SCAP Feed Release Update: 15-Oct-2014

  • Post author:
  • Reading time:48 mins read

The following SCAP content has been released to SCAP Repo and SecPod ANCOR. SecPod Saner will automatically pull the relevant content on its next scheduled update. This is a list of vulnerabilities detected using a vulnerability management solution.

Also, a patch management tool can patch these vulnerabilities.

oval:org.secpod.oval:def:21367xx CVE-2014-4115, Windows disk partition driver elevation of privilege vulnerability – CVE-2014-4115
oval:org.secpod.oval:def:21366 CVE-2014-4115,
MS14-063,
Vulnerability in FAT32 disk partition driver could allow elevation of privilege – MS14-063
oval:org.secpod.oval:def:21361 CVE-2014-4113, Elevation of privilege vulnerability in Microsoft Windows kernel-mode driver – CVE-2014-4113
oval:org.secpod.oval:def:21362 CVE-2014-4148, Remote code execution vulnerability in Microsoft Windows kernel-mode driver – CVE-2014-4148
oval:org.secpod.oval:def:21363 CVE-2014-4113,
CVE-2014-4148,
MS14-058,
Multiple vulnerabilities in Microsoft Windows kernel-mode driver – MS14-058
oval:org.secpod.oval:def:21364 CVE-2014-4114,
MS14-060,
Remote code execution vulnerability in Microsoft Windows – MS14-060
oval:org.secpod.oval:def:21365 CVE-2014-4114, Remote code execution vulnerability in Microsoft Windows OLE – CVE-2014-4114
oval:org.secpod.oval:def:21359 CVE-2014-4971,
MS14-062,
Elevation of privilege vulnerability in Windows message queuing service – MS14-062
oval:org.secpod.oval:def:21360 CVE-2014-4971, MQAC arbitrary write privilege escalation vulnerability in Windows Server 2003
oval:org.secpod.oval:def:1500734 CVE-2012-1571,
CVE-2013-7345,
CVE-2014-2497,
CVE-2014-3478,
CVE-2014-3538,
CVE-2014-3587,
CVE-2014-3597,
CVE-2014-4049,
CVE-2014-4670,
CVE-2014-4698,
CVE-2014-5120,
ELSA-2014-1327,
ELSA-2014-1327 — Oracle php
oval:org.secpod.oval:def:1500735 CVE-2014-1568,
ELSA-2014-1307,
ELSA-2014-1307 — Oracle nss
oval:org.secpod.oval:def:1500736 CVE-2013-4002,
ELSA-2014-1319,
ELSA-2014-1319 — Oracle xerces-j2
oval:org.secpod.oval:def:1500737 CVE-2012-1571,
CVE-2014-2497,
CVE-2014-3587,
CVE-2014-3597,
CVE-2014-4049,
CVE-2014-4670,
CVE-2014-4698,
ELSA-2014-1326,
ELSA-2014-1326 — Oracle php53
oval:org.secpod.oval:def:1500738 CVE-2014-1568,
ELSA-2014-1307,
ELSA-2014-1307 — Oracle nss_nss-softokn_nss-util
oval:org.secpod.oval:def:1500739 CVE-2013-4002,
ELSA-2014-1319,
ELSA-2014-1319 — Oracle xerces-j2
oval:org.secpod.oval:def:1500740 CVE-2014-1568,
ELSA-2014-1307,
ELSA-2014-1307 — Oracle nss_nss-softokn_nss-util
oval:org.secpod.oval:def:1500741 CVE-2014-7169,
ELSA-2014-1306,
ELSA-2014-1306 — Oracle bash
oval:org.secpod.oval:def:1500742 CVE-2012-1571,
CVE-2014-2497,
CVE-2014-3587,
CVE-2014-3597,
CVE-2014-4049,
CVE-2014-4670,
CVE-2014-4698,
ELSA-2014-1326,
ELSA-2014-1326 — Oracle php
oval:org.secpod.oval:def:1500743 CVE-2014-7169,
ELSA-2014-1306,
ELSA-2014-1306 — Oracle bash
oval:org.secpod.oval:def:1500744 CVE-2014-7169,
ELSA-2014-1306,
ELSA-2014-1306 — Oracle bash
oval:org.secpod.oval:def:1500745 CVE-2014-7169,
ELSA-2014-3079,
ELSA-2014-3079 — Oracle bash
oval:org.secpod.oval:def:1500746 CVE-2014-5033,
ELSA-2014-1359,
ELSA-2014-1359 — Oracle polkit-qt
oval:org.secpod.oval:def:1500747 CVE-2014-3633,
CVE-2014-3657,
ELSA-2014-1352,
ELSA-2014-1352 — Oracle libvirt
oval:org.secpod.oval:def:702234 CVE-2014-0179,
CVE-2014-3633,
CVE-2014-5177,
USN-2366-1,
USN-2366-1 — libvirt vulnerabilities
oval:org.secpod.oval:def:702235 CVE-2014-3181,
CVE-2014-3184,
CVE-2014-3185,
CVE-2014-3186,
CVE-2014-3631,
CVE-2014-6410,
CVE-2014-6416,
CVE-2014-6417,
CVE-2014-6418,
USN-2378-1,
USN-2378-1 — linux-image
oval:org.secpod.oval:def:702236 CVE-2014-3634,
CVE-2014-3683,
USN-2381-1,
USN-2381-1 — rsyslog vulnerabilities
oval:org.secpod.oval:def:702237 CVE-2014-3181,
CVE-2014-3184,
CVE-2014-3185,
CVE-2014-3186,
CVE-2014-3631,
CVE-2014-6410,
CVE-2014-6416,
CVE-2014-6417,
CVE-2014-6418,
USN-2379-1,
USN-2379-1 — linux-image
oval:org.secpod.oval:def:702238 CVE-2014-3184,
CVE-2014-3185,
CVE-2014-6410,
USN-2375-1,
USN-2375-1 — linux-image
oval:org.secpod.oval:def:702239 CVE-2014-6277,
CVE-2014-6278,
USN-2380-1,
USN-2380-1 — bash vulnerabilities
oval:org.secpod.oval:def:702240 CVE-2014-3181,
CVE-2014-3184,
CVE-2014-3185,
CVE-2014-3186,
CVE-2014-6410,
CVE-2014-6416,
CVE-2014-6417,
CVE-2014-6418,
USN-2377-1,
USN-2377-1 — linux-image
oval:org.secpod.oval:def:702241 CVE-2014-7186,
CVE-2014-7187,
USN-2364-1,
USN-2364-1 — bash vulnerabilities
oval:org.secpod.oval:def:702242 CVE-2014-7204,
USN-2371-1,
USN-2371-1 — exuberant ctags vulnerability
oval:org.secpod.oval:def:702243 USN-2367-1, USN-2367-1 — openssl update
oval:org.secpod.oval:def:702244 CVE-2014-3184,
CVE-2014-3185,
CVE-2014-6410,
USN-2374-1,
USN-2374-1 — linux-image
oval:org.secpod.oval:def:702245 CVE-2014-3587,
USN-2369-1,
USN-2369-1 — file vulnerability
oval:org.secpod.oval:def:702246 CVE-2014-7206,
USN-2370-1,
USN-2370-1 — apt vulnerability
oval:org.secpod.oval:def:702247 CVE-2014-3181,
CVE-2014-3184,
CVE-2014-3185,
CVE-2014-3186,
CVE-2014-6410,
CVE-2014-6416,
CVE-2014-6417,
CVE-2014-6418,
USN-2376-1,
USN-2376-1 — linux-image
oval:org.secpod.oval:def:702248 CVE-2014-6051,
CVE-2014-6052,
CVE-2014-6053,
CVE-2014-6054,
CVE-2014-6055,
USN-2365-1,
USN-2365-1 — libvncserver vulnerabilities
oval:org.secpod.oval:def:702249 CVE-2013-2061,
USN-2368-1,
USN-2368-1 — openvpn vulnerability
oval:org.secpod.oval:def:203435 CESA-2014:1327,
CVE-2012-1571,
CVE-2014-2497,
CVE-2014-3478,
CVE-2014-3538,
CVE-2014-3587,
CVE-2014-3597,
CVE-2014-4670,
CVE-2014-4698,
CVE-2014-5120,
CESA-2014:1327 — centos 7 php
oval:org.secpod.oval:def:203436 CESA-2014:1245,
CVE-2013-1418,
CVE-2013-6800,
CVE-2014-4341,
CVE-2014-4344,
CESA-2014:1245 — centos 5 krb5
oval:org.secpod.oval:def:203438 CESA-2014:1243,
CVE-2012-3386,
CESA-2014:1243 — centos 5 automake
oval:org.secpod.oval:def:203439 CESA-2014:1307,
CVE-2014-1568,
CESA-2014:1307 — centos 7 nss,nss-softokn,nss-util
oval:org.secpod.oval:def:203440 CESA-2014:1307,
CVE-2014-1568,
CESA-2014:1307 — centos 6 nss,nss-softokn,nss-util
oval:org.secpod.oval:def:203441 CESA-2014:1244,
CVE-2014-0591,
CESA-2014:1244 — centos 5 bind97
oval:org.secpod.oval:def:203442 CESA-2014:1306,
CVE-2014-6271,
CVE-2014-7169,
CESA-2014:1306 — centos 5 bash
oval:org.secpod.oval:def:203443 CESA-2014:1293,
CVE-2014-6271,
CESA-2014:1293 — centos 5 bash
oval:org.secpod.oval:def:203444 CESA-2014:1319,
CVE-2013-4002,
CESA-2014:1319 — centos 7 xerces-j2
oval:org.secpod.oval:def:203445 CESA-2014:1359,
CVE-2014-5033,
CESA-2014:1359 — centos 7 polkit-qt
oval:org.secpod.oval:def:203446 CESA-2014:1319,
CVE-2013-4002,
CESA-2014:1319 — centos 6 xerces-j2
oval:org.secpod.oval:def:203447 CESA-2014:1246,
CVE-2013-1740,
CVE-2014-1490,
CVE-2014-1491,
CVE-2014-1492,
CVE-2014-1545,
CESA-2014:1246 — centos 5 nss
oval:org.secpod.oval:def:203448 CESA-2014:1194,
CVE-2012-5485,
CVE-2012-5486,
CVE-2012-5488,
CVE-2012-5497,
CVE-2012-5498,
CVE-2012-5499,
CVE-2012-5500,
CVE-2013-6496,
CVE-2014-3521,
CESA-2014:1194 — centos 5 luci and ricci
oval:org.secpod.oval:def:203449 CESA-2014:1307,
CVE-2014-1568,
CESA-2014:1307 — centos 5 nss
oval:org.secpod.oval:def:203450 CESA-2014:1352,
CVE-2014-3633,
CVE-2014-3657,
CESA-2014:1352 — centos 7 libvirt
oval:org.secpod.oval:def:501395 CVE-2014-6271,
CVE-2014-7169,
CVE-2014-7186,
CVE-2014-7187,
RHSA-2014:1311-01,
RHSA-2014:1311-01 — Redhat bash
oval:org.secpod.oval:def:501396 CVE-2012-1571,
CVE-2014-2497,
CVE-2014-3478,
CVE-2014-3538,
CVE-2014-3587,
CVE-2014-3597,
CVE-2014-4670,
CVE-2014-4698,
CVE-2014-5120,
RHSA-2014:1327-01,
RHSA-2014:1327-01 — Redhat php
oval:org.secpod.oval:def:501397 CVE-2014-1568,
RHSA-2014:1371-01,
RHSA-2014:1371-01 — Redhat nss, nss-softokn, nss-util
oval:org.secpod.oval:def:501398 CVE-2014-3633,
CVE-2014-3657,
RHSA-2014:1352-01,
RHSA-2014:1352-01 — Redhat libvirt
oval:org.secpod.oval:def:501399 CVE-2014-5033,
RHSA-2014:1359-01,
RHSA-2014:1359-01 — Redhat polkit-qt
oval:org.secpod.oval:def:501400 CVE-2013-4002,
RHSA-2014:1319-01,
RHSA-2014:1319-01 — Redhat xerces-j2
oval:org.secpod.oval:def:501401 CVE-2012-1571,
CVE-2014-2497,
CVE-2014-3587,
CVE-2014-3597,
CVE-2014-4670,
CVE-2014-4698,
RHSA-2014:1326-01,
RHSA-2014:1326-01 — Redhat php53, php
oval:org.secpod.oval:def:501402 CVE-2014-0240,
CVE-2014-0242,
RHSA-2014:0788-01,
RHSA-2014:0788-01 — Redhat mod_wsgi
oval:org.secpod.oval:def:702232 CVE-2014-7169,
USN-2363-1,
USN-2363-1 — bash vulnerability
oval:org.secpod.oval:def:702233 CVE-2014-7169,
USN-2363-2,
USN-2363-2 — bash vulnerability
oval:org.secpod.oval:def:601786 CVE-2014-1568,
DSA-3034-1,
DSA-3034-1 iceweasel — iceweasel
oval:org.secpod.oval:def:601787 CVE-2014-6271,
CVE-2014-7169,
DSA-3035-1,
DSA-3035-1 bash — bash
oval:org.secpod.oval:def:601788 CVE-2014-7199,
DSA-3036-1,
DSA-3036-1 mediawiki — mediawiki
oval:org.secpod.oval:def:21339 CVE-2014-3188, Arbitrary code execution vulnerability in Google Chrome via vectors involving JSON data (Mac OS X)
oval:org.secpod.oval:def:21348 CVE-2014-3197, Information disclosure vulnerability in Google Chrome via a crafted web site (Mac OS X)
oval:org.secpod.oval:def:21338 CVE-2014-3188,
CVE-2014-3189,
CVE-2014-3190,
CVE-2014-3191,
CVE-2014-3192,
CVE-2014-3193,
CVE-2014-3194,
CVE-2014-3195,
CVE-2014-3196,
CVE-2014-3197,
CVE-2014-3198,
CVE-2014-3199,
CVE-2014-3200,
CVE-2014-7967,
VENDORLINK,
Multiple vulnerabilities in Google Chrome (Mac OS X)
oval:org.secpod.oval:def:21349 CVE-2014-3198, Denial of service vulnerability in Google Chrome via unspecified vectors (Mac OS X)
oval:org.secpod.oval:def:21350 CVE-2014-3199, Denial of service vulnerability in Google Chrome – CVE-2014-3199 (Mac OS X)
oval:org.secpod.oval:def:21351 CVE-2014-3200, Multiple unspecified vulnerabilities in Google Chrome via unknown vectors – CVE-2014-3200 (Mac OS X)
oval:org.secpod.oval:def:21352 CVE-2014-7967, Multiple unspecified vulnerabilities in Google Chrome via unknown vectors – CVE-2014-7967 (Mac OS X)
oval:org.secpod.oval:def:21340 CVE-2014-3189, Denial of service vulnerability in Google Chrome via unknown vectors – CVE-2014-3189 (Mac OS X)
oval:org.secpod.oval:def:21341 CVE-2014-3190, Use-after-free vulnerability in Google Chrome via crafted JavaScript code (Mac OS X)
oval:org.secpod.oval:def:21342 CVE-2014-3191, Use-after-free vulnerability in Blink in Google Chrome via crafted JavaScript code (Mac OS X)
oval:org.secpod.oval:def:21343 CVE-2014-3192, Use-after-free vulnerability in Blink in Google Chrome via unknown vectors (Mac OS X)
oval:org.secpod.oval:def:21344 CVE-2014-3193, Use-after-free vulnerability in Google Chrome via vectors that leverage &quot
oval:org.secpod.oval:def:21345 CVE-2014-3194, Use-after-free vulnerability in Google Chrome via unknown vectors – CVE-2014-3194 (Mac OS X)
oval:org.secpod.oval:def:21346 CVE-2014-3195, Information disclosure vulnerability in Google Chrome via crafted JavaScript code (Mac OS X)
oval:org.secpod.oval:def:21347 CVE-2014-3196, Security bypass vulnerability in Google Chrome via unspecified vectors (Mac OS X)
oval:org.secpod.oval:def:21353 APPLE-SA-2014-09-29-1,
CVE-2014-6271,
CVE-2014-7169,
Arbitrary code execution vulnerability in Apple Mac OS X – APPLE-SA-2014-09-29-1
oval:org.secpod.oval:def:21354 CVE-2014-6271, Arbitrary code execution vulnerability in Apple Mac OS X via a crafted environment
oval:org.secpod.oval:def:21355 CVE-2014-7169, Arbitrary code execution vulnerability in Apple Mac OS X via a crafted environment