Download
| Alert*
oval:org.secpod.oval:def:104440
The Snack Sound Toolkit is designed to be used with a scripting language such as Tcl/Tk or Python. Using Snack you can create powerful multi-platform audio applications with just a few lines of code. Snack has commands for basic sound handling, such as playback, recording, file and socket I/O. Snack ... oval:org.secpod.oval:def:104437 The Snack Sound Toolkit is designed to be used with a scripting language such as Tcl/Tk or Python. Using Snack you can create powerful multi-platform audio applications with just a few lines of code. Snack has commands for basic sound handling, such as playback, recording, file and socket I/O. Snack ... oval:org.secpod.oval:def:104462 The Snack Sound Toolkit is designed to be used with a scripting language such as Tcl/Tk or Python. Using Snack you can create powerful multi-platform audio applications with just a few lines of code. Snack has commands for basic sound handling, such as playback, recording, file and socket I/O. Snack ... oval:org.secpod.oval:def:52424 firefox: Mozilla Open Source web browser Details: USN-2505-1 fixed vulnerabilities in Firefox. This update removed the deprecated quot;-remotequot; command-line switch that some older software still depends on. This update fixes the problem. We apologize for the inconvenience. Original advisory USN- ... oval:org.secpod.oval:def:601941 Jakub Wilk discovered that in requests, an HTTP library for the Python language, authentication information was improperly handled when a redirect occured. This would allow remote servers to obtain two different types of sensitive information: proxy passwords from the Proxy-Authorization header , or ... oval:org.secpod.oval:def:104802 Libarchive is a programming library that can create and read several different streaming archive formats, including most popular tar variants, several cpio formats, and both BSD and GNU ar variants. It can also write shar archives and read ISO9660 CDROM images and ZIP archives. oval:org.secpod.oval:def:104801 Libarchive is a programming library that can create and read several different streaming archive formats, including most popular tar variants, several cpio formats, and both BSD and GNU ar variants. It can also write shar archives and read ISO9660 CDROM images and ZIP archives. oval:org.secpod.oval:def:104829 Libarchive is a programming library that can create and read several different streaming archive formats, including most popular tar variants, several cpio formats, and both BSD and GNU ar variants. It can also write shar archives and read ISO9660 CDROM images and ZIP archives. oval:org.secpod.oval:def:104828 Libarchive is a programming library that can create and read several different streaming archive formats, including most popular tar variants, several cpio formats, and both BSD and GNU ar variants. It can also write shar archives and read ISO9660 CDROM images and ZIP archives. oval:org.secpod.oval:def:601805 Multiple vulnerabilities have been discovered in Pidgin, a multi-protocol instant messaging client: CVE-2014-3694 It was discovered that the SSL/TLS plugins failed to validate the basic constraints extension in intermediate CA certificates. CVE-2014-3695 Yves Younan and Richard Johnson discovered th ... oval:org.secpod.oval:def:21527 The host is installed with Pidgin before 2.10.10 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle a crafted certificate. Successful exploitation allows attackers to spoof servers and obtain sensitive information. oval:org.secpod.oval:def:1502005 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:107885 Pidgin allows you to talk to anyone using a variety of messaging protocols including AIM, MSN, Yahoo!, Jabber, Bonjour, Gadu-Gadu, ICQ, IRC, Novell Groupwise, QQ, Lotus Sametime, SILC, Simple and Zephyr. These protocols are implemented using a modular, easy to use design. To use a protocol, just add ... oval:org.secpod.oval:def:108443 The FreeType engine is a free and portable font rendering engine, developed to provide advanced font support for a variety of platforms and environments. FreeType is a library which can open and manages font files as well as efficiently load, hint and render individual glyphs. FreeType is not a font ... oval:org.secpod.oval:def:24041 The host is installed with QT through 3.3.6-26 on Red Hat Enterprise Linux 5, through 4.6.2-28 on Red Hat Enterprise Linux 6, and 4.8.5-8 on Red Hat Enterprise Linux 7 and is prone to a denial of service vulnerability. A flaw is present in the application, which does not properly calculate the masks ... oval:org.secpod.oval:def:704161 policykit-1: framework for managing administrative policies and privileges Several security issues were fixed in PolicyKit. oval:org.secpod.oval:def:109279 polkit is a toolkit for defining and handling authorizations. It is used for allowing unprivileged processes to speak to privileged processes. oval:org.secpod.oval:def:109350 polkit is a toolkit for defining and handling authorizations. It is used for allowing unprivileged processes to speak to privileged processes. oval:org.secpod.oval:def:52460 wpa: client support for WPA and WPA2 wpa_supplicant could be made to crash, expose memory, or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:1501035 The wpa_supplicant package contains an 802.1X Supplicant with support for WEP, WPA, WPA2 , and various EAP authentication methods. It implements key negotiation with a WPA Authenticator for client stations and controls the roaming and IEEE 802.11 authentication and association of the WLAN driver. A ... oval:org.secpod.oval:def:109373 wpa_supplicant is a WPA Supplicant for Linux, BSD and Windows with support for WPA and WPA2 . Supplicant is the IEEE 802.1X/WPA component that is used in the client stations. It implements key negotiation with a WPA Authenticator and it controls the roaming and IEEE 802.11 authentication/association ... oval:org.secpod.oval:def:108789 wpa_supplicant is a WPA Supplicant for Linux, BSD and Windows with support for WPA and WPA2 . Supplicant is the IEEE 802.1X/WPA component that is used in the client stations. It implements key negotiation with a WPA Authenticator and it controls the roaming and IEEE 802.11 authentication/association ... oval:org.secpod.oval:def:602065 The Google security team and the smart hardware research group of Alibaba security team discovered a flaw in how wpa_supplicant used SSID information when creating or updating P2P peer entries. A remote attacker can use this flaw to cause wpa_supplicant to crash, expose memory contents, and potentia ... oval:org.secpod.oval:def:501578 The wpa_supplicant package contains an 802.1X Supplicant with support for WEP, WPA, WPA2 , and various EAP authentication methods. It implements key negotiation with a WPA Authenticator for client stations and controls the roaming and IEEE 802.11 authentication and association of the WLAN driver. A ... oval:org.secpod.oval:def:108854 wpa_supplicant is a WPA Supplicant for Linux, BSD and Windows with support for WPA and WPA2 . Supplicant is the IEEE 802.1X/WPA component that is used in the client stations. It implements key negotiation with a WPA Authenticator and it controls the roaming and IEEE 802.11 authentication/association ... oval:org.secpod.oval:def:106867 Cacti is a complete frontend to RRDTool. It stores all of the necessary information to create graphs and populate them with data in a MySQL database. The frontend is completely PHP driven. Along with being able to maintain graphs, data sources, and round robin archives in a database, Cacti also hand ... oval:org.secpod.oval:def:107168 Cacti is a complete frontend to RRDTool. It stores all of the necessary information to create graphs and populate them with data in a MySQL database. The frontend is completely PHP driven. Along with being able to maintain graphs, data sources, and round robin archives in a database, Cacti also hand ... oval:org.secpod.oval:def:1600382 Various cross-site scripting flaws and various SQL injection flaws were discovered affecting versions of Cacti prior to 0.8.8g. oval:org.secpod.oval:def:204181 FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. Multiple integer overflow flaws and an integer signedness flaw, leading to heap-based buffer overflows, were found in the way FreeType handled ... oval:org.secpod.oval:def:110041 The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. The package is organized so that it contains a light-weight API suitable for use in any environment with the additional infrastructure to conform the algorithms to the JCE framework. oval:org.secpod.oval:def:105926 Cacti is a complete frontend to RRDTool. It stores all of the necessary information to create graphs and populate them with data in a MySQL database. The frontend is completely PHP driven. Along with being able to maintain graphs, data sources, and round robin archives in a database, Cacti also hand ... oval:org.secpod.oval:def:203584 FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. Multiple integer overflow flaws and an integer signedness flaw, leading to heap-based buffer overflows, were found in the way FreeType handled ... oval:org.secpod.oval:def:1300184 A vulnerability has been found and corrected in libarchive: Fabian Yamaguchi reported a read buffer overflow flaw in libarchive on 64-bit systems where sizeof is equal to 8. In the archive_write_zip_data function in libarchive/ archive_write_set_format_zip.c, the "s" parameter is of type s ... oval:org.secpod.oval:def:105918 Cacti is a complete frontend to RRDTool. It stores all of the necessary information to create graphs and populate them with data in a MySQL database. The frontend is completely PHP driven. Along with being able to maintain graphs, data sources, and round robin archives in a database, Cacti also hand ... oval:org.secpod.oval:def:203642 The wpa_supplicant package contains an 802.1X Supplicant with support for WEP, WPA, WPA2 , and various EAP authentication methods. It implements key negotiation with a WPA Authenticator for client stations and controls the roaming and IEEE 802.11 authentication and association of the WLAN driver. A ... oval:org.secpod.oval:def:702260 requests: elegant and simple HTTP library for Python Requests could be made to expose authentication credentials over the network. oval:org.secpod.oval:def:702265 pidgin: graphical multi-protocol instant messaging client for X Several security issues were fixed in Pidgin. oval:org.secpod.oval:def:1300225 Multiple vulnerabilities has been discovered and corrected in cacti: Multiple cross-site scripting vulnerabilities in Cacti 0.8.8b and earlier allow remote attackers to inject arbitrary web script or HTML via the step parameter to install/index.php or the id parameter to cacti/host.php . SQL inje ... oval:org.secpod.oval:def:702498 firefox: Mozilla Open Source web browser Firefox could be made to bypass SSL certificate verification. oval:org.secpod.oval:def:702476 libarchive: Library to read/write archive files libarchive could be made to crash or overwrite files. oval:org.secpod.oval:def:702587 qt4-x11: Qt 4 libraries - qtbase-opensource-src: Qt 5 libraries Qt could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:702453 firefox: Mozilla Open Source web browser Details: USN-2505-1 fixed vulnerabilities in Firefox. This update removed the deprecated quot;-remotequot; command-line switch that some older software still depends on. This update fixes the problem. We apologize for the inconvenience. Original advisory USN- ... oval:org.secpod.oval:def:1500981 X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. A buffer over-read flaw was found in the way the X.Org server handled XkbGetGeometry requests. A malicious, authorized client co ... oval:org.secpod.oval:def:1500982 X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. A buffer over-read flaw was found in the way the X.Org server handled XkbGetGeometry requests. A malicious, authorized client co ... oval:org.secpod.oval:def:702430 freetype: FreeType 2 is a font engine library FreeType could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:601095 Two vulnerabilities were discovered in Cacti, a web interface for graphing of monitoring systems: CVE-2013-5588 install/index.php and cacti/host.php suffered from Cross-Site Scripting vulnerabilities. CVE-2013-5589 cacti/host.php contained an SQL injection vulnerability, allowing an attacker to exec ... oval:org.secpod.oval:def:702421 xorg-server: X.Org X11 server - xorg-server-lts-utopic: X.Org X11 server - xorg-server-lts-trusty: X.Org X11 server Several security issues were fixed in the X.Org X server. oval:org.secpod.oval:def:203605 X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. A buffer over-read flaw was found in the way the X.Org server handled XkbGetGeometry requests. A malicious, authorized client co ... oval:org.secpod.oval:def:1500945 The tt_face_load_hdmx function in truetype/ttpload.c in FreeType before 2.5.4 does not establish a minimum record size, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font. oval:org.secpod.oval:def:1500946 The tt_face_load_hdmx function in truetype/ttpload.c in FreeType before 2.5.4 does not establish a minimum record size, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font. oval:org.secpod.oval:def:702872 libsndfile: Library for reading/writing audio files libsndfile could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:702517 wpa: client support for WPA and WPA2 wpa_supplicant could be made to crash, expose memory, or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:54504 Mathy Vanhoef and Eyal Ronen found multiple vulnerabilities in the WPA implementation found in wpa_supplication and hostapd . These vulnerability are also collectively known as "Dragonblood". CVE-2019-9495 Cache-based side-channel attack against the EAP-pwd implementation: an attacker a ... oval:org.secpod.oval:def:52643 libsndfile: Library for reading/writing audio files libsndfile could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:108339 libsndfile is a C library for reading and writing sound files such as AIFF, AU, WAV, and others through one standard interface. It can currently read/write 8, 16, 24 and 32-bit PCM files as well as 32 and 64-bit floating point WAV files and a number of compressed formats. It compiles and runs on *ni ... oval:org.secpod.oval:def:108333 libsndfile is a C library for reading and writing sound files such as AIFF, AU, WAV, and others through one standard interface. It can currently read/write 8, 16, 24 and 32-bit PCM files as well as 32 and 64-bit floating point WAV files and a number of compressed formats. It compiles and runs on *ni ... oval:org.secpod.oval:def:204208 The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. It was discovered that, under certain circumstanc ... oval:org.secpod.oval:def:1500992 The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A buffer overflow flaw was found in the way glibc ... oval:org.secpod.oval:def:25777 glibc: GNU C Library - eglibc: GNU C Library Several security issues were fixed in the GNU C Library. oval:org.secpod.oval:def:25778 glibc: GNU C Library - eglibc: GNU C Library Several security issues were fixed in the GNU C Library. oval:org.secpod.oval:def:702437 glibc: GNU C Library - eglibc: GNU C Library Several security issues were fixed in the GNU C Library. oval:org.secpod.oval:def:701950 horizon: Web interface for OpenStack cloud infrastructure OpenStack Horizon did not properly process Heat templates. oval:org.secpod.oval:def:106901 Horizon is a Django application for providing Openstack UI components. It allows performing site administrator and end user operations oval:org.secpod.oval:def:106982 This package contains the Qt software toolkit for developing cross-platform applications. This is the Windows version of Qt, for use in conjunction with the Fedora Windows cross-compiler. oval:org.secpod.oval:def:106987 This package contains the Qt software toolkit for developing cross-platform applications. This is the Windows version of Qt, for use in conjunction with the Fedora Windows cross-compiler. oval:org.secpod.oval:def:108803 Qt is a GUI software toolkit which simplifies the task of writing and maintaining GUI applications for the X Window System. Qt is written in C++ and is fully object-oriented. This package contains the shared library needed to run Qt 3 applications, as well as the README files for Qt 3. oval:org.secpod.oval:def:106989 This package contains the Qt software toolkit for developing cross-platform applications. This is the Windows version of Qt, for use in conjunction with the Fedora Windows cross-compiler. oval:org.secpod.oval:def:108809 Qt is a GUI software toolkit which simplifies the task of writing and maintaining GUI applications for the X Window System. Qt is written in C++ and is fully object-oriented. This package contains the shared library needed to run Qt 3 applications, as well as the README files for Qt 3. oval:org.secpod.oval:def:21830 The host is installed with qt, qt3 or qt4 before 5.3 and is prone to a denial of service vulnerability. A flaw is present in the applications, which fail to properly handle invalid width and height values in a GIF image. Successful exploitation allows remote attackers to cause a denial of service (N ... oval:org.secpod.oval:def:52494 qt4-x11: Qt 4 libraries - qtbase-opensource-src: Qt 5 libraries Qt could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:106992 This package contains the Qt software toolkit for developing cross-platform applications. This is the Windows version of Qt, for use in conjunction with the Fedora Windows cross-compiler. oval:org.secpod.oval:def:107094 Qt is a GUI software toolkit which simplifies the task of writing and maintaining GUI applications for the X Window System. Qt is written in C++ and is fully object-oriented. This package contains the shared library needed to run Qt 3 applications, as well as the README files for Qt 3. oval:org.secpod.oval:def:107085 Qt is a GUI software toolkit which simplifies the task of writing and maintaining GUI applications for the X Window System. Qt is written in C++ and is fully object-oriented. This package contains the shared library needed to run Qt 3 applications, as well as the README files for Qt 3. oval:org.secpod.oval:def:108481 Qt is a GUI software toolkit which simplifies the task of writing and maintaining GUI applications for the X Window System. Qt is written in C++ and is fully object-oriented. This package contains the shared library needed to run Qt 3 applications, as well as the README files for Qt 3. oval:org.secpod.oval:def:107023 Qt is a software toolkit for developing applications. This package contains base tools, like string, xml, and network handling. oval:org.secpod.oval:def:108796 Qt is a software toolkit for developing applications. This package contains base tools, like string, xml, and network handling. oval:org.secpod.oval:def:108469 Qt is a software toolkit for developing applications. This package contains base tools, like string, xml, and network handling. oval:org.secpod.oval:def:108788 Qt is a software toolkit for developing applications. This package contains base tools, like string, xml, and network handling. oval:org.secpod.oval:def:108774 Qt is a software toolkit for developing applications. This package contains base tools, like string, xml, and network handling. oval:org.secpod.oval:def:106894 Qt is a software toolkit for developing applications. This package contains base tools, like string, xml, and network handling. oval:org.secpod.oval:def:108502 Qt is a GUI software toolkit which simplifies the task of writing and maintaining GUI applications for the X Window System. Qt is written in C++ and is fully object-oriented. This package contains the shared library needed to run Qt 3 applications, as well as the README files for Qt 3. oval:org.secpod.oval:def:108508 Qt is a software toolkit for developing applications. This package contains base tools, like string, xml, and network handling. oval:org.secpod.oval:def:1200105 Multiple integer overflow flaws and an integer signedness flaw, leading to heap-based buffer overflows, were found in the way FreeType handled Mac fonts. If a specially crafted font file was loaded by an application linked against FreeType, it could cause the application to crash or, potentially, ex ... oval:org.secpod.oval:def:601984 Mateusz Jurczyk discovered multiple vulnerabilities in Freetype. Opening malformed fonts may result in denial of service or the execution of arbitrary code. oval:org.secpod.oval:def:203573 FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. Multiple integer overflow flaws and an integer signedness flaw, leading to heap-based buffer overflows, were found in the way FreeType handled ... oval:org.secpod.oval:def:52414 freetype: FreeType 2 is a font engine library FreeType could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:501539 FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. Multiple integer overflow flaws and an integer signedness flaw, leading to heap-based buffer overflows, were found in the way FreeType handled ... oval:org.secpod.oval:def:602358 Mateusz Jurczyk discovered multiple vulnerabilities in Freetype. Opening malformed fonts may result in denial of service or the execution of arbitrary code. oval:org.secpod.oval:def:203616 The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A buffer overflow flaw was found in the way glibc ... oval:org.secpod.oval:def:108438 The FreeType engine is a free and portable font rendering engine, developed to provide advanced font support for a variety of platforms and environments. FreeType is a library which can open and manages font files as well as efficiently load, hint and render individual glyphs. FreeType is not a font ... oval:org.secpod.oval:def:203606 X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. A buffer over-read flaw was found in the way the X.Org server handled XkbGetGeometry requests. A malicious, authorized client co ... oval:org.secpod.oval:def:704246 bouncycastle: Java implementation of cryptographic algorithms Several security issues were fixed in Bouncy Castle. oval:org.secpod.oval:def:602297 Tibor Jager, Jörg Schwenk, and Juraj Somorovsky, from Horst Görtz Institute for IT Security, published a paper in ESORICS 2015 where they describe an invalid curve attack in Bouncy Castle Crypto, a Java library for cryptography. An attacker is able to recover private Elliptic C ... oval:org.secpod.oval:def:1200122 A buffer overflow flaw was found in the way glibc"s gethostbyname_r and other related functions computed the size of a buffer when passed a misaligned buffer as input. An attacker able to make an application call any of these functions with a misaligned buffer could use this flaw to crash the applic ... oval:org.secpod.oval:def:1200040 A buffer overflow flaw was found in the way glibc"s gethostbyname_r and other related functions computed the size of a buffer when passed a misaligned buffer as input. An attacker able to make an application call any of these functions with a misaligned buffer could use this flaw to crash the applic ... oval:org.secpod.oval:def:1501252 It was discovered that, under certain circumstances, glibc's getaddrinfo() function would send DNS queries to random file descriptors. An attacker could potentially use this flaw to send DNS queries to unintended recipients, resulting in information disclosure or data loss due to the application enc ... oval:org.secpod.oval:def:501700 The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. It was discovered that, under certain circumstanc ... oval:org.secpod.oval:def:52417 glibc: GNU C Library - eglibc: GNU C Library Several security issues were fixed in the GNU C Library. oval:org.secpod.oval:def:501562 The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A buffer overflow flaw was found in the way glibc ... oval:org.secpod.oval:def:52435 libarchive: Library to read/write archive files libarchive could be made to crash or overwrite files. oval:org.secpod.oval:def:5534 The host is missing a high severity security update according to Google advisory. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle memory. Successful exploitation allows attackers to cause denial of service. oval:org.secpod.oval:def:24000 The host is installed with Mozilla Firefox before 37.0 and is prone to a denial of service vulnerability. A flaw is present in the application, which uses incompatible approaches to the deallocation of memory for simple-type arrays. Successful exploitation could allow attackers to cause a denial of ... oval:org.secpod.oval:def:24001 The host is missing a critical security update according to Mozilla advisory, MSFA-2015-36. The update is required to fix a denial of service vulnerability. A flaw is present in the application, which uses incompatible approaches to the deallocation of memory for simple-type arrays. Successful explo ... oval:org.secpod.oval:def:24002 The host is installed with Mozilla Firefox before 37.0 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle vectors that trigger rendering of 2D graphics content. Successful exploitation could allow attackers to execute arbitrary code or caus ... oval:org.secpod.oval:def:24003 The host is installed with Mozilla Firefox before 37.0 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle vectors that trigger rendering of 2D graphics content. Successful exploitation could allow attackers to execute arbitrary code or caus ... oval:org.secpod.oval:def:24004 The host is missing a critical security update according to Mozilla advisory, MSFA-2015-38. The update is required to a denial of service vulnerability. A flaw is present in the application, which fails to handle vectors that trigger rendering of 2D graphics content. Successful exploitation could al ... oval:org.secpod.oval:def:24005 The host is installed with Mozilla Firefox before 37.0 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle a crafted HTML document containing a SOURCE element. Successful exploitation could allow attackers to execute arbitrary code or cause ... oval:org.secpod.oval:def:24006 The host is installed with Mozilla Firefox before 37.0 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle a crafted HTML document. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service (use-aft ... oval:org.secpod.oval:def:24007 The host is missing a critical security update according to Mozilla advisory, MSFA-2015-39. The update is required to a denial of service vulnerability. A flaw is present in the application, which fails to handle a crafted HTML document. Successful exploitation could allow attackers to execute arbit ... oval:org.secpod.oval:def:24008 The host is installed with Mozilla Firefox before 37.0 and is prone to an arbitrary code execution vulnerability. A flaw is present in the application, which fails to handle certain content navigation that leverages the reachability of a privileged window with an unintended persistence of access to ... oval:org.secpod.oval:def:24009 The host is missing a critical security update according to Mozilla advisory, MSFA-2015-42. The update is required to an arbitrary code execution vulnerability. A flaw is present in the application, which fails to handle certain content navigation that leverages the reachability of a privileged wind ... oval:org.secpod.oval:def:24049 The host is installed with Mozilla Firefox before 37.0.1 and is prone to a security bypass vulnerability. A flaw is present in the application, which does not properly handle an Alt-Svc header specification in the HTTP/2 response. Successful exploitation could allow attackers to bypass the SSL certi ... oval:org.secpod.oval:def:52447 firefox: Mozilla Open Source web browser Firefox could be made to bypass SSL certificate verification. oval:org.secpod.oval:def:24050 The host is missing a critical security update according to Mozilla advisory, MFSA-2015-44. The update is required to fix a security bypass vulnerability. A flaw is present in the application, which does not properly handle an Alt-Svc header specification in the HTTP/2 response. Successful exploitat ... oval:org.secpod.oval:def:24719 The host is installed with Mozilla Firefox before 38.0 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle an improper Media Decoder Thread creation at the time of a shutdown. Successful exploitation could allow attackers to execute arbitrar ... oval:org.secpod.oval:def:24720 The host is installed with Mozilla Firefox before 38.0 and is prone to an integer overflow vulnerability. A flaw is present in the application, which fails to handle an MP4 video file containing invalid metadata. Successful exploitation could allow attackers to execute arbitrary code or cause a deni ... oval:org.secpod.oval:def:24721 The host is installed with Mozilla Firefox before 38.0 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to handle a crafted web site containing an IFRAME element referencing a different web site that is intended to read this data. Successful exploita ... oval:org.secpod.oval:def:24722 The host is installed with Mozilla Firefox before 38.0 and is prone to an information disclosure vulnerability. A flaw is present in the application, which does not recognize a referrer policy delivered by a referrer META element in cases of context-menu navigation and middle-click navigation. Succe ... oval:org.secpod.oval:def:24723 The host is installed with Mozilla Firefox before 38.0 and is prone to an information disclosure vulnerability. A flaw is present in the application, which does not properly determine heap lengths during identification of cases in which bounds checking may be safely skipped. Successful exploitation ... oval:org.secpod.oval:def:24724 The host is installed with Mozilla Firefox before 38.0 and is prone to multiple unspecified vulnerabilities. The flaws are present in the application, which fails to handle unknown vectors. Successful exploitation could allow attackers to cause a denial of service (memory corruption and application ... oval:org.secpod.oval:def:24727 The host is missing a critical security update according to Mozilla advisory, MFSA-2015-49. The update is required to fix an information disclosure vulnerability. A flaw is present in the application, which does not recognize a referrer policy delivered by a referrer META element in cases of context ... oval:org.secpod.oval:def:24728 The host is missing a critical security update according to Mozilla advisory, MFSA-2015-50. The update is required to fix an information disclosure vulnerability. A flaw is present in the application, which does not properly determine heap lengths during identification of cases in which bounds check ... oval:org.secpod.oval:def:24730 The host is missing a critical security update according to Mozilla advisory, MFSA-2015-53. The update is required to fix a denial of service vulnerability. A flaw is present in the application, which fails to handle an improper Media Decoder Thread creation at the time of a shutdown. Successful exp ... oval:org.secpod.oval:def:24732 The host is missing a critical security update according to Mozilla advisory, MFSA-2015-55. The update is required to fix an integer overflow vulnerability. A flaw is present in the application, which fails to handle an MP4 video file containing invalid metadata. Successful exploitation could allow ... oval:org.secpod.oval:def:24733 The host is missing a critical security update according to Mozilla advisory, MFSA-2015-56. The update is required to fix a security bypass vulnerability. A flaw is present in the application, which fails to handle a crafted web site containing an IFRAME element referencing a different web site that ... oval:org.secpod.oval:def:601957 Olivier Fourdan discovered that missing input validation in the Xserver"s handling of XkbSetGeometry requests may result in an information leak or denial of service. oval:org.secpod.oval:def:1200056 A buffer over-read flaw was found in the way the X.Org server handled XkbGetGeometry requests. A malicious, authorized client could use this flaw to disclose portions of the X.Org server memory, or cause the X.Org server to crash using a specially crafted XkbGetGeometry request oval:org.secpod.oval:def:52445 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:52409 xorg-server: X.Org X11 server - xorg-server-lts-utopic: X.Org X11 server - xorg-server-lts-trusty: X.Org X11 server Several security issues were fixed in the X.Org X server. oval:org.secpod.oval:def:52419 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:25775 xorg-server: X.Org X11 server - xorg-server-lts-utopic: X.Org X11 server - xorg-server-lts-trusty: X.Org X11 server Several security issues were fixed in the X.Org X server. oval:org.secpod.oval:def:23689 The host is installed with Mozilla Firefox before 36.0 and is prone to a clickjacking attack vulnerability. A flaw is present in the application, which fails to properly handle an API call that originates from a background tab. Successful exploitation could allow attackers to conduct spoofing and cl ... oval:org.secpod.oval:def:23688 The host is missing a moderate security update according to Mozilla advisory, MFSA2015-25. The update is required to fix an user-assisted arbitrary code execution vulnerability. A flaw is present in the application, which fails to properly handle a crafted web site that is accessed with unspecified ... oval:org.secpod.oval:def:23690 The host is missing a moderate security update according to Mozilla advisory, MFSA2015-26. The update is required to fix a clickjacking attack vulnerability. A flaw is present in the application, which fails to properly handle an API call that originates from a background tab. Successful exploitatio ... oval:org.secpod.oval:def:23692 The host is missing a security update according to Mozilla advisory, MFSA2015-27. The update is required to fix a Caja compiler javaScript sandbox bypass vulnerability. A flaw is present in the application, which fails to properly restrict transitions of JavaScript objects from a non-extensible stat ... oval:org.secpod.oval:def:23691 The host is installed with Mozilla Firefox before 36.0 and is prone to a Caja compiler javaScript sandbox bypass vulnerability. A flaw is present in the application, which fails to properly restrict transitions of JavaScript objects from a non-extensible state to an extensible state. Successful expl ... oval:org.secpod.oval:def:23679 The host is installed with Mozilla Firefox before 36.0 and is prone to a stack based buffer overflow vulnerability. A flaw is present in the application, which fails to properly handle a malformed MP3 file. Successful exploitation could allow attackers to disclose sensitive information. oval:org.secpod.oval:def:23678 The host is missing an important security update according to Mozilla advisory, MFSA2015-20. The update is required to fix a denial of service vulnerability. A flaw is present in the applications, which fails to properly handle a crafted Cascading Style Sheets (CSS) token sequence. Successful exploi ... oval:org.secpod.oval:def:23677 The host is installed with Mozilla Firefox before 36.0 and is prone to a denial of service vulnerability. A flaw is present in the applications, which fails to properly handle a crafted Cascading Style Sheets (CSS) token sequence. Successful exploitation could allow attackers to execute arbitrary co ... oval:org.secpod.oval:def:501554 X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. A buffer over-read flaw was found in the way the X.Org server handled XkbGetGeometry requests. A malicious, authorized client co ... oval:org.secpod.oval:def:23687 The host is installed with Mozilla Firefox before 36.0 and is prone to an user-assisted arbitrary code execution vulnerability. A flaw is present in the application, which fails to properly handle a crafted web site that is accessed with unspecified mouse and keyboard actions. Successful exploitatio ... oval:org.secpod.oval:def:23684 The host is missing a security update according to Mozilla advisory, MFSA2015-23. Thr update is required to fix an use-after-free vulnerabilities. The flaws are present in the application, which fails to properly handle incorrect macro expansion. Successful exploitation could allow attackers to prod ... oval:org.secpod.oval:def:23683 The host is installed with Mozilla Firefox before 36.0 and is prone to multiple use-after-free vulnerabilities. The flaws are present in the application, which fails to properly handle incorrect macro expansion. Successful exploitation could allow attackers to produce unspecified impact. oval:org.secpod.oval:def:23682 The host is missing a moderate security update according to Mozilla advisory, MFSA2015-22. The update is required to fix a denial of service vulnerability. A flaw is present in the application, which fails to properly handle vectors that trigger use of DrawTarget and the Cairo library for image draw ... oval:org.secpod.oval:def:23681 The host is installed with Mozilla Firefox before 36.0 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle vectors that trigger use of DrawTarget and the Cairo library for image drawing. Successful exploitation could allow attackers ... oval:org.secpod.oval:def:23680 The host is missing an important security update according to Mozilla advisory, MFSA2015-21. The update is required to fix a stack based buffer overflow vulnerability. A flaw is present in the application, which fails to properly handle a malformed MP3 file. Successful exploitation could allow attac ... oval:org.secpod.oval:def:108554 NX is a software suite which implements very efficient compression of the X11 protocol. This increases performance when using X applications over a network, especially a slow one. This package provides the core nx-X11 libraries customized for nxagent/x2goagent. oval:org.secpod.oval:def:702491 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:108558 NX is a software suite which implements very efficient compression of the X11 protocol. This increases performance when using X applications over a network, especially a slow one. This package provides the core nx-X11 libraries customized for nxagent/x2goagent. oval:org.secpod.oval:def:702441 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:23668 The host is missing a security update according to Mozilla advisory, MFSA2015-15. The update is required to fix a man in the middle attack vulnerability. A flaw is present in the application, which fails to use TLS to access TURN or STUN server. Successful exploitation could allow attackers to disco ... oval:org.secpod.oval:def:23667 The host is installed with Mozilla Firefox before 36.0 and is prone to a man in the middle attack vulnerability. A flaw is present in the application, which fails to use TLS to access TURN or STUN server. Successful exploitation could allow attackers to discover credentials by spoofing a server. oval:org.secpod.oval:def:23666 The host is missing a moderate security update according to Mozilla advisory, MFSA2015-14. The update is required to fix a denial of service vulnerability. A flaw is present in the application, which fails to properly allocate memory for copying an unspecified string to a shader's compilation log. S ... oval:org.secpod.oval:def:23672 The host is missing a critical security update according to Mozilla advisory, MFSA2015-17. The update is required to fix a buffer overflow vulnerability. A flaw is present in the application, which fails to properly handle a crafted MP4 video during playback. Successful exploitation could allow atta ... oval:org.secpod.oval:def:23671 The host is installed with Mozilla Firefox before 36.0 and is prone to a buffer overflow vulnerability. A flaw is present in the application, which fails to properly handle a crafted MP4 video during playback. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:23665 The host is installed with Mozilla Firefox before 36.0 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly allocate memory for copying an unspecified string to a shader's compilation log. Successful exploitation could allow attackers to cr ... oval:org.secpod.oval:def:23664 The host is missing a moderate security update according to Mozilla advisory, MFSA2015-13. The update is required to fix a man in the middle attack vulnerability. A flaw is present in the application, which fails to handle unknown vectors. Successful exploitation could allow attackers to bypass key ... oval:org.secpod.oval:def:23663 The host is installed with Mozilla Firefox before 36.0 and is prone to a man in the middle attack vulnerability. A flaw is present in the application, which fails to handle unknown vectors. Successful exploitation could allow attackers to bypass key pinning (HPKP) and HTTP Strict Transport Security ... oval:org.secpod.oval:def:23999 The host is missing a critical security update according to Mozilla advisory, MSFA-2015-34. The update is required to fix an information disclosure vulnerability. A flaw is present in the application, which fails to handle an image that is improperly handled during transformation. Successful exploit ... oval:org.secpod.oval:def:23998 The host is installed with Mozilla Firefox before 37.0 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle an image that is improperly handled during transformation. Successful exploitation could allow attackers to obtain sensitive inf ... oval:org.secpod.oval:def:23997 The host is missing a critical security update according to Mozilla advisory, MSFA-2015-32. The update is required to fix security bypass vulnerability. A flaw is present in the application, which fails to handle unknown vectors. Successful exploitation could allow man-in-the-middle attackers to byp ... oval:org.secpod.oval:def:23996 The host is installed with Mozilla Firefox before 37.0 and is prone to security bypass vulnerability. A flaw is present in the application, which fails to handle unknown vectors. Successful exploitation could allow man-in-the-middle attackers to bypass an intended user-confirmation requirement by de ... oval:org.secpod.oval:def:52482 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:52475 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:1501011 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ... oval:org.secpod.oval:def:1501019 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A ... oval:org.secpod.oval:def:1501018 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A ... oval:org.secpod.oval:def:1501005 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ... oval:org.secpod.oval:def:1501003 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ... oval:org.secpod.oval:def:203634 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A ... oval:org.secpod.oval:def:203636 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A ... oval:org.secpod.oval:def:203635 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A ... oval:org.secpod.oval:def:203627 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ... oval:org.secpod.oval:def:203626 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ... oval:org.secpod.oval:def:203625 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ... oval:org.secpod.oval:def:602101 Multiple security issues have been found in Icedove, Debian"s version of the Mozilla Thunderbird mail client: Multiple memory safety errors, buffer overflows and use-after-frees may lead to the execution of arbitrary code, privilege escalation or denial of service. oval:org.secpod.oval:def:24715 The host is installed with Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7 or Thunderbird before 31.7 and is prone to a buffer overflow vulnerability. A flaw is present in the applications, which fail to handle a large amount of compressed XML data. Successful exploitation could allow atta ... oval:org.secpod.oval:def:24716 The host is installed with Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7 or Thunderbird before 31.7 and is prone to a heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to handle a crafted SVG graphics data in conjunction with a crafted Cascading ... oval:org.secpod.oval:def:24717 The host is installed with Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7 or Thunderbird before 31.7 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle a document containing crafted text in conjunction with a Cascading Style Sheets ... oval:org.secpod.oval:def:24718 The host is installed with Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7 or Thunderbird before 31.7 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle unknown vectors. Successful exploitation could allow attackers to caus ... oval:org.secpod.oval:def:702560 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:501565 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ... oval:org.secpod.oval:def:602091 Multiple security issues have been found in Iceweasel, Debian"s version of the Mozilla Firefox web browser: Multiple memory safety errors, buffer overflows and use-after-frees may lead to the execution of arbitrary code, privilege escalation or denial of service. oval:org.secpod.oval:def:702549 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:501571 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A ... oval:org.secpod.oval:def:24725 The host is missing a critical security update according to Mozilla advisory, MFSA-2015-46. The update is required to fix multiple unspecified vulnerabilities. The flaws are present in the application, which fails to handle unknown vectors. Successful exploitation could allow attackers to cause a de ... oval:org.secpod.oval:def:24726 The host is missing a critical security update according to Mozilla advisory, MFSA-2015-48. The update is required to fix a heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to handle a crafted SVG graphics data in conjunction with a crafted Cascading Style ... oval:org.secpod.oval:def:24729 The host is missing a critical security update according to Mozilla advisory, MFSA-2015-51. The update is required to fix an use-after-free vulnerability. A flaw is present in the applications, which fail to handle a document containing crafted text in conjunction with a Cascading Style Sheets (CSS) ... oval:org.secpod.oval:def:24731 The host is missing a critical security update according to Mozilla advisory, MFSA-2015-54. The update is required to fix a buffer overflow vulnerability. A flaw is present in the applications, which fail to handle a large amount of compressed XML data. Successful exploitation could allow attackers ... oval:org.secpod.oval:def:602483 Several vulnerabilities have been discovered in the chromium web browser. CVE-2016-1660 Atte Kettunen discovered an out-of-bounds write issue. CVE-2016-1661 Wadih Matar discovered a memory corruption issue. CVE-2016-1662 Rob Wu discovered a use-after-free issue related to extensions. CVE-2016-1663 A ... oval:org.secpod.oval:def:603848 Mathy Vanhoef and Eyal Ronen found multiple vulnerabilities in the WPA implementation found in wpa_supplication and hostapd . These vulnerability are also collectively known as Dragonblood. CVE-2019-9495 Cache-based side-channel attack against the EAP-pwd implementation: an attacker able to run u ... oval:org.secpod.oval:def:602531 Multiple security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, buffer overflows and other implementation errors may lead to the execution of arbitrary code or spoofing. Wait, Firefox? No more references to Iceweasel? That"s right, Debian no longer applies ... oval:org.secpod.oval:def:602589 Multiple security issues have been found in Icedove, Debian"s version of the Mozilla Thunderbird mail client: Multiple memory safety errors may lead to the execution of arbitrary code or denial of service. oval:org.secpod.oval:def:602520 Several vulnerabilities have been discovered in the chromium web browser. CVE-2016-1667 Mariusz Mylinski discovered a cross-origin bypass. CVE-2016-1668 Mariusz Mylinski discovered a cross-origin bypass in bindings to v8. CVE-2016-1669 Choongwoo Han discovered a buffer overflow in the v8 javascript ... oval:org.secpod.oval:def:108806 Clam AntiVirus is an anti-virus toolkit for UNIX. The main purpose of this software is the integration with mail servers . The package provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via Internet. The programs are based on a shared li ... oval:org.secpod.oval:def:52473 clamav: Anti-virus utility for Unix ClamAV could be made to crash or run programs if it processed a specially crafted file. oval:org.secpod.oval:def:1200020 Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular expression that leads to a heap-based buff ... oval:org.secpod.oval:def:701516 php5: HTML-embedded scripting language interpreter Several security issues were fixed in PHP. oval:org.secpod.oval:def:30886 The host is installed with Apple Mac OS X or Server 10.6.8 before 10.11 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to properly handle a crafted second argument. Successful exploitation could allow attackers to bypass intended extension restrict ... oval:org.secpod.oval:def:30884 The host is installed with Apple Mac OS X or Server 10.6.8 before 10.11 and is prone to a heap-based buffer overflow vulnerability. A flaw is present in the application, which fails to properly handle a large regular expression. Successful exploitation could allow attackers to execute arbitrary code ... oval:org.secpod.oval:def:1200063 A use-after-free flaw was found in the way PHP"s unserialize function processed data. If a remote attacker was able to pass crafted input to PHP"s unserialize function, they could cause the PHP interpreter to crash or, possibly, execute arbitrary code. An integer overflow flaw, leading to a heap-bas ... oval:org.secpod.oval:def:1501042 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way the PHP module for the Apache httpd web server handled pipelined requests. A remote attacker could use this flaw to trigger the execution of a PHP script in a deinitialized interpreter, ... oval:org.secpod.oval:def:30961 The host is missing a security update according to Apple advisory, APPLE-SA-2015-09-30-3. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code, dis ... oval:org.secpod.oval:def:26614 The host is installed with Apple Mac OS X or Server 10.8, 10.9 or before 10.10.5 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to handle a crafted unserialize call that leverages use of the unset function within an __wakeup function. Successful ex ... oval:org.secpod.oval:def:601168 Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2013-6420 Stefan Esser reported possible memory corruption in openssl_x509_parse. CVE-2 ... oval:org.secpod.oval:def:602007 Multiple vulnerabilities have been discovered in the PHP language: CVE-2015-2305 Guido Vranken discovered a heap overflow in the ereg extension . CVE-2014-9705 Buffer overflow in the enchant extension. CVE-2015-0231 Stefan Esser discovered a use-after-free in the unserialisation of objects. CVE-2015 ... oval:org.secpod.oval:def:1501060 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. An uninitialized pointer use flaw was found in PHP"s Exif ex ... oval:org.secpod.oval:def:108468 The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets ... oval:org.secpod.oval:def:203664 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. An uninitialized pointer use flaw was found in PHP"s Exif ex ... oval:org.secpod.oval:def:108585 PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ... oval:org.secpod.oval:def:203655 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way the PHP module for the Apache httpd web server handled pipelined requests. A remote attacker could use this flaw to trigger the execution of a PHP script in a deinitialized interpreter, ... oval:org.secpod.oval:def:1200091 A use-after-free flaw was found in the way PHP"s unserialize function processed data. If a remote attacker was able to pass crafted input to PHP"s unserialize function, they could cause the PHP interpreter to crash or, possibly, execute arbitrary code. An integer overflow flaw, leading to a heap-bas ... oval:org.secpod.oval:def:1200071 A use-after-free flaw was found in the way PHP"s unserialize function processed data. If a remote attacker was able to pass crafted input to PHP"s unserialize function, they could cause the PHP interpreter to crash or, possibly, execute arbitrary code. An integer overflow flaw, leading to a heap-bas ... oval:org.secpod.oval:def:702542 clamav: Anti-virus utility for Unix ClamAV could be made to crash or run programs if it processed a specially crafted file. oval:org.secpod.oval:def:501581 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way the PHP module for the Apache httpd web server handled pipelined requests. A remote attacker could use this flaw to trigger the execution of a PHP script in a deinitialized interpreter, ... oval:org.secpod.oval:def:501590 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. An uninitialized pointer use flaw was found in PHP"s Exif ex ... oval:org.secpod.oval:def:702513 php5: HTML-embedded scripting language interpreter Several security issues were fixed in PHP. oval:org.secpod.oval:def:108850 Clam AntiVirus is an anti-virus toolkit for UNIX. The main purpose of this software is the integration with mail servers . The package provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via Internet. The programs are based on a shared li ... oval:org.secpod.oval:def:24029 The host is missing a critical security update according to Mozilla advisory, MFSA-2015-38. The update is required to a denial of service vulnerability. A flaw is present in the application, which fails to handle vectors that trigger rendering of 2D graphics content. Successful exploitation could al ... oval:org.secpod.oval:def:24032 The host is missing a critical security update according to Mozilla advisory, MFSA-2015-39. The update is required to a denial of service vulnerability. A flaw is present in the application, which fails to handle a crafted HTML document. Successful exploitation could allow attackers to execute arbit ... oval:org.secpod.oval:def:24033 The host is installed with Mozilla Firefox before 37.0 and is prone to an arbitrary code execution vulnerability. A flaw is present in the application, which fails to handle certain content navigation that leverages the reachability of a privileged window with an unintended persistence of access to ... oval:org.secpod.oval:def:24034 The host is missing a critical security update according to Mozilla advisory, MFSA-2015-42. The update is required to an arbitrary code execution vulnerability. A flaw is present in the application, which fails to handle certain content navigation that leverages the reachability of a privileged wind ... oval:org.secpod.oval:def:24030 The host is installed with Mozilla Firefox before 37.0 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle a crafted HTML document containing a SOURCE element. Successful exploitation could allow attackers to execute arbitrary code or cause ... oval:org.secpod.oval:def:24031 The host is installed with Mozilla Firefox before 37.0 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle a crafted HTML document. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service (use-aft ... oval:org.secpod.oval:def:24021 The host is installed with Mozilla Firefox before 37.0 and is prone to security bypass vulnerability. A flaw is present in the application, which fails to handle unknown vectors. Successful exploitation could allow man-in-the-middle attackers to bypass an intended user-confirmation requirement by de ... oval:org.secpod.oval:def:24022 The host is missing a critical security update according to Mozilla advisory, MFSA-2015-32. The update is required to fix security bypass vulnerability. A flaw is present in the application, which fails to handle unknown vectors. Successful exploitation could allow man-in-the-middle attackers to byp ... oval:org.secpod.oval:def:24023 The host is installed with Mozilla Firefox before 37.0 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle an image that is improperly handled during transformation. Successful exploitation could allow attackers to obtain sensitive inf ... oval:org.secpod.oval:def:24024 The host is missing a critical security update according to Mozilla advisory, MFSA-2015-34. The update is required to fix an information disclosure vulnerability. A flaw is present in the application, which fails to handle an image that is improperly handled during transformation. Successful exploit ... oval:org.secpod.oval:def:24025 The host is installed with Mozilla Firefox before 37.0 and is prone to a denial of service vulnerability. A flaw is present in the application, which uses incompatible approaches to the deallocation of memory for simple-type arrays. Successful exploitation could allow attackers to cause a denial of ... oval:org.secpod.oval:def:24026 The host is missing a critical security update according to Mozilla advisory, MFSA-2015-36. The update is required to fix a denial of service vulnerability. A flaw is present in the application, which uses incompatible approaches to the deallocation of memory for simple-type arrays. Successful explo ... oval:org.secpod.oval:def:24027 The host is installed with Mozilla Firefox before 37.0 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle vectors that trigger rendering of 2D graphics content. Successful exploitation could allow attackers to execute arbitrary code or caus ... oval:org.secpod.oval:def:24028 The host is installed with Mozilla Firefox before 37.0 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle vectors that trigger rendering of 2D graphics content. Successful exploitation could allow attackers to execute arbitrary code or caus ... oval:org.secpod.oval:def:24051 The host is installed with Mozilla Firefox before 37.0.1 and is prone to a security bypass vulnerability. A flaw is present in the application, which does not properly handle an Alt-Svc header specification in the HTTP/2 response. Successful exploitation could allow attackers to bypass the SSL certi ... oval:org.secpod.oval:def:24052 The host is missing a critical security update according to Mozilla advisory, MFSA-2015-44. The update is required to fix a security bypass vulnerability. A flaw is present in the application, which does not properly handle an Alt-Svc header specification in the HTTP/2 response. Successful exploitat ... oval:org.secpod.oval:def:24557 The host is installed with Mozilla Firefox before 38.0, Thunderbird before 31.7 or Firefox ESR 31.x before 31.7 and is prone to multiple unspecified vulnerabilities. The flaws are present in the application, which fails to handle unknown vectors. Successful exploitation could allow attackers to caus ... oval:org.secpod.oval:def:24558 The host is missing a critical security update according to Mozilla advisory, MFSA-2015-46. The update is required to fix multiple unspecified vulnerabilities. The flaws are present in the application, which fails to handle unknown vectors. Successful exploitation could allow attackers to cause a de ... oval:org.secpod.oval:def:24559 The host is missing a critical security update according to Mozilla advisory, MFSA-2015-48. The update is required to fix a heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to handle a crafted SVG graphics data in conjunction with a crafted Cascading Style ... oval:org.secpod.oval:def:24560 The host is missing a critical security update according to Mozilla advisory, MFSA-2015-49. The update is required to fix an information disclosure vulnerability. A flaw is present in the application, which does not recognize a referrer policy delivered by a referrer META element in cases of context ... oval:org.secpod.oval:def:24561 The host is missing a critical security update according to Mozilla advisory, MFSA-2015-50. The update is required to fix an information disclosure vulnerability. A flaw is present in the application, which does not properly determine heap lengths during identification of cases in which bounds check ... oval:org.secpod.oval:def:24562 The host is missing a critical security update according to Mozilla advisory, MFSA-2015-51. The update is required to fix an use-after-free vulnerability. A flaw is present in the applications, which fail to handle a document containing crafted text in conjunction with a Cascading Style Sheets (CSS) ... oval:org.secpod.oval:def:24563 The host is missing a critical security update according to Mozilla advisory, MFSA-2015-53. The update is required to fix a denial of service vulnerability. A flaw is present in the application, which fails to handle an improper Media Decoder Thread creation at the time of a shutdown. Successful exp ... oval:org.secpod.oval:def:24564 The host is missing a critical security update according to Mozilla advisory, MFSA-2015-54. The update is required to fix a buffer overflow vulnerability. A flaw is present in the applications, which fail to handle a large amount of compressed XML data. Successful exploitation could allow attackers ... oval:org.secpod.oval:def:24565 The host is missing a critical security update according to Mozilla advisory, MFSA-2015-55. The update is required to fix an integer overflow vulnerability. A flaw is present in the application, which fails to handle an MP4 video file containing invalid metadata. Successful exploitation could allow ... oval:org.secpod.oval:def:24566 The host is missing a critical security update according to Mozilla advisory, MFSA-2015-56. The update is required to fix a security bypass vulnerability. A flaw is present in the application, which fails to handle a crafted web site containing an IFRAME element referencing a different web site that ... oval:org.secpod.oval:def:24547 The host is installed with Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7 or Thunderbird before 31.7 and is prone to a buffer overflow vulnerability. A flaw is present in the applications, which fail to handle a large amount of compressed XML data. Successful exploitation could allow atta ... oval:org.secpod.oval:def:24548 The host is installed with Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7 or Thunderbird before 31.7 and is prone to a heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to handle a crafted SVG graphics data in conjunction with a crafted Cascading ... oval:org.secpod.oval:def:24549 The host is installed with Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7 or Thunderbird before 31.7 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle a document containing crafted text in conjunction with a Cascading Style Sheets ... oval:org.secpod.oval:def:24550 The host is installed with Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7 or Thunderbird before 31.7 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle unknown vectors. Successful exploitation could allow attackers to caus ... oval:org.secpod.oval:def:24551 The host is installed with Mozilla Firefox before 38.0 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle an improper Media Decoder Thread creation at the time of a shutdown. Successful exploitation could allow attackers to execute arbitrar ... oval:org.secpod.oval:def:24552 The host is installed with Mozilla Firefox before 38.0 and is prone to an integer overflow vulnerability. A flaw is present in the application, which fails to handle an MP4 video file containing invalid metadata. Successful exploitation could allow attackers to execute arbitrary code or cause a deni ... oval:org.secpod.oval:def:24553 The host is installed with Mozilla Firefox before 38.0 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to handle a crafted web site containing an IFRAME element referencing a different web site that is intended to read this data. Successful exploita ... oval:org.secpod.oval:def:24555 The host is installed with Mozilla Firefox before 38.0 and is prone to an information disclosure vulnerability. A flaw is present in the application, which does not recognize a referrer policy delivered by a referrer META element in cases of context-menu navigation and middle-click navigation. Succe ... oval:org.secpod.oval:def:24556 The host is installed with Mozilla Firefox before 38.0 and is prone to an information disclosure vulnerability. A flaw is present in the application, which does not properly determine heap lengths during identification of cases in which bounds checking may be safely skipped. Successful exploitation ... oval:org.secpod.oval:def:23632 The host is installed with Mozilla Firefox before 36.0 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly allocate memory for copying an unspecified string to a shader's compilation log. Successful exploitation could allow attackers to cr ... oval:org.secpod.oval:def:23631 The host is missing a moderate security update according to Mozilla advisory, MFSA-2015-13. The update is required to fix a man in the middle attack vulnerability. A flaw is present in the application, which fails to handle unknown vectors. Successful exploitation could allow attackers to bypass key ... oval:org.secpod.oval:def:23630 The host is installed with Mozilla Firefox before 36.0 and is prone to a man in the middle attack vulnerability. A flaw is present in the application, which fails to handle unknown vectors. Successful exploitation could allow attackers to bypass key pinning (HPKP) and HTTP Strict Transport Security ... oval:org.secpod.oval:def:23659 The host is missing a security update according to Mozilla advisory, MFSA-2015-27. The update is required to fix a Caja compiler javaScript sandbox bypass vulnerability. A flaw is present in the application, which fails to properly restrict transitions of JavaScript objects from a non-extensible sta ... oval:org.secpod.oval:def:23658 The host is installed with Mozilla Firefox before 36.0 and is prone to a Caja compiler javaScript sandbox bypass vulnerability. A flaw is present in the application, which fails to properly restrict transitions of JavaScript objects from a non-extensible state to an extensible state. Successful expl ... oval:org.secpod.oval:def:23657 The host is missing a moderate security update according to Mozilla advisory, MFSA-2015-26. The update is required to fix a clickjacking attack vulnerability. A flaw is present in the application, which fails to properly handle an API call that originates from a background tab. Successful exploitati ... oval:org.secpod.oval:def:23656 The host is installed with Mozilla Firefox before 36.0 and is prone to a clickjacking attack vulnerability. A flaw is present in the application, which fails to properly handle an API call that originates from a background tab. Successful exploitation could allow attackers to conduct spoofing and cl ... oval:org.secpod.oval:def:23655 The host is missing a moderate security update according to Mozilla advisory, MFSA-2015-25. The update is required to fix an user-assisted arbitrary code execution vulnerability. A flaw is present in the application, which fails to properly handle a crafted web site that is accessed with unspecified ... oval:org.secpod.oval:def:23649 The host is missing a moderate security update according to Mozilla advisory, MFSA-2015-22. The update is required to fix a denial of service vulnerability. A flaw is present in the application, which fails to properly handle vectors that trigger use of DrawTarget and the Cairo library for image dra ... oval:org.secpod.oval:def:23648 The host is installed with Mozilla Firefox before 36.0 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle vectors that trigger use of DrawTarget and the Cairo library for image drawing. Successful exploitation could allow attackers ... oval:org.secpod.oval:def:23647 The host is missing an important security update according to Mozilla advisory, MFSA-2015-21. The update is required to fix a stack based buffer overflow vulnerability. A flaw is present in the application, which fails to properly handle a malformed MP3 file. Successful exploitation could allow atta ... oval:org.secpod.oval:def:23646 The host is installed with Mozilla Firefox before 36.0 and is prone to a stack based buffer overflow vulnerability. A flaw is present in the application, which fails to properly handle a malformed MP3 file. Successful exploitation could allow attackers to disclose sensitive information. oval:org.secpod.oval:def:23645 The host is missing an important security update according to Mozilla advisory, MFSA-2015-20. The update is required to fix a denial of service vulnerability. A flaw is present in the applications, which fails to properly handle a crafted Cascading Style Sheets (CSS) token sequence. Successful explo ... oval:org.secpod.oval:def:23644 The host is installed with Mozilla Firefox before 36.0 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle a crafted Cascading Style Sheets (CSS) token sequence. Successful exploitation could allow attackers to execute arbitrary cod ... oval:org.secpod.oval:def:23654 The host is installed with Mozilla Firefox before 36.0 and is prone to an user-assisted arbitrary code execution vulnerability. A flaw is present in the application, which fails to properly handle a crafted web site that is accessed with unspecified mouse and keyboard actions. Successful exploitatio ... oval:org.secpod.oval:def:23651 The host is missing a security update according to Mozilla advisory, MFSA-2015-23. Thr update is required to fix an use-after-free vulnerabilities. The flaws are present in the application, which fails to properly handle incorrect macro expansion. Successful exploitation could allow attackers to pro ... oval:org.secpod.oval:def:23650 The host is installed with Mozilla Firefox before 36.0 and is prone to multiple use-after-free vulnerabilities. The flaws are present in the application, which fails to properly handle incorrect macro expansion. Successful exploitation could allow attackers to produce unspecified impact. oval:org.secpod.oval:def:23639 The host is missing a critical security update according to Mozilla advisory, MFSA-2015-17. The update is required to fix a buffer overflow vulnerability. A flaw is present in the application, which fails to properly handle a crafted MP4 video during playback. Successful exploitation could allow att ... oval:org.secpod.oval:def:23638 The host is installed with Mozilla Firefox before 36.0 and is prone to a buffer overflow vulnerability. A flaw is present in the application, which fails to properly handle a crafted MP4 video during playback. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:23635 The host is missing a security update according to Mozilla advisory, MFSA-2015-15. The update is required to fix a man in the middle attack vulnerability. A flaw is present in the application, which fails to use TLS to access TURN or STUN server. Successful exploitation could allow attackers to disc ... oval:org.secpod.oval:def:23634 The host is installed with Mozilla Firefox before 36.0 and is prone to a man in the middle attack vulnerability. A flaw is present in the application, which fails to use TLS to access TURN or STUN server. Successful exploitation could allow attackers to discover credentials by spoofing a server. oval:org.secpod.oval:def:23633 The host is missing a moderate security update according to Mozilla advisory, MFSA-2015-14. The update is required to fix a denial of service vulnerability. A flaw is present in the application, which fails to properly allocate memory for copying an unspecified string to a shader's compilation log. ... oval:org.secpod.oval:def:26707 The host is missing a security update according to Apple advisory, APPLE-SA-2015-08-13-2. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle a crafted vectors. Successful exploitation may lead to an unexpected application terminati ... oval:org.secpod.oval:def:502266 The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix: * glibc: realpath buffer underflow w ... oval:org.secpod.oval:def:204790 The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix: * glibc: realpath buffer underflow w ... oval:org.secpod.oval:def:1600880 Fragmentation attacks possible when EDNS0 is enabledThe DNS stub resolver in the GNU C Library before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation.Buffer overflow in glob ... oval:org.secpod.oval:def:1502176 The advisory is missing the security advisory description. For more information please visit the reference link |