SCAP Feed Release Update: 19-Jan-2015

  • Post author:
  • Reading time:7 mins read

The following SCAP content has been released to SCAP Repo and SecPod ANCOR. SecPod Saner will automatically pull the relevant content on its next scheduled update. This is a list of vulnerabilities detected using a vulnerability management solution.

Also, a patch management tool can patch these vulnerabilities.

oval:org.secpod.oval:def:23116 CVE-2015-0559, Multiple use-after-free vulnerabilities in the WCCP dissector in Wireshark via a crafted packet – CVE-2015-0559
oval:org.secpod.oval:def:23117 CVE-2015-0560, Denial of service vulnerability in the WCCP dissector in Wireshark via a crafted packet – CVE-2015-0560
oval:org.secpod.oval:def:23118 CVE-2015-0561, Denial of service vulnerability in the LPP dissector in Wireshark via a crafted packet – CVE-2015-0561
oval:org.secpod.oval:def:23119 CVE-2015-0562, Multiple use-after-free vulnerabilities in the DEC DNA Routing Protocol dissector in Wireshark via a crafted packet – CVE-2015-0562
oval:org.secpod.oval:def:23120 CVE-2015-0563, Denial of service vulnerability in the SMTP dissector in Wireshark via a crafted packet – CVE-2015-0563
oval:org.secpod.oval:def:23121 CVE-2015-0564, Buffer underflow vulnerability in Wireshark via a crafted packet – CVE-2015-0564
oval:org.secpod.oval:def:23122 CVE-2014-3570, Security bypass vulnerability in BN_sqr implementation in OpenSSL via unspecified vectors
oval:org.secpod.oval:def:23123 CVE-2014-3571, Denial of service vulnerability in OpenSSL via a crafted DTLS message
oval:org.secpod.oval:def:23124 CVE-2014-3572, NULL pointer dereference vulnerability in s3_clnt.c in OpenSSL
oval:org.secpod.oval:def:23125 CVE-2014-8275, Security bypass vulnerability in OpenSSL via a crafted data
oval:org.secpod.oval:def:23126 CVE-2015-0204, Security bypass vulnerability in s3_clnt.c in OpenSSL
oval:org.secpod.oval:def:23127 CVE-2015-0205, Security bypass vulnerability in s3_srvr.c in OpenSSL
oval:org.secpod.oval:def:23128 CVE-2015-0206, Denial of service vulnerability in d1_pkt.c in OpenSSL
oval:org.secpod.oval:def:702349 CVE-2014-9449,
USN-2454-1,		 USN-2454-1 — exiv2 vulnerability
oval:org.secpod.oval:def:702350 CVE-2014-1569,
USN-2452-1,		 USN-2452-1 — nss vulnerability
oval:org.secpod.oval:def:702351 CVE-2014-7844,
USN-2455-1,		 USN-2455-1 — bsd-mailx vulnerability
oval:org.secpod.oval:def:702352 CVE-2014-7209,
USN-2453-1,		 USN-2453-1 — mime-support vulnerability
oval:org.secpod.oval:def:702353 CVE-2010-0624,
CVE-2014-9112,
USN-2456-1,		 USN-2456-1 — gnu cpio vulnerabilities