful exploitation allows attackers to affect Availability.

oval:org.secpod.oval:def:50233
The host is installed with Oracle MySQL Server through 5.6.42, 5.7.24 or 8.0.13 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to Server: DDL. Successful exploitation allows attackers to affect Availability.

oval:org.secpod.oval:def:42356
The host is missing a critical security update KB4041689

oval:org.secpod.oval:def:42360
The host is missing an important security update KB4041676

oval:org.secpod.oval:def:114313
Module::CoreList provides information on which core and dual-life modules are shipped with each version of perl.

oval:org.secpod.oval:def:114310
Perl is a high-level programming language with roots in C, sed, awk and shell scripting. Perl is good at handling processes and files, and is especially good at handling text. Perl's hallmarks are practicality and efficiency. While it is used to do a lot of different things, Perl's most comm ...

oval:org.secpod.oval:def:1600879
Use-after-free on HTTP/2 stream shutdownWhen an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to trigger ...

oval:org.secpod.oval:def:114477
Perl is a high-level programming language with roots in C, sed, awk and shell scripting. Perl is good at handling processes and files, and is especially good at handling text. Perl's hallmarks are practicality and efficiency. While it is used to do a lot of different things, Perl's most comm ...

oval:org.secpod.oval:def:116205
The Apache HTTP Server is a powerful, efficient, and extensible web server.

oval:org.secpod.oval:def:1700154
In Apache HTTP Server with MPM event, worker or prefork, code executing in less-privileged child processes or threads could execute arbitrary code with the privileges of the parent process by manipulating the scoreboard

oval:org.secpod.oval:def:54395
apache2: Apache HTTP server Several security issues were fixed in the Apache HTTP Server.

oval:org.secpod.oval:def:54396
apache2: Apache HTTP server Several security issues were fixed in the Apache HTTP Server.

oval:org.secpod.oval:def:502656
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * httpd: privilege escalation from modules scripts * httpd: mod_ssl: access control bypass when using per-location client certification authentication For more details about the secur ...

oval:org.secpod.oval:def:704065
apache2: Apache HTTP server Details: USN-3627-1 fixed vulnerabilities in Apache HTTP Server. This update provides the corresponding updates for Ubuntu 18.04 LTS. Original advisory Several security issues were fixed in the Apache HTTP Server.

oval:org.secpod.oval:def:704052
apache2: Apache HTTP server Several security issues were fixed in the Apache HTTP Server.

oval:org.secpod.oval:def:48667
The host is installed with Apple Mac OS X 10.12.6 and is prone to multiple buffer overflow vulnerabilities. The flaws are present in the application, which fails to properly handle a memory related issue. Successful exploitation may allow attackers to perform buffer overflow.

oval:org.secpod.oval:def:48678
The host is installed with Apple Mac OS X 10.12.6 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle issues related to ruby. Successful exploitation may allow attackers to cause unexpected application termination or arbitrary code ...

oval:org.secpod.oval:def:48676
The host is installed with Apple Mac OS X 10.12.6 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle issues related to ruby. Successful exploitation may allow attackers to cause unexpected application termination or arbitrary code ...

oval:org.secpod.oval:def:48677
The host is installed with Apple Mac OS X 10.12.6 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle issues related to ruby. Successful exploitation may allow attackers to cause unexpected application termination or arbitrary code ...

oval:org.secpod.oval:def:48674
The host is installed with Apple Mac OS X 10.12.6 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle issues related to ruby. Successful exploitation may allow attackers to cause unexpected application termination or arbitrary code ...

oval:org.secpod.oval:def:48675
The host is installed with Apple Mac OS X 10.12.6 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle issues related to ruby. Successful exploitation may allow attackers to cause unexpected application termination or arbitrary code ...

oval:org.secpod.oval:def:603362
Multiple vulnerabilities were discovered in the implementation of the Perl programming language. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2018-6797 Brian Carpenter reported that a crafted regular expression could cause a heap buffer write overflow, with ...

oval:org.secpod.oval:def:603350
Several vulnerabilities have been found in the Apache HTTPD server. CVE-2017-15710 Alex Nichols and Jakob Hirsch reported that mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, could cause an of bound write if supplied with a crafted Accept-Language header. This could potentially be used fo ...

oval:org.secpod.oval:def:114244
The Apache HTTP Server is a powerful, efficient, and extensible web server.

oval:org.secpod.oval:def:704180
ruby2.3: Object-oriented scripting language - ruby1.9.1: Object-oriented scripting language - ruby2.0: Object-oriented scripting language Several security issues were fixed in Ruby.

oval:org.secpod.oval:def:704176
ruby2.3: Object-oriented scripting language - ruby1.9.1: Object-oriented scripting language - ruby2.0: Object-oriented scripting language Several security issues were fixed in Ruby.

oval:org.secpod.oval:def:1600997
In Apache HTTP Server with MPM event, worker or prefork, code executing in less-privileged child processes or threads could execute arbitrary code with the privileges of the parent process by manipulating the scoreboard

oval:org.secpod.oval:def:603472
Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may result in incorrect processing of HTTP/FTP, directory traversal, command injection, unintended socket creation or information disclosure. This update also fixes several issues in RubyGems which could all ...

oval:org.secpod.oval:def:53297
Several vulnerabilities have been found in the Apache HTTPD server. CVE-2017-15710 Alex Nichols and Jakob Hirsch reported that mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, could cause an of bound write if supplied with a crafted Accept-Language header. This could potentially be used fo ...

oval:org.secpod.oval:def:114296
Module::CoreList provides information on which core and dual-life modules are shipped with each version of perl.

oval:org.secpod.oval:def:114298
Perl is a high-level programming language with roots in C, sed, awk and shell scripting. Perl is good at handling processes and files, and is especially good at handling text. Perl's hallmarks are practicality and efficiency. While it is used to do a lot of different things, Perl's most comm ...

oval:org.secpod.oval:def:1800939
CVE-2017-15710: Out of bound write in mod_authnz_ldap when using too small Accept-Language values¶ Affected Versions:¶ 2.4.1 to 2.4.29 Fixed in:¶ Apache 2.4.30

oval:org.secpod.oval:def:1800945
CVE-2017-15710: Out of bound write in mod_authnz_ldap when using too small Accept-Language values¶ Affected Versions 2.4.1 to 2.4.29 Fixed in Apache 2.4.30

oval:org.secpod.oval:def:1800946
CVE-2017-15710: Out of bound write in mod_authnz_ldap when using too small Accept-Language values¶ Affected Versions:¶ 2.4.1 to 2.4.29 Fixed in:¶ Apache 2.4.30

oval:org.secpod.oval:def:1800958
Ruby has multiple vulnerabilities: CVE-2017-17742: HTTP response splitting in WEBrick CVE-2018-6914: Unintentional file and directory creation with directory traversal in tempfile and tmpdir CVE-2018-8777: DoS by large request in WEBrick CVE-2018-8778: Buffer under-read in String#unpack CVE-2018-877 ...

oval:org.secpod.oval:def:1800960
Ruby has multiple vulnerabilities: CVE-2017-17742: HTTP response splitting in WEBrick CVE-2018-6914: Unintentional file and directory creation with directory traversal in tempfile and tmpdir CVE-2018-8777: DoS by large request in WEBrick CVE-2018-8778: Buffer under-read in String#unpack CVE-2018-877 ...

oval:org.secpod.oval:def:1800961
Ruby has multiple vulnerabilities: CVE-2017-17742: HTTP response splitting in WEBrick CVE-2018-6914: Unintentional file and directory creation with directory traversal in tempfile and tmpdir CVE-2018-8777: DoS by large request in WEBrick CVE-2018-8778: Buffer under-read in String#unpack CVE-2018-877 ...

oval:org.secpod.oval:def:53303
Multiple vulnerabilities were discovered in the implementation of the Perl programming language. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2018-6797 Brian Carpenter reported that a crafted regular expression could cause a heap buffer write overflow, with ...

oval:org.secpod.oval:def:1800950
CVE-2017-15710: Out of bound write in mod_authnz_ldap when using too small Accept-Language values¶ Affected Versions:¶ 2.4.1 to 2.4.29 Fixed in:¶ Apache 2.4.30

oval:org.secpod.oval:def:51536
perl: Practical Extraction and Report Language Several security issues were fixed in Perl.

oval:org.secpod.oval:def:52071
ruby2.3: Object-oriented scripting language - ruby1.9.1: Object-oriented scripting language - ruby2.0: Object-oriented scripting language Several security issues were fixed in Ruby.

oval:org.secpod.oval:def:52068
ruby2.3: Object-oriented scripting language - ruby1.9.1: Object-oriented scripting language - ruby2.0: Object-oriented scripting language Several security issues were fixed in Ruby.

oval:org.secpod.oval:def:52034
apache2: Apache HTTP server Several security issues were fixed in the Apache HTTP Server.

oval:org.secpod.oval:def:53383
Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may result in incorrect processing of HTTP/FTP, directory traversal, command injection, unintended socket creation or information disclosure. This update also fixes several issues in RubyGems which could all ...

oval:org.secpod.oval:def:1901777
mod_auth_digest access control bypass

oval:org.secpod.oval:def:1901778
Apache HTTP Server privilege escalation from modules" scripts

oval:org.secpod.oval:def:114573
Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks . It is simple, straight-forward, and extensible.

oval:org.secpod.oval:def:603841
Several vulnerabilities have been found in the Apache HTTP server. CVE-2018-17189 Gal Goldshtein of F5 Networks discovered a denial of service vulnerability in mod_http2. By sending malformed requests, the http/2 stream for that request unnecessarily occupied a server thread cleaning up incoming dat ...

oval:org.secpod.oval:def:45091
perl: Practical Extraction and Report Language Several security issues were fixed in Perl.

oval:org.secpod.oval:def:45092
perl: Practical Extraction and Report Language Several security issues were fixed in Perl.

oval:org.secpod.oval:def:54093
apache2: Apache HTTP server Several security issues were fixed in the Apache HTTP Server.

oval:org.secpod.oval:def:54094
apache2: Apache HTTP server Several security issues were fixed in the Apache HTTP Server.

oval:org.secpod.oval:def:54095
apache2: Apache HTTP server Several security issues were fixed in the Apache HTTP Server.

oval:org.secpod.oval:def:51036
apache2: Apache HTTP server Details: USN-3627-1 fixed vulnerabilities in Apache HTTP Server. This update provides the corresponding updates for Linux Mint 19.x LTS. Original advisory Several security issues were fixed in the Apache HTTP Server.

oval:org.secpod.oval:def:114608
Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks . It is simple, straight-forward, and extensible.

oval:org.secpod.oval:def:1801364
CVE-2019-0196: mod_ read-after-free on a string compare¶ Using fuzzed network input, the request handling could be made to access freed memory in string comparision when determining the method of a request and thus process the request incorrectly. Versions Affected:¶ 2.4.17 to 2.4.38 Fixed ...

oval:org.secpod.oval:def:1801365
CVE-2019-0196: mod_ read-after-free on a string compare¶ Using fuzzed network input, the request handling could be made to access freed memory in string comparision when determining the method of a request and thus process the request incorrectly. Versions Affected:¶ 2.4.17 to 2.4.38 Fixed ...

oval:org.secpod.oval:def:1801366
CVE-2019-0196: mod_ read-after-free on a string compare¶ Using fuzzed network input, the request handling could be made to access freed memory in string comparision when determining the method of a request and thus process the request incorrectly. Versions Affected:¶ 2.4.17 to 2.4.38 Fixed ...

oval:org.secpod.oval:def:1801367
CVE-2019-0196: mod_ read-after-free on a string compare¶ Using fuzzed network input, the request handling could be made to access freed memory in string comparision when determining the method of a request and thus process the request incorrectly. Versions Affected:¶ 2.4.17 to 2.4.38 Fixed ...

oval:org.secpod.oval:def:54101
The host is installed with Apache HTTP Server 2.4.x through 2.4.38 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to properly handle a race condition in mod_auth_digest when running in a threaded server. Successful exploitation could allow attacker ...

oval:org.secpod.oval:def:54102
The host is installed with Apache HTTP Server 2.4.17 through 2.4.38 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to properly handle the less-privileged child processes or threads. Successful exploitation could allow attackers to execute arbi ...

oval:org.secpod.oval:def:34666
The host is installed with Apple Mac OS X or Server 10.9.5, 10.10.5 or 10.11.x before 10.11.5 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle unspecified vectors. Successful exploitation could allow remote attackers to an unexpe ...

oval:org.secpod.oval:def:34667
The host is installed with Apple Mac OS X or Server 10.9.5, 10.10.5 or 10.11.x before 10.11.5 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle unspecified vectors. Successful exploitation could allow remote attackers to an unexpe ...

oval:org.secpod.oval:def:34664
The host is installed with Apple Mac OS X or Server 10.9.5, 10.10.5 or 10.11.x before 10.11.5 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle unspecified vectors. Successful exploitation could allow remote attackers to an unexpe ...

oval:org.secpod.oval:def:34665
The host is installed with Apple Mac OS X or Server 10.9.5, 10.10.5 or 10.11.x before 10.11.5 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle unspecified vectors. Successful exploitation could allow remote attackers to an unexpe ...

oval:org.secpod.oval:def:34662
The host is installed with Apple Mac OS X or Server 10.9.5, 10.10.5 or 10.11.x before 10.11.5 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle unspecified vectors. Successful exploitation could allow remote attackers to an unexpe ...

oval:org.secpod.oval:def:34660
The host is installed with Apple Mac OS X or Server 10.9.5, 10.10.5 or 10.11.x before 10.11.5 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle unspecified vectors. Successful exploitation could allow remote attackers to an unexpe ...

oval:org.secpod.oval:def:34661
The host is installed with Apple Mac OS X or Server 10.9.5, 10.10.5 or 10.11.x before 10.11.5 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle unspecified vectors. Successful exploitation could allow remote attackers to an unexpe ...

oval:org.secpod.oval:def:114196
The Network Time Protocol is used to synchronize a computer's time with another reference time source. This package includes ntpd and utilities used to query and configure the ntpd daemon. Perl scripts are in the ntp-perl package, ntpdate is in the ntpdate package and sntp is in the sntp packa ...

oval:org.secpod.oval:def:114206
The Network Time Protocol is used to synchronize a computer's time with another reference time source. This package includes ntpd and utilities used to query and configure the ntpd daemon. Perl scripts are in the ntp-perl package, ntpdate is in the ntpdate package and sntp is in the sntp packa ...

oval:org.secpod.oval:def:33674
The host is installed with Apple Mac OS X or Server 10.9.5, 10.10.5 or 10.11.x before 10.11.4 or Apple Safari before 9.1 and is prone to an arbitrary code execution vulnerability. A flaw is present in the application, which fails to properly handle a malicious crafted XML. Successful exploitation co ...

oval:org.secpod.oval:def:1700033
Ephemeral association time spoofing additional protectionntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victims clock vi ...

oval:org.secpod.oval:def:602531
Multiple security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, buffer overflows and other implementation errors may lead to the execution of arbitrary code or spoofing. Wait, Firefox? No more references to Iceweasel? That"s right, Debian no longer applies ...

oval:org.secpod.oval:def:602589
Multiple security issues have been found in Icedove, Debian"s version of the Mozilla Thunderbird mail client: Multiple memory safety errors may lead to the execution of arbitrary code or denial of service.

oval:org.secpod.oval:def:115130
The Network Time Protocol is used to synchronize a computer's time with another reference time source. This package includes ntpd and utilities used to query and configure the ntpd daemon. Perl scripts are in the ntp-perl package, ntpdate is in the ntpdate package and sntp is in the sntp packa ...

oval:org.secpod.oval:def:116979
MariaDB is a community developed branch of MySQL - a multi-user, multi-threaded SQL database server. It is a client/server implementation consisting of a server daemon and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs and generic ...

oval:org.secpod.oval:def:115668
MariaDB is a community developed branch of MySQL - a multi-user, multi-threaded SQL database server. It is a client/server implementation consisting of a server daemon and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs and generic ...

oval:org.secpod.oval:def:1700155
The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prio ...

oval:org.secpod.oval:def:115490
MariaDB is a community developed branch of MySQL. MariaDB is a multi-user, multi-threaded SQL database server. It is a client/server implementation consisting of a server daemon and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs an ...

oval:org.secpod.oval:def:115534
MariaDB is a community developed branch of MySQL. MariaDB is a multi-user, multi-threaded SQL database server. It is a client/server implementation consisting of a server daemon and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs an ...

oval:org.secpod.oval:def:1600961
Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Succe ...

oval:org.secpod.oval:def:1600958
Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server exe ...

oval:org.secpod.oval:def:1600949
Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability ...

oval:org.secpod.oval:def:113859
Chromium is an open-source web browser, powered by WebKit .

oval:org.secpod.oval:def:1801556
CVE-2018-2755: mariaDB 10.1.33 CVE-2018-2761: mariaDB 10.1.33 CVE-2018-2766: mariaDB 10.1.33 CVE-2018-2767: mariaDB 10.1.33 CVE-2018-2771: mariaDB 10.1.33 CVE-2018-2781: mariaDB 10.1.33 CVE-2018-2782: mariaDB 10.1.33 CVE-2018-2784: mariaDB 10.1.33 CVE-2018-2787: mariaDB 10.1.33 CVE-2018-2813: mariaD ...

oval:org.secpod.oval:def:1801542
CVE-2018-3060: mariaDB 10.2.17 CVE-2018-3064: mariaDB 10.2.17 CVE-2018-3063: mariaDB 10.2.17 CVE-2018-3058: mariaDB 10.2.17 CVE-2018-3066: mariaDB 10.2.17 CVE-2018-3282: mariaDB 10.2.19 CVE-2016-9843: mariaDB 10.2.19 CVE-2018-3174: mariaDB 10.2.19 CVE-2018-3143: mariaDB 10.2.19 CVE-2018-3156: mariaD ...

oval:org.secpod.oval:def:1801544
CVE-2018-2755: mariaDB 10.1.33 CVE-2018-2761: mariaDB 10.1.33 CVE-2018-2766: mariaDB 10.1.33 CVE-2018-2767: mariaDB 10.1.33 CVE-2018-2771: mariaDB 10.1.33 CVE-2018-2781: mariaDB 10.1.33 CVE-2018-2782: mariaDB 10.1.33 CVE-2018-2784: mariaDB 10.1.33 CVE-2018-2787: mariaDB 10.1.33 CVE-2018-2813: mariaD ...

oval:org.secpod.oval:def:1501988
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:51121
linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 S ...

oval:org.secpod.oval:def:51129
lcms2: Little CMS color management library Several security issues were fixed in Little CMS.

oval:org.secpod.oval:def:51986
webkit2gtk: Web content engine library for GTK+ Several security issues were fixed in WebKitGTK+.

oval:org.secpod.oval:def:1600944
An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel. An attacker with a local account can trick the stack unwinder code to leak stack contents to userspace. The fix allows only root to inspect the kernel stack of an arbitrary task.A vulnerability was discover ...

oval:org.secpod.oval:def:1600942
During key agreement in a TLS handshake using a DH based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This cou ...

oval:org.secpod.oval:def:51996
qemu: Machine emulator and virtualizer Several security issues were fixed in QEMU.

oval:org.secpod.oval:def:51997
libvirt: Libvirt virtualization toolkit Several security issues were fixed in libvirt.

oval:org.secpod.oval:def:1502452
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502453
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502450
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502451
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502454
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:113972
The kernel meta package

oval:org.secpod.oval:def:1600875
RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys:OpenSSL RSA key generation was found to be vulnerable to cache side-channel attacks. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process c ...

oval:org.secpod.oval:def:113936
WebKitGTK+ is the port of the portable web rendering engine WebKit to the GTK+ platform. This package contains WebKitGTK+ for GTK+ 3.

oval:org.secpod.oval:def:1801000
CVE-2018-10472,XSA-258: Information leak via crafted user-supplied CDROM

oval:org.secpod.oval:def:1801001
CVE-2018-8897, XSA-260: x86: mishandling of debug exceptions

oval:org.secpod.oval:def:1801004
CVE-2018-10472,XSA-258: Information leak via crafted user-supplied CDROM

oval:org.secpod.oval:def:116106
The kernel meta package

oval:org.secpod.oval:def:116107
Kernel-headers includes the C header files that specify the interface between the Linux kernel and userspace libraries and programs. The header files define structures and constants that are needed for building most standard programs and are also needed for rebuilding the glibc package.

oval:org.secpod.oval:def:116104
Kernel-headers includes the C header files that specify the interface between the Linux kernel and userspace libraries and programs. The header files define structures and constants that are needed for building most standard programs and are also needed for rebuilding the glibc package.

oval:org.secpod.oval:def:116105
The kernel meta package

oval:org.secpod.oval:def:502541
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * kernel: stack-based buffer overflow in chap_server_compute_md5 in iscsi target * kernel: NULL pointer dereference in af_netlink.c:__netlink_ns_capable allows for denial of service For more details ...

oval:org.secpod.oval:def:43587
The host is missing a security update according to apple advisory, APPLE-SA-2018-1-23-6. The update is required to fix multiple memory corruption vulnerabilities.The flaws are present in the application, which fails to properly handle maliciously crafted web content. Successful exploitation could al ...

oval:org.secpod.oval:def:114497
This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor

oval:org.secpod.oval:def:44923
The host is installed with Apple iCloud before 7.2 or Apple iTunes before 12.7.2 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle memory. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:1501854
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:114434
The kernel meta package

oval:org.secpod.oval:def:1502342
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502341
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:114424
This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor

oval:org.secpod.oval:def:1700150
A kernel memory leak was found in the kernel_read_file function in the fs/exec.c file in the Linux kernel. An attacker could use this flaw to cause a memory leak and thus a denial of service .A flaw was found in mmap in the Linux kernel allowing the process to map a null page. This allows attackers ...

oval:org.secpod.oval:def:1700149
Vulnerability in the Java SE component of Oracle Java SE . Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of th ...

oval:org.secpod.oval:def:1700144
A vulnerability was found in polkit. When authentication is performed by a non-root user to perform an administrative task, the authentication is temporarily cached in such a way that a local attacker could impersonate the authorized process, thus gaining access to elevated privileges.

oval:org.secpod.oval:def:113991
WebKitGTK+ is the port of the portable web rendering engine WebKit to the GTK+ platform. This package contains WebKitGTK+ for GTK+ 3.

oval:org.secpod.oval:def:1502306
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502307
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:112657
QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system , including a processor and various peripherials. It can be used to launch differe ...

oval:org.secpod.oval:def:113981
The kernel meta package

oval:org.secpod.oval:def:1700108
util/virlog.c in libvirt does not properly determine the hostname on LXC container startup, which allows local guest OS users to bypass an intended container protection mechanism and execute arbitrary commands via a crafted NSS module.

oval:org.secpod.oval:def:502616
The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix: * OpenJDK: memory disclosure in FileChannelImpl For more details about the security issue, including the impact, a CVSS score, and other related information ...

oval:org.secpod.oval:def:502615
The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones. Security Fix: * polkit: Temporary auth hijacking via PID reuse and non-atomic fork For more details a ...

oval:org.secpod.oval:def:502618
The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix: * OpenJDK: memory disclosure in FileChannelImpl For more details about the security issue, including the impact, a CVSS score, and other related information ...

oval:org.secpod.oval:def:502619
The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fix: * OpenJDK: memory disclosure in FileChannelImpl For more details about the security issue, including the impact, a CVSS score, and other related information, ...

oval:org.secpod.oval:def:502621
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix: * OpenJDK: memory disclosure in FileChannelImpl For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other re ...

oval:org.secpod.oval:def:502620
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix: * OpenJDK: memory disclosure in FileChannelImpl For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other re ...

oval:org.secpod.oval:def:502639
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * kernel: Missing check in fs/inode.c:inode_init_owner does not clear SGID bit on non-directories for non-members For more details about the security issue, including the impact, a CVSS score, acknow ...

oval:org.secpod.oval:def:1502392
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:502605
The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones. Security Fix: * polkit: Temporary auth hijacking via PID reuse and non-atomic fork For more details a ...

oval:org.secpod.oval:def:45418
The host is missing an important security update for KB4103731

oval:org.secpod.oval:def:45419
The host is missing an important security update for KB4103730

oval:org.secpod.oval:def:45416
The host is missing an important security update for KB4134651

oval:org.secpod.oval:def:45421
The host is missing an important security update 4103715

oval:org.secpod.oval:def:45423
The host is missing an important security update for KB4103721

oval:org.secpod.oval:def:44100
qemu: Machine emulator and virtualizer Several security issues were fixed in QEMU.

oval:org.secpod.oval:def:44101
qemu: Machine emulator and virtualizer Several security issues were fixed in QEMU.

oval:org.secpod.oval:def:1501947
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:45436
The host is missing an important security update for KB4103725

oval:org.secpod.oval:def:45437
The host is missing an important security update 4103726

oval:org.secpod.oval:def:45438
The host is missing an important security update for KB4103727

oval:org.secpod.oval:def:45440
The host is missing an important security update 4103712

oval:org.secpod.oval:def:1501966
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:53002
linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-hwe: Linux hardware enablement kernel Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:53015
linux: Linux kernel The system could be made to run programs as an administrator.

oval:org.secpod.oval:def:54407
openjdk-7: Open Source Java implementation Java applets or applications could be made to expose sensitive information.

oval:org.secpod.oval:def:2000324
A memory leak in the kernel_read_file function in fs/exec.c in the Linux kernel through 4.20.11 allows attackers to cause a denial of service by triggering vfs_read failures.

oval:org.secpod.oval:def:115440
This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor

oval:org.secpod.oval:def:704900
openjdk-lts: Open Source Java implementation Java applets or applications could be made to expose sensitive information.

oval:org.secpod.oval:def:115427
X.Org X11 X server

oval:org.secpod.oval:def:704057
linux-gcp: Linux kernel for Google Cloud Platform systems - linux-hwe: Linux hardware enablement kernel - linux-oem: Linux kernel for OEM processors The system could be made to crash under certain conditions.

oval:org.secpod.oval:def:704059
linux: Linux kernel - linux-raspi2: Linux kernel for Raspberry Pi 2 The system could be made to crash under certain conditions.

oval:org.secpod.oval:def:114968
The kernel meta package

oval:org.secpod.oval:def:1502682
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:40632
qemu: Machine emulator and virtualizer Several security issues were fixed in QEMU.

oval:org.secpod.oval:def:603310
Several vulnerabilities were discovered in Libvirt, a virtualisation abstraction library: CVE-2018-1064 Denial Berrange discovered that the QEMU guest agent performed insufficient validationof incoming data, which allows a privileged user in the guest to exhaust resources on the virtualisation host, ...

oval:org.secpod.oval:def:45543
The host is missing an important security update 4103718

oval:org.secpod.oval:def:704874
policykit-1: framework for managing administrative policies and privileges PolicyKit could allow unintended access.

oval:org.secpod.oval:def:704879
openjdk-7: Open Source Java implementation Java applets or applications could be made to expose sensitive information.

oval:org.secpod.oval:def:603396
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation or denial of service. CVE-2018-1087 Andy Lutomirski discovered that the KVM implementation did not properly handle #DB exceptions while deferred by MOV SS/POP SS, allowing an unprivileged KVM gue ...

oval:org.secpod.oval:def:704821
linux: Linux kernel The system could be made to run programs as an administrator.

oval:org.secpod.oval:def:2000444
The unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac.c in the Linux kernel through 4.15.8 does not validate certain resource availability, which allows local users to cause a denial of service .

oval:org.secpod.oval:def:115587
QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system , including a processor and various peripherials. It can be used to launch differe ...

oval:org.secpod.oval:def:2000401
In PolicyKit 0.115, the "start time" protection mechanism can be bypassed because fork is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c.

oval:org.secpod.oval:def:54510
openjdk-lts: Open Source Java implementation Java applets or applications could be made to expose sensitive information.

oval:org.secpod.oval:def:704185
libpng1.6: PNG library - development - libpng: PNG file library Several security issues were fixed in libpng.

oval:org.secpod.oval:def:704152
ntp: Network Time Protocol daemon and utility programs Several security issues were fixed in NTP.

oval:org.secpod.oval:def:704151
libjpeg-turbo: library for handling JPEG files libjpeg-turbo could be made to crash or run programs as your login if it opened a specially crafted file.

oval:org.secpod.oval:def:704134
openssl: Secure Socket Layer cryptographic library and tools - openssl1.0: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL.

oval:org.secpod.oval:def:704113
linux: Linux kernel Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:1600987
Vulnerability in the Java SE component of Oracle Java SE . Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of th ...

oval:org.secpod.oval:def:116064
Kernel-headers includes the C header files that specify the interface between the Linux kernel and userspace libraries and programs. The header files define structures and constants that are needed for building most standard programs and are also needed for rebuilding the glibc package.

oval:org.secpod.oval:def:1600990
A kernel memory leak was found in the kernel_read_file function in the fs/exec.c file in the Linux kernel. An attacker could use this flaw to cause a memory leak and thus a denial of service . A flaw was found in mmap in the Linux kernel allowing the process to map a null page. This allows attackers ...

oval:org.secpod.oval:def:116053
The kernel meta package

oval:org.secpod.oval:def:53274
Several vulnerabilities were discovered in Libvirt, a virtualisation abstraction library: CVE-2018-1064 Denial Berrange discovered that the QEMU guest agent performed insufficient validationof incoming data, which allows a privileged user in the guest to exhaust resources on the virtualisation host, ...

oval:org.secpod.oval:def:703601
qemu: Machine emulator and virtualizer Several security issues were fixed in QEMU.

oval:org.secpod.oval:def:115211
Kernel-headers includes the C header files that specify the interface between the Linux kernel and userspace libraries and programs. The header files define structures and constants that are needed for building most standard programs and are also needed for rebuilding the glibc package.

oval:org.secpod.oval:def:1800989
CVE-2018-10472,XSA-258: Information leak via crafted user-supplied CDROM

oval:org.secpod.oval:def:2000564
The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service by continually sending a packet with a zero-origin timestamp and source IP address of the "other side" of an interleaved association causing the victim ntpd to reset its association.

oval:org.secpod.oval:def:53326
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation or denial of service. CVE-2018-1087 Andy Lutomirski discovered that the KVM implementation did not properly handle #DB exceptions while deferred by MOV SS/POP SS, allowing an unprivileged KVM gue ...

oval:org.secpod.oval:def:53328
Multiple vulnerabilities have been discovered in the Xen hypervisor: CVE-2018-8897 Andy Lutomirski and Nick Peterson discovered that incorrect handling of debug exceptions could result in privilege escalation. CVE-2018-10471 An error was discovered in the mitigations against Meltdown which could res ...

oval:org.secpod.oval:def:115236
Kernel-headers includes the C header files that specify the interface between the Linux kernel and userspace libraries and programs. The header files define structures and constants that are needed for building most standard programs and are also needed for rebuilding the glibc package.

oval:org.secpod.oval:def:115235
This package contains the tools/ directory from the kernel source and the supporting documentation.

oval:org.secpod.oval:def:115230
The kernel meta package

oval:org.secpod.oval:def:2000527
Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 through 4.2.8p10 allows remote attackers to execute arbitrary code by leveraging an ntpq query and sending a response with a crafted array.

oval:org.secpod.oval:def:502032
Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm package provides the user-space component for running virtual machines that use KVM. Security Fix: * A heap buffer overflow flaw was found in QEMU"s Cirrus CLGD 54xx VGA emulator"s V ...

oval:org.secpod.oval:def:49231
qemu: Machine emulator and virtualizer Several security issues were fixed in QEMU.

oval:org.secpod.oval:def:51543
qemu: Machine emulator and virtualizer Several security issues were fixed in QEMU.

oval:org.secpod.oval:def:49230
qemu: Machine emulator and virtualizer Several security issues were fixed in QEMU.

oval:org.secpod.oval:def:114770
The kernel meta package

oval:org.secpod.oval:def:204783
Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix: * Qemu: vga: OOB read access during display update * Qemu: Slirp: use-after-free w ...

oval:org.secpod.oval:def:114723
This package contains the tools/ directory from the kernel source and the supporting documentation.

oval:org.secpod.oval:def:46150
The host is installed with OpenSSL 1.1.0 through 1.1.0h or OpenSSL 1.0.2 through 1.0.2o or Oracle VM VirtualBox before 5.2.20 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle a key agreement issue in a TLS handshake using a DH(E) ...

oval:org.secpod.oval:def:114740
The kernel meta package

oval:org.secpod.oval:def:603541
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2018-15471 Felix Wilhelm of Google Project Zero discovered a flaw in the hash handling of the xen-netback Linux kernel module. A malicious or buggy f ...

oval:org.secpod.oval:def:603564
Integer overflows in the processing of packets in network cards emulated by QEMU, a fast processor emulator, could result in denial of service. In addition this update backports support to passthrough the new CPU features added in the intel-microcode update shipped in DSA 4273 to x86-based guests.

oval:org.secpod.oval:def:603556
Narendra Shinde discovered that incorrect command-line parameter validation in the Xorg X server may result in arbitary file overwrite, which can result in privilege escalation.

oval:org.secpod.oval:def:704201
openssl: Secure Socket Layer cryptographic library and tools OpenSSL could allow access to sensitive information.

oval:org.secpod.oval:def:110403
The kernel meta package

oval:org.secpod.oval:def:115294
X.Org X11 X server

oval:org.secpod.oval:def:52083
openssl: Secure Socket Layer cryptographic library and tools OpenSSL could allow access to sensitive information.

oval:org.secpod.oval:def:57782
linux: Linux kernel - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-aws: Linux kernel for Amazon Web Services systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-euclid: Linux kernel for Intel Euclid systems - linux-gcp: Linux kernel for Google Cloud Platform syst ...

oval:org.secpod.oval:def:115249
This package contains the tools/ directory from the kernel source and the supporting documentation.

oval:org.secpod.oval:def:115248
Kernel-headers includes the C header files that specify the interface between the Linux kernel and userspace libraries and programs. The header files define structures and constants that are needed for building most standard programs and are also needed for rebuilding the glibc package.

oval:org.secpod.oval:def:52038
linux-gcp: Linux kernel for Google Cloud Platform systems - linux-hwe: Linux hardware enablement kernel - linux-oem: Linux kernel for OEM processors The system could be made to crash under certain conditions.

oval:org.secpod.oval:def:53390
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation or denial of service. CVE-2018-5390 Juha-Matti Tilli discovered that a remote attacker can trigger the worst case code paths for TCP stream reassembly with low rates of specially crafted packets ...

oval:org.secpod.oval:def:52057
ntp: Network Time Protocol daemon and utility programs Several security issues were fixed in NTP.

oval:org.secpod.oval:def:53435
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2018-15471 Felix Wilhelm of Google Project Zero discovered a flaw in the hash handling of the xen-netback Linux kernel module. A malicious or buggy f ...

oval:org.secpod.oval:def:115324
This package contains the tools/ directory from the kernel source and the supporting documentation.

oval:org.secpod.oval:def:205372
Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix: * QEMU: slirp: heap buffer overflow while reassembling fragmented datagrams * QEMU ...

oval:org.secpod.oval:def:52132
openjdk-lts: Open Source Java implementation - openjdk-8: Open Source Java implementation Java applets or applications could be made to expose sensitive information.

oval:org.secpod.oval:def:53457
Integer overflows in the processing of packets in network cards emulated by QEMU, a fast processor emulator, could result in denial of service. In addition this update backports support to passthrough the new CPU features added in the intel-microcode update shipped in DSA 4273 to x86-based guests.

oval:org.secpod.oval:def:115345
Kernel-headers includes the C header files that specify the interface between the Linux kernel and userspace libraries and programs. The header files define structures and constants that are needed for building most standard programs and are also needed for rebuilding the glibc package.

oval:org.secpod.oval:def:114886
The kernel meta package

oval:org.secpod.oval:def:114891
The libpng package contains a library of functions for creating and manipulating PNG image format files. PNG is a bit-mapped graphics format similar to the GIF format. PNG was created to replace the GIF format, since GIF uses a patented data compression algorithm. Libpng should be installed if you ...

oval:org.secpod.oval:def:704399
qemu: Machine emulator and virtualizer Several security issues were fixed in QEMU.

oval:org.secpod.oval:def:704393
linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 The system could be made to crash or run programs as an adminis ...

oval:org.secpod.oval:def:110473
The kernel meta package

oval:org.secpod.oval:def:114851
The libpng10 package contains an old version of libpng, a library of functions for creating and manipulating PNG image format files. This package is needed if you want to run binaries that were linked dynamically with libpng 1.0.x.

oval:org.secpod.oval:def:114853
The libpng10 package contains an old version of libpng, a library of functions for creating and manipulating PNG image format files. This package is needed if you want to run binaries that were linked dynamically with libpng 1.0.x.

oval:org.secpod.oval:def:704361
xorg-server: X.Org X11 server - xorg-server-hwe-16.04: X.Org X11 server X.Org X server could be made to overwrite files as the administrator.

oval:org.secpod.oval:def:114928
The libpng15 package provides libpng 1.5, an older version of the libpng. library for manipulating PNG image format files. This version should be used only if you are unable to use the current version of libpng.

oval:org.secpod.oval:def:704322
lcms2: Little CMS color management library Several security issues were fixed in Little CMS.

oval:org.secpod.oval:def:704312
linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 S ...

oval:org.secpod.oval:def:46321
ntp: Network Time Protocol daemon and utility programs Several security issues were fixed in NTP.

oval:org.secpod.oval:def:204866
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * Modern operating systems implement virtualization of physical memory to efficiently use available system resources and provide inter-domain protection through access control and isolation. The L1TF ...

oval:org.secpod.oval:def:114070
Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux . The main package includes the libvirtd server exporting the virtualization support.

oval:org.secpod.oval:def:115373
The kernel meta package

oval:org.secpod.oval:def:43212
The host is missing a security update according to Apple advisory, APPLE-SA-2017-12-13-3. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle maliciously crafted web content or client certificates. Successful exploitation c ...

oval:org.secpod.oval:def:43213
The host is missing a security update according to apple advisory, APPLE-SA-2017-12-13-4. The update is required to fix multiple memory corruption vulnerabilities.The flaws are present in the application, which fails to properly handle maliciously crafted web content or client certificates. Successf ...

oval:org.secpod.oval:def:1700093
During key agreement in a TLS handshake using a DH based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This cou ...

oval:org.secpod.oval:def:1700091
An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel. An attacker with a local account can trick the stack unwinder code to leak stack contents to userspace. The fix allows only root to inspect the kernel stack of an arbitrary task.A vulnerability was discover ...

oval:org.secpod.oval:def:114565
This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor

oval:org.secpod.oval:def:45915
The host is installed with Apple Mac OS X 10.11.6 or 10.12.6 and is prone to an arbitrary code execution vulnerability. A flaw is present in the application, which fails to properly handle an undocumented instructions issue. Successful exploitation allows attackers to execute arbitrary code with ker ...

oval:org.secpod.oval:def:502272
Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix: * Qemu: vga: OOB read access during display update * Qemu: Slirp: use-after-free w ...

oval:org.secpod.oval:def:53540
The host is installed with Apple Mac OS X through 10.12.6, 10.13.6 or 10.14.3 and is prone to multiple vulnerabilities. The flaws are present in the application, which fails to properly handle multiple issues. Successful exploitation allows attackers to execute arbitrary code or read restricted memo ...

oval:org.secpod.oval:def:52200
qemu: Machine emulator and virtualizer Several security issues were fixed in QEMU.

oval:org.secpod.oval:def:48133
The host is installed with Oracle VM VirtualBox before 5.2.20 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to Core (OpenSSL). Successful exploitation allows attackers to affect Availability.

oval:org.secpod.oval:def:114544
curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+passwo ...

oval:org.secpod.oval:def:1502247
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502248
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502246
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:603830
A memory disclosure vulnerability was discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in information disclosure or bypass of sandbox restrictions.

oval:org.secpod.oval:def:1700029
bn_sqrx8x_internal carry bug on x86_64There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to ...

oval:org.secpod.oval:def:1502203
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502204
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502201
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502202
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502205
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:703164
linux-lts-wily: Linux hardware enablement kernel from Wily for Trusty Several security issues were fixed in the kernel.

oval:org.secpod.oval:def:703160
linux-lts-vivid: Linux hardware enablement kernel from Vivid for Trusty Several security issues were fixed in the kernel.

oval:org.secpod.oval:def:704472
openjdk-lts: Open Source Java implementation - openjdk-8: Open Source Java implementation Java applets or applications could be made to expose sensitive information.

oval:org.secpod.oval:def:704454
linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-hwe: Linux hardware enablement kernel Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:1801222
In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol. Fixed in Ve ...

oval:org.secpod.oval:def:1502287
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502286
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502292
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:502347
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * Modern operating systems implement virtualization of physical memory to efficiently use available system resources and provide inter-domain protection through access control and isolation. The L1TF ...

oval:org.secpod.oval:def:502365
Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-ma packages provide the user-space component for running virtual machines that use KVM on the IBM z Systems, IBM Power, and 64-bit ARM architectures. Security Fix: * QEMU: slirp: hea ...

oval:org.secpod.oval:def:115016
Kernel-headers includes the C header files that specify the interface between the Linux kernel and userspace libraries and programs. The header files define structures and constants that are needed for building most standard programs and are also needed for rebuilding the glibc package.

oval:org.secpod.oval:def:115015
QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system , including a processor and various peripherials. It can be used to launch differe ...

oval:org.secpod.oval:def:115018
Kernel-headers includes the C header files that specify the interface between the Linux kernel and userspace libraries and programs. The header files define structures and constants that are needed for building most standard programs and are also needed for rebuilding the glibc package.

oval:org.secpod.oval:def:55310
Multiple security issues were discovered in QEMU, a fast processor emulator, which could result in denial of service, the execution of arbitrary code or information disclosure. In addition this update backports support to passthrough the new md-clear CPU flag added in the intel-microcode update ship ...

oval:org.secpod.oval:def:703987
qemu: Machine emulator and virtualizer Several security issues were fixed in QEMU.

oval:org.secpod.oval:def:703988
libvirt: Libvirt virtualization toolkit Several security issues were fixed in libvirt.

oval:org.secpod.oval:def:703972
webkit2gtk: Web content engine library for GTK+ Several security issues were fixed in WebKitGTK+.

oval:org.secpod.oval:def:115029
This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor

oval:org.secpod.oval:def:115020
The kernel meta package

oval:org.secpod.oval:def:205141
The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. The following packages have been upgraded to a later upstream version: libvir ...

oval:org.secpod.oval:def:51012
ntp: Network Time Protocol daemon and utility programs Several security issues were fixed in NTP.

oval:org.secpod.oval:def:205130
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * kernel: stack-based buffer overflow in chap_server_compute_md5 in iscsi target * kernel: NULL pointer dereference in af_netlink.c:__netlink_ns_capable allows for denial of service For more details ...

oval:org.secpod.oval:def:51027
qemu: Machine emulator and virtualizer Several security issues were fixed in QEMU.

oval:org.secpod.oval:def:205121
X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Security Fix: * xorg-x11-server: Incorrect permission check in Xorg X server allows for privilege escalation For more details a ...

oval:org.secpod.oval:def:205164
The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix: * OpenJDK: memory disclosure in FileChannelImpl For more details about the security issue, including the impact, a CVSS score, and other related information ...

oval:org.secpod.oval:def:205165
The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones. Security Fix: * polkit: Temporary auth hijacking via PID reuse and non-atomic fork For more details a ...

oval:org.secpod.oval:def:205166
The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fix: * OpenJDK: memory disclosure in FileChannelImpl For more details about the security issue, including the impact, a CVSS score, and other related information, ...

oval:org.secpod.oval:def:205167
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix: * OpenJDK: memory disclosure in FileChannelImpl For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other re ...

oval:org.secpod.oval:def:205168
The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones. Security Fix: * polkit: Temporary auth hijacking via PID reuse and non-atomic fork For more details a ...

oval:org.secpod.oval:def:205169
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix: * OpenJDK: memory disclosure in FileChannelImpl For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other re ...

oval:org.secpod.oval:def:603933
Multiple security issues were discovered in QEMU, a fast processor emulator, which could result in denial of service, the execution of arbitrary code or information disclosure. In addition this update backports support to passthrough the new md-clear CPU flag added in the intel-microcode update ship ...

oval:org.secpod.oval:def:50583
The host is installed with Oracle Java SE through 7u201, 8u192 or 11.0.1 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to handle vectors related to unspecified vectors. Successful exploitation allows remote attackers to execute code without u ...

oval:org.secpod.oval:def:50588
The host is installed with Oracle Java SE through 7u201, 8u192 or 11.0.1 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to handle vectors related to unspecified vectors. Successful exploitation allows remote attackers to execute code without u ...

oval:org.secpod.oval:def:705016
linux: Linux kernel - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-aws: Linux kernel for Amazon Web Services systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-euclid: Linux kernel for Intel Euclid systems - linux-gcp: Linux kernel for Google Cloud Platform syst ...

oval:org.secpod.oval:def:45288
The host is installed with OpenSSL 1.1.0 through 1.1.0h or OpenSSL 1.0.2b through 1.0.2n and is prone to a cache timing side channel attack vulnerability. A flaw is present in the application, which fails to properly handle malicious input to a stack. Successful exploitation can allow attackers to c ...

oval:org.secpod.oval:def:1502168
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:115174
LittleCMS intends to be a small-footprint, speed optimized color management engine in open source form. LCMS2 is the current version of LCMS, and can be parallel installed with the original lcms.

oval:org.secpod.oval:def:115169
The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols.

oval:org.secpod.oval:def:115166
This package contains the tools/ directory from the kernel source and the supporting documentation.

oval:org.secpod.oval:def:115162
The kernel meta package

oval:org.secpod.oval:def:115161
Kernel-headers includes the C header files that specify the interface between the Linux kernel and userspace libraries and programs. The header files define structures and constants that are needed for building most standard programs and are also needed for rebuilding the glibc package.

oval:org.secpod.oval:def:115164
Kernel-headers includes the C header files that specify the interface between the Linux kernel and userspace libraries and programs. The header files define structures and constants that are needed for building most standard programs and are also needed for rebuilding the glibc package.

oval:org.secpod.oval:def:115163
This package contains the tools/ directory from the kernel source and the supporting documentation.

oval:org.secpod.oval:def:51064
openssl: Secure Socket Layer cryptographic library and tools - openssl1.0: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL.

oval:org.secpod.oval:def:115131
Kernel-headers includes the C header files that specify the interface between the Linux kernel and userspace libraries and programs. The header files define structures and constants that are needed for building most standard programs and are also needed for rebuilding the glibc package.

oval:org.secpod.oval:def:51070
libjpeg-turbo: library for handling JPEG files libjpeg-turbo could be made to crash or run programs as your login if it opened a specially crafted file.

oval:org.secpod.oval:def:115122
Kernel-headers includes the C header files that specify the interface between the Linux kernel and userspace libraries and programs. The header files define structures and constants that are needed for building most standard programs and are also needed for rebuilding the glibc package.

oval:org.secpod.oval:def:115124
The kernel meta package

oval:org.secpod.oval:def:115123
The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols.

oval:org.secpod.oval:def:115148
LittleCMS intends to be a small-footprint, speed optimized color management engine in open source form. LCMS2 is the current version of LCMS, and can be parallel installed with the original lcms.

oval:org.secpod.oval:def:54117
policykit-1: framework for managing administrative policies and privileges PolicyKit could allow unintended access.

oval:org.secpod.oval:def:2000338
An issue was discovered in ImageMagick 7.0.7. A memory leak vulnerability was found in the function ReadPCDImage in coders/pcd.c, which allow remote attackers to cause a denial of service via a crafted file.

oval:org.secpod.oval:def:2000376
ImageMagick 7.0.8-4 has a memory leak in DecodeImage in coders/pcd.c.

oval:org.secpod.oval:def:2000365
ImageMagick 7.0.8-4 has a memory leak for a colormap in WriteMPCImage in coders/mpc.c.

oval:org.secpod.oval:def:2000460
ImageMagick version 7.0.7-28 contains a memory leak in ReadYCBCRImage in coders/ycbcr.c.

oval:org.secpod.oval:def:704155
imagemagick: Image manipulation programs and library Several security issues were fixed in ImageMagick.

oval:org.secpod.oval:def:2000501
In ImageMagick 7.0.8-4, there is a memory leak in the XMagickCommand function in MagickCore/animate.c.

oval:org.secpod.oval:def:52119
imagemagick: Image manipulation programs and library Several security issues were fixed in ImageMagick.

oval:org.secpod.oval:def:704338
imagemagick: Image manipulation programs and library Several security issues were fixed in ImageMagick.

oval:org.secpod.oval:def:51023
imagemagick: Image manipulation programs and library Several security issues were fixed in ImageMagick.

oval:org.secpod.oval:def:47878
imagemagick: Image manipulation programs and library Several security issues were fixed in ImageMagick.

oval:org.secpod.oval:def:51073
imagemagick: Image manipulation programs and library Several security issues were fixed in ImageMagick.

oval:org.secpod.oval:def:51179
openssl: Secure Socket Layer cryptographic library and tools - openssl1.0: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL.

oval:org.secpod.oval:def:1700153
A microprocessor side-channel vulnerability was found on SMT architectures. An attacker running a malicious process on the same core of the processor as the victim process can extract certain secret information.If an application encounters a fatal protocol error and then calls SSL_shutdown twice t ...

oval:org.secpod.oval:def:502625
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures For more details about the security issu ...

oval:org.secpod.oval:def:503264
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * openssl: 0-byte record padding oracle * openssl: timing side channel attack in the DSA signature algorithm For mo ...

oval:org.secpod.oval:def:51450
The host is installed with OpenSSL 1.1.0 through 1.1.0h or OpenSSL 1.0.2 through 1.0.2p and is prone to a microarchitecture timing side channel attack vulnerability. A flaw is present in the application, which fails to properly handle an issue in ECDSA signature generation. Successful exploitation c ...

oval:org.secpod.oval:def:48691
This is a flaw in the Intel processor execution engine sharing on SMT (e.g. Hyper-Threading) architectures. It can result in leakage of secret data in applications such as OpenSSL that has secret dependent control flow at any granularity level. In order to exploit this flaw, the attacker needs to ru ...

oval:org.secpod.oval:def:1600996
A microprocessor side-channel vulnerability was found on SMT architectures. An attacker running a malicious process on the same core of the processor as the victim process can extract certain secret information. If an application encounters a fatal protocol error and then calls SSL_shutdown twice ...

oval:org.secpod.oval:def:205268
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * openssl: 0-byte record padding oracle * openssl: timing side channel attack in the DSA signature algorithm For mo ...

oval:org.secpod.oval:def:49221
The host is installed with OpenSSL 1.1.0 through 1.1.0i, 1.0.2 through 1.0.2p or 1.1.1 and is prone to a timing side channel attack vulnerability. A flaw is present in the DSA algorithm. On successful exploitation, an attacker could use variations in the signing algorithm to recover the private key.

oval:org.secpod.oval:def:603589
Several local side channel attacks and a denial of service via large Diffie-Hellman parameters were discovered in OpenSSL, a Secure Sockets Layer toolkit.

oval:org.secpod.oval:def:603582
Several local side channel attacks and a denial of service via large Diffie-Hellman parameters were discovered in OpenSSL, a Secure Sockets Layer toolkit.

oval:org.secpod.oval:def:53471
Several local side channel attacks and a denial of service via large Diffie-Hellman parameters were discovered in OpenSSL, a Secure Sockets Layer toolkit.

oval:org.secpod.oval:def:53478
Several local side channel attacks and a denial of service via large Diffie-Hellman parameters were discovered in OpenSSL, a Secure Sockets Layer toolkit.

oval:org.secpod.oval:def:704418
openssl: Secure Socket Layer cryptographic library and tools - openssl1.0: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL.

oval:org.secpod.oval:def:205170
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures For more details about the security issu ...

oval:org.secpod.oval:def:50635
The host is installed with Oracle VM VirtualBox before 5.2.24 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to Core. Successful exploitation allows attackers to affect Confidentiality, Integrity and Availability.

oval:org.secpod.oval:def:1600923
Quick Emulator , compiled with the PC System Emulator with multiboot feature support, is vulnerable to an OOB r/w memory access issue. The issue could occur while loading a kernel image during the guest boot, if mh_load_end_addr address is greater than the mh_bss_end_addr address. A user or process ...

oval:org.secpod.oval:def:204870
Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix: * QEMU: slirp: heap buffer overflow while reassembling fragmented datagrams * QEMU ...

oval:org.secpod.oval:def:1700077
A heap buffer overflow issue was found in the way SLiRP networking back-end in QEMU processes fragmented packets. It could occur while reassembling the fragmented datagrams of an incoming packet. A privileged user/process inside guest could use this flaw to crash the QEMU process resulting in DoS or ...

oval:org.secpod.oval:def:1502293
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:502351
Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix: * QEMU: slirp: heap buffer overflow while reassembling fragmented datagrams * QEMU ...

oval:org.secpod.oval:def:704122
imagemagick: Image manipulation programs and library Several security issues were fixed in ImageMagick.

oval:org.secpod.oval:def:51056
imagemagick: Image manipulation programs and library Several security issues were fixed in ImageMagick.

oval:org.secpod.oval:def:51134
linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-kvm: Linux kernel for cloud environments - linux-oem: Linux kernel for OEM processors - linux-raspi2: Linux kernel for Raspberry Pi 2 Several security i ...

oval:org.secpod.oval:def:53011
linux-gcp: Linux kernel for Google Cloud Platform systems - linux-hwe: Linux hardware enablement kernel Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:115435
This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor

oval:org.secpod.oval:def:115530
This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor

oval:org.secpod.oval:def:114789
This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor

oval:org.secpod.oval:def:114727
This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor

oval:org.secpod.oval:def:204852
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions . It relies on the presence of a precisely-defi ...

oval:org.secpod.oval:def:704330
linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-kvm: Linux kernel for cloud environments - linux-oem: Linux kernel for OEM processors - linux-raspi2: Linux kernel for Raspberry Pi 2 Several security i ...

oval:org.secpod.oval:def:114551
This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor

oval:org.secpod.oval:def:1502222
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502240
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502241
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:704466
linux-gcp: Linux kernel for Google Cloud Platform systems - linux-hwe: Linux hardware enablement kernel Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:502332
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load Store instructions . It relies on the presence of a precisely-defined in ...

oval:org.secpod.oval:def:115017
QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system , including a processor and various peripherials. It can be used to launch differe ...

oval:org.secpod.oval:def:115038
This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor

oval:org.secpod.oval:def:114614
This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor

oval:org.secpod.oval:def:1600844
Kernel address information leak in drivers/acpi/sbshc.c:acpi_smbus_hc_add function potentially allowing KASLR bypassThe acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux kernel, through 4.14.15, allows local users to obtain sensitive address information by reading dmesg data from an SB ...

oval:org.secpod.oval:def:53259
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2017-5715 Multiple researchers have discovered a vulnerability in various processors supporting speculative execution, enabling an attacker controllin ...

oval:org.secpod.oval:def:1800708
CVE-2017-5753 Versions affected: WebKitGTK+ before 2.18.5.Impact: Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker via a side-channel analysis. This variant of the Spectre vulnerability triggers the spe ...

oval:org.secpod.oval:def:1700012
Stack-based out-of-bounds read via vmcall instructionLinux kernel compiled with the KVM virtualization support is vulnerable to an out-of-bounds read access issue. It could occur when emulating vmcall instructions invoked by a guest. A guest user/process could use this flaw to disclose kernel memor ...

oval:org.secpod.oval:def:111284
Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory e ...

oval:org.secpod.oval:def:111287
Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory e ...

oval:org.secpod.oval:def:704098
tomcat8: Servlet and JSP engine - tomcat7: Servlet and JSP engine Several security issues were fixed in Tomcat.

oval:org.secpod.oval:def:1600439
A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of the multipart boundary was just below the size of the buffer used to read the uploaded file if the boundary was the typical tens of bytes long.

oval:org.secpod.oval:def:703196
tomcat8: Servlet and JSP engine Tomcat could be made to hang if it received specially crafted network traffic.

oval:org.secpod.oval:def:703188
tomcat7: Servlet and JSP engine - tomcat6: Servlet and JSP engine Several security issues were fixed in Tomcat.

oval:org.secpod.oval:def:602553
The TERASOLUNA Framework Development Team discovered a denial of service vulnerability in Apache Commons FileUpload, a package to make it easy to add robust, high-performance, file upload capability to servlets and web applications. A remote attacker can take advantage of this flaw by sending file u ...

oval:org.secpod.oval:def:602549
The TERASOLUNA Framework Development Team discovered a denial of service vulnerability in Apache Commons FileUpload, a package to make it easy to add robust, high-performance, file upload capability to servlets and web applications. A remote attacker can take advantage of this flaw by sending file u ...

oval:org.secpod.oval:def:602545
Multiple security vulnerabilities have been discovered in the Tomcat servlet and JSP engine, which may result in information disclosure, the bypass of CSRF protections, bypass of the SecurityManager or denial of service.

oval:org.secpod.oval:def:1501655
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. The following packages have been upgraded to a newer upstream version: tomcat . Security Fix: * A CSRF flaw was found in Tomcat"s the index pages for the Manager and Host Manager applications. These applic ...

oval:org.secpod.oval:def:51047
tomcat8: Servlet and JSP engine - tomcat7: Servlet and JSP engine Several security issues were fixed in Tomcat.

oval:org.secpod.oval:def:35821
The host is installed with Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3 or 9.x before 9.0.0.M7 and is prone to a denial of service vulnerability. A flaw is present in the MultipartStream class in Apache Commons Fileupload, which fails to handle a long boundary string. Succe ...

oval:org.secpod.oval:def:35820
tomcat7: Servlet and JSP engine - tomcat6: Servlet and JSP engine Several security issues were fixed in Tomcat.

oval:org.secpod.oval:def:35819
tomcat7: Servlet and JSP engine - tomcat6: Servlet and JSP engine Several security issues were fixed in Tomcat.

oval:org.secpod.oval:def:51188
exiv2: EXIF/IPTC/XMP metadata manipulation tool Several security issues were fixed in Exiv2.

oval:org.secpod.oval:def:51545
exiv2: EXIF/IPTC/XMP metadata manipulation tool Several security issues were fixed in Exiv2.

oval:org.secpod.oval:def:50470
exiv2: EXIF/IPTC/XMP metadata manipulation tool Several security issues were fixed in Exiv2.

oval:org.secpod.oval:def:704434
exiv2: EXIF/IPTC/XMP metadata manipulation tool Several security issues were fixed in Exiv2.

oval:org.secpod.oval:def:1502478
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502479
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1600905
An issue was discovered in the XFS filesystem in fs/xfs/libxfs/xfs_attr_leaf.c in the Linux kernel. A NULL pointer dereference may occur for a corrupted xfs image after xfs_da_shrink_inode is called with a NULL bp. This can lead to a system crash and a denial of service.An issue was discovered in th ...

oval:org.secpod.oval:def:1502348
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502349
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:704141
linux: Linux kernel - linux-raspi2: Linux kernel for Raspberry Pi 2 Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:704140
linux-oem: Linux kernel for OEM processors Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:704114
linux: Linux kernel - linux-raspi2: Linux kernel for Raspberry Pi 2 Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:114788
The kernel meta package

oval:org.secpod.oval:def:704299
linux-aws: Linux kernel for Amazon Web Services systems - linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:704298
linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:52055
linux-oem: Linux kernel for OEM processors Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:52112
linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:52117
linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:52125
linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:52949
linux-aws: Linux kernel for Amazon Web Services systems - linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:704394
linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:52951
linux-aws: Linux kernel for Amazon Web Services systems - linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:52956
linux-aws: Linux kernel for Amazon Web Services systems - linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:704389
linux-aws: Linux kernel for Amazon Web Services systems - linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:114920
This package contains the tools/ directory from the kernel source and the supporting documentation.

oval:org.secpod.oval:def:114917
Kernel-headers includes the C header files that specify the interface between the Linux kernel and userspace libraries and programs. The header files define structures and constants that are needed for building most standard programs and are also needed for rebuilding the glibc package.

oval:org.secpod.oval:def:114913
Kernel-headers includes the C header files that specify the interface between the Linux kernel and userspace libraries and programs. The header files define structures and constants that are needed for building most standard programs and are also needed for rebuilding the glibc package.

oval:org.secpod.oval:def:114906
This package contains the tools/ directory from the kernel source and the supporting documentation.

oval:org.secpod.oval:def:704331
linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:704329
linux-aws: Linux kernel for Amazon Web Services systems - linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:114905
The kernel meta package

oval:org.secpod.oval:def:45898
The host is installed with Apple Mac OS 10.13.4, 10.12.6 or 10.11.6 and is prone to multiple vulnerabilities. The flaw is present in the application, which fails to properly handle multiple issues. Successful exploitation allows remote attackers to execute arbitrary code or read restricted memory or ...

oval:org.secpod.oval:def:1700064
An issue was discovered in the XFS filesystem in fs/xfs/libxfs/xfs_attr_leaf.c in the Linux kernel. A NULL pointer dereference may occur for a corrupted xfs image after xfs_da_shrink_inode is called with a NULL bp. This can lead to a system crash and a denial of service.An issue was discovered in th ...

oval:org.secpod.oval:def:114632
The kernel meta package

oval:org.secpod.oval:def:51166
linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-kvm: Linux kernel for cloud environments - linux-oem: Linux kernel for OEM processors - li ...

oval:org.secpod.oval:def:115654
Kernel-headers includes the C header files that specify the interface between the Linux kernel and userspace libraries and programs. The header files define structures and constants that are needed for building most standard programs and are also needed for rebuilding the glibc package.

oval:org.secpod.oval:def:115651
The kernel meta package

oval:org.secpod.oval:def:51105
linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-kvm: Linux kernel for cloud environments - linux-oem: Linux kernel for OEM processors - li ...

oval:org.secpod.oval:def:115613
This package contains the tools/ directory from the kernel source and the supporting documentation.

oval:org.secpod.oval:def:115610
The kernel meta package

oval:org.secpod.oval:def:115612
Kernel-headers includes the C header files that specify the interface between the Linux kernel and userspace libraries and programs. The header files define structures and constants that are needed for building most standard programs and are also needed for rebuilding the glibc package.

oval:org.secpod.oval:def:115630
The kernel meta package

oval:org.secpod.oval:def:1502487
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:115627
Kernel-headers includes the C header files that specify the interface between the Linux kernel and userspace libraries and programs. The header files define structures and constants that are needed for building most standard programs and are also needed for rebuilding the glibc package.

oval:org.secpod.oval:def:115626
This package contains the tools/ directory from the kernel source and the supporting documentation.

oval:org.secpod.oval:def:1502497
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502425
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1600910
Fixes for L1Terminal Fault security issues:L1 Terminal Fault-OS/ SMM:Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault an ...

oval:org.secpod.oval:def:1502443
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:2001436
A flaw was found in the Linux Kernel where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect and close function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly intercept or ...

oval:org.secpod.oval:def:1600933
A security flaw was found in the chap_server_compute_md5 function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The atta ...

oval:org.secpod.oval:def:502598
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * kernel: Use-after-free due to race condition in AF_PACKET implementation * kernel: userfaultfd bypasses tmpfs file permissions For more details about the security issue, including the impact, a CV ...

oval:org.secpod.oval:def:51185
linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-kvm: Linux kernel for cloud environments - linux-oem: Linux kernel for OEM processors - li ...

oval:org.secpod.oval:def:704806
linux-aws-hwe: Linux kernel for Amazon Web Services systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-hwe: Linux hardware enablement kernel - linux-oracle: Linux kernel for Oracle Cloud systems Several securit ...

oval:org.secpod.oval:def:704807
linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-kvm: Linux kernel for cloud environments - linux-oem: Linux kernel for OEM processors - linux-oracle: Linux kernel for Oracle Cloud systems - linux-rasp ...

oval:org.secpod.oval:def:704808
linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-hwe: Linux hardware enablement kernel Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:704809
linux: Linux kernel - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:51210
linux-aws: Linux kernel for Amazon Web Services systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-kvm: Linux kernel for cloud environments - linux-oem: Linux kernel for OEM processors - linux-raspi2: Linux kernel for Raspberry Pi 2 Several security issues were fixed in th ...

oval:org.secpod.oval:def:51216
linux-azure: Linux kernel for Microsoft Azure Cloud systems Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:2000292
In the Linux kernel through 4.19.6, a local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device that is mishandled in usb_audio_probe in sound/usb/card.c.

oval:org.secpod.oval:def:1502340
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1700166
A flaw was found in the Linux kernel#039;s implementation of logical link control and adaptation protocol , part of the Bluetooth stack in the l2cap_parse_conf_rsp and l2cap_parse_conf_req functions. An attacker with physical access within the range of standard Bluetooth transmission can create a sp ...

oval:org.secpod.oval:def:51206
linux: Linux kernel Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:51205
linux-hwe: Linux hardware enablement kernel Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:1700116
A flaw was found in the Linux kernel"s NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a ...

oval:org.secpod.oval:def:1700114
A use-after-free vulnerability was found in the way the Linux kernel#039;s KVM hypervisor implements its device control API. While creating a device via kvm_ioctl_create_device, the device holds a reference to a VM object, later this reference is transferred to the caller#039;s file descriptor table ...

oval:org.secpod.oval:def:1502320
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502321
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1700105
A security flaw was found in the Linux kernel in a way that the cleancache subsystem clears an inode after the final file truncation . The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one.An issue was discovered in the Linux ...

oval:org.secpod.oval:def:502626
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * kernel: Memory corruption due to incorrect socket cloning * kernel: Unprivileged users able to inspect kernel stacks of arbitrary tasks * kernel: Faulty computation of numberic bounds in the BPF v ...

oval:org.secpod.oval:def:502649
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * Kernel: KVM: potential use-after-free via kvm_ioctl_create_device * Kernel: KVM: nVMX: use-after-free of the hrtimer for emulation of the preemption timer For more details about the security issue ...

oval:org.secpod.oval:def:53004
linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-hwe: Linux hardware enablement kernel Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:53003
linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-hwe: Linux hardware enablement kernel Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:53005
linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-hwe: Linux hardware enablement kernel Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:53009
linux-aws-hwe: Linux kernel for Amazon Web Services systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-hwe: Linux hardware enablement kernel Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:2000354
Heap address infoleak in use of l2cap_get_conf_opt

oval:org.secpod.oval:def:704870
linux: Linux kernel Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:704863
linux-aws: Linux kernel for Amazon Web Services systems - linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:704868
linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 S ...

oval:org.secpod.oval:def:704864
linux-aws-hwe: Linux kernel for Amazon Web Services systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-hwe: Linux hardware enablement kernel - linux-oracle: Linux kernel for Oracle Cloud systems Several securit ...

oval:org.secpod.oval:def:704865
linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-hwe: Linux hardware enablement kernel Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:704866
linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-kvm: Linux kernel for cloud environments - linux-oem: Linux kernel for OEM processors - linux-oracle: Linux kernel for Oracle Cloud systems - linux-rasp ...

oval:org.secpod.oval:def:704867
linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:704825
linux-aws: Linux kernel for Amazon Web Services systems - linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:704826
linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:115536
This package contains the tools/ directory from the kernel source and the supporting documentation.

oval:org.secpod.oval:def:115535
Kernel-headers includes the C header files that specify the interface between the Linux kernel and userspace libraries and programs. The header files define structures and constants that are needed for building most standard programs and are also needed for rebuilding the glibc package.

oval:org.secpod.oval:def:2000418
Heap data infoleak in multiple locations including functionl2cap_parse_conf_rsp

oval:org.secpod.oval:def:704143
linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-kvm: Linux kernel for cloud environments - linux-oem: Linux kernel for OEM processors - li ...

oval:org.secpod.oval:def:1600978
A use-after-free vulnerability was found in the way the Linux kernel's KVM hypervisor emulates a preemption timer for L2 guests when nested virtualization is enabled. This high resolution timer runs when a L2 guest is active. After VM exit, the sync_vmcs12 timer object is stopped. The use-afte ...

oval:org.secpod.oval:def:1600973
A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption ...

oval:org.secpod.oval:def:1600968
A security flaw was found in the Linux kernel in a way that the cleancache subsystem clears an inode after the final file truncation . The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one.An issue was discovered in the Linux ...

oval:org.secpod.oval:def:55022
linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-hwe: Linux hardware enablement kernel Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:55023
linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-hwe: Linux hardware enablement kernel - linux-oracle: Linux kernel for Oracle Cloud systems Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:704950
linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-hwe: Linux hardware enablement kernel - linux-oracle: Linux kernel for Oracle Cloud systems Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:704945
linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-hwe: Linux hardware enablement kernel Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:704946
linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 S ...

oval:org.secpod.oval:def:205243
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * kernel: nfs: use-after-free in svc_process_common * kernel: insufficient input validation in kernel mode driver in Intel i915 graphics leads to privilege escalation * kernel: nfs: NULL pointer der ...

oval:org.secpod.oval:def:2000558
KVM: nVMX: use-after-free of the hrtimer for emulation of the preemption timer

oval:org.secpod.oval:def:2001012
In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free.

oval:org.secpod.oval:def:704281
linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:704283
linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-kvm: Linux kernel for cloud environments - linux-oem: Linux kernel for OEM processors - li ...

oval:org.secpod.oval:def:704278
linux: Linux kernel Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:704279
linux-aws: Linux kernel for Amazon Web Services systems - linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:603536
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2018-6554 A memory leak in the irda_bind function in the irda subsystem was discovered. A local user can take advantage of this flaw to cause a denial ...

oval:org.secpod.oval:def:57783
linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-kvm: Linux kernel for cloud environments - linux-oem: Linux kernel for OEM processors - linux-oracle: Linux kernel for Oracle Cloud systems - linux-rasp ...

oval:org.secpod.oval:def:205195
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * Kernel: KVM: potential use-after-free via kvm_ioctl_create_device * Kernel: KVM: nVMX: use-after-free of the hrtimer for emulation of the preemption timer For more details about the security issue ...

oval:org.secpod.oval:def:53396
CVE-2018-5391 Juha-Matti Tilli discovered a flaw in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. A remote attacker can take advantage of this flaw to trigger time and calculation expensive fragment reassembly algorithms by sending specially crafted packets, leadi ...

oval:org.secpod.oval:def:52110
linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:52122
linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:52133
linux-aws-hwe: Linux kernel for Amazon Web Services systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-hwe: Linux hardware enablement kernel Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:52128
linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:52138
linux-aws-hwe: Linux kernel for Amazon Web Services systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-hwe: Linux hardware enablement kernel - linux-oracle: Linux kernel for Oracle Cloud systems Several securit ...

oval:org.secpod.oval:def:53431
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2018-6554 A memory leak in the irda_bind function in the irda subsystem was discovered. A local user can take advantage of this flaw to cause a denial ...

oval:org.secpod.oval:def:52946
linux-aws: Linux kernel for Amazon Web Services systems - linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:52945
linux: Linux kernel Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:704390
linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-kvm: Linux kernel for cloud environments - linux-oem: Linux kernel for OEM processors - li ...

oval:org.secpod.oval:def:704392
linux: Linux kernel Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:52952
linux-aws: Linux kernel for Amazon Web Services systems - linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:52957
linux: Linux kernel Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:52962
linux-aws: Linux kernel for Amazon Web Services systems - linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:52961
linux: Linux kernel Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:52964
linux-azure: Linux kernel for Microsoft Azure Cloud systems Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:52963
linux-azure: Linux kernel for Microsoft Azure Cloud systems Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:52966
linux: Linux kernel Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:704354
linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:704355
linux-aws: Linux kernel for Amazon Web Services systems - linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:204822
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * Kernel: KVM: error in exception handling leads to wrong debug stack value * Kernel: error in exception handling leads to DoS * Kernel: ipsec: xfrm: use-after-free leading to potential privilege es ...

oval:org.secpod.oval:def:204889
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * A flaw named FragmentSmack was found in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. A remote attacker could use this flaw to trigger time and calculation expensi ...

oval:org.secpod.oval:def:1700082
A security flaw was found in the chap_server_compute_md5 function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The atta ...

oval:org.secpod.oval:def:502287
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * Kernel: KVM: error in exception handling leads to wrong debug stack value * Kernel: error in exception handling leads to DoS * Kernel: ipsec: xfrm: use-after-free leading to potential privilege es ...

oval:org.secpod.oval:def:1700069
Fixes for L1Terminal Fault security issues:L1 Terminal Fault-OS/ SMM:Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault an ...

oval:org.secpod.oval:def:1700044
A weakness was found in the Linux kernel#039;s implementation of random seed data. Programs, early in the boot sequence, could use the data allocated for the seed before it was sufficiently generated. A flaw was found in the way the Linux kernel handled exceptions delivered after a stack switch oper ...

oval:org.secpod.oval:def:114545
The kernel meta package

oval:org.secpod.oval:def:1502207
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:704491
linux-azure: Linux kernel for Microsoft Azure Cloud systems Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:704488
linux-azure: Linux kernel for Microsoft Azure Cloud systems Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:704482
linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:704484
linux: Linux kernel Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:704481
linux-aws-hwe: Linux kernel for Amazon Web Services systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-hwe: Linux hardware enablement kernel Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:704478
linux-aws: Linux kernel for Amazon Web Services systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-kvm: Linux kernel for cloud environments - linux-oem: Linux kernel for OEM processors - linux-raspi2: Linux kernel for Raspberry Pi 2 Several security issues were fixed in th ...

oval:org.secpod.oval:def:704470
linux: Linux kernel Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:704464
linux-aws-hwe: Linux kernel for Amazon Web Services systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-hwe: Linux hardware enablement kernel Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:704467
linux-azure: Linux kernel for Microsoft Azure Cloud systems Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:704460
linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-hwe: Linux hardware enablement kernel Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:704469
linux-hwe: Linux hardware enablement kernel Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:704455
linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-hwe: Linux hardware enablement kernel Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:704456
linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-hwe: Linux hardware enablement kernel Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:704458
linux-azure: Linux kernel for Microsoft Azure Cloud systems Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:704431
linux-aws: Linux kernel for Amazon Web Services systems - linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:704430
linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 T ...

oval:org.secpod.oval:def:115084
This package contains the tools/ directory from the kernel source and the supporting documentation.

oval:org.secpod.oval:def:115082
Kernel-headers includes the C header files that specify the interface between the Linux kernel and userspace libraries and programs. The header files define structures and constants that are needed for building most standard programs and are also needed for rebuilding the glibc package.

oval:org.secpod.oval:def:1502288
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:704428
linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:704429
linux: Linux kernel Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:704427
linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-kvm: Linux kernel for cloud environments - linux-oem: Linux kernel for OEM processors - li ...

oval:org.secpod.oval:def:704410
linux-aws: Linux kernel for Amazon Web Services systems Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:704409
linux: Linux kernel - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:115071
The kernel meta package

oval:org.secpod.oval:def:205149
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * kernel: Use-after-free due to race condition in AF_PACKET implementation * kernel: userfaultfd bypasses tmpfs file permissions For more details about the security issue, including the impact, a CV ...

oval:org.secpod.oval:def:1601000
A flaw was found in the Linux kernel's implementation of logical link control and adaptation protocol , part of the Bluetooth stack in the l2cap_parse_conf_rsp and l2cap_parse_conf_req functions. An attacker with physical access within the range of standard Bluetooth transmission can create a s ...

oval:org.secpod.oval:def:502371
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * A flaw named FragmentSmack was found in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. A remote attacker could use this flaw to trigger time and calculation expensi ...

oval:org.secpod.oval:def:205173
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * kernel: Memory corruption due to incorrect socket cloning * kernel: Unprivileged users able to inspect kernel stacks of arbitrary tasks * kernel: Faulty computation of numberic bounds in the BPF v ...

oval:org.secpod.oval:def:114668
The kernel meta package

oval:org.secpod.oval:def:115939
Kernel-headers includes the C header files that specify the interface between the Linux kernel and userspace libraries and programs. The header files define structures and constants that are needed for building most standard programs and are also needed for rebuilding the glibc package.

oval:org.secpod.oval:def:705018
linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-kvm: Linux kernel for cloud environments - linux-oem: Linux kernel for OEM processors - linux-oracle: Linux kernel for Oracle Cloud systems - linux-rasp ...

oval:org.secpod.oval:def:2001338
A flaw was found in the Linux kernel"s NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a ...

oval:org.secpod.oval:def:115948
The kernel meta package

oval:org.secpod.oval:def:115944
Kernel-headers includes the C header files that specify the interface between the Linux kernel and userspace libraries and programs. The header files define structures and constants that are needed for building most standard programs and are also needed for rebuilding the glibc package.

oval:org.secpod.oval:def:115943
The kernel meta package

oval:org.secpod.oval:def:115940
This package contains the tools/ directory from the kernel source and the supporting documentation.

oval:org.secpod.oval:def:115942
This package contains the tools/ directory from the kernel source and the supporting documentation.

oval:org.secpod.oval:def:51065
linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-kvm: Linux kernel for cloud environments - linux-oem: Linux kernel for OEM processors - li ...

oval:org.secpod.oval:def:54112
linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-kvm: Linux kernel for cloud environments - linux-oem: Linux kernel for OEM processors - linux-oracle: Linux kernel for Oracle Cloud systems - linux-rasp ...

oval:org.secpod.oval:def:54113
linux-aws-hwe: Linux kernel for Amazon Web Services systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-hwe: Linux hardware enablement kernel - linux-oracle: Linux kernel for Oracle Cloud systems Several securit ...

oval:org.secpod.oval:def:54111
linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-hwe: Linux hardware enablement kernel Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:54116
linux: Linux kernel Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:54114
linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:54115
linux-aws: Linux kernel for Amazon Web Services systems - linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:51141
git: fast, scalable, distributed revision control system Git could be made to run programs as your login if it recursively opened a malicious git repository.

oval:org.secpod.oval:def:49668
The host is installed with Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, or 2.17.x before 2.17.1 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to handle the crafted .gitmodules file. Successful exploita ...

oval:org.secpod.oval:def:1600936
Git before 2.14.5, allows remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has a URL field beginning with a '-' character.

oval:org.secpod.oval:def:1600894
In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory.In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x befor ...

oval:org.secpod.oval:def:115426
libgit2 is a portable, pure C implementation of the Git core methods provided as a re-entrant linkable library with a solid API, allowing you to write native speed custom Git applications in any language with bindings.

oval:org.secpod.oval:def:114981
libgit2 is a portable, pure C implementation of the Git core methods provided as a re-entrant linkable library with a solid API, allowing you to write native speed custom Git applications in any language with bindings.

oval:org.secpod.oval:def:204959
Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work ...

oval:org.secpod.oval:def:46090
The host is installed with Apple Mac OS X 10.13.2 or later or Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4 or 2.17.x before 2.17.1 and is prone to an arbitary code execution vulnerability. A flaw is present in the application, which fails to handle crafted file ...

oval:org.secpod.oval:def:603412
Etienne Stalmans discovered that git, a fast, scalable, distributed revision control system, is prone to an arbitrary code execution vulnerability exploitable via specially crafted submodule names in a .gitmodules file.

oval:org.secpod.oval:def:704107
git: fast, scalable, distributed revision control system Several security issues were fixed in Git.

oval:org.secpod.oval:def:115217
Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The git rpm installs common set of tools which are usually using with small amount of dependencies. To install all git packages, incl ...

oval:org.secpod.oval:def:53338
Etienne Stalmans discovered that git, a fast, scalable, distributed revision control system, is prone to an arbitrary code execution vulnerability exploitable via specially crafted submodule names in a .gitmodules file.

oval:org.secpod.oval:def:115229
libgit2 is a portable, pure C implementation of the Git core methods provided as a re-entrant linkable library with a solid API, allowing you to write native speed custom Git applications in any language with bindings.

oval:org.secpod.oval:def:1800993
CVE-2018-11233:¶ In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory.

oval:org.secpod.oval:def:1800995
CVE-2018-11233:¶ In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory.

oval:org.secpod.oval:def:1800999
CVE-2018-11233:¶ In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory.

oval:org.secpod.oval:def:114754
libgit2 is a portable, pure C implementation of the Git core methods provided as a re-entrant linkable library with a solid API, allowing you to write native speed custom Git applications in any language with bindings.

oval:org.secpod.oval:def:114750
libgit2 is a portable, pure C implementation of the Git core methods provided as a re-entrant linkable library with a solid API, allowing you to write native speed custom Git applications in any language with bindings.

oval:org.secpod.oval:def:603539
joernchen of Phenoelit discovered that git, a fast, scalable, distributed revision control system, is prone to an arbitrary code execution vulnerability via a specially crafted .gitmodules file in a project cloned with --recurse-submodules.

oval:org.secpod.oval:def:114819
libgit2 is a portable, pure C implementation of the Git core methods provided as a re-entrant linkable library with a solid API, allowing you to write native speed custom Git applications in any language with bindings.

oval:org.secpod.oval:def:115254
Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The git rpm installs common set of tools which are usually using with small amount of dependencies. To install all git packages, incl ...

oval:org.secpod.oval:def:115245
libgit2 is a portable, pure C implementation of the Git core methods provided as a re-entrant linkable library with a solid API, allowing you to write native speed custom Git applications in any language with bindings.

oval:org.secpod.oval:def:48098
Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work ...

oval:org.secpod.oval:def:115315
libgit2 is a portable, pure C implementation of the Git core methods provided as a re-entrant linkable library with a solid API, allowing you to write native speed custom Git applications in any language with bindings.

oval:org.secpod.oval:def:114919
libgit2 is a portable, pure C implementation of the Git core methods provided as a re-entrant linkable library with a solid API, allowing you to write native speed custom Git applications in any language with bindings.

oval:org.secpod.oval:def:704345
git: fast, scalable, distributed revision control system Git could be made to run programs as your login if it recursively opened a malicious git repository.

oval:org.secpod.oval:def:204835
Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work ...

oval:org.secpod.oval:def:114590
Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The git rpm installs common set of tools which are usually using with small amount of dependencies. To install all git packages, incl ...

oval:org.secpod.oval:def:1700086
Git before 2.14.5, allows remote code execution during processing of a recursive quot;git clonequot; of a superproject if a .gitmodules file has a URL field beginning with a #039;-#039; character.

oval:org.secpod.oval:def:114589
Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The git rpm installs common set of tools which are usually using with small amount of dependencies. To install all git packages, incl ...

oval:org.secpod.oval:def:1700048
In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory.In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x befor ...

oval:org.secpod.oval:def:1502252
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:502322
Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work ...

oval:org.secpod.oval:def:51048
git: fast, scalable, distributed revision control system Several security issues were fixed in Git.

oval:org.secpod.oval:def:603280
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2017-5715 Multiple researchers have discovered a vulnerability in various processors supporting speculative execution, enabling an attacker controllin ...

oval:org.secpod.oval:def:704058
linux-aws: Linux kernel for Amazon Web Services systems - linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:704054
linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:704056
linux-azure: Linux kernel for Microsoft Azure Cloud systems Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:603398
Multiple vulnerabilities have been discovered in the Xen hypervisor: CVE-2018-8897 Andy Lutomirski and Nick Peterson discovered that incorrect handling of debug exceptions could result in privilege escalation. CVE-2018-10471 An error was discovered in the mitigations against Meltdown which could res ...

oval:org.secpod.oval:def:704144
linux: Linux kernel Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:603411
Several vulnerabilities were discovered in qemu, a fast processor emulator. CVE-2017-15038 Tuomas Tynkkynen discovered an information leak in 9pfs. CVE-2017-15119 Eric Blake discovered that the NBD server insufficiently restricts large option requests, resulting in denial of service. CVE-2017-15124 ...

oval:org.secpod.oval:def:53337
Several vulnerabilities were discovered in qemu, a fast processor emulator. CVE-2017-15038 Tuomas Tynkkynen discovered an information leak in 9pfs. CVE-2017-15119 Eric Blake discovered that the NBD server insufficiently restricts large option requests, resulting in denial of service. CVE-2017-15124 ...

oval:org.secpod.oval:def:204791
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * hw: cpu: speculative execution permission faults handling * kernel: Buffer overflow in firewire driver via crafted incoming packets * kernel: Use-after-free vulnerability in DCCP socket * Kernel: ...

oval:org.secpod.oval:def:204798
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * hw: cpu: speculative execution permission faults handling * Kernel: error in exception handling leads to DoS * kernel: nfsd: Incorrect handling of long RPC replies * kernel: Use-after-free vulner ...

oval:org.secpod.oval:def:52923
linux-aws: Linux kernel for Amazon Web Services systems - linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:52933
linux: Linux kernel Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:204758
The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated kernel packages include several security issues and numerous bug fixes, some of which you can see below. Space precludes documenting all of these bug fixes in this advisory. To see the complete list o ...

oval:org.secpod.oval:def:52036
linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:52037
linux-azure: Linux kernel for Microsoft Azure Cloud systems Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:502241
The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated kernel packages include several security issues and numerous bug fixes, some of which you can see below. Space precludes documenting all of these bug fixes in this advisory. To see the complete list o ...

oval:org.secpod.oval:def:502267
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * hw: cpu: speculative execution permission faults handling * kernel: Buffer overflow in firewire driver via crafted incoming packets * kernel: Use-after-free vulnerability in DCCP socket * Kernel: ...

oval:org.secpod.oval:def:502286
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * hw: cpu: speculative execution permission faults handling * Kernel: error in exception handling leads to DoS * kernel: nfsd: Incorrect handling of long RPC replies * kernel: Use-after-free vulner ...

oval:org.secpod.oval:def:1502206
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502266
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502269
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502267
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502268
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502291
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502144
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502175
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:40418
libxslt: XSLT processing library Several security issues were fixed in Libxslt.

oval:org.secpod.oval:def:40417
libxslt: XSLT processing library Several security issues were fixed in Libxslt.

oval:org.secpod.oval:def:34663
The host is installed with Apple Mac OS X or Server 10.9.5, 10.10.5 or 10.11.x before 10.11.6 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle unspecified vectors. Successful exploitation could allow remote attackers to have unsp ...

oval:org.secpod.oval:def:34287
The host is installed with Apple iTunes before 12.4.2 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation allows attackers to crash the service.

oval:org.secpod.oval:def:602524
Several vulnerabilities were discovered in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause a denial-of-service against the applica ...

oval:org.secpod.oval:def:602520
Several vulnerabilities have been discovered in the chromium web browser. CVE-2016-1667 Mariusz Mylinski discovered a cross-origin bypass. CVE-2016-1668 Mariusz Mylinski discovered a cross-origin bypass in bindings to v8. CVE-2016-1669 Choongwoo Han discovered a buffer overflow in the v8 javascript ...

oval:org.secpod.oval:def:602541
Several vulnerabilities were discovered in libxslt, an XSLT processing runtime library, which could lead to information disclosure or denial-of-service against an application using the libxslt library.

oval:org.secpod.oval:def:36255
The host is missing a security update according to Apple advisory APPLE-SA-2016-07-18-6. The update is required to fix multiple memory corruption vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows attackers to crash the servi ...

oval:org.secpod.oval:def:36326
The host is missing a security update according to Apple advisory APPLE-SA-2016-07-18-1. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted website. Successful exploitation allows attackers to crash the service, disclose th ...

oval:org.secpod.oval:def:114334
PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ...

oval:org.secpod.oval:def:114335
PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ...

oval:org.secpod.oval:def:1600834
Reflected XSS in .phar 404 pageAn issue was discovered in PHP; there is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file. Denial of Service via infinite loop in libgd gdImageCreateFromGifCtx function in ext/gd/libgd/gd_gif_in.cThe gd_gif_in.c file in the GD Graphic ...

oval:org.secpod.oval:def:113112
The gd graphics library allows your code to quickly draw images complete with lines, arcs, text, multiple colors, cut and paste from other images, and flood fills, and to write out the result as a PNG or JPEG file. This is particularly useful in Web applications, where PNG and JPEG are two of the fo ...

oval:org.secpod.oval:def:113124
The gd graphics library allows your code to quickly draw images complete with lines, arcs, text, multiple colors, cut and paste from other images, and flood fills, and to write out the result as a PNG or JPEG file. This is particularly useful in Web applications, where PNG and JPEG are two of the fo ...

oval:org.secpod.oval:def:1800681
CVE-2017-6362: Double-free in gdImagePngPtr. Double free vulnerability in the gdImagePngPtr function in libgd2 before 2.2.5 allows remote attackers to cause a denial of service via vectors related to a palette with no colors. Fixed In Version: libgd 2.2.5

oval:org.secpod.oval:def:704014
php7.1: HTML-embedded scripting language interpreter - php7.0: HTML-embedded scripting language interpreter - php5: HTML-embedded scripting language interpreter Several security issues were fixed in PHP.

oval:org.secpod.oval:def:1800488
CVE-2017-6362: Double-free in gdImagePngPtr. Double free vulnerability in the gdImagePngPtr function in libgd2 before 2.2.5 allows remote attackers to cause a denial of service via vectors related to a palette with no colors. Fixed In Version: libgd 2.2.5

oval:org.secpod.oval:def:52014
php7.1: HTML-embedded scripting language interpreter - php7.0: HTML-embedded scripting language interpreter - php5: HTML-embedded scripting language interpreter Several security issues were fixed in PHP.

oval:org.secpod.oval:def:113491
The gd graphics library allows your code to quickly draw images complete with lines, arcs, text, multiple colors, cut and paste from other images, and flood fills, and to write out the result as a PNG or JPEG file. This is particularly useful in Web applications, where PNG and JPEG are two of the fo ...

oval:org.secpod.oval:def:51546
php7.0: HTML-embedded scripting language interpreter - php5: HTML-embedded scripting language interpreter Several security issues were fixed in PHP.

oval:org.secpod.oval:def:52913
php5: HTML-embedded scripting language interpreter Several security issues were fixed in PHP.

oval:org.secpod.oval:def:53365
Several vulnerabilities were found in PHP, a widely-used open source general purpose scripting language: CVE-2018-7584 Buffer underread in parsing HTTP responses CVE-2018-10545 Dumpable FPM child processes allowed the bypass of opcache access controls CVE-2018-10546 Denial of service via infinite lo ...

oval:org.secpod.oval:def:603675
Multiple security issues were found in PHP, a widely-used open source general purpose scripting language: Multiple out-of-bounds memory accesses were found in the xmlrpc, mbstring and phar extensions and the dns_get_record function.

oval:org.secpod.oval:def:53525
Multiple security issues were found in PHP, a widely-used open source general purpose scripting language: Multiple out-of-bounds memory accesses were found in the xmlrpc, mbstring and phar extensions and the dns_get_record function.

oval:org.secpod.oval:def:1800778
CVE-2017-6362: Double-free in gdImagePngPtr. Double free vulnerability in the gdImagePngPtr function in libgd2 before 2.2.5 allows remote attackers to cause a denial of service via vectors related to a palette with no colors. Fixed In Version libgd 2.2.5

oval:org.secpod.oval:def:703979
php5: HTML-embedded scripting language interpreter Several security issues were fixed in PHP.

oval:org.secpod.oval:def:51007
php7.0: HTML-embedded scripting language interpreter - php5: HTML-embedded scripting language interpreter Several security issues were fixed in PHP.

oval:org.secpod.oval:def:1501955
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1501956
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:114362
The Apache HTTP Server is a powerful, efficient, and extensible web server.

oval:org.secpod.oval:def:42910
The host is missing a security update according to Apple advisory, APPLE-SA-2017-10-31-2. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle crafted data. Successful exploitation could allow attackers to execute arbitrary ...

oval:org.secpod.oval:def:110858
This is expat, the C library for parsing XML, written by James Clark. Expat is a stream oriented XML parser. This means that you register handlers with the parser prior to starting the parse. These handlers are called when the parser discovers the associated structures in the document being parsed. ...

oval:org.secpod.oval:def:1901278
Expat allows context-dependent attackers to cause a denial of service or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.

oval:org.secpod.oval:def:204140
Expat is a C library for parsing XML documents. Security Fix: * An out-of-bounds read flaw was found in the way Expat processed certain input. A remote attacker could send specially crafted XML that, when parsed by an application using the Expat library, would cause that application to crash or, pos ...

oval:org.secpod.oval:def:110629
This is expat, the C library for parsing XML, written by James Clark. Expat is a stream oriented XML parser. This means that you register handlers with the parser prior to starting the parse. These handlers are called when the parser discovers the associated structures in the document being parsed. ...

oval:org.secpod.oval:def:36618
The host is missing an important security update according to Mozilla advisory, MFSA2016-68. The update is required to fix an out-of-bounds read vulnerability. A flaw is present in the application, which fail to handle malformed XML data. Successful exploitation allows remote attackers to read other ...

oval:org.secpod.oval:def:36617
The host is installed with Mozilla Firefox before 48.0 and is prone to an out-of-bounds read vulnerability. A flaw is present in the application, which fails to handle malformed XML data. Successful exploitation allows remote attackers to read other inaccessible memory.

oval:org.secpod.oval:def:34942
The host is installed with RHEL 6 or 7 and is prone to an out-of-bounds heap read vulnerability. A flaw is present in the application, which fails to handle a malformed input document. Successful exploitation could allow attackers to execute arbitrary code or crash the service.

oval:org.secpod.oval:def:110714
This is expat, the C library for parsing XML, written by James Clark. Expat is a stream oriented XML parser. This means that you register handlers with the parser prior to starting the parse. These handlers are called when the parser discovers the associated structures in the document being parsed. ...

oval:org.secpod.oval:def:51563
expat: XML parsing C library Expat could be made to crash or run programs as your login if it opened a specially crafted file.

oval:org.secpod.oval:def:51609
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:1600483
CVE-2016-0718 : Out-of-bounds read flaw An out-of-bounds read flaw was found in the way Expat processed certain input. A remote attacker could send specially crafted XML that, when parsed by an application using the Expat library, would cause that application to crash or, possibly, execute arbitrary ...

oval:org.secpod.oval:def:204045
Expat is a C library for parsing XML documents. Security Fix: * An out-of-bounds read flaw was found in the way Expat processed certain input. A remote attacker could send specially crafted XML that, when parsed by an application using the Expat library, would cause that application to crash or, pos ...

oval:org.secpod.oval:def:400755
This update for expat fixes the following issues: Security issue fixed: - CVE-2016-0718: Fix Expat XML parser that mishandles certain kinds of malformed input documents. - CVE-2015-1283: Fix multiple integer overflows

oval:org.secpod.oval:def:602506
Gustavo Grieco discovered that Expat, an XML parsing C library, does not properly handle certain kinds of malformed input documents, resulting in buffer overflows during processing and error reporting. A remote attacker can take advantage of this flaw to cause an application using the Expat library ...

oval:org.secpod.oval:def:703172
xmlrpc-c: Lightweight RPC library based on XML and HTTP Several security issues were fixed in XML-RPC for C and C++.

oval:org.secpod.oval:def:703112
expat: XML parsing C library Expat could be made to crash or run programs as your login if it opened a specially crafted file.

oval:org.secpod.oval:def:1501684
Expat is a C library for parsing XML documents. Security Fix: * An out-of-bounds read flaw was found in the way Expat processed certain input. A remote attacker could send specially crafted XML that, when parsed by an application using the Expat library, would cause that application to crash or, pos ...

oval:org.secpod.oval:def:1501685
Expat is a C library for parsing XML documents. Security Fix: * An out-of-bounds read flaw was found in the way Expat processed certain input. A remote attacker could send specially crafted XML that, when parsed by an application using the Expat library, would cause that application to crash or, pos ...

oval:org.secpod.oval:def:501941
Expat is a C library for parsing XML documents. Security Fix: * An out-of-bounds read flaw was found in the way Expat processed certain input. A remote attacker could send specially crafted XML that, when parsed by an application using the Expat library, would cause that application to crash or, pos ...

oval:org.secpod.oval:def:36289
The host is installed with Apple Mac OS X or Server 10.11.x before 10.11.6 or apple itunes before 12.6 or mozilla firefox before 48.0 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle unknown vectors. Successful exploitation could ...

oval:org.secpod.oval:def:703220
firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website.

oval:org.secpod.oval:def:39507
The host is missing a critical security update according to Apple advisory, APPLE-SA-2017-03-22-1. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle crafted vectors. Successful exploitation allows attackers to execute arb ...

oval:org.secpod.oval:def:39508
The host is missing a security update according to Apple advisory, APPLE-SA-2017-03-22-2. The update is required to fix multiple vulnerabilities in Apple iTunes. The flaws are present in SQLite and expat which fails to handle vectors related to iTunes, crafted xml files. Successful exploitation coul ...

oval:org.secpod.oval:def:115667
The kernel meta package

oval:org.secpod.oval:def:115661
This package contains the tools/ directory from the kernel source and the supporting documentation.

oval:org.secpod.oval:def:115660
Kernel-headers includes the C header files that specify the interface between the Linux kernel and userspace libraries and programs. The header files define structures and constants that are needed for building most standard programs and are also needed for rebuilding the glibc package.

oval:org.secpod.oval:def:1700130
The USB subsystem mishandles size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c.A flaw was found where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect an ...

oval:org.secpod.oval:def:1600970
The USB subsystem mishandles size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c.A flaw was found where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect an ...

oval:org.secpod.oval:def:2000582
An issue was discovered in the Linux kernel before 4.19.9. The USB subsystem mishandles size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c.

oval:org.secpod.oval:def:52134
linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:52965
linux-aws: Linux kernel for Amazon Web Services systems - linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:704483
linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:704480
linux-aws: Linux kernel for Amazon Web Services systems - linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:47525
Microsoft is aware of a denial of service vulnerability (named "FragmentSmack" CVE-2018-5391) affecting Windows systems. An attacker could send many 8-byte sized IP fragments with random starting offsets, but withhold the last fragment and exploit the worst-case complexity of linked lists in reassem ...

oval:org.secpod.oval:def:42351
The host is missing an important security update KB4042895

oval:org.secpod.oval:def:45422
The host is missing an important security update for KB4103716

oval:org.secpod.oval:def:42355
The host is missing a critical security update KB4041691

oval:org.secpod.oval:def:42412
A spoofing vulnerability exists in the Windows implementation of wireless networking. An attacker who successfully exploited this vulnerability could potentially replay broadcast and/or multicast traffic to hosts on a WPA or WPA 2-protected wireless network. Multiple conditions would need to be met ...

oval:org.secpod.oval:def:45388
An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new a ...

oval:org.secpod.oval:def:45435
The host is missing an important security update for KB4103723

oval:org.secpod.oval:def:47526
The host is missing an important security update according to MS advisory ADV180022.

oval:org.secpod.oval:def:503137
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * An integer overflow flaw was found in the way the Linux kernel"s networking subsystem processed TCP Selective Acknowledgment segments. While processing SACK segments, the Linux kernel"s socket buff ...

oval:org.secpod.oval:def:1600883
Ephemeral association time spoofing additional protectionntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim#039;s clo ...

oval:org.secpod.oval:def:704042
linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:704045
linux-aws: Linux kernel for Amazon Web Services systems - linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:52921
linux-aws: Linux kernel for Amazon Web Services systems - linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:52029
linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:1502220
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502215
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502217
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502177
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502178
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:603111
Several vulnerabilities have been discovered in the Linux kernel that may lead to privilege escalation, denial of service or information leaks. CVE-2017-7518 Andy Lutomirski discovered that KVM is prone to an incorrect debug exception error occurring while emulating a syscall instruction. A process ...

oval:org.secpod.oval:def:53140
Several vulnerabilities have been discovered in the Linux kernel that may lead to privilege escalation, denial of service or information leaks. CVE-2017-7518 Andy Lutomirski discovered that KVM is prone to an incorrect debug exception error occurring while emulating a syscall instruction. A process ...

oval:org.secpod.oval:def:602546
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2015-7515, CVE-2016-2184, CVE-2016-2185, CVE-2016-2186, CVE-2016-2187, CVE-2016-3136, CVE-2016-3137, CVE-2016-3138, CVE-2016-3140 Ralf Spenneberg of O ...

oval:org.secpod.oval:def:43535
The host is installed with Oracle Java SE through 6u171, 7u161, 8u152 or 9.0.1 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to Libraries. Successful exploitation allows attackers to affect Confidentiality.

oval:org.secpod.oval:def:43539
The host is installed with Oracle Java SE through 6u171, 7u161, 8u152 or 9.0.1 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to JNDI. Successful exploitation allows attackers to affect Integrity and Availability.

oval:org.secpod.oval:def:43538
The host is installed with Oracle Java SE through 6u171, 7u161, 8u152 or 9.0.1 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to LDAP. Successful exploitation allows attackers to affect Confidentiality.

oval:org.secpod.oval:def:43537
The host is installed with Oracle Java SE through 8u152 or 9.0.1 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to Hotspot. Successful exploitation allows attackers to affect Integrity.

oval:org.secpod.oval:def:43542
The host is installed with Oracle Java SE through 6u171, 7u161, 8u152 or 9.0.1 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to JCE. Successful exploitation allows attackers to affect Confidentiality.

oval:org.secpod.oval:def:43541
The host is installed with Oracle Java SE through 6u171, 7u161, 8u152 or 9.0.1 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to Libraries. Successful exploitation allows attackers to affect Availability.

oval:org.secpod.oval:def:43540
The host is installed with Oracle Java SE through 6u171, 7u161, 8u152 or 9.0.1 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to I18n. Successful exploitation allows attackers to affect Confidentiality, Integrity and Availabi ...

oval:org.secpod.oval:def:43546
The host is installed with Oracle Java SE through 7u161, 8u152 or 9.0.1 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to JGSS. Successful exploitation allows attackers to affect Confidentiality.

oval:org.secpod.oval:def:43545
The host is installed with Oracle Java SE through 6u171, 7u161, 8u152 or 9.0.1 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to JNDI. Successful exploitation allows attackers to affect Confidentiality, Integrity and Availabi ...

oval:org.secpod.oval:def:43544
The host is installed with Oracle Java SE through 6u171, 7u161, 8u152 or 9.0.1 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to JGSS. Successful exploitation allows attackers to affect Integrity.

oval:org.secpod.oval:def:43547
The host is installed with Oracle Java SE through 6u171, 7u161, 8u152 or 9.0.1 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to JMX. Successful exploitation allows attackers to affect Confidentiality and Integrity.

oval:org.secpod.oval:def:43553
The host is installed with Oracle Java SE through 6u171, 7u161, 8u152 or 9.0.1 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to AWT. Successful exploitation allows attackers to affect Availability.

oval:org.secpod.oval:def:43552
The host is installed with Oracle Java SE through 6u171, 7u161, 8u152 or 9.0.1 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to Libraries. Successful exploitation allows attackers to affect Availability.

oval:org.secpod.oval:def:43550
The host is installed with Oracle Java SE through 6u171, 7u161, 8u152 or 9.0.1 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to AWT. Successful exploitation allows attackers to affect Integrity.

oval:org.secpod.oval:def:43554
The host is installed with Oracle Java SE through 6u171, 7u161, 8u152 or 9.0.1 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to JNDI. Successful exploitation allows attackers to affect Availability.

oval:org.secpod.oval:def:50264
The host is installed with Oracle Java SE through 7u201, 8u192 or 11.0.1 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to Libraries. Successful exploitation allows attackers to affect Confidentiality.

oval:org.secpod.oval:def:45167
The host is installed with Oracle Java SE through 6u181, 7u171, 8u162 or 10 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to Security. Successful exploitation allows attackers to affect Availability.

oval:org.secpod.oval:def:45168
The host is installed with Oracle Java SE through 7u171, 8u162 or 10 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to Concurrency. Successful exploitation allows attackers to affect Availability.

oval:org.secpod.oval:def:45169
The host is installed with Oracle Java SE through 6u181, 7u171, 8u162 or 10 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to JMX. Successful exploitation allows attackers to affect Availability.

oval:org.secpod.oval:def:45165
The host is installed with Oracle Java SE through 6u181, 7u171, 8u162 or 10 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to Security. Successful exploitation allows attackers to affect Integrity.

oval:org.secpod.oval:def:45166
The host is installed with Oracle Java SE through 6u181, 7u171, 8u162, 10 or JRockit: R28.3.17 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to Security. Successful exploitation allows attackers to affect Confidentiality, In ...

oval:org.secpod.oval:def:45170
The host is installed with Oracle Java SE through 6u181, 7u171, 8u162 or 10 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to AWT. Successful exploitation allows attackers to affect Availability.

oval:org.secpod.oval:def:45171
The host is installed with Oracle Java SE through 7u171, 8u162 or 10 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to JAXP. Successful exploitation allows attackers to affect Availability.

oval:org.secpod.oval:def:45172
The host is installed with Oracle Java SE through 6u181, 7u171 or 8u162 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to RMI. Successful exploitation allows attackers to affect Confidentiality and Integrity.

oval:org.secpod.oval:def:45174
The host is installed with Oracle Java SE through 6u181, 7u171, 8u162 or 10 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to Hotspot. Successful exploitation allows attackers to affect Confidentiality, Integrity and Availabi ...

oval:org.secpod.oval:def:45175
The host is installed with Oracle Java SE through 6u181, 7u171, 8u162 or 10 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to Serialization. Successful exploitation allows attackers to affect Availability.

oval:org.secpod.oval:def:704911
php5: HTML-embedded scripting language interpreter Details: USN-3922-1 fixed vulnerabilities in PHP. This update provides the corresponding update for Ubuntu 14.04 LTS. It was discovered that PHP incorrectly handled certain files. An attacker could possibly use this issue to access sensitive informa ...

oval:org.secpod.oval:def:54514
php5: HTML-embedded scripting language interpreter Details: USN-3922-1 fixed vulnerabilities in PHP. This update provides the corresponding update for Linux Mint 17.x LTS. It was discovered that PHP incorrectly handled certain files. An attacker could possibly use this issue to access sensitive info ...

oval:org.secpod.oval:def:51127
ghostscript: PostScript and PDF interpreter Several security issues were fixed in Ghostscript.

oval:org.secpod.oval:def:47405
The host is installed with Artifex Ghostscript before 9.24 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle the .setdistillerkeys PostScript command. Successful exploitation could allow attackers to supply crafted postScript file ...

oval:org.secpod.oval:def:53411
Tavis Ormandy discovered multiple vulnerabilites in Ghostscript, an interpreter for the PostScript language, which could result in denial of service, the creation of files or the execution of arbitrary code if a malformed Postscript file is processed .

oval:org.secpod.oval:def:704319
ghostscript: PostScript and PDF interpreter Several security issues were fixed in Ghostscript.

oval:org.secpod.oval:def:1700083
It was discovered that the ghostscript .shfill operator did not properly validate certain types. An attacker could possibly exploit this to bypass the -dSAFER protection and crash ghostscript or, possibly, execute arbitrary code in the ghostscript context via a specially crafted PostScript document. ...

oval:org.secpod.oval:def:51113
linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:51203
linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-oem: Linux kernel for OEM processors - linux-gcp: Linux kernel for Google Cloud Platform systems Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:1502394
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1502395
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:53006
linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-oem: Linux kernel for OEM processors - linux-gcp: Linux kernel for Google Cloud Platform systems Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:52113
linux-hwe: Linux hardware enablement kernel Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:704300
linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:704301
linux-hwe: Linux hardware enablement kernel Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:704461
linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-oem: Linux kernel for OEM processors - linux-gcp: Linux kernel for Google Cloud Platform systems Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:704142
linux-aws: Linux kernel for Amazon Web Services systems - linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:704139
linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:52932
linux-aws: Linux kernel for Amazon Web Services systems - linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:52054
linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:52950
linux: Linux kernel Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:704302
linux: Linux kernel Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:114358
The kernel meta package

oval:org.secpod.oval:def:114328
The kernel meta package

oval:org.secpod.oval:def:1600892
A weakness was found in the Linux kernel#039;s implementation of random seed data. Programs, early in the boot sequence, could use the data allocated for the seed before it was sufficiently generated. A flaw was found in the way the Linux kernel handled exceptions delivered after a stack switch oper ...

oval:org.secpod.oval:def:114143
The kernel meta package

oval:org.secpod.oval:def:114145
The kernel meta package

oval:org.secpod.oval:def:704089
linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors Several security issues were fixed in the Linux kernel.

oval:org.secpod.oval:def:603383
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2015-9016 Ming Lei reported a race condition in the multiqueue block layer . On a system with a driver using blk-mq , a local user might be able to us ...

oval:org.secpod.oval:def:603384
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2017-5715 Multiple researchers have discovered a vulnerability in various processors supporting speculative execution, enabling an attacker controllin ...

oval:org.secpod.oval:def:114282
The kernel meta package

oval:org.secpod.oval:def:53315
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2017-5715 Multiple researchers have discovered a vulnerability in various processors supporting speculative execution, enabling an attacker controllin ...

oval:org.secpod.oval:def:34616
The host is missing a security update according to Apple advisory, APPLE-SA-2016-05-16-4. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle unspecified vectors. Successful exploitation could allow remote attackers to caus ...

oval:org.secpod.oval:def:36575
The host is missing an important security update according to Mozilla advisory, MFSA2016-68. The update is required to fix an out-of-bounds read vulnerability. A flaw is present in the application, which fail to handle malformed XML data. Successful exploitation allows remote attackers to read other ...

oval:org.secpod.oval:def:36574
The host is installed with Mozilla Firefox before 48.0 or iTunes before 12.6 and is prone to an out-of-bounds read vulnerability. A flaw is present in the application, which fails to handle malformed XML data. Successful exploitation allows remote attackers to read other inaccessible memory.

oval:org.secpod.oval:def:43599
Mozilla Firefox before 58.0 :- Mozilla developers and community members reported memory safety bugs present in Firefox. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.

oval:org.secpod.oval:def:43589
Mozilla Firefox before 58.0 or Firefox ESR before 52.6 :- A use-after-free vulnerability can occur during WebRTC connections when interacting with the DTMF timers. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:43588
Mozilla Firefox before 58.0 or Firefox ESR before 52.6 or Thunderbird before 52.6 :- Mozilla developers and community members reported memory safety bugs present in Firefox, Firefox ESR and Thunderbird. Some of these bugs showed evidence of memory corruption and we presume that with enough effort th ...

oval:org.secpod.oval:def:43593
Mozilla Firefox before 58.0 or Firefox ESR before 52.6 or Thunderbird before 52.6 :- A use-after-free vulnerability can occur when the widget listener is holding strong references to browser objects that have previously been freed, resulting in a potentially exploitable crash when these references a ...

oval:org.secpod.oval:def:43592
Mozilla Firefox before 58.0 or Firefox ESR before 52.6 or Thunderbird before 52.6 :- A use-after-free vulnerability can occur when form input elements, focus, and selections are manipulated by script content. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:43591
Mozilla Firefox before 58.0 or Firefox ESR before 52.6 or Thunderbird before 52.6 :- A use-after-free vulnerability can occur during XSL transformations when the source document for the transformation is manipulated by script content during the transformation. This results in a potentially exploitab ...

oval:org.secpod.oval:def:43590
Mozilla Firefox before 58.0 or Firefox ESR before 52.6 or Thunderbird before 52.6 :- An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 8 GB of RAM. This results in the use of uninitialized memory, resulting in a potentially e ...

oval:org.secpod.oval:def:43597
Mozilla Firefox before 58.0 or Firefox ESR before 52.6 or Thunderbird before 52.6 :- If right-to-left text is used in the addressbar with left-to-right alignment, it is possible in some circumstances to scroll this text to spoof the displayed URL. This issue could result in the wrong URL being displ ...

oval:org.secpod.oval:def:43596
Mozilla Firefox before 58.0 or Firefox ESR before 52.6 or Thunderbird before 52.6 :- A use-after-free vulnerability can occur during font face manipulation when a font face is freed while still in use, resulting in a potentially exploitable crash.

oval:org.secpod.oval:def:43595
Mozilla Firefox before 58.0 or Firefox ESR before 52.6 or Thunderbird before 52.6 :- A use-after-free vulnerability can occur during mouse event handling due to issues with multiprocess support. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:43594
Mozilla Firefox before 58.0 or Firefox ESR before 52.6 or Thunderbird before 52.6 :- A use-after-free vulnerability can occur when manipulating HTML media elements with media streams, resulting in a potentially exploitable crash.

oval:org.secpod.oval:def:43601
Mozilla Firefox before 58.0 :- A heap buffer overflow vulnerability may occur in WebAssembly during Memory/Table resizing, resulting in a potentially exploitable crash.

oval:org.secpod.oval:def:43600
Mozilla Firefox before 58.0 :- A use-after-free vulnerability can occur when the thread for a Web Worker is freed from memory prematurely instead of from memory in the main thread while cancelling fetch operations.

oval:org.secpod.oval:def:43605
Mozilla Firefox before 58.0 :- WebExtensions can bypass user prompts to first save and then open an arbitrarily downloaded file. This can result in an executable file running with local user privileges without explicit user consent.

oval:org.secpod.oval:def:43604
Mozilla Firefox before 58.0 :- A use-after-free vulnerability can occur when manipulating floating first-letter style elements, resulting in a potentially exploitable crash.

oval:org.secpod.oval:def:43603
Mozilla Firefox before 58.0 :- A use-after-free vulnerability can occur when arguments passed to the IsPotentiallyScrollable function are freed while still in use by scripts. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:43602
Mozilla Firefox before 58.0 :- A heap buffer overflow vulnerability may occur in WebAssembly when shrinkElements is called followed by garbage collection on memory that is now uninitialized. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:43609
Mozilla Firefox before 58.0 :- An audio capture session can started under an incorrect origin from the site making the capture request. Users are still prompted to allow the request but the prompt can display the wrong origin, leading to user confusion about which site is making the request to captu ...

oval:org.secpod.oval:def:43608
Mozilla Firefox before 58.0 :- A Blob URL can violate origin attribute segregation, allowing it to be accessed from a private browsing tab and for data to be passed between the private browsing tab and a normal tab. This could allow for the leaking of private information specific to the private brow ...

oval:org.secpod.oval:def:43607
Mozilla Firefox before 58.0 :- The printing process can bypass local access protections to read files available through symlinks, bypassing local file restrictions. The printing process requires files in a specific format so arbitrary data cannot be read but it is possible that some local file infor ...

oval:org.secpod.oval:def:43606
Mozilla Firefox before 58.0 :- Style editor traffic in the Developer Tools can be routed through a service worker hosted on a third party website if a user selects error links when these tools are open. This can allow style editor information used within Developer Tools to leak cross-origin.

oval:org.secpod.oval:def:43612
Mozilla Firefox before 58.0 :- Development Tools panels of an extension are required to load URLs for the panels as relative URLs from the extension manifest file but this requirement was not enforced in all instances. This could allow the development tools panel for the extension to load a URL that ...

oval:org.secpod.oval:def:43611
Mozilla Firefox before 58.0 :- When the text of a specially formatted URL is dragged to the addressbar from page content, the displayed URL can be spoofed to show a different site than the one loaded. This allows for phishing attacks where a malicious page can spoof the identify of another site.

oval:org.secpod.oval:def:43610
Mozilla Firefox before 58.0 :- A potential integer overflow in the DoCrypt function of WebCrypto was identified. If a means was found of exploiting it, it could result in an out-of-bounds write.

oval:org.secpod.oval:def:43616
Mozilla Firefox before 58.0 :- WebExtensions with the ActiveTab permission are able to access frames hosted within the active tab even if the frames are cross-origin. Malicious extensions can inject frames from arbitrary origins into the loaded page and then interact with them, bypassing same-origin ...

oval:org.secpod.oval:def:43615
Mozilla Firefox before 58.0 :- If an HTTP authentication prompt is triggered by a background network request from a page or extension, it is displayed over the currently loaded foreground page. Although the prompt contains the real domain making the request, this can result in user confusion about t ...

oval:org.secpod.oval:def:43614
Mozilla Firefox before 58.0 :- If an existing cookie is changed to be HttpOnly while a document is open, the original value remains accessible through script until that document is closed. Network requests correctly use the changed HttpOnly cookie.

oval:org.secpod.oval:def:43613
Mozilla Firefox before 58.0 :- The browser.identity.launchWebAuthFlow function of WebExtensions is only allowed to load content over https: but this requirement was not properly enforced. This can potentially allow privileged pages to be loaded by the extension.

oval:org.secpod.oval:def:43619
The host is missing a critical security update according to Mozilla advisory, MFSA2018-02. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ...

oval:org.secpod.oval:def:43618
Mozilla Firefox before 58.0 :- The reader view will display cross-origin content when CORS headers are set to prohibit the loading of cross-origin content by a site. This could allow access to content that should be restricted in reader view.

oval:org.secpod.oval:def:43617
Mozilla Firefox before 58.0 :- The screenshot images displayed in the Activity Stream page displayed when a new tab is opened is created from the meta tags of websites. An issue was discovered where the page could attempt to create these images through file: URLs from the local file system. This loa ...

oval:org.secpod.oval:def:50799
The host is missing a high security update according to Mozilla advisory, MFSA2019-04. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code.

oval:org.secpod.oval:def:45487
Mozilla Firefox before 60.0, Firefox or ESR before 52.8 : Same-origin protections for the PDF viewer can be bypassed, allowing a malicious site to intercept messages meant for the viewer. This could allow the site to retrieve PDF files restricted to viewing by an authenticated user on a third-party ...

oval:org.secpod.oval:def:45488
Mozilla Firefox before 60.0, Firefox or ESR before 52.8 : The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. This JavaScript can then be run with the permissions of the PDF viewer by its worker.

oval:org.secpod.oval:def:45489
Mozilla Firefox before 60.0, Firefox, Thunderbird or ESR before 52.8 : An integer overflow can occur in the Skia library due to 32-bit integer use in an array without integer overflow checks, resulting in possible out-of-bounds writes. This could lead to a potentially exploitable crash triggerable b ...

oval:org.secpod.oval:def:45512
The host is missing a critical security update according to Mozilla advisory, MFSA2018-11. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ...

oval:org.secpod.oval:def:47371
Mozilla Firefox 62, Mozilla Firefox ESR 60.2, Mozilla Thunderbird 60.2.1 : Mozilla developers and community members Alex Gaynor, Boris Zbarsky, Christoph Diehl, Christian Holler, Jason Kratzer, Jed Davis, Tyson Smith, Bogdan Tara, Karl Tomlinson, Mats Palmgren, Nika Layzell, Ted Campbell, and Andrei ...

oval:org.secpod.oval:def:47370
Mozilla Firefox 62 : Mozilla developers and community members Christian Holler, Looben Yang, Jesse Ruderman, Sebastian Hengst, Nicolas Grunbaum, and Gary Kwong reported memory safety bugs present in Firefox 61. Some of these bugs showed evidence of memory corruption and we presume that with enough e ...

oval:org.secpod.oval:def:47373
Mozilla Firefox 62, Mozilla Firefox ESR 60.2, Mozilla Thunderbird 60.2.1 : A use-after-free vulnerability can occur when an IndexedDB index is deleted while still in use by JavaScript code that is providing payload values to be stored. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:47372
Mozilla Firefox 62, Mozilla Firefox ESR 60.2, Mozilla Thunderbird 60.2.1 : A use-after-free vulnerability can occur when refresh driver timers are refreshed in some circumstances during shutdown when the timer is deleted while still in use. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:47375
Mozilla Firefox 62, Mozilla Firefox ESR 60.2.1, Mozilla Thunderbird 60.2.1 : If a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the data was ...

oval:org.secpod.oval:def:46108
The host is missing a critical security update according to Mozilla advisory, MFSA2018-15. The update is required to fix multiple vulnerabilities. A flaw is present in the application, which fails to handle crafted data. Successful exploitation allows attackers to crash an application.

oval:org.secpod.oval:def:46113
Mozilla Firefox 61, Mozilla Thunderbird 60.0, Mozilla Firefox ESR 52.9 and 60.1: A use-after-free vulnerability can occur when deleting an code input/code element during a mutation event handler triggered by focusing that element. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:46112
Mozilla Firefox 61, Mozilla Thunderbird 60.0, Mozilla Firefox ESR 52.9 and 60.1: A buffer overflow can occur when rendering canvas content while adjusting the height and width of the 'canvas' element dynamically, causing data to be written outside of the currently computed boundaries. This results i ...

oval:org.secpod.oval:def:46118
Mozilla Firefox 61, Mozilla Thunderbird 60.0, Mozilla Firefox ESR 52.9 and 60.1: A compromised IPC child process can escape the content sandbox and list the names of arbitrary files on the file system without user consent or interaction. This could result in exposure of private local files.

oval:org.secpod.oval:def:46125
Mozilla Firefox 61, Mozilla Thunderbird 60.0, Mozilla Firefox ESR 52.9 and 60.1: A vulnerability can occur when capturing a media stream when the media source type is changed as the capture is occuring. This can result in stream data being cast to the wrong type causing a potentially exploitable cra ...

oval:org.secpod.oval:def:46128
Mozilla Firefox 61, Mozilla Thunderbird 60.0, Mozilla Firefox ESR 52.9 and 60.1: Mozilla developers and community members Alex Gaynor, Christoph Diehl, Christian Holler, Jason Kratzer, David Major, Jon Coppeard, Nicolas B. Pierron, Jason Kratzer, Marcia Knous, and Ronald Crane reported memory safety ...

oval:org.secpod.oval:def:49280
The host is installed with Google Chrome before 71.0.3578.80, Firefox before 65.0.1, Firefox ESR before 60.5.1 or Thunderbird before 60.5.1 and is prone to a use after free vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows ...

oval:org.secpod.oval:def:47607
Mozilla Firefox 62.0.2, Mozilla Firefox ESR 60.2.1, Mozilla Thunderbird 60.2.1 : A potentially exploitable crash in TransportSecurityInfo used for SSL can be triggered by data stored in the local cache in the user profile directory. This issue is only exploitable in combination with another vulnerab ...

oval:org.secpod.oval:def:47605
The host is missing a moderate security update according to Mozilla advisory, MFSA2018-22. The update is required to fix a denial of service vulnerability. A flaw is present in the application, which fails to handle the TransportSecurityInfo used for SSL. Successful exploitation allows attackers to ...

oval:org.secpod.oval:def:50460
Mozilla Firefox 65 or Firefox ESR 60.6 : When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration (PAC) file or if a PAC file is loaded locally, this PAC file can specify that requests to the localhost are to be sent through the proxy to another server. This behavior i ...

oval:org.secpod.oval:def:50452
The host is missing a critical security update according to Mozilla advisory, MFSA2019-01. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code.

oval:org.secpod.oval:def:50454
Mozilla Firefox 65, Mozilla Firefox ESR 60.5 and Mozilla Thunderbird 60.5 : A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements. This results in the stream parser object being freed while still in use, leading to a potentially exploitable crash ...

oval:org.secpod.oval:def:50455
Mozilla Firefox 64, Mozilla Firefox ESR 60.4 and Mozilla Thunderbird 60.5 : Mozilla developers and community members Alex Gaynor, Christoph Diehl, Steven Crane, Jason Kratzer, Gary Kwong, and Christian Holler reported memory safety bugs present in Firefox 64 and Firefox ESR 60.4. Some of these bugs ...

oval:org.secpod.oval:def:50459
Mozilla Firefox 65, Mozilla Firefox ESR 60.5 and Mozilla Thunderbird 60.5 : An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC endpoints and server parents during IPC process creation. This authentication is insuffi ...

oval:org.secpod.oval:def:47769
Mozilla Firefox 62.0.3, Mozilla Firefox ESR 60.2.2 : A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. This leaks a memory address to the calling function which can be used as ...

oval:org.secpod.oval:def:47770
The host is missing a critical security update according to Mozilla advisory, MFSA2018-24. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code.

oval:org.secpod.oval:def:44694
Mozilla Firefox before 59.0, Firefox ESR before 52.7 or Thunderbird before 52.7 : A buffer overflow can occur when manipulating the SVG animatedPathSegList through script. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:44695
Mozilla Firefox before 59.0, Firefox ESR before 52.7 or Thunderbird before 52.7 : A lack of parameter validation on IPC messages results in a potential out-of-bounds write through malformed IPC messages. This can potentially allow for sandbox escape through memory corruption in the parent process.

oval:org.secpod.oval:def:44696
Mozilla Firefox before 59.0 or Firefox ESR before 52.7 : When packets with a mismatched RTP payload type are sent in WebRTC connections, in some circumstances a potentially exploitable crash is triggered.

oval:org.secpod.oval:def:44697
Mozilla Firefox before 59.0 or Firefox ESR before 52.7 : Under certain circumstances the fetch() API can return transient local copies of resources that were sent with a no-store or no-cache cache header instead of downloading a copy from the network as it should. This can result in previously store ...

oval:org.secpod.oval:def:44693
Mozilla Firefox before 59.0, Firefox ESR before 52.7 or Thunderbird before 52.7 : Mozilla developers and community members reported memory safety bugs present in Firefox and Firefox ESR. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these ...

oval:org.secpod.oval:def:44698
Mozilla Firefox before 59.0 : Mozilla developers and community members reported memory safety bugs present in Firefox. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.

oval:org.secpod.oval:def:44699
Mozilla Firefox before 59.0 : A use-after-free vulnerability can occur when manipulating elements, events, and selection ranges during editor operations. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:44713
The host is missing a critical security update according to Mozilla advisory, MFSA2018-06. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ...

oval:org.secpod.oval:def:44766
Mozilla Firefox before 59.0.1 or Firefox ESR before 52.7.2 : An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest.

oval:org.secpod.oval:def:44767
The host is missing a critical security update according to Mozilla advisory, MFSA2018-08. The update is required to fix out-of-bound memory write vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to crash the se ...

oval:org.secpod.oval:def:44774
Mozilla Firefox before 59.0.2 or Firefox ESR before 52.7.3 : A use-after-free vulnerability can occur in the compositor during certain graphics operations when a raw pointer is used instead of a reference counted one. This results in a potentially exploitable crash.

oval:org.secpod.oval:def:44775
The host is missing a important security update according to Mozilla advisory, MFSA2018-10. The update is required to fix use-after-free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to crash the service.

oval:org.secpod.oval:def:46789
The host is missing a high severity security update according to Google advisory. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:46752
The host is missing a high severity security update according to Google advisory. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:46827
The host is missing a high severity security update according to Google advisory. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:46821
The host is missing a high severity security update according to Google advisory. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to have unspecified impact.

oval:org.secpod.oval:def:53380
Several vulnerabilities have been discovered in the chromium web browser. CVE-2018-4117 AhsanEjaz discovered an information leak. Rob Wu discovered a way to escalate privileges using extensions. CVE-2018-6150 Rob Wu discovered an information disclosure issue . CVE-2018-6151 Rob Wu discovered an issu ...

oval:org.secpod.oval:def:115022
Chromium is an open-source web browser, powered by WebKit .

oval:org.secpod.oval:def:115120
Chromium is an open-source web browser, powered by WebKit .

CVE    866
CVE-2016-10109
CVE-2016-1371
CVE-2016-1372
CVE-2016-1582
...
*CPE
cpe:/o:canonical:ubuntu_linux:16.04::~~lts~~~

© SecPod Technologies