83 matches found
Oracle Solaris Third-Party Patch Update : gtk (cve_2012_2370_denial_of)
The remote Solaris system is missing necessary patches to address security updates : - Multiple integer overflows in the readbitmapfiledata function in io-xbm.c in gdk-pixbuf before 2.26.1 allow remote attackers to cause a denial of service application crash via a negative 1 height or 2 width in ...
Oracle Solaris Third-Party Patch Update : pidgin (cve_2012_3374_buffer_overflow)
The remote Solaris system is missing necessary patches to address security updates : - Buffer overflow in markup.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.5 allows remote attackers to execute arbitrary code via a crafted inline image in a message. CVE-2012-3374 %NASLMINLEVE...
Oracle Solaris Third-Party Patch Update : samba (cve_2012_6150_input_validation)
The remote Solaris system is missing necessary patches to address security updates : - The winbindnamelisttosidstringlist function in nsswitch/pamwinbind.c in Samba through 4.1.2 handles invalid requiremembershipof group names by accepting authentication by any user, which allows remote...
Oracle Solaris Third-Party Patch Update : sudo (cve_2012_2337_restriction_bypass)
The remote Solaris system is missing necessary patches to address security updates : - sudo 1.6.x and 1.7.x before 1.7.9p1, and 1.8.x before 1.8.4p5, does not properly support configurations that use a netmask syntax, which allows local users to bypass intended command restrictions in opportunist...
Oracle Solaris Third-Party Patch Update : sendmail (cve_2014_3956_information_disclosure)
The remote Solaris system is missing necessary patches to address security updates : - The smcloseonexec function in conf.c in sendmail before 8.14.9 has arguments in the wrong order, and consequently skips setting expected FDCLOEXEC flags, which allows local users to access unintended...
Oracle Solaris Third-Party Patch Update : xdg-utils (cve_2008_0386_improper_input)
The remote Solaris system is missing necessary patches to address security updates : - Xdg-utils 1.0.2 and earlier allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a URL argument to 1 xdg-open or 2 xdg-email. CVE-2008-0386 %NASLMINLEVEL 70300 C Tenab...
Oracle Solaris Third-Party Patch Update : squid (cve_2011_3205_buffer_overflow)
The remote Solaris system is missing necessary patches to address security updates : - Buffer overflow in the gopherToHTML function in gopher.cc in the Gopher reply parser in Squid 3.0 before 3.0.STABLE26, 3.1 before 3.1.15, and 3.2 before 3.2.0.11 allows remote Gopher servers to cause a denial o...
Oracle Solaris Third-Party Patch Update : wireshark (multiple_vulnerabilities_in_wireshark11)
The remote Solaris system is missing necessary patches to address security updates : - Use-after-free vulnerability in the SDP dissector in Wireshark 1.10.x before 1.10.10 allows remote attackers to cause a denial of service application crash via a crafted packet that leverages split memory...
Oracle Solaris Third-Party Patch Update : bind (cve_2012_1667_denial_of)
The remote Solaris system is missing necessary patches to address security updates : - ISC BIND 9.x before 9.7.6-P1, 9.8.x before 9.8.3-P1, 9.9.x before 9.9.1-P1, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P1 does not properly handle resource records with a zero-length RDATA section, which allows...
Oracle Solaris Third-Party Patch Update : nss (cve_2013_1620_lucky_thirteen)
The remote Solaris system is missing necessary patches to address security updates : - The TLS implementation in Mozilla Network Security Services NSS does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which...
Oracle Solaris Third-Party Patch Update : perl-58 (cve_2011_2728_denial_of)
The remote Solaris system is missing necessary patches to address security updates : - The bsdglob function in the File::Glob module for Perl before 5.14.2 allows context-dependent attackers to cause a denial of service crash via a glob expression with the GLOBALTDIRFUNC flag, which triggers an...
Oracle Solaris Third-Party Patch Update : libxslt (multiple_vulnerabilities_in_libxslt)
The remote Solaris system is missing necessary patches to address security updates : - The xsltGenerateIdFunction function in functions.c in libxslt 1.1.26 and earlier, as used in Google Chrome before 10.0.648.127 and other products, allows remote attackers to obtain potentially sensitive...
Oracle Solaris Third-Party Patch Update : icu (cve_2013_0900_race_conditions)
The remote Solaris system is missing necessary patches to address security updates : - Race condition in the International Components for Unicode ICU functionality in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a...
Oracle Solaris Third-Party Patch Update : wireshark (multiple_vulnerabilities_in_wireshark10)
The remote Solaris system is missing necessary patches to address security updates : - The nfsnamesnoopaddname function in epan/dissectors/packet-nfs.c in the NFS dissector in Wireshark 1.8.x before 1.8.13 and 1.10.x before 1.10.6 does not validate a certain length value, which allows remote...
Oracle Solaris Third-Party Patch Update : thunderbird (multiple_vulnerabilities_in_thunderbird4)
The remote Solaris system is missing necessary patches to address security updates : - CRLF injection vulnerability in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows remote web...
Oracle Solaris Third-Party Patch Update : librsvg (cve_2011_3146_denial_of)
The remote Solaris system is missing necessary patches to address security updates : - librsvg before 2.34.1 uses the node name to identify the type of node, which allows context-dependent attackers to cause a denial of service NULL pointer dereference and possibly execute arbitrary code via a SV...
Oracle Solaris Third-Party Patch Update : perl-512 (cve_2012_5195_heap_buffer)
The remote Solaris system is missing necessary patches to address security updates : - Heap-based buffer overflow in the Perlrepeatcpy function in util.c in Perl 5.12.x before 5.12.5, 5.14.x before 5.14.3, and 5.15.x before 15.15.5 allows context-dependent attackers to cause a denial of service...
Oracle Solaris Third-Party Patch Update : facter (cve_2014_3248_untrusted_search)
The remote Solaris system is missing necessary patches to address security updates : - Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when...
Oracle Solaris Third-Party Patch Update : jinja2 (multiple_vulnerabilities_in_jinja2)
The remote Solaris system is missing necessary patches to address security updates : - FileSystemBytecodeCache in Jinja2 2.7.2 does not properly create temporary directories, which allows local users to gain privileges by pre-creating a temporary directory with a user's uid. NOTE: this...
Oracle Solaris Third-Party Patch Update : libotr (cve_2012_3461_denial_of)
The remote Solaris system is missing necessary patches to address security updates : - The 1 otrlbase64otrdecode function in src/b64.c; 2 otrlprotodatareadflags and 3 otrlprotoacceptdata functions in src/ proto.c; and 4 decode function in toolkit/parse.c in libotr before 3.2.1 allocates a...