Oracle Solaris Third-Party Patch Update : gimp (multiple_vulnerabilities_in_gimp)

The remote Solaris system is missing necessary patches to address security updates : - Heap-based buffer overflow in the KiSS CEL file format plug-in in GIMP 2.8.x and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted KiSS palette file,...

Oracle Solaris Third-Party Patch Update : gnu-patch (multiple_vulnerabilities_in_gnu_patch)

The remote Solaris system is missing necessary patches to address security updates : - Directory traversal vulnerability in dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assisted remote attackers to modify arbitrary files via directory traversal sequences in a patch for a source-forma...

Oracle Solaris Third-Party Patch Update : libcurl (cve_2014_3613_cookie_leak)

The remote Solaris system is missing necessary patches to address security updates. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the Oracle Third Party software advisories. include'deprecatednasllevel.inc';...

Oracle Solaris Third-Party Patch Update : thunderbird (multiple_vulnerabilities_in_thunderbird4)

The remote Solaris system is missing necessary patches to address security updates : - CRLF injection vulnerability in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows remote web...

Oracle Solaris Third-Party Patch Update : python (cve_2014_7185_integer_overflow)

The remote Solaris system is missing necessary patches to address security updates : - Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a 'buffer' function. CVE-2014-7185...

Oracle Solaris Third-Party Patch Update : slocate (cve_2007_0227_information_disclosure)

The remote Solaris system is missing necessary patches to address security updates : - slocate 3.1 does not properly manage database entries that specify names of files in protected directories, which allows local users to obtain the names of private files. NOTE: another researcher reports that t...

Oracle Solaris Third-Party Patch Update : wireshark (multiple_vulnerabilities_in_wireshark7)

The remote Solaris system is missing necessary patches to address security updates : - The Bluetooth HCI ACL dissector in Wireshark 1.10.x before 1.10.2 does not properly maintain a certain free list, which allows remote attackers to cause a denial of service application crash via a crafted packe...

Oracle Solaris Third-Party Patch Update : mysql (multiple_vulnerabilities_in_mysql)

The remote Solaris system is missing necessary patches to address security updates : - MySQL before 5.0.67 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified 1 DATA DIRECTORY or 2 INDEX DIRECTORY arguments that are originally associated...

Oracle Solaris Third-Party Patch Update : apache (multiple_cross_site_scripting_vulnerabilities)

The remote Solaris system is missing necessary patches to address security updates : - Multiple cross-site scripting XSS vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving...

Oracle Solaris Third-Party Patch Update : texinfo (cve_2006_4810_buffer_overflow)

The remote Solaris system is missing necessary patches to address security updates : - Buffer overflow in the readline function in util/texindex.c, as used by the 1 texi2dvi and 2 texindex commands, in texinfo 4.8 and earlier allows local users to execute arbitrary code via a crafted Texinfo file...

Oracle Solaris Third-Party Patch Update : libtasn1 (multiple_vulnerabilities_in_gnu_libtasn1)

The remote Solaris system is missing necessary patches to address security updates : - The asn1getbitder function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via craft...

Oracle Solaris Third-Party Patch Update : gimp (cve_2012_4564_design_error)

The remote Solaris system is missing necessary patches to address security updates : - ppm2tiff does not check the return value of the TIFFScanlineSize function, which allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted PPM image that...

Oracle Solaris Third-Party Patch Update : bind (cve_2012_5166_denial_of)

The remote Solaris system is missing necessary patches to address security updates : - ISC BIND 9.x before 9.7.6-P4, 9.8.x before 9.8.3-P4, 9.9.x before 9.9.1-P4, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P4 allows remote attackers to cause a denial of service named daemon hang via unspecified...

Oracle Solaris Third-Party Patch Update : apache (multiple_input_validation_vulnerabilities_in1)

The remote Solaris system is missing necessary patches to address security updates : - The davxmlgetcdata function in main/util.c in the moddav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote attackers to cause ...

Oracle Solaris Third-Party Patch Update : quagga (cve_2013_2236_buffer_errors)

The remote Solaris system is missing necessary patches to address security updates : - Stack-based buffer overflow in the newmsglsachangenotify function in the OSPFD API ospfapi.c in Quagga before 0.99.22.2, when --enable-opaque-lsa and the -a command line option are used, allows remote attackers...

Oracle Solaris Third-Party Patch Update : libfxt (cve_2011_3256_denial_of)

The remote Solaris system is missing necessary patches to address security updates : - FreeType 2 before 2.4.7, as used in CoreGraphics in Apple iOS before 5, Mandriva Enterprise Server 5, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service...

Oracle Solaris Third-Party Patch Update : isc-dhcp (multiple_denial_of_service_dos4)

The remote Solaris system is missing necessary patches to address security updates : - ISC DHCP 4.1.2 through 4.2.4 and 4.1-ESV before 4.1-ESV-R6 allows remote attackers to cause a denial of service infinite loop and CPU consumption via a malformed client identifier. CVE-2012-3571 - Multiple memo...

Oracle Solaris Third-Party Patch Update : isc-dhcp (cve_2012_3955_denial_of)

The remote Solaris system is missing necessary patches to address security updates : - ISC DHCP 4.1.x before 4.1-ESV-R7 and 4.2.x before 4.2.4-P2 allows remote attackers to cause a denial of service daemon crash in opportunistic circumstances by establishing an IPv6 lease in an environment where...

Oracle Solaris Third-Party Patch Update : cvs (cve_2012_0804_buffer_errors)

The remote Solaris system is missing necessary patches to address security updates : - Heap-based buffer overflow in the proxyconnect function in src/client.c in CVS 1.11 and 1.12 allows remote HTTP proxy servers to cause a denial of service crash and possibly execute arbitrary code via a crafted...

Oracle Solaris Third-Party Patch Update : perl-58 (cve_2012_6329_code_injection1)

The remote Solaris system is missing necessary patches to address security updates : - The compile function in Maketext.pm in the Locale::Maketext implementation in Perl before 5.17.7 does not properly handle backslashes and fully qualified method names during compilation of bracket notation, whi...