Oracle Solaris Third-Party Patch Update : tcsd (cve_2012_0698_denial_of)

The remote Solaris system is missing necessary patches to address security updates : - tcsd in TrouSerS before 0.3.10 allows remote attackers to cause a denial of service daemon crash via a crafted typeoffset value in a TCP packet to port 30003. CVE-2012-0698 %NASLMINLEVEL 70300 C Tenable Network...

Oracle Solaris Third-Party Patch Update : libdbus (cve_2012_3524_permissions_privileges)

The remote Solaris system is missing necessary patches to address security updates : - libdbus 1.5.x and earlier, when used in setuid or other privileged programs in X.org and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUSSYSTEMBUSADDRESS...

Oracle Solaris Third-Party Patch Update : quagga (cve_2013_2236_buffer_errors)

The remote Solaris system is missing necessary patches to address security updates : - Stack-based buffer overflow in the newmsglsachangenotify function in the OSPFD API ospfapi.c in Quagga before 0.99.22.2, when --enable-opaque-lsa and the -a command line option are used, allows remote attackers...

Oracle Solaris Third-Party Patch Update : keystone (cve_2014_2828_authentication_issues)

The remote Solaris system is missing necessary patches to address security updates : - The V3 API in OpenStack Identity Keystone 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 allows remote attackers to cause a denial of service CPU consumption via a large number of the same authenticati...

Oracle Solaris Third-Party Patch Update : xorg (cve_2013_4396_use_after)

The remote Solaris system is missing necessary patches to address security updates : - Use-after-free vulnerability in the doImageText function in dix/dixfonts.c in the xorg-server module before 1.14.4 in X.Org X11 allows remote authenticated users to cause a denial of service daemon crash or...

Oracle Solaris Third-Party Patch Update : net-snmp (cve_2012_6151_resource_management)

The remote Solaris system is missing necessary patches to address security updates : - Net-SNMP 5.7.1 and earlier, when AgentX is registering to handle a MIB and processing GETNEXT requests, allows remote attackers to cause a denial of service crash or infinite loop, CPU consumption, and hang by...

Oracle Solaris Third-Party Patch Update : ruby (cve_2013_4164_buffer_errors)

The remote Solaris system is missing necessary patches to address security updates : - Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial of service...

Oracle Solaris Third-Party Patch Update : firefox (multiple_vulnerabilities_in_firefox_web)

The remote Solaris system is missing necessary patches to address security updates : - CRLF injection vulnerability in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows remote web...

Oracle Solaris Third-Party Patch Update : xorg (cve_2011_4028_information_disclosure)

The remote Solaris system is missing necessary patches to address security updates : - The LockServer function in os/utils.c in X.Org xserver before 1.11.2 allows local users to determine the existence of arbitrary files via a symlink attack on a temporary lock file, which is handled differently ...

Oracle Solaris Third-Party Patch Update : isc-dhcp (cve_2012_3955_denial_of)

The remote Solaris system is missing necessary patches to address security updates : - ISC DHCP 4.1.x before 4.1-ESV-R7 and 4.2.x before 4.2.4-P2 allows remote attackers to cause a denial of service daemon crash in opportunistic circumstances by establishing an IPv6 lease in an environment where...

Oracle Solaris Third-Party Patch Update : wireshark (multiple_vulnerabilities_in_wireshark8)

The remote Solaris system is missing necessary patches to address security updates : - The ieee802154maprec function in epan/dissectors/packet-ieee802154.c in the IEEE 802.15.4 dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 uses an incorrect pointer chain, which allows remote...

Oracle Solaris Third-Party Patch Update : python (cve_2014_7185_integer_overflow)

The remote Solaris system is missing necessary patches to address security updates : - Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a 'buffer' function. CVE-2014-7185...

Oracle Solaris Third-Party Patch Update : openssl (multiple_vulnerabilities_in_openssl4) (Heartbleed)

The remote Solaris system is missing necessary patches to address security updates : - The ssl3takemac function in ssl/s3both.c in OpenSSL 1.0.1 before 1.0.1f allows remote TLS servers to cause a denial of service NULL pointer dereference and application crash via a crafted Next Protocol...

Oracle Solaris Third-Party Patch Update : thunderbird (multiple_vulnerabilities_in_thunderbird3)

The remote Solaris system is missing necessary patches to address security updates : - Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not prevent the starting of a download in response to the holding of the Enter key, which allows user-assiste...

Oracle Solaris Third-Party Patch Update : libcurl (cve_2014_3613_cookie_leak)

The remote Solaris system is missing necessary patches to address security updates. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the Oracle Third Party software advisories. include'deprecatednasllevel.inc';...

Oracle Solaris Third-Party Patch Update : apache (multiple_denial_of_service_dos5)

The remote Solaris system is missing necessary patches to address security updates : - The cacheinvalidate function in modules/cache/cachestorage.c in the modcache module in the Apache HTTP Server 2.4.6, when a caching forward proxy is enabled, allows remote HTTP servers to cause a denial of...

Oracle Solaris Third-Party Patch Update : wireshark (multiple_vulnerabilities_in_wireshark9)

The remote Solaris system is missing necessary patches to address security updates : - The dissectsipcommon function in epan/dissectors/packet-sip.c in the SIP dissector in Wireshark 1.8.x before 1.8.12 and 1.10.x before 1.10.4 does not check for empty lines, which allows remote attackers to caus...

Oracle Solaris Third-Party Patch Update : gimp (cve_2012_3236_buffer_overflow)

The remote Solaris system is missing necessary patches to address security updates : - fits-io.c in GIMP before 2.8.1 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a malformed XTENSION header of a .fit file, as demonstrated using a long...

Oracle Solaris Third-Party Patch Update : openssl (cve_2014_3505_denial_of)

The remote Solaris system is missing necessary patches to address security updates : - Double free vulnerability in d1both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service application...

Oracle Solaris Third-Party Patch Update : libtiff (cve_2012_4564_design_error1)

The remote Solaris system is missing necessary patches to address security updates : - ppm2tiff does not check the return value of the TIFFScanlineSize function, which allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted PPM image that...