Download
| Alert*
|
oval:org.secpod.oval:def:500572
GNOME VFS is the GNOME virtual file system. It provides a modular architecture and ships with several modules that implement support for various local and remote file systems as well as numerous protocols, including HTTP, FTP, and others. A buffer overflow flaw was discovered in the GNOME virtual fi ... oval:org.secpod.oval:def:4182 The host is installed with Novell iPrint client before 5.78 and is prone to heap-based buffer overflow vulnerability. A flaw is present in the application, which fails to properly handle a crafted client-file-name parameter in a printer-url. Successful exploitation allows remote attackers to execute ... oval:org.secpod.oval:def:4144 The host is missing an important security update according to Microsoft security bulletin, MS12-011. The update is required to fix elevation of privilege or information disclosure vulnerabilities. The flaws are present due to improper handling of URL containing malicious JavaScript elements. Success ... oval:org.secpod.oval:def:4170 The host is installed with Siemens Automation License Manager (ALM) 2.0 through 5.1+SP1+Upd2 and is prone to absolute path traversal vulnerability. A flaw is present in the application, which fails to properly handle ActiveX control in almaxcx.dll in the graphical user interface. Successful exploita ... oval:org.secpod.oval:def:400042 Mozilla Firefox was upgraded to version 3.5.8, fixing various bugs and security issues. On openSUSE 11.0 and 11.1 Mozilla Firefox was updated to version 3.0.18. On openSUSE 11.2 Mozilla Seamonkey was updated to version 2.0.2. Following security issues have been fixed: CVE-2010-0159: Mozilla develope ... oval:org.secpod.oval:def:1386 The host is installed with Apache Archiva and is prone to multiple cross-site request forgery (CSRF) vulnerabilities. The flaws are present in the application which is caused by improper validation of user-supplied input. Successful exploitation allows remote attacker to perform certain administrati ... oval:org.secpod.oval:def:101676 ProFTPD is an enhanced FTP server with a focus toward simplicity, security, and ease of configuration. It features a very Apache-like configuration syntax, and a highly customizable server infrastructure, including support for multiple "virtual" FTP servers, anonymous FTP, and permission-based direc ... oval:org.secpod.oval:def:1100040 The host is missing a patch containing a security fixes, which affects the following package(s): bos.net.nfs.client. oval:org.secpod.oval:def:301274 The default behaviour of autofs 5 for the hosts map did not specify the nosuid and nodev mount options. This could allow a local user with control of a remote NFS server to create a setuid root executable on the exported filesystem of the remote NFS server. If this filesystem was mounted with the de ... oval:org.secpod.oval:def:700410 Micha Krause discovered that Bind did not correctly validate certain dynamic DNS update packets. An unauthenticated remote attacker could send specially crafted traffic to crash the DNS server, leading to a denial of service. oval:org.secpod.oval:def:3884 The host is missing an update according to Apple advisory, APPLE-SA-2009-08-12-1. The update is required to fix a denial of service vulnerability. A flaw is present in the dns_db_findrdataset function in db.c, which fails to handle maliciously crafted update message. Successful exploitation could al ... oval:org.secpod.oval:def:300288 Multiple vulnerabilities has been discovered and corrected in Safe.pm which could lead to escalated privilegies . The updated packages have been patched to correct these issues. oval:org.mitre.oval:def:968 Buffer overflow in Microsoft Jet Database Engine 4.0 allows remote attackers to execute arbitrary code via a specially-crafted database query. oval:gov.nist.usgcb.vista:def:8008 Auditing of "Detailed Tracking: Process Creation" events on success should be enabled or disabled as appropriate. oval:org.secpod.oval:def:400005 Mozilla Firefox and Thunderbird were updated to fix several security issues: * CVE-2011-2365 Miscellaneous memory safety hazards * CVE-2011-2373 Use-after-free vulnerability when viewing XUL document with script disabled * CVE-2011-2377 Memory corruption due to multipart/x-mixed-replace images * CVE ... oval:org.secpod.oval:def:3499 The host is installed with Winamp before 5.623 and is prone to multiple integer overflow vulnerabilities. The flaws are present in the application, which fail to handle an AVI file with a crafted value for (1) the number of streams or (2) the size of the RIFF INFO chunk. Successful exploitation cou ... oval:org.secpod.oval:def:1100051 The host is missing a patch containing a security fixes, which affects the following package(s): perl.rte. oval:org.secpod.oval:def:100311 The iputils package contains basic utilities for monitoring a network, including ping. The ping command sends a series of ICMP protocol ECHO_REQUEST packets to a specified network host to discover whether the target machine is alive and receiving network traffic. oval:org.secpod.oval:def:6195 The host is installed with RealPlayer before 15.0.4.53 or RealPlayer SP 1.0 through 1.1.5 and is prone to remote code execution vulnerability. A flaw is present in the applications, which fail to properly parse ASMRuleBook data in RealMedia files. Successful exploitation allows remote attackers to e ... oval:org.mitre.oval:def:591 Unknown vulnerability in the SmartHTML interpreter (shtml.dll) in Microsoft FrontPage Server Extensions 2000 and 2002, and Microsoft SharePoint Team Services 2002, allows remote attackers to cause a denial of service (response failure) via a certain request. oval:org.secpod.oval:def:4432 The host is missing a critical security update according to Adobe advisory, APSB11-22. The update is required to fix a denial of service vulnerability. A flaw is present in the application which fails to properly handle a crafted GIF file. Successful exploitation allows remote attackers to execute a ... oval:org.secpod.oval:def:1700 The host is installed with IBM Tivoli Storage Manager before 5.4.3.4 or 5.5.x before 5.5.3 or 6.x before 6.1.4 or 6.2.x before 6.2.2 and is prone to buffer overflow vulnerability. A flaw is present in the application which fails to handle Alternate Data Stream (aka ADS or named stream) functionality ... oval:org.secpod.oval:def:700705 bzip2: high-quality block-sorting file compressor - utilities Executables compressed by bzexe could be made to run programs as your login. oval:org.secpod.oval:def:200470 The kdegraphics packages contain applications for the K Desktop Environment, including KPDF, a viewer for Portable Document Format files. Petr Gajdos and Christian Kornacker of SUSE reported a buffer overflow flaw in KPDF"s Type 1 font parser. A specially-crafted PDF file with an embedded Type 1 fo ... oval:gov.nist.usgcb.xp:def:6680 Turn Off Internet File Association Service oval:org.secpod.oval:def:1190 The host is installed with Microsoft Office Excel 2002 and is prone to remote code execution vulnerability. A flaw is present in the application, where it is not able to handle special crafted excel files. Successful exploitation allows remote attacker to take complete control of the affected system ... oval:org.secpod.oval:def:701074 python-keyring: store and access your passwords safely Several security issues were fixed in Python Keyring. oval:org.secpod.oval:def:7359 The host is installed with Google Chrome before 22.0.1229.94 and is prone to use-after-free vulnerability. A flaw is present in the application, which fails to properly handle SVG implementation in WebKit. Successful exploitation allows attackers to execute arbitrary code via unspecified vectors. oval:org.mitre.oval:def:11928 Fedora 5 is installed oval:gov.nist.usgcb.rhel:def:20106 The SELinux state should be set appropriately. oval:gov.nist.usgcb.rhel:def:20068 Login access to non-root system accounts should be disabled oval:org.secpod.oval:def:7517 CA License software is installed oval:gov.nist.usgcb.rhel:def:20341 The squid service should be disabled. oval:org.secpod.oval:def:7362 The host is installed with Google Chrome before 22.0.1229.94 and is prone to use-after-free vulnerability. A flaw is present in the application, which fails to properly handle SVG implementation in WebKit. Successful exploitation allows attackers to execute arbitrary code via unspecified vectors. oval:org.secpod.oval:def:7059 The host is installed with Google Chrome before 22.0.1229.79 and is prone to use-after-free vulnerability. A flaw is present in the application, which fails to properly handle vectors related to plug-in. Successful exploitation allows remote attackers to cause a denial of service or possibly have un ... oval:gov.nist.usgcb.rhel:def:20085 The PATH variable should be set correctly for user root oval:org.secpod.oval:def:103499 Pidgin allows you to talk to anyone using a variety of messaging protocols including AIM, MSN, Yahoo!, Jabber, Bonjour, Gadu-Gadu, ICQ, IRC, Novell Groupwise, QQ, Lotus Sametime, SILC, Simple and Zephyr. These protocols are implemented using a modular, easy to use design. To use a protocol, just add ... oval:org.secpod.oval:def:600445 Dan Kaminsky and Moxie Marlinspike discovered that kdelibs, core libraries from the official KDE release, does not properly handle a "\0" character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers ... oval:org.secpod.oval:def:7987 The host is installed with Apache Tomcat 6.x before 6.0.36 or 7.x before 7.0.28 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to properly restrict the request-header size. Successful exploitation allows remote attackers to cause a denial of servic ... oval:org.secpod.oval:def:7069 The host is installed with Google Chrome before 22.0.1229.79 and is prone to use-after-free vulnerability. A flaw is present in the application, which fails to properly handle vectors involving SVG text references. Successful exploitation allows remote attackers to cause a denial of service or possi ... oval:org.secpod.oval:def:7060 The host is installed with Google Chrome before 22.0.1229.79 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to properly handle DOM topology. Successful exploitation allows remote attackers to cause a denial of service (DOM topology corruption). oval:org.mitre.oval:def:11850 Fedora 2 is installed oval:org.secpod.oval:def:7319 The host is missing an important security update according to Microsoft security bulletin, MS12-066. The update is required to fix elevation of privilege vulnerability. A flaw is present in the applications, which fail to properly validate the HTML strings. Successful exploitation allows attackers t ... oval:org.mitre.oval:def:12097 Fedora 6 is installed oval:org.secpod.oval:def:8139 Splunk is installed oval:org.secpod.oval:def:7684 For a sample of system components, examine password files to verify that passwords are unreadable during transmission and storage. For service providers only, observe password files to verify that customer passwords are encrypted. oval:org.secpod.oval:def:2278 IBM Informix Dynamic Server is installed on Linux oval:org.secpod.oval:def:1000310 The host is missing a patch 113031-04 containing security fixes. oval:gov.nist.usgcb.rhel:def:200155 >Verify the integrity of installed packages by comparing the installed ���les with information about the ���les taken from the package metadata stored in the RPM database. oval:gov.nist.usgcb.rhel:def:144120 Add nodev Option to /tmp Partition oval:org.secpod.oval:def:103691 Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage. oval:org.secpod.oval:def:7537 The host is installed with Oracle Java SE 7 Update 7 or earlier, 6 Update 35 or earlier, 5.0 Update 36 or earlier, and 1.4.2_38 or earlier or JavaFX 2.2 or earlier and is prone to unspecified vulnerability. A flaw is present in the application, which fails to handle specially crafted content. Succes ... oval:org.mitre.oval:def:11428 Fedora 7 is installed oval:org.secpod.oval:def:7538 The host is installed with Oracle Java SE 7 Update 7 or earlier or 6 Update 35 or earlier and is prone to unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to deployment. Successful exploitation allows attackers to affect confidentiality, integrit ... oval:org.secpod.oval:def:7539 The host is installed with Oracle Java SE 7 Update 7 or earlier or 6 Update 35 or earlier and is prone to unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to deployment. Successful exploitation allows attackers to affect confidentiality, integrit ... oval:org.secpod.oval:def:7545 The host is installed with Oracle Java SE 7 Update 7 or earlier, 6 Update 35 or earlier or 5.0 Update 36 or earlier and is prone to unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to Concurrency. Successful exploitation allows remote attackers t ... oval:org.secpod.oval:def:7942 The host is installed with Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, or 7.x before 7.0.30 and is prone to security bypass vulnerability. A flaw is present in the application, which fails to properly check for stale nonce values in conjunction with enforcement of proper credentials in the ... oval:org.secpod.oval:def:7546 The host is installed with Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 or earlier, 6 Update 35 or earlier or 5.0 Update 36 or earlier and is prone to unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to JMX. Successful ex ... oval:org.secpod.oval:def:7541 The host is installed with Oracle Java SE 7 Update 7 or earlier or 6 Update 35 or earlier and is prone to unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to deployment. Successful exploitation allows attackers to affect confidentiality, integrit ... oval:org.mitre.oval:def:11657 Fedora 4 is installed oval:org.secpod.oval:def:7542 The host is installed with Oracle Java SE 7 Update 7 or earlier, 6 Update 35 or earlier, 5.0 Update 36 or earlier or 1.4.2_38 or earlier and is prone to unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to Libraries. Successful exploitation allows ... oval:org.secpod.oval:def:1000099 The remote host is missing a patch 125719-42 containing a security fix. For more information please visit the reference link. oval:org.secpod.oval:def:7543 The host is installed with Oracle Java SE 7 Update 7 or earlier or 6 Update 35 or earlier and is prone to unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to Hotspot. Successful exploitation allows attackers to affect confidentiality and integrit ... oval:org.secpod.oval:def:7544 The host is installed with Oracle Java SE 7 Update 7 or earlier, 6 Update 35 or earlier and is prone to unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to Libraries. Successful exploitation allows remote attackers to affect confidentiality, inte ... oval:org.secpod.oval:def:600240 Several vulnerabilities have been discovered in Asterisk, an Open Source PBX and telephony toolkit. CVE-2011-1147 Matthew Nicholson discovered that incorrect handling of UDPTL packets may lead to denial of service of the execution of arbitrary code. CVE-2011-1174 Blake Cornell discovered that incorr ... oval:org.secpod.oval:def:7540 The host is installed with Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 or earlier, 6 Update 35 or earlier or 5.0 Update 36 or earlier and is prone to unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to JMX. Successful ex ... oval:org.mitre.oval:def:12101 Fedora 3 is installed oval:gov.nist.usgcb.xp:def:140 The Administrators group and the System user should have full access to the SYSTEMROOT/system32/netsh.exe file and all other users should have no file access privileges oval:org.secpod.oval:def:2184 The host is installed with Wireshark 1.6.1 and is prone to a denial of service vulnerability. A flaw is present in an application, which fails to validate the IKE packet. Successful exploitation could allow attackers to crash the application. oval:org.secpod.oval:def:701011 gnupg: GNU privacy guard - a free PGP replacement - gnupg2: GNU privacy guard - a free PGP replacement GnuPG could be tricked into downloading a different key when downloading from a key server. oval:org.secpod.oval:def:400004 openSUSE 10.3 is installed oval:org.secpod.oval:def:302899 Multiple vulnerabilities has been discovered and corrected in util-linux: mount in util-linux 2.19 and earlier attempts to append to the /etc/mtab.tmp file without first checking whether resource limits would interfere, which allows local users to trigger corruption of the /etc/mtab file via a proce ... oval:org.secpod.oval:def:700984 keystone: OpenStack identity service Two security issues were fixed in OpenStack Keystone. oval:org.secpod.oval:def:1956 The host is installed with Apache CouchDB 0.8.0 through 1.0.1 and is prone to multiple cross site scripting vulnerabilities. Multiple flaws are present in the application, which fail to validate user supplied input. Successful exploitation could allow an attacker to inject arbitrary code. oval:org.secpod.oval:def:100458 Mantis is a free popular web-based issue tracking system. It is written in the PHP scripting language and works with MySQL, MS SQL, and PostgreSQL databases and a web server. Almost any web browser should be able to function as a client. Documentation can be found in: /usr/share/doc/mantis-1.1.8 Whe ... oval:org.secpod.oval:def:301237 Sebastian Krahmer of SUSE discovered that rsync could overflow when handling ACLs. An attakcer could construct a malicious set of files that, when processed, could lead to arbitrary code execution or a crash . The updated packages have been patched to correct this issue. oval:org.mitre.oval:def:1795 Buffer overflow in Microsoft Word 2002 (10.6612.6714) SP3, and possibly other versions, allows remote attackers to cause a denial of service (application exception) and possibly execute arbitrary code in winword.exe via certain unexpected values in a .doc file, including (1) an offset that triggers ... oval:org.mitre.oval:def:188 Microsoft Word 2002, 2000, 97, and 98(J) does not properly check certain properties of a document, which allows attackers to bypass the macro security model and automatically execute arbitrary macros via a malicious document. oval:gov.nist.usgcb.xp:def:243 This definition verifies that the Guest account is enabled/disabled based on the policy defined by the user. oval:gov.nist.usgcb.vista:def:6612 The "Adjust memory quotas for a process (SeIncreaseQuotaPrivilege)" setting should be configured correctly. oval:gov.nist.usgcb.windowsseven:def:231 Turns off data sharing from the handwriting recognition personalization tool. The handwriting recognition personalization tool tool enables Tablet PC users to adapt handwriting recognition to their own writing style by providing writing samples. The tool can optionally share user writing samples wi ... oval:gov.nist.usgcb.vista:def:6630 The "Deny access to this computer from the network (SeDenyNetworkLogonRight)" setting should be configured correctly. oval:org.secpod.oval:def:7704 This setting requires users password to have certain minimum number of characters oval:gov.nist.usgcb.windowsseven:def:54 This security setting determines whether a different account name is associated with the security identifier (SID) for the account "Guest." Renaming the well-known Guest account makes it slightly more difficult for unauthorized persons to guess this user name and password combination. Def ... oval:gov.nist.usgcb.windowsseven:def:51 This security setting determines if the Guest account is enabled or disabled. Default: Disabled. Note: If the Guest account is disabled and the security option Network Access: Sharing and Security Model for local accounts is set to Guest Only, network logons, such as those performed by the Microso ... oval:gov.nist.usgcb.xp:def:23 This definition verifies that locked accounts remains locked for the defined number of minutes before they are automatically unlocked. oval:org.secpod.oval:def:202448 D-Bus is a system for sending messages between applications. It is used for the system-wide message bus service and as a per-user-login-session messaging facility. It was discovered that the D-Bus library honored environment settings even when running with elevated privileges. A local attacker could ... oval:org.secpod.oval:def:200472 Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. A flaw was found in the way large amounts of memory were allocated on 64-bit systems when using the BigDecimal class. A context-dependent attacker could u ... oval:org.secpod.oval:def:700703 linux: Linux kernel Several security issues were fixed in the kernel. oval:org.secpod.oval:def:300149 A vulnerability in the GNU C library was discovered which could escalate the privilegies for local users . Packages for 2009.0 are provided as of the Extended Maintenance Program oval:org.secpod.oval:def:700412 Multiple insecure temporary file handling vulnerabilities were discovered in Red Hat Cluster. A local attacker could exploit these to overwrite arbitrary local files via symlinks. It was discovered that CMAN did not properly handle malformed configuration files. An attacker could cause a denial of ... oval:org.secpod.oval:def:700389 Paul Szabo discovered that the DECRQSS escape sequences were not handled correctly by xterm. Additionally, window title operations were also not safely handled. If a user were tricked into viewing a specially crafted series of characters while in xterm, a remote attacker could execute arbitrary comm ... oval:org.mitre.oval:def:7757 Several local vulnerabilities have been discovered in Xine, a media player library, allowed for a denial of service or arbitrary code execution, which could be exploited through viewing malicious content. The Common Vulnerabilities and Exposures project identifies the following problems: The DMO_Vid ... oval:org.secpod.oval:def:6787 The host is installed with Google Chrome before 21.0.1180.89 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle unspecified vectors. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:7524 The host is installed with Adobe Shockwave Player 11.6.7.637 or earlier and is prone to buffer overflow vulnerability. A flaw is present in the application, which fails to properly handle memory. Successful exploitation allows attackers to execute arbitrary code. oval:org.secpod.oval:def:7529 The host is missing a critical security update according to Adobe advisory, APSB12-23. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle memory. Successful exploitation allows attackers to execute remote code. oval:org.secpod.oval:def:5259 The host is installed with Adobe Shockwave Player before 11.5.9.620 and is prone to denial of service (memory corruption) vulnerability. A flaw is present in Font Xtra.x32 module of the application, which fails to avoid memory corruptions. Successful exploitation allows a remote attacker to corrupt ... oval:org.secpod.oval:def:4004 The host is installed with Oracle MySQL 5.1.x before 5.1.61 or 5.5.x before 5.5.20 and is prone to an unspecified vulnerability. A flaw is present in the application, which results in a partial availability impact. Successful exploitation allows remote attackers to cause a denial of service. oval:org.secpod.oval:def:3718 The host is installed with Microsoft Windows and is prone to information disclosure vulnerability. A flaw is present in the application, which is caused by a design flaw in the SSL and TLS protocols when Cipher-block chaining (CBC) mode of operation is used. Successful exploitation allows attackers ... oval:org.secpod.oval:def:1100050 The host is missing a patch containing a security fixes, which affects the following package(s): perl.rte. oval:org.secpod.oval:def:200473 SeaMonkey is an open source Web browser, email and newsgroup client, IRC chat client, and HTML editor. A flaw was found in the way SeaMonkey creates temporary file names for downloaded files. If a local attacker knows the name of a file SeaMonkey is going to download, they can replace the contents o ... oval:org.secpod.oval:def:500867 OpenLDAP is an open source suite of LDAP applications and development tools. It was found that the OpenLDAP server daemon ignored olcTLSCipherSuite settings. This resulted in the default cipher suite always being used, which could lead to weaker than expected ciphers being accepted during Transport ... oval:org.secpod.oval:def:500662 SeaMonkey is an open source Web browser, email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileg ... oval:org.secpod.oval:def:701010 linux: Linux kernel Several security issues were fixed in the kernel. oval:org.secpod.oval:def:100599 This tool kit is used to measure battery life and performance under different workloads on Linux. Test can be used with various workloads to simulate different types of laptop usage. The following workloads are currently implemented: a oval:org.secpod.oval:def:5034 Implement only one primary function per server to prevent functions that require different security levels from co-existing on the same server. (For example, web servers, database servers, and DNS should be implemented on separate servers.) oval:org.secpod.oval:def:6364 For a sample of system components, obtain and inspect system configuration settings to verify that password parameters are set to require passwords to be at least seven characters long. For service providers only, review internal processes and customer/user documentation to verify that tha ... oval:org.secpod.oval:def:301527 An incorrect memory deallocation was causing a crash when the GNOME display manager was exiting. This package update fixes this issue and includes additional bug fixes and translation updates. oval:org.secpod.oval:def:301525 This update introduces a new mandriva-release-Mini package to be used for the Mandriva Mini flavor of the Mandriva Linux distribution. oval:org.secpod.oval:def:301524 A race condition was preventing dbus from starting correctly when user authentication was network based . This could prevent other desktop functions from working properly, such as device automounting. This update provides updated dbus and initscript packages that fix this issue. Both packages must b ... oval:org.secpod.oval:def:7055 The host is missing a critical severity security update according to Google advisory. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to sanitize user supplied input. Successful exploitation allows attackers to execute arbitrary code or c ... oval:org.secpod.oval:def:5043 Verify the target machine is installed with McAfee VirusScan. oval:org.secpod.oval:def:101829 Prelude Manager is the main program of the Prelude Hybrid IDS suite. It is a multithreaded server which handles connections from the Prelude sensors. It is able to register local or remote sensors, let the operator configure them remotely, receive alerts, and store alerts in a database or any format ... oval:org.secpod.oval:def:6378 The host is missing an important security update according to Microsoft bulletin, MS12-050. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fail to handle crafted URLs. Successful exploitation results in elevation of privilege or information d ... oval:org.secpod.oval:def:5103 The host is missing a critical security update according to Microsoft bulletin, MS12-024. The update is required to fix a remote code execution vulnerability. A flaw is present in the application, which fails to properly validate the digest of a signed portable executable (PE) file. Successful explo ... oval:org.secpod.oval:def:6100 The host is missing a critical security update according to Microsoft security bulletin, MS11-078. The update is required to fix a remote code execution vulnerability. A flaw is present in the application, which fails to properly handle inheritance restrictions. Successful exploitation could allow a ... oval:org.secpod.oval:def:2271 The host is missing an Important security update according to Microsoft security bulletin, MS11-074. The update is required to fix cross-site-scripting and information disclosure vulnerabilities. A flaw is present in the applications, which fails to properly validate inputs. Successful exploitation ... oval:org.secpod.oval:def:100459 D-BUS is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messaging facility. oval:org.secpod.oval:def:103690 The kernel package contains the Linux kernel , the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. oval:org.secpod.oval:def:4640 The host is installed with Apple Mac OS X 10.5.8, 10.6 before 10.6.5 or Adobe Flash Player before 9.0.289.0, 10.x before 10.1.102.64 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle unknown vectors. Successful exploitation could allow remote a ... oval:org.secpod.oval:def:400024 Various security issues have been found in the Mozilla suite, and the various browsers have been updated to fix these issues. Mozilla Firefox was brought to the 3.5.11 security release. Mozilla Firefox on openSUSE 11.3 was brought to the 3.6.8 security release. Mozilla Thunderbird was brought to the ... oval:org.secpod.oval:def:400040 Specially crafted PDF documents could crash acroread or lead to execution of arbitrary code. acroread was updated to version 9.4.1 which addresses the issues. oval:org.secpod.oval:def:102407 An easy-to-use telnet client mainly targets BBS users. PCMan X is a newly developed GPL"d version of PCMan, a full-featured famous BBS client formerly designed for MS Windows only. It aimed to be an easy-to-use yet full-featured telnet client facilitating BBS browsing with the ability to process dou ... oval:org.secpod.oval:def:600306 A design flaw has been found in the TLS and SSL protocol that allows an attacker to inject arbitrary content at the beginning of a TLS/SSL connection. The attack is related to the way how TLS and SSL handle session renegotiations. CVE-2009-3555 has been assigned to this vulnerability. As a partial m ... oval:org.secpod.oval:def:700319 Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user"s session. The flaw is with TLS renegotiation and potentia ... oval:org.secpod.oval:def:2351 The host is installed with Opera before 11.51, Windows operating system with SSL 3.0 or TLS 1.0 and is prone to an information disclosure vulnerability. A flaw is present in the application which is caused due to some unspecified error. Successful exploitation allows attackers to cause unknown impac ... oval:org.secpod.oval:def:3719 The host is missing an important security update according to Microsoft bulletin MS12-006. The update is required to fix information disclosure vulnerability. A flaw is present in the application, which is caused by a design flaw in the SSL and TLS protocols when Cipher-block chaining (CBC) mode of ... oval:org.secpod.oval:def:3197 The host is installed with Mozilla Firefox before 3.6.24 or 4.x through 7.0 or Thunderbird before 3.1.6 or 5.0 through 7.0 and is prone to denial of service vulnerability. A flaw is present in the applications, which fail to properly handle JavaScript files that contain many functions. Successful ex ... oval:org.secpod.oval:def:8029 The host is missing a security update according to MFSA 2012-96. The update is required to fix denial of service vulnerability. A flaw is present in the applications, which fails to handle the str_unescape function in the JavaScript engine. Successful exploitation allows remote attackers to execute ... oval:org.secpod.oval:def:8027 The host is missing a security update according to MFSA 2012-94. The update is required to fix denial of service vulnerability. A flaw is present in the applications, which fail to handle the setting of Cascading Style Sheets (CSS) properties in conjunction with SVG text. Successful exploitation all ... oval:org.secpod.oval:def:8021 The host is missing a security update according to MFSA 2012-101. The update is required to fix cross-site scripting (XSS) vulnerability. A flaw is present in the applications, which fail to properly handle a ~ (tilde) character in proximity to a chunk delimiter. Successful exploitation allows remot ... oval:org.secpod.oval:def:8023 The host is missing a security update according to MFSA 2012-100. The update is required to fix cross-site scripting (XSS) vulnerability. A flaw is present in the applications, which does not properly restrict write actions. Successful exploitation allows remote attackers to conduct cross-site scrip ... oval:org.secpod.oval:def:8024 The host is missing a security update according to MFSA 2012-91. The update is required to fix multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to properly handle memory. Successful exploitation allows remote attackers to cause a denial of service (memory c ... oval:org.secpod.oval:def:8020 The host is missing a security update according to MFSA 2012-102. The update is required to fix cross-site scripting (XSS) vulnerability. A flaw is present in the application, which fails to handle crafted string. Successful exploitation allows remote attackers to conduct cross-site scripting (XSS) ... oval:org.secpod.oval:def:8033 The host is missing a security update according to MFSA 2012-106. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fail to handle certain function calls and crafted data. Successful exploitation allows remote attackers to execute arbitrary code ... oval:org.secpod.oval:def:8034 The host is missing a security update according to MFSA 2012-105. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fail to handle certain vectors. Successful exploitation allows remote attackers to execute arbitrary code. oval:org.secpod.oval:def:8030 The host is missing a security update according to MFSA 2012-97. The update is required to fix cross-site request forgery (CSRF) vulnerability. A flaw is present in the applications, which assign the system principal, rather than the sandbox principal, to XMLHttpRequest objects created in sandboxes. ... oval:org.secpod.oval:def:8018 The host is missing a critical security update according to MFSA 2012-104. The update is required to fix arbitrary code execution vulnerability. A flaw is present in the applications, which fail to properly restrict the context of HTML markup and Cascading Style Sheets (CSS) token sequences. Success ... oval:org.secpod.oval:def:8019 The host is missing a security update according to MFSA 2012-103. The update is required to fix cross-site scripting (XSS) vulnerability. A flaw is present in the applications, which fail to prevent use of a "top" frame name-attribute value to access the location property. Successful exploitation al ... oval:org.secpod.oval:def:8010 The host is installed with Mozilla Firefox before 17.0, Thunderbird before 17.0 or SeaMonkey before 2.14 and is prone to security bypass vulnerability. A flaw is present in the applications, which fail to consider the compartment during property filtering. Successful exploitation allows remote attac ... oval:org.secpod.oval:def:700510 apr: The Apache Portable Runtime Library - apache2: a scalable, extensible web server A denial of service issue exists that affects the Apache web server. |
