SCAP Feed Release : 28-Jun-2019

  • Post author:
  • Reading time:16 mins read

The following SCAP content has been released to SCAP Repo and SecPod Saner Solution. SecPod Saner will automatically pull the relevant content on its next scheduled update.

oval:org.secpod.oval:def:1502554 CVE-2019-11707
CVE-2019-11708
ELSA-2019-1604
ELSA-2019-1604 — Oracle firefox
oval:org.secpod.oval:def:1502555 CVE-2019-11707
CVE-2019-11708
ELSA-2019-1603
ELSA-2019-1603 — Oracle firefox
oval:org.secpod.oval:def:1801469 10314
CVE-2019-10691
[3.8] dovecot: Mishandling invalid UTF-8 characters by JSON encoder leading to possible DoS attack (CVE-2019-10691)
oval:org.secpod.oval:def:1801470 10562
CVE-2019-12735
[3.7] vim: arbitrary command execution in getchar.c (CVE-2019-12735)
oval:org.secpod.oval:def:1801471 10313
CVE-2019-10691
[3.9] dovecot: Mishandling invalid UTF-8 characters by JSON encoder leading to possible DoS attack (CVE-2019-10691)
oval:org.secpod.oval:def:1801472 10387
CVE-2019-11494
CVE-2019-11499
[3.10] dovecot: Multiple vulnerabilities (CVE-2019-11494, CVE-2019-11499)
oval:org.secpod.oval:def:1801474 10361
CVE-2019-7317
[3.10] libpng: use-after-free in png_image_free in png.c (CVE-2019-7317)
oval:org.secpod.oval:def:1801475 10501
CVE-2019-12295
[3.10] wireshark: dissection engine crash (CVE-2019-12295)
oval:org.secpod.oval:def:1801476 10511
CVE-2018-16860
[3.10] heimdal: S4U2Self with unkeyed checksum (CVE-2018-16860)
oval:org.secpod.oval:def:1801477 10568
CVE-2019-12749
[3.10] dbus: DBusServer DBUS_COOKIE_SHA1 authentication bypass (CVE-2019-12749)
oval:org.secpod.oval:def:1801478 10317
CVE-2019-11358
[3.10] drupal7: Cross Site Scripting (CVE-2019-11358)
oval:org.secpod.oval:def:1801479 10312
CVE-2019-10691
[3.10] dovecot: Mishandling invalid UTF-8 characters by JSON encoder leading to possible DoS attack (CVE-2019-10691)
oval:org.secpod.oval:def:1801480 10575
CVE-2019-12450
[3.10] glib: file permission vulnerability (CVE-2019-12450)
oval:org.secpod.oval:def:1801481 10590
CVE-2019-12435
CVE-2019-12436
[3.10] samba: Multiple vulnerabilities (CVE-2019-12435, CVE-2019-12436)
oval:org.secpod.oval:def:1801482 10431
CVE-2018-12558
[3.10] perl-email-address: DOS vulnerability in perl module Email::Address (CVE-2018-12558)
oval:org.secpod.oval:def:1801483 10367
CVE-2018-5743
CVE-2019-6467
[3.10] bind: Multiple vulnerabilities (CVE-2018-5743, CVE-2019-6467)
oval:org.secpod.oval:def:1801484 10409
CVE-2019-11555
[3.10] hostapd: EAP-pwd message reassembly issue with unexpected fragment (CVE-2019-11555)
oval:org.secpod.oval:def:1801485 10277
CVE-2019-11068
[3.10] libxslt: security framework bypass (CVE-2019-11068)
oval:org.secpod.oval:def:1801486 10414
CVE-2019-11555
[3.10] wpa_supplicant: EAP-pwd message reassembly issue with unexpected fragment (CVE-2019-11555)
oval:org.secpod.oval:def:1801487 10558
CVE-2019-12308
[3.10] py-django: AdminURLFieldWidget XSS (CVE-2019-12308)
oval:org.secpod.oval:def:1801488 10561
CVE-2019-12308
[3.7] py-django: AdminURLFieldWidget XSS (CVE-2019-12308)
oval:org.secpod.oval:def:1801489 10559
CVE-2019-12308
[3.9] py-django: AdminURLFieldWidget XSS (CVE-2019-12308)
oval:org.secpod.oval:def:1801490 10560
CVE-2019-12308
[3.8] py-django: AdminURLFieldWidget XSS (CVE-2019-12308)
oval:org.secpod.oval:def:705035 CVE-2017-12805
CVE-2017-12806
CVE-2018-14434
CVE-2018-15607
CVE-2018-16323
CVE-2018-16412
CVE-2018-16413
CVE-2018-16644
CVE-2018-16645
CVE-2018-17965
CVE-2018-17966
CVE-2018-18016
CVE-2018-18023
CVE-2018-18024
CVE-2018-18025
CVE-2018-18544
CVE-2018-20467
CVE-2019-10131
CVE-2019-10649
CVE-2019-10650
CVE-2019-11470
CVE-2019-11472
CVE-2019-11597
CVE-2019-11598
CVE-2019-7175
CVE-2019-7395
CVE-2019-7396
CVE-2019-7397
CVE-2019-7398
CVE-2019-9956
USN-4034-1
USN-4034-1 — imagemagick vulnerabilities
oval:org.secpod.oval:def:705041 CVE-2018-20843
USN-4040-1
USN-4040-1 — expat vulnerability
oval:org.secpod.oval:def:705042 CVE-2016-3189
CVE-2019-12900
USN-4038-1
USN-4038-1 — bzip2 vulnerabilities