83 matches found
Oracle Solaris Third-Party Patch Update : lua (cve_2014_5461_buffer_errors)
The remote Solaris system is missing necessary patches to address security updates : - Buffer overflow in the vararg functions in ldo.c in Lua 5.1 through 5.2.x before 5.2.3 allows context-dependent attackers to cause a denial of service crash via a small number of arguments to a function with a...
Oracle Solaris Third-Party Patch Update : fetchmail (multiple_vulnerabilities_in_fetchmail) (BEAST)
The remote Solaris system is missing necessary patches to address security updates : - The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained...
Oracle Solaris Third-Party Patch Update : sudo (cve_2012_2337_restriction_bypass)
The remote Solaris system is missing necessary patches to address security updates : - sudo 1.6.x and 1.7.x before 1.7.9p1, and 1.8.x before 1.8.4p5, does not properly support configurations that use a netmask syntax, which allows local users to bypass intended command restrictions in opportunist...
Oracle Solaris Third-Party Patch Update : tomcat (cve_2013_0346_permissions_privileges)
The remote Solaris system is missing necessary patches to address security updates : - DISPUTED Apache Tomcat 7.x uses world-readable permissions for the log directory and its files, which might allow local users to obtain sensitive information by reading a file. NOTE: One Tomcat distributor has...
Oracle Solaris Third-Party Patch Update : libxml2 (cve_2012_5134_buffer_overflow)
The remote Solaris system is missing necessary patches to address security updates : - Heap-based buffer underflow in the xmlParseAttValueComplex function in parser.c in libxml2 2.9.0 and earlier, as used in Google Chrome before 23.0.1271.91 and other products, allows remote attackers to cause a...
Oracle Solaris Third-Party Patch Update : hplip (cve_2013_0200_link_following)
The remote Solaris system is missing necessary patches to address security updates : - HP Linux Imaging and Printing HPLIP through 3.12.4 allows local users to overwrite arbitrary files via a symlink attack on the 1 /tmp/hpcupsfilterc .bmp, 2 /tmp/hpcupsfilterk.bmp, 3 /tmp/hpcupsjob.out, 4...
Oracle Solaris Third-Party Patch Update : pidgin (cve_2012_3374_buffer_overflow)
The remote Solaris system is missing necessary patches to address security updates : - Buffer overflow in markup.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.5 allows remote attackers to execute arbitrary code via a crafted inline image in a message. CVE-2012-3374 %NASLMINLEVE...
Oracle Solaris Third-Party Patch Update : sudo (multiple_permissions_privileges_and_access)
The remote Solaris system is missing necessary patches to address security updates : - sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows local users or physically proximate attackers to bypass intended time restrictions and retain privileges without re-authenticating by setting th...
Oracle Solaris Third-Party Patch Update : xorg (multiple_vulnerabilities_in_x_org2)
The remote Solaris system is missing necessary patches to address security updates : - Multiple integer overflows in the 1 FontFileAddEntry and 2 lexAlias functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 might allow local users to gain privileges by adding a directory with a...
Oracle Solaris Third-Party Patch Update : libxslt (multiple_vulnerabilities_in_libxslt)
The remote Solaris system is missing necessary patches to address security updates : - The xsltGenerateIdFunction function in functions.c in libxslt 1.1.26 and earlier, as used in Google Chrome before 10.0.648.127 and other products, allows remote attackers to obtain potentially sensitive...
Oracle Solaris Third-Party Patch Update : openssl (cve_2012_2333_denial_of)
The remote Solaris system is missing necessary patches to address security updates : - Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service buffer...
Oracle Solaris Third-Party Patch Update : squid (cve_2011_3205_buffer_overflow)
The remote Solaris system is missing necessary patches to address security updates : - Buffer overflow in the gopherToHTML function in gopher.cc in the Gopher reply parser in Squid 3.0 before 3.0.STABLE26, 3.1 before 3.1.15, and 3.2 before 3.2.0.11 allows remote Gopher servers to cause a denial o...
Oracle Solaris Third-Party Patch Update : wireshark (multiple_vulnerabilities_in_wireshark11)
The remote Solaris system is missing necessary patches to address security updates : - Use-after-free vulnerability in the SDP dissector in Wireshark 1.10.x before 1.10.10 allows remote attackers to cause a denial of service application crash via a crafted packet that leverages split memory...
Oracle Solaris Third-Party Patch Update : net-snmp (cve_2012_2141_denial_of)
The remote Solaris system is missing necessary patches to address security updates : - The perltrapdhandler function in perl/TrapReceiver/TrapReceiver.xs in Net-SNMP 5.7.3.pre3 and earlier, when using certain Perl versions, allows remote attackers to cause a denial of service snmptrapd crash via ...
Oracle Solaris Third-Party Patch Update : nss (cve_2013_1620_lucky_thirteen)
The remote Solaris system is missing necessary patches to address security updates : - The TLS implementation in Mozilla Network Security Services NSS does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which...
Oracle Solaris Third-Party Patch Update : jinja2 (multiple_vulnerabilities_in_jinja2)
The remote Solaris system is missing necessary patches to address security updates : - FileSystemBytecodeCache in Jinja2 2.7.2 does not properly create temporary directories, which allows local users to gain privileges by pre-creating a temporary directory with a user's uid. NOTE: this...
Oracle Solaris Third-Party Patch Update : perl (cve_2014_4330_buffer_errors)
The remote Solaris system is missing necessary patches to address security updates : - The Dumper method in Data::Dumper before 2.154, as used in Perl 5.20.1 and earlier, allows context-dependent attackers to cause a denial of service stack consumption and crash via an Array-Reference with many...
Oracle Solaris Third-Party Patch Update : squid (multiple_vulnerabilities_in_squid)
The remote Solaris system is missing necessary patches to address security updates : - Multiple memory leaks in tools/cachemgr.cc in cachemgr.cgi in Squid 2.x and 3.x before 3.1.22, 3.2.x before 3.2.4, and 3.3.x before 3.3.0.2 allow remote attackers to cause a denial of service memory consumption...
Oracle Solaris Third-Party Patch Update : wireshark (multiple_vulnerabilities_in_wireshark6)
The remote Solaris system is missing necessary patches to address security updates : - The P1 dissector in Wireshark 1.10.x before 1.10.1 does not properly initialize a global variable, which allows remote attackers to cause a denial of service application crash via a crafted packet. CVE-2013-492...
Oracle Solaris Third-Party Patch Update : keystone (cve_2014_2828_authentication_issues)
The remote Solaris system is missing necessary patches to address security updates : - The V3 API in OpenStack Identity Keystone 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 allows remote attackers to cause a denial of service CPU consumption via a large number of the same authenticati...