Oracle Solaris Critical Patch Update : jan2015_SRU11_1_16_5_0

This Solaris system is missing necessary patches to address a critical security update : - Vulnerability in the Solaris component of Oracle Sun Systems Products Suite subcomponent: Network. Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows successful...

Oracle Solaris Critical Patch Update : jan2015_SRU11_2_6_4_0

This Solaris system is missing necessary patches to address a critical security update : - Vulnerability in the Solaris component of Oracle Sun Systems Products Suite subcomponent: KSSL. Supported versions that are affected are 10 and 11. Difficult to exploit vulnerability allows successful...

Oracle Database Multiple Vulnerabilities (January 2015 CPU)

The remote Oracle database server is missing the January 2015 Critical Patch Update CPU. It is, therefore, affected by security issues in the following components : - Core RDBMS - DBMSUTILITY - PL/SQL - Recovery - Workspace Manager - XML Developer's Kit for C %NASLMINLEVEL 70300 C Tenable Network...

Oracle Secure Global Desktop Multiple Vulnerabilities (January 2015 CPU) (POODLE)

The remote host has a version of Oracle Secure Global Desktop that is version 4.63, 4.71, 5.0 or 5.1. It is, therefore, affected by multiple vulnerabilities in the following components : - Apache HTTP Server - Client - Gateway JARP module - Gateway Reverse Proxy - OpenSSL - Print Servlet only in...

CAS Server 3.5.2 LDAP Authentication Bypass

=====Alligator Security Team - Security Advisory======== CVE-2015-1169 - CAS Server 3.5.2 allows remote attackers to bypass LDAP authentication via crafted wildcards. Reporter: José Tozo =====Table of Contents================================== 1. Background 2. Detailed description 3. Other contex...

January 2015 Oracle Critical Patch update

Oracle’s first Critical Patch Update of the year arrived Tuesday with its usual volume, and some disturbing fanfare. Oracle admins today are staring at 169 patches on their collective plates across the company’s product line. One of the more pressing fixes is for a an issue in the Oracle E-Busine...

Nasty Oracle Vulnerability Leaves Researcher 'Flabbergasted'

Oracle on Tuesday will release a huge number of security fixes as part of its quarterly critical patch update, and one of them is a patch for a vulnerability that a well-known security researcher said looks a lot like a back door but was likely just a terrible mistake. The flaw is found in Oracle...

Oracle Solaris Third-Party Patch Update : python (cve_2014_7185_integer_overflow)

The remote Solaris system is missing necessary patches to address security updates : - Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a 'buffer' function. CVE-2014-7185...

Oracle Solaris Third-Party Patch Update : ruby (cve_2013_4164_buffer_errors)

The remote Solaris system is missing necessary patches to address security updates : - Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial of service...

Oracle Solaris Third-Party Patch Update : xorg (multiple_vulnerabilities_in_x_org)

The remote Solaris system is missing necessary patches to address security updates : - Integer overflow in X.org libXfixes 5.0 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the XFixesGetCursorImage function. CVE-2013-1983 -...

Oracle Solaris Third-Party Patch Update : isc-dhcp (cve_2012_3955_denial_of)

The remote Solaris system is missing necessary patches to address security updates : - ISC DHCP 4.1.x before 4.1-ESV-R7 and 4.2.x before 4.2.4-P2 allows remote attackers to cause a denial of service daemon crash in opportunistic circumstances by establishing an IPv6 lease in an environment where...

Oracle Solaris Third-Party Patch Update : libfxt (cve_2011_3256_denial_of)

The remote Solaris system is missing necessary patches to address security updates : - FreeType 2 before 2.4.7, as used in CoreGraphics in Apple iOS before 5, Mandriva Enterprise Server 5, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service...

Oracle Solaris Third-Party Patch Update : openssl (lucky_thirteen_vulnerability_in_solaris)

The remote Solaris system is missing necessary patches to address security updates : - OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service NULL pointe...

Oracle Solaris Third-Party Patch Update : memcached (cve_2013_0179_buffer_errors)

The remote Solaris system is missing necessary patches to address security updates : - The processbindelete function in memcached.c in memcached 1.4.4 and other versions before 1.4.17, when running in verbose mode, allows remote attackers to cause a denial of service segmentation fault via a...

Oracle Solaris Third-Party Patch Update : apache (multiple_denial_of_service_dos5)

The remote Solaris system is missing necessary patches to address security updates : - The cacheinvalidate function in modules/cache/cachestorage.c in the modcache module in the Apache HTTP Server 2.4.6, when a caching forward proxy is enabled, allows remote HTTP servers to cause a denial of...

Oracle Solaris Third-Party Patch Update : openssl (multiple_vulnerabilities_in_openssl4) (Heartbleed)

The remote Solaris system is missing necessary patches to address security updates : - The ssl3takemac function in ssl/s3both.c in OpenSSL 1.0.1 before 1.0.1f allows remote TLS servers to cause a denial of service NULL pointer dereference and application crash via a crafted Next Protocol...

Oracle Solaris Third-Party Patch Update : pidgin (multiple_vulnerabilities_in_pidgin)

The remote Solaris system is missing necessary patches to address security updates : - proxy.c in libpurple in Pidgin before 2.10.4 does not properly handle canceled SOCKS5 connection attempts, which allows user-assisted remote authenticated users to cause a denial of service application crash vi...

Oracle Solaris Third-Party Patch Update : gimp (multiple_vulnerabilities_in_gimp)

The remote Solaris system is missing necessary patches to address security updates : - Heap-based buffer overflow in the KiSS CEL file format plug-in in GIMP 2.8.x and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted KiSS palette file,...

Oracle Solaris Third-Party Patch Update : gnu-patch (multiple_vulnerabilities_in_gnu_patch)

The remote Solaris system is missing necessary patches to address security updates : - Directory traversal vulnerability in dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assisted remote attackers to modify arbitrary files via directory traversal sequences in a patch for a source-forma...

Oracle Solaris Third-Party Patch Update : apache (multiple_input_validation_vulnerabilities_in1)

The remote Solaris system is missing necessary patches to address security updates : - The davxmlgetcdata function in main/util.c in the moddav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote attackers to cause ...