Adobe has released three security updates for Adobe AIR SDK & Compiler (APSB16-31), Adobe Flash Player (APSB16-29), and Adobe Digital Editions (APSB16-28) which covers a total of 35 CVEs . The security update resolves a critical vulnerability for Adobe Flash Player and for AIR it resolves a remote security vulnerability that could potentially allow an attacker to take control of the […]

Read More →

Microsoft September 2016 Patch Tuesday brings 14 Security Bulletins addressing a total of 50 vulnerabilities. Seven Security Bulletins are rated as Critical and Seven are rated as Important. This month Seven bulletins are rated as Critical : MS16-104 for Internet Explorer, MS16-105 for Microsoft Edge,  MS16-106 for Microsoft Graphics Component, MS16-107 for Microsoft Office, MS16-108 for […]

Read More →

The main highlight of this release is the extension of our features to various Linux flavors such as CentOS, RHEL, Amazon Linux, Fedora, Ubuntu and other Debian and RPM based systems. Image courtesy: Rini Thomas @ SecPod What’s New in Release? Real-time analysis of Linux-based systems through an enormous list of queries such as System control settings, Processes, Services, […]

Read More →

OpenSSH is a free suite of connectivity tool aka OpenBSD Secure Shell, which provides secure encryption for both remote login and file transfer between two hosts over a network. CVE-2016-6515 (Denial of Service Vulnerability) It has been discovered that OpenSSH server incorrectly handles password hashing while authenticating non-existing users. In OpenSSH versions prior to 7.3, the ‘auth_password’ function in ‘auth_passwd.c’ script, […]

Read More →

One of the major and serious threats on the internet today is malicious software, often referred to as a Malware. Malware, short form of malicious software, is any software used to disrupt computer operations, gather sensitive information, gain access to private computer systems, or display unwanted advertising. The malware being designed by attackers are polymorphic and […]

Read More →

This month Adobe has released important security update only for Adobe Experience Manager (APSB16-27). The security update for Adobe Experience Manager resolves important input validation issues that could be used in cross-site scripting attacks, an important vulnerability in backup functionality that could lead to information disclosure, and an important vulnerability that could disclose audit log […]

Read More →

Microsoft August 2016 Patch Tuesday brings 9 Security Bulletins addressing a total of 34 vulnerabilities. Five Security Bulletins are rated as Critical and remaining Four are rated as Important. This month high priority fixes are for Internet Explorer, Microsoft Edge, Microsoft Graphics Component, Microsoft Office, and Microsoft Windows PDF Library which addresses 28 vulnerabilities out of 34 […]

Read More →

Understanding Saner Solution Saner Solution consists of three components namely- Ancor, Viser, and End-point Agents. Ancor is the Analytics and Correlation Engine that forms the core of the solution. Viser is the visibility portion of Saner Solution with which security administrators can monitor the security posture of an enterprise and also react/respond to security incidents […]

Read More →

  What would it be like if an Endpoint and Saner communicated? Endpoint: Someone entered? Saner: Hello Endpoint! I am Saner Version 2.1, Family Supported- Linux, Mac and Windows. Endpoint: Welcome Saner. I am Endpoint (hostname), alias 192.168.1.X (IP address), A2:B1:C4:A3:B2:C1 (Mac address), Processor X, RAM 8GB and Storage 500GB Endpoint: Welcome to my world […]

Read More →

  Adobe has released critical security updates for Adobe Flash Player (APSB16-25), Adobe Acrobat and Reader (APSB16-26) and Adobe XMP Toolkit for Java (APSB16-24). The security updates for Adobe Flash Player, Adobe Acrobat and Reader resolves critical vulnerabilities that allows an attacker to take control of the affected system.  The security updates for the Adobe XMP […]

Read More →

Adobe has released critical security updates for Adobe Flash Player(APSB16-18), Adobe DNG SDK(APSB16-19), Adobe Brackets(APSB16-20), Adobe Creative Cloud Desktop Application(APSB16-21), ClouFusion (APSB16-22), Adobe AIR(APSB16-23) and with Adobe Flash Player(APSA16-03) Advisory. The security updates for Adobe DNG Software development Kit (SDK) resolves a memory corruption vulnerability. The security updates for Adobe Flash Player resolves critical vulnerabilities that could potentially allow […]

Read More →

Microsoft June 2016 Patch Tuesday brings 17 Security Bulletins addressing a total of 82 vulnerabilities. Six are rated as Critical and remaining Eleven are rated as Important. This month high priority fixes are for Internet Explorer, Microsoft Edge, Microsoft Office, Adobe Flash Player and Microsoft Windows DNS Server which addresses 60 vulnerabilities out of 82 vulnerabilities. This month […]

Read More →

A new vulnerability has been discovered by Ben Hayak, researcher at Trustwave, at Black Hat Europe in Amsterdam, that can gain access into your private cloud and steal information like private photos, video albums etc. just by clicking on a malicious link. This attack happens before the user realizes that something is going wrong. Yes, that means the application […]

Read More →

SecPod Saner 2.1 provides exciting new features and bug fixes. Features include much more robust reporting, automated alerts, threat visualization and co-branding support for managed service providers. Administrators have a refurbished dashboard, which is fast and convenient. Quick links on the dashboard help search deeper into endpoint data. Remediation based on rules delineates status of […]

Read More →

Today’s sophisticated and complex malware targets all industries, and healthcare industry is becoming a popular choice amongst attackers. Healthcare organizations should have another look at their cyber security structure around endpoint devices like laptops, tablets, desktops, smartphones, patient control and monitoring devices. A recent survey on healthcare security with respondents comprising healthcare organizations stated that […]

Read More →

Advanced Persistent Threat (APT) is a network attack in which an attacker chooses a particular target, uses social engineering and advanced technologies to break into a network. Until the attack is successfully executed, they focus on that particular target for weeks, months, and years. Once inside a network, the objective of the attacker is to lay […]

Read More →

Microsoft May 2016 Patch Tuesday brings 16 Security Bulletins addressing a total of 37 vulnerabilities. Eight are rated as Critical and remaining eight are rated as Important. This month high priority fixes are for Internet Explorer, Microsoft Edge and Microsoft Graphics Component which addresses 14 vulnerabilities out of 37 vulnerabilities. This month eight bulletins are rated as Critical: […]

Read More →

Adobe has released critical security updates and hotfixes for ColdFusion, Adobe Flash player, Adobe Acrobat and Reader, which covers a total of 136 CVEs. The security hotfixes for ColdFusion resolves a critical vulnerability on all platforms. The security updates for Adobe Acrobat and Reader resolves a critical vulnerability on Windows and Macintosh, whereas for Adobe Flash player […]

Read More →

Patch fatigue is a term that’s buzzing amongst IT managers due to the devastating number of patches enterprises need to keep their environment safe and updated. 2016 IBM Security Report covered 18 years of patches with over 100,000 known vulnerabilities. Though only a few of these vulnerabilities affect each device in a network at any […]

Read More →

DROWN (Decrypting RSA with Obsolete and Weakened Encryption): OpenSSL is an open source application which contains implementation of SSL (Secure Sockets Layer) and TLS (Transport Layer Security) protocols. libcrypto and libssl are 2 primary libraries of OpenSSL. Libcrypto library is used for general-purpose cryptography, libssl provides SSL and TLS protocol support and depends on libcrypto. […]

Read More →

PowerWare, a new ransomware has been detected, which leverages Windows PowerShell to-do the work. The ransomware targets enterprises using Microsoft Word and PowerShell. PowerShell is the scripting language intrinsic to Microsoft operating systems. This ransomware mainly targets healthcare organizations. The dubbed PowerWare ransomware is being circulated through a common attack method, phishing emails containing Word […]

Read More →

Strengthening resilience to attacks is the emphasis for security professionals nowadays. Though defenders are inventing technologies and tactics that are emerging in sophistication, enemies are not behind either. Criminals are well funded and they use a mishmash of progressed technologies and strategies to dodge detection. Security professionals will always do their best to block attacks […]

Read More →

Adobe has released critical security updates for RoboHelp server 9, Creative Cloud desktop application, and Flash Player, which covers a total of 26 CVE’s. The security hotfix for RoboHelp Server 9 for Windows resolves a critical vulnerability. The security update for the Creative Cloud Desktop Application for Windows and Macintosh resolves an important vulnerability. This security patch addresses the […]

Read More →

Microsoft April 2016 Patch Tuesday brings 13 security bulletins including one bulletin for Adobe Flash Player, addressing a total of 29 vulnerabilities. Microsoft also addresses a crucial Zero-Day vulnerability, popularly known as Badlock, in SAM and LSAD Remote Protocols CVE-2016-0128 which allows elevation of privileges. This month high priority fix are for Internet Explorer and Microsoft Edge which together addresses 11 out of 29 vulnerabilities. This month 6 bulletins are rated […]

Read More →

Oracle has released an emergency security update for Java SE running in desktop web browsers. Advisory addresses an unspecified vulnerability(CVE-2016-0636) which can be remotely exploited without authentication, may be exploited over a network without the need for a username and password. To be successfully exploited, an unsuspecting user running an affected release in a browser will […]

Read More →

A critical vulnerability has been found in Samba which affects all Windows platforms, termed as badlock. It will be patched on April 12, 2016. Samba is an open source implementation of the SMB/CIFS network protocol, which runs on non-windows operating systems like Unix, IBM System 390, Linux, OpenVMS and other operating systems and allows them to […]

Read More →

According to a recent survey that included approximately 480 IT professionals, effective patch management was considered to be the easiest way of enhancing IT risk management. However, organizations are still getting it wrong. Patch weariness was considered to have only a small impact on the industry, but is in fact affecting a wide range of organizations. The […]

Read More →

Partnerships and strategic alliances between technology vendors and Managed Service Providers (MSP) drive sales and bring success to technology firms and their partners. MSPs have played a significant role in taking a vendor’s product or service to the customers. Though these partnerships look like a win-win situation, not all the partnerships yield the right results. […]

Read More →

Multi-tenancy refers to the mode of operation wherein a single instance of a software application attends to multiple tenants. Each client is called a tenant. They may represent enterprises that gained access to the multi-tenant application or the multiple applications competing for intrinsic resources. Tenants are permitted to customize certain parts of the application such […]

Read More →

A critical security flaw has been reported in GNU C Library. The bug discovered in glibc has been present since 2008. A huge amount of Linux software can be hijacked by miscreants from the other side of the internet. The GNU C Library (glibc) is an essential component of Linux distributions. The researchers at Google and Red Hat […]

Read More →

Adobe has released critical security updates for Experience Manager, Connect, Flash Player, Photoshop CC and Bridge CC. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system. The Linux and Mac operating systems are affected apart from Windows. Here are the details of 4 Critical Security Updates: APSB16-05 (Adobe […]

Read More →

Microsoft February 2016 Patch Tuesday bring 13 Security Bulletins, which is addressing 37 vulnerabilities. Six are rated as Critical and 7 are Important. Following six bulletins are rated as Critical, MS16-009 for Internet Explorer.  MS16-011 for Microsoft Edge. MS16-012 for Windows PDF Library.  MS16-013 for Windows Journal. MS16-015 for Microsoft Office and MS16-022  for Adobe Flash Player.   Microsoft security bulletin summary for February 2016 in order of severity […]

Read More →

AUGMENTED REALITY   Augmented Reality is a sort of virtual reality that aims to duplicate the actual world’s environment in a computer. An augmented reality system creates a composite view for the user that is the combination of the real scene viewed by the user and a virtual scene produced by the computer that enhances […]

Read More →

Corporate Espionage is the practice of stealing and unauthorized revealing of corporate data to other companies, government or individuals. Competitor companies, individuals tracing information for their own financial profit are mainly involved in corporate espionage. Employees fail to build a lasting and loyal rapport with their employers and thus steal information. But unsatisfied employees aren’t the […]

Read More →

CVE-2016-0728 is the latest zero-day flaw discovered in linux kernel which affects millions of users across the world. The vulnerability has been there since several years and was discovered only recently. This flaw exists in all the linux kernel versions 3.8 and later. CVE-2016-0728 is basically a memory-leak vulnerability, where the flaw exists within the […]

Read More →

As a firm grows, it’s important to adopt more stringent security measures to protect its business from unwanted threats, risks, and unauthorized activities. After looking into various practical applications and procedures, businesses implement best practices for the smooth running of their operations. Employ In-depth protection strategies Draw attention to numerous, overlapping and reciprocally supportive defensive […]

Read More →

The increased cost and complexity of securing the business IT infrastructure has opened the door for managed security service providers (MSSPs). In particular, small and medium businesses (SMBs) generally don’t have the security experience or resources to adequately protect their business from today’s security threats. The days of simply configuring firewalls and deploying anti-virus software […]

Read More →

Small and medium size businesses mainly known as SMBs are focused towards growing. Spending on security software is not one of their priorities. But just like every other business, protection of their data and systems are equally important. The perception that since the business is small all they’ll require is an anti-virus, is not right. […]

Read More →

2016 Security Predictions Every cyber experience that we encounter, be it success or failure is a learning lesson. A learning lesson to be precautious and a lesson as to what to expect in the future. Let’s take a look back at the year 2015 to get an insight about the forthcoming period.   What we […]

Read More →

5 Endpoint Security Myths Protecting a central corporate network when it is being accessed through various endpoints such as mobile devices, laptops, computers etc. is known as Endpoint Security. Superstitions and myths related to many things have been going on for generations. So how can we leave behind myths on endpoint security? Here are some […]

Read More →

Adobe released critical security patch for Adobe Flash Player. The patch address Nineteen (19) flaws including multiple zero day vulnerabilities and CVE-2015-8561 is being actively exploited in the wild.These flaws allows attackers to take complete control of the systems remotely. The Linux and Mac operating systems are affected apart from Windows. Here are the details of the 19 […]

Read More →

Microsoft December 2015 Patch Tuesday bring 12 security bulletins which is addressing 71 vulnerabilities. Eight are rated Critical and 4 are Important. Eight Bulletins are rated as Critical , MS15-124 for Internet Explorer.  MS15-125 for Edge. MS15-126 for JScript and VBScript. MS15-127 for Windows DNS. MS15-128 for Graphics Component. MS15-129 for Silverlight. MS15-130 for Uniscribe and MS15-131 for Office. Microsoft security bulletin summary for December 2015 in order of severity MS15-124 : Vulnerabilities in Internet Explorer (3116180) Severity […]

Read More →

Microsoft October 2015 Patch Tuesday bring six security bulletins which is addressing 33 vulnerabilities. Three are rated Critical and 3 are Important. Three Bulletins are rated as Critical , MS15-106 for Internet Explorer.  MS15-108 for JScript and VBScript and MS15-109 for Windows Shell. Microsoft security bulletin summary for October 2015 in order of severity MS15-106 : Vulnerabilities in Internet Explorer (3096441) Severity Rating: Critical Affected Software: Internet […]

Read More →

  Microsoft September 2015 Patch Tuesday bring 12 security bulletins which address 55 CVE’s. Four are rated Critical and eight are Important. 4 bulletins are rated as Critical , MS15-94 for Internet Explorer 7 (IE 7), Internet Explorer 8 (IE 8), Internet Explorer 9 (IE 9), Internet Explorer 10 (IE 10), and Internet Explorer 11 (IE 11) , MS15-95 for […]

Read More →

Microsoft August 2015 Patch Tuesday bring 14 security bulletins which address 60 CVE’s. This month has 4 high priority bulletins, MS15-81 for Microsoft Office 2007, 2010, 2013, MS15-92 for .NET Framework , MS15-79 for Internet Explorer and MS15-091 for Microsoft Edge. 4 bulletins are rated as Critical , MS15-079 (KB3082442) for Internet Explorer 7 through 11 addressing 13 vulnerabilities, MS15-080 (KB3078662) for Microsoft Graphics […]

Read More →

Microsoft July 2015 Patch Tuesday bring 14 security bulletins which address 58 CVE’s. This month has 3 high priority bulletins, MS15-065 for Internet Explorer, MS15-070 for Microsoft Office, and MS15-077 for Windows. 4 bulletins are rated as Critical , MS15-065 for Internet Explorer 6 through 11 addressing 29 vulnerabilities, MS15-066 for VBScript engine in Windows Server 2003, Windows Server […]

Read More →

A critical vulnerability is discovered in Rivest Cipher 4 software stream cipher. In cryptography, RC4 is one of the most used software-based stream ciphers in the world. The cipher is included in popular Internet protocols such as Transport Layer Security (TLS). It is a very simple cipher when compared to competing algorithms of the same […]

Read More →

SecPod Research Team member (Deependra Bapna) has found Multiple Stored Cross-site Scripting Vulnerabilities in ClipBucket. The vulnerabilities are due to improper validation of various parameters in various pages. This may allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data. Complete Advisory information can be found here. Advisory in CVRF […]

Read More →

SecPod Research Team member (Thanga Prakash) has found Multiple Cross-site Scripting Vulnerabilities and SQL injection vulnerability in WordPress HTML5 MP3 Player with Playlist plugin. The vulnerability is caused by improper validation of various parameters in various pages. This may allow an attacker to steal cookie-based authentication credentials, inject or manipulate SQL queries in the back-end […]

Read More →

SecPod Research Team member (Thanga Prakash) has found Multiple Reflected Cross-site Scripting Vulnerabilities in ManageEngine Firewall Analyzer. The vulnerability is caused by improper validation of various parameters in various pages. This may allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data. Complete Advisory information can be found here. Advisory […]

Read More →

  Microsoft June 2015 Patch Tuesday bring 08 security bulletins addressing a total of 45 vulnerabilities. This month high priority fix is for Internet Explorer which alone addresses 24 out of 45 vulnerabilities. This month 2 bulletins are rated as Critical, addressing 25 vulnerabilities and 6 are rated as Important. Critical security updates addresses security […]

Read More →

MS Patch Tuesday May 2015   This May 2015 Patch Tuesday Microsoft released 13 security bulletins addressing a total of 46 vulnerabilities. This month high priority fix is for Internet Explorer which alone addresses 22 out of 46 vulnerabilities. This month 3 bulletins are rated as Critical, addressing 30 vulnerabilities and 10 are rated as […]

Read More →

  This April another big update from Microsoft, which includes 11 security bulletins addressing a total of 26 vulnerabilities. The high priority fix is for Microsoft Office addressing 5 vulnerabilities, Windows HTTP protocol stack (HTTP.sys) and Internet Explorer addressing 10 vulnerabilities. This month four bulletins are rated as Critical, addressing 17 vulnerabilities and seven are […]

Read More →

SecPod Research Team member (Shakeel Bhat) has found Multiple Stored Cross-Site Scripting Vulnerabilities in Dotclear CMS. The vulnerability is caused by improper validation of various parameter in various pages. This may allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data. Complete Advisory information can be found here. Advisory in CVRF […]

Read More →

With all the frightening stories of hackers at Black Hat, I stepped into not-just-yet-another-conference in Singapore. Situated at the plush location of the island country, Marina Bay Sands catered to one of the best security conference of this calibre. All renowned and well-informed security enthusiasts visited from all over the world to share their thoughts […]

Read More →

A big Patch Tuesday this month consisting of total fourteen security bulletins address total of 45 vulnerabilities. This month also high priority fix is for Internet Explorer along with Microsoft Windows, Adobe Font Driver, VBScript Scripting Engine, and Microsoft Office. Internet Explorer addresses and Adobe Font Driver address total 20 out of 45 vulnerabilities. This […]

Read More →

In our previous blog post, we promised to keep you informed if FREAK (Factoring attack on RSA-EXPORT Keys) vulnerability affects Windows applications. As of today, it is confirmed that FREAK is affecting all supported versions of Microsoft Windows, making the flaw more dangerous than anticipated. To give you a brief background, FREAK vulnerability is a […]

Read More →

Another potentially dangerous vulnerability called FREAK (Factoring Attack on RSA-EXPORT Keys) is being true to its name and is freaking out all Android and Apple device users. This SSL/TLS vulnerability has over the years exposed millions of Android and Apple devices to attacks when they visit supposedly ‘secured’ websites, which is what makes it dangerous. […]

Read More →

  In this Patch Tuesday, Microsoft released Nine security bulletins addressing a total of 56 vulnerabilities. As usual this month high priority fix is for Internet Explorer, along with Windows Kernel-Mode Driver, Windows Group Policy and Microsoft Office. Internet Explorer alone addresses 41 out of 56 vulnerabilities. This month three bulletins are rated as Critical, […]

Read More →

A highly critical vulnerability has been found in glibc, the GNU C library, which affects all Linux systems on glibc version 2.2 dating back to the year 2000. The vulnerability, with CVE-2015-0235, has already been nicknamed GHOST because of its relation to the _gethostbyname function. Read More.   It affects virtually all Linux-based software that […]

Read More →

A critical vulnerability is discovered in GNU C Library (glibc). The GNU C Library, commonly known as glibc, is the GNU Project’s implementation of the C standard library and a core part of the Linux operating system. GNU C Library (glibc) is used in most of the Linux distributions, which is prone to a heap-based […]

Read More →

The package linux-image-generic is a meta package for Linux kernel on Debian and Ubuntu machines. There seems to be an issue in the latest security patches released for linux-image-generic. On installing the latest kernel versions 3.16.0-28 or 3.16.0-29 on Ubuntu 14.04 and after restarting the machine, all the USB and ethernet ports are getting disabled. […]

Read More →

  Microsoft’s first Patch Tuesday of 2015 brings Eight security bulletins covering a total of eight vulnerabilities. Noticeably, high priority fix is for Windows Telnet Service which, if not fixed, can potentially allow Remote Code Execution . No updates were made available for Internet Explorer. Of the eight vulnerabilities one is rated Critical and Seven are […]

Read More →

  Last Microsoft Patch Tuesday of this year brings Seven security bulletins covering a total of 24 vulnerabilities. Now the total count for this year reached to 85. The high priority fix is for Internet Explorer, Microsoft Word and Microsoft Office Web Apps, VBScript Scripting Engine. Internet Explorer alone addresses 14 out of 24 vulnerabilities. […]

Read More →

This month Microsoft has released 14 security bulletins addressing a total of 33 vulnerabilities. The high priority fix is for Windows OLE, Internet Explorer, Windows Schannel and XML Core Services. Internet Explorer alone addresses 17 out of 33 vulnerabilities and it includes fix for 0-day vulnerability CVE-2014-6352 in the Windows OLE. This month Four bulletins […]

Read More →

Microsoft has released Eight security bulletins addressing a total of 24 vulnerabilities. The high priority fix is for Internet Explorer and Microsoft Windows. Internet Explorer alone addresses 14 out of 24 vulnerabilities. This month Three bulletins are rated as Critical, addressing 19 vulnerabilities and five are rated as Important. Critical security updates addresses security issues […]

Read More →

Bourne Again Shell (BASH) is widely used and default command interpreter for many Linux flavors, is prone to a command execution vulnerability as discovered by Stephane Chazelas of Akamai. The vulnerability is due to the way bash processes specially crafted environment variables i.e trailing code in function definitions was executed, independent of the variable name, which allows […]

Read More →

  Microsoft Patch Tuesday was announced this month with Four Security Bulletins addressing a total of 42 vulnerabilities. The high priority fix is for Internet Explorer, which alone addresses 37 out of 42 vulnerabilities. One is rated as Critical, addressing 37 vulnerabilities and three are rated as Important. Critical security updates addresses security issues in […]

Read More →

In this Patch Tuesday, Microsoft released Six Bulletins addressing a total of 29 vulnerabilities. This month also the high priority fix is for Internet Explorer, which alone addresses 24 out of 29 vulnerabilities. Two are rated as Critical, addressing 25 vulnerabilities, three are rated as Important and one is rated as Moderate . Critical security updates […]

Read More →

In this Patch Tuesday, Microsoft released Seven Bulletins addressing a total of 66 vulnerabilities. The high priority fix is for Internet Explorer, which alone addresses 59 out of 66 vulnerabilities and it includes fix for 0-day CVE-2014-1770. Two are rated as Critical, addressing 61 vulnerabilities and five are rated as Important. Critical security updates addresses security […]

Read More →

A new zero-day (CVE-2014-0515) exploit exists in the wild, and is being used to target Flash Player users on the Windows systems. The vulnerability was discovered by Kaspersky Lab in Mid April. There is a buffer overflow vulnerability in the Pixel Bender component which is designed for video and image processing that can be used […]

Read More →

The following SCAP content has been released to SCAP Repo and SecPod ANCOR. SecPod Saner will automatically pull the relevant content on its next scheduled update. oval:org.secpod.oval:def:37398 CVE-2016-7052 NULL pointer dereference vulnerability in OpenSSL by triggering a CRL operation oval:org.secpod.oval:def:37399 CVE-2016-6309 Use-after-free vulnerability in statem/statem.c in OpenSSL via a crafted TLS session oval:org.secpod.oval:def:37404 CVE-2016-7395 Denial […]

Read More →

The following SCAP content has been released to SCAP Repo and SecPod ANCOR. SecPod Saner will automatically pull the relevant content on its next scheduled update. oval:org.secpod.oval:def:37380 CVE-2016-6304 Denial of service vulnerability in the OCSP Status Request extension in OpenSSL via a malicious client oval:org.secpod.oval:def:37381 CVE-2016-6305 Denial of service vulnerability in OpenSSL via a malicious […]

Read More →

The following SCAP content has been released to SCAP Repo and SecPod ANCOR. SecPod Saner will automatically pull the relevant content on its next scheduled update. oval:org.secpod.oval:def:37218 CVE-2016-4256 Memory corruption vulnerability in Adobe Digital Editions via unspecified vectors – CVE-2016-4256 oval:org.secpod.oval:def:37219 CVE-2016-4257 Memory corruption vulnerability in Adobe Digital Editions via unspecified vectors – CVE-2016-4257 oval:org.secpod.oval:def:37220 […]

Read More →

The following SCAP content has been released to SCAP Repo and SecPod ANCOR. SecPod Saner will automatically pull the relevant content on its next scheduled update. oval:org.secpod.oval:def:111301 CVE-2016-6298 FEDORA-2016-7b4a60ae66 FEDORA-2016-7b4a60ae66 — Fedora 23 python-jwcrypto-0.3.2-1.fc23 oval:org.secpod.oval:def:111303 CVE-2016-6342 FEDORA-2016-508767e6b7 FEDORA-2016-508767e6b7 — Fedora 24 elog-3.1.1-7.fc24 oval:org.secpod.oval:def:111305 CVE-2016-6866 FEDORA-2016-985b68721b FEDORA-2016-985b68721b — Fedora 24 slock-1.3-2.fc24 oval:org.secpod.oval:def:111307 CVE-2016-5147 CVE-2016-5148 CVE-2016-5149 CVE-2016-5150 […]

Read More →

The following SCAP content has been released to SCAP Repo and SecPod ANCOR. SecPod Saner will automatically pull the relevant content on its next scheduled update. oval:org.secpod.oval:def:37050 CVE-2016-3345 MS16-114 Remote code execution vulnerability in Server Message Block in Microsoft Windows – MS16-114 oval:org.secpod.oval:def:37049 CVE-2016-3345 Remote code execution vulnerability in Server Message Block in Microsoft Windows […]

Read More →