13 matches found
Oracle Solaris Third-Party Patch Update : tcsd (cve_2012_0698_denial_of)
The remote Solaris system is missing necessary patches to address security updates : - tcsd in TrouSerS before 0.3.10 allows remote attackers to cause a denial of service daemon crash via a crafted typeoffset value in a TCP packet to port 30003. CVE-2012-0698 %NASLMINLEVEL 70300 C Tenable Network...
Oracle Solaris Third-Party Patch Update : quagga (cve_2013_2236_buffer_errors)
The remote Solaris system is missing necessary patches to address security updates : - Stack-based buffer overflow in the newmsglsachangenotify function in the OSPFD API ospfapi.c in Quagga before 0.99.22.2, when --enable-opaque-lsa and the -a command line option are used, allows remote attackers...
Oracle Solaris Third-Party Patch Update : cvs (cve_2012_0804_buffer_errors)
The remote Solaris system is missing necessary patches to address security updates : - Heap-based buffer overflow in the proxyconnect function in src/client.c in CVS 1.11 and 1.12 allows remote HTTP proxy servers to cause a denial of service crash and possibly execute arbitrary code via a crafted...
Oracle Solaris Third-Party Patch Update : keystone (cve_2014_2828_authentication_issues)
The remote Solaris system is missing necessary patches to address security updates : - The V3 API in OpenStack Identity Keystone 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 allows remote attackers to cause a denial of service CPU consumption via a large number of the same authenticati...
Oracle Solaris Third-Party Patch Update : thunderbird (multiple_vulnerabilities_in_thunderbird4)
The remote Solaris system is missing necessary patches to address security updates : - CRLF injection vulnerability in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows remote web...
Oracle Solaris Third-Party Patch Update : slocate (cve_2007_0227_information_disclosure)
The remote Solaris system is missing necessary patches to address security updates : - slocate 3.1 does not properly manage database entries that specify names of files in protected directories, which allows local users to obtain the names of private files. NOTE: another researcher reports that t...
Oracle Solaris Third-Party Patch Update : ibutils (cve_2013_2561_link_following)
The remote Solaris system is missing necessary patches to address security updates : - OpenFabrics ibutils 1.5.7 allows local users to overwrite arbitrary files via a symlink attack on 1 ibdiagnet.db, 2 ibdiagnet.fdbs, 3 ibdiagnetibis.log, 4 ibdiagnet.log, 5 ibdiagnet.lst, 6 ibdiagnet.mcfdbs, 7...
Oracle Solaris Third-Party Patch Update : memcached (cve_2013_0179_buffer_errors)
The remote Solaris system is missing necessary patches to address security updates : - The processbindelete function in memcached.c in memcached 1.4.4 and other versions before 1.4.17, when running in verbose mode, allows remote attackers to cause a denial of service segmentation fault via a...
Oracle Solaris Third-Party Patch Update : gtk (cve_2012_2370_denial_of)
The remote Solaris system is missing necessary patches to address security updates : - Multiple integer overflows in the readbitmapfiledata function in io-xbm.c in gdk-pixbuf before 2.26.1 allow remote attackers to cause a denial of service application crash via a negative 1 height or 2 width in ...
Oracle Solaris Third-Party Patch Update : nova (cve_2014_3517_information_disclosure)
The remote Solaris system is missing necessary patches to address security updates : - api/metadata/handler.py in OpenStack Compute Nova before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2, when proxying metadata requests through Neutron, makes it easier for remote attackers to guess...
Oracle Solaris Third-Party Patch Update : nss (cve_2013_1620_lucky_thirteen)
The remote Solaris system is missing necessary patches to address security updates : - The TLS implementation in Mozilla Network Security Services NSS does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which...
Oracle Solaris Third-Party Patch Update : kerberos (cve_2014_4345_numeric_errors)
The remote Solaris system is missing necessary patches to address security updates : - Off-by-one error in the krb5encodekrbsecretkey function in plugins/kdb/ldap/ libkdbldap/ldapprincipal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 aka krb5 1.6.x through 1.11.x before 1.11.6 and 1.12....
Oracle Solaris Third-Party Patch Update : wireshark (multiple_vulnerabilities_in_wireshark8)
The remote Solaris system is missing necessary patches to address security updates : - The ieee802154maprec function in epan/dissectors/packet-ieee802154.c in the IEEE 802.15.4 dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 uses an incorrect pointer chain, which allows remote...