SCAP release October 2014

The following SCAP content has been released to SCAP Repo and SecPod ANCOR. SecPod Saner will automatically pull the relevant content on its next scheduled update. This is a list of vulnerabilities detected using a vulnerability management solution.

Also, a patch management tool can patch these vulnerabilities.

oval:org.secpod.oval:def:21367xx	CVE-2014-4115,	Windows disk partition driver elevation of privilege vulnerability – CVE-2014-4115
oval:org.secpod.oval:def:21366	CVE-2014-4115, MS14-063,	Vulnerability in FAT32 disk partition driver could allow elevation of privilege – MS14-063
oval:org.secpod.oval:def:21361	CVE-2014-4113,	Elevation of privilege vulnerability in Microsoft Windows kernel-mode driver – CVE-2014-4113
oval:org.secpod.oval:def:21362	CVE-2014-4148,	Remote code execution vulnerability in Microsoft Windows kernel-mode driver – CVE-2014-4148
oval:org.secpod.oval:def:21363	CVE-2014-4113, CVE-2014-4148, MS14-058,	Multiple vulnerabilities in Microsoft Windows kernel-mode driver – MS14-058
oval:org.secpod.oval:def:21364	CVE-2014-4114, MS14-060,	Remote code execution vulnerability in Microsoft Windows – MS14-060
oval:org.secpod.oval:def:21365	CVE-2014-4114,	Remote code execution vulnerability in Microsoft Windows OLE – CVE-2014-4114
oval:org.secpod.oval:def:21359	CVE-2014-4971, MS14-062,	Elevation of privilege vulnerability in Windows message queuing service – MS14-062
oval:org.secpod.oval:def:21360	CVE-2014-4971,	MQAC arbitrary write privilege escalation vulnerability in Windows Server 2003
oval:org.secpod.oval:def:1500734	CVE-2012-1571, CVE-2013-7345, CVE-2014-2497, CVE-2014-3478, CVE-2014-3538, CVE-2014-3587, CVE-2014-3597, CVE-2014-4049, CVE-2014-4670, CVE-2014-4698, CVE-2014-5120, ELSA-2014-1327,	ELSA-2014-1327 — Oracle php
oval:org.secpod.oval:def:1500735	CVE-2014-1568, ELSA-2014-1307,	ELSA-2014-1307 — Oracle nss
oval:org.secpod.oval:def:1500736	CVE-2013-4002, ELSA-2014-1319,	ELSA-2014-1319 — Oracle xerces-j2
oval:org.secpod.oval:def:1500737	CVE-2012-1571, CVE-2014-2497, CVE-2014-3587, CVE-2014-3597, CVE-2014-4049, CVE-2014-4670, CVE-2014-4698, ELSA-2014-1326,	ELSA-2014-1326 — Oracle php53
oval:org.secpod.oval:def:1500738	CVE-2014-1568, ELSA-2014-1307,	ELSA-2014-1307 — Oracle nss_nss-softokn_nss-util
oval:org.secpod.oval:def:1500739	CVE-2013-4002, ELSA-2014-1319,	ELSA-2014-1319 — Oracle xerces-j2
oval:org.secpod.oval:def:1500740	CVE-2014-1568, ELSA-2014-1307,	ELSA-2014-1307 — Oracle nss_nss-softokn_nss-util
oval:org.secpod.oval:def:1500741	CVE-2014-7169, ELSA-2014-1306,	ELSA-2014-1306 — Oracle bash
oval:org.secpod.oval:def:1500742	CVE-2012-1571, CVE-2014-2497, CVE-2014-3587, CVE-2014-3597, CVE-2014-4049, CVE-2014-4670, CVE-2014-4698, ELSA-2014-1326,	ELSA-2014-1326 — Oracle php
oval:org.secpod.oval:def:1500743	CVE-2014-7169, ELSA-2014-1306,	ELSA-2014-1306 — Oracle bash
oval:org.secpod.oval:def:1500744	CVE-2014-7169, ELSA-2014-1306,	ELSA-2014-1306 — Oracle bash
oval:org.secpod.oval:def:1500745	CVE-2014-7169, ELSA-2014-3079,	ELSA-2014-3079 — Oracle bash
oval:org.secpod.oval:def:1500746	CVE-2014-5033, ELSA-2014-1359,	ELSA-2014-1359 — Oracle polkit-qt
oval:org.secpod.oval:def:1500747	CVE-2014-3633, CVE-2014-3657, ELSA-2014-1352,	ELSA-2014-1352 — Oracle libvirt
oval:org.secpod.oval:def:702234	CVE-2014-0179, CVE-2014-3633, CVE-2014-5177, USN-2366-1,	USN-2366-1 — libvirt vulnerabilities
oval:org.secpod.oval:def:702235	CVE-2014-3181, CVE-2014-3184, CVE-2014-3185, CVE-2014-3186, CVE-2014-3631, CVE-2014-6410, CVE-2014-6416, CVE-2014-6417, CVE-2014-6418, USN-2378-1,	USN-2378-1 — linux-image
oval:org.secpod.oval:def:702236	CVE-2014-3634, CVE-2014-3683, USN-2381-1,	USN-2381-1 — rsyslog vulnerabilities
oval:org.secpod.oval:def:702237	CVE-2014-3181, CVE-2014-3184, CVE-2014-3185, CVE-2014-3186, CVE-2014-3631, CVE-2014-6410, CVE-2014-6416, CVE-2014-6417, CVE-2014-6418, USN-2379-1,	USN-2379-1 — linux-image
oval:org.secpod.oval:def:702238	CVE-2014-3184, CVE-2014-3185, CVE-2014-6410, USN-2375-1,	USN-2375-1 — linux-image
oval:org.secpod.oval:def:702239	CVE-2014-6277, CVE-2014-6278, USN-2380-1,	USN-2380-1 — bash vulnerabilities
oval:org.secpod.oval:def:702240	CVE-2014-3181, CVE-2014-3184, CVE-2014-3185, CVE-2014-3186, CVE-2014-6410, CVE-2014-6416, CVE-2014-6417, CVE-2014-6418, USN-2377-1,	USN-2377-1 — linux-image
oval:org.secpod.oval:def:702241	CVE-2014-7186, CVE-2014-7187, USN-2364-1,	USN-2364-1 — bash vulnerabilities
oval:org.secpod.oval:def:702242	CVE-2014-7204, USN-2371-1,	USN-2371-1 — exuberant ctags vulnerability
oval:org.secpod.oval:def:702243	USN-2367-1,	USN-2367-1 — openssl update
oval:org.secpod.oval:def:702244	CVE-2014-3184, CVE-2014-3185, CVE-2014-6410, USN-2374-1,	USN-2374-1 — linux-image
oval:org.secpod.oval:def:702245	CVE-2014-3587, USN-2369-1,	USN-2369-1 — file vulnerability
oval:org.secpod.oval:def:702246	CVE-2014-7206, USN-2370-1,	USN-2370-1 — apt vulnerability
oval:org.secpod.oval:def:702247	CVE-2014-3181, CVE-2014-3184, CVE-2014-3185, CVE-2014-3186, CVE-2014-6410, CVE-2014-6416, CVE-2014-6417, CVE-2014-6418, USN-2376-1,	USN-2376-1 — linux-image
oval:org.secpod.oval:def:702248	CVE-2014-6051, CVE-2014-6052, CVE-2014-6053, CVE-2014-6054, CVE-2014-6055, USN-2365-1,	USN-2365-1 — libvncserver vulnerabilities
oval:org.secpod.oval:def:702249	CVE-2013-2061, USN-2368-1,	USN-2368-1 — openvpn vulnerability
oval:org.secpod.oval:def:203435	CESA-2014:1327, CVE-2012-1571, CVE-2014-2497, CVE-2014-3478, CVE-2014-3538, CVE-2014-3587, CVE-2014-3597, CVE-2014-4670, CVE-2014-4698, CVE-2014-5120,	CESA-2014:1327 — centos 7 php
oval:org.secpod.oval:def:203436	CESA-2014:1245, CVE-2013-1418, CVE-2013-6800, CVE-2014-4341, CVE-2014-4344,	CESA-2014:1245 — centos 5 krb5
oval:org.secpod.oval:def:203438	CESA-2014:1243, CVE-2012-3386,	CESA-2014:1243 — centos 5 automake
oval:org.secpod.oval:def:203439	CESA-2014:1307, CVE-2014-1568,	CESA-2014:1307 — centos 7 nss,nss-softokn,nss-util
oval:org.secpod.oval:def:203440	CESA-2014:1307, CVE-2014-1568,	CESA-2014:1307 — centos 6 nss,nss-softokn,nss-util
oval:org.secpod.oval:def:203441	CESA-2014:1244, CVE-2014-0591,	CESA-2014:1244 — centos 5 bind97
oval:org.secpod.oval:def:203442	CESA-2014:1306, CVE-2014-6271, CVE-2014-7169,	CESA-2014:1306 — centos 5 bash
oval:org.secpod.oval:def:203443	CESA-2014:1293, CVE-2014-6271,	CESA-2014:1293 — centos 5 bash
oval:org.secpod.oval:def:203444	CESA-2014:1319, CVE-2013-4002,	CESA-2014:1319 — centos 7 xerces-j2
oval:org.secpod.oval:def:203445	CESA-2014:1359, CVE-2014-5033,	CESA-2014:1359 — centos 7 polkit-qt
oval:org.secpod.oval:def:203446	CESA-2014:1319, CVE-2013-4002,	CESA-2014:1319 — centos 6 xerces-j2
oval:org.secpod.oval:def:203447	CESA-2014:1246, CVE-2013-1740, CVE-2014-1490, CVE-2014-1491, CVE-2014-1492, CVE-2014-1545,	CESA-2014:1246 — centos 5 nss
oval:org.secpod.oval:def:203448	CESA-2014:1194, CVE-2012-5485, CVE-2012-5486, CVE-2012-5488, CVE-2012-5497, CVE-2012-5498, CVE-2012-5499, CVE-2012-5500, CVE-2013-6496, CVE-2014-3521,	CESA-2014:1194 — centos 5 luci and ricci
oval:org.secpod.oval:def:203449	CESA-2014:1307, CVE-2014-1568,	CESA-2014:1307 — centos 5 nss
oval:org.secpod.oval:def:203450	CESA-2014:1352, CVE-2014-3633, CVE-2014-3657,	CESA-2014:1352 — centos 7 libvirt
oval:org.secpod.oval:def:501395	CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, RHSA-2014:1311-01,	RHSA-2014:1311-01 — Redhat bash
oval:org.secpod.oval:def:501396	CVE-2012-1571, CVE-2014-2497, CVE-2014-3478, CVE-2014-3538, CVE-2014-3587, CVE-2014-3597, CVE-2014-4670, CVE-2014-4698, CVE-2014-5120, RHSA-2014:1327-01,	RHSA-2014:1327-01 — Redhat php
oval:org.secpod.oval:def:501397	CVE-2014-1568, RHSA-2014:1371-01,	RHSA-2014:1371-01 — Redhat nss, nss-softokn, nss-util
oval:org.secpod.oval:def:501398	CVE-2014-3633, CVE-2014-3657, RHSA-2014:1352-01,	RHSA-2014:1352-01 — Redhat libvirt
oval:org.secpod.oval:def:501399	CVE-2014-5033, RHSA-2014:1359-01,	RHSA-2014:1359-01 — Redhat polkit-qt
oval:org.secpod.oval:def:501400	CVE-2013-4002, RHSA-2014:1319-01,	RHSA-2014:1319-01 — Redhat xerces-j2
oval:org.secpod.oval:def:501401	CVE-2012-1571, CVE-2014-2497, CVE-2014-3587, CVE-2014-3597, CVE-2014-4670, CVE-2014-4698, RHSA-2014:1326-01,	RHSA-2014:1326-01 — Redhat php53, php
oval:org.secpod.oval:def:501402	CVE-2014-0240, CVE-2014-0242, RHSA-2014:0788-01,	RHSA-2014:0788-01 — Redhat mod_wsgi
oval:org.secpod.oval:def:702232	CVE-2014-7169, USN-2363-1,	USN-2363-1 — bash vulnerability
oval:org.secpod.oval:def:702233	CVE-2014-7169, USN-2363-2,	USN-2363-2 — bash vulnerability
oval:org.secpod.oval:def:601786	CVE-2014-1568, DSA-3034-1,	DSA-3034-1 iceweasel — iceweasel
oval:org.secpod.oval:def:601787	CVE-2014-6271, CVE-2014-7169, DSA-3035-1,	DSA-3035-1 bash — bash
oval:org.secpod.oval:def:601788	CVE-2014-7199, DSA-3036-1,	DSA-3036-1 mediawiki — mediawiki
oval:org.secpod.oval:def:21339	CVE-2014-3188,	Arbitrary code execution vulnerability in Google Chrome via vectors involving JSON data (Mac OS X)
oval:org.secpod.oval:def:21348	CVE-2014-3197,	Information disclosure vulnerability in Google Chrome via a crafted web site (Mac OS X)
oval:org.secpod.oval:def:21338	CVE-2014-3188, CVE-2014-3189, CVE-2014-3190, CVE-2014-3191, CVE-2014-3192, CVE-2014-3193, CVE-2014-3194, CVE-2014-3195, CVE-2014-3196, CVE-2014-3197, CVE-2014-3198, CVE-2014-3199, CVE-2014-3200, CVE-2014-7967, VENDORLINK,	Multiple vulnerabilities in Google Chrome (Mac OS X)
oval:org.secpod.oval:def:21349	CVE-2014-3198,	Denial of service vulnerability in Google Chrome via unspecified vectors (Mac OS X)
oval:org.secpod.oval:def:21350	CVE-2014-3199,	Denial of service vulnerability in Google Chrome – CVE-2014-3199 (Mac OS X)
oval:org.secpod.oval:def:21351	CVE-2014-3200,	Multiple unspecified vulnerabilities in Google Chrome via unknown vectors – CVE-2014-3200 (Mac OS X)
oval:org.secpod.oval:def:21352	CVE-2014-7967,	Multiple unspecified vulnerabilities in Google Chrome via unknown vectors – CVE-2014-7967 (Mac OS X)
oval:org.secpod.oval:def:21340	CVE-2014-3189,	Denial of service vulnerability in Google Chrome via unknown vectors – CVE-2014-3189 (Mac OS X)
oval:org.secpod.oval:def:21341	CVE-2014-3190,	Use-after-free vulnerability in Google Chrome via crafted JavaScript code (Mac OS X)
oval:org.secpod.oval:def:21342	CVE-2014-3191,	Use-after-free vulnerability in Blink in Google Chrome via crafted JavaScript code (Mac OS X)
oval:org.secpod.oval:def:21343	CVE-2014-3192,	Use-after-free vulnerability in Blink in Google Chrome via unknown vectors (Mac OS X)
oval:org.secpod.oval:def:21344	CVE-2014-3193,	Use-after-free vulnerability in Google Chrome via vectors that leverage &quot
oval:org.secpod.oval:def:21345	CVE-2014-3194,	Use-after-free vulnerability in Google Chrome via unknown vectors – CVE-2014-3194 (Mac OS X)
oval:org.secpod.oval:def:21346	CVE-2014-3195,	Information disclosure vulnerability in Google Chrome via crafted JavaScript code (Mac OS X)
oval:org.secpod.oval:def:21347	CVE-2014-3196,	Security bypass vulnerability in Google Chrome via unspecified vectors (Mac OS X)
oval:org.secpod.oval:def:21353	APPLE-SA-2014-09-29-1, CVE-2014-6271, CVE-2014-7169,	Arbitrary code execution vulnerability in Apple Mac OS X – APPLE-SA-2014-09-29-1
oval:org.secpod.oval:def:21354	CVE-2014-6271,	Arbitrary code execution vulnerability in Apple Mac OS X via a crafted environment
oval:org.secpod.oval:def:21355	CVE-2014-7169,	Arbitrary code execution vulnerability in Apple Mac OS X via a crafted environment

Share this article