The remote VMware ESX / ESXi host is missing a security-related patch.
It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several components and third-party libraries :

  - Authentication Service
  - bind
  - libxml2
  - libxslt

The remote Solaris system is missing necessary patches to address security updates :

  - The xsltGenerateIdFunction function in functions.c in     libxslt 1.1.26 and earlier, as used in Google Chrome     before 10.0.648.127 and other products, allows remote     attackers to obtain potentially sensitive information     about heap memory addresses via an XML document     containing a call to the XSLT generate-id XPath     function. (CVE-2011-1202)

  - The XSL implementation in Google Chrome before     20.0.1132.43 allows remote attackers to cause a denial     of service (incorrect read operation) via unspecified     vectors. (CVE-2012-2825)

  - libxslt 1.1.26 and earlier, as used in Google Chrome     before 21.0.1180.89, does not properly manage memory,     which might allow remote attackers to cause a denial of     service (application crash) via a crafted XSLT     expression that is not properly identified during XPath     navigation, related to (1) the     xsltCompileLocationPathPattern function in     libxslt/pattern.c and (2) the xsltGenerateIdFunction     function in libxslt/functions.c. (CVE-2012-2870)

  - libxml2 2.9.0-rc1 and earlier, as used in Google Chrome     before 21.0.1180.89, does not properly support a cast of     an unspecified variable during handling of XSL     transforms, which allows remote attackers to cause a     denial of service or possibly have unknown other impact     via a crafted document, related to the _xmlNs data     structure in include/libxml/tree.h. (CVE-2012-2871)

  - Double free vulnerability in libxslt, as used in Google     Chrome before 22.0.1229.79, allows remote attackers to     cause a denial of service or possibly have unspecified     other impact via vectors related to XSL transforms.
    (CVE-2012-2893)

Changes in libxslt, libxslt-python :

  - fixing an incorrect read operation in the XSL     implementation (CVE-2012-2825, bnc#769182) that could     cause a DoS condition

- Update Chromium to 22.0.1190

  - Security Fixes (bnc#769181) :

  - CVE-2012-2815: Leak of iframe fragment id

  - CVE-2012-2816: Prevent sandboxed processes interfering     with each other

  - CVE-2012-2817: Use-after-free in table section handling

  - CVE-2012-2818: Use-after-free in counter layout

  - CVE-2012-2819: Crash in texture handling

  - CVE-2012-2820: Out-of-bounds read in SVG filter handling

  - CVE-2012-2821: Autofill display problem

  - CVE-2012-2823: Use-after-free in SVG resource handling

  - CVE-2012-2826: Out-of-bounds read in texture conversion

  - CVE-2012-2829: Use-after-free in first-letter handling

  - CVE-2012-2830: Wild pointer in array value setting

  - CVE-2012-2831: Use-after-free in SVG reference handling

  - CVE-2012-2834: Integer overflow in Matroska container

  - CVE-2012-2825: Wild read in XSL handling

  - CVE-2012-2807: Integer overflows in libxml

  - Fix update-alternatives within the spec-file

  - Update v8 to 3.12.5.0

  - Fixed Chromium issues: 115100, 129628, 131994, 132727,     132741, 132742, 133211

  - Fixed V8 issues: 915, 1914, 2034, 2087, 2094, 2134,     2156, 2166, 2172, 2177, 2179, 2185

  - Added --extra-code flag to mksnapshot to load JS code     into the VM before creating the snapshot.

  - Support 'restart call frame' command in the debugger.

  - Fixed lazy sweeping heuristics to prevent old-space     expansion. (issue 2194)

  - Fixed sharing of literal boilerplates for optimized     code. (issue 2193)

  - Removed -fomit-frame-pointer flag from Release builds to     make the stack walkable by TCMalloc (Chromium issue     133723).

  - Expose more detailed memory statistics (issue 2201).

  - Fixed Harmony Maps and WeakMaps for undefined values     (Chromium issue 132744).

  - Update v8 to 3.11.10.6

  - Implemented heap profiler memory usage reporting.

  - Preserved error message during finally block in     try..finally. (Chromium issue 129171)

  - Fixed EnsureCanContainElements to properly handle double     values. (issue 2170)

  - Improved heuristics to keep objects in fast mode with     inherited constructors.

  - Performance and stability improvements on all platforms.

  - Implemented ES5-conformant semantics for inherited     setters and read-only properties. Currently behind
    --es5_readonly flag, because it breaks WebKit bindings.

  - Exposed last seen heap object id via v8 public api.

  - Update v8 to 3.11.8.0

  - Avoid overdeep recursion in regexp where a guarded     expression with a minimum repetition count is inside     another quantifier. (Chromium issue 129926)

  - Fixed missing write barrier in store field stub. (issues     2143, 1465, Chromium issue 129355)

  - Proxies: Fixed receiver for setters inherited from     proxies.

  - Proxies: Fixed ToStringArray function so that it does     not reject some keys. (issue 1543)

  - Update v8 to 3.11.7.0

  - Get better function names in stack traces.

  - Fixed RegExp.prototype.toString for incompatible     receivers (issue 1981).

  - Some cleanup to common.gypi. This fixes some host/target     combinations that weren't working in the Make build on     Mac.

  - Handle EINTR in socket functions and continue incomplete     sends. (issue 2098)

  - Fixed python deprecations. (issue 1391)

  - Made socket send and receive more robust and return 0 on     failure. (Chromium issue 15719)

  - Fixed GCC 4.7 (C++11) compilation. (issue 2136)

  - Set '-m32' option for host and target platforms

  - Performance and stability improvements on all platforms.

The version of Apple iTunes on the remote host is prior to version 11.1.4. It is, therefore, affected by multiple vulnerabilities :

  - The included versions of the WebKit, libxml, and libxslt     components in iTunes contain several errors that can     lead to memory corruption and arbitrary code execution.
    The vendor states that one possible vector is a man-in-     the-middle attack while the application browses the     'iTunes Store'. Please note that these vulnerabilities     only affect the application when it is running on a     Windows host. (CVE-2011-3102, CVE-2012-0841,     CVE-2012-2807, CVE-2012-2825, CVE-2012-2870,     CVE-2012-2871, CVE-2012-5134, CVE-2013-1037,     CVE-2013-1038, CVE-2013-1039, CVE-2013-1040,     CVE-2013-1041, CVE-2013-1042, CVE-2013-1043,     CVE-2013-1044, CVE-2013-1045, CVE-2013-1046,     CVE-2013-1047, CVE-2013-2842, CVE-2013-5125,     CVE-2013-5126, CVE-2013-5127, CVE-2013-5128)

  - An uninitialized memory access error exists in the     handling of text tracks. By using a specially crafted     movie file, a remote attacker can exploit this to cause     a denial of service or execute arbitrary code.
    (CVE-2013-1024)

  - An error exists related to the iTunes Tutorials window     that can allow an attacker in a privileged network     location to inject content. Note that this vulnerability     only affects the application installed on a Mac OS X     host. (CVE-2014-1242)

The version of Apple iTunes installed on the remote Windows host is older than 11.1.4. It is, therefore, potentially affected by several issues :

  - The included versions of WebKit, libxml, and libxslt     contain several errors that could lead to memory     corruption and possibly arbitrary code execution. The     vendor notes that one possible attack vector is a     man-in-the-middle attack while the application browses     the 'iTunes Store'. (CVE-2011-3102, CVE-2012-0841,     CVE-2012-2807, CVE-2012-2825, CVE-2012-2870,     CVE-2012-2871, CVE-2012-5134, CVE-2013-1037,     CVE-2013-1038, CVE-2013-1039, CVE-2013-1040,     CVE-2013-1041, CVE-2013-1042, CVE-2013-1043,     CVE-2013-1044, CVE-2013-1045, CVE-2013-1046,     CVE-2013-1047, CVE-2013-2842, CVE-2013-5125,     CVE-2013-5126, CVE-2013-5127, CVE-2013-5128)

  - An error exists related to text tracks in movie files     that could allow denial of service or arbitrary code     execution. (CVE-2013-1024)

  - An error exists related to the iTunes Tutorials window     that could allow an attacker in a privileged network     location to inject content. (CVE-2014-1242)

The remote VMware ESXi 5.1 host is affected by the following security vulnerabilities :

  - An integer overflow condition exists in the glibc     library in the __tzfile_read() function that allows a     denial of service or arbitrary code execution.
    (CVE-2009-5029)

  - An error exists in the glibc library related to modified     loaders and 'LD_TRACE_LOADED_OBJECTS' checks that allow     arbitrary code execution. This issue is disputed by the     creators of glibc. (CVE-2009-5064)

  - An integer signedness error exists in the     elf_get_dynamic_info() function in elf/dynamic-link.h     that allows arbitrary code execution. (CVE-2010-0830)

  - An error exists in the glibc library in the addmntent()     function that allows a corruption of the '/etc/mtab'     file. (CVE-2011-1089)

  - An error exists in the libxslt library in the     xsltGenerateIdFunction() function that allows the     disclosure of sensitive information. (CVE-2011-1202)

  - An off-by-one overflow condition exists in the     xmlXPtrEvalXPtrPart() function due to improper     validation of user-supplied input. An unauthenticated,     remote attacker can exploit this, via a specially     crafted XML file, to cause a denial of service condition     or the execution of arbitrary code. (CVE-2011-3102)

  - An out-of-bounds read error exists in the libxslt     library in the xsltCompilePatternInternal() function     that allows a denial of service. (CVE-2011-3970)

  - An error exists in the glibc library in the svc_run()     function that allows a denial of service.
    (CVE-2011-4609)

  - An overflow error exists in the glibc library in the     printf() function related to 'nargs' parsing that allows     arbitrary code execution. (CVE-2012-0864)

  - Multiple integer overflow conditions exist due to     improper validation of user-supplied input when handling     overly long strings. An unauthenticated, remote     attacker can exploit this, via a specially crafted XML     file, to cause a denial of service condition or the     execution of arbitrary code. (CVE-2012-2807)

  - Multiple type-confusion errors exist in the     'IS_XSLT_ELEM' macro and the xsltApplyTemplates()     function that allow a denial of service or the     disclosure of sensitive information. (CVE-2012-2825,     CVE-2012-2871)

  - A use-after-free error exists in the libxslt library in     the xsltGenerateIdFunction() function that allows a     denial of service or arbitrary code execution.
    (CVE-2012-2870)

  - Multiple format string error exist in glibc that allow     arbitrary code execution. (CVE-2012-3404, CVE-2012-3405,     CVE-2012-3406)

  - Multiple overflow errors exist in the glibc functions     strtod(), strtof(), strtold(), and strtod_l() that allow     arbitrary code execution. (CVE-2012-3480)

  - A heap-based underflow condition exists in the bundled     libxml2 library due to incorrect parsing of strings not     containing an expected space. A remote attacker can     exploit this, via a specially crafted XML document, to     cause a denial of service condition or the execution of     arbitrary code. (CVE-2012-5134)

  - An arbitrary file modification vulnerability due to     improper handling of certain Virtual Machine file     descriptors. A local attacker can exploit this to read     or modify arbitrary files. (CVE-2013-5973)

libxslt received a security update to fix a security issue :

  - The XSL implementation in libxslt allowed remote     attackers to cause a denial of service (crash) via an     invalid DTD. (addendum due to incomplete fix for     CVE-2012-2825). (CVE-2013-4520)

The version of Apple iTunes on the remote host is prior to version 11.1.2. It is, therefore, affected by multiple vulnerabilities :

  - An uninitialized memory access error exists in the     handling of text tracks. By using a specially crafted     movie file, a remote attacker can exploit this to cause     a denial of service or execute arbitrary code.
    (CVE-2013-1024)

  - The included versions of the WebKit, libxml, and libxslt     components in iTunes contain several errors that can     lead to memory corruption and arbitrary code execution.
    The vendor states that one possible vector is a man-in-     the-middle attack while the application browses the     'iTunes Store'.
    (CVE-2011-3102, CVE-2012-0841, CVE-2012-2807,     CVE-2012-2825, CVE-2012-2870, CVE-2012-2871,     CVE-2012-5134, CVE-2013-1037, CVE-2013-1038,     CVE-2013-1039, CVE-2013-1040, CVE-2013-1041,     CVE-2013-1042, CVE-2013-1043, CVE-2013-1044,     CVE-2013-1045, CVE-2013-1046, CVE-2013-1047,     CVE-2013-2842, CVE-2013-5125, CVE-2013-5126,     CVE-2013-5127, CVE-2013-5128)

The version of Apple iTunes installed on the remote Windows host is older than 11.1.2. It is, therefore, potentially affected by several issues :

  - An uninitialized memory access issue exists in the     handling of text tracks, which could lead to memory     corruption and possibly arbitrary code execution.
    (CVE-2013-1024)

  - The included versions of WebKit, libxml, and libxslt     contain several errors that could lead to memory     corruption and possibly arbitrary code execution. The     vendor notes that one possible attack vector is a     man-in-the-middle attack while the application browses     the 'iTunes Store'.
    (CVE-2011-3102, CVE-2012-0841, CVE-2012-2807,     CVE-2012-2825, CVE-2012-2870, CVE-2012-2871,     CVE-2012-5134, CVE-2013-1037, CVE-2013-1038,     CVE-2013-1039, CVE-2013-1040, CVE-2013-1041,     CVE-2013-1042, CVE-2013-1043, CVE-2013-1044,     CVE-2013-1045, CVE-2013-1046, CVE-2013-1047,     CVE-2013-2842, CVE-2013-5125, CVE-2013-5126,     CVE-2013-5127, CVE-2013-5128)

According to its banner, the remote Apple TV 2nd generation or later device is prior to 6.0.  It is, therefore, reportedly affected by multiple vulnerabilities, the most serious issues of which could result in arbitrary code execution.

The mobile device is running a version of iOS that is older than version 7.  This version contains security-related fixes for the following components :

  - Certificate Trust Policy
  - CoreGraphics
  - CoreMedia
  - Data Protection
  - Data Security
  - dyld
  - File Systems
  - ImageIO
  - IOKit
  - IOKitUser
  - IOSerialFamily
  - IPSec
  - Kernel
  - Kext Management
  - libxml
  - libxslt
  - Passcode Lock
  - Personal Hotspot
  - Push Notifications
  - Safari
  - Sandbox
  - Social
  - Springboard
  - Telephony
  - Twitter
  - WebKit

A heap-based buffer overflow flaw was found in the way libxslt applied templates to nodes selected by certain namespaces. An attacker could use this flaw to create a malicious XSL file that, when used by an application linked against libxslt to perform an XSL transformation, could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application.
(CVE-2012-2871)

Several denial of service flaws were found in libxslt. An attacker could use these flaws to create a malicious XSL file that, when used by an application linked against libxslt to perform an XSL transformation, could cause the application to crash. (CVE-2012-2825 , CVE-2012-2870 , CVE-2011-3970)

An information leak could occur if an application using libxslt processed an untrusted XPath expression, or used a malicious XSL file to perform an XSL transformation. If combined with other flaws, this leak could possibly help an attacker bypass intended memory corruption protections. (CVE-2011-1202)

From Red Hat Security Advisory 2012:1265 :

Updated libxslt packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6.

The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

libxslt is a library for transforming XML files into other textual formats (including HTML, plain text, and other XML representations of the underlying data) using the standard XSLT stylesheet transformation mechanism.

A heap-based buffer overflow flaw was found in the way libxslt applied templates to nodes selected by certain namespaces. An attacker could use this flaw to create a malicious XSL file that, when used by an application linked against libxslt to perform an XSL transformation, could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application.
(CVE-2012-2871)

Several denial of service flaws were found in libxslt. An attacker could use these flaws to create a malicious XSL file that, when used by an application linked against libxslt to perform an XSL transformation, could cause the application to crash. (CVE-2012-2825, CVE-2012-2870, CVE-2011-3970)

An information leak could occur if an application using libxslt processed an untrusted XPath expression, or used a malicious XSL file to perform an XSL transformation. If combined with other flaws, this leak could possibly help an attacker bypass intended memory corruption protections. (CVE-2011-1202)

All libxslt users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. All running applications linked against libxslt must be restarted for this update to take effect.

A vulnerability has been discovered and corrected in libxslt :

The XSL implementation in libxslt allows remote attackers to cause a denial of service (incorrect read operation) via unspecified vectors (CVE-2012-2825).

libxslt 1.1.26 and earlier does not properly manage memory, which might allow remote attackers to cause a denial of service (application crash) via a crafted XSLT expression that is not properly identified during XPath navigation, related to (1) the xsltCompileLocationPathPattern function in libxslt/pattern.c and (2) the xsltGenerateIdFunction function in libxslt/functions.c (CVE-2012-2870).

libxml2 2.9.0-rc1 and earlier does not properly support a cast of an unspecified variable during handling of XSL transforms, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document, related to the _xmlNs data structure in include/libxml/tree.h (CVE-2012-2871).

Double free vulnerability in libxslt allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XSL transforms (CVE-2012-2893).

The updated packages have been patched to correct these issues.

a. VMware vSphere client-side authentication memory corruption    vulnerability

   VMware vCenter Server, vSphere Client, and ESX contain a    vulnerability in the handling of the management authentication    protocol. To exploit this vulnerability, an attacker must    convince either vCenter Server, vSphere Client or ESX to    interact with a malicious server as a client. Exploitation of    the issue may lead to code execution on the client system.
        To reduce the likelihood of exploitation, vSphere components    should be deployed on an isolated management network.
        The Common Vulnerabilities and Exposures Project (cve.mitre.org)    has assigned the name CVE-2013-1405 to this issue.

b. Update to ESX/ESXi libxml2 userworld and service console

   The ESX/ESXi userworld libxml2 library has been updated to    resolve multiple security issues. Also, the ESX service console    libxml2 packages are updated to the following versions :

     libxml2-2.6.26-2.1.15.el5_8.5      libxml2-python-2.6.26-2.1.15.el5_8.5

   These updates fix multiple security issues. The Common    Vulnerabilities and Exposures project (cve.mitre.org) has    assigned the names CVE-2011-3102 and CVE-2012-2807 to these    issues.

c. Update to ESX service console bind packages

   The ESX service console bind packages are updated to the    following versions :

     bind-libs-9.3.6-20.P1.el5_8.2      bind-utils-9.3.6-20.P1.el5_8.2

   These updates fix a security issue. The Common Vulnerabilities    and Exposures project (cve.mitre.org) has assigned the name    CVE-2012-4244 to this issue.

d. Update to ESX service console libxslt package

   The ESX service console libxslt package is updated to version    libxslt-1.1.17-4.el5_8.3 to resolve multiple security issues.

   The Common Vulnerabilities and Exposures project (cve.mitre.org)    has assigned the names CVE-2011-1202, CVE-2011-3970,    CVE-2012-2825, CVE-2012-2870, and CVE-2012-2871 to these issues.

Versions of iTunes earlier than 11.1.4 are reportedly affected by the following vulnerabilities:

  - An uninitialized memory access issue in the handling of text tracks could be leveraged for arbitrary code execution via a malicious movie file.

  - Multiple memory corruption issues exist in WebKit, which can be leveraged for arbitrary code execution via a man-in-the-middle attack.

  - Multiple memory corruption issues exist in the libxml library, which could be leveraged to execute arbitrary code via a man-in-the-middle attack; this library has since been updated.

  - Multiple memory corruption issues exist in the libxslt library, which could be leveraged to execute arbitrary code via a man-in-the-middle attack; this library has since been updated.

The following issue has been fixed :

  - Specially crafted XSL documents could have crashed     libxslt (CVE-2012-2825)

Fix a default namespace regression in 1.1.27 Upstream new release also including a number of security fixes

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Chris Evans discovered that libxslt incorrectly handled generate-id XPath functions. If a user or automated system were tricked into processing a specially crafted XSLT document, a remote attacker could obtain potentially sensitive information. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS and Ubuntu 11.04. (CVE-2011-1202)

It was discovered that libxslt incorrectly parsed certain patterns. If a user or automated system were tricked into processing a specially crafted XSLT document, a remote attacker could cause libxslt to crash, causing a denial of service. (CVE-2011-3970)

Nicholas Gregoire discovered that libxslt incorrectly handled unexpected DTD nodes. If a user or automated system were tricked into processing a specially crafted XSLT document, a remote attacker could cause libxslt to crash, causing a denial of service. (CVE-2012-2825)

Nicholas Gregoire discovered that libxslt incorrectly managed memory.
If a user or automated system were tricked into processing a specially crafted XSLT document, a remote attacker could cause libxslt to crash, causing a denial of service. (CVE-2012-2870)

Nicholas Gregoire discovered that libxslt incorrectly handled certain transforms. If a user or automated system were tricked into processing a specially crafted XSLT document, a remote attacker could cause libxslt to crash, causing a denial of service, or possibly execute arbitrary code. (CVE-2012-2871)

Cris Neckar discovered that libxslt incorrectly managed memory. If a user or automated system were tricked into processing a specially crafted XSLT document, a remote attacker could cause libxslt to crash, causing a denial of service, or possibly execute arbitrary code.
(CVE-2012-2893).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Lot of security fixes and a few other bugs

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

A heap-based buffer overflow flaw was found in the way libxslt applied templates to nodes selected by certain namespaces. An attacker could use this flaw to create a malicious XSL file that, when used by an application linked against libxslt to perform an XSL transformation, could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application.
(CVE-2012-2871)

Several denial of service flaws were found in libxslt. An attacker could use these flaws to create a malicious XSL file that, when used by an application linked against libxslt to perform an XSL transformation, could cause the application to crash. (CVE-2012-2825, CVE-2012-2870, CVE-2011-3970)

An information leak could occur if an application using libxslt processed an untrusted XPath expression, or used a malicious XSL file to perform an XSL transformation. If combined with other flaws, this leak could possibly help an attacker bypass intended memory corruption protections. (CVE-2011-1202)

All running applications linked against libxslt must be restarted for this update to take effect.

Updated libxslt packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6.

The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

libxslt is a library for transforming XML files into other textual formats (including HTML, plain text, and other XML representations of the underlying data) using the standard XSLT stylesheet transformation mechanism.

A heap-based buffer overflow flaw was found in the way libxslt applied templates to nodes selected by certain namespaces. An attacker could use this flaw to create a malicious XSL file that, when used by an application linked against libxslt to perform an XSL transformation, could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application.
(CVE-2012-2871)

Several denial of service flaws were found in libxslt. An attacker could use these flaws to create a malicious XSL file that, when used by an application linked against libxslt to perform an XSL transformation, could cause the application to crash. (CVE-2012-2825, CVE-2012-2870, CVE-2011-3970)

An information leak could occur if an application using libxslt processed an untrusted XPath expression, or used a malicious XSL file to perform an XSL transformation. If combined with other flaws, this leak could possibly help an attacker bypass intended memory corruption protections. (CVE-2011-1202)

All libxslt users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. All running applications linked against libxslt must be restarted for this update to take effect.

A vulnerability has been discovered and corrected in libxslt :

The XSL implementation in libxslt allows remote attackers to cause a denial of service (incorrect read operation) via unspecified vectors (CVE-2012-2825).

The updated packages have been patched to correct this issue.

The remote host is affected by the vulnerability described in GLSA-201208-03 (Chromium: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in Chromium. Please review       the CVE identifiers and release notes referenced below for details.
  Impact :

    A remote attacker could entice a user to open a specially crafted web       site using Chromium, possibly resulting in the execution of arbitrary       code with the privileges of the process, a Denial of Service condition,       disclosure of sensitive information, or other unspecified impact.
  Workaround :

    There is no known workaround at this time.

The following issue has been fixed :

  - Specially crafted XSL documents could have crashed     libxslt. (CVE-2012-2825)

Versions of Google Chrome earlier than 20.0.1132.43 are potentially affected by the following vulnerabilities :

  - An unspecified error allows access to iFrame fragment ID information, (CVE-2012-2815)

  - An unspecified issue is triggered when sandboxed processes interfere with one another. (CVE-2012-2816)

  - A user-after free issue exists in handling table sections which may allow for execution of arbitrary code. (CVE-2012-02817)

  - An unspecified use-after-free flaw exists in the counter layout which may allow for execution of arbitrary code. (CVE-2012-2818)

  -  A flaw exists in the WebGL subsystem when the texSubImage2d implementation does not properly handle uploads to floating-point textures, which may allow a remote denial of service. (CVE-2012-2919)

  - An out-of-bounds read error occurs during the handling of SVG filters, which may allow a remote denial of service. (CVE-2012-2820)

  - A flaw exists in the autofill display. No further details have been provided. (CVE-2012-2821)

  - An out-of-bounds read error occurs during the handling of PDF files, which may allow multiple unspecified remote denial of service attacks. (CVE-2012-2822)

  - An user-after-free flaw exists during the handling of SVG resources, which may allow for execution of arbitrary code. (CVE-2012-2823, CVE-2012-2831)

  - An user-after-free flaw exists in SVG painting. No further details have been provided. (CVE-2012-2824)

  - An out-of-bounds read error occurs during texture conversion which may allow a remote denial of service. (CVE-2012-2826)

  - An use-after-free flaw in the Mac GUI. No further details have been provided. (CVE-2012-2827)

  - A flaw exists in improper sanitizing of user-supplied inputting resulting in multiple unspecified integer overflows with a specially crafted PDF file. (CVE-2012-2828)

  - An user-after-free flaw is triggered during handling of first letters. No further details have been provided. (CVE-2012-2829)

  - A flaw is triggered when an unspecified NULL pointer dereference occurs in array setting handling. (CVE-2012-2830)

  - A flaw is triggered when a NULL pointer dereference occurs in a PDF image codec. (CVE-2012-2832)

  - An overflow condition occurs when the PDF JS API fails to properly sanitize user-supplied input resulting in a buffer overflow. (CVE-2012-2833)

  - An overflow condition occurs in the Matroska container which fails to properly sanitize user-supplied input resulting in an integer overflow. (CVE-2012-2834)

  - A flaw exists in the way it loads dynamic-link-libraries (DLL). (CVE-2012-2764)

  - A flaw is triggered when an unspecified wild read occurs during the handling of XSL. (CVE-2012-2825)

  - This issue is only present on 64-bit Linux platforms. The libxml is prone to multiple unspecified overflow conditions. (CVE-2012-2807)

The version of Google Chrome installed on the remote host is earlier than 20.0.1132.43 and is, therefore, affected by the following vulnerabilities :

  - An error exists related to the loading of the 'metro'     DLL. (CVE-2012-2764)

  - An error exists related to the leaking of iframe     fragment id. (CVE-2012-2815)

  - An error exists that allows sandboxes to interfere with     each other. (CVE-2012-2816)

  - Multiple use-after-free errors exist related to table     section handling, counter layout, SVG resource handling,     SVG painting, first-letter handling and SVG reference     handling. (CVE-2012-2817, CVE-2012-2818, CVE-2012-2823,     CVE-2012-2824, CVE-2012-2829, CVE-2012-2831)

  - An error exists related to texture handling that can     cause application crashes. (CVE-2012-2819)

  - Out-of-bounds read errors exist related to SVG     filter handling and texture conversion. (CVE-2012-2820,     CVE-2012-2826)

  - An unspecified error exists related to autofill display     actions. (CVE-2012-2821)

  - Several 'OOB' read issues exist related to PDF     processing. (CVE-2012-2822)

  - A read error exists related to XSL handling.
    (CVE-2012-2825)

  - Several integer overflow issues exist related to PDF     processing. (CVE-2012-2828)

  - A pointer issue exists related to the setting of array     values. (CVE-2012-2830)

  - An uninitialized pointer issue exists related to the     PDF image codec. (CVE-2012-2832)

  - A buffer overflow error exists related to the PDF     JavaScript API. (CVE-2012-2833)

  - An integer overflow error exists related to the     'Matroska' container. (CVE-2012-2834)

According to its banner, the remote Apple iOS device is missing a security update.  Versions of Apple iOS older than 7.0 are affected by vulnerabilities within the following components :

 - Certificate Trust Policy
 - CoreGraphics
 - CoreMedia
 - Data Protection
 - Data Security
 - File Systems
 - IOKit
 - IOKitUser
 - IOSerialFamily
 - IPSec
 - ImageIO
 - Kernel
 - Kext Management
 - Passcode Lock
 - Personal Hotspot
 - Push Notifications
 - Safari
 - Sandbox
 - Social
 - Springboard
 - Telephony
 - Twitter
 - WebKit
 - dyld
 - libxml
 - libxslt

CVE-2012-2825 is not available