SCAP Feed Release: 08-Mar-2016

The following SCAP content has been released to SCAP Repo and SecPod ANCOR. SecPod Saner will automatically pull the relevant content on its next scheduled update.

oval:org.secpod.oval:def:33182 CVE-2016-2842, Denial of service vulnerability in the doapr_outch function in OpenSSL via a long string
oval:org.secpod.oval:def:33183 CVE-2015-8652, Out-of-bounds read vulnerability in Adobe Flash Player or Adobe AIR via crafted MPEG-4 data – CVE-2015-8652
oval:org.secpod.oval:def:33192 CVE-2015-8822, Use-after-free vulnerability in Adobe Flash Player or Adobe AIR via crafted MPEG-4 data – CVE-2015-8822
oval:org.secpod.oval:def:33184 CVE-2015-8653, Use-after-free vulnerability in Adobe Flash Player or Adobe AIR via crafted MPEG-4 data – CVE-2015-8653
oval:org.secpod.oval:def:33185 CVE-2015-8654, Out-of-bounds read vulnerability in Adobe Flash Player or Adobe AIR via crafted MPEG-4 data – CVE-2015-8654
oval:org.secpod.oval:def:33186 CVE-2015-8655, Use-after-free vulnerability in Adobe Flash Player or Adobe AIR via crafted MPEG-4 data – CVE-2015-8655
oval:org.secpod.oval:def:33187 CVE-2015-8656, Out-of-bounds read vulnerability in Adobe Flash Player or Adobe AIR via crafted MPEG-4 data – CVE-2015-8656
oval:org.secpod.oval:def:33188 CVE-2015-8657, Out-of-bounds read vulnerability in Adobe Flash Player or Adobe AIR via crafted MPEG-4 data – CVE-2015-8657
oval:org.secpod.oval:def:33189 CVE-2015-8658, Memory corruption vulnerability in Adobe Flash Player or Adobe AIR via crafted MPEG-4 data – CVE-2015-8658
oval:org.secpod.oval:def:33190 CVE-2015-8820, Memory corruption vulnerability in Adobe Flash Player or Adobe AIR via crafted MPEG-4 data – CVE-2015-8820
oval:org.secpod.oval:def:33191 CVE-2015-8821, Use-after-free vulnerability in Adobe Flash Player or Adobe AIR via crafted MPEG-4 data – CVE-2015-8821
oval:org.secpod.oval:def:33193 CVE-2014-0050, Denial of service vulnerability in Apache Tomcat via a crafted Content-Type header that bypasses a loops intended exit conditions
oval:org.secpod.oval:def:33194 CVE-2008-2938, Directory traversal vulnerability in Apache Tomcat via encoded directory traversal sequences in the URI
oval:org.secpod.oval:def:33211 CVE-2016-1630, Same Origin Policy bypass vulnerability in Google Chrome via a crafted web site – CVE-2016-1630
oval:org.secpod.oval:def:33202 CVE-2016-1639, Use-after-free vulnerability in Google Chrome by leveraging incorrect reliance on the resource context pointer
oval:org.secpod.oval:def:33201 CVE-2016-1640, Unspecified vulnerability in the Web Store inline-installer implementation in Extensions UI in Google Chrome
oval:org.secpod.oval:def:33200 CVE-2016-1641, Use-after-free vulnerability in Google Chrome by triggering an image download
oval:org.secpod.oval:def:33199 CVE-2016-1642, Multiple unspecified vulnerabilities in Google Chrome via unknown vectors – CVE-2016-1642
oval:org.secpod.oval:def:33198 CVE-2016-2844, Denial of service vulnerability in Google Chrome via a crafted JavaScript code
oval:org.secpod.oval:def:33197 CVE-2016-2845, Information disclosure vulnerability in Content Security Policy (CSP) implementationin in Blink in Google Chrome
oval:org.secpod.oval:def:33196 CVE-2015-8126,
CVE-2016-1630,
CVE-2016-1631,
CVE-2016-1632,
CVE-2016-1633,
CVE-2016-1634,
CVE-2016-1635,
CVE-2016-1636,
CVE-2016-1637,
CVE-2016-1638,
CVE-2016-1639,
CVE-2016-1640,
CVE-2016-1641,
CVE-2016-1642,
VENDORLINK,
Multiple vulnerabilities in Google Chrome via crafted data
oval:org.secpod.oval:def:33195 CVE-2016-2843, Multiple unspecified vulnerabilities in Google Chrome via unknown vectors – CVE-2016-2843
oval:org.secpod.oval:def:33210 CVE-2016-1631, Same Origin Policy bypass vulnerability in the Pepper plugin in Google Chrome via a crafted web site
oval:org.secpod.oval:def:33209 CVE-2016-1632, Security bypass vulnerability in Google Chrome via a crafted JavaScript code that triggers an incorrect cast
oval:org.secpod.oval:def:33208 CVE-2016-1633, Use-after-free vulnerability in Blink in Google Chrome via unknown vectors
oval:org.secpod.oval:def:33207 CVE-2016-1634, Use-after-free vulnerability in Blink in Google Chrome via a crafted web site that triggers Cascading Style Sheets (CSS) style invalidation
oval:org.secpod.oval:def:33206 CVE-2016-1635, Use-after-free vulnerability in Blink in Google Chrome via unknown vectors
oval:org.secpod.oval:def:33205 CVE-2016-1636, Subresource Integrity protection bypass vulnerability in Google Chrome by triggering two loads of the same resource
oval:org.secpod.oval:def:33204 CVE-2016-1637, Information disclosure vulnerability in Skia in Google Chrome via a crafted web site
oval:org.secpod.oval:def:33203 CVE-2016-1638, Security bypass vulnerability in Google Chrome via a crafted platform app
oval:org.secpod.oval:def:501774 CVE-2016-0773,
RHSA-2016:0346-01,
RHSA-2016:0346-01 — Redhat postgresql
oval:org.secpod.oval:def:501775 CVE-2016-0773,
RHSA-2016:0347-01,
RHSA-2016:0347-01 — Redhat postgresql
oval:org.secpod.oval:def:703005 CVE-2016-2512,
CVE-2016-2513,
USN-2915-1,
USN-2915-1 — django vulnerabilities
oval:org.secpod.oval:def:703006 CVE-2016-1577,
CVE-2016-2116,
USN-2919-1,
USN-2919-1 — jasper vulnerabilities
oval:org.secpod.oval:def:703007 CVE-2014-9766,
USN-2918-1,
USN-2918-1 — pixman vulnerability
oval:org.secpod.oval:def:703008 CVE-2013-7422,
CVE-2014-4330,
CVE-2016-2381,
USN-2916-1,
USN-2916-1 — perl vulnerabilities

Subscribe For More Posts Like This

Get the latest research, best practices, industry trends and cybersecurity blogs from SecPod security experts

Invalid email address
We promise not to spam you. You can unsubscribe at any time.
0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments