The following SCAP content has been released to SCAP Repo and SecPod ANCOR. SecPod Saner will automatically pull the relevant content on its next scheduled update. This is a list of vulnerabilities detected using a vulnerability management tool.
Also, a patch management solution can help patch these vulnerabilities.
| oval:org.secpod.oval:def:20708 | CVE-2013-4246, | FSFS repository corruption vulnerability in Apache Subversion due to editing packed revision properties |
| oval:org.secpod.oval:def:20717 | CVE-2013-1845, | Memory consumption vulnerability in Subversion by (1) setting or (2) deleting a large number of properties for a file or directory |
| oval:org.secpod.oval:def:20718 | CVE-2011-0715, | Denial of service vulnerability in Subversion via a request that contains a lock token |
| oval:org.secpod.oval:def:20719 | CVE-2010-4644, | Denial of service vulnerability in Subversion via the -g Option to the Blame Command |
| oval:org.secpod.oval:def:20721 | CVE-2010-4539, | Denial of service vulnerability in Subversion via vectors that trigger the walking of SVNParentPath collections |
| oval:org.secpod.oval:def:20722 | CVE-2009-2411, | Heap based buffer overflow vulnerability in Subversion via a svndiff stream with large windows that trigger a heap-based buffer overflow |
| oval:org.secpod.oval:def:20720 | CVE-2010-3315, | Security bypass vulnerability in Subversion via svn commands |
| oval:org.secpod.oval:def:20709 | CVE-2013-4131, | Denial of service vulnerability in Apache HTTPD server module in Subversion |
| oval:org.secpod.oval:def:20710 | CVE-2013-2112, | Denial of service vulnerability in svnserve server in Subversion |
| oval:org.secpod.oval:def:20711 | CVE-2013-2088, | Arbitrary code execution vulnerability in Subversion via shell metacharacters in a filename |
| oval:org.secpod.oval:def:20712 | CVE-2013-1968, | FSFS repository corruption vulnerability in Subversion via a newline character in a file name |
| oval:org.secpod.oval:def:20713 | CVE-2013-1884, | Denial of service vulnerability in Subversion via a log REPORT request with an invalid limit |
| oval:org.secpod.oval:def:20714 | CVE-2013-1849, | Denial of service vulnerability in Subversion via a PROPFIND request for an activity URL |
| oval:org.secpod.oval:def:20715 | CVE-2013-1847, | Denial of service vulnerability in Subversion via an anonymous LOCK for a URL that does not exist |
| oval:org.secpod.oval:def:20716 | CVE-2013-1846, | Denial of service vulnerability in Subversion via a LOCK on an activity URL |
| oval:org.secpod.oval:def:20724 | CVE-2014-0333, | Denial of service vulnerability in VLC Media Player via an IDAT chunk |
| oval:org.secpod.oval:def:20723 | CVE-2014-3466, | Buffer overflow vulnerability in the read_server_hello function in VLC Media Player |
| oval:org.secpod.oval:def:20725 | CVE-2013-3565, | Memory exhaustion vulnerability in VLC Media Player via crafted playlist files |
| oval:org.secpod.oval:def:20726 | CVE-2008-0073, | Arbitrary code execution vulnerability in VLC Media Player via a crafted MP4 file |
| oval:org.secpod.oval:def:20727 | CVE-2008-0225, | Heap-based buffer overflow vulnerability in VLC Media Player – CVE-2008-0225 |
| oval:org.secpod.oval:def:20728 | CVE-2008-0295, | Heap-based buffer overflow vulnerability in VLC Media Player via SDP data |
| oval:org.secpod.oval:def:20729 | CVE-2008-0296, | Heap-based buffer overflow vulnerability in VLC Media Player via a long string |
| oval:org.secpod.oval:def:20730 | CVE-2008-1382, | Denial of service vulnerability in VLC Media Player via a PNG file |
| oval:org.secpod.oval:def:20731 | CVE-2008-1419, | Denial of service vulnerability in VLC Media Player – CVE-2008-1419 |
| oval:org.secpod.oval:def:20732 | CVE-2008-1420, | Integer overflow vulnerability in VLC Media Player via a crafted OGG file |
| oval:org.secpod.oval:def:20733 | CVE-2008-1423, | Integer overflow vulnerability in VLC Media Player via a crafted OGG file |
| oval:org.secpod.oval:def:20734 | CVE-2008-1489, | Integer overflow vulnerability in VLC Media Player via a crafted MP4 RDRF box |
| oval:org.secpod.oval:def:20735 | CVE-2008-1768, | Multiple integer overflows vulnerability in VLC Media Player via the MP4 demuxer |
| oval:org.secpod.oval:def:20736 | CVE-2008-1769, | Denial of service vulnerability in VLC Media Player via a crafted Cinepak file |
| oval:org.secpod.oval:def:20737 | CVE-2008-1881, | Stack-based buffer overflow vulnerability in VLC Media Player via a crafted Cinepak file |
| oval:org.secpod.oval:def:20738 | CVE-2008-1948, | Buffer overflow vulnerability in VLC Media Player via a zero value length of server names |
| oval:org.secpod.oval:def:20739 | CVE-2008-1949, | Buffer overflow vulnerability in VLC Media Player via a TLS message containing multiple Client Hello messages |
| oval:org.secpod.oval:def:20740 | CVE-2008-1950, | Integer signedness error vulnerability in VLC Media Player via a certain integer value in the random field |
| oval:org.secpod.oval:def:20741 | CVE-2008-2109, | Denial of service vulnerability in VLC Media Player via an ID3_FIELD_TYPE_STRINGLIST field |
| oval:org.secpod.oval:def:20742 | CVE-2008-2147, | Untrusted search path vulnerability in VLC Media Player via a malicious library |
| oval:org.secpod.oval:def:20743 | CVE-2008-3964, | Buffer overflow vulnerability in VLC Media Player via a PNG image |
| oval:org.secpod.oval:def:20744 | CVE-2008-1806, | Integer overflow vulnerability in VLC Media Player via a crafted set of 16-bit length values |
| oval:org.secpod.oval:def:20745 | CVE-2008-1807, | Integer overflow vulnerability in VLC Media Player via an invalid " |
| oval:org.secpod.oval:def:20746 | CVE-2008-3794, | Integer overflow vulnerability in VLC Media Player via a large fmt chunk in a WAV file – CVE-2008-3794 |
| oval:org.secpod.oval:def:20747 | CVE-2012-1126, | Denial of service vulnerability in VLC Media Player via crafted property data in a BDF font |
| oval:org.secpod.oval:def:20748 | CVE-2012-1127, | Denial of service vulnerability in VLC Media Player via crafted glyph |
| oval:org.secpod.oval:def:20749 | CVE-2012-1128, | Denial of service vulnerability in VLC Media Player via a crafted TrueType font |
| oval:org.secpod.oval:def:20750 | CVE-2012-1129, | Denial of service vulnerability in VLC Media Player via a crafted SFNT string in a Type 42 font |
| oval:org.secpod.oval:def:20751 | CVE-2012-1130, | Denial of service vulnerability in VLC Media Player via crafted property data in a PCF font |
| oval:org.secpod.oval:def:20752 | CVE-2012-1131, | Denial of service vulnerability in VLC Media Player via vectors related to the cell table of a font |
| oval:org.secpod.oval:def:20753 | CVE-2012-1132, | Denial of service vulnerability in VLC Media Player via crafted dictionary data |
| oval:org.secpod.oval:def:20754 | CVE-2012-1133, | Denial of service vulnerability in VLC Media Player via crafted glyph or bitmap data |
| oval:org.secpod.oval:def:20755 | CVE-2012-1134, | Denial of service vulnerability in VLC Media Player via crafted private-dictionary |
| oval:org.secpod.oval:def:20756 | CVE-2012-1135, | Denial of service vulnerability in VLC Media Player via vectors involving the NPUSHB and NPUSHW instructions |
| oval:org.secpod.oval:def:20757 | CVE-2012-1136, | Denial of service vulnerability in VLC Media Player via crafted glyph or bitmap data |
| oval:org.secpod.oval:def:20758 | CVE-2012-1137, | Denial of service vulnerability in VLC Media Player via a crafted header |
| oval:org.secpod.oval:def:20759 | CVE-2012-1138, | Denial of service vulnerability in VLC Media Player via vectors involving the MIRP instruction |
| oval:org.secpod.oval:def:20760 | CVE-2012-1139, | Denial of service vulnerability in VLC Media Player via crafted glyph data in a BDF font |
| oval:org.secpod.oval:def:20761 | CVE-2012-1140, | Denial of service vulnerability in VLC Media Player via a crafted PostScript font object |
| oval:org.secpod.oval:def:20762 | CVE-2012-1141, | Denial of service vulnerability in VLC Media Player via a crafted ASCII string in a BDF font |
| oval:org.secpod.oval:def:20763 | CVE-2012-1142, | Denial of service vulnerability in VLC Media Player via crafted glyph-outline data in a font |
| oval:org.secpod.oval:def:20764 | CVE-2012-1143, | Denial of service vulnerability in VLC Media Player via a crafted font |
| oval:org.secpod.oval:def:20765 | CVE-2012-1144, | Denial of service vulnerability in VLC Media Player via a crafted TrueType font |
| oval:org.secpod.oval:def:601738 | CVE-2014-4607, DSA-2995-1, |
DSA-2995-1 lzo2 — lzo2 |
| oval:org.secpod.oval:def:601739 | CVE-2013-1741, CVE-2013-5606, CVE-2014-1491, CVE-2014-1492, DSA-2994-1, |
DSA-2994-1 nss — nss |
| oval:org.secpod.oval:def:601740 | CVE-2014-5117, DSA-2993-1, |
DSA-2993-1 tor — tor |
| oval:org.secpod.oval:def:601741 | CVE-2014-1544, CVE-2014-1547, CVE-2014-1555, CVE-2014-1556, CVE-2014-1557, DSA-2996-1, |
DSA-2996-1 icedove — icedove |
| oval:org.secpod.oval:def:702142 | CVE-2014-5033, USN-2304-1, |
USN-2304-1 — kde-libs vulnerability |
| oval:org.secpod.oval:def:702143 | USN-2303-1, | USN-2303-1 — unity vulnerability |
| oval:org.secpod.oval:def:702144 | CVE-2014-0075, CVE-2014-0096, CVE-2014-0099, USN-2302-1, |
USN-2302-1 — tomcat vulnerabilities |
| oval:org.secpod.oval:def:702145 | CVE-2013-4357, CVE-2013-4458, CVE-2014-0475, CVE-2014-4043, USN-2306-1, |
USN-2306-1 — gnu c library vulnerabilities |
| oval:org.secpod.oval:def:702146 | CVE-2014-3560, USN-2305-1, |
USN-2305-1 — samba vulnerability |