SCAP Feed Release Update: 08-Aug-2014

  • Post author:
  • Reading time:27 mins read

The following SCAP content has been released to SCAP Repo and SecPod ANCOR. SecPod Saner will automatically pull the relevant content on its next scheduled update. This is a list of vulnerabilities detected using a vulnerability management tool.

Also, a patch management solution can help patch these vulnerabilities.

oval:org.secpod.oval:def:20708 CVE-2013-4246, FSFS repository corruption vulnerability in Apache Subversion due to editing packed revision properties
oval:org.secpod.oval:def:20717 CVE-2013-1845, Memory consumption vulnerability in Subversion by (1) setting or (2) deleting a large number of properties for a file or directory
oval:org.secpod.oval:def:20718 CVE-2011-0715, Denial of service vulnerability in Subversion via a request that contains a lock token
oval:org.secpod.oval:def:20719 CVE-2010-4644, Denial of service vulnerability in Subversion via the -g Option to the Blame Command
oval:org.secpod.oval:def:20721 CVE-2010-4539, Denial of service vulnerability in Subversion via vectors that trigger the walking of SVNParentPath collections
oval:org.secpod.oval:def:20722 CVE-2009-2411, Heap based buffer overflow vulnerability in Subversion via a svndiff stream with large windows that trigger a heap-based buffer overflow
oval:org.secpod.oval:def:20720 CVE-2010-3315, Security bypass vulnerability in Subversion via svn commands
oval:org.secpod.oval:def:20709 CVE-2013-4131, Denial of service vulnerability in Apache HTTPD server module in Subversion
oval:org.secpod.oval:def:20710 CVE-2013-2112, Denial of service vulnerability in svnserve server in Subversion
oval:org.secpod.oval:def:20711 CVE-2013-2088, Arbitrary code execution vulnerability in Subversion via shell metacharacters in a filename
oval:org.secpod.oval:def:20712 CVE-2013-1968, FSFS repository corruption vulnerability in Subversion via a newline character in a file name
oval:org.secpod.oval:def:20713 CVE-2013-1884, Denial of service vulnerability in Subversion via a log REPORT request with an invalid limit
oval:org.secpod.oval:def:20714 CVE-2013-1849, Denial of service vulnerability in Subversion via a PROPFIND request for an activity URL
oval:org.secpod.oval:def:20715 CVE-2013-1847, Denial of service vulnerability in Subversion via an anonymous LOCK for a URL that does not exist
oval:org.secpod.oval:def:20716 CVE-2013-1846, Denial of service vulnerability in Subversion via a LOCK on an activity URL
oval:org.secpod.oval:def:20724 CVE-2014-0333, Denial of service vulnerability in VLC Media Player via an IDAT chunk
oval:org.secpod.oval:def:20723 CVE-2014-3466, Buffer overflow vulnerability in the read_server_hello function in VLC Media Player
oval:org.secpod.oval:def:20725 CVE-2013-3565, Memory exhaustion vulnerability in VLC Media Player via crafted playlist files
oval:org.secpod.oval:def:20726 CVE-2008-0073, Arbitrary code execution vulnerability in VLC Media Player via a crafted MP4 file
oval:org.secpod.oval:def:20727 CVE-2008-0225, Heap-based buffer overflow vulnerability in VLC Media Player – CVE-2008-0225
oval:org.secpod.oval:def:20728 CVE-2008-0295, Heap-based buffer overflow vulnerability in VLC Media Player via SDP data
oval:org.secpod.oval:def:20729 CVE-2008-0296, Heap-based buffer overflow vulnerability in VLC Media Player via a long string
oval:org.secpod.oval:def:20730 CVE-2008-1382, Denial of service vulnerability in VLC Media Player via a PNG file
oval:org.secpod.oval:def:20731 CVE-2008-1419, Denial of service vulnerability in VLC Media Player – CVE-2008-1419
oval:org.secpod.oval:def:20732 CVE-2008-1420, Integer overflow vulnerability in VLC Media Player via a crafted OGG file
oval:org.secpod.oval:def:20733 CVE-2008-1423, Integer overflow vulnerability in VLC Media Player via a crafted OGG file
oval:org.secpod.oval:def:20734 CVE-2008-1489, Integer overflow vulnerability in VLC Media Player via a crafted MP4 RDRF box
oval:org.secpod.oval:def:20735 CVE-2008-1768, Multiple integer overflows vulnerability in VLC Media Player via the MP4 demuxer
oval:org.secpod.oval:def:20736 CVE-2008-1769, Denial of service vulnerability in VLC Media Player via a crafted Cinepak file
oval:org.secpod.oval:def:20737 CVE-2008-1881, Stack-based buffer overflow vulnerability in VLC Media Player via a crafted Cinepak file
oval:org.secpod.oval:def:20738 CVE-2008-1948, Buffer overflow vulnerability in VLC Media Player via a zero value length of server names
oval:org.secpod.oval:def:20739 CVE-2008-1949, Buffer overflow vulnerability in VLC Media Player via a TLS message containing multiple Client Hello messages
oval:org.secpod.oval:def:20740 CVE-2008-1950, Integer signedness error vulnerability in VLC Media Player via a certain integer value in the random field
oval:org.secpod.oval:def:20741 CVE-2008-2109, Denial of service vulnerability in VLC Media Player via an ID3_FIELD_TYPE_STRINGLIST field
oval:org.secpod.oval:def:20742 CVE-2008-2147, Untrusted search path vulnerability in VLC Media Player via a malicious library
oval:org.secpod.oval:def:20743 CVE-2008-3964, Buffer overflow vulnerability in VLC Media Player via a PNG image
oval:org.secpod.oval:def:20744 CVE-2008-1806, Integer overflow vulnerability in VLC Media Player via a crafted set of 16-bit length values
oval:org.secpod.oval:def:20745 CVE-2008-1807, Integer overflow vulnerability in VLC Media Player via an invalid &quot
oval:org.secpod.oval:def:20746 CVE-2008-3794, Integer overflow vulnerability in VLC Media Player via a large fmt chunk in a WAV file – CVE-2008-3794
oval:org.secpod.oval:def:20747 CVE-2012-1126, Denial of service vulnerability in VLC Media Player via crafted property data in a BDF font
oval:org.secpod.oval:def:20748 CVE-2012-1127, Denial of service vulnerability in VLC Media Player via crafted glyph
oval:org.secpod.oval:def:20749 CVE-2012-1128, Denial of service vulnerability in VLC Media Player via a crafted TrueType font
oval:org.secpod.oval:def:20750 CVE-2012-1129, Denial of service vulnerability in VLC Media Player via a crafted SFNT string in a Type 42 font
oval:org.secpod.oval:def:20751 CVE-2012-1130, Denial of service vulnerability in VLC Media Player via crafted property data in a PCF font
oval:org.secpod.oval:def:20752 CVE-2012-1131, Denial of service vulnerability in VLC Media Player via vectors related to the cell table of a font
oval:org.secpod.oval:def:20753 CVE-2012-1132, Denial of service vulnerability in VLC Media Player via crafted dictionary data
oval:org.secpod.oval:def:20754 CVE-2012-1133, Denial of service vulnerability in VLC Media Player via crafted glyph or bitmap data
oval:org.secpod.oval:def:20755 CVE-2012-1134, Denial of service vulnerability in VLC Media Player via crafted private-dictionary
oval:org.secpod.oval:def:20756 CVE-2012-1135, Denial of service vulnerability in VLC Media Player via vectors involving the NPUSHB and NPUSHW instructions
oval:org.secpod.oval:def:20757 CVE-2012-1136, Denial of service vulnerability in VLC Media Player via crafted glyph or bitmap data
oval:org.secpod.oval:def:20758 CVE-2012-1137, Denial of service vulnerability in VLC Media Player via a crafted header
oval:org.secpod.oval:def:20759 CVE-2012-1138, Denial of service vulnerability in VLC Media Player via vectors involving the MIRP instruction
oval:org.secpod.oval:def:20760 CVE-2012-1139, Denial of service vulnerability in VLC Media Player via crafted glyph data in a BDF font
oval:org.secpod.oval:def:20761 CVE-2012-1140, Denial of service vulnerability in VLC Media Player via a crafted PostScript font object
oval:org.secpod.oval:def:20762 CVE-2012-1141, Denial of service vulnerability in VLC Media Player via a crafted ASCII string in a BDF font
oval:org.secpod.oval:def:20763 CVE-2012-1142, Denial of service vulnerability in VLC Media Player via crafted glyph-outline data in a font
oval:org.secpod.oval:def:20764 CVE-2012-1143, Denial of service vulnerability in VLC Media Player via a crafted font
oval:org.secpod.oval:def:20765 CVE-2012-1144, Denial of service vulnerability in VLC Media Player via a crafted TrueType font
oval:org.secpod.oval:def:601738 CVE-2014-4607,
DSA-2995-1,
DSA-2995-1 lzo2 — lzo2
oval:org.secpod.oval:def:601739 CVE-2013-1741,
CVE-2013-5606,
CVE-2014-1491,
CVE-2014-1492,
DSA-2994-1,
DSA-2994-1 nss — nss
oval:org.secpod.oval:def:601740 CVE-2014-5117,
DSA-2993-1,
DSA-2993-1 tor — tor
oval:org.secpod.oval:def:601741 CVE-2014-1544,
CVE-2014-1547,
CVE-2014-1555,
CVE-2014-1556,
CVE-2014-1557,
DSA-2996-1,
DSA-2996-1 icedove — icedove
oval:org.secpod.oval:def:702142 CVE-2014-5033,
USN-2304-1,
USN-2304-1 — kde-libs vulnerability
oval:org.secpod.oval:def:702143 USN-2303-1, USN-2303-1 — unity vulnerability
oval:org.secpod.oval:def:702144 CVE-2014-0075,
CVE-2014-0096,
CVE-2014-0099,
USN-2302-1,
USN-2302-1 — tomcat vulnerabilities
oval:org.secpod.oval:def:702145 CVE-2013-4357,
CVE-2013-4458,
CVE-2014-0475,
CVE-2014-4043,
USN-2306-1,
USN-2306-1 — gnu c library vulnerabilities
oval:org.secpod.oval:def:702146 CVE-2014-3560,
USN-2305-1,
USN-2305-1 — samba vulnerability
Share this article