SCAP release January 2019

The following SCAP content has been released to SCAP Repo and SecPod Saner Solution. SecPod Saner will automatically pull the relevant content on its next scheduled update. This is a list of vulnerabilities detected using a vulnerability management tool.

Also, a patch management solution can help patch these vulnerabilities.

oval:org.secpod.oval:def:50422	CVE-2019-5754	Inappropriate implementation vulnerability in the QUIC Networking in Google Chrome via unspecified vectors
oval:org.secpod.oval:def:50423	CVE-2019-5782	Inappropriate implementation vulnerability in the QUIC Networking in Google Chrome via unspecified vectors
oval:org.secpod.oval:def:50424	CVE-2019-5755	Inappropriate implementation vulnerability in the V8 in Google Chrome via unspecified vectors
oval:org.secpod.oval:def:50425	CVE-2019-5756	Use after free vulnerability in PDFium in Google Chrome via unspecified vectors
oval:org.secpod.oval:def:50426	CVE-2019-5757	Type confusion vulnerability in SVG in Google Chrome via unspecified vectors
oval:org.secpod.oval:def:50427	CVE-2019-5758	Use after free vulnerability in blink in Google Chrome via unspecified vectors
oval:org.secpod.oval:def:50428	CVE-2019-5759	Use after free vulnerability in HTML select elements in Google Chrome via unspecified vectors
oval:org.secpod.oval:def:50429	CVE-2019-5760	Use after free vulnerability in the WebRTC in Google Chrome via unspecified vectors
oval:org.secpod.oval:def:50430	CVE-2019-5761	Use after free vulnerability in SwiftShader in Google Chrome via unspecified vectors
oval:org.secpod.oval:def:50431	CVE-2019-5762	Use after free vulnerability in the PDFium in Google Chrome via unspecified vectors
oval:org.secpod.oval:def:50432	CVE-2019-5763	Insufficient validation of untrusted input vulnerability in the V8 in Google Chrome via unspecified vectors
oval:org.secpod.oval:def:50433	CVE-2019-5764	Use after free vulnerability in WebRTC in Google Chrome via unspecified vectors
oval:org.secpod.oval:def:50434	CVE-2019-5765	Insufficient policy enforcement vulnerability in Google Chrome via unspecified vectors
oval:org.secpod.oval:def:50435	CVE-2019-5766	Insufficient policy enforcement vulnerability in Canvas in Google Chrome via unspecified vectors
oval:org.secpod.oval:def:50436	CVE-2019-5767	Incorrect security UI vulnerability in WebAPKs in Google Chrome via unspecified vectors
oval:org.secpod.oval:def:50437	CVE-2019-5768	Insufficient policy enforcement vulnerability in the DevTools in Google Chrome via unspecified vectors
oval:org.secpod.oval:def:50438	CVE-2019-5769	Insufficient validation of untrusted input vulnerability in Google Chrome via unspecified vectors
oval:org.secpod.oval:def:50439	CVE-2019-5770	Heap buffer overflow vulnerability in WebGL in Google Chrome via unspecified vectors
oval:org.secpod.oval:def:50440	CVE-2019-5771	Heap buffer overflow vulnerability in SwiftShader in Google Chrome via unspecified vectors
oval:org.secpod.oval:def:50441	CVE-2019-5772	Use after free vulnerability in PDFium in Google Chrome via unspecified vectors
oval:org.secpod.oval:def:50442	CVE-2019-5773	Insufficient data validation vulnerability in IndexedDB in Google Chrome via unspecified vectors
oval:org.secpod.oval:def:50443	CVE-2019-5774	Insufficient validation of uninstrusted input vulnerability in Google Chrome via unspecified vectors
oval:org.secpod.oval:def:50444	CVE-2019-5775	Insufficient policy enforcement vulnerability in Omnibox in Google Chrome via unspecified vectors
oval:org.secpod.oval:def:50445	CVE-2019-5776	Insufficient policy enforcement vulnerability in Omnibox in Google Chrome via unspecified vectors
oval:org.secpod.oval:def:50446	CVE-2019-5777	Insufficient policy enforcement vulnerability in Omnibox in Google Chrome via unspecified vectors
oval:org.secpod.oval:def:50447	CVE-2019-5778	Insufficient policy enforcement vulnerability in Extensions in Google Chrome via unspecified vectors
oval:org.secpod.oval:def:50448	CVE-2019-5779	Insufficient policy enforcement vulnerability in ServiceWorker in Google Chrome via unspecified vectors
oval:org.secpod.oval:def:50449	CVE-2019-5780	Insufficient policy enforcement vulnerability in Google Chrome via unspecified vectors
oval:org.secpod.oval:def:50450	CVE-2019-5781	Insufficient policy enforcement vulnerability in the Omnibox in Google Chrome via unspecified vectors
oval:org.secpod.oval:def:50451	CVE-2019-5754 CVE-2019-5755 CVE-2019-5756 CVE-2019-5757 CVE-2019-5758 CVE-2019-5759 CVE-2019-5760 CVE-2019-5761 CVE-2019-5762 CVE-2019-5763 CVE-2019-5764 CVE-2019-5765 CVE-2019-5766 CVE-2019-5767 CVE-2019-5768 CVE-2019-5769 CVE-2019-5770 CVE-2019-5771 CVE-2019-5772 CVE-2019-5773 CVE-2019-5774 CVE-2019-5775 CVE-2019-5776 CVE-2019-5777 CVE-2019-5778 CVE-2019-5779 CVE-2019-5780 CVE-2019-5781 CVE-2019-5782 VENDORLINK	Multiple vulnerabilities in Google Chrome via unspecified vectors
oval:org.secpod.oval:def:50452	CVE-2018-18500 CVE-2018-18501 CVE-2018-18502 CVE-2018-18503 CVE-2018-18504 CVE-2018-18505 CVE-2018-18506 MFSA2019-01	Multiple vulnerabilities in Mozilla Firefox – MFSA2019-01
oval:org.secpod.oval:def:50453	CVE-2018-18500 CVE-2018-18501 CVE-2018-18505 MFSA2019-02	Multiple vulnerabilities in Mozilla Firefox ESR – MFSA2019-02
oval:org.secpod.oval:def:50454	CVE-2018-18500	Use-after-free parsing HTML5 stream – CVE-2018-18500
oval:org.secpod.oval:def:50455	CVE-2018-18501	Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5 – CVE-2018-18501
oval:org.secpod.oval:def:50456	CVE-2018-18502	Memory safety bugs fixed in Firefox 65 – CVE-2018-18502
oval:org.secpod.oval:def:50457	CVE-2018-18503	Memory corruption with Audio Buffer – CVE-2018-18503
oval:org.secpod.oval:def:50458	CVE-2018-18504	Memory corruption and out-of-bounds read of texture client buffer – CVE-2018-18504
oval:org.secpod.oval:def:50459	CVE-2018-18505	Privilege escalation through IPC channel messages – CVE-2018-18505
oval:org.secpod.oval:def:50460	CVE-2018-18506	Proxy Auto-Configuration file can define localhost access to be proxied – CVE-2018-18506
oval:org.secpod.oval:def:50461	CVE-2018-18500 CVE-2018-18501 CVE-2018-18502 CVE-2018-18503 CVE-2018-18504 CVE-2018-18505 CVE-2018-18506 MFSA2019-01	Multiple vulnerabilities in Mozilla Firefox – MFSA2019-01 (Mac OS X)
oval:org.secpod.oval:def:50462	CVE-2018-18500 CVE-2018-18501 CVE-2018-18505 MFSA2019-02	Multiple vulnerabilities in Mozilla Firefox ESR – MFSA2019-02 (Mac OS X)
oval:org.secpod.oval:def:50463	CVE-2018-18500	Use-after-free parsing HTML5 stream – CVE-2018-18500
oval:org.secpod.oval:def:50464	CVE-2018-18501	Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5 – CVE-2018-18501
oval:org.secpod.oval:def:50465	CVE-2018-18502	Memory safety bugs fixed in Firefox 65 – CVE-2018-18502
oval:org.secpod.oval:def:50466	CVE-2018-18503	Memory corruption with Audio Buffer – CVE-2018-18503
oval:org.secpod.oval:def:50467	CVE-2018-18504	Memory corruption and out-of-bounds read of texture client buffer – CVE-2018-18504
oval:org.secpod.oval:def:50468	CVE-2018-18505	Privilege escalation through IPC channel messages – CVE-2018-18505
oval:org.secpod.oval:def:50469	CVE-2018-18506	Proxy Auto-Configuration file can define localhost access to be proxied – CVE-2018-18506
oval:org.secpod.oval:def:50472	CVE-2019-6116	CVE-2019-6116 ghostscript: subroutines within pseudo-operators must themselves be pseudo-operators

Share this article