Oracle Solaris Third-Party Patch Update : wireshark (multiple_vulnerabilities_in_wireshark7)

The remote Solaris system is missing necessary patches to address security updates : - The Bluetooth HCI ACL dissector in Wireshark 1.10.x before 1.10.2 does not properly maintain a certain free list, which allows remote attackers to cause a denial of service application crash via a crafted packe...

Oracle Solaris Third-Party Patch Update : slocate (cve_2007_0227_information_disclosure)

The remote Solaris system is missing necessary patches to address security updates : - slocate 3.1 does not properly manage database entries that specify names of files in protected directories, which allows local users to obtain the names of private files. NOTE: another researcher reports that t...

Oracle Solaris Third-Party Patch Update : apache (multiple_input_validation_vulnerabilities_in1)

The remote Solaris system is missing necessary patches to address security updates : - The davxmlgetcdata function in main/util.c in the moddav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote attackers to cause ...

Oracle Solaris Third-Party Patch Update : ibutils (cve_2013_2561_link_following)

The remote Solaris system is missing necessary patches to address security updates : - OpenFabrics ibutils 1.5.7 allows local users to overwrite arbitrary files via a symlink attack on 1 ibdiagnet.db, 2 ibdiagnet.fdbs, 3 ibdiagnetibis.log, 4 ibdiagnet.log, 5 ibdiagnet.lst, 6 ibdiagnet.mcfdbs, 7...

Oracle Solaris Third-Party Patch Update : mysql (multiple_vulnerabilities_in_mysql)

The remote Solaris system is missing necessary patches to address security updates : - MySQL before 5.0.67 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified 1 DATA DIRECTORY or 2 INDEX DIRECTORY arguments that are originally associated...

Oracle Solaris Third-Party Patch Update : apache (multiple_cross_site_scripting_vulnerabilities)

The remote Solaris system is missing necessary patches to address security updates : - Multiple cross-site scripting XSS vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving...

Oracle Solaris Third-Party Patch Update : gnu-patch (multiple_vulnerabilities_in_gnu_patch)

The remote Solaris system is missing necessary patches to address security updates : - Directory traversal vulnerability in dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assisted remote attackers to modify arbitrary files via directory traversal sequences in a patch for a source-forma...

Oracle Solaris Third-Party Patch Update : gimp (multiple_vulnerabilities_in_gimp)

The remote Solaris system is missing necessary patches to address security updates : - Heap-based buffer overflow in the KiSS CEL file format plug-in in GIMP 2.8.x and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted KiSS palette file,...

Oracle Solaris Third-Party Patch Update : lighttpd (cve_2014_2469_denial_of)

The remote Solaris system is missing necessary patches to address security updates : - lighttpd before 1.4.26, and 1.5.x, allocates a buffer for each read operation that occurs for a request, which allows remote attackers to cause a denial of service memory consumption by breaking a request into...

Oracle Solaris Third-Party Patch Update : libexif (multiple_vulnerabilities_in_libexif1)

The remote Solaris system is missing necessary patches to address security updates : - The exifentrygetvalue function in exif-entry.c in the EXIF Tag Parsing Library aka libexif before 0.6.21 allows remote attackers to cause a denial of service out-of-bounds read or possibly obtain sensitive...

Oracle Solaris Third-Party Patch Update : cvs (cve_2012_0804_buffer_errors)

The remote Solaris system is missing necessary patches to address security updates : - Heap-based buffer overflow in the proxyconnect function in src/client.c in CVS 1.11 and 1.12 allows remote HTTP proxy servers to cause a denial of service crash and possibly execute arbitrary code via a crafted...

Oracle Solaris Third-Party Patch Update : kerberos (cve_2014_4345_numeric_errors)

The remote Solaris system is missing necessary patches to address security updates : - Off-by-one error in the krb5encodekrbsecretkey function in plugins/kdb/ldap/ libkdbldap/ldapprincipal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 aka krb5 1.6.x through 1.11.x before 1.11.6 and 1.12....

Oracle Solaris Third-Party Patch Update : ghostscript (multiple_denial_of_service_vulnerabilities7)

The remote Solaris system is missing necessary patches to address security updates : - Heap-based buffer overflow in the jpccoxgetcompparms function in libjasper/ jpc/jpccs.c in JasPer 1.900.1 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a...

Oracle Solaris Third-Party Patch Update : python (cve_2010_1634_integer_overflow)

The remote Solaris system is missing necessary patches to address security updates : - Multiple integer overflows in audioop.c in the audioop module in Python 2.6, 2.7, 3.1, and 3.2 allow context-dependent attackers to cause a denial of service application crash via a large fragment, as...

Oracle Solaris Third-Party Patch Update : libfxt (cve_2011_3256_denial_of)

The remote Solaris system is missing necessary patches to address security updates : - FreeType 2 before 2.4.7, as used in CoreGraphics in Apple iOS before 5, Mandriva Enterprise Server 5, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service...

Oracle Solaris Third-Party Patch Update : kerberos (multiple_vulnerabilities_in_kerberos1)

The remote Solaris system is missing necessary patches to address security updates : - dotgsreq.c in the Key Distribution Center KDC in MIT Kerberos 5 aka krb5 1.11 before 1.11.4, when a single-component realm name is used, allows remote authenticated users to cause a denial of service daemon cra...

Oracle Solaris Third-Party Patch Update : tomcat (multiple_vulnerabilities_in_apache_tomcat4)

The remote Solaris system is missing necessary patches to address security updates : - Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data...

Oracle Solaris Third-Party Patch Update : kerberos (cve_2010_1322_improper_input)

The remote Solaris system is missing necessary patches to address security updates : - The mergeauthdata function in kdcauthdata.c in the Key Distribution Center KDC in MIT Kerberos 5 aka krb5 1.8.x before 1.8.4 does not properly manage an index into an authorization-data list, which allows remot...

Oracle Solaris Third-Party Patch Update : freetype (multiple_denial_of_service_dos1)

The remote Solaris system is missing necessary patches to address security updates : - FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service invalid heap read operation and memory corruption or possibly...

Oracle Solaris Third-Party Patch Update : django (multiple_vulnerabilities_in_django)

The remote Solaris system is missing necessary patches to address security updates : - The django.core.urlresolvers.reverse function in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 allows remote attackers to import and execute arbitrary Python modules ...