Executive Summary
Summary | |
---|---|
Title | VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components |
Informations | |||
---|---|---|---|
Name | VMSA-2009-0016 | First vendor Publication | 2009-12-15 |
Vendor | VMware | Last vendor Modification | 2009-11-20 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
a. JRE Security Update JRE update to version 1.5.0_20, which addresses multiple security issues that existed in earlier releases of JRE. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.5.0_18: CVE-2009-1093, CVE-2009-1094, CVE-2009-1095, CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100, CVE-2009-1101, CVE-2009-1102, CVE-2009-1103, CVE-2009-1104, CVE-2009-1105, CVE-2009-1106, and CVE-2009-1107. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.5.0_20: CVE-2009-2625, CVE-2009-2670, CVE-2009-2671, CVE-2009-2672, CVE-2009-2673, CVE-2009-2675, CVE-2009-2676, CVE-2009-2716, CVE-2009-2718, CVE-2009-2719, CVE-2009-2720, CVE-2009-2721, CVE-2009-2722, CVE-2009-2723, CVE-2009-2724. b. Update Apache Tomcat version to 6.0.20 Update for VirtualCenter and ESX patch update the Tomcat package to version 6.0.20 which addresses multiple security issues that existed in the previous version of Apache Tomcat. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.20: CVE-2008-5515, CVE-2009-0033, CVE-2009-0580, CVE-2009-0781, CVE-2009-0783. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.18: CVE-2008-1232, CVE-2008-1947, CVE-2008-2370. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.16: CVE-2007-5333, CVE-2007-5342, CVE-2007-5461, CVE-2007-6286, CVE-2008-0002. c. Third party library update for ntp. The Network Time Protocol (NTP) is used to synchronize a computer's time with a referenced time source. ESXi 3.5 and ESXi 4.0 have a ntp client that is affected by the following security issue. Note that the same security issue is present in the ESX Service Console as described in section d. of this advisory. A buffer overflow flaw was discovered in the ntpd daemon's NTPv4 authentication code. If ntpd was configured to use public key cryptography for NTP packet authentication, a remote attacker could use this flaw to send a specially-crafted request packet that could crash ntpd or, potentially, execute arbitrary code with the privileges of the "ntp" user. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-1252 to this issue. The NTP security issue identified by CVE-2009-0159 is not relevant for ESXi 3.5 and ESXi 4.0. d. of this advisory. A buffer overflow flaw was discovered in the ntpd daemon's NTPv4 authentication code. If ntpd was configured to use public key cryptography for NTP packet authentication, a remote attacker could use this flaw to send a specially-crafted request packet that could crash ntpd or, potentially, execute arbitrary code with the privileges of the "ntp" user. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-1252 to this issue. The NTP security issue identified by CVE-2009-0159 is not relevant for ESXi 3.5 and ESXi 4.0. d. Service Console update for ntp Service Console package ntp updated to version ntp-4.2.2pl-9.el5_3.2 The Network Time Protocol (NTP) is used to synchronize a computer's time with a referenced time source. The Service Console present in ESX is affected by the following security issues. A buffer overflow flaw was discovered in the ntpd daemon's NTPv4 authentication code. If ntpd was configured to use public key cryptography for NTP packet authentication, a remote attacker could use this flaw to send a specially-crafted request packet that could crash ntpd or, potentially, execute arbitrary code with the privileges of the "ntp" user. NTP authentication is not enabled by default on the Service Console. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-1252 to this issue. A buffer overflow flaw was found in the ntpq diagnostic command. A malicious, remote server could send a specially-crafted reply to an ntpq request that could crash ntpq or, potentially, execute arbitrary code with the privileges of the user running the ntpq command. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-0159 to this issue. e. Updated Service Console package kernel Updated Service Console package kernel addresses the security issues below. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2008-3528, CVE-2008-5700, CVE-2009-0028, CVE-2009-0269, CVE-2009-0322, CVE-2009-0675, CVE-2009-0676, CVE-2009-0778 to the security issues fixed in kernel 2.6.18-128.1.6. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2008-4307, CVE-2009-0834, CVE-2009-1337, CVE-2009-0787, CVE-2009-1336 to the security issues fixed in kernel 2.6.18-128.1.10. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-1439, CVE-2009-1633, CVE-2009-1072, CVE-2009-1630, CVE-2009-1192 to the security issues fixed in kernel 2.6.18-128.1.14. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2007-5966, CVE-2009-1385, CVE-2009-1388, CVE-2009-1389, CVE-2009-1895, CVE-2009-2406, CVE-2009-2407 to the security issues fixed in kernel 2.6.18-128.4.1. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-2692, CVE-2009-2698 to the security issues fixed in kernel 2.6.18-128.7.1. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-0745, CVE-2009-0746, CVE-2009-0747, CVE-2009-0748, CVE-2009-2847, CVE-2009-2848 to the security issues fixed in kernel 2.6.18-164. f. Updated Service Console package python Service Console package Python update to version 2.4.3-24.el5. When the assert() system call was disabled, an input sanitization flaw was revealed in the Python string object implementation that led to a buffer overflow. The missing check for negative size values meant the Python memory allocator could allocate less memory than expected. This could result in arbitrary code execution with the Python interpreter's privileges. Multiple buffer and integer overflow flaws were found in the Python Unicode string processing and in the Python Unicode and string object implementations. An attacker could use these flaws to cause a denial of service. Multiple integer overflow flaws were found in the Python imageop module. If a Python application used the imageop module to process untrusted images, it could cause the application to disclose sensitive information, crash or, potentially, execute arbitrary code with the Python interpreter's privileges. Multiple integer underflow and overflow flaws were found in the Python snprintf() wrapper implementation. An attacker could use these flaws to cause a denial of service (memory corruption). Multiple integer overflow flaws were found in various Python modules. An attacker could use these flaws to cause a denial of service. An integer signedness error, leading to a buffer overflow, was found in the Python zlib extension module. If a Python application requested the negative byte count be flushed for a decompression stream, it could cause the application to crash or, potentially, execute arbitrary code with the Python interpreter's privileges. A flaw was discovered in the strxfrm() function of the Python locale module. Strings generated by this function were not properly NULL-terminated, which could possibly cause disclosure of data stored in the memory of a Python application using this function. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2007-2052 CVE-2007-4965 CVE-2008-1721 CVE-2008-1887 CVE-2008-2315 CVE-2008-3142 CVE-2008-3143 CVE-2008-3144 CVE-2008-4864 CVE-2008-5031 to these issues. g. Updated Service Console package bind Service Console package bind updated to version 9.3.6-4.P1.el5 The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handles dynamic update message packets containing the "ANY" record type. A remote attacker could use this flaw to send a specially-crafted dynamic update packet that could cause named to exit with an assertion failure. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2009-0696 to this issue. h. Updated Service Console package libxml2 Service Console package libxml2 updated to version 2.6.26-2.1.2.8. libxml is a library for parsing and manipulating XML files. A Document Type Definition (DTD) defines the legal syntax (and also which elements can be used) for certain types of files, such as XML files. A stack overflow flaw was found in the way libxml processes the root XML document element definition in a DTD. A remote attacker could provide a specially-crafted XML file, which once opened by a local, unsuspecting user, would lead to denial of service. Multiple use-after-free flaws were found in the way libxml parses the Notation and Enumeration attribute types. A remote attacker could provide a specially-crafted XML file, which once opened by a local, unsuspecting user, would lead to denial of service. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-2414 and CVE-2009-2416 to these issues. i. Updated Service Console package curl Service Console package curl updated to version 7.15.5-2.1.el5_3.5 A cURL is affected by the previously published "null prefix attack", caused by incorrect handling of NULL characters in X.509 certificates. If an attacker is able to get a carefully-crafted certificate signed by a trusted Certificate Authority, the attacker could use the certificate during a man-in-the-middle attack and potentially confuse cURL into accepting it by mistake. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2009-2417 to this issue j. Updated Service Console package gnutls Service Console package gnutil updated to version 1.4.1-3.el5_3.5 A flaw was discovered in the way GnuTLS handles NULL characters in certain fields of X.509 certificates. If an attacker is able to get a carefully-crafted certificate signed by a Certificate Authority trusted by an application using GnuTLS, the attacker could use the certificate during a man-in-the-middle attack and potentially confuse the application into accepting it by mistake. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2009-2730 to this issue |
Original Source
Url : http://www.vmware.com/security/advisories/VMSA-2009-0016.html |
CAPEC : Common Attack Pattern Enumeration & Classification
Id | Name |
---|---|
CAPEC-8 | Buffer Overflow in an API Call |
CAPEC-9 | Buffer Overflow in Local Command-Line Utilities |
CAPEC-10 | Buffer Overflow via Environment Variables |
CAPEC-14 | Client-side Injection-induced Buffer Overflow |
CAPEC-24 | Filter Failure through Buffer Overflow |
CAPEC-42 | MIME Conversion |
CAPEC-44 | Overflow Binary Resource File |
CAPEC-45 | Buffer Overflow via Symbolic Links |
CAPEC-46 | Overflow Variables and Tags |
CAPEC-47 | Buffer Overflow via Parameter Expansion |
CAPEC-100 | Overflow Buffers |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
16 % | CWE-264 | Permissions, Privileges, and Access Controls |
16 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
10 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
8 % | CWE-20 | Improper Input Validation |
7 % | CWE-190 | Integer Overflow or Wraparound (CWE/SANS Top 25) |
7 % | CWE-16 | Configuration |
4 % | CWE-399 | Resource Management Errors |
4 % | CWE-200 | Information Exposure |
4 % | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25) |
4 % | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25) |
3 % | CWE-362 | Race Condition |
3 % | CWE-310 | Cryptographic Issues |
3 % | CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') (CWE/SANS Top 25) |
1 % | CWE-787 | Out-of-bounds Write (CWE/SANS Top 25) |
1 % | CWE-681 | Incorrect Conversion between Numeric Types |
1 % | CWE-667 | Insufficient Locking |
1 % | CWE-476 | NULL Pointer Dereference |
1 % | CWE-416 | Use After Free |
1 % | CWE-269 | Improper Privilege Management |
1 % | CWE-193 | Off-by-one Error |
1 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10072 | |||
Oval ID: | oval:org.mitre.oval:def:10072 | ||
Title: | Stack-based buffer overflow in the parse_tag_11_packet function in fs/ecryptfs/keystore.c in the eCryptfs subsystem in the Linux kernel before 2.6.30.4 allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving a crafted eCryptfs file, related to not ensuring that the key signature length in a Tag 11 packet is compatible with the key signature buffer size. | ||
Description: | Stack-based buffer overflow in the parse_tag_11_packet function in fs/ecryptfs/keystore.c in the eCryptfs subsystem in the Linux kernel before 2.6.30.4 allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving a crafted eCryptfs file, related to not ensuring that the key signature length in a Tag 11 packet is compatible with the key signature buffer size. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-2406 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10114 | |||
Oval ID: | oval:org.mitre.oval:def:10114 | ||
Title: | lib/ssluse.c in cURL and libcurl 7.4 through 7.19.5, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. | ||
Description: | lib/ssluse.c in cURL and libcurl 7.4 through 7.19.5, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-2417 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10124 | |||
Oval ID: | oval:org.mitre.oval:def:10124 | ||
Title: | Integer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers. | ||
Description: | Integer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-1095 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10129 | |||
Oval ID: | oval:org.mitre.oval:def:10129 | ||
Title: | Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allows context-dependent attackers to cause a denial of service (application crash) via a large depth of element declarations in a DTD, related to a function recursion, as demonstrated by the Codenomicon XML fuzzing framework. | ||
Description: | Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allows context-dependent attackers to cause a denial of service (application crash) via a large depth of element declarations in a DTD, related to a function recursion, as demonstrated by the Codenomicon XML fuzzing framework. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-2414 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10152 | |||
Oval ID: | oval:org.mitre.oval:def:10152 | ||
Title: | Unspecified vulnerability in the lightweight HTTP server implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to cause a denial of service (probably resource consumption) for a JAX-WS service endpoint via a connection without any data, which triggers a file descriptor "leak." | ||
Description: | Unspecified vulnerability in the lightweight HTTP server implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to cause a denial of service (probably resource consumption) for a JAX-WS service endpoint via a connection without any data, which triggers a file descriptor "leak." | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-1101 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10170 | |||
Oval ID: | oval:org.mitre.oval:def:10170 | ||
Title: | Multiple integer overflows in the PyOS_vsnprintf function in Python/mysnprintf.c in Python 2.5.2 and earlier allow context-dependent attackers to cause a denial of service (memory corruption) or have unspecified other impact via crafted input to string formatting operations. NOTE: the handling of certain integer values is also affected by related integer underflows and an off-by-one error. | ||
Description: | Multiple integer overflows in the PyOS_vsnprintf function in Python/mysnprintf.c in Python 2.5.2 and earlier allow context-dependent attackers to cause a denial of service (memory corruption) or have unspecified other impact via crafted input to string formatting operations. NOTE: the handling of certain integer values is also affected by related integer underflows and an off-by-one error. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-3144 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10215 | |||
Oval ID: | oval:org.mitre.oval:def:10215 | ||
Title: | The icmp_send function in net/ipv4/icmp.c in the Linux kernel before 2.6.25, when configured as a router with a REJECT route, does not properly manage the Protocol Independent Destination Cache (aka DST) in some situations involving transmission of an ICMP Host Unreachable message, which allows remote attackers to cause a denial of service (connectivity outage) by sending a large series of packets to many destination IP addresses within this REJECT route, related to an "rt_cache leak." | ||
Description: | The icmp_send function in net/ipv4/icmp.c in the Linux kernel before 2.6.25, when configured as a router with a REJECT route, does not properly manage the Protocol Independent Destination Cache (aka DST) in some situations involving transmission of an ICMP Host Unreachable message, which allows remote attackers to cause a denial of service (connectivity outage) by sending a large series of packets to many destination IP addresses within this REJECT route, related to an "rt_cache leak." | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-0778 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10231 | |||
Oval ID: | oval:org.mitre.oval:def:10231 | ||
Title: | Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header. | ||
Description: | Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-0033 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10263 | |||
Oval ID: | oval:org.mitre.oval:def:10263 | ||
Title: | The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to bypass intended access restrictions and connect to arbitrary sites via unspecified vectors, related to a declaration that lacks the final keyword. | ||
Description: | The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to bypass intended access restrictions and connect to arbitrary sites via unspecified vectors, related to a declaration that lacks the final keyword. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-2673 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10300 | |||
Oval ID: | oval:org.mitre.oval:def:10300 | ||
Title: | Unspecified vulnerability in the Virtual Machine in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to "code generation." | ||
Description: | Unspecified vulnerability in the Virtual Machine in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to "code generation." | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-1102 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10342 | |||
Oval ID: | oval:org.mitre.oval:def:10342 | ||
Title: | The make_indexed_dir function in fs/ext4/namei.c in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 does not validate a certain rec_len field, which allows local users to cause a denial of service (OOPS) by attempting to mount a crafted ext4 filesystem. | ||
Description: | The make_indexed_dir function in fs/ext4/namei.c in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 does not validate a certain rec_len field, which allows local users to cause a denial of service (OOPS) by attempting to mount a crafted ext4 filesystem. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-0746 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10407 | |||
Oval ID: | oval:org.mitre.oval:def:10407 | ||
Title: | Python 2.5.2 and earlier allows context-dependent attackers to execute arbitrary code via multiple vectors that cause a negative size value to be provided to the PyString_FromStringAndSize function, which allocates less memory than expected when assert() is disabled and triggers a buffer overflow. | ||
Description: | Python 2.5.2 and earlier allows context-dependent attackers to execute arbitrary code via multiple vectors that cause a negative size value to be provided to the PyString_FromStringAndSize function, which allocates less memory than expected when assert() is disabled and triggers a buffer overflow. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-1887 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10414 | |||
Oval ID: | oval:org.mitre.oval:def:10414 | ||
Title: | The dns_db_findrdataset function in db.c in named in ISC BIND 9.4 before 9.4.3-P3, 9.5 before 9.5.1-P3, and 9.6 before 9.6.1-P1, when configured as a master server, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an ANY record in the prerequisite section of a crafted dynamic update message, as exploited in the wild in July 2009. | ||
Description: | The dns_db_findrdataset function in db.c in named in ISC BIND 9.4 before 9.4.3-P3, 9.5 before 9.5.1-P3, and 9.6 before 9.6.1-P1, when configured as a master server, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an ANY record in the prerequisite section of a crafted dynamic update message, as exploited in the wild in July 2009. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-0696 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10417 | |||
Oval ID: | oval:org.mitre.oval:def:10417 | ||
Title: | The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler. | ||
Description: | The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-5342 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10422 | |||
Oval ID: | oval:org.mitre.oval:def:10422 | ||
Title: | Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request. | ||
Description: | Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-5515 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10577 | |||
Oval ID: | oval:org.mitre.oval:def:10577 | ||
Title: | Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter. | ||
Description: | Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-2370 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10683 | |||
Oval ID: | oval:org.mitre.oval:def:10683 | ||
Title: | The ext4_fill_super function in fs/ext4/super.c in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 does not validate the superblock configuration, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) by attempting to mount a crafted ext4 filesystem. | ||
Description: | The ext4_fill_super function in fs/ext4/super.c in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 does not validate the superblock configuration, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) by attempting to mount a crafted ext4 filesystem. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-0748 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10702 | |||
Oval ID: | oval:org.mitre.oval:def:10702 | ||
Title: | Multiple integer overflows in imageop.c in the imageop module in Python 1.5.2 through 2.5.1 allow context-dependent attackers to break out of the Python VM and execute arbitrary code via large integer values in certain arguments to the crop function, leading to a buffer overflow, a different vulnerability than CVE-2007-4965 and CVE-2008-1679. | ||
Description: | Multiple integer overflows in imageop.c in the imageop module in Python 1.5.2 through 2.5.1 allow context-dependent attackers to break out of the Python VM and execute arbitrary code via large integer values in certain arguments to the crop function, leading to a buffer overflow, a different vulnerability than CVE-2007-4965 and CVE-2008-1679. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-4864 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10716 | |||
Oval ID: | oval:org.mitre.oval:def:10716 | ||
Title: | Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. | ||
Description: | Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-0783 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10774 | |||
Oval ID: | oval:org.mitre.oval:def:10774 | ||
Title: | Integer overflow in the hrtimer_start function in kernel/hrtimer.c in the Linux kernel before 2.6.23.10 allows local users to execute arbitrary code or cause a denial of service (panic) via a large relative timeout value. NOTE: some of these details are obtained from third party information. | ||
Description: | Integer overflow in the hrtimer_start function in kernel/hrtimer.c in the Linux kernel before 2.6.23.10 allows local users to execute arbitrary code or cause a denial of service (panic) via a large relative timeout value. NOTE: some of these details are obtained from third party information. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-5966 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10778 | |||
Oval ID: | oval:org.mitre.oval:def:10778 | ||
Title: | libgnutls in GnuTLS before 2.8.2 does not properly handle a '\0' character in a domain name in the subject's (1) Common Name (CN) or (2) Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. | ||
Description: | libgnutls in GnuTLS before 2.8.2 does not properly handle a '\0' character in a domain name in the subject's (1) Common Name (CN) or (2) Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-2730 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10804 | |||
Oval ID: | oval:org.mitre.oval:def:10804 | ||
Title: | Multiple integer overflows in the imageop module in Python 2.5.1 and earlier allow context-dependent attackers to cause a denial of service (application crash) and possibly obtain sensitive information (memory contents) via crafted arguments to (1) the tovideo method, and unspecified other vectors related to (2) imageop.c, (3) rbgimgmodule.c, and other files, which trigger heap-based buffer overflows. | ||
Description: | Multiple integer overflows in the imageop module in Python 2.5.1 and earlier allow context-dependent attackers to cause a denial of service (application crash) and possibly obtain sensitive information (memory contents) via crafted arguments to (1) the tovideo method, and unspecified other vectors related to (2) imageop.c, (3) rbgimgmodule.c, and other files, which trigger heap-based buffer overflows. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-4965 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10840 | |||
Oval ID: | oval:org.mitre.oval:def:10840 | ||
Title: | Integer overflow in the unpack200 utility in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows context-dependent attackers to gain privileges via unspecified length fields in the header of a Pack200-compressed JAR file, which leads to a heap-based buffer overflow during decompression. | ||
Description: | Integer overflow in the unpack200 utility in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows context-dependent attackers to gain privileges via unspecified length fields in the header of a Pack200-compressed JAR file, which leads to a heap-based buffer overflow during decompression. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-2675 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10852 | |||
Oval ID: | oval:org.mitre.oval:def:10852 | ||
Title: | The error-reporting functionality in (1) fs/ext2/dir.c, (2) fs/ext3/dir.c, and possibly (3) fs/ext4/dir.c in the Linux kernel 2.6.26.5 does not limit the number of printk console messages that report directory corruption, which allows physically proximate attackers to cause a denial of service (temporary system hang) by mounting a filesystem that has corrupted dir-i_size and dir-i_blocks values and performing (a) read or (b) write operations. NOTE: there are limited scenarios in which this crosses privilege boundaries. | ||
Description: | The error-reporting functionality in (1) fs/ext2/dir.c, (2) fs/ext3/dir.c, and possibly (3) fs/ext4/dir.c in the Linux kernel 2.6.26.5 does not limit the number of printk console messages that report directory corruption, which allows physically proximate attackers to cause a denial of service (temporary system hang) by mounting a filesystem that has corrupted dir->i_size and dir->i_blocks values and performing (a) read or (b) write operations. NOTE: there are limited scenarios in which this crosses privilege boundaries. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-3528 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10919 | |||
Oval ID: | oval:org.mitre.oval:def:10919 | ||
Title: | Service Console update for COS kernel | ||
Description: | The exit_notify function in kernel/exit.c in the Linux kernel before 2.6.30-rc1 does not restrict exit signals when the CAP_KILL capability is held, which allows local users to send an arbitrary signal to a process by running a program that modifies the exit_signal field and then uses an exec system call to launch a setuid application. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-1337 | Version: | 3 |
Platform(s): | VMWare ESX Server 3.5 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:10942 | |||
Oval ID: | oval:org.mitre.oval:def:10942 | ||
Title: | The ext4_group_add function in fs/ext4/resize.c in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 does not properly initialize the group descriptor during a resize (aka resize2fs) operation, which might allow local users to cause a denial of service (OOPS) by arranging for crafted values to be present in available memory. | ||
Description: | The ext4_group_add function in fs/ext4/resize.c in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 does not properly initialize the group descriptor during a resize (aka resize2fs) operation, which might allow local users to cause a denial of service (OOPS) by arranging for crafted values to be present in available memory. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-0745 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11041 | |||
Oval ID: | oval:org.mitre.oval:def:11041 | ||
Title: | Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." | ||
Description: | Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-0781 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11064 | |||
Oval ID: | oval:org.mitre.oval:def:11064 | ||
Title: | Unspecified vulnerability in the LDAP implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier allows remote LDAP servers to execute arbitrary code via unknown vectors related to serialized data. | ||
Description: | Unspecified vulnerability in the LDAP implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier allows remote LDAP servers to execute arbitrary code via unknown vectors related to serialized data. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-1094 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11068 | |||
Oval ID: | oval:org.mitre.oval:def:11068 | ||
Title: | The ecryptfs_write_metadata_to_contents function in the eCryptfs functionality in the Linux kernel 2.6.28 before 2.6.28.9 uses an incorrect size when writing kernel memory to an eCryptfs file header, which triggers an out-of-bounds read and allows local users to obtain portions of kernel memory. | ||
Description: | The ecryptfs_write_metadata_to_contents function in the eCryptfs functionality in the Linux kernel 2.6.28 before 2.6.28.9 uses an incorrect size when writing kernel memory to an eCryptfs file header, which triggers an out-of-bounds read and allows local users to obtain portions of kernel memory. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-0787 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11115 | |||
Oval ID: | oval:org.mitre.oval:def:11115 | ||
Title: | The SOCKS proxy implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to discover the username of the account that invoked an untrusted (1) applet or (2) Java Web Start application via unspecified vectors. | ||
Description: | The SOCKS proxy implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to discover the username of the account that invoked an untrusted (1) applet or (2) Java Web Start application via unspecified vectors. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-2671 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11177 | |||
Oval ID: | oval:org.mitre.oval:def:11177 | ||
Title: | Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385. | ||
Description: | Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-5333 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11181 | |||
Oval ID: | oval:org.mitre.oval:def:11181 | ||
Title: | Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method. | ||
Description: | Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-1232 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11231 | |||
Oval ID: | oval:org.mitre.oval:def:11231 | ||
Title: | Stack-based buffer overflow in the crypto_recv function in ntp_crypto.c in ntpd in NTP before 4.2.4p7 and 4.2.5 before 4.2.5p74, when OpenSSL and autokey are enabled, allows remote attackers to execute arbitrary code via a crafted packet containing an extension field. | ||
Description: | Stack-based buffer overflow in the crypto_recv function in ntp_crypto.c in ntpd in NTP before 4.2.4p7 and 4.2.5 before 4.2.5p74, when OpenSSL and autokey are enabled, allows remote attackers to execute arbitrary code via a crafted packet containing an extension field. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-1252 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11241 | |||
Oval ID: | oval:org.mitre.oval:def:11241 | ||
Title: | Multiple buffer overflows in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allow remote attackers to access files or execute arbitrary code via (1) a crafted PNG image that triggers an integer overflow during memory allocation for display on the splash screen, aka CR 6804996; and (2) a crafted GIF image from which unspecified values are used in calculation of offsets, leading to object-pointer corruption, aka CR 6804997. | ||
Description: | Multiple buffer overflows in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allow remote attackers to access files or execute arbitrary code via (1) a crafted PNG image that triggers an integer overflow during memory allocation for display on the splash screen, aka CR 6804996; and (2) a crafted GIF image from which unspecified values are used in calculation of offsets, leading to object-pointer corruption, aka CR 6804997. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-1097 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11255 | |||
Oval ID: | oval:org.mitre.oval:def:11255 | ||
Title: | Heap-based buffer overflow in the parse_tag_3_packet function in fs/ecryptfs/keystore.c in the eCryptfs subsystem in the Linux kernel before 2.6.30.4 allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving a crafted eCryptfs file, related to a large encrypted key size in a Tag 3 packet. | ||
Description: | Heap-based buffer overflow in the parse_tag_3_packet function in fs/ecryptfs/keystore.c in the eCryptfs subsystem in the Linux kernel before 2.6.30.4 allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving a crafted eCryptfs file, related to a large encrypted key size in a Tag 3 packet. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-2407 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11280 | |||
Oval ID: | oval:org.mitre.oval:def:11280 | ||
Title: | Multiple integer overflows in Python 2.2.3 through 2.5.1, and 2.6, allow context-dependent attackers to have an unknown impact via a large integer value in the tabsize argument to the expandtabs method, as implemented by (1) the string_expandtabs function in Objects/stringobject.c and (2) the unicode_expandtabs function in Objects/unicodeobject.c. NOTE: this vulnerability reportedly exists because of an incomplete fix for CVE-2008-2315. | ||
Description: | Multiple integer overflows in Python 2.2.3 through 2.5.1, and 2.6, allow context-dependent attackers to have an unknown impact via a large integer value in the tabsize argument to the expandtabs method, as implemented by (1) the string_expandtabs function in Objects/stringobject.c and (2) the unicode_expandtabs function in Objects/unicodeobject.c. NOTE: this vulnerability reportedly exists because of an incomplete fix for CVE-2008-2315. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-5031 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11326 | |||
Oval ID: | oval:org.mitre.oval:def:11326 | ||
Title: | The audio system in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to java.lang.System properties by (1) untrusted applets and (2) Java Web Start applications, which allows context-dependent attackers to obtain sensitive information by reading these properties. | ||
Description: | The audio system in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to java.lang.System properties by (1) untrusted applets and (2) Java Web Start applications, which allows context-dependent attackers to obtain sensitive information by reading these properties. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-2670 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11343 | |||
Oval ID: | oval:org.mitre.oval:def:11343 | ||
Title: | LdapCtx in the LDAP service in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier does not close the connection when initialization fails, which allows remote attackers to cause a denial of service (LDAP service hang). | ||
Description: | LdapCtx in the LDAP service in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier does not close the connection when initialization fails, which allows remote attackers to cause a denial of service (LDAP service hang). | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-1093 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11412 | |||
Oval ID: | oval:org.mitre.oval:def:11412 | ||
Title: | Service Console update for COS kernel | ||
Description: | The execve function in the Linux kernel, possibly 2.6.30-rc6 and earlier, does not properly clear the current->clear_child_tid pointer, which allows local users to cause a denial of service (memory corruption) or possibly gain privileges via a clone system call with CLONE_CHILD_SETTID or CLONE_CHILD_CLEARTID enabled, which is not properly handled during thread creation and exit. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-2848 | Version: | 3 |
Platform(s): | VMWare ESX Server 3.5 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:11466 | |||
Oval ID: | oval:org.mitre.oval:def:11466 | ||
Title: | Multiple buffer overflows in Python 2.5.2 and earlier on 32bit platforms allow context-dependent attackers to cause a denial of service (crash) or have unspecified other impact via a long string that leads to incorrect memory allocation during Unicode string processing, related to the unicode_resize function and the PyMem_RESIZE macro. | ||
Description: | Multiple buffer overflows in Python 2.5.2 and earlier on 32bit platforms allow context-dependent attackers to cause a denial of service (crash) or have unspecified other impact via a long string that leads to incorrect memory allocation during Unicode string processing, related to the unicode_resize function and the PyMem_RESIZE macro. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-3142 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11514 | |||
Oval ID: | oval:org.mitre.oval:def:11514 | ||
Title: | Service Console update for COS kernel | ||
Description: | The udp_sendmsg function in the UDP implementation in (1) net/ipv4/udp.c and (2) net/ipv6/udp.c in the Linux kernel before 2.6.19 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving the MSG_MORE flag and a UDP socket. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-2698 | Version: | 3 |
Platform(s): | VMWare ESX Server 3.5 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:11526 | |||
Oval ID: | oval:org.mitre.oval:def:11526 | ||
Title: | Service Console update for COS kernel | ||
Description: | The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using mmap to map page zero, placing arbitrary code on this page, and then invoking an unavailable operation, as demonstrated by the sendpage operation (sock_sendpage function) on a PF_PPPOX socket. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-2692 | Version: | 3 |
Platform(s): | VMWare ESX Server 3.5 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:11529 | |||
Oval ID: | oval:org.mitre.oval:def:11529 | ||
Title: | The skfp_ioctl function in drivers/net/skfp/skfddi.c in the Linux kernel before 2.6.28.6 permits SKFP_CLR_STATS requests only when the CAP_NET_ADMIN capability is absent, instead of when this capability is present, which allows local users to reset the driver statistics, related to an "inverted logic" issue. | ||
Description: | The skfp_ioctl function in drivers/net/skfp/skfddi.c in the Linux kernel before 2.6.28.6 permits SKFP_CLR_STATS requests only when the CAP_NET_ADMIN capability is absent, instead of when this capability is present, which allows local users to reset the driver statistics, related to an "inverted logic" issue. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-0675 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11534 | |||
Oval ID: | oval:org.mitre.oval:def:11534 | ||
Title: | Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add. | ||
Description: | Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-1947 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11681 | |||
Oval ID: | oval:org.mitre.oval:def:11681 | ||
Title: | Service Console update for COS kernel | ||
Description: | Integer underflow in the e1000_clean_rx_irq function in drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel before 2.6.30-rc8, the e1000e driver in the Linux kernel, and Intel Wired Ethernet (aka e1000) before 7.5.5 allows remote attackers to cause a denial of service (panic) via a crafted frame size. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-1385 | Version: | 3 |
Platform(s): | VMWare ESX Server 3.5 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:11716 | |||
Oval ID: | oval:org.mitre.oval:def:11716 | ||
Title: | Off-by-one error in the PyLocale_strxfrm function in Modules/_localemodule.c for Python 2.4 and 2.5 causes an incorrect buffer size to be used for the strxfrm function, which allows context-dependent attackers to read portions of memory via unknown manipulations that trigger a buffer over-read due to missing null termination. | ||
Description: | Off-by-one error in the PyLocale_strxfrm function in Modules/_localemodule.c for Python 2.4 and 2.5 causes an incorrect buffer size to be used for the strxfrm function, which allows context-dependent attackers to read portions of memory via unknown manipulations that trigger a buffer over-read due to missing null termination. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-2052 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11768 | |||
Oval ID: | oval:org.mitre.oval:def:11768 | ||
Title: | Service Console update for COS kernel | ||
Description: | The personality subsystem in the Linux kernel before 2.6.31-rc3 has a PER_CLEAR_ON_SETID setting that does not clear the ADDR_COMPAT_LAYOUT and MMAP_PAGE_ZERO flags when executing a setuid or setgid program, which makes it easier for local users to leverage the details of memory usage to (1) conduct NULL pointer dereference attacks, (2) bypass the mmap_min_addr protection mechanism, or (3) defeat address space layout randomization (ASLR). | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-1895 | Version: | 3 |
Platform(s): | VMWare ESX Server 3.5 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:12245 | |||
Oval ID: | oval:org.mitre.oval:def:12245 | ||
Title: | HP-UX Running BIND, Remote Denial of Service (DoS) | ||
Description: | The dns_db_findrdataset function in db.c in named in ISC BIND 9.4 before 9.4.3-P3, 9.5 before 9.5.1-P3, and 9.6 before 9.6.1-P1, when configured as a master server, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an ANY record in the prerequisite section of a crafted dynamic update message, as exploited in the wild in July 2009. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-0696 | Version: | 11 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13081 | |||
Oval ID: | oval:org.mitre.oval:def:13081 | ||
Title: | USN-806-1 -- python2.4, python2.5 vulnerabilities | ||
Description: | It was discovered that Python incorrectly handled certain arguments in the imageop module. If an attacker were able to pass specially crafted arguments through the crop function, they could execute arbitrary code with user privileges. For Python 2.5, this issue only affected Ubuntu 8.04 LTS. Multiple integer overflows were discovered in Python�s stringobject and unicodeobject expandtabs method. If an attacker were able to exploit these flaws they could execute arbitrary code with user privileges or cause Python applications to crash, leading to a denial of service | ||
Family: | unix | Class: | patch |
Reference(s): | USN-806-1 CVE-2008-4864 CVE-2008-5031 | Version: | 5 |
Platform(s): | Ubuntu 8.04 Ubuntu 6.06 Ubuntu 8.10 | Product(s): | python2.4 python2.5 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13106 | |||
Oval ID: | oval:org.mitre.oval:def:13106 | ||
Title: | USN-777-1 -- ntp vulnerabilities | ||
Description: | A stack-based buffer overflow was discovered in ntpq. If a user were tricked into connecting to a malicious ntp server, a remote attacker could cause a denial of service in ntpq, or possibly execute arbitrary code with the privileges of the user invoking the program. Chris Ries discovered a stack-based overflow in ntp. If ntp was configured to use autokey, a remote attacker could send a crafted packet to cause a denial of service, or possible execute arbitrary code | ||
Family: | unix | Class: | patch |
Reference(s): | USN-777-1 CVE-2009-0159 CVE-2009-1252 | Version: | 5 |
Platform(s): | Ubuntu 8.04 Ubuntu 9.04 Ubuntu 6.06 Ubuntu 8.10 | Product(s): | ntp |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13184 | |||
Oval ID: | oval:org.mitre.oval:def:13184 | ||
Title: | USN-1158-1 -- curl vulnerabilities | ||
Description: | curl: HTTP, HTTPS, and FTP client and client libraries Details: Richard Silverman discovered that when doing GSSAPI authentication, libcurl unconditionally performs credential delegation, handing the server a copy of the client�s security credential. Wesley Miaw discovered that when zlib is enabled, libcurl does not properly restrict the amount of callback data sent to an application that requests automatic decompression. This might allow an attacker to cause a denial of service via an application crash or possibly execute arbitrary code with the privilege of the application. This issue only affected Ubuntu 8.04 LTS and Ubuntu 10.04 LTS. USN 818-1 fixed an issue with curl�s handling of SSL certificates with zero bytes in the Common Name. Due to a packaging error, the fix for this issue was not being applied during the build. This issue only affected Ubuntu 8.04 LTS. We apologize for the error. Original advisory Multiple vulnerabilities in curl. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1158-1 CVE-2011-2192 CVE-2010-0734 CVE-2009-2417 | Version: | 5 |
Platform(s): | Ubuntu 11.04 Ubuntu 8.04 Ubuntu 10.04 Ubuntu 10.10 | Product(s): | curl |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13310 | |||
Oval ID: | oval:org.mitre.oval:def:13310 | ||
Title: | USN-748-1 -- openjdk-6 vulnerabilities | ||
Description: | It was discovered that font creation could leak temporary files. If a user were tricked into loading a malicious program or applet, a remote attacker could consume disk space, leading to a denial of service. It was discovered that the lightweight HttpServer did not correctly close files on dataless connections. A remote attacker could send specially crafted requests, leading to a denial of service. Certain 64bit Java actions would crash an application. A local attacker might be able to cause a denial of service. It was discovered that LDAP connections did not close correctly. A remote attacker could send specially crafted requests, leading to a denial of service. Java LDAP routines did not unserialize certain data correctly. A remote attacker could send specially crafted requests that could lead to arbitrary code execution. Java did not correctly check certain JAR headers. If a user or automated system were tricked into processing a malicious JAR file, a remote attacker could crash the application, leading to a denial of service. It was discovered that PNG and GIF decoding in Java could lead to memory corruption. If a user or automated system were tricked into processing a specially crafted image, a remote attacker could crash the application, leading to a denial of service | ||
Family: | unix | Class: | patch |
Reference(s): | USN-748-1 CVE-2006-2426 CVE-2009-1100 CVE-2009-1101 CVE-2009-1102 CVE-2009-1093 CVE-2009-1094 CVE-2009-1095 CVE-2009-1096 CVE-2009-1097 CVE-2009-1098 | Version: | 5 |
Platform(s): | Ubuntu 8.10 | Product(s): | openjdk-6 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13464 | |||
Oval ID: | oval:org.mitre.oval:def:13464 | ||
Title: | DSA-1801-1 ntp -- buffer overflows | ||
Description: | Several remote vulnerabilities have been discovered in NTP, the Network Time Protocol reference implementation. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-0159 A buffer overflow in ntpq allow a remote NTP server to create a denial of service attack or to execute arbitrary code via a crafted response. CVE-2009-1252 A buffer overflow in ntpd allows a remote attacker to create a denial of service attack or to execute arbitrary code when the autokey functionality is enabled. For the old stable distribution, these problems have been fixed in version 4.2.2.p4+dfsg-2etch3. For the stable distribution, these problems have been fixed in version 4.2.4p4+dfsg-8lenny2. The unstable distribution will be fixed soon. We recommend that you upgrade your ntp package. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1801-1 CVE-2009-0159 CVE-2009-1252 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 4.0 | Product(s): | ntp |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13468 | |||
Oval ID: | oval:org.mitre.oval:def:13468 | ||
Title: | DSA-1921-1 expat -- denial of service | ||
Description: | Peter Valchev discovered an error in expat, an XML parsing C library, when parsing certain UTF-8 sequences, which can be exploited to crash an application using the library. For the old stable distribution, this problem has been fixed in version 1.95.8-3.4+etch1. For the stable distribution, this problem has been fixed in version 2.0.1-4+lenny1. For the testing distribution and the unstable distribution, this problem will be fixed soon. We recommend that you upgrade your expat packages. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1921-1 CVE-2009-2625 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 4.0 | Product(s): | expat |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13469 | |||
Oval ID: | oval:org.mitre.oval:def:13469 | ||
Title: | DSA-1769-1 openjdk-6 -- several | ||
Description: | Several vulnerabilities have been identified in OpenJDK, an implementation of the Java SE platform. Creation of large, temporary fonts could use up available disk space, leading to a denial of service condition. Several vulnerabilities existed in the embedded LittleCMS library, exploitable through crafted images: a memory leak, resulting in a denial of service condition, heap-based buffer overflows, potentially allowing arbitrary code execution, and a null-pointer dereference, leading to denial of service. The LDAP server implementation did not properly close sockets if an error was encountered, leading to a denial-of-service condition. The LDAP client implementation allowed malicious LDAP servers to execute arbitrary code on the client. The HTTP server implementation contained an unspecified denial of service vulnerability. Several issues in Java Web Start have been addressed. The Debian packages currently do not support Java Web Start, so these issues are not directly exploitable, but the relevant code has been updated nevertheless. For the stable distribution, these problems have been fixed in version 9.1+lenny2. We recommend that you upgrade your openjdk-6 packages. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1769-1 CVE-2006-2426 CVE-2009-0581 CVE-2009-0723 CVE-2009-0733 CVE-2009-0793 CVE-2009-1093 CVE-2009-1094 CVE-2009-1095 CVE-2009-1096 CVE-2009-1097 CVE-2009-1098 CVE-2009-1101 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | openjdk-6 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13537 | |||
Oval ID: | oval:org.mitre.oval:def:13537 | ||
Title: | DSA-1787-1 linux-2.6.24 -- denial of service/privilege escalation/information leak | ||
Description: | Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-4307 Bryn M. Reeves reported a denial of service in the NFS filesystem. Local users can trigger a kernel BUG due to a race condition in the do_setlk function. CVE-2008-5079 Hugo Dias reported a DoS condition in the ATM subsystem that can be triggered by a local user by calling the svc_listen function twice on the same socket and reading /proc/net/atm/*vc. CVE-2008-5395 Helge Deller discovered a denial of service condition that allows local users on PA-RISC systems to crash a system by attempting to unwind a stack contiaining userspace addresses. CVE-2008-5700 Alan Cox discovered a lack of minimum timeouts on SG_IO requests, which allows local users of systems using ATA to cause a denial of service by forcing drives into PIO mode. CVE-2008-5701 Vlad Malov reported an issue on 64-bit MIPS systems where a local user could cause a system crash by crafing a malicious binary which makes o32 syscalls with a number less than 4000. CVE-2008-5702 Zvonimir Rakamaric reported an off-by-one error in the ib700wdt watchdog driver which allows local users to cause a buffer underflow by making a specially crafted WDIOC_SETTIMEOUT ioctl call. CVE-2009-0028 Chris Evans discovered a situation in which a child process can send an arbitrary signal to its parent. CVE-2009-0029 Christian Borntraeger discovered an issue affecting the alpha, mips, powerpc, s390 and sparc64 architectures that allows local users to cause a denial of service or potentially gain elevated privileges. CVE-2009-0031 Vegard Nossum discovered a memory leak in the keyctl subsystem that allows local users to cause a denial of service by consuming all of kernel memory. CVE-2009-0065 Wei Yongjun discovered a memory overflow in the SCTP implementation that can be triggered by remote users, permitting remote code execution. CVE-2009-0269 Duane Griffin provided a fix for an issue in the eCryptfs subsystem which allows local users to cause a denial of service. CVE-2009-0322 Pavel Roskin provided a fix for an issue in the dell_rbu driver that allows a local user to cause a denial of service by reading 0 byts from a sysfs entry. CVE-2009-0675 Roel Kluin discovered inverted logic in the skfddi driver that permits local, unprivileged users to reset the driver statistics. CVE-2009-0676 Clement LECIGNE discovered a bug in the sock_getsockopt function that may result in leaking sensitive kernel memory. CVE-2009-0745 Peter Kerwien discovered an issue in the ext4 filesystem that allows local users to cause a denial of service during a resize operation. CVE-2009-0834 Roland McGrath discovered an issue on amd64 kernels that allows local users to circumvent system call audit configurations which filter based on the syscall numbers or argument details. CVE-2009-0859 Jiri Olsa discovered that a local user can cause a denial of service using a SHM_INFO shmctl call on kernels compiled with CONFIG_SHMEM disabled. This issue does not affect prebuilt Debian kernels. CVE-2009-1046 Mikulas Patocka reported an issue in the console subsystem that allows a local user to cause memory corruption by selecting a small number of 3-byte UTF-8 characters. CVE-2009-1192 Shaohua Li reported an issue in the AGP subsystem they may allow local users to read sensitive kernel memory due to a leak of uninitialised memory. CVE-2009-1242 Benjamin Gilbert reported a local denial of service vulnerability in the KVM VMX implementation that allows local users to trigger an oops. CVE-2009-1265 Thomas Pollet reported an overflow in the af_rose implementation that allows remote attackers to retrieve uninitialised kernel memory that may contain sensitive data. CVE-2009-1337 Oleg Nesterov discovered an issue in the exit_notify function that allows local users to send an arbitrary signal to a process by running a program that modifies the exit_signal field and then uses an exec system call to launch a setuid application. CVE-2009-1338 Daniel Hokka Zakrisson discovered that a kill is permitted to reach processes outside of the current process namespace. CVE-2009-1439 Pavan Naregundi reported an issue in the CIFS filesystem code that allows remote users to overwrite memory via a long nativeFileSystem field in a Tree Connect response during mount. For the stable distribution, these problems have been fixed in version 2.6.24-6~etchnhalf.8etch1. We recommend that you upgrade your linux-2.6.24 packages. Note: Debian "etch" includes linux kernel packages based upon both the 2.6.18 and 2.6.24 linux releases. All known security issues are carefully tracked against both packages and both packages will receive security updates until security support for Debian "etch" concludes. However, given the high frequency at which low-severity security issues are discovered in the kernel and the resource requirements of doing an update, lower severity 2.6.18 and 2.6.24 updates will typically release in a staggered or "leap-frog" fashion. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1787-1 CVE-2008-4307 CVE-2008-5079 CVE-2008-5395 CVE-2008-5700 CVE-2008-5701 CVE-2008-5702 CVE-2009-0028 CVE-2009-0029 CVE-2009-0031 CVE-2009-0065 CVE-2009-0269 CVE-2009-0322 CVE-2009-0675 CVE-2009-0676 CVE-2009-0745 CVE-2009-0834 CVE-2009-0859 CVE-2009-1046 CVE-2009-1192 CVE-2009-1242 CVE-2009-1265 CVE-2009-1337 CVE-2009-1338 CVE-2009-1439 | Version: | 5 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | linux-2.6.24 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13582 | |||
Oval ID: | oval:org.mitre.oval:def:13582 | ||
Title: | DSA-1844-1 linux-2.6.24 -- denial of service/privilege escalation | ||
Description: | Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-1385 Neil Horman discovered a missing fix from the e1000 network driver. A remote user may cause a denial of service by way of a kernel panic triggered by specially crafted frame sizes. CVE-2009-1389 Michael Tokarev discovered an issue in the r8169 network driver. Remote users on the same LAN may cause a denial of service by way of a kernel panic triggered by receiving a large size frame. CVE-2009-1630 Frank Filz discovered that local users may be able to execute files without execute permission when accessed via an nfs4 mount. CVE-2009-1633 Jeff Layton and Suresh Jayaraman fixed several buffer overflows in the CIFS filesystem which allow remote servers to cause memory corruption. CVE-2009-1895 Julien Tinnes and Tavis Ormandy reported and issue in the Linux vulnerability code. Local users can take advantage of a setuid binary that can either be made to dereference a NULL pointer or drop privileges and return control to the user. This allows a user to bypass mmap_min_addr restrictions which can be exploited to execute arbitrary code. CVE-2009-1914 Mikulas Patocka discovered an issue in sparc64 kernels that allows local users to cause a denial of service by reading the /proc/iomem file. CVE-2009-1961 Miklos Szeredi reported an issue in the ocfs2 filesystem. Local users can create a denial of service using a particular sequence of splice system calls. CVE-2009-2406 CVE-2009-2407 Ramon de Carvalho Valle discovered two issues with the eCryptfs layered filesystem using the fsfuzzer utility. A local user with permissions to perform an eCryptfs mount may modify the contents of a eCryptfs file, overflowing the stack and potentially gaining elevated privileges. For the stable distribution, these problems have been fixed in version 2.6.24-6~etchnhalf.8etch2. We recommend that you upgrade your linux-2.6.24 packages. Note: Debian "etch" includes linux kernel packages based upon both the 2.6.18 and 2.6.24 linux releases. All known security issues are carefully tracked against both packages and both packages will receive security updates until security support for Debian "etch" concludes. However, given the high frequency at which low-severity security issues are discovered in the kernel and the resource requirements of doing an update, lower severity 2.6.18 and 2.6.24 updates will typically release in a staggered or "leap-frog" fashion. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1844-1 CVE-2009-1385 CVE-2009-1389 CVE-2009-1630 CVE-2009-1633 CVE-2009-1895 CVE-2009-1914 CVE-2009-1961 CVE-2009-2406 CVE-2009-2407 | Version: | 5 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | linux-2.6.24 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13681 | |||
Oval ID: | oval:org.mitre.oval:def:13681 | ||
Title: | DSA-1859-1 libxml2 -- several | ||
Description: | Rauli Kaksonen, Tero Rontti and Jukka Taimisto discovered several vulnerabilities in libxml2, a library for parsing and handling XML data files, which can lead to denial of service conditions or possibly arbitrary code execution in the application using the library. The Common Vulnerabilities and Exposures project identifies the following problems: An XML document with specially-crafted Notation or Enumeration attribute types in a DTD definition leads to the use of a pointers to memory areas which have already been freed. Missing checks for the depth of ELEMENT DTD definitions when parsing child content can lead to extensive stack-growth due to a function recursion which can be triggered via a crafted XML document. For the oldstable distribution, this problem has been fixed in version 2.6.27.dfsg-6+etch1. For the stable distribution, this problem has been fixed in version 2.6.32.dfsg-5+lenny1. For the testing and unstable distribution, this problem will be fixed soon. We recommend that you upgrade your libxml2 packages. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1859-1 CVE-2009-2416 CVE-2009-2414 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 4.0 | Product(s): | libxml2 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13686 | |||
Oval ID: | oval:org.mitre.oval:def:13686 | ||
Title: | DSA-1794-1 linux-2.6 -- denial of service/privilege escalation/information leak | ||
Description: | Several vulnerabilities have been discovered in the Linux kernel that may lead to denial of service, privilege escalation, or information leak. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-4307 Bryn M. Reeves reported a denial of service in the NFS filesystem. Local users can trigger a kernel BUG due to a race condition in the do_setlk function. CVE-2008-5395 Helge Deller discovered a denial of service condition that allows local users on PA-RISC to crash the system by attempting to unwind a stack containing userspace addresses. CVE-2008-5701 Vlad Malov reported an issue on 64-bit MIPS where a local user could cause a system crash by crafting a malicious binary which makes o32 syscalls with a number less than 4000. CVE-2008-5702 Zvonimir Rakamaric reported an off-by-one error in the ib700wdt watchdog driver which allows local users to cause a buffer underflow by making a specially crafted WDIOC_SETTIMEOUT ioctl call. CVE-2008-5713 Flavio Leitner discovered that a local user can cause a denial of service by generating large amounts of traffic on a large SMP system, resulting in soft lockups. CVE-2009-0028 Chris Evans discovered a situation in which a child process can send an arbitrary signal to its parent. CVE-2009-0029 Christian Borntraeger discovered an issue affecting the alpha, mips, powerpc, s390 and sparc64 architectures that allows local users to cause a denial of service or potentially gain elevated privileges. CVE-2009-0031 Vegard Nossum discovered a memory leak in the keyctl subsystem that allows local users to cause a denial of service by consuming all available kernel memory. CVE-2009-0065 Wei Yongjun discovered a memory overflow in the SCTP implementation that can be triggered by remote users, permitting remote code execution. CVE-2009-0322 Pavel Roskin provided a fix for an issue in the dell_rbu driver that allows a local user to cause a denial of service by reading 0 byts from a sysfs entry. CVE-2009-0675 Roel Kluin discovered inverted logic in the skfddi driver that permits local, unprivileged users to reset the driver statistics. CVE-2009-0676 Clement LECIGNE discovered a bug in the sock_getsockopt function that may result in leaking sensitive kernel memory. CVE-2009-0834 Roland McGrath discovered an issue on amd64 kernels that allows local users to circumvent system call audit configurations which filter based on the syscall numbers or argument details. CVE-2009-0859 Jiri Olsa discovered that a local user can cause a denial of service using a SHM_INFO shmctl call on kernels compiled with CONFIG_SHMEM disabled. This issue does not affect prebuilt Debian kernels. CVE-2009-1192 Shaohua Li reported an issue in the AGP subsystem they may allow local users to read sensitive kernel memory due to a leak of uninitialised memory. CVE-2009-1265 Thomas Pollet reported an overflow in the af_rose implementation that allows remote attackers to retrieve uninitialised kernel memory that may contain sensitive data. CVE-2009-1336 Trond Myklebust reported an issue in the encode_lookup function in the nfs server subsystem that allows local users to cause a denial of service by use of a long filename. CVE-2009-1337 Oleg Nesterov discovered an issue in the exit_notify function that allows local users to send an arbitrary signal to a process by running a program that modifies the exit_signal field and then uses an exec system call to launch a setuid application. CVE-2009-1439 Pavan Naregundi reported an issue in the CIFS filesystem code that allows remote users to overwrite memory via a long nativeFileSystem field in a Tree Connect response during mount. For the oldstable distribution, this problem has been fixed in version 2.6.18.dfsg.1-24etch2. We recommend that you upgrade your linux-2.6, fai-kernels, and user-mode-linux packages. Note: Debian carefully tracks all known security issues across every linux kernel package in all releases under active security support. However, given the high frequency at which low-severity security issues are discovered in the kernel and the resource requirements of doing an update, updates for lower priority issues will normally not be released for all kernels at the same time. Rather, they will be released in a staggered or "leap-frog" fashion. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1794-1 CVE-2008-4307 CVE-2008-5395 CVE-2008-5701 CVE-2008-5702 CVE-2008-5713 CVE-2009-0028 CVE-2009-0029 CVE-2009-0031 CVE-2009-0065 CVE-2009-0322 CVE-2009-0675 CVE-2009-0676 CVE-2009-0834 CVE-2009-0859 CVE-2009-1192 CVE-2009-1265 CVE-2009-1336 CVE-2009-1337 CVE-2009-1439 | Version: | 7 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | linux-2.6 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13712 | |||
Oval ID: | oval:org.mitre.oval:def:13712 | ||
Title: | DSA-1861-1 libxml -- several | ||
Description: | Rauli Kaksonen, Tero Rontti and Jukka Taimisto discovered several vulnerabilities in libxml, a library for parsing and handling XML data files, which can lead to denial of service conditions or possibly arbitrary code execution in the application using the library. The Common Vulnerabilities and Exposures project identifies the following problems: An XML document with specially-crafted Notation or Enumeration attribute types in a DTD definition leads to the use of a pointers to memory areas which have already been freed. Missing checks for the depth of ELEMENT DTD definitions when parsing child content can lead to extensive stack-growth due to a function recursion which can be triggered via a crafted XML document. For the oldstable distribution, this problem has been fixed in version 1.8.17-14+etch1. The stable, testing and unstable distribution do not contain libxml anymore but libxml2 for which DSA-1859-1 has been released. We recommend that you upgrade your libxml packages. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1861-1 CVE-2009-2416 CVE-2009-2414 | Version: | 5 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | libxml |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13755 | |||
Oval ID: | oval:org.mitre.oval:def:13755 | ||
Title: | DSA-1847-1 bind9 -- improper assert | ||
Description: | It was discovered that the BIND DNS server terminates when processing a specially crafted dynamic DNS update. This vulnerability affects all BIND servers which serve at least one DNS zone authoritatively, as a master, even if dynamic updates are not enabled. The default Debian configuration for resolvers includes several authoritative zones, too, so resolvers are also affected by this issue unless these zones have been removed. For the old stable distribution, this problem has been fixed in version 9.3.4-2etch5. For the stable distribution, this problem has been fixed in version 9.5.1.dfsg.P3-1. For the unstable distribution, this problem has been fixed in version 1:9.6.1.dfsg.P1-1. We recommend that you upgrade your bind9 packages. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1847-1 CVE-2009-0696 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 4.0 | Product(s): | bind9 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13787 | |||
Oval ID: | oval:org.mitre.oval:def:13787 | ||
Title: | USN-788-1 -- tomcat6 vulnerabilities | ||
Description: | Iida Minehiko discovered that Tomcat did not properly normalise paths. A remote attacker could send specially crafted requests to the server and bypass security restrictions, gaining access to sensitive content. Yoshihito Fukuyama discovered that Tomcat did not properly handle errors when the Java AJP connector and mod_jk load balancing are used. A remote attacker could send specially crafted requests containing invalid headers to the server and cause a temporary denial of service. D. Matscheko and T. Hackner discovered that Tomcat did not properly handle malformed URL encoding of passwords when FORM authentication is used. A remote attacker could exploit this in order to enumerate valid usernames. Deniz Cevik discovered that Tomcat did not properly escape certain parameters in the example calendar application which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain. Philippe Prados discovered that Tomcat allowed web applications to replace the XML parser used by other web applications. Local users could exploit this to bypass security restrictions and gain access to certain sensitive files | ||
Family: | unix | Class: | patch |
Reference(s): | USN-788-1 CVE-2008-5515 CVE-2009-0033 CVE-2009-0580 CVE-2009-0781 CVE-2009-0783 | Version: | 5 |
Platform(s): | Ubuntu 8.10 Ubuntu 9.04 | Product(s): | tomcat6 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17381 | |||
Oval ID: | oval:org.mitre.oval:def:17381 | ||
Title: | USN-632-1 -- python2.4, python2.5 vulnerabilities | ||
Description: | It was discovered that there were new integer overflows in the imageop module. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-632-1 CVE-2008-1679 CVE-2008-1721 CVE-2008-1887 CVE-2008-2315 CVE-2008-2316 CVE-2008-3142 CVE-2008-3143 CVE-2008-3144 | Version: | 7 |
Platform(s): | Ubuntu 6.06 Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04 | Product(s): | python2.4 python2.5 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17622 | |||
Oval ID: | oval:org.mitre.oval:def:17622 | ||
Title: | USN-585-1 -- python2.4/2.5 vulnerabilities | ||
Description: | Piotr Engelking discovered that strxfrm in Python was not correctly calculating the size of the destination buffer. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-585-1 CVE-2007-2052 CVE-2007-4965 | Version: | 7 |
Platform(s): | Ubuntu 6.06 Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10 | Product(s): | python2.4 python2.5 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18430 | |||
Oval ID: | oval:org.mitre.oval:def:18430 | ||
Title: | DSA-1453-1 tomcat5 - several vulnerabilities | ||
Description: | Several remote vulnerabilities have been discovered in the Tomcat servlet and JSP engine. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1453-1 CVE-2007-3382 CVE-2007-3385 CVE-2007-5461 | Version: | 7 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | tomcat5 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:18481 | |||
Oval ID: | oval:org.mitre.oval:def:18481 | ||
Title: | DSA-1551-1 python2.4 - several vulnerabilities | ||
Description: | Several vulnerabilities have been discovered in the interpreter for the Python language. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1551-1 CVE-2007-2052 CVE-2007-4965 CVE-2008-1679 CVE-2008-1721 CVE-2008-1887 | Version: | 7 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | python2.4 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:18716 | |||
Oval ID: | oval:org.mitre.oval:def:18716 | ||
Title: | DSA-1447-1 tomcat5.5 several vulnerabilities | ||
Description: | Several remote vulnerabilities have been discovered in the Tomcat servlet and JSP engine. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1447-1 CVE-2007-3382 CVE-2007-3385 CVE-2007-3386 CVE-2007-5342 CVE-2007-5461 | Version: | 7 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | tomcat5.5 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:18913 | |||
Oval ID: | oval:org.mitre.oval:def:18913 | ||
Title: | HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other Vulnerabilities | ||
Description: | Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-0783 | Version: | 11 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:18915 | |||
Oval ID: | oval:org.mitre.oval:def:18915 | ||
Title: | HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other Vulnerabilities | ||
Description: | Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-0580 | Version: | 11 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:19110 | |||
Oval ID: | oval:org.mitre.oval:def:19110 | ||
Title: | HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other Vulnerabilities | ||
Description: | Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-0033 | Version: | 11 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:19316 | |||
Oval ID: | oval:org.mitre.oval:def:19316 | ||
Title: | DSA-1667-1 python2.4 - several vulnerabilities | ||
Description: | Several vulnerabilities have been discovered in the interpreter for the Python language. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1667-1 CVE-2008-2315 CVE-2008-3142 CVE-2008-3143 CVE-2008-3144 | Version: | 5 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | python2.4 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:19345 | |||
Oval ID: | oval:org.mitre.oval:def:19345 | ||
Title: | HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other Vulnerabilities | ||
Description: | Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-0781 | Version: | 12 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:19452 | |||
Oval ID: | oval:org.mitre.oval:def:19452 | ||
Title: | HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other Vulnerabilities | ||
Description: | Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-5515 | Version: | 11 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:19769 | |||
Oval ID: | oval:org.mitre.oval:def:19769 | ||
Title: | DSA-1984-1 libxerces2-java - denial of service | ||
Description: | It was discovered that libxerces2-java, a validating XML parser for Java, does not properly process malformed XML files. This vulnerability could allow an attacker to cause a denial of service while parsing a malformed XML file. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1984-1 CVE-2009-2625 | Version: | 5 |
Platform(s): | Debian GNU/Linux 4.0 Debian GNU/Linux 5.0 | Product(s): | libxerces2-java |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:19964 | |||
Oval ID: | oval:org.mitre.oval:def:19964 | ||
Title: | DSA-1593-1 tomcat5.5 | ||
Description: | It was discovered that the Host Manager web application performed insufficient input sanitising, which could lead to cross-site scripting. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1593-1 CVE-2008-1947 | Version: | 5 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | tomcat5.5 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:20167 | |||
Oval ID: | oval:org.mitre.oval:def:20167 | ||
Title: | DSA-1935-1 gnutls13 gnutls26 - SSL certificate | ||
Description: | Dan Kaminsky and Moxie Marlinspike discovered that gnutls, an implementation of the TLS/SSL protocol, does not properly handle a '\0' character in a domain name in the subject's Common Name or Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. (<a href="http://security-tracker.debian.org/tracker/CVE-2009-2730">CVE-2009-2730</a>) | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1935-1 CVE-2009-2409 CVE-2009-2730 | Version: | 5 |
Platform(s): | Debian GNU/Linux 4.0 Debian GNU/Linux 5.0 | Product(s): | gnutls13 gnutls26 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:20188 | |||
Oval ID: | oval:org.mitre.oval:def:20188 | ||
Title: | DSA-1620-1 python2.5 - several vulnerabilities | ||
Description: | Several vulnerabilities have been discovered in the interpreter for the Python language. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1620-1 CVE-2007-2052 CVE-2007-4965 CVE-2008-1679 CVE-2008-1721 CVE-2008-1887 | Version: | 5 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | python2.5 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:21833 | |||
Oval ID: | oval:org.mitre.oval:def:21833 | ||
Title: | ELSA-2009:0392: java-1.6.0-sun security update (Critical) | ||
Description: | The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier, and 5.0 Update 17 and earlier, allows remote attackers to trick a user into trusting a signed applet via unknown vectors that misrepresent the security warning dialog, related to a "Swing JLabel HTML parsing vulnerability," aka CR 6782871. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2009:0392-01 CVE-2006-2426 CVE-2009-1093 CVE-2009-1094 CVE-2009-1095 CVE-2009-1096 CVE-2009-1097 CVE-2009-1098 CVE-2009-1099 CVE-2009-1100 CVE-2009-1101 CVE-2009-1102 CVE-2009-1103 CVE-2009-1104 CVE-2009-1105 CVE-2009-1106 CVE-2009-1107 | Version: | 69 |
Platform(s): | Oracle Linux 5 | Product(s): | java-1.6.0-sun |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21986 | |||
Oval ID: | oval:org.mitre.oval:def:21986 | ||
Title: | RHSA-2011:0858: xerces-j2 security update (Moderate) | ||
Description: | XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2011:0858-01 CVE-2009-2625 | Version: | 4 |
Platform(s): | Red Hat Enterprise Linux 6 | Product(s): | xerces-j2 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22708 | |||
Oval ID: | oval:org.mitre.oval:def:22708 | ||
Title: | ELSA-2009:0394: java-1.5.0-sun security update (Critical) | ||
Description: | The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier, and 5.0 Update 17 and earlier, allows remote attackers to trick a user into trusting a signed applet via unknown vectors that misrepresent the security warning dialog, related to a "Swing JLabel HTML parsing vulnerability," aka CR 6782871. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2009:0394-01 CVE-2006-2426 CVE-2009-1093 CVE-2009-1094 CVE-2009-1095 CVE-2009-1096 CVE-2009-1098 CVE-2009-1099 CVE-2009-1100 CVE-2009-1103 CVE-2009-1104 CVE-2009-1107 | Version: | 49 |
Platform(s): | Oracle Linux 5 | Product(s): | java-1.5.0-sun |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22710 | |||
Oval ID: | oval:org.mitre.oval:def:22710 | ||
Title: | ELSA-2009:1236: java-1.5.0-ibm security update (Critical) | ||
Description: | Integer overflow in the unpack200 utility in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows context-dependent attackers to gain privileges via unspecified length fields in the header of a Pack200-compressed JAR file, which leads to a heap-based buffer overflow during decompression. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2009:1236-01 CVE-2009-2625 CVE-2009-2670 CVE-2009-2671 CVE-2009-2672 CVE-2009-2673 CVE-2009-2675 | Version: | 29 |
Platform(s): | Oracle Linux 5 | Product(s): | java-1.5.0-ibm |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22718 | |||
Oval ID: | oval:org.mitre.oval:def:22718 | ||
Title: | ELSA-2009:0377: java-1.6.0-openjdk security update (Important) | ||
Description: | Unspecified vulnerability in the Virtual Machine in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to "code generation." | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2009:0377-01 CVE-2006-2426 CVE-2009-0581 CVE-2009-0723 CVE-2009-0733 CVE-2009-0793 CVE-2009-1093 CVE-2009-1094 CVE-2009-1095 CVE-2009-1096 CVE-2009-1097 CVE-2009-1098 CVE-2009-1101 CVE-2009-1102 | Version: | 57 |
Platform(s): | Oracle Linux 5 | Product(s): | java-1.6.0-openjdk |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22743 | |||
Oval ID: | oval:org.mitre.oval:def:22743 | ||
Title: | ELSA-2009:1206: libxml and libxml2 security update (Moderate) | ||
Description: | Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2009:1206-01 CVE-2009-2414 CVE-2009-2416 | Version: | 13 |
Platform(s): | Oracle Linux 5 | Product(s): | libxml libxml2 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22748 | |||
Oval ID: | oval:org.mitre.oval:def:22748 | ||
Title: | ELSA-2009:1232: gnutls security update (Moderate) | ||
Description: | libgnutls in GnuTLS before 2.8.2 does not properly handle a '\0' character in a domain name in the subject's (1) Common Name (CN) or (2) Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2009:1232-01 CVE-2009-2730 | Version: | 6 |
Platform(s): | Oracle Linux 5 | Product(s): | gnutls |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22809 | |||
Oval ID: | oval:org.mitre.oval:def:22809 | ||
Title: | ELSA-2009:1176: python security update (Moderate) | ||
Description: | Multiple integer overflows in Python 2.2.3 through 2.5.1, and 2.6, allow context-dependent attackers to have an unknown impact via a large integer value in the tabsize argument to the expandtabs method, as implemented by (1) the string_expandtabs function in Objects/stringobject.c and (2) the unicode_expandtabs function in Objects/unicodeobject.c. NOTE: this vulnerability reportedly exists because of an incomplete fix for CVE-2008-2315. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2009:1176-01 CVE-2007-2052 CVE-2007-4965 CVE-2008-1721 CVE-2008-1887 CVE-2008-2315 CVE-2008-3142 CVE-2008-3143 CVE-2008-3144 CVE-2008-4864 CVE-2008-5031 | Version: | 45 |
Platform(s): | Oracle Linux 5 | Product(s): | python |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22863 | |||
Oval ID: | oval:org.mitre.oval:def:22863 | ||
Title: | ELSA-2009:1209: curl security update (Moderate) | ||
Description: | lib/ssluse.c in cURL and libcurl 7.4 through 7.19.5, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2009:1209-01 CVE-2009-2417 | Version: | 6 |
Platform(s): | Oracle Linux 5 | Product(s): | curl |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22864 | |||
Oval ID: | oval:org.mitre.oval:def:22864 | ||
Title: | ELSA-2009:1179: bind security update (Important) | ||
Description: | The dns_db_findrdataset function in db.c in named in ISC BIND 9.4 before 9.4.3-P3, 9.5 before 9.5.1-P3, and 9.6 before 9.6.1-P1, when configured as a master server, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an ANY record in the prerequisite section of a crafted dynamic update message, as exploited in the wild in July 2009. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2009:1179-02 CVE-2009-0696 | Version: | 6 |
Platform(s): | Oracle Linux 5 | Product(s): | bind |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22874 | |||
Oval ID: | oval:org.mitre.oval:def:22874 | ||
Title: | ELSA-2009:1039: ntp security update (Important) | ||
Description: | Stack-based buffer overflow in the crypto_recv function in ntp_crypto.c in ntpd in NTP before 4.2.4p7 and 4.2.5 before 4.2.5p74, when OpenSSL and autokey are enabled, allows remote attackers to execute arbitrary code via a crafted packet containing an extension field. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2009:1039-01 CVE-2009-0159 CVE-2009-1252 | Version: | 13 |
Platform(s): | Oracle Linux 5 | Product(s): | ntp |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22921 | |||
Oval ID: | oval:org.mitre.oval:def:22921 | ||
Title: | ELSA-2009:1505: java-1.4.2-ibm security update (Moderate) | ||
Description: | XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2009:1505-01 CVE-2008-5349 CVE-2009-2625 | Version: | 13 |
Platform(s): | Oracle Linux 5 | Product(s): | java-1.4.2-ibm |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22974 | |||
Oval ID: | oval:org.mitre.oval:def:22974 | ||
Title: | ELSA-2009:1582: java-1.6.0-ibm security update (Critical) | ||
Description: | Unspecified vulnerability in JNLPAppletlauncher in Sun Java SE, and SE for Business, in JDK and JRE 6 Update 14 and earlier and JDK and JRE 5.0 Update 19 and earlier; and Java SE for Business in SDK and JRE 1.4.2_21 and earlier; allows remote attackers to create or modify arbitrary files via vectors involving an untrusted Java applet that accesses an old version of JNLPAppletLauncher. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2009:1582-01 CVE-2009-2625 CVE-2009-2670 CVE-2009-2671 CVE-2009-2672 CVE-2009-2673 CVE-2009-2674 CVE-2009-2675 CVE-2009-2676 | Version: | 37 |
Platform(s): | Oracle Linux 5 | Product(s): | java-1.6.0-ibm |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:23026 | |||
Oval ID: | oval:org.mitre.oval:def:23026 | ||
Title: | ELSA-2009:1615: xerces-j2 security update (Moderate) | ||
Description: | XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2009:1615-01 CVE-2009-2625 | Version: | 6 |
Platform(s): | Oracle Linux 5 | Product(s): | xerces-j2 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:23701 | |||
Oval ID: | oval:org.mitre.oval:def:23701 | ||
Title: | ELSA-2011:0858: xerces-j2 security update (Moderate) | ||
Description: | XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011:0858-01 CVE-2009-2625 | Version: | 6 |
Platform(s): | Oracle Linux 6 | Product(s): | xerces-j2 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:27576 | |||
Oval ID: | oval:org.mitre.oval:def:27576 | ||
Title: | DEPRECATED: ELSA-2011-0858 -- xerces-j2 security update (moderate) | ||
Description: | [0:2.7.1-12.6] - Add xerces-j2-CVE-2009-2625.patch - Resolves: rhbz#690931 CVE-2009-2625 | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011-0858 CVE-2009-2625 | Version: | 4 |
Platform(s): | Oracle Linux 6 | Product(s): | xerces-j2 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:28627 | |||
Oval ID: | oval:org.mitre.oval:def:28627 | ||
Title: | RHSA-2009:1222 -- kernel security and bug fix update (Important) | ||
Description: | Updated kernel packages that fix two security issues and a bug are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2009:1222 CESA-2009:1222-CentOS 5 CVE-2009-2692 CVE-2009-2698 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | kernel |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:28958 | |||
Oval ID: | oval:org.mitre.oval:def:28958 | ||
Title: | RHSA-2009:1206 -- libxml and libxml2 security update (Moderate) | ||
Description: | Updated libxml and libxml2 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. libxml is a library for parsing and manipulating XML files. A Document Type Definition (DTD) defines the legal syntax (and also which elements can be used) for certain types of files, such as XML files. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2009:1206 CESA-2009:1206-CentOS 3 CESA-2009:1206-CentOS 5 CVE-2009-2414 CVE-2009-2416 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 3 CentOS Linux 5 | Product(s): | libxml libxml2 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:29047 | |||
Oval ID: | oval:org.mitre.oval:def:29047 | ||
Title: | RHSA-2009:1615 -- xerces-j2 security update (Moderate) | ||
Description: | Updated xerces-j2 packages that fix a security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The xerces-j2 packages provide the Apache Xerces2 Java Parser, a high-performance XML parser. A Document Type Definition (DTD) defines the legal syntax (and also which elements can be used) for certain types of files, such as XML files. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2009:1615 CESA-2009:1615-CentOS 5 CVE-2009-2625 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | xerces-j2 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:29134 | |||
Oval ID: | oval:org.mitre.oval:def:29134 | ||
Title: | RHSA-2009:1209 -- curl security update (Moderate) | ||
Description: | Updated curl packages that fix security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. cURL is a tool for getting files from FTP, HTTP, Gopher, Telnet, and Dict servers, using any of the supported protocols. cURL is designed to work without user interaction or any kind of interactivity. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2009:1209 CESA-2009:1209-CentOS 3 CESA-2009:1209-CentOS 5 CVE-2009-2417 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 3 CentOS Linux 5 | Product(s): | curl |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:29153 | |||
Oval ID: | oval:org.mitre.oval:def:29153 | ||
Title: | RHSA-2009:1243 -- Red Hat Enterprise Linux 5.4 kernel security and bug fix update (Important) | ||
Description: | Updated kernel packages that fix security issues, address several hundred bugs and add numerous enhancements are now available as part of the ongoing support and maintenance of Red Hat Enterprise Linux version 5. This is the fourth regular update. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2009:1243 CESA-2009:1243-CentOS 5 CVE-2009-0745 CVE-2009-0746 CVE-2009-0747 CVE-2009-0748 CVE-2009-2847 CVE-2009-2848 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | kernel |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:29154 | |||
Oval ID: | oval:org.mitre.oval:def:29154 | ||
Title: | RHSA-2009:1193 -- kernel security and bug fix update (Important) | ||
Description: | Updated kernel packages that fix several security issues and several bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2009:1193 CESA-2009:1193-CentOS 5 CVE-2007-5966 CVE-2009-1385 CVE-2009-1388 CVE-2009-1389 CVE-2009-1895 CVE-2009-2406 CVE-2009-2407 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | kernel |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:29277 | |||
Oval ID: | oval:org.mitre.oval:def:29277 | ||
Title: | RHSA-2009:0377 -- java-1.6.0-openjdk security update (Important) | ||
Description: | Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. The Java Runtime Environment (JRE) contains the software and tools that users need to run applications written using the Java programming language. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2009:0377 CESA-2009:0377-CentOS 5 CVE-2006-2426 CVE-2009-0581 CVE-2009-0723 CVE-2009-0733 CVE-2009-0793 CVE-2009-1093 CVE-2009-1094 CVE-2009-1095 CVE-2009-1096 CVE-2009-1097 CVE-2009-1098 CVE-2009-1101 CVE-2009-1102 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | java-1.6.0-openjdk |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:29281 | |||
Oval ID: | oval:org.mitre.oval:def:29281 | ||
Title: | RHSA-2009:1232 -- gnutls security update (Moderate) | ||
Description: | Updated gnutls packages that fix a security issue are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security (TLS). | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2009:1232 CVE-2009-2730 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 4 | Product(s): | gnutls |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:29294 | |||
Oval ID: | oval:org.mitre.oval:def:29294 | ||
Title: | RHSA-2009:1176 -- python security update (Moderate) | ||
Description: | Updated python packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Python is an interpreted, interactive, object-oriented programming language. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2009:1176 CESA-2009:1176-CentOS 5 CVE-2007-2052 CVE-2007-4965 CVE-2008-1721 CVE-2008-1887 CVE-2008-2315 CVE-2008-3142 CVE-2008-3143 CVE-2008-3144 CVE-2008-4864 CVE-2008-5031 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | python |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:29446 | |||
Oval ID: | oval:org.mitre.oval:def:29446 | ||
Title: | RHSA-2009:0473 -- kernel security and bug fix update (Important) | ||
Description: | Updated kernel packages that fix several security issues and several bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2009:0473 CESA-2009:0473-CentOS 5 CVE-2008-4307 CVE-2009-0787 CVE-2009-0834 CVE-2009-1336 CVE-2009-1337 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | kernel |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:29463 | |||
Oval ID: | oval:org.mitre.oval:def:29463 | ||
Title: | RHSA-2009:1039 -- ntp security update (Important) | ||
Description: | An updated ntp package that fixes two security issues is now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2009:1039 CESA-2009:1039-CentOS 5 CVE-2009-0159 CVE-2009-1252 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | ntp |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:5411 | |||
Oval ID: | oval:org.mitre.oval:def:5411 | ||
Title: | HP-UX Running XNTP, Remote Execution of Arbitrary Code | ||
Description: | Stack-based buffer overflow in the cookedprint function in ntpq/ntpq.c in ntpq in NTP before 4.2.4p7-RC2 allows remote NTP servers to execute arbitrary code via a crafted response. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-0159 | Version: | 11 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:5726 | |||
Oval ID: | oval:org.mitre.oval:def:5726 | ||
Title: | Integer signedness error in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) | ||
Description: | Integer signedness error in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via crafted glyph descriptions in a Type1 font, which bypasses a signed comparison and triggers a buffer overflow. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-1099 | Version: | 3 |
Platform(s): | VMWare ESX Server 3.5 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:5739 | |||
Oval ID: | oval:org.mitre.oval:def:5739 | ||
Title: | HP-UX Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Unauthorized Access | ||
Description: | Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-0033 | Version: | 9 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:5876 | |||
Oval ID: | oval:org.mitre.oval:def:5876 | ||
Title: | Security vulnerability in the RequestDispatcher class in Tomcat 5.5 bundled with Solaris 9 and Solaris 10 may lead to Directory Traversal. | ||
Description: | Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-2370 | Version: | 1 |
Platform(s): | Sun Solaris 9 Sun Solaris 10 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:5985 | |||
Oval ID: | oval:org.mitre.oval:def:5985 | ||
Title: | Security vulnerability in the HttpServletResponse.sendError method in Tomcat 5.5 bundled with Solaris 9 and Solaris 10 may lead to Cross Site Scripting (XSS). | ||
Description: | Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-1232 | Version: | 1 |
Platform(s): | Sun Solaris 9 Sun Solaris 10 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6008 | |||
Oval ID: | oval:org.mitre.oval:def:6008 | ||
Title: | Buffer Overflow Vulnerabilities in the Java Runtime Environment (JRE) with Processing Image Files and Fonts may Allow Privileges to be Escalated | ||
Description: | Buffer overflow in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files or execute arbitrary code via a crafted GIF image, aka CR 6804998. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-1098 | Version: | 3 |
Platform(s): | VMWare ESX Server 3.5 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:6009 | |||
Oval ID: | oval:org.mitre.oval:def:6009 | ||
Title: | Security vulnerability in the Virtual Host Manager in Tomcat 5.5 bundled with Solaris 9 and Solaris 10 may lead to Cross Site Scripting (XSS). | ||
Description: | Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-1947 | Version: | 1 |
Platform(s): | Sun Solaris 9 Sun Solaris 10 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6224 | |||
Oval ID: | oval:org.mitre.oval:def:6224 | ||
Title: | Java Runtime Environment (JRE) Flaws in Storing and Processing Temporary Font Files Let Remote Users Deny Service | ||
Description: | Multiple unspecified vulnerabilities in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allow remote attackers to cause a denial of service (disk consumption) via vectors related to temporary font files and (1) "limits on Font creation," aka CR 6522586, and (2) another unspecified vector, aka CR 6632886. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-1100 | Version: | 3 |
Platform(s): | VMWare ESX Server 3.5 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:6288 | |||
Oval ID: | oval:org.mitre.oval:def:6288 | ||
Title: | Java Runtime Environment (JRE) Buffer Overflow in Processing Image Files and Fonts Lets Remote Users Gain Privileges on the Target System | ||
Description: | Multiple buffer overflows in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allow remote attackers to access files or execute arbitrary code via (1) a crafted PNG image that triggers an integer overflow during memory allocation for display on the splash screen, aka CR 6804996; and (2) a crafted GIF image from which unspecified values are used in calculation of offsets, leading to object-pointer corruption, aka CR 6804997. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-1097 | Version: | 3 |
Platform(s): | VMWare ESX Server 3.5 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:6307 | |||
Oval ID: | oval:org.mitre.oval:def:6307 | ||
Title: | HP-UX Running XNTP, Remote Execution of Arbitrary Code | ||
Description: | Stack-based buffer overflow in the crypto_recv function in ntp_crypto.c in ntpd in NTP before 4.2.4p7 and 4.2.5 before 4.2.5p74, when OpenSSL and autokey are enabled, allows remote attackers to execute arbitrary code via a crafted packet containing an extension field. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-1252 | Version: | 11 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6412 | |||
Oval ID: | oval:org.mitre.oval:def:6412 | ||
Title: | Java Runtime Environment (JRE) HTTP Server Bug Lets Remote Users Deny Service | ||
Description: | Unspecified vulnerability in the lightweight HTTP server implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to cause a denial of service (probably resource consumption) for a JAX-WS service endpoint via a connection without any data, which triggers a file descriptor "leak." | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-1101 | Version: | 3 |
Platform(s): | VMWare ESX Server 3.5 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:6445 | |||
Oval ID: | oval:org.mitre.oval:def:6445 | ||
Title: | HP-UX Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Unauthorized Access | ||
Description: | Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-5515 | Version: | 9 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6450 | |||
Oval ID: | oval:org.mitre.oval:def:6450 | ||
Title: | HP-UX Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Unauthorized Access | ||
Description: | Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-0783 | Version: | 9 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6542 | |||
Oval ID: | oval:org.mitre.oval:def:6542 | ||
Title: | Java Plug-in Bugs Lets Remote Users Gain Privileges | ||
Description: | Unspecified vulnerability in the Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to "deserializing applets," aka CR 6646860. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-1103 | Version: | 3 |
Platform(s): | VMWare ESX Server 3.5 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:6564 | |||
Oval ID: | oval:org.mitre.oval:def:6564 | ||
Title: | HP-UX Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Unauthorized Access | ||
Description: | Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-0781 | Version: | 9 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6584 | |||
Oval ID: | oval:org.mitre.oval:def:6584 | ||
Title: | Sun Java Runtime Environment Java Plug-in Javascript code unauthorized access | ||
Description: | The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; and 1.4.2_19 and earlier does not prevent Javascript that is loaded from the localhost from connecting to other ports on the system, which allows user-assisted attackers to bypass intended access restrictions via LiveConnect, aka CR 6724331. NOTE: this vulnerability can be leveraged with separate cross-site scripting (XSS) vulnerabilities for remote attack vectors. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-1104 | Version: | 3 |
Platform(s): | VMWare ESX Server 3.5 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:6585 | |||
Oval ID: | oval:org.mitre.oval:def:6585 | ||
Title: | Sun Java Runtime Environment Java Plug-in signed applet unauthorized access | ||
Description: | The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier, and 5.0 Update 17 and earlier, allows remote attackers to trick a user into trusting a signed applet via unknown vectors that misrepresent the security warning dialog, related to a "Swing JLabel HTML parsing vulnerability," aka CR 6782871. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-1107 | Version: | 3 |
Platform(s): | VMWare ESX Server 3.5 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:6598 | |||
Oval ID: | oval:org.mitre.oval:def:6598 | ||
Title: | Sun Java Runtime Environment and Java Development Kit Multiple Security Vulnerabilities | ||
Description: | Unspecified vulnerability in the LDAP implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier allows remote LDAP servers to execute arbitrary code via unknown vectors related to serialized data. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-1094 | Version: | 3 |
Platform(s): | VMWare ESX Server 3.5 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:6619 | |||
Oval ID: | oval:org.mitre.oval:def:6619 | ||
Title: | Sun Java Runtime Environment Java Plug-in crossdomain.xml information disclosure | ||
Description: | The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12, 11, and 10 does not properly parse crossdomain.xml files, which allows remote attackers to bypass intended access restrictions and connect to arbitrary sites via unknown vectors, aka CR 6798948. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-1106 | Version: | 3 |
Platform(s): | VMWare ESX Server 3.5 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:6628 | |||
Oval ID: | oval:org.mitre.oval:def:6628 | ||
Title: | HP-UX Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Unauthorized Access | ||
Description: | Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-0580 | Version: | 9 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6642 | |||
Oval ID: | oval:org.mitre.oval:def:6642 | ||
Title: | Sun Java Runtime Environment Java Plug-in weak security | ||
Description: | The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12, 11, and 10 allows user-assisted remote attackers to cause a trusted applet to run in an older JRE version, which can be used to exploit vulnerabilities in that older version, aka CR 6706490. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-1105 | Version: | 3 |
Platform(s): | VMWare ESX Server 3.5 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:6643 | |||
Oval ID: | oval:org.mitre.oval:def:6643 | ||
Title: | Java Runtime Environment Buffer Overflows in unpack200 Utility Lets Remote Users Execute Arbitrary Code | ||
Description: | Integer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-1095 | Version: | 3 |
Platform(s): | VMWare ESX Server 3.5 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:6659 | |||
Oval ID: | oval:org.mitre.oval:def:6659 | ||
Title: | Integer and Buffer Overflow Vulnerabilities in the Java Runtime Environment (JRE) "unpack200" JAR Unpacking Utility May Lead to Escalation of Privileges | ||
Description: | Buffer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-1096 | Version: | 3 |
Platform(s): | VMWare ESX Server 3.5 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:6676 | |||
Oval ID: | oval:org.mitre.oval:def:6676 | ||
Title: | Java Runtime Environment LDAP Implementation Bugs Lets Remote Users Deny Service and Execute Arbitrary Code | ||
Description: | LdapCtx in the LDAP service in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier does not close the connection when initialization fails, which allows remote attackers to cause a denial of service (LDAP service hang). | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-1093 | Version: | 3 |
Platform(s): | VMWare ESX Server 3.5 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:6722 | |||
Oval ID: | oval:org.mitre.oval:def:6722 | ||
Title: | Java Runtime Environment (JRE) Virtual Machine Lets Remote Users Read/Write Files and Execute Local Applications | ||
Description: | Unspecified vulnerability in the Virtual Machine in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to "code generation." | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-1102 | Version: | 3 |
Platform(s): | VMWare ESX Server 3.5 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:7282 | |||
Oval ID: | oval:org.mitre.oval:def:7282 | ||
Title: | DSA-1869 curl -- insufficient input validation | ||
Description: | It was discovered that curl, a client and library to get files from servers using HTTP, HTTPS or FTP, is vulnerable to the "Null Prefix Attacks Against SSL/TLS Certificates" recently published at the Blackhat conference. This allows an attacker to perform undetected man-in-the-middle attacks via a crafted ITU-T X.509 certificate with an injected null byte in the Common Name field. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1869 CVE-2009-2417 | Version: | 3 |
Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 4.0 | Product(s): | curl |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:7306 | |||
Oval ID: | oval:org.mitre.oval:def:7306 | ||
Title: | DSA-1984 libxerces2-java -- denial of service | ||
Description: | It was discovered that libxerces2-java, a validating XML parser for Java, does not properly process malformed XML files. This vulnerability could allow an attacker to cause a denial of service while parsing a malformed XML file. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1984 CVE-2009-2625 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 4.0 | Product(s): | libxerces2-java |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:7720 | |||
Oval ID: | oval:org.mitre.oval:def:7720 | ||
Title: | VMware python multiple integer overflows vulnerability | ||
Description: | Multiple integer overflows in Python before 2.5.2 might allow context-dependent attackers to have an unknown impact via vectors related to (1) Include/pymem.h; (2) _csv.c, (3) _struct.c, (4) arraymodule.c, (5) audioop.c, (6) binascii.c, (7) cPickle.c, (8) cStringIO.c, (9) cjkcodecs/multibytecodec.c, (10) datetimemodule.c, (11) md5.c, (12) rgbimgmodule.c, and (13) stropmodule.c in Modules/; (14) bufferobject.c, (15) listobject.c, and (16) obmalloc.c in Objects/; (17) Parser/node.c; and (18) asdl.c, (19) ast.c, (20) bltinmodule.c, and (21) compile.c in Python/, as addressed by "checks for integer overflows, contributed by Google." | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-3143 | Version: | 4 |
Platform(s): | VMWare ESX Server 3 VMWare ESX Server 3.5 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:7725 | |||
Oval ID: | oval:org.mitre.oval:def:7725 | ||
Title: | VMware python multiple integer overflows vulnerability in the PyOS_vsnprintf function | ||
Description: | Multiple integer overflows in the PyOS_vsnprintf function in Python/mysnprintf.c in Python 2.5.2 and earlier allow context-dependent attackers to cause a denial of service (memory corruption) or have unspecified other impact via crafted input to string formatting operations. NOTE: the handling of certain integer values is also affected by related integer underflows and an off-by-one error. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-3144 | Version: | 4 |
Platform(s): | VMWare ESX Server 3 VMWare ESX Server 3.5 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:7728 | |||
Oval ID: | oval:org.mitre.oval:def:7728 | ||
Title: | VMware kernel race condition in the do_setlk function vulnerability | ||
Description: | Race condition in the do_setlk function in fs/nfs/file.c in the Linux kernel before 2.6.26 allows local users to cause a denial of service (crash) via vectors resulting in an interrupted RPC call that leads to a stray FL_POSIX lock, related to improper handling of a race between fcntl and close in the EINTR case. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-4307 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:7734 | |||
Oval ID: | oval:org.mitre.oval:def:7734 | ||
Title: | VMware kernel drivers/firmware/dell_rbu.c vulnerability | ||
Description: | drivers/firmware/dell_rbu.c in the Linux kernel before 2.6.27.13, and 2.6.28.x before 2.6.28.2, allows local users to cause a denial of service (system crash) via a read system call that specifies zero bytes from the (1) image_type or (2) packet_size file in /sys/devices/platform/dell_rbu/. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-0322 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:7765 | |||
Oval ID: | oval:org.mitre.oval:def:7765 | ||
Title: | VMware kernel ext4_group_add function vulnerability | ||
Description: | The ext4_group_add function in fs/ext4/resize.c in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 does not properly initialize the group descriptor during a resize (aka resize2fs) operation, which might allow local users to cause a denial of service (OOPS) by arranging for crafted values to be present in available memory. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-0745 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:7783 | |||
Oval ID: | oval:org.mitre.oval:def:7783 | ||
Title: | VMware libxml2 use-after-free vulnerability | ||
Description: | Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-2416 | Version: | 4 |
Platform(s): | VMWare ESX Server 3 VMWare ESX Server 3.5 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:7794 | |||
Oval ID: | oval:org.mitre.oval:def:7794 | ||
Title: | DSA-1794 linux-2.6 -- denial of service/privilege escalation/information leak | ||
Description: | Several vulnerabilities have been discovered in the Linux kernel that may lead to denial of service, privilege escalation, or information leak. The Common Vulnerabilities and Exposures project identifies the following problems: Bryn M. Reeves reported a denial of service in the NFS filesystem. Local users can trigger a kernel BUG() due to a race condition in the do_setlk function. Helge Deller discovered a denial of service condition that allows local users on PA-RISC to crash the system by attempting to unwind a stack containing userspace addresses. Vlad Malov reported an issue on 64-bit MIPS where a local user could cause a system crash by crafting a malicious binary which makes o32 syscalls with a number less than 4000. Zvonimir Rakamaric reported an off-by-one error in the ib700wdt watchdog driver which allows local users to cause a buffer underflow by making a specially crafted WDIOC_SETTIMEOUT ioctl call. Flavio Leitner discovered that a local user can cause a denial of service by generating large amounts of traffic on a large SMP system, resulting in soft lockups. Chris Evans discovered a situation in which a child process can send an arbitrary signal to its parent. Christian Borntraeger discovered an issue effecting the alpha, mips, powerpc, s390 and sparc64 architectures that allows local users to cause a denial of service or potentially gain elevated privileges. Vegard Nossum discovered a memory leak in the keyctl subsystem that allows local users to cause a denial of service by consuming all available kernel memory. Wei Yongjun discovered a memory overflow in the SCTP implementation that can be triggered by remote users, permitting remote code execution. Pavel Roskin provided a fix for an issue in the dell_rbu driver that allows a local user to cause a denial of service (oops) by reading 0 bytes from a sysfs entry. Roel Kluin discovered inverted logic in the skfddi driver that permits local, unprivileged users to reset the driver statistics. Clement LECIGNE discovered a bug in the sock_getsockopt function that may result in leaking sensitive kernel memory. Roland McGrath discovered an issue on amd64 kernels that allows local users to circumvent system call audit configurations which filter based on the syscall numbers or argument details. Jiri Olsa discovered that a local user can cause a denial of service (system hang) using a SHM_INFO shmctl call on kernels compiled with CONFIG_SHMEM disabled. This issue does not affect prebuilt Debian kernels. Shaohua Li reported an issue in the AGP subsystem that may allow local users to read sensitive kernel memory due to a leak of uninitialised memory. Thomas Pollet reported an overflow in the af_rose implementation that allows remote attackers to retrieve uninitialised kernel memory that may contain sensitive data. Trond Myklebust reported an issue in the encode_lookup() function in the nfs server subsystem that allows local users to cause a denial of service (oops in encode_lookup()) by use of a long filename. Oleg Nesterov discovered an issue in the exit_notify function that allows local users to send an arbitrary signal to a process by running a program that modifies the exit_signal field and then uses an exec system call to launch a setuid application. Pavan Naregundi reported an issue in the CIFS filesystem code that allows remote users to overwrite memory via a long nativeFileSystem field in a Tree Connect response during mount. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1794 CVE-2008-4307 CVE-2008-5395 CVE-2008-5701 CVE-2008-5702 CVE-2008-5713 CVE-2009-0028 CVE-2009-0029 CVE-2009-0031 CVE-2009-0065 CVE-2009-0322 CVE-2009-0675 CVE-2009-0676 CVE-2009-0834 CVE-2009-0859 CVE-2009-1192 CVE-2009-1265 CVE-2009-1336 CVE-2009-1337 CVE-2009-1439 | Version: | 5 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | linux-2.6 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:7806 | |||
Oval ID: | oval:org.mitre.oval:def:7806 | ||
Title: | VMware BIND vulnerability | ||
Description: | The dns_db_findrdataset function in db.c in named in ISC BIND 9.4 before 9.4.3-P3, 9.5 before 9.5.1-P3, and 9.6 before 9.6.1-P1, when configured as a master server, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an ANY record in the prerequisite section of a crafted dynamic update message, as exploited in the wild in July 2009. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-0696 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:7826 | |||
Oval ID: | oval:org.mitre.oval:def:7826 | ||
Title: | VMware kernel personality subsystem vulnerability | ||
Description: | The personality subsystem in the Linux kernel before 2.6.31-rc3 has a PER_CLEAR_ON_SETID setting that does not clear the ADDR_COMPAT_LAYOUT and MMAP_PAGE_ZERO flags when executing a setuid or setgid program, which makes it easier for local users to leverage the details of memory usage to (1) conduct NULL pointer dereference attacks, (2) bypass the mmap_min_addr protection mechanism, or (3) defeat address space layout randomization (ASLR). | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-1895 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:7867 | |||
Oval ID: | oval:org.mitre.oval:def:7867 | ||
Title: | VMware kernel icmp_send function vulnerability | ||
Description: | The icmp_send function in net/ipv4/icmp.c in the Linux kernel before 2.6.25, when configured as a router with a REJECT route, does not properly manage the Protocol Independent Destination Cache (aka DST) in some situations involving transmission of an ICMP Host Unreachable message, which allows remote attackers to cause a denial of service (connectivity outage) by sending a large series of packets to many destination IP addresses within this REJECT route, related to an "rt_cache leak." | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-0778 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:7901 | |||
Oval ID: | oval:org.mitre.oval:def:7901 | ||
Title: | DSA-1667 python2.4 -- several vulnerabilities | ||
Description: | Several vulnerabilities have been discovered in the interpreter for the Python language. The Common Vulnerabilities and Exposures project identifies the following problems: David Remahl discovered several integer overflows in the stringobject, unicodeobject, bufferobject, longobject, tupleobject, stropmodule, gcmodule, and mmapmodule modules. Justin Ferguson discovered that incorrect memory allocation in the unicode_resize() function can lead to buffer overflows. Several integer overflows were discovered in various Python core modules. Several integer overflows were discovered in the PyOS_vsnprintf() function. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1667 CVE-2008-2315 CVE-2008-3142 CVE-2008-3143 CVE-2008-3144 | Version: | 3 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | python2.4 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:7947 | |||
Oval ID: | oval:org.mitre.oval:def:7947 | ||
Title: | VMware kernel clone system call vulnerability | ||
Description: | The clone system call in the Linux kernel 2.6.28 and earlier allows local users to send arbitrary signals to a parent process from an unprivileged child process by launching an additional child process with the CLONE_PARENT flag, and then letting this new process exit. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-0028 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:7981 | |||
Oval ID: | oval:org.mitre.oval:def:7981 | ||
Title: | DSA-1620 python2.5 -- several vulnerabilities | ||
Description: | Several vulnerabilities have been discovered in the interpreter for the Python language. The Common Vulnerabilities and Exposures project identifies the following problems: Piotr Engelking discovered that the strxfrm() function of the locale module miscalculates the length of an internal buffer, which may result in a minor information disclosure. It was discovered that several integer overflows in the imageop module may lead to the execution of arbitrary code, if a user is tricked into processing malformed images. This issue is also tracked as CVE-2008-1679 due to an initially incomplete patch. Justin Ferguson discovered that a buffer overflow in the zlib module may lead to the execution of arbitrary code. Justin Ferguson discovered that insufficient input validation in PyString_FromStringAndSize() may lead to the execution of arbitrary code. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1620 CVE-2007-2052 CVE-2007-4965 CVE-2008-1679 CVE-2008-1721 CVE-2008-1887 | Version: | 3 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | python2.5 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:7988 | |||
Oval ID: | oval:org.mitre.oval:def:7988 | ||
Title: | DSA-1453 tomcat5 -- several vulnerabilities | ||
Description: | Several remote vulnerabilities have been discovered in the Tomcat servlet and JSP engine. The Common Vulnerabilities and Exposures project identifies the following problems: It was discovered that single quotes (') in cookies were treated as a delimiter, which could lead to an information leak. It was discovered that the character sequence \' in cookies was handled incorrectly, which could lead to an information leak. It was discovered that the WebDAV servlet is vulnerable to absolute path traversal. The old stable distribution (sarge) doesn't contain tomcat5. For the stable distribution (etch), these problems have been fixed in version 5.0.30-12etch1. The unstable distribution (sid) no longer contains tomcat5. We recommend that you upgrade your tomcat5 packages. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1453 CVE-2007-3382 CVE-2007-3385 CVE-2007-5461 | Version: | 3 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | tomcat5 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:7989 | |||
Oval ID: | oval:org.mitre.oval:def:7989 | ||
Title: | DSA-1447 tomcat5.5 -- several vulnerabilities | ||
Description: | Several remote vulnerabilities have been discovered in the Tomcat servlet and JSP engine. The Common Vulnerabilities and Exposures project identifies the following problems: It was discovered that single quotes (') in cookies were treated as a delimiter, which could lead to an information leak. It was discovered that the character sequence \' in cookies was handled incorrectly, which could lead to an information leak. It was discovered that the host manager servlet performed insufficient input validation, which could lead to a cross-site scripting attack. It was discovered that the JULI logging component did not restrict its target path, resulting in potential denial of service through file overwrites. It was discovered that the WebDAV servlet is vulnerable to absolute path traversal. The old stable distribution (sarge) doesn't contain tomcat5.5. For the stable distribution (etch), these problems have been fixed in version 5.5.20-2etch1. For the unstable distribution (sid) these problems will be fixed soon. We recommend that you upgrade your tomcat5.5 packages. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1447 CVE-2007-3382 CVE-2007-3385 CVE-2007-3386 CVE-2007-5342 CVE-2007-5461 | Version: | 3 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | tomcat5.5 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:8003 | |||
Oval ID: | oval:org.mitre.oval:def:8003 | ||
Title: | VMware kernel agp subsystem vulnerability | ||
Description: | The (1) agp_generic_alloc_page and (2) agp_generic_alloc_pages functions in drivers/char/agp/generic.c in the agp subsystem in the Linux kernel before 2.6.30-rc3 do not zero out pages that may later be available to a user-space process, which allows local users to obtain sensitive information by reading these pages. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-1192 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:8037 | |||
Oval ID: | oval:org.mitre.oval:def:8037 | ||
Title: | DSA-1769 openjdk-6 -- several vulnerabilities | ||
Description: | Several vulnerabilities have been identified in OpenJDK, an implementation of the Java SE platform. Creation of large, temporary fonts could use up available disk space, leading to a denial of service condition. Several vulnerabilities existed in the embedded LittleCMS library, exploitable through crafted images: a memory leak, resulting in a denial of service condition (CVE-2009-0581), heap-based buffer overflows, potentially allowing arbitrary code execution (CVE-2009-0723, CVE-2009-0733), and a null-pointer dereference, leading to denial of service (CVE-2009-0793). The LDAP server implementation (in com.sun.jdni.ldap) did not properly close sockets if an error was encountered, leading to a denial-of-service condition. The LDAP client implementation (in com.sun.jdni.ldap) allowed malicious LDAP servers to execute arbitrary code on the client. The HTTP server implementation (sun.net.httpserver) contained an unspecified denial of service vulnerability. Several issues in Java Web Start have been addressed. The Debian packages currently do not support Java Web Start, so these issues are not directly exploitable, but the relevant code has been updated | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1769 CVE-2006-2426 CVE-2009-0581 CVE-2009-0723 CVE-2009-0733 CVE-2009-0793 CVE-2009-1093 CVE-2009-1094 CVE-2009-1095 CVE-2009-1096 CVE-2009-1097 CVE-2009-1098 CVE-2009-1101 | Version: | 3 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | openjdk-6 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:8039 | |||
Oval ID: | oval:org.mitre.oval:def:8039 | ||
Title: | VMware kernel make_indexed_dir function vulnerability | ||
Description: | The make_indexed_dir function in fs/ext4/namei.c in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 does not validate a certain rec_len field, which allows local users to cause a denial of service (OOPS) by attempting to mount a crafted ext4 filesystem. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-0746 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:8042 | |||
Oval ID: | oval:org.mitre.oval:def:8042 | ||
Title: | DSA-1801 ntp -- buffer overflows | ||
Description: | Several remote vulnerabilities have been discovered in NTP, the Network Time Protocol reference implementation. The Common Vulnerabilities and Exposures project identifies the following problems: A buffer overflow in ntpq allow a remote NTP server to create a denial of service attack or to execute arbitrary code via a crafted response. A buffer overflow in ntpd allows a remote attacker to create a denial of service attack or to execute arbitrary code when the autokey functionality is enabled. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1801 CVE-2009-0159 CVE-2009-1252 | Version: | 3 |
Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 4.0 | Product(s): | ntp |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:8045 | |||
Oval ID: | oval:org.mitre.oval:def:8045 | ||
Title: | DSA-1921 expat -- denial of service | ||
Description: | Peter Valchev discovered an error in expat, an XML parsing C library, when parsing certain UTF-8 sequences, which can be exploited to crash an application using the library. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1921 CVE-2009-2625 | Version: | 3 |
Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 4.0 | Product(s): | expat |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:8057 | |||
Oval ID: | oval:org.mitre.oval:def:8057 | ||
Title: | VMware kernel parse_tag_3_packet function vulnerability | ||
Description: | Heap-based buffer overflow in the parse_tag_3_packet function in fs/ecryptfs/keystore.c in the eCryptfs subsystem in the Linux kernel before 2.6.30.4 allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving a crafted eCryptfs file, related to a large encrypted key size in a Tag 3 packet. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-2407 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:8108 | |||
Oval ID: | oval:org.mitre.oval:def:8108 | ||
Title: | VMware kernel RTL8169 NIC driver vulnerability | ||
Description: | Buffer overflow in the RTL8169 NIC driver (drivers/net/r8169.c) in the Linux kernel before 2.6.30 allows remote attackers to cause a denial of service (kernel memory corruption and crash) via a long packet. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-1389 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:8116 | |||
Oval ID: | oval:org.mitre.oval:def:8116 | ||
Title: | DSA-1861 libxml -- several vulnerabilities | ||
Description: | Rauli Kaksonen, Tero Rontti and Jukka Taimisto discovered several vulnerabilities in libxml, a library for parsing and handling XML data files, which can lead to denial of service conditions or possibly arbitrary code execution in the application using the library. The Common Vulnerabilities and Exposures project identifies the following problems: An XML document with specially-crafted Notation or Enumeration attribute types in a DTD definition leads to the use of a pointers to memory areas which have already been freed. Missing checks for the depth of ELEMENT DTD definitions when parsing child content can lead to extensive stack-growth due to a function recursion which can be triggered via a crafted XML document. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1861 CVE-2009-2416 CVE-2009-2414 | Version: | 3 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | libxml |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:8125 | |||
Oval ID: | oval:org.mitre.oval:def:8125 | ||
Title: | VMware kernel integer overflow vulnerability in hrtimer_start function | ||
Description: | Integer overflow in the hrtimer_start function in kernel/hrtimer.c in the Linux kernel before 2.6.23.10 allows local users to execute arbitrary code or cause a denial of service (panic) via a large relative timeout value. NOTE: some of these details are obtained from third party information. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-5966 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:8132 | |||
Oval ID: | oval:org.mitre.oval:def:8132 | ||
Title: | DSA-1859 libxml2 -- several vulnerabilities | ||
Description: | Rauli Kaksonen, Tero Rontti and Jukka Taimisto discovered several vulnerabilities in libxml2, a library for parsing and handling XML data files, which can lead to denial of service conditions or possibly arbitrary code execution in the application using the library. The Common Vulnerabilities and Exposures project identifies the following problems: An XML document with specially-crafted Notation or Enumeration attribute types in a DTD definition leads to the use of a pointers to memory areas which have already been freed. Missing checks for the depth of ELEMENT DTD definitions when parsing child content can lead to extensive stack-growth due to a function recursion which can be triggered via a crafted XML document. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1859 CVE-2009-2416 CVE-2009-2414 | Version: | 3 |
Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 4.0 | Product(s): | libxml2 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:8152 | |||
Oval ID: | oval:org.mitre.oval:def:8152 | ||
Title: | DSA-1551 python2.4 -- several vulnerabilities | ||
Description: | Several vulnerabilities have been discovered in the interpreter for the Python language. The Common Vulnerabilities and Exposures project identifies the following problems: Piotr Engelking discovered that the strxfrm() function of the locale module miscalculates the length of an internal buffer, which may result in a minor information disclosure. It was discovered that several integer overflows in the imageop module may lead to the execution of arbitrary code, if a user is tricked into processing malformed images. This issue is also tracked as CVE-2008-1679 due to an initially incomplete patch. Justin Ferguson discovered that a buffer overflow in the zlib module may lead to the execution of arbitrary code. Justin Ferguson discovered that insufficient input validation in PyString_FromStringAndSize() may lead to the execution of arbitrary code. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1551 CVE-2007-2052 CVE-2007-4965 CVE-2008-1679 CVE-2008-1721 CVE-2008-1887 | Version: | 3 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | python2.4 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:8169 | |||
Oval ID: | oval:org.mitre.oval:def:8169 | ||
Title: | VMware kernel eCryptfs vulnerability | ||
Description: | fs/ecryptfs/inode.c in the eCryptfs subsystem in the Linux kernel before 2.6.28.1 allows local users to cause a denial of service (fault or memory corruption), or possibly have unspecified other impact, via a readlink call that results in an error, leading to use of a -1 return value as an array index. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-0269 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:8246 | |||
Oval ID: | oval:org.mitre.oval:def:8246 | ||
Title: | VMware kernel parse_tag_11_packet function vulnerability | ||
Description: | Stack-based buffer overflow in the parse_tag_11_packet function in fs/ecryptfs/keystore.c in the eCryptfs subsystem in the Linux kernel before 2.6.30.4 allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving a crafted eCryptfs file, related to not ensuring that the key signature length in a Tag 11 packet is compatible with the key signature buffer size. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-2406 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:8249 | |||
Oval ID: | oval:org.mitre.oval:def:8249 | ||
Title: | Multiple Buffer and Integer Overflow Vulnerabilities in Python (python(1)) May Lead to a Denial of Service (DoS) or Allow Execution of Arbitrary Code | ||
Description: | Integer signedness error in the zlib extension module in Python 2.5.2 and earlier allows remote attackers to execute arbitrary code via a negative signed integer, which triggers insufficient memory allocation and a buffer overflow. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-1721 | Version: | 1 |
Platform(s): | Sun Solaris 10 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:8265 | |||
Oval ID: | oval:org.mitre.oval:def:8265 | ||
Title: | VMware kernel fs/cifs/connect.c buffer overflow vulnerability | ||
Description: | Buffer overflow in fs/cifs/connect.c in CIFS in the Linux kernel 2.6.29 and earlier allows remote attackers to cause a denial of service (crash) via a long nativeFileSystem field in a Tree Connect response to an SMB mount request. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-1439 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:8289 | |||
Oval ID: | oval:org.mitre.oval:def:8289 | ||
Title: | DSA-1935 gnutls13 gnutls26 -- several vulnerabilities | ||
Description: | Dan Kaminsky and Moxie Marlinspike discovered that gnutls, an implementation of the TLS/SSL protocol, does not properly handle a "\0" character in a domain name in the subject's Common Name or Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. (CVE-2009-2730) In addition, with this update, certificates with MD2 hash signatures are no longer accepted since they're no longer considered cryptographically secure. It only affects the oldstable distribution (etch).(CVE-2009-2409) | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1935 CVE-2009-2409 CVE-2009-2730 | Version: | 3 |
Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 4.0 | Product(s): | gnutls13 gnutls26 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:8295 | |||
Oval ID: | oval:org.mitre.oval:def:8295 | ||
Title: | VMware kernel exit_notify function vulnerability | ||
Description: | The exit_notify function in kernel/exit.c in the Linux kernel before 2.6.30-rc1 does not restrict exit signals when the CAP_KILL capability is held, which allows local users to send an arbitrary signal to a process by running a program that modifies the exit_signal field and then uses an exec system call to launch a setuid application. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-1337 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:8319 | |||
Oval ID: | oval:org.mitre.oval:def:8319 | ||
Title: | VMware kernel ecryptfs_write_metadata_to_contents function vulnerability | ||
Description: | The ecryptfs_write_metadata_to_contents function in the eCryptfs functionality in the Linux kernel 2.6.28 before 2.6.28.9 uses an incorrect size when writing kernel memory to an eCryptfs file header, which triggers an out-of-bounds read and allows local users to obtain portions of kernel memory. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-0787 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:8340 | |||
Oval ID: | oval:org.mitre.oval:def:8340 | ||
Title: | VMware kernel integer underflow vulnerability in e1000_clean_rx_irq function | ||
Description: | Integer underflow in the e1000_clean_rx_irq function in drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel before 2.6.30-rc8, the e1000e driver in the Linux kernel, and Intel Wired Ethernet (aka e1000) before 7.5.5 allows remote attackers to cause a denial of service (panic) via a crafted frame size. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-1385 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:8353 | |||
Oval ID: | oval:org.mitre.oval:def:8353 | ||
Title: | VMware python PyLocale_strxfrm function vulnerability | ||
Description: | Off-by-one error in the PyLocale_strxfrm function in Modules/_localemodule.c for Python 2.4 and 2.5 causes an incorrect buffer size to be used for the strxfrm function, which allows context-dependent attackers to read portions of memory via unknown manipulations that trigger a buffer over-read due to missing null termination. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-2052 | Version: | 4 |
Platform(s): | VMWare ESX Server 3 VMWare ESX Server 3.5 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:8354 | |||
Oval ID: | oval:org.mitre.oval:def:8354 | ||
Title: | VMware python multiple integer overflows vulnerability in the imageop module | ||
Description: | Multiple integer overflows in imageop.c in the imageop module in Python 1.5.2 through 2.5.1 allow context-dependent attackers to break out of the Python VM and execute arbitrary code via large integer values in certain arguments to the crop function, leading to a buffer overflow, a different vulnerability than CVE-2007-4965 and CVE-2008-1679. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-4864 | Version: | 4 |
Platform(s): | VMWare ESX Server 3 VMWare ESX Server 3.5 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:8361 | |||
Oval ID: | oval:org.mitre.oval:def:8361 | ||
Title: | DSA-1593 tomcat5.5 -- missing input sanitising | ||
Description: | It was discovered that the Host Manager web application performed insufficient input sanitising, which could lead to cross-site scripting. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1593 CVE-2008-1947 | Version: | 3 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | tomcat5.5 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:8382 | |||
Oval ID: | oval:org.mitre.oval:def:8382 | ||
Title: | VMware kernel nfsd vulnerability | ||
Description: | nfsd in the Linux kernel before 2.6.28.9 does not drop the CAP_MKNOD capability before handling a user request in a thread, which allows local users to create device nodes, as demonstrated on a filesystem that has been exported with the root_squash option. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-1072 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:8386 | |||
Oval ID: | oval:org.mitre.oval:def:8386 | ||
Title: | VMware ntpq stack-based buffer overflow vulnerability | ||
Description: | Stack-based buffer overflow in the cookedprint function in ntpq/ntpq.c in ntpq in NTP before 4.2.4p7-RC2 allows remote NTP servers to execute arbitrary code via a crafted response. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-0159 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:8405 | |||
Oval ID: | oval:org.mitre.oval:def:8405 | ||
Title: | VMware kernel do_sigaltstack function vulnerability | ||
Description: | The do_sigaltstack function in kernel/signal.c in Linux kernel 2.4 through 2.4.37 and 2.6 before 2.6.31-rc5, when running on 64-bit systems, does not clear certain padding bytes from a structure, which allows local users to obtain sensitive information from the kernel stack via the sigaltstack function. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-2847 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:8409 | |||
Oval ID: | oval:org.mitre.oval:def:8409 | ||
Title: | VMware GnuTLS vulnerability | ||
Description: | libgnutls in GnuTLS before 2.8.2 does not properly handle a '\0' character in a domain name in the subject's (1) Common Name (CN) or (2) Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-2730 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:8422 | |||
Oval ID: | oval:org.mitre.oval:def:8422 | ||
Title: | VMware python multiple buffer overflows vulnerability | ||
Description: | Multiple buffer overflows in Python 2.5.2 and earlier on 32bit platforms allow context-dependent attackers to cause a denial of service (crash) or have unspecified other impact via a long string that leads to incorrect memory allocation during Unicode string processing, related to the unicode_resize function and the PyMem_RESIZE macro. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-3142 | Version: | 4 |
Platform(s): | VMWare ESX Server 3 VMWare ESX Server 3.5 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:8445 | |||
Oval ID: | oval:org.mitre.oval:def:8445 | ||
Title: | Multiple Buffer and Integer Overflow Vulnerabilities in Python (python(1)) May Lead to a Denial of Service (DoS) or Allow Execution of Arbitrary Code | ||
Description: | Multiple integer overflows in Python 2.5.2 and earlier allow context-dependent attackers to have an unknown impact via vectors related to the (1) stringobject, (2) unicodeobject, (3) bufferobject, (4) longobject, (5) tupleobject, (6) stropmodule, (7) gcmodule, and (8) mmapmodule modules. NOTE: The expandtabs integer overflows in stringobject and unicodeobject in 2.5.2 are covered by CVE-2008-5031. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-2315 | Version: | 1 |
Platform(s): | Sun Solaris 10 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:8486 | |||
Oval ID: | oval:org.mitre.oval:def:8486 | ||
Title: | VMware python integer overflows vulnerability in the imageop module | ||
Description: | Multiple integer overflows in the imageop module in Python 2.5.1 and earlier allow context-dependent attackers to cause a denial of service (application crash) and possibly obtain sensitive information (memory contents) via crafted arguments to (1) the tovideo method, and unspecified other vectors related to (2) imageop.c, (3) rbgimgmodule.c, and other files, which trigger heap-based buffer overflows. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-4965 | Version: | 4 |
Platform(s): | VMWare ESX Server 3 VMWare ESX Server 3.5 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:8494 | |||
Oval ID: | oval:org.mitre.oval:def:8494 | ||
Title: | VMware python zlib extension module vulnerability | ||
Description: | Integer signedness error in the zlib extension module in Python 2.5.2 and earlier allows remote attackers to execute arbitrary code via a negative signed integer, which triggers insufficient memory allocation and a buffer overflow. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-1721 | Version: | 4 |
Platform(s): | VMWare ESX Server 3 VMWare ESX Server 3.5 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:8495 | |||
Oval ID: | oval:org.mitre.oval:def:8495 | ||
Title: | VMware kernel fs/nfs/client.c vulnerability | ||
Description: | fs/nfs/client.c in the Linux kernel before 2.6.23 does not properly initialize a certain structure member that stores the maximum NFS filename length, which allows local users to cause a denial of service (OOPS) via a long filename, related to the encode_lookup function. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-1336 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:8496 | |||
Oval ID: | oval:org.mitre.oval:def:8496 | ||
Title: | Multiple Buffer and Integer Overflow Vulnerabilities in Python (python(1)) May Lead to a Denial of Service (DoS) or Allow Execution of Arbitrary Code | ||
Description: | Multiple integer overflows in the imageop module in Python 2.5.1 and earlier allow context-dependent attackers to cause a denial of service (application crash) and possibly obtain sensitive information (memory contents) via crafted arguments to (1) the tovideo method, and unspecified other vectors related to (2) imageop.c, (3) rbgimgmodule.c, and other files, which trigger heap-based buffer overflows. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-4965 | Version: | 1 |
Platform(s): | Sun Solaris 10 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:8508 | |||
Oval ID: | oval:org.mitre.oval:def:8508 | ||
Title: | VMware kernel audit_syscall_entry function vulnerability | ||
Description: | The audit_syscall_entry function in the Linux kernel 2.6.28.7 and earlier on the x86_64 platform does not properly handle (1) a 32-bit process making a 64-bit syscall or (2) a 64-bit process making a 32-bit syscall, which allows local users to bypass certain syscall audit configurations via crafted syscalls, a related issue to CVE-2009-0342 and CVE-2009-0343. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-0834 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:8526 | |||
Oval ID: | oval:org.mitre.oval:def:8526 | ||
Title: | VMware kernel ext4_fill_super function vulnerability | ||
Description: | The ext4_fill_super function in fs/ext4/super.c in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 does not validate the superblock configuration, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) by attempting to mount a crafted ext4 filesystem. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-0748 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:8542 | |||
Oval ID: | oval:org.mitre.oval:def:8542 | ||
Title: | VMware curl vulnerability | ||
Description: | lib/ssluse.c in cURL and libcurl 7.4 through 7.19.5, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-2417 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:8543 | |||
Oval ID: | oval:org.mitre.oval:def:8543 | ||
Title: | VMware kernel nfs_permission function vulnerability | ||
Description: | The nfs_permission function in fs/nfs/dir.c in the NFS client implementation in the Linux kernel 2.6.29.3 and earlier, when atomic_open is available, does not check execute (aka EXEC or MAY_EXEC) permission bits, which allows local users to bypass permissions and execute files, as demonstrated by files on an NFSv4 fileserver. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-1630 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:8557 | |||
Oval ID: | oval:org.mitre.oval:def:8557 | ||
Title: | VMware kernel udp_sendmsg function vulnerability | ||
Description: | The udp_sendmsg function in the UDP implementation in (1) net/ipv4/udp.c and (2) net/ipv6/udp.c in the Linux kernel before 2.6.19 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving the MSG_MORE flag and a UDP socket. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-2698 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:8564 | |||
Oval ID: | oval:org.mitre.oval:def:8564 | ||
Title: | VMware python multiple integer overflows vulnerability | ||
Description: | Multiple integer overflows in Python 2.2.3 through 2.5.1, and 2.6, allow context-dependent attackers to have an unknown impact via a large integer value in the tabsize argument to the expandtabs method, as implemented by (1) the string_expandtabs function in Objects/stringobject.c and (2) the unicode_expandtabs function in Objects/unicodeobject.c. NOTE: this vulnerability reportedly exists because of an incomplete fix for CVE-2008-2315. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-5031 | Version: | 4 |
Platform(s): | VMWare ESX Server 3 VMWare ESX Server 3.5 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:8585 | |||
Oval ID: | oval:org.mitre.oval:def:8585 | ||
Title: | VMware kernel ext4_isize function vulnerability | ||
Description: | The ext4_isize function in fs/ext4/ext4.h in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 uses the i_size_high structure member during operations on arbitrary types of files, which allows local users to cause a denial of service (CPU consumption and error-message flood) by attempting to mount a crafted ext4 filesystem. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-0747 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:8588 | |||
Oval ID: | oval:org.mitre.oval:def:8588 | ||
Title: | VMware kernel cifs buffer overflow vulnerability | ||
Description: | Multiple buffer overflows in the cifs subsystem in the Linux kernel before 2.6.29.4 allow remote CIFS servers to cause a denial of service (memory corruption) and possibly have unspecified other impact via (1) a malformed Unicode string, related to Unicode string area alignment in fs/cifs/sess.c; or (2) long Unicode characters, related to fs/cifs/cifssmb.c and the cifs_readdir function in fs/cifs/readdir.c. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-1633 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:8598 | |||
Oval ID: | oval:org.mitre.oval:def:8598 | ||
Title: | VMware kernel execve function vulnerability | ||
Description: | The execve function in the Linux kernel, possibly 2.6.30-rc6 and earlier, does not properly clear the current->clear_child_tid pointer, which allows local users to cause a denial of service (memory corruption) or possibly gain privileges via a clone system call with CLONE_CHILD_SETTID or CLONE_CHILD_CLEARTID enabled, which is not properly handled during thread creation and exit. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-2848 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:8606 | |||
Oval ID: | oval:org.mitre.oval:def:8606 | ||
Title: | VMware kernel libata vulnerability | ||
Description: | libata in the Linux kernel before 2.6.27.9 does not set minimum timeouts for SG_IO requests, which allows local users to cause a denial of service (Programmed I/O mode on drives) via multiple simultaneous invocations of an unspecified test program. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-5700 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:8618 | |||
Oval ID: | oval:org.mitre.oval:def:8618 | ||
Title: | VMware kernel sock_getsockopt function vulnerability | ||
Description: | The sock_getsockopt function in net/core/sock.c in the Linux kernel before 2.6.28.6 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel memory via an SO_BSDCOMPAT getsockopt request. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-0676 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:8624 | |||
Oval ID: | oval:org.mitre.oval:def:8624 | ||
Title: | VMware python PyString_FromStringAndSize function vulnerability | ||
Description: | Python 2.5.2 and earlier allows context-dependent attackers to execute arbitrary code via multiple vectors that cause a negative size value to be provided to the PyString_FromStringAndSize function, which allocates less memory than expected when assert() is disabled and triggers a buffer overflow. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-1887 | Version: | 4 |
Platform(s): | VMWare ESX Server 3 VMWare ESX Server 3.5 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:8625 | |||
Oval ID: | oval:org.mitre.oval:def:8625 | ||
Title: | VMware kernel ptrace_start function vulnerability | ||
Description: | The ptrace_start function in kernel/ptrace.c in the Linux kernel 2.6.18 does not properly handle simultaneous execution of the do_coredump function, which allows local users to cause a denial of service (deadlock) via vectors involving the ptrace system call and a coredumping thread. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-1388 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:8639 | |||
Oval ID: | oval:org.mitre.oval:def:8639 | ||
Title: | VMware libxml2 stack consumption vulnerability | ||
Description: | Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allows context-dependent attackers to cause a denial of service (application crash) via a large depth of element declarations in a DTD, related to a function recursion, as demonstrated by the Codenomicon XML fuzzing framework. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-2414 | Version: | 4 |
Platform(s): | VMWare ESX Server 3 VMWare ESX Server 3.5 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:8642 | |||
Oval ID: | oval:org.mitre.oval:def:8642 | ||
Title: | VMware kernel fs/ext2/dir.c fs/ext3/dir.c and possibly fs/ext4/dir.c vulnerability | ||
Description: | The error-reporting functionality in (1) fs/ext2/dir.c, (2) fs/ext3/dir.c, and possibly (3) fs/ext4/dir.c in the Linux kernel 2.6.26.5 does not limit the number of printk console messages that report directory corruption, which allows physically proximate attackers to cause a denial of service (temporary system hang) by mounting a filesystem that has corrupted dir->i_size and dir->i_blocks values and performing (a) read or (b) write operations. NOTE: there are limited scenarios in which this crosses privilege boundaries. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-3528 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:8657 | |||
Oval ID: | oval:org.mitre.oval:def:8657 | ||
Title: | VMware kernel NULL pointer dereference vulnerability | ||
Description: | The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using mmap to map page zero, placing arbitrary code on this page, and then invoking an unavailable operation, as demonstrated by the sendpage operation (sock_sendpage function) on a PF_PPPOX socket. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-2692 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:8665 | |||
Oval ID: | oval:org.mitre.oval:def:8665 | ||
Title: | VMware ntpd stack-based buffer overflow vulnerability | ||
Description: | Stack-based buffer overflow in the cookedprint function in ntpq/ntpq.c in ntpq in NTP before 4.2.4p7-RC2 allows remote NTP servers to execute arbitrary code via a crafted response. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-0159 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:8680 | |||
Oval ID: | oval:org.mitre.oval:def:8680 | ||
Title: | The ptrace_start function in kernel/ptrace.c in the Linux kernel 2.6.18 does not properly handle simultaneous execution of the do_coredump function, which allows local users to cause a denial of service (deadlock) via vectors involving the ptrace system call and a coredumping thread. | ||
Description: | The ptrace_start function in kernel/ptrace.c in the Linux kernel 2.6.18 does not properly handle simultaneous execution of the do_coredump function, which allows local users to cause a denial of service (deadlock) via vectors involving the ptrace system call and a coredumping thread. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-1388 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:8683 | |||
Oval ID: | oval:org.mitre.oval:def:8683 | ||
Title: | VMware python multiple integer overflows vulnerability | ||
Description: | Multiple integer overflows in Python 2.5.2 and earlier allow context-dependent attackers to have an unknown impact via vectors related to the (1) stringobject, (2) unicodeobject, (3) bufferobject, (4) longobject, (5) tupleobject, (6) stropmodule, (7) gcmodule, and (8) mmapmodule modules. NOTE: The expandtabs integer overflows in stringobject and unicodeobject in 2.5.2 are covered by CVE-2008-5031. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-2315 | Version: | 4 |
Platform(s): | VMWare ESX Server 3 VMWare ESX Server 3.5 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:8685 | |||
Oval ID: | oval:org.mitre.oval:def:8685 | ||
Title: | VMware kernel skfp_ioctl function vulnerability | ||
Description: | The skfp_ioctl function in drivers/net/skfp/skfddi.c in the Linux kernel before 2.6.28.6 permits SKFP_CLR_STATS requests only when the CAP_NET_ADMIN capability is absent, instead of when this capability is present, which allows local users to reset the driver statistics, related to an "inverted logic" issue. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-0675 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:8844 | |||
Oval ID: | oval:org.mitre.oval:def:8844 | ||
Title: | Buffer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers. | ||
Description: | Buffer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-1096 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:8944 | |||
Oval ID: | oval:org.mitre.oval:def:8944 | ||
Title: | fs/ecryptfs/inode.c in the eCryptfs subsystem in the Linux kernel before 2.6.28.1 allows local users to cause a denial of service (fault or memory corruption), or possibly have unspecified other impact, via a readlink call that results in an error, leading to use of a -1 return value as an array index. | ||
Description: | fs/ecryptfs/inode.c in the eCryptfs subsystem in the Linux kernel before 2.6.28.1 allows local users to cause a denial of service (fault or memory corruption), or possibly have unspecified other impact, via a readlink call that results in an error, leading to use of a -1 return value as an array index. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-0269 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:8996 | |||
Oval ID: | oval:org.mitre.oval:def:8996 | ||
Title: | Multiple integer overflows in Python before 2.5.2 might allow context-dependent attackers to have an unknown impact via vectors related to (1) Include/pymem.h; (2) _csv.c, (3) _struct.c, (4) arraymodule.c, (5) audioop.c, (6) binascii.c, (7) cPickle.c, (8) cStringIO.c, (9) cjkcodecs/multibytecodec.c, (10) datetimemodule.c, (11) md5.c, (12) rgbimgmodule.c, and (13) stropmodule.c in Modules/; (14) bufferobject.c, (15) listobject.c, and (16) obmalloc.c in Objects/; (17) Parser/node.c; and (18) asdl.c, (19) ast.c, (20) bltinmodule.c, and (21) compile.c in Python/, as addressed by "checks for integer overflows, contributed by Google." | ||
Description: | Multiple integer overflows in Python before 2.5.2 might allow context-dependent attackers to have an unknown impact via vectors related to (1) Include/pymem.h; (2) _csv.c, (3) _struct.c, (4) arraymodule.c, (5) audioop.c, (6) binascii.c, (7) cPickle.c, (8) cStringIO.c, (9) cjkcodecs/multibytecodec.c, (10) datetimemodule.c, (11) md5.c, (12) rgbimgmodule.c, and (13) stropmodule.c in Modules/; (14) bufferobject.c, (15) listobject.c, and (16) obmalloc.c in Objects/; (17) Parser/node.c; and (18) asdl.c, (19) ast.c, (20) bltinmodule.c, and (21) compile.c in Python/, as addressed by "checks for integer overflows, contributed by Google." | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-3143 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9101 | |||
Oval ID: | oval:org.mitre.oval:def:9101 | ||
Title: | Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter. | ||
Description: | Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-0580 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9200 | |||
Oval ID: | oval:org.mitre.oval:def:9200 | ||
Title: | The ext4_isize function in fs/ext4/ext4.h in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 uses the i_size_high structure member during operations on arbitrary types of files, which allows local users to cause a denial of service (CPU consumption and error-message flood) by attempting to mount a crafted ext4 filesystem. | ||
Description: | The ext4_isize function in fs/ext4/ext4.h in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 uses the i_size_high structure member during operations on arbitrary types of files, which allows local users to cause a denial of service (CPU consumption and error-message flood) by attempting to mount a crafted ext4 filesystem. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-0747 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9202 | |||
Oval ID: | oval:org.mitre.oval:def:9202 | ||
Title: | Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag. | ||
Description: | Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-5461 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9262 | |||
Oval ID: | oval:org.mitre.oval:def:9262 | ||
Title: | Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework. | ||
Description: | Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-2416 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9356 | |||
Oval ID: | oval:org.mitre.oval:def:9356 | ||
Title: | XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework. | ||
Description: | XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-2625 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9359 | |||
Oval ID: | oval:org.mitre.oval:def:9359 | ||
Title: | The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to browser cookies by untrusted (1) applets and (2) Java Web Start applications, which allows remote attackers to hijack web sessions via unspecified vectors. | ||
Description: | The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to browser cookies by untrusted (1) applets and (2) Java Web Start applications, which allows remote attackers to hijack web sessions via unspecified vectors. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-2672 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9407 | |||
Oval ID: | oval:org.mitre.oval:def:9407 | ||
Title: | Integer signedness error in the zlib extension module in Python 2.5.2 and earlier allows remote attackers to execute arbitrary code via a negative signed integer, which triggers insufficient memory allocation and a buffer overflow. | ||
Description: | Integer signedness error in the zlib extension module in Python 2.5.2 and earlier allows remote attackers to execute arbitrary code via a negative signed integer, which triggers insufficient memory allocation and a buffer overflow. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-1721 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9525 | |||
Oval ID: | oval:org.mitre.oval:def:9525 | ||
Title: | Multiple buffer overflows in the cifs subsystem in the Linux kernel before 2.6.29.4 allow remote CIFS servers to cause a denial of service (memory corruption) and possibly have unspecified other impact via (1) a malformed Unicode string, related to Unicode string area alignment in fs/cifs/sess.c; or (2) long Unicode characters, related to fs/cifs/cifssmb.c and the cifs_readdir function in fs/cifs/readdir.c. | ||
Description: | Multiple buffer overflows in the cifs subsystem in the Linux kernel before 2.6.29.4 allow remote CIFS servers to cause a denial of service (memory corruption) and possibly have unspecified other impact via (1) a malformed Unicode string, related to Unicode string area alignment in fs/cifs/sess.c; or (2) long Unicode characters, related to fs/cifs/cifssmb.c and the cifs_readdir function in fs/cifs/readdir.c. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-1633 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9634 | |||
Oval ID: | oval:org.mitre.oval:def:9634 | ||
Title: | Stack-based buffer overflow in the cookedprint function in ntpq/ntpq.c in ntpq in NTP before 4.2.4p7-RC2 allows remote NTP servers to execute arbitrary code via a crafted response. | ||
Description: | Stack-based buffer overflow in the cookedprint function in ntpq/ntpq.c in ntpq in NTP before 4.2.4p7-RC2 allows remote NTP servers to execute arbitrary code via a crafted response. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-0159 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9761 | |||
Oval ID: | oval:org.mitre.oval:def:9761 | ||
Title: | Multiple integer overflows in Python 2.5.2 and earlier allow context-dependent attackers to have an unknown impact via vectors related to the (1) stringobject, (2) unicodeobject, (3) bufferobject, (4) longobject, (5) tupleobject, (6) stropmodule, (7) gcmodule, and (8) mmapmodule modules. NOTE: The expandtabs integer overflows in stringobject and unicodeobject in 2.5.2 are covered by CVE-2008-5031. | ||
Description: | Multiple integer overflows in Python 2.5.2 and earlier allow context-dependent attackers to have an unknown impact via vectors related to the (1) stringobject, (2) unicodeobject, (3) bufferobject, (4) longobject, (5) tupleobject, (6) stropmodule, (7) gcmodule, and (8) mmapmodule modules. NOTE: The expandtabs integer overflows in stringobject and unicodeobject in 2.5.2 are covered by CVE-2008-5031. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-2315 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9956 | |||
Oval ID: | oval:org.mitre.oval:def:9956 | ||
Title: | Buffer overflow in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files or execute arbitrary code via a crafted GIF image, aka CR 6804998. | ||
Description: | Buffer overflow in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files or execute arbitrary code via a crafted GIF image, aka CR 6804998. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-1098 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
ExploitDB Exploits
id | Description |
---|---|
2009-11-24 | Python < 2.5.2 Imageop Module 'imageop.crop()' Buffer Overflow Vulnerability |
2009-09-02 | Linux Kernel < 2.6.19 - udp_sendmsg Local Root Exploit |
2009-09-02 | Linux Kernel < 2.6.19 udp_sendmsg Local Root Exploit (x86/x64) |
2009-08-31 | Linux Kernel 2.6 < 2.6.19 (32bit) ip_append_data() ring0 Root Exploit |
2009-08-24 | Linux Kernel 2.4/2.6 - sock_sendpage() ring0 Root Exploit (simple ver) |
2009-08-18 | Linux Kernel 2.x sock_sendpage() Local Root Exploit (Android Edition) |
OpenVAS Exploits
Date | Description |
---|---|
2012-08-10 | Name : Gentoo Security Advisory GLSA 201206-18 (GnuTLS) File : nvt/glsa_201206_18.nasl |
2012-08-10 | Name : Gentoo Security Advisory GLSA 201206-24 (apache tomcat) File : nvt/glsa_201206_24.nasl |
2012-06-06 | Name : RedHat Update for xerces-j2 RHSA-2011:0858-01 File : nvt/gb_RHSA-2011_0858-01_xerces-j2.nasl |
2012-02-12 | Name : Gentoo Security Advisory GLSA 201110-05 (gnutls) File : nvt/glsa_201110_05.nasl |
2011-08-09 | Name : CentOS Update for kernel CESA-2009:0326 centos5 i386 File : nvt/gb_CESA-2009_0326_kernel_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for kernel CESA-2009:0331 centos4 i386 File : nvt/gb_CESA-2009_0331_kernel_centos4_i386.nasl |
2011-08-09 | Name : CentOS Update for java CESA-2009:0377 centos5 i386 File : nvt/gb_CESA-2009_0377_java_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for kernel CESA-2009:0459 centos4 i386 File : nvt/gb_CESA-2009_0459_kernel_centos4_i386.nasl |
2011-08-09 | Name : CentOS Update for kernel CESA-2009:0473 centos5 i386 File : nvt/gb_CESA-2009_0473_kernel_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for ntp CESA-2009:1039 centos5 i386 File : nvt/gb_CESA-2009_1039_ntp_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for kernel CESA-2009:1106 centos5 i386 File : nvt/gb_CESA-2009_1106_kernel_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for tomcat5 CESA-2009:1164 centos5 i386 File : nvt/gb_CESA-2009_1164_tomcat5_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for python CESA-2009:1176 centos5 i386 File : nvt/gb_CESA-2009_1176_python_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for python CESA-2009:1178 centos3 i386 File : nvt/gb_CESA-2009_1178_python_centos3_i386.nasl |
2011-08-09 | Name : CentOS Update for bind CESA-2009:1179 centos5 i386 File : nvt/gb_CESA-2009_1179_bind_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for bind CESA-2009:1180 centos4 i386 File : nvt/gb_CESA-2009_1180_bind_centos4_i386.nasl |
2011-08-09 | Name : CentOS Update for bind CESA-2009:1181 centos3 i386 File : nvt/gb_CESA-2009_1181_bind_centos3_i386.nasl |
2011-08-09 | Name : CentOS Update for kernel CESA-2009:1193 centos5 i386 File : nvt/gb_CESA-2009_1193_kernel_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for java CESA-2009:1201 centos5 i386 File : nvt/gb_CESA-2009_1201_java_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for libxml2 CESA-2009:1206 centos5 i386 File : nvt/gb_CESA-2009_1206_libxml2_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for libxml CESA-2009:1206 centos3 i386 File : nvt/gb_CESA-2009_1206_libxml_centos3_i386.nasl |
2011-08-09 | Name : CentOS Update for curl CESA-2009:1209 centos3 i386 File : nvt/gb_CESA-2009_1209_curl_centos3_i386.nasl |
2011-08-09 | Name : CentOS Update for curl CESA-2009:1209 centos5 i386 File : nvt/gb_CESA-2009_1209_curl_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for kernel CESA-2009:1222 centos5 i386 File : nvt/gb_CESA-2009_1222_kernel_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for kernel CESA-2009:1223 centos4 i386 File : nvt/gb_CESA-2009_1223_kernel_centos4_i386.nasl |
2011-08-09 | Name : CentOS Update for gnutls CESA-2009:1232 centos4 i386 File : nvt/gb_CESA-2009_1232_gnutls_centos4_i386.nasl |
2011-08-09 | Name : CentOS Update for kernel CESA-2009:1233 centos3 i386 File : nvt/gb_CESA-2009_1233_kernel_centos3_i386.nasl |
2011-08-09 | Name : CentOS Update for kernel CESA-2009:1243 centos5 i386 File : nvt/gb_CESA-2009_1243_kernel_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for kernel CESA-2009:1438 centos4 i386 File : nvt/gb_CESA-2009_1438_kernel_centos4_i386.nasl |
2011-08-09 | Name : CentOS Update for kernel CESA-2009:1550 centos3 i386 File : nvt/gb_CESA-2009_1550_kernel_centos3_i386.nasl |
2011-08-09 | Name : CentOS Update for xerces-j2 CESA-2009:1615 centos5 i386 File : nvt/gb_CESA-2009_1615_xerces-j2_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for ntp CESA-2009:1651 centos3 i386 File : nvt/gb_CESA-2009_1651_ntp_centos3_i386.nasl |
2011-08-09 | Name : CentOS Update for tomcat5 CESA-2010:0580 centos5 i386 File : nvt/gb_CESA-2010_0580_tomcat5_centos5_i386.nasl |
2011-06-24 | Name : Ubuntu Update for curl USN-1158-1 File : nvt/gb_ubuntu_USN_1158_1.nasl |
2011-06-20 | Name : Mandriva Update for xerces-j2 MDVSA-2011:108 (xerces-j2) File : nvt/gb_mandriva_MDVSA_2011_108.nasl |
2011-05-12 | Name : Debian Security Advisory DSA 2207-1 (tomcat5.5) File : nvt/deb_2207_1.nasl |
2011-03-09 | Name : Gentoo Security Advisory GLSA 201009-07 (libxml2) File : nvt/glsa_201009_07.nasl |
2011-02-18 | Name : Mandriva Update for kernel MDVSA-2011:029 (kernel) File : nvt/gb_mandriva_MDVSA_2011_029.nasl |
2011-01-04 | Name : HP-UX Update for Apache Running Tomcat Servlet Engine HPSBUX02579 File : nvt/gb_hp_ux_HPSBUX02579.nasl |
2010-11-16 | Name : Fedora Update for tomcat6 FEDORA-2010-16248 File : nvt/gb_fedora_2010_16248_tomcat6_fc12.nasl |
2010-11-16 | Name : Mandriva Update for python MDVSA-2010:215 (python) File : nvt/gb_mandriva_MDVSA_2010_215.nasl |
2010-10-10 | Name : FreeBSD Ports: apr File : nvt/freebsd_apr0.nasl |
2010-10-01 | Name : SuSE Update for kernel SUSE-SA:2010:046 File : nvt/gb_suse_2010_046.nasl |
2010-09-14 | Name : Mandriva Update for tomcat5 MDVSA-2010:176 (tomcat5) File : nvt/gb_mandriva_MDVSA_2010_176.nasl |
2010-09-10 | Name : SuSE Update for kernel SUSE-SA:2010:036 File : nvt/gb_suse_2010_036.nasl |
2010-08-06 | Name : RedHat Update for tomcat5 RHSA-2010:0580-01 File : nvt/gb_RHSA-2010_0580-01_tomcat5.nasl |
2010-07-23 | Name : SuSE Update for kernel SUSE-SA:2010:031 File : nvt/gb_suse_2010_031.nasl |
2010-07-16 | Name : Mandriva Update for python MDVSA-2010:132 (python) File : nvt/gb_mandriva_MDVSA_2010_132.nasl |
2010-05-28 | Name : Java for Mac OS X 10.5 Update 4 File : nvt/macosx_java_for_10_5_upd_4.nasl |
2010-05-28 | Name : Java for Mac OS X 10.5 Update 5 File : nvt/macosx_java_for_10_5_upd_5.nasl |
2010-05-28 | Name : Java for Mac OS X 10.6 Update 2 File : nvt/macosx_java_for_10_6_upd_2.nasl |
2010-05-12 | Name : Mac OS X Security Update 2007-009 File : nvt/macosx_secupd_2007-009.nasl |
2010-05-12 | Name : Mac OS X Security Update 2008-007 File : nvt/macosx_secupd_2008-007.nasl |
2010-05-12 | Name : Mac OS X Security Update 2009-001 File : nvt/macosx_secupd_2009-001.nasl |
2010-05-12 | Name : Mac OS X Security Update 2009-004 File : nvt/macosx_secupd_2009-004.nasl |
2010-05-12 | Name : Mac OS X 10.5.4 Update / Mac OS X Security Update 2008-004 File : nvt/macosx_upd_10_5_4_secupd_2008-004.nasl |
2010-05-12 | Name : Mac OS X 10.5.7 Update / Mac OS X Security Update 2009-002 File : nvt/macosx_upd_10_5_7_secupd_2009-002.nasl |
2010-05-12 | Name : Mac OS X 10.6.2 Update / Mac OS X Security Update 2009-006 File : nvt/macosx_upd_10_6_2_secupd_2009-006.nasl |
2010-05-12 | Name : Mac OS X 10.6.3 Update / Mac OS X Security Update 2010-002 File : nvt/macosx_upd_10_6_3_secupd_2010-002.nasl |
2010-04-16 | Name : Ubuntu Update for cmake vulnerabilities USN-890-6 File : nvt/gb_ubuntu_USN_890_6.nasl |
2010-03-02 | Name : Fedora Update for bind FEDORA-2010-0861 File : nvt/gb_fedora_2010_0861_bind_fc11.nasl |
2010-03-02 | Name : Fedora Update for kernel FEDORA-2010-0919 File : nvt/gb_fedora_2010_0919_kernel_fc11.nasl |
2010-03-02 | Name : Fedora Update for kernel FEDORA-2010-1500 File : nvt/gb_fedora_2010_1500_kernel_fc11.nasl |
2010-03-02 | Name : Fedora Update for kernel FEDORA-2010-1804 File : nvt/gb_fedora_2010_1804_kernel_fc11.nasl |
2010-02-19 | Name : SuSE Update for kernel SUSE-SA:2010:012 File : nvt/gb_suse_2010_012.nasl |
2010-02-19 | Name : Ubuntu Update for xmlrpc-c vulnerabilities USN-890-5 File : nvt/gb_ubuntu_USN_890_5.nasl |
2010-01-29 | Name : Ubuntu Update for python-xml vulnerabilities USN-890-4 File : nvt/gb_ubuntu_USN_890_4.nasl |
2010-01-25 | Name : Ubuntu Update for python2.4 vulnerabilities USN-890-3 File : nvt/gb_ubuntu_USN_890_3.nasl |
2010-01-22 | Name : Ubuntu Update for expat vulnerabilities USN-890-1 File : nvt/gb_ubuntu_USN_890_1.nasl |
2010-01-22 | Name : Ubuntu Update for python2.5 vulnerabilities USN-890-2 File : nvt/gb_ubuntu_USN_890_2.nasl |
2010-01-15 | Name : Mandriva Update for davfs MDVSA-2009:220-1 (davfs) File : nvt/gb_mandriva_MDVSA_2009_220_1.nasl |
2010-01-15 | Name : Mandriva Update for expat MDVSA-2009:316-1 (expat) File : nvt/gb_mandriva_MDVSA_2009_316_1.nasl |
2010-01-15 | Name : Mandriva Update for expat MDVSA-2009:316-2 (expat) File : nvt/gb_mandriva_MDVSA_2009_316_2.nasl |
2010-01-15 | Name : Mandriva Update for expat MDVSA-2009:316-3 (expat) File : nvt/gb_mandriva_MDVSA_2009_316_3.nasl |
2009-12-30 | Name : Fedora Core 11 FEDORA-2009-13694 (kernel) File : nvt/fcore_2009_13694.nasl |
2009-12-30 | Name : CentOS Security Advisory CESA-2009:1615 (xerces-j2) File : nvt/ovcesa2009_1615.nasl |
2009-12-14 | Name : RedHat Security Advisory RHSA-2009:1651 File : nvt/RHSA_2009_1651.nasl |
2009-12-14 | Name : Fedora Core 11 FEDORA-2009-13090 (ntp) File : nvt/fcore_2009_13090.nasl |
2009-12-14 | Name : Fedora Core 10 FEDORA-2009-13098 (kernel) File : nvt/fcore_2009_13098.nasl |
2009-12-14 | Name : Fedora Core 10 FEDORA-2009-13121 (ntp) File : nvt/fcore_2009_13121.nasl |
2009-12-14 | Name : CentOS Security Advisory CESA-2009:1651 (ntp) File : nvt/ovcesa2009_1651.nasl |
2009-12-10 | Name : Fedora Core 11 FEDORA-2009-12786 (kernel) File : nvt/fcore_2009_12786.nasl |
2009-12-10 | Name : Mandriva Security Advisory MDVSA-2009:200-1 (libxml) File : nvt/mdksa_2009_200_1.nasl |
2009-12-10 | Name : Mandriva Security Advisory MDVSA-2009:203-1 (curl) File : nvt/mdksa_2009_203_1.nasl |
2009-12-10 | Name : Mandriva Security Advisory MDVSA-2009:211-1 (expat) File : nvt/mdksa_2009_211_1.nasl |
2009-12-10 | Name : Mandriva Security Advisory MDVSA-2009:212-1 (python) File : nvt/mdksa_2009_212_1.nasl |
2009-12-10 | Name : Mandriva Security Advisory MDVSA-2009:213-1 (wxgtk) File : nvt/mdksa_2009_213_1.nasl |
2009-12-10 | Name : Mandriva Security Advisory MDVSA-2009:215-1 (audacity) File : nvt/mdksa_2009_215_1.nasl |
2009-12-10 | Name : Mandriva Security Advisory MDVSA-2009:217-3 (mozilla-thunderbird) File : nvt/mdksa_2009_217_3.nasl |
2009-12-10 | Name : Mandriva Security Advisory MDVSA-2009:218-1 (w3c-libwww) File : nvt/mdksa_2009_218_1.nasl |
2009-12-10 | Name : Mandriva Security Advisory MDVSA-2009:219-1 (kompozer) File : nvt/mdksa_2009_219_1.nasl |
2009-12-10 | Name : Mandriva Security Advisory MDVSA-2009:308 (gnutls) File : nvt/mdksa_2009_308.nasl |
2009-12-10 | Name : Mandriva Security Advisory MDVSA-2009:309 (ntp) File : nvt/mdksa_2009_309.nasl |
2009-12-03 | Name : RedHat Security Advisory RHSA-2009:1615 File : nvt/RHSA_2009_1615.nasl |
2009-12-03 | Name : Fedora Core 12 FEDORA-2009-11352 (tomcat6) File : nvt/fcore_2009_11352.nasl |
2009-12-03 | Name : Fedora Core 10 FEDORA-2009-11356 (tomcat6) File : nvt/fcore_2009_11356.nasl |
2009-12-03 | Name : Fedora Core 11 FEDORA-2009-11374 (tomcat6) File : nvt/fcore_2009_11374.nasl |
2009-12-03 | Name : Fedora Core 11 FEDORA-2009-12218 (bind) File : nvt/fcore_2009_12218.nasl |
2009-12-03 | Name : SLES10: Security update for IBM Java 1.4.2 File : nvt/sles10_java-1_4_2-ibm4.nasl |
2009-12-03 | Name : SLES11: Security update for IBM Java 1.4.2 File : nvt/sles11_java-1_4_2-ibm1.nasl |
2009-12-03 | Name : SLES9: Security update for IBM Java2 and SDK File : nvt/sles9p5063230.nasl |
2009-11-23 | Name : Debian Security Advisory DSA 1935-1 (gnutls13 gnutls26) File : nvt/deb_1935_1.nasl |
2009-11-17 | Name : RedHat Security Advisory RHSA-2009:1582 File : nvt/RHSA_2009_1582.nasl |
2009-11-17 | Name : Mac OS X Version File : nvt/macosx_version.nasl |
2009-11-17 | Name : SLES10: Security update for Linux kernel File : nvt/sles10_kernel9.nasl |
2009-11-17 | Name : SLES9: Security update for Linux kernel File : nvt/sles9p5062456.nasl |
2009-11-11 | Name : RedHat Security Advisory RHSA-2009:1540 File : nvt/RHSA_2009_1540.nasl |
2009-11-11 | Name : RedHat Security Advisory RHSA-2009:1550 File : nvt/RHSA_2009_1550.nasl |
2009-11-11 | Name : RedHat Security Advisory RHSA-2009:1562 File : nvt/RHSA_2009_1562.nasl |
2009-11-11 | Name : RedHat Security Advisory RHSA-2009:1563 File : nvt/RHSA_2009_1563.nasl |
2009-11-11 | Name : Debian Security Advisory DSA 1921-1 (expat) File : nvt/deb_1921_1.nasl |
2009-11-11 | Name : Debian Security Advisory DSA 1928-1 (linux-2.6.24) File : nvt/deb_1928_1.nasl |
2009-11-11 | Name : Fedora Core 11 FEDORA-2009-10639 (kernel) File : nvt/fcore_2009_10639.nasl |
2009-11-11 | Name : Fedora Core 11 FEDORA-2009-11032 (kernel) File : nvt/fcore_2009_11032.nasl |
2009-11-11 | Name : Fedora Core 10 FEDORA-2009-11038 (kernel) File : nvt/fcore_2009_11038.nasl |
2009-11-11 | Name : Mandriva Security Advisory MDVSA-2009:289 (kernel) File : nvt/mdksa_2009_289.nasl |
2009-11-11 | Name : CentOS Security Advisory CESA-2009:1550 (kernel) File : nvt/ovcesa2009_1550.nasl |
2009-11-11 | Name : SLES11: Security update for IBM Java 1.6.0 File : nvt/sles11_java-1_6_0-ibm1.nasl |
2009-10-27 | Name : SuSE Security Summary SUSE-SR:2009:017 File : nvt/suse_sr_2009_017.nasl |
2009-10-22 | Name : HP-UX Update for Tomcat Servlet Engine HPSBUX02466 File : nvt/gb_hp_ux_HPSBUX02466.nasl |
2009-10-19 | Name : RedHat Security Advisory RHSA-2009:1505 File : nvt/RHSA_2009_1505.nasl |
2009-10-19 | Name : Fedora Core 10 FEDORA-2009-10525 (kernel) File : nvt/fcore_2009_10525.nasl |
2009-10-19 | Name : SuSE Security Summary SUSE-SR:2009:016 File : nvt/suse_sr_2009_016.nasl |
2009-10-13 | Name : Solaris Update for in.dhcpd libresolv and BIND9 112837-20 File : nvt/gb_solaris_112837_20.nasl |
2009-10-13 | Name : Solaris Update for libxml, libxslt and Freeware man pages 114014-24 File : nvt/gb_solaris_114014_24.nasl |
2009-10-13 | Name : Solaris Update for libxml, libxslt and Freeware man pages 114015-24 File : nvt/gb_solaris_114015_24.nasl |
2009-10-13 | Name : Solaris Update for in.dhcpd libresolv and BIND9 114265-19 File : nvt/gb_solaris_114265_19.nasl |
2009-10-13 | Name : Solaris Update for bind 119783-13 File : nvt/gb_solaris_119783_13.nasl |
2009-10-13 | Name : Solaris Update for bind 119784-13 File : nvt/gb_solaris_119784_13.nasl |
2009-10-13 | Name : Solaris Update for XML and XSLT libraries 125731-05 File : nvt/gb_solaris_125731_05.nasl |
2009-10-13 | Name : Solaris Update for XML and XSLT libraries 125732-05 File : nvt/gb_solaris_125732_05.nasl |
2009-10-13 | Name : Solaris Update for usr/sbin/ntpq 141396-01 File : nvt/gb_solaris_141396_01.nasl |
2009-10-13 | Name : Mandrake Security Advisory MDVSA-2009:217-1 (mozilla-thunderbird) File : nvt/mdksa_2009_217_1.nasl |
2009-10-13 | Name : Mandrake Security Advisory MDVSA-2009:217-2 (mozilla-thunderbird) File : nvt/mdksa_2009_217_2.nasl |
2009-10-13 | Name : SLES10: Security update for bind File : nvt/sles10_bind1.nasl |
2009-10-13 | Name : SLES10: Security update for compat-curl2 File : nvt/sles10_compat-curl2.nasl |
2009-10-13 | Name : SLES10: Security update for curl File : nvt/sles10_curl0.nasl |
2009-10-13 | Name : SLES10: Security update for GnuTLS File : nvt/sles10_gnutls.nasl |
2009-10-13 | Name : SLES10: Security update for IBM Java 1.4.2 File : nvt/sles10_java-1_4_2-ibm.nasl |
2009-10-13 | Name : SLES10: Security update for IBM Java 5 File : nvt/sles10_java-1_5_0-ibm1.nasl |
2009-10-13 | Name : SLES10: Security update for Linux kernel File : nvt/sles10_kernel1.nasl |
2009-10-13 | Name : SLES10: Security update for Linux kernel File : nvt/sles10_kernel2.nasl |
2009-10-13 | Name : SLES10: Security update for Linux kernel File : nvt/sles10_kernel5.nasl |
2009-10-13 | Name : SLES10: Security update for Linux kernel File : nvt/sles10_kernel6.nasl |
2009-10-13 | Name : SLES10: Security update for the Linux kernel File : nvt/sles10_kernel8.nasl |
2009-10-13 | Name : SLES10: Security update for libxml2 File : nvt/sles10_libxml20.nasl |
2009-10-13 | Name : SLES10: Security update for Python File : nvt/sles10_python.nasl |
2009-10-13 | Name : SLES10: Security update for Python File : nvt/sles10_python0.nasl |
2009-10-13 | Name : SLES10: Security update for Python File : nvt/sles10_python1.nasl |
2009-10-13 | Name : SLES10: Security update for Tomcat 5 File : nvt/sles10_tomcat52.nasl |
2009-10-13 | Name : SLES10: Security update for Websphere Community Edition File : nvt/sles10_websphere-as_ce.nasl |
2009-10-13 | Name : SLES10: Security update for Websphere Community Edition File : nvt/sles10_websphere-as_ce0.nasl |
2009-10-13 | Name : SLES10: Security update for Xerces-j2 File : nvt/sles10_xerces-j2.nasl |
2009-10-13 | Name : SLES10: Security update for xntp File : nvt/sles10_xntp.nasl |
2009-10-11 | Name : SLES11: Security update for bind File : nvt/sles11_bind.nasl |
2009-10-11 | Name : SLES11: Security update for curl File : nvt/sles11_curl0.nasl |
2009-10-11 | Name : SLES11: Security update for Linux kernel File : nvt/sles11_ext4dev-kmp-def.nasl |
2009-10-11 | Name : SLES11: Security update for the Linux kernel File : nvt/sles11_ext4dev-kmp-def0.nasl |
2009-10-11 | Name : SLES11: Security update for Linux kernel File : nvt/sles11_ext4dev-kmp-def1.nasl |
2009-10-11 | Name : SLES11: Security update for Linux kernel File : nvt/sles11_ext4dev-kmp-def2.nasl |
2009-10-11 | Name : SLES11: Security update for GnuTLS File : nvt/sles11_gnutls0.nasl |
2009-10-11 | Name : SLES11: Security update for IBM Java 1.4.2 File : nvt/sles11_java-1_4_2-ibm0.nasl |
2009-10-11 | Name : SLES11: Security update for IBM Java 1.6.0 File : nvt/sles11_java-1_6_0-ibm0.nasl |
2009-10-11 | Name : SLES11: Security update for libxml2 File : nvt/sles11_libxml2.nasl |
2009-10-11 | Name : SLES11: Security update for ntp File : nvt/sles11_ntp.nasl |
2009-10-11 | Name : SLES11: Security update for Websphere Community Edition File : nvt/sles11_websphere-as_ce.nasl |
2009-10-11 | Name : SLES11: Security update for Xerces-j2 File : nvt/sles11_xerces-j2.nasl |
2009-10-10 | Name : SLES9: Security update for Python File : nvt/sles9p5021454.nasl |
2009-10-10 | Name : SLES9: Security update for Python File : nvt/sles9p5021835.nasl |
2009-10-10 | Name : SLES9: Security update for Python File : nvt/sles9p5032900.nasl |
2009-10-10 | Name : SLES9: Security update for Linux kernel File : nvt/sles9p5039274.nasl |
2009-10-10 | Name : SLES9: Security update for Python File : nvt/sles9p5040780.nasl |
2009-10-10 | Name : SLES9: Security update for Linux kernel File : nvt/sles9p5046302.nasl |
2009-10-10 | Name : SLES9: Security update for xntp File : nvt/sles9p5049935.nasl |
2009-10-10 | Name : SLES9: Security update for IBM Java 5 JRE and IBM Java 5 SDK File : nvt/sles9p5050060.nasl |
2009-10-10 | Name : SLES9: Security update for the Linux kernel File : nvt/sles9p5051763.nasl |
2009-10-10 | Name : SLES9: Security update for bind File : nvt/sles9p5054699.nasl |
2009-10-10 | Name : SLES9: Security update for Tomcat File : nvt/sles9p5055024.nasl |
2009-10-10 | Name : SLES9: Security update for libxml2 File : nvt/sles9p5055249.nasl |
2009-10-10 | Name : SLES9: Security update for curl File : nvt/sles9p5055560.nasl |
2009-10-10 | Name : SLES9: Security update for Linux kernel File : nvt/sles9p5055991.nasl |
2009-10-10 | Name : SLES9: Security update for Linux kernel File : nvt/sles9p5056729.nasl |
2009-10-10 | Name : SLES9: Security update for GnuTLS File : nvt/sles9p5057720.nasl |
2009-10-10 | Name : SLES9: Security update for libxml.rpm File : nvt/sles9p5058211.nasl |
2009-10-10 | Name : SLES9: Security update for IBM Java2 JRE and SDK File : nvt/sles9p5059500.nasl |
2009-10-06 | Name : Fedora Core 10 FEDORA-2009-10165 (kernel) File : nvt/fcore_2009_10165.nasl |
2009-09-28 | Name : RedHat Security Advisory RHSA-2009:1457 File : nvt/RHSA_2009_1457.nasl |
2009-09-28 | Name : Fedora Core 11 FEDORA-2009-8565 (gnutls) File : nvt/fcore_2009_8565.nasl |
2009-09-28 | Name : Fedora Core 10 FEDORA-2009-8622 (gnutls) File : nvt/fcore_2009_8622.nasl |
2009-09-28 | Name : Gentoo Security Advisory GLSA 200909-20 (curl) File : nvt/glsa_200909_20.nasl |
2009-09-23 | Name : Solaris Update for usr/sbin/ntpq 141397-01 File : nvt/gb_solaris_141397_01.nasl |
2009-09-23 | Name : Solaris Update for ntpq 141910-01 File : nvt/gb_solaris_141910_01.nasl |
2009-09-23 | Name : Solaris Update for ntpq 141911-01 File : nvt/gb_solaris_141911_01.nasl |
2009-09-21 | Name : Mandrake Security Advisory MDVSA-2009:233 (kernel) File : nvt/mdksa_2009_233.nasl |
2009-09-21 | Name : CentOS Security Advisory CESA-2009:1243 (kernel) File : nvt/ovcesa2009_1243.nasl |
2009-09-21 | Name : CentOS Security Advisory CESA-2009:1438 (kernel) File : nvt/ovcesa2009_1438.nasl |
2009-09-21 | Name : SuSE Security Summary SUSE-SR:2009:015 File : nvt/suse_sr_2009_015.nasl |
2009-09-15 | Name : RedHat Security Advisory RHSA-2009:1438 File : nvt/RHSA_2009_1438.nasl |
2009-09-09 | Name : RedHat Security Advisory RHSA-2009:1239 File : nvt/RHSA_2009_1239.nasl |
2009-09-09 | Name : RedHat Security Advisory RHSA-2009:1243 File : nvt/RHSA_2009_1243.nasl |
2009-09-09 | Name : SuSE Security Summary SUSE-SR:2009:014 File : nvt/suse_sr_2009_014.nasl |
2009-09-02 | Name : RedHat Security Advisory RHSA-2009:1222 File : nvt/RHSA_2009_1222.nasl |
2009-09-02 | Name : RedHat Security Advisory RHSA-2009:1223 File : nvt/RHSA_2009_1223.nasl |
2009-09-02 | Name : RedHat Security Advisory RHSA-2009:1232 File : nvt/RHSA_2009_1232.nasl |
2009-09-02 | Name : RedHat Security Advisory RHSA-2009:1233 File : nvt/RHSA_2009_1233.nasl |
2009-09-02 | Name : RedHat Security Advisory RHSA-2009:1236 File : nvt/RHSA_2009_1236.nasl |
2009-09-02 | Name : Debian Security Advisory DSA 1862-1 (linux-2.6) File : nvt/deb_1862_1.nasl |
2009-09-02 | Name : Debian Security Advisory DSA 1864-1 (linux-2.6.24) File : nvt/deb_1864_1.nasl |
2009-09-02 | Name : Debian Security Advisory DSA 1865-1 (linux-2.6) File : nvt/deb_1865_1.nasl |
2009-09-02 | Name : Debian Security Advisory DSA 1869-1 (curl) File : nvt/deb_1869_1.nasl |
2009-09-02 | Name : Debian Security Advisory DSA 1872-1 (linux-2.6) File : nvt/deb_1872_1.nasl |
2009-09-02 | Name : Fedora Core 11 FEDORA-2009-8580 (mingw32-libxml2) File : nvt/fcore_2009_8580.nasl |
2009-09-02 | Name : Fedora Core 11 FEDORA-2009-8582 (libxml) File : nvt/fcore_2009_8582.nasl |
2009-09-02 | Name : Fedora Core 10 FEDORA-2009-8594 (libxml) File : nvt/fcore_2009_8594.nasl |
2009-09-02 | Name : Fedora Core 10 FEDORA-2009-8647 (kernel) File : nvt/fcore_2009_8647.nasl |
2009-09-02 | Name : Fedora Core 11 FEDORA-2009-8649 (kernel) File : nvt/fcore_2009_8649.nasl |
2009-09-02 | Name : Fedora Core 11 FEDORA-2009-8684 (kernel) File : nvt/fcore_2009_8684.nasl |
2009-09-02 | Name : Fedora Core 11 FEDORA-2009-9044 (kernel) File : nvt/fcore_2009_9044.nasl |
2009-09-02 | Name : FreeBSD Ports: gnutls File : nvt/freebsd_gnutls5.nasl |
2009-09-02 | Name : Mandrake Security Advisory MDVSA-2009:203 (curl) File : nvt/mdksa_2009_203.nasl |
2009-09-02 | Name : Mandrake Security Advisory MDVSA-2009:205 (kernel) File : nvt/mdksa_2009_205.nasl |
2009-09-02 | Name : Mandrake Security Advisory MDVSA-2009:209 (java-1.6.0-openjdk) File : nvt/mdksa_2009_209.nasl |
2009-09-02 | Name : Mandrake Security Advisory MDVSA-2009:210 (gnutls) File : nvt/mdksa_2009_210.nasl |
2009-09-02 | Name : Mandrake Security Advisory MDVSA-2009:211 (expat) File : nvt/mdksa_2009_211.nasl |
2009-09-02 | Name : Mandrake Security Advisory MDVSA-2009:212 (python) File : nvt/mdksa_2009_212.nasl |
2009-09-02 | Name : Mandrake Security Advisory MDVSA-2009:213 (wxgtk) File : nvt/mdksa_2009_213.nasl |
2009-09-02 | Name : Mandrake Security Advisory MDVSA-2009:214 (python-celementtree) File : nvt/mdksa_2009_214.nasl |
2009-09-02 | Name : Mandrake Security Advisory MDVSA-2009:215 (audacity) File : nvt/mdksa_2009_215.nasl |
2009-09-02 | Name : Mandrake Security Advisory MDVSA-2009:216 (mozilla-thunderbird) File : nvt/mdksa_2009_216.nasl |
2009-09-02 | Name : Mandrake Security Advisory MDVSA-2009:217 (mozilla-thunderbird) File : nvt/mdksa_2009_217.nasl |
2009-09-02 | Name : Mandrake Security Advisory MDVSA-2009:218 (w3c-libwww) File : nvt/mdksa_2009_218.nasl |
2009-09-02 | Name : Mandrake Security Advisory MDVSA-2009:219 (kompozer) File : nvt/mdksa_2009_219.nasl |
2009-09-02 | Name : Mandrake Security Advisory MDVSA-2009:220 (davfs) File : nvt/mdksa_2009_220.nasl |
2009-09-02 | Name : CentOS Security Advisory CESA-2009:1222 (kernel) File : nvt/ovcesa2009_1222.nasl |
2009-09-02 | Name : CentOS Security Advisory CESA-2009:1223 (kernel) File : nvt/ovcesa2009_1223.nasl |
2009-09-02 | Name : CentOS Security Advisory CESA-2009:1232 (gnutls) File : nvt/ovcesa2009_1232.nasl |
2009-09-02 | Name : CentOS Security Advisory CESA-2009:1233 (kernel) File : nvt/ovcesa2009_1233.nasl |
2009-09-02 | Name : SuSE Security Advisory SUSE-SA:2009:045 (kernel) File : nvt/suse_sa_2009_045.nasl |
2009-09-02 | Name : Ubuntu USN-809-1 (gnutls26) File : nvt/ubuntu_809_1.nasl |
2009-09-02 | Name : Ubuntu USN-818-1 (curl) File : nvt/ubuntu_818_1.nasl |
2009-08-24 | Name : Sun Java SE Multiple Unspecified Vulnerabilities File : nvt/secpod_sun_java_se_mult_unspecified_vuln.nasl |
2009-08-24 | Name : Unsafe Interaction In Sun Java SE Abstract Window Toolkit (Linux) File : nvt/secpod_sun_java_se_unsafe_interaction_lin.nasl |
2009-08-20 | Name : Sun Java JDK/JRE JPEG Images Integer Overflow Vulnerability - Aug09 File : nvt/gb_sun_java_jre_int_overflow_vuln_aug09.nasl |
2009-08-20 | Name : Sun Java JDK/JRE Multiple Vulnerabilities - Aug09 File : nvt/gb_sun_java_jre_mult_vuln_aug09.nasl |
2009-08-20 | Name : Sun Java SE Unspecified Vulnerability In JDK/JRE/SDK - Aug09 File : nvt/gb_sun_java_se_unspecified_vuln_aug09.nasl |
2009-08-17 | Name : RedHat Security Advisory RHSA-2009:1179 File : nvt/RHSA_2009_1179.nasl |
2009-08-17 | Name : RedHat Security Advisory RHSA-2009:1180 File : nvt/RHSA_2009_1180.nasl |
2009-08-17 | Name : RedHat Security Advisory RHSA-2009:1181 File : nvt/RHSA_2009_1181.nasl |
2009-08-17 | Name : RedHat Security Advisory RHSA-2009:1193 File : nvt/RHSA_2009_1193.nasl |
2009-08-17 | Name : RedHat Security Advisory RHSA-2009:1198 File : nvt/RHSA_2009_1198.nasl |
2009-08-17 | Name : RedHat Security Advisory RHSA-2009:1199 File : nvt/RHSA_2009_1199.nasl |
2009-08-17 | Name : RedHat Security Advisory RHSA-2009:1200 File : nvt/RHSA_2009_1200.nasl |
2009-08-17 | Name : RedHat Security Advisory RHSA-2009:1201 File : nvt/RHSA_2009_1201.nasl |
2009-08-17 | Name : RedHat Security Advisory RHSA-2009:1206 File : nvt/RHSA_2009_1206.nasl |
2009-08-17 | Name : RedHat Security Advisory RHSA-2009:1209 File : nvt/RHSA_2009_1209.nasl |
2009-08-17 | Name : RedHat Security Advisory RHSA-2009:1211 File : nvt/RHSA_2009_1211.nasl |
2009-08-17 | Name : Debian Security Advisory DSA 1844-1 (linux-2.6.24) File : nvt/deb_1844_1.nasl |
2009-08-17 | Name : Debian Security Advisory DSA 1845-1 (linux-2.6) File : nvt/deb_1845_1.nasl |
2009-08-17 | Name : Debian Security Advisory DSA 1847-1 (bind9) File : nvt/deb_1847_1.nasl |
2009-08-17 | Name : Debian Security Advisory DSA 1859-1 (libxml2) File : nvt/deb_1859_1.nasl |
2009-08-17 | Name : Debian Security Advisory DSA 1861-1 (libxml) File : nvt/deb_1861_1.nasl |
2009-08-17 | Name : Fedora Core 11 FEDORA-2009-8119 (bind) File : nvt/fcore_2009_8119.nasl |
2009-08-17 | Name : Fedora Core 11 FEDORA-2009-8144 (kernel) File : nvt/fcore_2009_8144.nasl |
2009-08-17 | Name : Fedora Core 10 FEDORA-2009-8264 (kernel) File : nvt/fcore_2009_8264.nasl |
2009-08-17 | Name : Fedora Core 11 FEDORA-2009-8329 (java-1.6.0-openjdk) File : nvt/fcore_2009_8329.nasl |
2009-08-17 | Name : Fedora Core 10 FEDORA-2009-8337 (java-1.6.0-openjdk) File : nvt/fcore_2009_8337.nasl |
2009-08-17 | Name : Fedora Core 10 FEDORA-2009-8491 (libxml2) File : nvt/fcore_2009_8491.nasl |
2009-08-17 | Name : Fedora Core 11 FEDORA-2009-8498 (libxml2) File : nvt/fcore_2009_8498.nasl |
2009-08-17 | Name : FreeBSD Ports: bind9 File : nvt/freebsd_bind91.nasl |
2009-08-17 | Name : Gentoo Security Advisory GLSA 200908-02 (bind) File : nvt/glsa_200908_02.nasl |
2009-08-17 | Name : Mandrake Security Advisory MDVSA-2009:162 (java-1.6.0-openjdk) File : nvt/mdksa_2009_162.nasl |
2009-08-17 | Name : Mandrake Security Advisory MDVSA-2009:163 (tomcat5) File : nvt/mdksa_2009_163.nasl |
2009-08-17 | Name : Mandrake Security Advisory MDVSA-2009:181 (bind) File : nvt/mdksa_2009_181.nasl |
2009-08-17 | Name : Mandrake Security Advisory MDVSA-2009:200 (libxml) File : nvt/mdksa_2009_200.nasl |
2009-08-17 | Name : CentOS Security Advisory CESA-2009:1164 (tomcat) File : nvt/ovcesa2009_1164.nasl |
2009-08-17 | Name : CentOS Security Advisory CESA-2009:1176 (python) File : nvt/ovcesa2009_1176.nasl |
2009-08-17 | Name : CentOS Security Advisory CESA-2009:1179 (bind) File : nvt/ovcesa2009_1179.nasl |
2009-08-17 | Name : CentOS Security Advisory CESA-2009:1180 (bind) File : nvt/ovcesa2009_1180.nasl |
2009-08-17 | Name : CentOS Security Advisory CESA-2009:1181 (bind) File : nvt/ovcesa2009_1181.nasl |
2009-08-17 | Name : CentOS Security Advisory CESA-2009:1193 (kernel) File : nvt/ovcesa2009_1193.nasl |
2009-08-17 | Name : CentOS Security Advisory CESA-2009:1201 (java-1.6.0-openjdk) File : nvt/ovcesa2009_1201.nasl |
2009-08-17 | Name : CentOS Security Advisory CESA-2009:1206 (libxml2) File : nvt/ovcesa2009_1206.nasl |
2009-08-17 | Name : CentOS Security Advisory CESA-2009:1209 (curl) File : nvt/ovcesa2009_1209.nasl |
2009-08-17 | Name : SuSE Security Advisory SUSE-SA:2009:040 (bind) File : nvt/suse_sa_2009_040.nasl |
2009-08-17 | Name : SuSE Security Advisory SUSE-SA:2009:043 (java-1_5_0-sun,java-1_6_0-sun) File : nvt/suse_sa_2009_043.nasl |
2009-08-17 | Name : SuSE Security Summary SUSE-SR:2009:013 File : nvt/suse_sr_2009_013.nasl |
2009-08-17 | Name : Ubuntu USN-808-1 (bind9) File : nvt/ubuntu_808_1.nasl |
2009-08-17 | Name : Ubuntu USN-814-1 (openjdk-6) File : nvt/ubuntu_814_1.nasl |
2009-08-17 | Name : Ubuntu USN-815-1 (libxml2) File : nvt/ubuntu_815_1.nasl |
2009-08-14 | Name : HP-UX Update for BIND HPSBUX02451 File : nvt/gb_hp_ux_HPSBUX02451.nasl |
2009-08-03 | Name : HP-UX Update for XNTP HPSBUX02437 File : nvt/gb_hp_ux_HPSBUX02437.nasl |
2009-07-29 | Name : RedHat Security Advisory RHSA-2009:1157 File : nvt/RHSA_2009_1157.nasl |
2009-07-29 | Name : RedHat Security Advisory RHSA-2009:1164 File : nvt/RHSA_2009_1164.nasl |
2009-07-29 | Name : RedHat Security Advisory RHSA-2009:1176 File : nvt/RHSA_2009_1176.nasl |
2009-07-29 | Name : RedHat Security Advisory RHSA-2009:1177 File : nvt/RHSA_2009_1177.nasl |
2009-07-29 | Name : RedHat Security Advisory RHSA-2009:1178 File : nvt/RHSA_2009_1178.nasl |
2009-07-29 | Name : ISC BIND 9 Remote Dynamic Update Message Denial of Service Vulnerability File : nvt/bind_cve_2009_0696.nasl |
2009-07-29 | Name : FreeBSD Security Advisory (FreeBSD-SA-09:12.bind.asc) File : nvt/freebsdsa_bind7.nasl |
2009-07-29 | Name : Gentoo Security Advisory GLSA 200907-16 (python) File : nvt/glsa_200907_16.nasl |
2009-07-29 | Name : CentOS Security Advisory CESA-2009:1178 (python) File : nvt/ovcesa2009_1178.nasl |
2009-07-29 | Name : SuSE Security Advisory SUSE-SA:2009:038 (kernel) File : nvt/suse_sa_2009_038.nasl |
2009-07-29 | Name : Ubuntu USN-805-1 (ruby1.9) File : nvt/ubuntu_805_1.nasl |
2009-07-29 | Name : Ubuntu USN-806-1 (python2.5) File : nvt/ubuntu_806_1.nasl |
2009-07-15 | Name : Mandrake Security Advisory MDVSA-2009:148 (kernel) File : nvt/mdksa_2009_148.nasl |
2009-07-06 | Name : RedHat Security Advisory RHSA-2009:1132 File : nvt/RHSA_2009_1132.nasl |
2009-07-06 | Name : SuSE Security Summary SUSE-SR:2009:012 File : nvt/suse_sr_2009_012.nasl |
2009-06-30 | Name : Fedora Core 11 FEDORA-2009-6768 (kernel) File : nvt/fcore_2009_6768.nasl |
2009-06-30 | Name : Fedora Core 9 FEDORA-2009-6846 (kernel) File : nvt/fcore_2009_6846.nasl |
2009-06-30 | Name : Fedora Core 10 FEDORA-2009-6883 (kernel) File : nvt/fcore_2009_6883.nasl |
2009-06-30 | Name : Mandrake Security Advisory MDVSA-2009:136 (tomcat5) File : nvt/mdksa_2009_136.nasl |
2009-06-30 | Name : Mandrake Security Advisory MDVSA-2009:138 (tomcat5) File : nvt/mdksa_2009_138.nasl |
2009-06-30 | Name : Ubuntu USN-789-1 (gst-plugins-good0.10) File : nvt/ubuntu_789_1.nasl |
2009-06-23 | Name : RedHat Security Advisory RHSA-2009:1106 File : nvt/RHSA_2009_1106.nasl |
2009-06-23 | Name : Fedora Core 11 FEDORA-2009-5674 (ntp) File : nvt/fcore_2009_5674.nasl |
2009-06-23 | Name : Mandrake Security Advisory MDVSA-2009:135 (kernel) File : nvt/mdksa_2009_135.nasl |
2009-06-23 | Name : Mandrake Security Advisory MDVSA-2009:137 (java-1.6.0-openjdk) File : nvt/mdksa_2009_137.nasl |
2009-06-23 | Name : CentOS Security Advisory CESA-2009:1106 (kernel) File : nvt/ovcesa2009_1106.nasl |
2009-06-23 | Name : Ubuntu USN-788-1 (tomcat6) File : nvt/ubuntu_788_1.nasl |
2009-06-16 | Name : Apache Tomcat Multiple Vulnerabilities June-09 File : nvt/gb_apache_tomcat_mult_vuln_jun09.nasl |
2009-06-15 | Name : FreeBSD Security Advisory (FreeBSD-SA-09:11.ntpd.asc) File : nvt/freebsdsa_ntpd1.nasl |
2009-06-15 | Name : SuSE Security Summary SUSE-SR:2009:011 File : nvt/suse_sr_2009_011.nasl |
2009-06-09 | Name : SuSE Security Advisory SUSE-SA:2009:030 (kernel) File : nvt/suse_sa_2009_030.nasl |
2009-06-09 | Name : SuSE Security Advisory SUSE-SA:2009:031 (kernel) File : nvt/suse_sa_2009_031.nasl |
2009-06-09 | Name : SuSE Security Advisory SUSE-SA:2009:032 (kernel) File : nvt/suse_sa_2009_032.nasl |
2009-06-05 | Name : RedHat Security Advisory RHSA-2009:1077 File : nvt/RHSA_2009_1077.nasl |
2009-06-05 | Name : RedHat Security Advisory RHSA-2009:1081 File : nvt/RHSA_2009_1081.nasl |
2009-06-05 | Name : Debian Security Advisory DSA 1809-1 (linux-2.6) File : nvt/deb_1809_1.nasl |
2009-06-05 | Name : Fedora Core 10 FEDORA-2009-5273 (ntp) File : nvt/fcore_2009_5273.nasl |
2009-06-05 | Name : Fedora Core 9 FEDORA-2009-5275 (ntp) File : nvt/fcore_2009_5275.nasl |
2009-06-05 | Name : Fedora Core 10 FEDORA-2009-5356 (kernel) File : nvt/fcore_2009_5356.nasl |
2009-06-05 | Name : Fedora Core 9 FEDORA-2009-5383 (kernel) File : nvt/fcore_2009_5383.nasl |
2009-06-05 | Name : Gentoo Security Advisory GLSA 200905-08 (ntp) File : nvt/glsa_200905_08.nasl |
2009-06-05 | Name : Mandrake Security Advisory MDVSA-2009:117 (ntp) File : nvt/mdksa_2009_117.nasl |
2009-06-05 | Name : Mandrake Security Advisory MDVSA-2009:119 (kernel) File : nvt/mdksa_2009_119.nasl |
2009-06-05 | Name : Ubuntu USN-719-1 (libpam-krb5) File : nvt/ubuntu_719_1.nasl |
2009-06-05 | Name : Ubuntu USN-720-1 (php5) File : nvt/ubuntu_720_1.nasl |
2009-06-05 | Name : Ubuntu USN-723-1 (git-core) File : nvt/ubuntu_723_1.nasl |
2009-06-05 | Name : Ubuntu USN-743-1 (gs-gpl) File : nvt/ubuntu_743_1.nasl |
2009-06-05 | Name : Ubuntu USN-744-1 (lcms) File : nvt/ubuntu_744_1.nasl |
2009-06-05 | Name : Ubuntu USN-776-2 (kvm) File : nvt/ubuntu_776_2.nasl |
2009-06-05 | Name : Ubuntu USN-777-1 (ntp) File : nvt/ubuntu_777_1.nasl |
2009-06-01 | Name : HP-UX Update for Java HPSBUX02429 File : nvt/gb_hp_ux_HPSBUX02429.nasl |
2009-05-25 | Name : Debian Security Advisory DSA 1800-1 (linux-2.6) File : nvt/deb_1800_1.nasl |
2009-05-25 | Name : Debian Security Advisory DSA 1801-1 (ntp) File : nvt/deb_1801_1.nasl |
2009-05-25 | Name : FreeBSD Ports: ntp File : nvt/freebsd_ntp.nasl |
2009-05-25 | Name : Mandrake Security Advisory MDVSA-2009:118 (kernel) File : nvt/mdksa_2009_118.nasl |
2009-05-25 | Name : CentOS Security Advisory CESA-2009:1039 (ntp) File : nvt/ovcesa2009_1039.nasl |
2009-05-22 | Name : NTP 'ntpd' Autokey Stack Overflow Vulnerability File : nvt/secpod_ntp_bof_vuln_may09.nasl |
2009-05-20 | Name : RedHat Security Advisory RHSA-2009:1024 File : nvt/RHSA_2009_1024.nasl |
2009-05-20 | Name : RedHat Security Advisory RHSA-2009:1038 File : nvt/RHSA_2009_1038.nasl |
2009-05-20 | Name : RedHat Security Advisory RHSA-2009:1039 File : nvt/RHSA_2009_1039.nasl |
2009-05-20 | Name : RedHat Security Advisory RHSA-2009:1040 File : nvt/RHSA_2009_1040.nasl |
2009-05-11 | Name : RedHat Security Advisory RHSA-2009:0473 File : nvt/RHSA_2009_0473.nasl |
2009-05-11 | Name : Debian Security Advisory DSA 1794-1 (linux-2.6) File : nvt/deb_1794_1.nasl |
2009-05-11 | Name : CentOS Security Advisory CESA-2009:0473 (kernel) File : nvt/ovcesa2009_0473.nasl |
2009-05-05 | Name : RedHat Security Advisory RHSA-2009:0451 File : nvt/RHSA_2009_0451.nasl |
2009-05-05 | Name : RedHat Security Advisory RHSA-2009:0459 File : nvt/RHSA_2009_0459.nasl |
2009-05-05 | Name : Debian Security Advisory DSA 1787-1 (linux-2.6.24) File : nvt/deb_1787_1.nasl |
2009-05-05 | Name : HP-UX Update for Apache Web Server Suite HPSBUX02401 File : nvt/gb_hp_ux_HPSBUX02401.nasl |
2009-05-05 | Name : CentOS Security Advisory CESA-2009:0459 (kernel) File : nvt/ovcesa2009_0459.nasl |
2009-04-30 | Name : NTP Stack Buffer Overflow Vulnerability File : nvt/secpod_ntp_bof_vuln.nasl |
2009-04-28 | Name : CentOS Security Advisory CESA-2009:0331 (kernel) File : nvt/ovcesa2009_0331.nasl |
2009-04-23 | Name : Sun Java JRE Multiple Vulnerabilities (Linux) File : nvt/gb_sun_java_jre_dos_vuln_lin.nasl |
2009-04-23 | Name : Sun Java JDK/JRE Multiple Vulnerabilities (Win) File : nvt/gb_sun_java_jre_dos_vuln_win.nasl |
2009-04-20 | Name : SuSE Security Advisory SUSE-SA:2009:021 (kernel) File : nvt/suse_sa_2009_021.nasl |
2009-04-15 | Name : RedHat Security Advisory RHSA-2009:0377 File : nvt/RHSA_2009_0377.nasl |
2009-04-15 | Name : Debian Security Advisory DSA 1769-1 (openjdk-6) File : nvt/deb_1769_1.nasl |
2009-04-15 | Name : Mandrake Security Advisory MDVSA-2009:092 (ntp) File : nvt/mdksa_2009_092.nasl |
2009-04-15 | Name : CentOS Security Advisory CESA-2009:0377 (java-1.6.0-openjdk) File : nvt/ovcesa2009_0377.nasl |
2009-04-15 | Name : Ubuntu USN-752-1 (linux-source-2.6.15) File : nvt/ubuntu_752_1.nasl |
2009-04-15 | Name : Ubuntu USN-753-1 (postgresql-8.3) File : nvt/ubuntu_753_1.nasl |
2009-04-09 | Name : Mandriva Update for python MDKSA-2007:099 (python) File : nvt/gb_mandriva_MDKSA_2007_099.nasl |
2009-04-09 | Name : Mandriva Update for tomcat5 MDKSA-2007:241 (tomcat5) File : nvt/gb_mandriva_MDKSA_2007_241.nasl |
2009-04-09 | Name : Mandriva Update for python MDVSA-2008:013 (python) File : nvt/gb_mandriva_MDVSA_2008_013.nasl |
2009-04-09 | Name : Mandriva Update for python MDVSA-2008:085 (python) File : nvt/gb_mandriva_MDVSA_2008_085.nasl |
2009-04-09 | Name : Mandriva Update for kernel MDVSA-2008:112 (kernel) File : nvt/gb_mandriva_MDVSA_2008_112.nasl |
2009-04-09 | Name : Mandriva Update for python MDVSA-2008:163 (python) File : nvt/gb_mandriva_MDVSA_2008_163.nasl |
2009-04-09 | Name : Mandriva Update for tomcat5 MDVSA-2008:188 (tomcat5) File : nvt/gb_mandriva_MDVSA_2008_188.nasl |
2009-04-09 | Name : Mandriva Update for kernel MDVSA-2008:224 (kernel) File : nvt/gb_mandriva_MDVSA_2008_224.nasl |
2009-04-09 | Name : Mandriva Update for kernel MDVSA-2008:224-1 (kernel) File : nvt/gb_mandriva_MDVSA_2008_224_1.nasl |
2009-04-06 | Name : RedHat Security Advisory RHSA-2009:0326 File : nvt/RHSA_2009_0326.nasl |
2009-04-06 | Name : CentOS Security Advisory CESA-2009:0326 (kernel) File : nvt/ovcesa2009_0326.nasl |
2009-04-06 | Name : SuSE Security Advisory SUSE-SA:2009:016 (Sun Java 5 and 6) File : nvt/suse_sa_2009_016.nasl |
2009-04-06 | Name : Ubuntu USN-746-1 (xine-lib) File : nvt/ubuntu_746_1.nasl |
2009-04-06 | Name : Ubuntu USN-747-1 (icu) File : nvt/ubuntu_747_1.nasl |
2009-04-06 | Name : Ubuntu USN-748-1 (openjdk-6) File : nvt/ubuntu_748_1.nasl |
2009-03-31 | Name : RedHat Security Advisory RHSA-2009:0360 File : nvt/RHSA_2009_0360.nasl |
2009-03-31 | Name : RedHat Security Advisory RHSA-2009:0392 File : nvt/RHSA_2009_0392.nasl |
2009-03-31 | Name : RedHat Security Advisory RHSA-2009:0394 File : nvt/RHSA_2009_0394.nasl |
2009-03-31 | Name : Debian Security Advisory DSA 1749-1 (linux-2.6) File : nvt/deb_1749_1.nasl |
2009-03-23 | Name : Ubuntu Update for linux-source-2.6.17/20/22 vulnerabilities USN-574-1 File : nvt/gb_ubuntu_USN_574_1.nasl |
2009-03-23 | Name : Ubuntu Update for python2.4/2.5 vulnerabilities USN-585-1 File : nvt/gb_ubuntu_USN_585_1.nasl |
2009-03-23 | Name : Ubuntu Update for python2.4, python2.5 vulnerabilities USN-632-1 File : nvt/gb_ubuntu_USN_632_1.nasl |
2009-03-23 | Name : Ubuntu Update for linux vulnerability USN-662-1 File : nvt/gb_ubuntu_USN_662_1.nasl |
2009-03-18 | Name : Apache Tomcat cal2.jsp Cross Site Scripting Vulnerability File : nvt/gb_apache_tomcat_xss_vuln.nasl |
2009-03-13 | Name : RedHat Security Advisory RHSA-2009:0331 File : nvt/RHSA_2009_0331.nasl |
2009-03-13 | Name : Mandrake Security Advisory MDVSA-2009:071 (kernel) File : nvt/mdksa_2009_071.nasl |
2009-03-13 | Name : Ubuntu USN-731-1 (apache2) File : nvt/ubuntu_731_1.nasl |
2009-03-13 | Name : Ubuntu USN-732-1 (dash) File : nvt/ubuntu_732_1.nasl |
2009-03-06 | Name : RedHat Update for python RHSA-2007:1076-02 File : nvt/gb_RHSA-2007_1076-02_python.nasl |
2009-03-06 | Name : RedHat Update for python RHSA-2007:1077-01 File : nvt/gb_RHSA-2007_1077-01_python.nasl |
2009-03-06 | Name : RedHat Update for tomcat RHSA-2008:0042-01 File : nvt/gb_RHSA-2008_0042-01_tomcat.nasl |
2009-03-06 | Name : RedHat Update for tomcat RHSA-2008:0648-01 File : nvt/gb_RHSA-2008_0648-01_tomcat.nasl |
2009-03-06 | Name : RedHat Update for kernel RHSA-2008:0972-01 File : nvt/gb_RHSA-2008_0972-01_kernel.nasl |
2009-03-02 | Name : SuSE Security Advisory SUSE-SA:2009:010 (kernel) File : nvt/suse_sa_2009_010.nasl |
2009-02-27 | Name : CentOS Update for python-docs CESA-2007:1076 centos3 i386 File : nvt/gb_CESA-2007_1076_python-docs_centos3_i386.nasl |
2009-02-27 | Name : CentOS Update for python-docs CESA-2007:1076 centos3 x86_64 File : nvt/gb_CESA-2007_1076_python-docs_centos3_x86_64.nasl |
2009-02-27 | Name : CentOS Update for python CESA-2007:1077-01 centos2 i386 File : nvt/gb_CESA-2007_1077-01_python_centos2_i386.nasl |
2009-02-27 | Name : CentOS Update for kernel CESA-2008:0972 centos4 i386 File : nvt/gb_CESA-2008_0972_kernel_centos4_i386.nasl |
2009-02-27 | Name : CentOS Update for kernel CESA-2008:0972 centos4 x86_64 File : nvt/gb_CESA-2008_0972_kernel_centos4_x86_64.nasl |
2009-02-27 | Name : Fedora Update for python FEDORA-2007-2663 File : nvt/gb_fedora_2007_2663_python_fc7.nasl |
2009-02-27 | Name : Fedora Update for tomcat5 FEDORA-2007-3456 File : nvt/gb_fedora_2007_3456_tomcat5_fc7.nasl |
2009-02-27 | Name : Fedora Update for tomcat5 FEDORA-2007-3474 File : nvt/gb_fedora_2007_3474_tomcat5_fc8.nasl |
2009-02-18 | Name : SuSE Security Summary SUSE-SR:2009:004 File : nvt/suse_sr_2009_004.nasl |
2009-02-17 | Name : Fedora Update for tomcat6 FEDORA-2008-7977 File : nvt/gb_fedora_2008_7977_tomcat6_fc9.nasl |
2009-02-17 | Name : Fedora Update for tomcat5 FEDORA-2008-8113 File : nvt/gb_fedora_2008_8113_tomcat5_fc9.nasl |
2009-02-17 | Name : Fedora Update for tomcat5 FEDORA-2008-8130 File : nvt/gb_fedora_2008_8130_tomcat5_fc8.nasl |
2009-02-16 | Name : Fedora Update for tomcat5 FEDORA-2008-1467 File : nvt/gb_fedora_2008_1467_tomcat5_fc7.nasl |
2009-02-16 | Name : Fedora Update for tomcat5 FEDORA-2008-1603 File : nvt/gb_fedora_2008_1603_tomcat5_fc8.nasl |
2009-02-13 | Name : Fedora Update for kernel FEDORA-2008-11618 File : nvt/gb_fedora_2008_11618_kernel_fc9.nasl |
2009-02-13 | Name : Mandrake Security Advisory MDVSA-2009:036 (python) File : nvt/mdksa_2009_036.nasl |
2009-02-10 | Name : RedHat Security Advisory RHSA-2009:0053 File : nvt/RHSA_2009_0053.nasl |
2009-02-02 | Name : Fedora Core 9 FEDORA-2009-0816 (kernel) File : nvt/fcore_2009_0816.nasl |
2009-02-02 | Name : Ubuntu USN-715-1 (linux) File : nvt/ubuntu_715_1.nasl |
2009-01-26 | Name : RedHat Security Advisory RHSA-2009:0009 File : nvt/RHSA_2009_0009.nasl |
2009-01-23 | Name : SuSE Update for kernel SUSE-SA:2008:051 File : nvt/gb_suse_2008_051.nasl |
2009-01-23 | Name : SuSE Update for kernel SUSE-SA:2008:052 File : nvt/gb_suse_2008_052.nasl |
2009-01-23 | Name : SuSE Update for kernel SUSE-SA:2008:053 File : nvt/gb_suse_2008_053.nasl |
2009-01-23 | Name : SuSE Update for kernel SUSE-SA:2008:056 File : nvt/gb_suse_2008_056.nasl |
2009-01-20 | Name : Mandrake Security Advisory MDVSA-2009:018 (tomcat5) File : nvt/mdksa_2009_018.nasl |
2009-01-20 | Name : SuSE Security Advisory SUSE-SA:2009:003 (kernel-debug) File : nvt/suse_sa_2009_003.nasl |
2009-01-20 | Name : SuSE Security Summary SUSE-SR:2009:001 (OpenSuSE 11.1) File : nvt/suse_sr_2009_001.nasl |
2009-01-20 | Name : SuSE Security Summary SUSE-SR:2009:001 (OpenSuSE 11.0) File : nvt/suse_sr_2009_001a.nasl |
2009-01-20 | Name : SuSE Security Summary SUSE-SR:2009:001 (OpenSuSE 10.3) File : nvt/suse_sr_2009_001b.nasl |
2009-01-13 | Name : Mandrake Security Advisory MDVSA-2009:003 (python) File : nvt/mdksa_2009_003.nasl |
2008-12-23 | Name : Debian Security Advisory DSA 1687-1 (linux-2.6) File : nvt/deb_1687_1.nasl |
2008-12-10 | Name : Debian Security Advisory DSA 1681-1 (linux-2.6.24) File : nvt/deb_1681_1.nasl |
2008-11-24 | Name : Debian Security Advisory DSA 1667-1 (python2.4) File : nvt/deb_1667_1.nasl |
2008-11-14 | Name : Python Multiple Integer Overflow Vulnerabilities (Win) File : nvt/gb_python_intgr_overflow_vuln_win.nasl |
2008-11-11 | Name : Python Imageop Module imageop.crop() BOF Vulnerability (Win) File : nvt/gb_python_imageop_bof_vuln_win.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200711-07 (python) File : nvt/glsa_200711_07.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200804-10 (tomcat) File : nvt/glsa_200804_10.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200807-01 (python) File : nvt/glsa_200807_01.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200807-16 (python) File : nvt/glsa_200807_16.nasl |
2008-09-17 | Name : FreeBSD Ports: python24 File : nvt/freebsd_python24.nasl |
2008-09-04 | Name : FreeBSD Ports: python23 File : nvt/freebsd_python23.nasl |
2008-08-22 | Name : Python Multiple Vulnerabilities (Linux) File : nvt/secpod_python_mult_vuln_lin_900106.nasl |
2008-08-22 | Name : Python Multiple Vulnerabilities (Win) File : nvt/secpod_python_mult_vuln_win_900105.nasl |
2008-08-15 | Name : Debian Security Advisory DSA 1620-1 (python2.5) File : nvt/deb_1620_1.nasl |
2008-08-07 | Name : Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities File : nvt/secpod_apache_tomcat_xss_n_bypass_vuln_900021.nasl |
2008-06-11 | Name : Debian Security Advisory DSA 1593-1 (tomcat5.5) File : nvt/deb_1593_1.nasl |
2008-04-21 | Name : Debian Security Advisory DSA 1551-1 (python2.4) File : nvt/deb_1551_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1436-1 (linux-2.6) File : nvt/deb_1436_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1447-1 (tomcat5.5) File : nvt/deb_1447_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1453-1 (tomcat5) File : nvt/deb_1453_1.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2008-217-01 python File : nvt/esoft_slk_ssa_2008_217_01.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2009-154-01 ntp File : nvt/esoft_slk_ssa_2009_154_01.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2009-210-01 bind File : nvt/esoft_slk_ssa_2009_210_01.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2009-226-01 curl File : nvt/esoft_slk_ssa_2009_226_01.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2009-230-01 kernel File : nvt/esoft_slk_ssa_2009_230_01.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2009-290-01 gnutls File : nvt/esoft_slk_ssa_2009_290_01.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2011-041-02 expat File : nvt/esoft_slk_ssa_2011_041_02.nasl |
0000-00-00 | Name : FreeBSD Ports: libxml File : nvt/freebsd_libxml1.nasl |
0000-00-00 | Name : FreeBSD Ports: libxml File : nvt/freebsd_libxml3.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
62879 | SSH Tectia Audit Player X.509 Certificate Authority (CA) Common Name Null Byt... |
62511 | CA Service Desk Tomcat host-manager/html/add name Parameter XSS CA Service Desk Tomcat contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'name' parameter upon submission to the 'host-manager/html/add' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server. |
57462 | Linux Kernel net/ipv*/udp.c MSG_MORE Flag Local Privilege Escalation |
57431 | Sun Java JDK / JRE JNLPAppletlauncher Unspecified Arbitrary File Manipulation |
57264 | Linux Kernel execve Function current->clear_child_tid Pointer Handling Loc... |
57208 | Linux Kernel 64-bit kernel/signal.c do_sigaltstack() Function Arbitrary Local... |
56994 | cURL/libcURL w/ OpenSSL X.509 Certificate Authority (CA) Common Name Null Byt... |
56992 | Linux Kernel Multiple Protocol proto_ops() Initialization NULL Dereference Lo... Linux kernel contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when the kernel fails to initialize all function pointers for socket operations in proto_ops structures, allowing local users to trigger a null pointer dereference. This flaw may lead to a loss of integrity. |
56990 | libxml2 DTD Element Declaration Handling Stack Consumption DoS |
56985 | libxml2 XML File Multiple Attribute Type Handling DoS |
56984 | Apache Xerces2 Java Malformed XML Input DoS |
56964 | Sun Java SE Abstract Window Toolkit (AWT) Window Border Distance Rendering We... |
56962 | Sun Java SE Web Start Implementation JNLP File Handling DoS |
56961 | Sun Java SE Plugin Functionality Version Selection Weakness |
56960 | GnuTLS libgnutls X.509 Certificate Multiple Fields NULL Character Spoofing SS... |
56959 | Sun Java SE Swing Implementation javax.swing.plaf.synth.SynthContext.isSubreg... |
56958 | Sun Java SE Provider Class Multiple Unspecified Issues (6406003) |
56957 | Sun Java SE Provider Class Multiple Unspecified Issues (6429594) |
56956 | Sun Java SE Provider Class Deserialization Unspecified Issue |
56955 | Sun Java SE java.lang Package Reflection Check Race Condition |
56788 | Sun Java JDK / JRE Audio System Unauthorized java.lang.System Properties Access |
56786 | Sun Java JDK / JRE Pack200 JAR File Decoding Inner Class Count Overflow |
56785 | Sun Java JDK / JRE Proxy Mechanism Implementation Arbitrary Host Connection |
56784 | Sun Java JDK / JRE Proxy Mechanism Implementation Unauthorized Browser Cookie... |
56783 | Sun Java JDK / JRE SOCKS Proxy Implementation Applet Process Owner Disclosure |
56691 | Linux Kernel eCryptfs fs/ecryptfs/keystore.c parse_tag_3_packet Function Encr... |
56690 | Linux Kernel eCryptfs fs/ecryptfs/keystore.c parse_tag_11_packet Function Lit... |
56584 | ISC BIND Dynamic Update Message Handling Remote DoS BIND contains a flaw that may allow a remote denial of service. The issue is triggered when when a server receives a dynamic update message containing a record type of "ANY" and where at least one RRset for this FQDN exists on the server, and will result in loss of availability for the platform. |
56444 | Linux Kernel net/ipv4/icmp.c icmp_send Function REJECT Route Remote DoS |
55807 | Linux Kernel PER_CLEAR_ON_SETID Mask Local Security Restriction Bypass |
55679 | Linux Kernel kernel/ptrace.c ptrace_start function Function Deadlock Local DoS |
55181 | Linux Kernel RTL8169 NIC Driver (drivers/net/r8169.c) Packet Handling Remote ... The Linux Realtek 8169/8168/8101 ethernet driver contains a flaw that may allow a denial of service. The issue is triggered when a specially crafted Jumbo Frame larger than 16383 bytes is received, and will result in loss of availability for the target Linux system. |
55056 | Apache Tomcat Cross-application TLD File Manipulation |
55055 | Apache Tomcat Illegally URL Encoded Password Request Username Enumeration |
55054 | Apache Tomcat Java AJP Connector mod_jk Load Balancing Worker Malformed Heade... |
55053 | Apache Tomcat Crafted Request Security Restraint Bypass Arbitrary Content Access |
54892 | Linux Kernel e1000 drivers/net/e1000/e1000_main.c e1000_clean_rx_irq Function... |
54576 | NTP ntpd/ntp_crypto.c crypto_recv() Function Remote Overflow |
54498 | Linux Kernel CIFS String Conversion Multiple Local Overflows |
54492 | Linux Kernel fs/nfs/dir.c nfs_permission() Function NFSv4 Share Permission By... |
54379 | Linux Kernel agp Subsystem drivers/char/agp/generic.c Local Memory Disclosure |
53951 | Linux Kernel fs/nfs/client.c encode_lookup Function Filename Handling Local DoS |
53629 | Linux Kernel kernel/exit.c exit_notify() Function CAP_KILL Capability Local P... |
53593 | NTP ntpq/ntpq.c cookedprint() Function Remote Overflow |
53362 | Linux Kernel fs/cifs/connect.c SMB Mount Request Tree Connect Response native... |
53312 | Linux Kernel fs/nfs/file.c do_setlk Function Race Condition Local DoS |
53178 | Sun Java JDK / JRE Java Plug-in Swing JLabel HTML Parsing Signed Applet Trust... |
53177 | Sun Java JDK / JRE Java Plug-in crossdomain.xml Parsing Restriction Bypass |
53176 | Sun Java JDK / JRE Java Plug-in Applet Execution Version Regression Weakness |
53175 | Sun Java JDK / JRE Java Plug-in LiveConnect Localhost Restriction Bypass |
53174 | Sun Java JDK / JRE Java Plug-in Deserializing Applets Unspecified Remote Priv... |
53173 | Sun Java JDK / JRE Virtual Machine Code Generation Unspecified Remote Privile... |
53172 | Sun Java JDK / JRE Lightweight HTTP Server Implementation JAX-WS Service Endp... |
53171 | Sun Java JDK / JRE Temporary Font File Unspecified Disk Consumption DoS (6632... |
53170 | Sun Java JDK / JRE Temporary Font File Creation Limit Unspecified Disk Consum... |
53169 | Sun Java JDK / JRE Type1 Font Glyph Description Handling Overflow |
53168 | Sun Java JDK / JRE GIF Image Handling Overflows |
53167 | Sun Java JDK / JRE Splash Screen PNG Image Handling Overflow |
53166 | Sun Java JDK / JRE unpack200 JAR File Pack200 Header Handling Multiple Overflows |
53165 | Sun Java JDK / JRE LDAP Implementation Serialized Data Unspecified Arbitrary ... |
53164 | Sun Java JDK / JRE LDAP Service LdapCtx Connection Persistence Remote DoS |
52899 | Apache Tomcat Examples Web Application Calendar Application jsp/cal/cal2.jsp ... Apache Tomcat Examples Web Application Calendar Application contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'time' parameter upon submission to the 'jsp/cal/cal2.jsp' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server. |
52861 | Linux Kernel nfsd CAP_MKNOD Unprivileged Device Node Creation |
52860 | Linux Kernel eCryptfs ecryptfs_write_metadata_to_contents Function Arbitrary ... |
52633 | Linux Kernel net/core/sock.c sock_getsockopt Function SO_BSDCOMPAT getsockopt... |
52631 | Linux Kernel fs/ext4/resize.c ext4_group_add Function Local DoS |
52461 | Linux Kernel 32bit/64bit audit_syscall_entry Function 32/64 Bit Syscall Cross... |
52364 | Linux Kernel fs/ext4/ext4.h ext4_isize Crafted ext4 Filesystem Handling Local... |
52204 | Linux Kernel clone() System Call Privileged Process Termination |
52203 | Linux Kernel fs/ext4/super.c ext4_fill_super() Function Ext4 File System Supe... |
52202 | Linux Kernel fs/ext4/namei.c make_indexed_dir() Function Ext4 File System Han... |
52201 | Linux Kernel syscall Filtering 32/64-bit Switching Bypass |
52198 | Linux Kernel drivers/net/skfp/skfddi.c skfp_ioctl() SysKonnect FDDI Driver St... |
51653 | Linux Kernel drivers/firmware/dell_rbu.c Zero-byte System Call Local DoS |
51606 | Linux Kernel eCryptfs Subsystem fs/ecryptfs/inode.c readlink Call Handling Lo... |
51000 | Linux Kernel libata SG_IO Request Timeout Invocation Saturation Local DoS |
50097 | Python imageop Module imageop.c crop Function Multiple Overflows An integer overflow exists in python. Python fails to validate input in imageop.c of the imageop module which results in an integer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity. |
50096 | Python Overflow Python/ Multiple Files Unspecified Overflow |
50095 | Python Overflow Parser/node.c Unspecified Overflow |
50094 | Python Overflow Objects/ Multiple Files Unspecified Overflow |
50093 | Python Overflow Modules/ Multiple Files Unspecified Overflow |
50092 | Python Overflow Include/pymem.h Unspecified Overflow |
49088 | Linux Kernel fs/ext*/dir.c Error Reporting Functionality Corrupted Filesystem... |
47481 | Python mysnprintf.c PyOS_vsnprintf Function Multiple Overflows Python contains a flaw that may allow a denial of service. The issue is triggered by an integer overflow in the PyOS_vsnprintf function in Python/mysnprintf.c, and will result in loss of availability for the affected process. |
47480 | Python PyMem_RESIZE Macro unicode_resize Function Unicode String Handling Mul... |
47478 | Python Multiple Modules Multiple Unspecified Overflows |
47463 | Apache Tomcat RequestDispatcher Traversal Arbitrary File Access |
47462 | Apache Tomcat HttpServletResponse.sendError Method Message Argument XSS |
45905 | Apache Tomcat Host Manager host-manager/html/add name Parameter XSS |
44730 | Python PyString_FromStringAndSize Function Memory Allocation Overflow |
44693 | Python zlib Extension Module Signed Integer Handling Arbitrary Remote Code Ex... An overflow exists in python. Python fails to validate input resulting in a negative signed integer, which triggers insufficient memory allocation and a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity. |
41436 | Apache Tomcat Native APR Connector Duplicate Request Issue |
41435 | Apache Tomcat %5C Cookie Handling Session ID Disclosure |
41434 | Apache Tomcat Exception Handling Subsequent Request Information Disclosure |
40248 | Linux Kernel hrtimer.c hrtimer_start Function Local Overflow |
40142 | Python imageop Module tovideo() Function Overflow |
39833 | Apache Tomcat JULI Logging Component catalina.policy Security Bypass |
38187 | Apache Geronimo / Tomcat WebDAV XML SYSTEM Tag Arbitrary File Access |
35247 | Python Modules/_localemodule.c PyLocale_strxfrm() Function Arbitrary Memory D... |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2015-05-21 | IAVM : 2015-A-0113 - Multiple Vulnerabilities in Juniper Networks CTPOS Severity : Category I - VMSKEY : V0060737 |
2009-10-22 | IAVM : 2009-A-0105 - Multiple Vulnerabilities in VMware Products Severity : Category I - VMSKEY : V0021867 |
2009-09-10 | IAVM : 2009-T-0049 - Multiple Vulnerabilities in libxml2 Severity : Category I - VMSKEY : V0019911 |
Snort® IPS/IDS
Date | Description |
---|---|
2017-08-01 | multiple products PNG processing buffer overflow attempt RuleID : 43399 - Revision : 2 - Type : FILE-IMAGE |
2014-01-10 | Apache Tomcat Java AJP connector invalid header timeout denial of service att... RuleID : 20613 - Revision : 2 - Type : SPECIFIC-THREATS |
2014-01-10 | Apache Tomcat Java AJP connector invalid header timeout DOS attempt RuleID : 20612 - Revision : 10 - Type : SERVER-APACHE |
2014-01-10 | Oracle Java GIF LZW minimum code size overflow attempt RuleID : 20239 - Revision : 6 - Type : FILE-JAVA |
2014-01-10 | Apache Tomcat username enumeration attempt RuleID : 18096 - Revision : 7 - Type : SERVER-APACHE |
2014-02-08 | (http_inspect)webrootdirectorytraversal RuleID : 18 - Revision : 2 - Type : |
2014-01-10 | Linux Kernel nfsd v4 CAP_MKNOD security bypass attempt RuleID : 17749 - Revision : 7 - Type : PROTOCOL-RPC |
2014-01-10 | Oracle Java Runtime Environment Type1 Font parsing integer overflow attempt RuleID : 17624 - Revision : 10 - Type : FILE-JAVA |
2014-01-10 | Oracle Java Runtime Environment Type1 Font parsing integer overflow attempt RuleID : 17623 - Revision : 16 - Type : FILE-JAVA |
2014-01-10 | Oracle Java Runtime Environment Pack200 Decompression Integer Overflow RuleID : 17522 - Revision : 12 - Type : FILE-JAVA |
2014-01-10 | multiple products PNG processing buffer overflow attempt RuleID : 16716 - Revision : 17 - Type : FILE-IMAGE |
2014-01-10 | Linux Kernel nfsd v3 tcp CAP_MKNOD security bypass attempt RuleID : 16702 - Revision : 7 - Type : PROTOCOL-RPC |
2014-01-10 | Linux Kernel nfsd v3 udp CAP_MKNOD security bypass attempt RuleID : 16701 - Revision : 8 - Type : PROTOCOL-RPC |
2014-01-10 | Linux Kernel nfsd v2 tcp CAP_MKNOD security bypass attempt RuleID : 16700 - Revision : 7 - Type : PROTOCOL-RPC |
2014-01-10 | Linux Kernel nfsd v2 udp CAP_MKNOD security bypass attempt RuleID : 16699 - Revision : 8 - Type : PROTOCOL-RPC |
2014-01-10 | ISC BIND dynamic update message denial of service attempt RuleID : 15734 - Revision : 6 - Type : PROTOCOL-DNS |
2014-01-10 | Multiple Vendors NTP Daemon Autokey stack buffer overflow attempt RuleID : 15514 - Revision : 11 - Type : SERVER-OTHER |
2014-01-10 | Apache Tomcat WebDAV system tag remote file disclosure attempt RuleID : 12711 - Revision : 6 - Type : SERVER-APACHE |
2019-01-15 | (http_inspect)directorytraversal RuleID : 11 - Revision : 2 - Type : |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2017-04-21 | Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2017-0066.nasl - Type : ACT_GATHER_INFO |
2016-11-30 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_18449f92ab3911e68011005056925db4.nasl - Type : ACT_GATHER_INFO |
2016-03-08 | Name : The remote VMware ESX host is missing a security-related patch. File : vmware_VMSA-2010-0002_remote.nasl - Type : ACT_GATHER_INFO |
2016-03-03 | Name : The remote host is missing a security-related patch. File : vmware_VMSA-2009-0014_remote.nasl - Type : ACT_GATHER_INFO |
2016-03-03 | Name : The remote host is missing a security-related patch. File : vmware_VMSA-2009-0016_remote.nasl - Type : ACT_GATHER_INFO |
2015-04-23 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL16479.nasl - Type : ACT_GATHER_INFO |
2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_python_20130313.nasl - Type : ACT_GATHER_INFO |
2015-01-07 | Name : The remote OracleVM host is missing a security update. File : oraclevm_OVMSA-2015-0001.nasl - Type : ACT_GATHER_INFO |
2015-01-07 | Name : The remote OracleVM host is missing a security update. File : oraclevm_OVMSA-2015-0002.nasl - Type : ACT_GATHER_INFO |
2014-12-15 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL15905.nasl - Type : ACT_GATHER_INFO |
2014-11-26 | Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2009-0004.nasl - Type : ACT_GATHER_INFO |
2014-11-26 | Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2009-0009.nasl - Type : ACT_GATHER_INFO |
2014-11-26 | Name : The remote OracleVM host is missing a security update. File : oraclevm_OVMSA-2009-0011.nasl - Type : ACT_GATHER_INFO |
2014-11-26 | Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2009-0014.nasl - Type : ACT_GATHER_INFO |
2014-11-26 | Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2009-0017.nasl - Type : ACT_GATHER_INFO |
2014-11-26 | Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2009-0018.nasl - Type : ACT_GATHER_INFO |
2014-11-26 | Name : The remote OracleVM host is missing a security update. File : oraclevm_OVMSA-2009-0019.nasl - Type : ACT_GATHER_INFO |
2014-11-26 | Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2009-0023.nasl - Type : ACT_GATHER_INFO |
2014-11-26 | Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2013-0039.nasl - Type : ACT_GATHER_INFO |
2014-11-08 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2012-1537.nasl - Type : ACT_GATHER_INFO |
2014-10-10 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL10366.nasl - Type : ACT_GATHER_INFO |
2014-10-10 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL9110.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-1076.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0042.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0648.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0972.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-0326.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-0331.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-0377.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-0459.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-0473.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2009-1039.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2009-1040.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1106.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1132.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1164.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1176.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1177.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1178.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1179.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1180.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1181.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1193.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1201.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1206.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1209.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1211.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1222.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1223.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1232.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1233.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1438.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1541.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1548.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1550.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1615.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2009-1651.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0580.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-0858.nasl - Type : ACT_GATHER_INFO |
2013-06-29 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2009-1040.nasl - Type : ACT_GATHER_INFO |
2013-06-29 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1541.nasl - Type : ACT_GATHER_INFO |
2013-06-29 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1548.nasl - Type : ACT_GATHER_INFO |
2013-06-29 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1550.nasl - Type : ACT_GATHER_INFO |
2013-05-19 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHNE_42470.nasl - Type : ACT_GATHER_INFO |
2013-03-06 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090813_curl_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2013-02-22 | Name : The remote Unix host contains a runtime environment that is affected by multi... File : sun_java_jre_254569_unix.nasl - Type : ACT_GATHER_INFO |
2013-02-22 | Name : The remote Unix host contains a runtime environment that is affected by multi... File : sun_java_jre_263408_unix.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote AIX host is missing a security patch. File : aix_IZ56311.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote AIX host is missing a security patch. File : aix_IZ56312.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote AIX host is missing a security patch. File : aix_IZ56313.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote AIX host is missing a security patch. File : aix_IZ56314.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote AIX host is missing a security patch. File : aix_IZ56315.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote AIX host is missing a security patch. File : aix_IZ56316.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote AIX host is missing a security patch. File : aix_IZ56317.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote AIX host is missing a security patch. File : aix_IZ56318.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0151.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0213.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0831.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0832.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0833.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0834.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2008-0877.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1077.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1143.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1144.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1145.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1146.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1457.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1466.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1469.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1636.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1637.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1649.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1650.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0079.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20071210_python_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080311_tomcat_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080827_tomcat_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20081119_kernel_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090312_kernel_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090326_java__jdk_1_6_0__on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090401_kernel_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090430_kernel_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090507_kernel_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20090518_ntp_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20090518_ntp_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090616_kernel_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090630_kernel_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090723_tomcat_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090727_python_for_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090728_python_for_SL_3_0_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090728_python_for_SL_4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090730_bind_for_SL_3_0_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090730_bind_for_SL_5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090730_bind_security_for_SL_4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090806_java_1_6_0_openjdk_on_SL5_3.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090808_kernel_for_SL_5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090810_libxml_and_libxml2_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090813_curl_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090813_curl_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090813_kernel_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090824_java__jdk_1_6_0__on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090824_kernel_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090826_gnutls_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090827_kernel_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20091103_kernel_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20091130_xerces_j2_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20091208_ntp_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100802_tomcat5_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110608_xerces_j2_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2012-06-25 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201206-18.nasl - Type : ACT_GATHER_INFO |
2012-06-25 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201206-24.nasl - Type : ACT_GATHER_INFO |
2012-05-17 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kernel-4938.nasl - Type : ACT_GATHER_INFO |
2012-05-17 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kernel-5667.nasl - Type : ACT_GATHER_INFO |
2012-05-17 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kernel-5735.nasl - Type : ACT_GATHER_INFO |
2012-05-17 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kernel-6113.nasl - Type : ACT_GATHER_INFO |
2012-05-17 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kernel-6236.nasl - Type : ACT_GATHER_INFO |
2012-05-17 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kernel-6437.nasl - Type : ACT_GATHER_INFO |
2012-05-17 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kernel-6460.nasl - Type : ACT_GATHER_INFO |
2012-05-17 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kernel-6636.nasl - Type : ACT_GATHER_INFO |
2012-05-17 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kernel-6641.nasl - Type : ACT_GATHER_INFO |
2011-11-11 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_5a7d41100b7a11e1846b00235409fd3e.nasl - Type : ACT_GATHER_INFO |
2011-11-11 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_ce4b3af80b7c11e1846b00235409fd3e.nasl - Type : ACT_GATHER_INFO |
2011-10-12 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201110-05.nasl - Type : ACT_GATHER_INFO |
2011-06-24 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1158-1.nasl - Type : ACT_GATHER_INFO |
2011-06-14 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-108.nasl - Type : ACT_GATHER_INFO |
2011-06-09 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0858.nasl - Type : ACT_GATHER_INFO |
2011-05-28 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2009-210-01.nasl - Type : ACT_GATHER_INFO |
2011-04-23 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1662.nasl - Type : ACT_GATHER_INFO |
2011-03-30 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2207.nasl - Type : ACT_GATHER_INFO |
2011-03-17 | Name : The remote SuSE 11 host is missing a security update. File : suse_11_websphere-as_ce-090619.nasl - Type : ACT_GATHER_INFO |
2011-02-11 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2011-041-02.nasl - Type : ACT_GATHER_INFO |
2011-01-27 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_libicecore-6857.nasl - Type : ACT_GATHER_INFO |
2011-01-27 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_libicecore-6862.nasl - Type : ACT_GATHER_INFO |
2011-01-27 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_libxml-6482.nasl - Type : ACT_GATHER_INFO |
2011-01-21 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_kernel-090708.nasl - Type : ACT_GATHER_INFO |
2010-12-02 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_kernel-100709.nasl - Type : ACT_GATHER_INFO |
2010-12-02 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libpython2_6-1_0-100323.nasl - Type : ACT_GATHER_INFO |
2010-11-01 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-215.nasl - Type : ACT_GATHER_INFO |
2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_4_2-ibm-6523.nasl - Type : ACT_GATHER_INFO |
2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_4_2-ibm-6647.nasl - Type : ACT_GATHER_INFO |
2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kernel-6637.nasl - Type : ACT_GATHER_INFO |
2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_python-6946.nasl - Type : ACT_GATHER_INFO |
2010-09-24 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_kernel-100921.nasl - Type : ACT_GATHER_INFO |
2010-09-22 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201009-07.nasl - Type : ACT_GATHER_INFO |
2010-09-13 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-176.nasl - Type : ACT_GATHER_INFO |
2010-08-27 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12636.nasl - Type : ACT_GATHER_INFO |
2010-08-03 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0580.nasl - Type : ACT_GATHER_INFO |
2010-08-03 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0580.nasl - Type : ACT_GATHER_INFO |
2010-07-30 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-119.nasl - Type : ACT_GATHER_INFO |
2010-07-30 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-148.nasl - Type : ACT_GATHER_INFO |
2010-07-30 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-132.nasl - Type : ACT_GATHER_INFO |
2010-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_kernel-100709.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Apache Tomcat server is affected by multiple vulnerabilities. File : tomcat_5_5_26.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Apache Tomcat server is affected by multiple vulnerabilities. File : tomcat_6_0_16.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Apache Tomcat server is affected by multiple vulnerabilities. File : tomcat_6_0_18.nasl - Type : ACT_GATHER_INFO |
2010-06-28 | Name : The remote VMware ESX host is missing a security-related patch. File : vmware_VMSA-2010-0010.nasl - Type : ACT_GATHER_INFO |
2010-06-22 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12591.nasl - Type : ACT_GATHER_INFO |
2010-06-16 | Name : The remote Apache Tomcat server is affected by multiple vulnerabilities. File : tomcat_4_1_37.nasl - Type : ACT_GATHER_INFO |
2010-06-11 | Name : The remote web server is affected by multiple vulnerabilities. File : tomcat_4_1_39.nasl - Type : ACT_GATHER_INFO |
2010-06-07 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHNE_40339.nasl - Type : ACT_GATHER_INFO |
2010-05-28 | Name : The remote Apache Tomcat server is affected by multiple vulnerabilities. File : tomcat_form_user_enum.nasl - Type : ACT_GATHER_INFO |
2010-05-19 | Name : The remote host has a version of Java that is affected by multiple vulnerabil... File : macosx_java_10_6_update2.nasl - Type : ACT_GATHER_INFO |
2010-05-15 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_libpython2_6-1_0-100328.nasl - Type : ACT_GATHER_INFO |
2010-05-15 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_libpython2_6-1_0-100330.nasl - Type : ACT_GATHER_INFO |
2010-05-15 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_libpython2_6-1_0-100329.nasl - Type : ACT_GATHER_INFO |
2010-05-14 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12600.nasl - Type : ACT_GATHER_INFO |
2010-04-16 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-890-6.nasl - Type : ACT_GATHER_INFO |
2010-04-09 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12585.nasl - Type : ACT_GATHER_INFO |
2010-04-09 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_tomcat6-100216.nasl - Type : ACT_GATHER_INFO |
2010-04-09 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_tomcat6-100211.nasl - Type : ACT_GATHER_INFO |
2010-04-09 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_tomcat6-100210.nasl - Type : ACT_GATHER_INFO |
2010-03-31 | Name : The remote VMware ESX host is missing a security-related patch. File : vmware_VMSA-2010-0002.nasl - Type : ACT_GATHER_INFO |
2010-03-29 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_10_6_3.nasl - Type : ACT_GATHER_INFO |
2010-03-29 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2010-002.nasl - Type : ACT_GATHER_INFO |
2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1844.nasl - Type : ACT_GATHER_INFO |
2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1845.nasl - Type : ACT_GATHER_INFO |
2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1847.nasl - Type : ACT_GATHER_INFO |
2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1859.nasl - Type : ACT_GATHER_INFO |
2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1861.nasl - Type : ACT_GATHER_INFO |
2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1862.nasl - Type : ACT_GATHER_INFO |
2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1864.nasl - Type : ACT_GATHER_INFO |
2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1865.nasl - Type : ACT_GATHER_INFO |
2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1869.nasl - Type : ACT_GATHER_INFO |
2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1872.nasl - Type : ACT_GATHER_INFO |
2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1921.nasl - Type : ACT_GATHER_INFO |
2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1928.nasl - Type : ACT_GATHER_INFO |
2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1935.nasl - Type : ACT_GATHER_INFO |
2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1984.nasl - Type : ACT_GATHER_INFO |
2010-02-23 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_libexpat0-100220.nasl - Type : ACT_GATHER_INFO |
2010-02-23 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_libexpat0-100220.nasl - Type : ACT_GATHER_INFO |
2010-02-23 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_libexpat0-100220.nasl - Type : ACT_GATHER_INFO |
2010-02-19 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-890-5.nasl - Type : ACT_GATHER_INFO |
2010-02-16 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_kernel-100203.nasl - Type : ACT_GATHER_INFO |
2010-02-15 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_gnutls-100208.nasl - Type : ACT_GATHER_INFO |
2010-01-27 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-890-4.nasl - Type : ACT_GATHER_INFO |
2010-01-25 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-890-3.nasl - Type : ACT_GATHER_INFO |
2010-01-22 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-890-2.nasl - Type : ACT_GATHER_INFO |
2010-01-21 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-890-1.nasl - Type : ACT_GATHER_INFO |
2010-01-15 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0043.nasl - Type : ACT_GATHER_INFO |
2010-01-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0261.nasl - Type : ACT_GATHER_INFO |
2010-01-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0264.nasl - Type : ACT_GATHER_INFO |
2010-01-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0524.nasl - Type : ACT_GATHER_INFO |
2010-01-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0525.nasl - Type : ACT_GATHER_INFO |
2010-01-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0629.nasl - Type : ACT_GATHER_INFO |
2010-01-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0630.nasl - Type : ACT_GATHER_INFO |
2010-01-10 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2008-1007.nasl - Type : ACT_GATHER_INFO |
2010-01-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1616.nasl - Type : ACT_GATHER_INFO |
2010-01-10 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2009-1617.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0042.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0648.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-0326.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-0331.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-0377.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-0473.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2009-1039.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1106.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1164.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1176.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1179.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1193.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1201.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1222.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1243.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1438.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1615.nasl - Type : ACT_GATHER_INFO |
2009-12-09 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2009-1651.nasl - Type : ACT_GATHER_INFO |
2009-12-09 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2009-1651.nasl - Type : ACT_GATHER_INFO |
2009-12-07 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-316.nasl - Type : ACT_GATHER_INFO |
2009-12-04 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-308.nasl - Type : ACT_GATHER_INFO |
2009-12-04 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-309.nasl - Type : ACT_GATHER_INFO |
2009-12-01 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1615.nasl - Type : ACT_GATHER_INFO |
2009-11-30 | Name : The remote Fedora host is missing a security update. File : fedora_2009-11352.nasl - Type : ACT_GATHER_INFO |
2009-11-30 | Name : The remote Fedora host is missing a security update. File : fedora_2009-11356.nasl - Type : ACT_GATHER_INFO |
2009-11-30 | Name : The remote Fedora host is missing a security update. File : fedora_2009-11374.nasl - Type : ACT_GATHER_INFO |
2009-11-30 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12531.nasl - Type : ACT_GATHER_INFO |
2009-11-30 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_4_2-ibm-091106.nasl - Type : ACT_GATHER_INFO |
2009-11-30 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_4_2-ibm-6648.nasl - Type : ACT_GATHER_INFO |
2009-11-23 | Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2009-0016.nasl - Type : ACT_GATHER_INFO |
2009-11-18 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200911-02.nasl - Type : ACT_GATHER_INFO |
2009-11-16 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12541.nasl - Type : ACT_GATHER_INFO |
2009-11-13 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1582.nasl - Type : ACT_GATHER_INFO |
2009-11-12 | Name : The remote host contains a web browser that is affected by several vulnerabil... File : macosx_Safari4_0_4.nasl - Type : ACT_GATHER_INFO |
2009-11-12 | Name : The remote host contains a web browser that is affected by several vulnerabil... File : safari_4_0_4.nasl - Type : ACT_GATHER_INFO |
2009-11-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kernel-6632.nasl - Type : ACT_GATHER_INFO |
2009-11-09 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_10_6_2.nasl - Type : ACT_GATHER_INFO |
2009-11-09 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2009-006.nasl - Type : ACT_GATHER_INFO |
2009-11-05 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-ibm-091102.nasl - Type : ACT_GATHER_INFO |
2009-11-04 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1541.nasl - Type : ACT_GATHER_INFO |
2009-11-04 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1548.nasl - Type : ACT_GATHER_INFO |
2009-11-04 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1550.nasl - Type : ACT_GATHER_INFO |
2009-10-28 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-289.nasl - Type : ACT_GATHER_INFO |
2009-10-22 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-852-1.nasl - Type : ACT_GATHER_INFO |
2009-10-19 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2009-290-01.nasl - Type : ACT_GATHER_INFO |
2009-10-19 | Name : The remote VMware ESX host is missing a security-related patch. File : vmware_VMSA-2009-0002.nasl - Type : ACT_GATHER_INFO |
2009-10-19 | Name : The remote VMware ESX host is missing one or more security-related patches. File : vmware_VMSA-2009-0014.nasl - Type : ACT_GATHER_INFO |
2009-10-15 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1505.nasl - Type : ACT_GATHER_INFO |
2009-10-06 | Name : The remote openSUSE host is missing a security update. File : suse_bind-6383.nasl - Type : ACT_GATHER_INFO |
2009-10-06 | Name : The remote openSUSE host is missing a security update. File : suse_curl-6411.nasl - Type : ACT_GATHER_INFO |
2009-10-06 | Name : The remote openSUSE host is missing a security update. File : suse_gnutls-6471.nasl - Type : ACT_GATHER_INFO |
2009-10-06 | Name : The remote openSUSE host is missing a security update. File : suse_java-1_5_0-sun-6396.nasl - Type : ACT_GATHER_INFO |
2009-10-06 | Name : The remote openSUSE host is missing a security update. File : suse_java-1_6_0-sun-6395.nasl - Type : ACT_GATHER_INFO |
2009-10-06 | Name : The remote openSUSE host is missing a security update. File : suse_kernel-6440.nasl - Type : ACT_GATHER_INFO |
2009-10-06 | Name : The remote openSUSE host is missing a security update. File : suse_libcurl2-6404.nasl - Type : ACT_GATHER_INFO |
2009-10-06 | Name : The remote openSUSE host is missing a security update. File : suse_libcurl3-6401.nasl - Type : ACT_GATHER_INFO |
2009-10-06 | Name : The remote openSUSE host is missing a security update. File : suse_libxml-6477.nasl - Type : ACT_GATHER_INFO |
2009-10-06 | Name : The remote openSUSE host is missing a security update. File : suse_libxml2-6405.nasl - Type : ACT_GATHER_INFO |
2009-10-06 | Name : The remote openSUSE host is missing a security update. File : suse_tomcat55-6369.nasl - Type : ACT_GATHER_INFO |
2009-10-06 | Name : The remote openSUSE host is missing a security update. File : suse_xerces-j2-6445.nasl - Type : ACT_GATHER_INFO |
2009-10-05 | Name : The remote Fedora host is missing a security update. File : fedora_2009-10165.nasl - Type : ACT_GATHER_INFO |
2009-10-02 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_4_2-ibm-6508.nasl - Type : ACT_GATHER_INFO |
2009-10-01 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12511.nasl - Type : ACT_GATHER_INFO |
2009-10-01 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_4_2-ibm-090924.nasl - Type : ACT_GATHER_INFO |
2009-09-28 | Name : The remote Fedora host is missing a security update. File : fedora_2009-8565.nasl - Type : ACT_GATHER_INFO |
2009-09-28 | Name : The remote Fedora host is missing a security update. File : fedora_2009-8622.nasl - Type : ACT_GATHER_INFO |
2009-09-28 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200909-20.nasl - Type : ACT_GATHER_INFO |
2009-09-25 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_java-1_6_0-openjdk-090920.nasl - Type : ACT_GATHER_INFO |
2009-09-25 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_java-1_6_0-openjdk-090922.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12046.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12215.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12316.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12415.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12422.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12460.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12462.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12467.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12469.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12487.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12501.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12504.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_bind-090729.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_curl-090807.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_gnutls-090901.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-ibm-090629.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-sun-090327.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-sun-090806.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_kernel-090402.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_kernel-090527.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_kernel-090704.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_kernel-090709.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_kernel-090816.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libxml2-090807.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_ntp-090508.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 11 host is missing a security update. File : suse_11_websphere-as_ce-090620.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_xerces-j2-090820.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_bind-6382.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_compat-curl2-6408.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_curl-6402.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_gnutls-6470.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_5_0-ibm-6253.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kernel-5668.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kernel-6109.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kernel-6237.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kernel-6439.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kernel-6453.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_libxml2-6403.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_python-5837.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_tomcat5-6352.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_websphere-as_ce-5850.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_websphere-as_ce-6312.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_xerces-j2-6449.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_xntp-6232.nasl - Type : ACT_GATHER_INFO |
2009-09-17 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_libxml-090908.nasl - Type : ACT_GATHER_INFO |
2009-09-17 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_libxml-090908.nasl - Type : ACT_GATHER_INFO |
2009-09-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1438.nasl - Type : ACT_GATHER_INFO |
2009-09-15 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-233.nasl - Type : ACT_GATHER_INFO |
2009-09-09 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_gnutls-090901.nasl - Type : ACT_GATHER_INFO |
2009-09-09 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_gnutls-090901.nasl - Type : ACT_GATHER_INFO |
2009-09-03 | Name : The remote host has a version of Java that is affected by multiple vulnerabil... File : macosx_java_10_5_update5.nasl - Type : ACT_GATHER_INFO |
2009-09-02 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1243.nasl - Type : ACT_GATHER_INFO |
2009-08-31 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1233.nasl - Type : ACT_GATHER_INFO |
2009-08-31 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1236.nasl - Type : ACT_GATHER_INFO |
2009-08-31 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_kompozer-090827.nasl - Type : ACT_GATHER_INFO |
2009-08-28 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1233.nasl - Type : ACT_GATHER_INFO |
2009-08-27 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1232.nasl - Type : ACT_GATHER_INFO |
2009-08-27 | Name : The remote Fedora host is missing a security update. File : fedora_2009-9044.nasl - Type : ACT_GATHER_INFO |
2009-08-27 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1232.nasl - Type : ACT_GATHER_INFO |
2009-08-27 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_kernel-090814.nasl - Type : ACT_GATHER_INFO |
2009-08-27 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_xerces-j2-090820.nasl - Type : ACT_GATHER_INFO |
2009-08-27 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_curl-090820.nasl - Type : ACT_GATHER_INFO |
2009-08-27 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_kernel-090816.nasl - Type : ACT_GATHER_INFO |
2009-08-27 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_xerces-j2-090820.nasl - Type : ACT_GATHER_INFO |
2009-08-26 | Name : The remote host contains a web browser that is affected by multiple vulnerabi... File : google_chrome_2_0_172_43.nasl - Type : ACT_GATHER_INFO |
2009-08-25 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1223.nasl - Type : ACT_GATHER_INFO |
2009-08-25 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-218.nasl - Type : ACT_GATHER_INFO |
2009-08-25 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-219.nasl - Type : ACT_GATHER_INFO |
2009-08-25 | Name : The remote Mandriva Linux host is missing a security update. File : mandriva_MDVSA-2009-220.nasl - Type : ACT_GATHER_INFO |
2009-08-25 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1222.nasl - Type : ACT_GATHER_INFO |
2009-08-25 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1223.nasl - Type : ACT_GATHER_INFO |
2009-08-24 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-209.nasl - Type : ACT_GATHER_INFO |
2009-08-24 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-210.nasl - Type : ACT_GATHER_INFO |
2009-08-24 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-211.nasl - Type : ACT_GATHER_INFO |
2009-08-24 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-212.nasl - Type : ACT_GATHER_INFO |
2009-08-24 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-213.nasl - Type : ACT_GATHER_INFO |
2009-08-24 | Name : The remote Mandriva Linux host is missing a security update. File : mandriva_MDVSA-2009-214.nasl - Type : ACT_GATHER_INFO |
2009-08-24 | Name : The remote Mandriva Linux host is missing a security update. File : mandriva_MDVSA-2009-215.nasl - Type : ACT_GATHER_INFO |
2009-08-24 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-217.nasl - Type : ACT_GATHER_INFO |
2009-08-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-0392.nasl - Type : ACT_GATHER_INFO |
2009-08-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-0394.nasl - Type : ACT_GATHER_INFO |
2009-08-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1038.nasl - Type : ACT_GATHER_INFO |
2009-08-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1198.nasl - Type : ACT_GATHER_INFO |
2009-08-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1199.nasl - Type : ACT_GATHER_INFO |
2009-08-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1200.nasl - Type : ACT_GATHER_INFO |
2009-08-20 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2009-230-01.nasl - Type : ACT_GATHER_INFO |
2009-08-20 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_856a6f848b3011de806200e0815b8da8.nasl - Type : ACT_GATHER_INFO |
2009-08-20 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-205.nasl - Type : ACT_GATHER_INFO |
2009-08-20 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_curl-090807.nasl - Type : ACT_GATHER_INFO |
2009-08-20 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_curl-090613.nasl - Type : ACT_GATHER_INFO |
2009-08-20 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-809-1.nasl - Type : ACT_GATHER_INFO |
2009-08-20 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-818-1.nasl - Type : ACT_GATHER_INFO |
2009-08-20 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-819-1.nasl - Type : ACT_GATHER_INFO |
2009-08-18 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2009-226-01.nasl - Type : ACT_GATHER_INFO |
2009-08-18 | Name : The remote Fedora host is missing a security update. File : fedora_2009-8580.nasl - Type : ACT_GATHER_INFO |
2009-08-18 | Name : The remote Fedora host is missing a security update. File : fedora_2009-8582.nasl - Type : ACT_GATHER_INFO |
2009-08-18 | Name : The remote Fedora host is missing a security update. File : fedora_2009-8594.nasl - Type : ACT_GATHER_INFO |
2009-08-18 | Name : The remote Fedora host is missing a security update. File : fedora_2009-8647.nasl - Type : ACT_GATHER_INFO |
2009-08-18 | Name : The remote Fedora host is missing a security update. File : fedora_2009-8649.nasl - Type : ACT_GATHER_INFO |
2009-08-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1209.nasl - Type : ACT_GATHER_INFO |
2009-08-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1211.nasl - Type : ACT_GATHER_INFO |
2009-08-17 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1209.nasl - Type : ACT_GATHER_INFO |
2009-08-17 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-203.nasl - Type : ACT_GATHER_INFO |
2009-08-13 | Name : The remote host is missing a Mac OS X update that fixes a denial of service i... File : macosx_SecUpd2009-004.nasl - Type : ACT_GATHER_INFO |
2009-08-13 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-200.nasl - Type : ACT_GATHER_INFO |
2009-08-12 | Name : The remote Fedora host is missing a security update. File : fedora_2009-8491.nasl - Type : ACT_GATHER_INFO |
2009-08-12 | Name : The remote Fedora host is missing a security update. File : fedora_2009-8498.nasl - Type : ACT_GATHER_INFO |
2009-08-12 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_libxml2-090807.nasl - Type : ACT_GATHER_INFO |
2009-08-12 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_libxml2-090807.nasl - Type : ACT_GATHER_INFO |
2009-08-12 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-815-1.nasl - Type : ACT_GATHER_INFO |
2009-08-11 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1206.nasl - Type : ACT_GATHER_INFO |
2009-08-11 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1206.nasl - Type : ACT_GATHER_INFO |
2009-08-11 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-814-1.nasl - Type : ACT_GATHER_INFO |
2009-08-10 | Name : The remote Fedora host is missing a security update. File : fedora_2009-8337.nasl - Type : ACT_GATHER_INFO |
2009-08-10 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_java-1_5_0-sun-090806.nasl - Type : ACT_GATHER_INFO |
2009-08-10 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_java-1_6_0-sun-090806.nasl - Type : ACT_GATHER_INFO |
2009-08-10 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_java-1_5_0-sun-090806.nasl - Type : ACT_GATHER_INFO |
2009-08-10 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_java-1_6_0-sun-090806.nasl - Type : ACT_GATHER_INFO |
2009-08-07 | Name : The remote Fedora host is missing a security update. File : fedora_2009-8329.nasl - Type : ACT_GATHER_INFO |
2009-08-07 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1201.nasl - Type : ACT_GATHER_INFO |
2009-08-05 | Name : The remote Fedora host is missing a security update. File : fedora_2009-8144.nasl - Type : ACT_GATHER_INFO |
2009-08-05 | Name : The remote Fedora host is missing a security update. File : fedora_2009-8264.nasl - Type : ACT_GATHER_INFO |
2009-08-05 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1193.nasl - Type : ACT_GATHER_INFO |
2009-08-05 | Name : The remote Windows host contains a runtime environment that is affected by mu... File : sun_java_jre_263408.nasl - Type : ACT_GATHER_INFO |
2009-08-03 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_83725c917c7e11de967200e0815b8da8.nasl - Type : ACT_GATHER_INFO |
2009-08-03 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200908-02.nasl - Type : ACT_GATHER_INFO |
2009-07-31 | Name : The remote name server may be affected by a denial of service vulnerability. File : bind9_dyn_update_DoS.nasl - Type : ACT_DENIAL |
2009-07-31 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1180.nasl - Type : ACT_GATHER_INFO |
2009-07-31 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_bind-090729.nasl - Type : ACT_GATHER_INFO |
2009-07-31 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_bind-090729.nasl - Type : ACT_GATHER_INFO |
2009-07-30 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1181.nasl - Type : ACT_GATHER_INFO |
2009-07-30 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2009-8119.nasl - Type : ACT_GATHER_INFO |
2009-07-30 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-181.nasl - Type : ACT_GATHER_INFO |
2009-07-30 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1179.nasl - Type : ACT_GATHER_INFO |
2009-07-30 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1180.nasl - Type : ACT_GATHER_INFO |
2009-07-30 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1181.nasl - Type : ACT_GATHER_INFO |
2009-07-29 | Name : The remote name server may be affected by a denial of service vulnerability. File : bind9_dos3.nasl - Type : ACT_GATHER_INFO |
2009-07-29 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-807-1.nasl - Type : ACT_GATHER_INFO |
2009-07-29 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-808-1.nasl - Type : ACT_GATHER_INFO |
2009-07-28 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1178.nasl - Type : ACT_GATHER_INFO |
2009-07-28 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1176.nasl - Type : ACT_GATHER_INFO |
2009-07-28 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1177.nasl - Type : ACT_GATHER_INFO |
2009-07-28 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1178.nasl - Type : ACT_GATHER_INFO |
2009-07-27 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHNE_39871.nasl - Type : ACT_GATHER_INFO |
2009-07-27 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHNE_39872.nasl - Type : ACT_GATHER_INFO |
2009-07-27 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHNE_39873.nasl - Type : ACT_GATHER_INFO |
2009-07-27 | Name : The remote VMware ESX host is missing one or more security-related patches. File : vmware_VMSA-2008-0003.nasl - Type : ACT_GATHER_INFO |
2009-07-27 | Name : The remote VMware ESX host is missing a security-related patch. File : vmware_VMSA-2008-0010.nasl - Type : ACT_GATHER_INFO |
2009-07-24 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_kernel-090709.nasl - Type : ACT_GATHER_INFO |
2009-07-24 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-806-1.nasl - Type : ACT_GATHER_INFO |
2009-07-22 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1164.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_java-1_5_0-sun-090327.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_java-1_6_0-sun-090327.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_kernel-081022.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_kernel-090114.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_kernel-090602.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_ntp-090508.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_python-080801.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_python-081201.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_tomcat6-080702.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_tomcat6-090613.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_java-1_5_0-sun-090328.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_java-1_6_0-sun-090328.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_kernel-090225.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_kernel-090401.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_kernel-090527.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_ntp-090508.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_tomcat6-090613.nasl - Type : ACT_GATHER_INFO |
2009-07-20 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200907-16.nasl - Type : ACT_GATHER_INFO |
2009-07-09 | Name : The remote host has a version of Java that is affected by multiple vulnerabil... File : macosx_java_rel9.nasl - Type : ACT_GATHER_INFO |
2009-07-02 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-793-1.nasl - Type : ACT_GATHER_INFO |
2009-07-01 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1132.nasl - Type : ACT_GATHER_INFO |
2009-06-25 | Name : The remote Fedora host is missing a security update. File : fedora_2009-6768.nasl - Type : ACT_GATHER_INFO |
2009-06-25 | Name : The remote Fedora host is missing a security update. File : fedora_2009-6846.nasl - Type : ACT_GATHER_INFO |
2009-06-25 | Name : The remote Fedora host is missing a security update. File : fedora_2009-6883.nasl - Type : ACT_GATHER_INFO |
2009-06-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-136.nasl - Type : ACT_GATHER_INFO |
2009-06-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-138.nasl - Type : ACT_GATHER_INFO |
2009-06-22 | Name : The web server running on the remote host is affected by an information discl... File : tomcat_xml_parser.nasl - Type : ACT_GATHER_INFO |
2009-06-21 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-137.nasl - Type : ACT_GATHER_INFO |
2009-06-18 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-135.nasl - Type : ACT_GATHER_INFO |
2009-06-18 | Name : The remote web server is affected by a directory traversal vulnerability. File : tomcat_requestdispatcher_dir_traversal.nasl - Type : ACT_GATHER_INFO |
2009-06-17 | Name : The remote host has a version of Java that is affected by multiple vulnerabil... File : macosx_java_10_5_update4.nasl - Type : ACT_GATHER_INFO |
2009-06-17 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1106.nasl - Type : ACT_GATHER_INFO |
2009-06-16 | Name : The remote Fedora host is missing a security update. File : fedora_2009-5674.nasl - Type : ACT_GATHER_INFO |
2009-06-16 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-788-1.nasl - Type : ACT_GATHER_INFO |
2009-06-09 | Name : The remote openSUSE host is missing a security update. File : suse_kernel-6274.nasl - Type : ACT_GATHER_INFO |
2009-06-04 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2009-154-01.nasl - Type : ACT_GATHER_INFO |
2009-06-03 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1809.nasl - Type : ACT_GATHER_INFO |
2009-06-01 | Name : The remote Fedora host is missing a security update. File : fedora_2009-5273.nasl - Type : ACT_GATHER_INFO |
2009-06-01 | Name : The remote Fedora host is missing a security update. File : fedora_2009-5275.nasl - Type : ACT_GATHER_INFO |
2009-05-28 | Name : The remote Fedora host is missing a security update. File : fedora_2009-5383.nasl - Type : ACT_GATHER_INFO |
2009-05-27 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200905-08.nasl - Type : ACT_GATHER_INFO |
2009-05-26 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-0459.nasl - Type : ACT_GATHER_INFO |
2009-05-26 | Name : The remote Fedora host is missing a security update. File : fedora_2009-5356.nasl - Type : ACT_GATHER_INFO |
2009-05-26 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_4175c811f690489887c5755b3cf1bac6.nasl - Type : ACT_GATHER_INFO |
2009-05-20 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1801.nasl - Type : ACT_GATHER_INFO |
2009-05-20 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-117.nasl - Type : ACT_GATHER_INFO |
2009-05-20 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-118.nasl - Type : ACT_GATHER_INFO |
2009-05-20 | Name : The remote NTP server is affected by a remote code execution vulnerability. File : ntpd_autokey_overflow.nasl - Type : ACT_GATHER_INFO |
2009-05-20 | Name : The remote openSUSE host is missing a security update. File : suse_xntp-6231.nasl - Type : ACT_GATHER_INFO |
2009-05-20 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-777-1.nasl - Type : ACT_GATHER_INFO |
2009-05-19 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1024.nasl - Type : ACT_GATHER_INFO |
2009-05-19 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2009-1039.nasl - Type : ACT_GATHER_INFO |
2009-05-19 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2009-1040.nasl - Type : ACT_GATHER_INFO |
2009-05-18 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1800.nasl - Type : ACT_GATHER_INFO |
2009-05-13 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_10_5_7.nasl - Type : ACT_GATHER_INFO |
2009-05-13 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2009-002.nasl - Type : ACT_GATHER_INFO |
2009-05-11 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1794.nasl - Type : ACT_GATHER_INFO |
2009-05-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-0473.nasl - Type : ACT_GATHER_INFO |
2009-05-04 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1787.nasl - Type : ACT_GATHER_INFO |
2009-05-01 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-0459.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0972.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-241.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-013.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-085.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-112.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-163.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-188.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-224.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-003.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-018.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-071.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-092.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-662-1.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-714-1.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-715-1.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-748-1.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-751-1.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-752-1.nasl - Type : ACT_GATHER_INFO |
2009-04-13 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1769.nasl - Type : ACT_GATHER_INFO |
2009-04-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-0377.nasl - Type : ACT_GATHER_INFO |
2009-04-01 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-0326.nasl - Type : ACT_GATHER_INFO |
2009-04-01 | Name : The remote openSUSE host is missing a security update. File : suse_java-1_5_0-sun-6125.nasl - Type : ACT_GATHER_INFO |
2009-04-01 | Name : The remote openSUSE host is missing a security update. File : suse_java-1_6_0-sun-6128.nasl - Type : ACT_GATHER_INFO |
2009-03-27 | Name : The remote Windows host contains a runtime environment that is affected by mu... File : sun_java_jre_254569.nasl - Type : ACT_GATHER_INFO |
2009-03-23 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1749.nasl - Type : ACT_GATHER_INFO |
2009-03-13 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-0331.nasl - Type : ACT_GATHER_INFO |
2009-03-09 | Name : The remote web server contains a JSP application that is affected by a cross-... File : tomcat_sample_cal2_xss2.nasl - Type : ACT_ATTACK |
2009-02-13 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2009-001.nasl - Type : ACT_GATHER_INFO |
2009-01-19 | Name : The remote host is missing Sun Security Patch number 128640-30 File : solaris10_128640.nasl - Type : ACT_GATHER_INFO |
2009-01-19 | Name : The remote host is missing Sun Security Patch number 128641-30 File : solaris10_x86_128641.nasl - Type : ACT_GATHER_INFO |
2009-01-19 | Name : The remote host is missing Sun Security Patch number 128640-30 File : solaris9_128640.nasl - Type : ACT_GATHER_INFO |
2009-01-19 | Name : The remote host is missing Sun Security Patch number 128641-30 File : solaris9_x86_128641.nasl - Type : ACT_GATHER_INFO |
2009-01-11 | Name : The remote openSUSE host is missing a security update. File : suse_python-5848.nasl - Type : ACT_GATHER_INFO |
2008-12-16 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1687.nasl - Type : ACT_GATHER_INFO |
2008-12-05 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1681.nasl - Type : ACT_GATHER_INFO |
2008-12-03 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kernel-5734.nasl - Type : ACT_GATHER_INFO |
2008-11-21 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1667.nasl - Type : ACT_GATHER_INFO |
2008-11-21 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0972.nasl - Type : ACT_GATHER_INFO |
2008-11-12 | Name : The remote openSUSE host is missing a security update. File : suse_kernel-5751.nasl - Type : ACT_GATHER_INFO |
2008-10-21 | Name : The remote openSUSE host is missing a security update. File : suse_kernel-5700.nasl - Type : ACT_GATHER_INFO |
2008-10-10 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2008-007.nasl - Type : ACT_GATHER_INFO |
2008-09-17 | Name : The remote Fedora host is missing a security update. File : fedora_2008-8113.nasl - Type : ACT_GATHER_INFO |
2008-09-17 | Name : The remote Fedora host is missing a security update. File : fedora_2008-8130.nasl - Type : ACT_GATHER_INFO |
2008-09-12 | Name : The remote Fedora host is missing a security update. File : fedora_2008-7977.nasl - Type : ACT_GATHER_INFO |
2008-09-11 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_0dccaa287f3c11dd8de50030843d3802.nasl - Type : ACT_GATHER_INFO |
2008-08-28 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0648.nasl - Type : ACT_GATHER_INFO |
2008-08-17 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_python-5490.nasl - Type : ACT_GATHER_INFO |
2008-08-17 | Name : The remote openSUSE host is missing a security update. File : suse_python-5491.nasl - Type : ACT_GATHER_INFO |
2008-08-05 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2008-217-01.nasl - Type : ACT_GATHER_INFO |
2008-08-04 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-632-1.nasl - Type : ACT_GATHER_INFO |
2008-08-01 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200807-16.nasl - Type : ACT_GATHER_INFO |
2008-07-28 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1620.nasl - Type : ACT_GATHER_INFO |
2008-07-08 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200807-01.nasl - Type : ACT_GATHER_INFO |
2008-07-08 | Name : The remote openSUSE host is missing a security update. File : suse_tomcat55-5385.nasl - Type : ACT_GATHER_INFO |
2008-07-01 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_10_5_4.nasl - Type : ACT_GATHER_INFO |
2008-07-01 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2008-004.nasl - Type : ACT_GATHER_INFO |
2008-06-16 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1593.nasl - Type : ACT_GATHER_INFO |
2008-04-28 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_ec41c3e2129c11ddbab70016179b2dd5.nasl - Type : ACT_GATHER_INFO |
2008-04-22 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1551.nasl - Type : ACT_GATHER_INFO |
2008-04-17 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200804-10.nasl - Type : ACT_GATHER_INFO |
2008-03-13 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0042.nasl - Type : ACT_GATHER_INFO |
2008-03-13 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-585-1.nasl - Type : ACT_GATHER_INFO |
2008-03-04 | Name : The remote openSUSE host is missing a security update. File : suse_apache2-mod_jk-4997.nasl - Type : ACT_GATHER_INFO |
2008-02-14 | Name : The remote Fedora host is missing a security update. File : fedora_2008-1467.nasl - Type : ACT_GATHER_INFO |
2008-02-14 | Name : The remote Fedora host is missing a security update. File : fedora_2008-1603.nasl - Type : ACT_GATHER_INFO |
2008-02-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kernel-4935.nasl - Type : ACT_GATHER_INFO |
2008-02-11 | Name : The remote openSUSE host is missing a security update. File : suse_kernel-4970.nasl - Type : ACT_GATHER_INFO |
2008-02-05 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-574-1.nasl - Type : ACT_GATHER_INFO |
2008-02-01 | Name : The remote openSUSE host is missing a security update. File : suse_kernel-4929.nasl - Type : ACT_GATHER_INFO |
2008-02-01 | Name : The remote openSUSE host is missing a security update. File : suse_kernel-4941.nasl - Type : ACT_GATHER_INFO |
2008-02-01 | Name : The remote openSUSE host is missing a security update. File : suse_kernel-4943.nasl - Type : ACT_GATHER_INFO |
2008-02-01 | Name : The remote openSUSE host is missing a security update. File : suse_python-4900.nasl - Type : ACT_GATHER_INFO |
2008-02-01 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_python-4902.nasl - Type : ACT_GATHER_INFO |
2008-01-08 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1453.nasl - Type : ACT_GATHER_INFO |
2008-01-07 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1447.nasl - Type : ACT_GATHER_INFO |
2007-12-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1436.nasl - Type : ACT_GATHER_INFO |
2007-12-18 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2007-009.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_python-3750.nasl - Type : ACT_GATHER_INFO |
2007-12-11 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-1076.nasl - Type : ACT_GATHER_INFO |
2007-12-11 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-1076.nasl - Type : ACT_GATHER_INFO |
2007-12-11 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-1077.nasl - Type : ACT_GATHER_INFO |
2007-11-20 | Name : The remote Fedora host is missing a security update. File : fedora_2007-3456.nasl - Type : ACT_GATHER_INFO |
2007-11-20 | Name : The remote Fedora host is missing a security update. File : fedora_2007-3474.nasl - Type : ACT_GATHER_INFO |
2007-11-08 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200711-07.nasl - Type : ACT_GATHER_INFO |
2007-11-06 | Name : The remote Fedora host is missing a security update. File : fedora_2007-2663.nasl - Type : ACT_GATHER_INFO |
2007-10-18 | Name : The remote host is missing Sun Security Patch number 124672-20 File : solaris8_124672.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote host is missing Sun Security Patch number 124672-20 File : solaris10_124672.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote host is missing Sun Security Patch number 124673-20 File : solaris10_x86_124673.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote host is missing Sun Security Patch number 124672-20 File : solaris9_124672.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote host is missing Sun Security Patch number 114265-23 File : solaris9_x86_114265.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote host is missing Sun Security Patch number 124673-20 File : solaris9_x86_124673.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_python-3478.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_python-3749.nasl - Type : ACT_GATHER_INFO |
2007-10-12 | Name : The remote host is missing Sun Security Patch number 125136-97 File : solaris10_125136.nasl - Type : ACT_GATHER_INFO |
2007-10-12 | Name : The remote host is missing Sun Security Patch number 125137-97 File : solaris10_125137.nasl - Type : ACT_GATHER_INFO |
2007-10-12 | Name : The remote host is missing Sun Security Patch number 125139-97 File : solaris10_x86_125139.nasl - Type : ACT_GATHER_INFO |
2007-10-12 | Name : The remote host is missing Sun Security Patch number 125136-97 File : solaris8_125136.nasl - Type : ACT_GATHER_INFO |
2007-10-12 | Name : The remote host is missing Sun Security Patch number 125137-97 File : solaris8_125137.nasl - Type : ACT_GATHER_INFO |
2007-10-12 | Name : The remote host is missing Sun Security Patch number 125139-97 File : solaris8_x86_125139.nasl - Type : ACT_GATHER_INFO |
2007-10-12 | Name : The remote host is missing Sun Security Patch number 125136-97 File : solaris9_125136.nasl - Type : ACT_GATHER_INFO |
2007-10-12 | Name : The remote host is missing Sun Security Patch number 125137-97 File : solaris9_125137.nasl - Type : ACT_GATHER_INFO |
2007-10-12 | Name : The remote host is missing Sun Security Patch number 125139-97 File : solaris9_x86_125139.nasl - Type : ACT_GATHER_INFO |
2007-09-25 | Name : The remote host is missing Sun Security Patch number 112837-24 File : solaris9_112837.nasl - Type : ACT_GATHER_INFO |
2007-06-18 | Name : The remote host is missing Sun Security Patch number 119783-40 File : solaris10_119783.nasl - Type : ACT_GATHER_INFO |
2007-06-18 | Name : The remote host is missing Sun Security Patch number 119784-40 File : solaris10_x86_119784.nasl - Type : ACT_GATHER_INFO |
2007-05-10 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-099.nasl - Type : ACT_GATHER_INFO |
2006-11-06 | Name : The remote host is missing Sun Security Patch number 119166-43 File : solaris10_119166.nasl - Type : ACT_GATHER_INFO |
2006-11-06 | Name : The remote host is missing Sun Security Patch number 119167-43 File : solaris10_x86_119167.nasl - Type : ACT_GATHER_INFO |
2006-11-06 | Name : The remote host is missing Sun Security Patch number 119166-43 File : solaris8_119166.nasl - Type : ACT_GATHER_INFO |
2006-11-06 | Name : The remote host is missing Sun Security Patch number 119166-43 File : solaris9_119166.nasl - Type : ACT_GATHER_INFO |
2006-11-06 | Name : The remote host is missing Sun Security Patch number 119167-43 File : solaris9_x86_119167.nasl - Type : ACT_GATHER_INFO |
2005-09-06 | Name : The remote host is missing Sun Security Patch number 118669-86 File : solaris10_x86_118669.nasl - Type : ACT_GATHER_INFO |
2005-09-06 | Name : The remote host is missing Sun Security Patch number 118669-86 File : solaris8_x86_118669.nasl - Type : ACT_GATHER_INFO |
2005-09-06 | Name : The remote host is missing Sun Security Patch number 118669-86 File : solaris9_x86_118669.nasl - Type : ACT_GATHER_INFO |
2005-08-18 | Name : The remote host is missing Sun Security Patch number 118667-86 File : solaris10_118667.nasl - Type : ACT_GATHER_INFO |
2005-08-18 | Name : The remote host is missing Sun Security Patch number 118667-86 File : solaris8_118667.nasl - Type : ACT_GATHER_INFO |
2005-08-18 | Name : The remote host is missing Sun Security Patch number 118667-86 File : solaris9_118667.nasl - Type : ACT_GATHER_INFO |
2004-07-12 | Name : The remote host is missing Sun Security Patch number 109326-24 File : solaris8_109326.nasl - Type : ACT_GATHER_INFO |
2004-07-12 | Name : The remote host is missing Sun Security Patch number 109327-24 File : solaris8_x86_109327.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2016-03-04 13:26:25 |
|
2014-02-17 12:07:14 |
|