Oracle Solaris Third-Party Patch Update : ruby (cve_2013_4073_cryptographic_issues)

The remote Solaris system is missing necessary patches to address security updates : - The safe-level feature in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, and 1.8.8dev allows context-dependent attackers to modify strings via the Exceptiontos method, as demonstrated by changing an...

Oracle Solaris Third-Party Patch Update : tcsd (cve_2012_0698_denial_of)

The remote Solaris system is missing necessary patches to address security updates : - tcsd in TrouSerS before 0.3.10 allows remote attackers to cause a denial of service daemon crash via a crafted typeoffset value in a TCP packet to port 30003. CVE-2012-0698 %NASLMINLEVEL 70300 C Tenable Network...

Oracle Solaris Third-Party Patch Update : bind (cve_2012_5166_denial_of)

The remote Solaris system is missing necessary patches to address security updates : - ISC BIND 9.x before 9.7.6-P4, 9.8.x before 9.8.3-P4, 9.9.x before 9.9.1-P4, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P4 allows remote attackers to cause a denial of service named daemon hang via unspecified...

Oracle Solaris Third-Party Patch Update : gimp (cve_2012_4564_design_error)

The remote Solaris system is missing necessary patches to address security updates : - ppm2tiff does not check the return value of the TIFFScanlineSize function, which allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted PPM image that...

Oracle Solaris Third-Party Patch Update : vino (cve_2012_4429_information_leak)

The remote Solaris system is missing necessary patches to address security updates : - Vino 2.28, 2.32, 3.4.2, and earlier allows remote attackers to read clipboard activity by listening on TCP port 5900. CVE-2012-4429 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...

Oracle Solaris Third-Party Patch Update : libexif (multiple_vulnerabilities_in_libexif1)

The remote Solaris system is missing necessary patches to address security updates : - The exifentrygetvalue function in exif-entry.c in the EXIF Tag Parsing Library aka libexif before 0.6.21 allows remote attackers to cause a denial of service out-of-bounds read or possibly obtain sensitive...

Oracle Solaris Third-Party Patch Update : libtasn1 (multiple_vulnerabilities_in_gnu_libtasn1)

The remote Solaris system is missing necessary patches to address security updates : - The asn1getbitder function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via craft...

Oracle Solaris Third-Party Patch Update : apache (multiple_cross_site_scripting_vulnerabilities)

The remote Solaris system is missing necessary patches to address security updates : - Multiple cross-site scripting XSS vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving...

Oracle Solaris Third-Party Patch Update : libcurl (cve_2014_3707_information_disclosure)

The remote Solaris system is missing necessary patches to address security updates : - The curleasyduphandle function in libcurl 7.17.1 through 7.38.0, when running with the CURLOPTCOPYPOSTFIELDS option, does not properly copy HTTP POST data for an easy handle, which triggers an out-of-bounds rea...

Oracle Solaris Third-Party Patch Update : kerberos (cve_2010_1322_improper_input)

The remote Solaris system is missing necessary patches to address security updates : - The mergeauthdata function in kdcauthdata.c in the Key Distribution Center KDC in MIT Kerberos 5 aka krb5 1.8.x before 1.8.4 does not properly manage an index into an authorization-data list, which allows remot...

Oracle Solaris Third-Party Patch Update : libtiff (cve_2012_2088_denial_of)

The remote Solaris system is missing necessary patches to address security updates : - Integer signedness error in the TIFFReadDirectory function in tifdirread.c in libtiff 3.9.4 and earlier allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code...

Oracle Solaris Third-Party Patch Update : libcurl (cve_2014_3613_cookie_leak)

The remote Solaris system is missing necessary patches to address security updates. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the Oracle Third Party software advisories. include'deprecatednasllevel.inc';...

Oracle Solaris Third-Party Patch Update : thunderbird (multiple_vulnerabilities_in_thunderbird3)

The remote Solaris system is missing necessary patches to address security updates : - Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not prevent the starting of a download in response to the holding of the Enter key, which allows user-assiste...

Oracle Solaris Third-Party Patch Update : gnupg (cve_2013_4351_cryptographic_issues)

The remote Solaris system is missing necessary patches to address security updates : - GnuPG 1.4.x, 2.0.x, and 2.1.x treats a key flags subpacket with all bits cleared no usage permitted as if it has all bits set all usage permitted, which might allow remote attackers to bypass intended...

Oracle Solaris Third-Party Patch Update : tomcat (multiple_vulnerabilities_in_apache_tomcat4)

The remote Solaris system is missing necessary patches to address security updates : - Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data...

Oracle Solaris Third-Party Patch Update : xorg (cve_2013_4396_use_after)

The remote Solaris system is missing necessary patches to address security updates : - Use-after-free vulnerability in the doImageText function in dix/dixfonts.c in the xorg-server module before 1.14.4 in X.Org X11 allows remote authenticated users to cause a denial of service daemon crash or...

Oracle Solaris Third-Party Patch Update : freetype (cve_2011_3439_denial_of)

The remote Solaris system is missing necessary patches to address security updates : - FreeType in CoreGraphics in Apple iOS before 5.0.1 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted font in a document. CVE-2011-3439 %NASLMINLEVEL...

Oracle Solaris Third-Party Patch Update : libxml2 (cve_2010_4008_denial_of)

The remote Solaris system is missing necessary patches to address security updates : - libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which...

Oracle Solaris Third-Party Patch Update : keystone (cve_2014_2828_authentication_issues)

The remote Solaris system is missing necessary patches to address security updates : - The V3 API in OpenStack Identity Keystone 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 allows remote attackers to cause a denial of service CPU consumption via a large number of the same authenticati...

Oracle Solaris Third-Party Patch Update : wireshark (cve_2014_2907_denial_of)

The remote Solaris system is missing necessary patches to address security updates : - The srtpaddaddress function in epan/dissectors/packet-rtp.c in the RTP dissector in Wireshark 1.10.x before 1.10.7 does not properly update SRTP conversation data, which allows remote attackers to cause a denia...