Oracle Database Multiple Vulnerabilities (January 2015 CPU)

The remote Oracle database server is missing the January 2015 Critical Patch Update CPU. It is, therefore, affected by security issues in the following components : - Core RDBMS - DBMSUTILITY - PL/SQL - Recovery - Workspace Manager - XML Developer's Kit for C %NASLMINLEVEL 70300 C Tenable Network...

Oracle Secure Global Desktop Multiple Vulnerabilities (January 2015 CPU) (POODLE)

The remote host has a version of Oracle Secure Global Desktop that is version 4.63, 4.71, 5.0 or 5.1. It is, therefore, affected by multiple vulnerabilities in the following components : - Apache HTTP Server - Client - Gateway JARP module - Gateway Reverse Proxy - OpenSSL - Print Servlet only in...

January 2015 Oracle Critical Patch update

Oracle’s first Critical Patch Update of the year arrived Tuesday with its usual volume, and some disturbing fanfare. Oracle admins today are staring at 169 patches on their collective plates across the company’s product line. One of the more pressing fixes is for a an issue in the Oracle E-Busine...

Nasty Oracle Vulnerability Leaves Researcher 'Flabbergasted'

Oracle on Tuesday will release a huge number of security fixes as part of its quarterly critical patch update, and one of them is a patch for a vulnerability that a well-known security researcher said looks a lot like a back door but was likely just a terrible mistake. The flaw is found in Oracle...

Oracle Solaris Third-Party Patch Update : nova (cve_2014_3517_information_disclosure)

The remote Solaris system is missing necessary patches to address security updates : - api/metadata/handler.py in OpenStack Compute Nova before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2, when proxying metadata requests through Neutron, makes it easier for remote attackers to guess...

Oracle Solaris Third-Party Patch Update : thunderbird (multiple_vulnerabilities_in_thunderbird7)

The remote Solaris system is missing necessary patches to address security updates : - Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey...

Oracle Solaris Third-Party Patch Update : xorg (multiple_vulnerabilities_in_x_org)

The remote Solaris system is missing necessary patches to address security updates : - Integer overflow in X.org libXfixes 5.0 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the XFixesGetCursorImage function. CVE-2013-1983 -...

Oracle Solaris Third-Party Patch Update : freetype (cve_2011_3439_denial_of)

The remote Solaris system is missing necessary patches to address security updates : - FreeType in CoreGraphics in Apple iOS before 5.0.1 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted font in a document. CVE-2011-3439 %NASLMINLEVEL...

Oracle Solaris Third-Party Patch Update : bind (cve_2012_4244_denial_of)

The remote Solaris system is missing necessary patches to address security updates : - ISC BIND 9.x before 9.7.6-P3, 9.8.x before 9.8.3-P3, 9.9.x before 9.9.1-P3, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P3 allows remote attackers to cause a denial of service assertion failure and named daemon...

Oracle Solaris Third-Party Patch Update : puppet (multiple_vulnerabilities_in_puppet1)

The remote Solaris system is missing necessary patches to address security updates : - Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when...

Oracle Solaris Third-Party Patch Update : perl-58 (cve_2012_6329_code_injection1)

The remote Solaris system is missing necessary patches to address security updates : - The compile function in Maketext.pm in the Locale::Maketext implementation in Perl before 5.17.7 does not properly handle backslashes and fully qualified method names during compilation of bracket notation, whi...

Oracle Solaris Third-Party Patch Update : ruby (cve_2013_4073_cryptographic_issues)

The remote Solaris system is missing necessary patches to address security updates : - The safe-level feature in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, and 1.8.8dev allows context-dependent attackers to modify strings via the Exceptiontos method, as demonstrated by changing an...

Oracle Solaris Third-Party Patch Update : isc-dhcp (multiple_denial_of_service_dos4)

The remote Solaris system is missing necessary patches to address security updates : - ISC DHCP 4.1.2 through 4.2.4 and 4.1-ESV before 4.1-ESV-R6 allows remote attackers to cause a denial of service infinite loop and CPU consumption via a malformed client identifier. CVE-2012-3571 - Multiple memo...

Oracle Solaris Third-Party Patch Update : thunderbird (multiple_vulnerabilities_in_thunderbird4)

The remote Solaris system is missing necessary patches to address security updates : - CRLF injection vulnerability in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows remote web...

Oracle Solaris Third-Party Patch Update : memcached (cve_2013_0179_buffer_errors)

The remote Solaris system is missing necessary patches to address security updates : - The processbindelete function in memcached.c in memcached 1.4.4 and other versions before 1.4.17, when running in verbose mode, allows remote attackers to cause a denial of service segmentation fault via a...

Oracle Solaris Third-Party Patch Update : vino (cve_2012_4429_information_leak)

The remote Solaris system is missing necessary patches to address security updates : - Vino 2.28, 2.32, 3.4.2, and earlier allows remote attackers to read clipboard activity by listening on TCP port 5900. CVE-2012-4429 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...

Oracle Solaris Third-Party Patch Update : wireshark (cve_2014_2907_denial_of)

The remote Solaris system is missing necessary patches to address security updates : - The srtpaddaddress function in epan/dissectors/packet-rtp.c in the RTP dissector in Wireshark 1.10.x before 1.10.7 does not properly update SRTP conversation data, which allows remote attackers to cause a denia...

Oracle Solaris Third-Party Patch Update : libxml2 (cve_2010_4008_denial_of)

The remote Solaris system is missing necessary patches to address security updates : - libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which...

Oracle Solaris Third-Party Patch Update : wireshark (multiple_vulnerabilities_in_wireshark5)

The remote Solaris system is missing necessary patches to address security updates : - The dissectdiagnosticrequest function in epan/dissectors/packet-reload.c in the REsource LOcation And Discovery aka RELOAD dissector in Wireshark 1.8.x before 1.8.6 uses an incorrect integer data type, which...

Oracle Solaris Third-Party Patch Update : thunderbird (multiple_vulnerabilities_in_thunderbird5)

The remote Solaris system is missing necessary patches to address security updates : - Off-by-one error in the OpenType Sanitizer in Google Chrome before 18.0.1025.142 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted OpenType file...