Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title VMware vCenter update release addresses multiple security issues in Java JRE
Informations
Name VMSA-2010-0002 First vendor Publication 2010-01-29
Vendor VMware Last vendor Modification 2010-05-27
Severity (Vendor) N/A Revision 1

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

a. Java JRE Security Update

JRE update to version 1.5.0_22, which addresses multiple security issues that existed in earlier releases of JRE.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.5.0_18: CVE-2009-1093, CVE-2009-1094, CVE-2009-1095, CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100, CVE-2009-1101, CVE-2009-1102, CVE-2009-1103, CVE-2009-1104, CVE-2009-1105, CVE-2009-1106, and CVE-2009-1107.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.5.0_20: CVE-2009-2625, CVE-2009-2670, CVE-2009-2671, CVE-2009-2672, CVE-2009-2673, CVE-2009-2675, CVE-2009-2676, CVE-2009-2716, CVE-2009-2718, CVE-2009-2719, CVE-2009-2720, CVE-2009-2721, CVE-2009-2722, CVE-2009-2723, CVE-2009-2724.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.5.0_22: CVE-2009-3728, CVE-2009-3729, CVE-2009-3864, CVE-2009-3865, CVE-2009-3866, CVE-2009-3867, CVE-2009-3868, CVE-2009-3869, CVE-2009-3871, CVE-2009-3872, CVE-2009-3873, CVE-2009-3874, CVE-2009-3875, CVE-2009-3876, CVE-2009-3877, CVE-2009-3879, CVE-2009-3880, CVE-2009-3881, CVE-2009-3882, CVE-2009-3883, CVE-2009-3884, CVE-2009-3886, CVE-2009-3885.

Original Source

Url : http://www.vmware.com/security/advisories/VMSA-2010-0002.html

CWE : Common Weakness Enumeration

% Id Name
28 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
22 % CWE-264 Permissions, Privileges, and Access Controls
9 % CWE-200 Information Exposure
9 % CWE-189 Numeric Errors (CWE/SANS Top 25)
6 % CWE-399 Resource Management Errors
6 % CWE-94 Failure to Control Generation of Code ('Code Injection')
6 % CWE-16 Configuration
3 % CWE-362 Race Condition
3 % CWE-310 Cryptographic Issues
3 % CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25)
3 % CWE-20 Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10124
 
Oval ID: oval:org.mitre.oval:def:10124
Title: Integer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers.
Description: Integer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers.
Family: unix Class: vulnerability
Reference(s): CVE-2009-1095
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10152
 
Oval ID: oval:org.mitre.oval:def:10152
Title: Unspecified vulnerability in the lightweight HTTP server implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to cause a denial of service (probably resource consumption) for a JAX-WS service endpoint via a connection without any data, which triggers a file descriptor "leak."
Description: Unspecified vulnerability in the lightweight HTTP server implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to cause a denial of service (probably resource consumption) for a JAX-WS service endpoint via a connection without any data, which triggers a file descriptor "leak."
Family: unix Class: vulnerability
Reference(s): CVE-2009-1101
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10191
 
Oval ID: oval:org.mitre.oval:def:10191
Title: Multiple unspecified vulnerabilities in the Windows Pluggable Look and Feel (PLF) feature in the Swing implementation in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, have unknown impact and remote attack vectors, related to "information leaks in mutable variables," aka Bug Id 6657138.
Description: Multiple unspecified vulnerabilities in the Windows Pluggable Look and Feel (PL&F) feature in the Swing implementation in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, have unknown impact and remote attack vectors, related to "information leaks in mutable variables," aka Bug Id 6657138.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3883
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10263
 
Oval ID: oval:org.mitre.oval:def:10263
Title: The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to bypass intended access restrictions and connect to arbitrary sites via unspecified vectors, related to a declaration that lacks the final keyword.
Description: The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to bypass intended access restrictions and connect to arbitrary sites via unspecified vectors, related to a declaration that lacks the final keyword.
Family: unix Class: vulnerability
Reference(s): CVE-2009-2673
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10300
 
Oval ID: oval:org.mitre.oval:def:10300
Title: Unspecified vulnerability in the Virtual Machine in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to "code generation."
Description: Unspecified vulnerability in the Virtual Machine in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to "code generation."
Family: unix Class: vulnerability
Reference(s): CVE-2009-1102
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10328
 
Oval ID: oval:org.mitre.oval:def:10328
Title: Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consumption) via crafted DER encoded data, which is not properly decoded by the ASN.1 DER input stream parser, aka Bug Id 6864911.
Description: Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consumption) via crafted DER encoded data, which is not properly decoded by the ASN.1 DER input stream parser, aka Bug Id 6864911.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3876
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10469
 
Oval ID: oval:org.mitre.oval:def:10469
Title: Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consumption) via crafted HTTP headers, which are not properly parsed by the ASN.1 DER input stream parser, aka Bug Id 6864911.
Description: Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consumption) via crafted HTTP headers, which are not properly parsed by the ASN.1 DER input stream parser, aka Bug Id 6864911.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3877
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10520
 
Oval ID: oval:org.mitre.oval:def:10520
Title: Directory traversal vulnerability in the ICC_Profile.getInstance method in Java Runtime Environment (JRE) in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, allows remote attackers to determine the existence of local International Color Consortium (ICC) profile files via a .. (dot dot) in a pathname, aka Bug Id 6631533.
Description: Directory traversal vulnerability in the ICC_Profile.getInstance method in Java Runtime Environment (JRE) in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, allows remote attackers to determine the existence of local International Color Consortium (ICC) profile files via a .. (dot dot) in a pathname, aka Bug Id 6631533.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3728
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10741
 
Oval ID: oval:org.mitre.oval:def:10741
Title: Stack-based buffer overflow in the setDiffICM function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via a crafted argument, aka Bug Id 6872357.
Description: Stack-based buffer overflow in the setDiffICM function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via a crafted argument, aka Bug Id 6872357.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3869
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10761
 
Oval ID: oval:org.mitre.oval:def:10761
Title: The Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, does not properly restrict the objects that may be sent to loggers, which allows attackers to obtain sensitive information via vectors related to the implementation of Component, KeyboardFocusManager, and DefaultKeyboardFocusManager, aka Bug Id 6664512.
Description: The Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, does not properly restrict the objects that may be sent to loggers, which allows attackers to obtain sensitive information via vectors related to the implementation of Component, KeyboardFocusManager, and DefaultKeyboardFocusManager, aka Bug Id 6664512.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3880
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10840
 
Oval ID: oval:org.mitre.oval:def:10840
Title: Integer overflow in the unpack200 utility in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows context-dependent attackers to gain privileges via unspecified length fields in the header of a Pack200-compressed JAR file, which leads to a heap-based buffer overflow during decompression.
Description: Integer overflow in the unpack200 utility in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows context-dependent attackers to gain privileges via unspecified length fields in the header of a Pack200-compressed JAR file, which leads to a heap-based buffer overflow during decompression.
Family: unix Class: vulnerability
Reference(s): CVE-2009-2675
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11064
 
Oval ID: oval:org.mitre.oval:def:11064
Title: Unspecified vulnerability in the LDAP implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier allows remote LDAP servers to execute arbitrary code via unknown vectors related to serialized data.
Description: Unspecified vulnerability in the LDAP implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier allows remote LDAP servers to execute arbitrary code via unknown vectors related to serialized data.
Family: unix Class: vulnerability
Reference(s): CVE-2009-1094
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11115
 
Oval ID: oval:org.mitre.oval:def:11115
Title: The SOCKS proxy implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to discover the username of the account that invoked an untrusted (1) applet or (2) Java Web Start application via unspecified vectors.
Description: The SOCKS proxy implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to discover the username of the account that invoked an untrusted (1) applet or (2) Java Web Start application via unspecified vectors.
Family: unix Class: vulnerability
Reference(s): CVE-2009-2671
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11241
 
Oval ID: oval:org.mitre.oval:def:11241
Title: Multiple buffer overflows in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allow remote attackers to access files or execute arbitrary code via (1) a crafted PNG image that triggers an integer overflow during memory allocation for display on the splash screen, aka CR 6804996; and (2) a crafted GIF image from which unspecified values are used in calculation of offsets, leading to object-pointer corruption, aka CR 6804997.
Description: Multiple buffer overflows in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allow remote attackers to access files or execute arbitrary code via (1) a crafted PNG image that triggers an integer overflow during memory allocation for display on the splash screen, aka CR 6804996; and (2) a crafted GIF image from which unspecified values are used in calculation of offsets, leading to object-pointer corruption, aka CR 6804997.
Family: unix Class: vulnerability
Reference(s): CVE-2009-1097
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11262
 
Oval ID: oval:org.mitre.oval:def:11262
Title: HP-UX Running Java, Remote Increase in Privilege, Denial of Service and Other Vulnerabilities
Description: Stack-based buffer overflow in the setDiffICM function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via a crafted argument, aka Bug Id 6872357.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3869
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11326
 
Oval ID: oval:org.mitre.oval:def:11326
Title: The audio system in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to java.lang.System properties by (1) untrusted applets and (2) Java Web Start applications, which allows context-dependent attackers to obtain sensitive information by reading these properties.
Description: The audio system in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to java.lang.System properties by (1) untrusted applets and (2) Java Web Start applications, which allows context-dependent attackers to obtain sensitive information by reading these properties.
Family: unix Class: vulnerability
Reference(s): CVE-2009-2670
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11343
 
Oval ID: oval:org.mitre.oval:def:11343
Title: LdapCtx in the LDAP service in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier does not close the connection when initialization fails, which allows remote attackers to cause a denial of service (LDAP service hang).
Description: LdapCtx in the LDAP service in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier does not close the connection when initialization fails, which allows remote attackers to cause a denial of service (LDAP service hang).
Family: unix Class: vulnerability
Reference(s): CVE-2009-1093
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11484
 
Oval ID: oval:org.mitre.oval:def:11484
Title: Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, does not prevent the existence of children of a resurrected ClassLoader, which allows remote attackers to gain privileges via unspecified vectors, related to an "information leak vulnerability," aka Bug Id 6636650.
Description: Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, does not prevent the existence of children of a resurrected ClassLoader, which allows remote attackers to gain privileges via unspecified vectors, related to an "information leak vulnerability," aka Bug Id 6636650.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3881
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11566
 
Oval ID: oval:org.mitre.oval:def:11566
Title: Integer overflow in the JPEGImageReader implementation in the ImageI/O component in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via large subsample dimensions in a JPEG file that triggers a heap-based buffer overflow, aka Bug Id 6874643.
Description: Integer overflow in the JPEGImageReader implementation in the ImageI/O component in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via large subsample dimensions in a JPEG file that triggers a heap-based buffer overflow, aka Bug Id 6874643.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3874
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11686
 
Oval ID: oval:org.mitre.oval:def:11686
Title: The TimeZone.getTimeZone method in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, allows remote attackers to determine the existence of local files via vectors related to handling of zoneinfo (aka tz) files, aka Bug Id 6824265.
Description: The TimeZone.getTimeZone method in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, allows remote attackers to determine the existence of local files via vectors related to handling of zoneinfo (aka tz) files, aka Bug Id 6824265.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3884
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11715
 
Oval ID: oval:org.mitre.oval:def:11715
Title: HP-UX Running Java, Remote Increase in Privilege, Denial of Service and Other Vulnerabilities
Description: Unspecified vulnerability in the JPEG JFIF Decoder in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to gain privileges via a crafted image file, aka Bug Id 6862969.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3872
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11746
 
Oval ID: oval:org.mitre.oval:def:11746
Title: HP-UX Running Java, Remote Increase in Privilege, Denial of Service and Other Vulnerabilities
Description: The JPEG Image Writer in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to gain privileges via a crafted image file, related to a "quantization problem," aka Bug Id 6862968.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3873
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11834
 
Oval ID: oval:org.mitre.oval:def:11834
Title: HP-UX Running Java, Remote Increase in Privilege, Denial of Service and Other Vulnerabilities
Description: Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 does not properly parse color profiles, which allows remote attackers to gain privileges via a crafted image file, aka Bug Id 6862970.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3868
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11847
 
Oval ID: oval:org.mitre.oval:def:11847
Title: The MessageDigest.isEqual function in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to spoof HMAC-based digital signatures, and possibly bypass authentication, via unspecified vectors related to "timing attack vulnerabilities," aka Bug Id 6863503.
Description: The MessageDigest.isEqual function in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to spoof HMAC-based digital signatures, and possibly bypass authentication, via unspecified vectors related to "timing attack vulnerabilities," aka Bug Id 6863503.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3875
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11903
 
Oval ID: oval:org.mitre.oval:def:11903
Title: HP-UX Running Java, Remote Increase in Privilege, Denial of Service and Other Vulnerabilities
Description: Stack-based buffer overflow in the HsbParser.getSoundBank function in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via a long file: URL in an argument, aka Bug Id 6854303.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3867
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11934
 
Oval ID: oval:org.mitre.oval:def:11934
Title: HP-UX Running Java, Remote Increase in Privilege, Denial of Service and Other Vulnerabilities
Description: Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consumption) via crafted DER encoded data, which is not properly decoded by the ASN.1 DER input stream parser, aka Bug Id 6864911.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3876
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12057
 
Oval ID: oval:org.mitre.oval:def:12057
Title: HP-UX Running Java, Remote Increase in Privilege, Denial of Service and Other Vulnerabilities
Description: Integer overflow in the JPEGImageReader implementation in the ImageI/O component in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via large subsample dimensions in a JPEG file that triggers a heap-based buffer overflow, aka Bug Id 6874643.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3874
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12112
 
Oval ID: oval:org.mitre.oval:def:12112
Title: HP-UX Running Java, Remote Increase in Privilege, Denial of Service and Other Vulnerabilities
Description: The MessageDigest.isEqual function in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to spoof HMAC-based digital signatures, and possibly bypass authentication, via unspecified vectors related to "timing attack vulnerabilities," aka Bug Id 6863503.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3875
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12134
 
Oval ID: oval:org.mitre.oval:def:12134
Title: HP-UX Running Java, Remote Increase in Privilege, Denial of Service and Other Vulnerabilities
Description: Heap-based buffer overflow in the setBytePixels function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via crafted arguments, aka Bug Id 6872358.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3871
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12232
 
Oval ID: oval:org.mitre.oval:def:12232
Title: HP-UX Running Java, Remote Increase in Privilege, Denial of Service and Other Vulnerabilities
Description: Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consumption) via crafted HTTP headers, which are not properly parsed by the ASN.1 DER input stream parser, aka Bug Id 6864911.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3877
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13310
 
Oval ID: oval:org.mitre.oval:def:13310
Title: USN-748-1 -- openjdk-6 vulnerabilities
Description: It was discovered that font creation could leak temporary files. If a user were tricked into loading a malicious program or applet, a remote attacker could consume disk space, leading to a denial of service. It was discovered that the lightweight HttpServer did not correctly close files on dataless connections. A remote attacker could send specially crafted requests, leading to a denial of service. Certain 64bit Java actions would crash an application. A local attacker might be able to cause a denial of service. It was discovered that LDAP connections did not close correctly. A remote attacker could send specially crafted requests, leading to a denial of service. Java LDAP routines did not unserialize certain data correctly. A remote attacker could send specially crafted requests that could lead to arbitrary code execution. Java did not correctly check certain JAR headers. If a user or automated system were tricked into processing a malicious JAR file, a remote attacker could crash the application, leading to a denial of service. It was discovered that PNG and GIF decoding in Java could lead to memory corruption. If a user or automated system were tricked into processing a specially crafted image, a remote attacker could crash the application, leading to a denial of service
Family: unix Class: patch
Reference(s): USN-748-1
CVE-2006-2426
CVE-2009-1100
CVE-2009-1101
CVE-2009-1102
CVE-2009-1093
CVE-2009-1094
CVE-2009-1095
CVE-2009-1096
CVE-2009-1097
CVE-2009-1098
Version: 5
Platform(s): Ubuntu 8.10
Product(s): openjdk-6
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13468
 
Oval ID: oval:org.mitre.oval:def:13468
Title: DSA-1921-1 expat -- denial of service
Description: Peter Valchev discovered an error in expat, an XML parsing C library, when parsing certain UTF-8 sequences, which can be exploited to crash an application using the library. For the old stable distribution, this problem has been fixed in version 1.95.8-3.4+etch1. For the stable distribution, this problem has been fixed in version 2.0.1-4+lenny1. For the testing distribution and the unstable distribution, this problem will be fixed soon. We recommend that you upgrade your expat packages.
Family: unix Class: patch
Reference(s): DSA-1921-1
CVE-2009-2625
Version: 5
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
Product(s): expat
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13469
 
Oval ID: oval:org.mitre.oval:def:13469
Title: DSA-1769-1 openjdk-6 -- several
Description: Several vulnerabilities have been identified in OpenJDK, an implementation of the Java SE platform. Creation of large, temporary fonts could use up available disk space, leading to a denial of service condition. Several vulnerabilities existed in the embedded LittleCMS library, exploitable through crafted images: a memory leak, resulting in a denial of service condition, heap-based buffer overflows, potentially allowing arbitrary code execution, and a null-pointer dereference, leading to denial of service. The LDAP server implementation did not properly close sockets if an error was encountered, leading to a denial-of-service condition. The LDAP client implementation allowed malicious LDAP servers to execute arbitrary code on the client. The HTTP server implementation contained an unspecified denial of service vulnerability. Several issues in Java Web Start have been addressed. The Debian packages currently do not support Java Web Start, so these issues are not directly exploitable, but the relevant code has been updated nevertheless. For the stable distribution, these problems have been fixed in version 9.1+lenny2. We recommend that you upgrade your openjdk-6 packages.
Family: unix Class: patch
Reference(s): DSA-1769-1
CVE-2006-2426
CVE-2009-0581
CVE-2009-0723
CVE-2009-0733
CVE-2009-0793
CVE-2009-1093
CVE-2009-1094
CVE-2009-1095
CVE-2009-1096
CVE-2009-1097
CVE-2009-1098
CVE-2009-1101
Version: 5
Platform(s): Debian GNU/Linux 5.0
Product(s): openjdk-6
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13907
 
Oval ID: oval:org.mitre.oval:def:13907
Title: USN-859-1 -- openjdk-6 vulnerabilities
Description: Dan Kaminsky discovered that SSL certificates signed with MD2 could be spoofed given enough time. As a result, an attacker could potentially create a malicious trusted certificate to impersonate another site. This update handles this issue by completely disabling MD2 for certificate validation in OpenJDK. It was discovered that ICC profiles could be identified with ".." pathnames. If a user were tricked into running a specially crafted applet, a remote attacker could gain information about a local system. Peter Vreugdenhil discovered multiple flaws in the processing of graphics in the AWT library. If a user were tricked into running a specially crafted applet, a remote attacker could crash the application or run arbitrary code with user privileges. Multiple flaws were discovered in JPEG and BMP image handling. If a user were tricked into loading a specially crafted image, a remote attacker could crash the application or run arbitrary code with user privileges. Coda Hale discovered that HMAC-based signatures were not correctly validated. Remote attackers could bypass certain forms of authentication, granting unexpected access. Multiple flaws were discovered in ASN.1 parsing. A remote attacker could send a specially crafted HTTP stream that would exhaust system memory and lead to a denial of service. It was discovered that the graphics configuration subsystem did not correctly handle arrays. If a user were tricked into running a specially crafted applet, a remote attacker could exploit this to crash the application or execute arbitrary code with user privileges. It was discovered that loggers and Swing did not correctly handle certain sensitive objects. If a user were tricked into running a specially crafted applet, private information could be leaked to a remote attacker, leading to a loss of privacy. It was discovered that the ClassLoader did not correctly handle certain options. If a user were tricked into running a specially crafted applet, a remote attacker could execute arbitrary code with user privileges. It was discovered that time zone file loading could be used to determine the existence of files on the local system. If a user were tricked into running a specially crafted applet, private information could be leaked to a remote attacker, leading to a loss of privacy
Family: unix Class: patch
Reference(s): USN-859-1
CVE-2009-2409
CVE-2009-3728
CVE-2009-3869
CVE-2009-3871
CVE-2009-3873
CVE-2009-3874
CVE-2009-3885
CVE-2009-3875
CVE-2009-3876
CVE-2009-3877
CVE-2009-3879
CVE-2009-3880
CVE-2009-3882
CVE-2009-3883
CVE-2009-3881
CVE-2009-3884
Version: 5
Platform(s): Ubuntu 8.10
Ubuntu 9.10
Ubuntu 9.04
Product(s): openjdk-6
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19769
 
Oval ID: oval:org.mitre.oval:def:19769
Title: DSA-1984-1 libxerces2-java - denial of service
Description: It was discovered that libxerces2-java, a validating XML parser for Java, does not properly process malformed XML files. This vulnerability could allow an attacker to cause a denial of service while parsing a malformed XML file.
Family: unix Class: patch
Reference(s): DSA-1984-1
CVE-2009-2625
Version: 5
Platform(s): Debian GNU/Linux 4.0
Debian GNU/Linux 5.0
Product(s): libxerces2-java
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21833
 
Oval ID: oval:org.mitre.oval:def:21833
Title: ELSA-2009:0392: java-1.6.0-sun security update (Critical)
Description: The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier, and 5.0 Update 17 and earlier, allows remote attackers to trick a user into trusting a signed applet via unknown vectors that misrepresent the security warning dialog, related to a "Swing JLabel HTML parsing vulnerability," aka CR 6782871.
Family: unix Class: patch
Reference(s): ELSA-2009:0392-01
CVE-2006-2426
CVE-2009-1093
CVE-2009-1094
CVE-2009-1095
CVE-2009-1096
CVE-2009-1097
CVE-2009-1098
CVE-2009-1099
CVE-2009-1100
CVE-2009-1101
CVE-2009-1102
CVE-2009-1103
CVE-2009-1104
CVE-2009-1105
CVE-2009-1106
CVE-2009-1107
Version: 69
Platform(s): Oracle Linux 5
Product(s): java-1.6.0-sun
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21986
 
Oval ID: oval:org.mitre.oval:def:21986
Title: RHSA-2011:0858: xerces-j2 security update (Moderate)
Description: XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
Family: unix Class: patch
Reference(s): RHSA-2011:0858-01
CVE-2009-2625
Version: 4
Platform(s): Red Hat Enterprise Linux 6
Product(s): xerces-j2
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22032
 
Oval ID: oval:org.mitre.oval:def:22032
Title: ELSA-2009:1571: java-1.5.0-sun security update (Critical)
Description: The TimeZone.getTimeZone method in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, allows remote attackers to determine the existence of local files via vectors related to handling of zoneinfo (aka tz) files, aka Bug Id 6824265.
Family: unix Class: patch
Reference(s): ELSA-2009:1571-01
CVE-2009-2409
CVE-2009-3728
CVE-2009-3867
CVE-2009-3868
CVE-2009-3869
CVE-2009-3871
CVE-2009-3873
CVE-2009-3874
CVE-2009-3875
CVE-2009-3876
CVE-2009-3877
CVE-2009-3879
CVE-2009-3880
CVE-2009-3881
CVE-2009-3882
CVE-2009-3883
CVE-2009-3884
Version: 73
Platform(s): Oracle Linux 5
Product(s): java-1.5.0-sun
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22708
 
Oval ID: oval:org.mitre.oval:def:22708
Title: ELSA-2009:0394: java-1.5.0-sun security update (Critical)
Description: The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier, and 5.0 Update 17 and earlier, allows remote attackers to trick a user into trusting a signed applet via unknown vectors that misrepresent the security warning dialog, related to a "Swing JLabel HTML parsing vulnerability," aka CR 6782871.
Family: unix Class: patch
Reference(s): ELSA-2009:0394-01
CVE-2006-2426
CVE-2009-1093
CVE-2009-1094
CVE-2009-1095
CVE-2009-1096
CVE-2009-1098
CVE-2009-1099
CVE-2009-1100
CVE-2009-1103
CVE-2009-1104
CVE-2009-1107
Version: 49
Platform(s): Oracle Linux 5
Product(s): java-1.5.0-sun
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22710
 
Oval ID: oval:org.mitre.oval:def:22710
Title: ELSA-2009:1236: java-1.5.0-ibm security update (Critical)
Description: Integer overflow in the unpack200 utility in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows context-dependent attackers to gain privileges via unspecified length fields in the header of a Pack200-compressed JAR file, which leads to a heap-based buffer overflow during decompression.
Family: unix Class: patch
Reference(s): ELSA-2009:1236-01
CVE-2009-2625
CVE-2009-2670
CVE-2009-2671
CVE-2009-2672
CVE-2009-2673
CVE-2009-2675
Version: 29
Platform(s): Oracle Linux 5
Product(s): java-1.5.0-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22718
 
Oval ID: oval:org.mitre.oval:def:22718
Title: ELSA-2009:0377: java-1.6.0-openjdk security update (Important)
Description: Unspecified vulnerability in the Virtual Machine in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to "code generation."
Family: unix Class: patch
Reference(s): ELSA-2009:0377-01
CVE-2006-2426
CVE-2009-0581
CVE-2009-0723
CVE-2009-0733
CVE-2009-0793
CVE-2009-1093
CVE-2009-1094
CVE-2009-1095
CVE-2009-1096
CVE-2009-1097
CVE-2009-1098
CVE-2009-1101
CVE-2009-1102
Version: 57
Platform(s): Oracle Linux 5
Product(s): java-1.6.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22725
 
Oval ID: oval:org.mitre.oval:def:22725
Title: ELSA-2009:1038: java-1.5.0-ibm security update (Critical)
Description: The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier, and 5.0 Update 17 and earlier, allows remote attackers to trick a user into trusting a signed applet via unknown vectors that misrepresent the security warning dialog, related to a "Swing JLabel HTML parsing vulnerability," aka CR 6782871.
Family: unix Class: patch
Reference(s): ELSA-2009:1038-01
CVE-2009-1093
CVE-2009-1094
CVE-2009-1095
CVE-2009-1096
CVE-2009-1097
CVE-2009-1098
CVE-2009-1099
CVE-2009-1100
CVE-2009-1101
CVE-2009-1103
CVE-2009-1104
CVE-2009-1105
CVE-2009-1106
CVE-2009-1107
Version: 61
Platform(s): Oracle Linux 5
Product(s): java-1.5.0-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22842
 
Oval ID: oval:org.mitre.oval:def:22842
Title: ELSA-2009:1647: java-1.5.0-ibm security update (Critical)
Description: Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consumption) via crafted HTTP headers, which are not properly parsed by the ASN.1 DER input stream parser, aka Bug Id 6864911.
Family: unix Class: patch
Reference(s): ELSA-2009:1647-01
CVE-2009-3867
CVE-2009-3868
CVE-2009-3869
CVE-2009-3871
CVE-2009-3872
CVE-2009-3873
CVE-2009-3874
CVE-2009-3875
CVE-2009-3876
CVE-2009-3877
Version: 45
Platform(s): Oracle Linux 5
Product(s): java-1.5.0-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22856
 
Oval ID: oval:org.mitre.oval:def:22856
Title: ELSA-2009:1200: java-1.6.0-sun security update (Critical)
Description: Unspecified vulnerability in the javax.swing.plaf.synth.SynthContext.isSubregion method in the Swing implementation in Sun Java SE 6 before Update 15 allows context-dependent attackers to cause a denial of service (NullPointerException in the Jemmy library) via unknown vectors.
Family: unix Class: patch
Reference(s): ELSA-2009:1200-01
CVE-2009-0217
CVE-2009-2475
CVE-2009-2476
CVE-2009-2625
CVE-2009-2670
CVE-2009-2671
CVE-2009-2672
CVE-2009-2673
CVE-2009-2674
CVE-2009-2675
CVE-2009-2676
CVE-2009-2690
CVE-2009-2716
CVE-2009-2718
CVE-2009-2719
CVE-2009-2720
Version: 69
Platform(s): Oracle Linux 5
Product(s): java-1.6.0-sun
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22876
 
Oval ID: oval:org.mitre.oval:def:22876
Title: ELSA-2009:1198: java-1.6.0-ibm security update (Critical)
Description: The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier, and 5.0 Update 17 and earlier, allows remote attackers to trick a user into trusting a signed applet via unknown vectors that misrepresent the security warning dialog, related to a "Swing JLabel HTML parsing vulnerability," aka CR 6782871.
Family: unix Class: patch
Reference(s): ELSA-2009:1198-02
CVE-2009-1093
CVE-2009-1094
CVE-2009-1095
CVE-2009-1096
CVE-2009-1097
CVE-2009-1098
CVE-2009-1099
CVE-2009-1100
CVE-2009-1101
CVE-2009-1103
CVE-2009-1104
CVE-2009-1105
CVE-2009-1106
CVE-2009-1107
Version: 61
Platform(s): Oracle Linux 5
Product(s): java-1.6.0-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22878
 
Oval ID: oval:org.mitre.oval:def:22878
Title: ELSA-2009:1199: java-1.5.0-sun security update (Critical)
Description: Race condition in the java.lang package in Sun Java SE 5.0 before Update 20 has unknown impact and attack vectors, related to a "3Y Race condition in reflection checks."
Family: unix Class: patch
Reference(s): ELSA-2009:1199-01
CVE-2009-2475
CVE-2009-2625
CVE-2009-2670
CVE-2009-2671
CVE-2009-2672
CVE-2009-2673
CVE-2009-2675
CVE-2009-2676
CVE-2009-2689
CVE-2009-2720
CVE-2009-2721
CVE-2009-2722
CVE-2009-2723
CVE-2009-2724
Version: 61
Platform(s): Oracle Linux 5
Product(s): java-1.5.0-sun
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22907
 
Oval ID: oval:org.mitre.oval:def:22907
Title: ELSA-2009:1694: java-1.6.0-ibm security update (Critical)
Description: Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consumption) via crafted HTTP headers, which are not properly parsed by the ASN.1 DER input stream parser, aka Bug Id 6864911.
Family: unix Class: patch
Reference(s): ELSA-2009:1694-01
CVE-2009-0217
CVE-2009-3555
CVE-2009-3865
CVE-2009-3866
CVE-2009-3867
CVE-2009-3868
CVE-2009-3869
CVE-2009-3871
CVE-2009-3872
CVE-2009-3873
CVE-2009-3874
CVE-2009-3875
CVE-2009-3876
CVE-2009-3877
Version: 61
Platform(s): Oracle Linux 5
Product(s): java-1.6.0-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22921
 
Oval ID: oval:org.mitre.oval:def:22921
Title: ELSA-2009:1505: java-1.4.2-ibm security update (Moderate)
Description: XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
Family: unix Class: patch
Reference(s): ELSA-2009:1505-01
CVE-2008-5349
CVE-2009-2625
Version: 13
Platform(s): Oracle Linux 5
Product(s): java-1.4.2-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22949
 
Oval ID: oval:org.mitre.oval:def:22949
Title: ELSA-2009:1560: java-1.6.0-sun security update (Critical)
Description: The Java Web Start implementation in Sun Java SE 6 before Update 17 does not properly handle the interaction between a signed JAR file and a JNLP (1) application or (2) applet, which has unspecified impact and attack vectors, related to a "regression," aka Bug Id 6870531.
Family: unix Class: patch
Reference(s): ELSA-2009:1560-01
CVE-2009-2409
CVE-2009-3728
CVE-2009-3729
CVE-2009-3865
CVE-2009-3866
CVE-2009-3867
CVE-2009-3868
CVE-2009-3869
CVE-2009-3871
CVE-2009-3872
CVE-2009-3873
CVE-2009-3874
CVE-2009-3875
CVE-2009-3876
CVE-2009-3877
CVE-2009-3879
CVE-2009-3880
CVE-2009-3881
CVE-2009-3882
CVE-2009-3883
CVE-2009-3884
CVE-2009-3886
Version: 93
Platform(s): Oracle Linux 5
Product(s): java-1.6.0-sun
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22972
 
Oval ID: oval:org.mitre.oval:def:22972
Title: ELSA-2009:1643: java-1.4.2-ibm security update (Critical)
Description: Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consumption) via crafted HTTP headers, which are not properly parsed by the ASN.1 DER input stream parser, aka Bug Id 6864911.
Family: unix Class: patch
Reference(s): ELSA-2009:1643-01
CVE-2009-3867
CVE-2009-3868
CVE-2009-3869
CVE-2009-3871
CVE-2009-3872
CVE-2009-3873
CVE-2009-3874
CVE-2009-3875
CVE-2009-3876
CVE-2009-3877
Version: 45
Platform(s): Oracle Linux 5
Product(s): java-1.4.2-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22974
 
Oval ID: oval:org.mitre.oval:def:22974
Title: ELSA-2009:1582: java-1.6.0-ibm security update (Critical)
Description: Unspecified vulnerability in JNLPAppletlauncher in Sun Java SE, and SE for Business, in JDK and JRE 6 Update 14 and earlier and JDK and JRE 5.0 Update 19 and earlier; and Java SE for Business in SDK and JRE 1.4.2_21 and earlier; allows remote attackers to create or modify arbitrary files via vectors involving an untrusted Java applet that accesses an old version of JNLPAppletLauncher.
Family: unix Class: patch
Reference(s): ELSA-2009:1582-01
CVE-2009-2625
CVE-2009-2670
CVE-2009-2671
CVE-2009-2672
CVE-2009-2673
CVE-2009-2674
CVE-2009-2675
CVE-2009-2676
Version: 37
Platform(s): Oracle Linux 5
Product(s): java-1.6.0-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22979
 
Oval ID: oval:org.mitre.oval:def:22979
Title: ELSA-2009:1584: java-1.6.0-openjdk security update (Important)
Description: The TimeZone.getTimeZone method in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, allows remote attackers to determine the existence of local files via vectors related to handling of zoneinfo (aka tz) files, aka Bug Id 6824265.
Family: unix Class: patch
Reference(s): ELSA-2009:1584-01
CVE-2009-2409
CVE-2009-3728
CVE-2009-3869
CVE-2009-3871
CVE-2009-3873
CVE-2009-3874
CVE-2009-3875
CVE-2009-3876
CVE-2009-3877
CVE-2009-3879
CVE-2009-3880
CVE-2009-3881
CVE-2009-3882
CVE-2009-3883
CVE-2009-3884
Version: 65
Platform(s): Oracle Linux 5
Product(s): java-1.6.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23026
 
Oval ID: oval:org.mitre.oval:def:23026
Title: ELSA-2009:1615: xerces-j2 security update (Moderate)
Description: XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
Family: unix Class: patch
Reference(s): ELSA-2009:1615-01
CVE-2009-2625
Version: 6
Platform(s): Oracle Linux 5
Product(s): xerces-j2
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23701
 
Oval ID: oval:org.mitre.oval:def:23701
Title: ELSA-2011:0858: xerces-j2 security update (Moderate)
Description: XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
Family: unix Class: patch
Reference(s): ELSA-2011:0858-01
CVE-2009-2625
Version: 6
Platform(s): Oracle Linux 6
Product(s): xerces-j2
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27576
 
Oval ID: oval:org.mitre.oval:def:27576
Title: DEPRECATED: ELSA-2011-0858 -- xerces-j2 security update (moderate)
Description: [0:2.7.1-12.6] - Add xerces-j2-CVE-2009-2625.patch - Resolves: rhbz#690931 CVE-2009-2625
Family: unix Class: patch
Reference(s): ELSA-2011-0858
CVE-2009-2625
Version: 4
Platform(s): Oracle Linux 6
Product(s): xerces-j2
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28898
 
Oval ID: oval:org.mitre.oval:def:28898
Title: RHSA-2009:1584 -- java-1.6.0-openjdk security update (Important)
Description: Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. The Java Runtime Environment (JRE) contains the software and tools that users need to run applications written using the Java programming language.
Family: unix Class: patch
Reference(s): RHSA-2009:1584
CESA-2009:1584-CentOS 5
CVE-2009-2409
CVE-2009-3728
CVE-2009-3869
CVE-2009-3871
CVE-2009-3873
CVE-2009-3874
CVE-2009-3875
CVE-2009-3876
CVE-2009-3877
CVE-2009-3879
CVE-2009-3880
CVE-2009-3881
CVE-2009-3882
CVE-2009-3883
CVE-2009-3884
Version: 3
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): java-1.6.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29047
 
Oval ID: oval:org.mitre.oval:def:29047
Title: RHSA-2009:1615 -- xerces-j2 security update (Moderate)
Description: Updated xerces-j2 packages that fix a security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The xerces-j2 packages provide the Apache Xerces2 Java Parser, a high-performance XML parser. A Document Type Definition (DTD) defines the legal syntax (and also which elements can be used) for certain types of files, such as XML files.
Family: unix Class: patch
Reference(s): RHSA-2009:1615
CESA-2009:1615-CentOS 5
CVE-2009-2625
Version: 3
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): xerces-j2
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29277
 
Oval ID: oval:org.mitre.oval:def:29277
Title: RHSA-2009:0377 -- java-1.6.0-openjdk security update (Important)
Description: Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. The Java Runtime Environment (JRE) contains the software and tools that users need to run applications written using the Java programming language.
Family: unix Class: patch
Reference(s): RHSA-2009:0377
CESA-2009:0377-CentOS 5
CVE-2006-2426
CVE-2009-0581
CVE-2009-0723
CVE-2009-0733
CVE-2009-0793
CVE-2009-1093
CVE-2009-1094
CVE-2009-1095
CVE-2009-1096
CVE-2009-1097
CVE-2009-1098
CVE-2009-1101
CVE-2009-1102
Version: 3
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): java-1.6.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5726
 
Oval ID: oval:org.mitre.oval:def:5726
Title: Integer signedness error in Java SE Development Kit (JDK) and Java Runtime Environment (JRE)
Description: Integer signedness error in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via crafted glyph descriptions in a Type1 font, which bypasses a signed comparison and triggers a buffer overflow.
Family: unix Class: vulnerability
Reference(s): CVE-2009-1099
Version: 3
Platform(s): VMWare ESX Server 3.5
VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6008
 
Oval ID: oval:org.mitre.oval:def:6008
Title: Buffer Overflow Vulnerabilities in the Java Runtime Environment (JRE) with Processing Image Files and Fonts may Allow Privileges to be Escalated
Description: Buffer overflow in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files or execute arbitrary code via a crafted GIF image, aka CR 6804998.
Family: unix Class: vulnerability
Reference(s): CVE-2009-1098
Version: 3
Platform(s): VMWare ESX Server 3.5
VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6224
 
Oval ID: oval:org.mitre.oval:def:6224
Title: Java Runtime Environment (JRE) Flaws in Storing and Processing Temporary Font Files Let Remote Users Deny Service
Description: Multiple unspecified vulnerabilities in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allow remote attackers to cause a denial of service (disk consumption) via vectors related to temporary font files and (1) "limits on Font creation," aka CR 6522586, and (2) another unspecified vector, aka CR 6632886.
Family: unix Class: vulnerability
Reference(s): CVE-2009-1100
Version: 3
Platform(s): VMWare ESX Server 3.5
VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6288
 
Oval ID: oval:org.mitre.oval:def:6288
Title: Java Runtime Environment (JRE) Buffer Overflow in Processing Image Files and Fonts Lets Remote Users Gain Privileges on the Target System
Description: Multiple buffer overflows in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allow remote attackers to access files or execute arbitrary code via (1) a crafted PNG image that triggers an integer overflow during memory allocation for display on the splash screen, aka CR 6804996; and (2) a crafted GIF image from which unspecified values are used in calculation of offsets, leading to object-pointer corruption, aka CR 6804997.
Family: unix Class: vulnerability
Reference(s): CVE-2009-1097
Version: 3
Platform(s): VMWare ESX Server 3.5
VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6412
 
Oval ID: oval:org.mitre.oval:def:6412
Title: Java Runtime Environment (JRE) HTTP Server Bug Lets Remote Users Deny Service
Description: Unspecified vulnerability in the lightweight HTTP server implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to cause a denial of service (probably resource consumption) for a JAX-WS service endpoint via a connection without any data, which triggers a file descriptor "leak."
Family: unix Class: vulnerability
Reference(s): CVE-2009-1101
Version: 3
Platform(s): VMWare ESX Server 3.5
VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6542
 
Oval ID: oval:org.mitre.oval:def:6542
Title: Java Plug-in Bugs Lets Remote Users Gain Privileges
Description: Unspecified vulnerability in the Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to "deserializing applets," aka CR 6646860.
Family: unix Class: vulnerability
Reference(s): CVE-2009-1103
Version: 3
Platform(s): VMWare ESX Server 3.5
VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6584
 
Oval ID: oval:org.mitre.oval:def:6584
Title: Sun Java Runtime Environment Java Plug-in Javascript code unauthorized access
Description: The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; and 1.4.2_19 and earlier does not prevent Javascript that is loaded from the localhost from connecting to other ports on the system, which allows user-assisted attackers to bypass intended access restrictions via LiveConnect, aka CR 6724331. NOTE: this vulnerability can be leveraged with separate cross-site scripting (XSS) vulnerabilities for remote attack vectors.
Family: unix Class: vulnerability
Reference(s): CVE-2009-1104
Version: 3
Platform(s): VMWare ESX Server 3.5
VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6585
 
Oval ID: oval:org.mitre.oval:def:6585
Title: Sun Java Runtime Environment Java Plug-in signed applet unauthorized access
Description: The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier, and 5.0 Update 17 and earlier, allows remote attackers to trick a user into trusting a signed applet via unknown vectors that misrepresent the security warning dialog, related to a "Swing JLabel HTML parsing vulnerability," aka CR 6782871.
Family: unix Class: vulnerability
Reference(s): CVE-2009-1107
Version: 3
Platform(s): VMWare ESX Server 3.5
VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6598
 
Oval ID: oval:org.mitre.oval:def:6598
Title: Sun Java Runtime Environment and Java Development Kit Multiple Security Vulnerabilities
Description: Unspecified vulnerability in the LDAP implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier allows remote LDAP servers to execute arbitrary code via unknown vectors related to serialized data.
Family: unix Class: vulnerability
Reference(s): CVE-2009-1094
Version: 3
Platform(s): VMWare ESX Server 3.5
VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6619
 
Oval ID: oval:org.mitre.oval:def:6619
Title: Sun Java Runtime Environment Java Plug-in crossdomain.xml information disclosure
Description: The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12, 11, and 10 does not properly parse crossdomain.xml files, which allows remote attackers to bypass intended access restrictions and connect to arbitrary sites via unknown vectors, aka CR 6798948.
Family: unix Class: vulnerability
Reference(s): CVE-2009-1106
Version: 3
Platform(s): VMWare ESX Server 3.5
VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6635
 
Oval ID: oval:org.mitre.oval:def:6635
Title: Sun Java Privilege Escalation in the Java Web Start Installer
Description: The Java Web Start Installer in Sun Java SE in JDK and JRE 6 before Update 17 does not properly use security model permissions when removing installer extensions, which allows remote attackers to execute arbitrary code by modifying a certain JNLP file to have a URL field that points to an unintended trusted application, aka Bug Id 6872824.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3866
Version: 5
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6642
 
Oval ID: oval:org.mitre.oval:def:6642
Title: Sun Java Runtime Environment Java Plug-in weak security
Description: The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12, 11, and 10 allows user-assisted remote attackers to cause a trusted applet to run in an older JRE version, which can be used to exploit vulnerabilities in that older version, aka CR 6706490.
Family: unix Class: vulnerability
Reference(s): CVE-2009-1105
Version: 3
Platform(s): VMWare ESX Server 3.5
VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6643
 
Oval ID: oval:org.mitre.oval:def:6643
Title: Java Runtime Environment Buffer Overflows in unpack200 Utility Lets Remote Users Execute Arbitrary Code
Description: Integer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers.
Family: unix Class: vulnerability
Reference(s): CVE-2009-1095
Version: 3
Platform(s): VMWare ESX Server 3.5
VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6657
 
Oval ID: oval:org.mitre.oval:def:6657
Title: OpenJDK ICC_Profile File Existence Detection Information Leak
Description: Directory traversal vulnerability in the ICC_Profile.getInstance method in Java Runtime Environment (JRE) in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, allows remote attackers to determine the existence of local International Color Consortium (ICC) profile files via a .. (dot dot) in a pathname, aka Bug Id 6631533.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3728
Version: 5
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6659
 
Oval ID: oval:org.mitre.oval:def:6659
Title: Integer and Buffer Overflow Vulnerabilities in the Java Runtime Environment (JRE) "unpack200" JAR Unpacking Utility May Lead to Escalation of Privileges
Description: Buffer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers.
Family: unix Class: vulnerability
Reference(s): CVE-2009-1096
Version: 3
Platform(s): VMWare ESX Server 3.5
VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6676
 
Oval ID: oval:org.mitre.oval:def:6676
Title: Java Runtime Environment LDAP Implementation Bugs Lets Remote Users Deny Service and Execute Arbitrary Code
Description: LdapCtx in the LDAP service in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier does not close the connection when initialization fails, which allows remote attackers to cause a denial of service (LDAP service hang).
Family: unix Class: vulnerability
Reference(s): CVE-2009-1093
Version: 3
Platform(s): VMWare ESX Server 3.5
VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6698
 
Oval ID: oval:org.mitre.oval:def:6698
Title: OpenJDK JRE AWT setBytePixels Heap Overflow Vulnerability
Description: Heap-based buffer overflow in the setBytePixels function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via crafted arguments, aka Bug Id 6872358.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3871
Version: 5
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6722
 
Oval ID: oval:org.mitre.oval:def:6722
Title: Java Runtime Environment (JRE) Virtual Machine Lets Remote Users Read/Write Files and Execute Local Applications
Description: Unspecified vulnerability in the Virtual Machine in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to "code generation."
Family: unix Class: vulnerability
Reference(s): CVE-2009-1102
Version: 3
Platform(s): VMWare ESX Server 3.5
VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6746
 
Oval ID: oval:org.mitre.oval:def:6746
Title: Sun Java Stack-based Buffer Overflow via a Long File: URL Argument
Description: Stack-based buffer overflow in the HsbParser.getSoundBank function in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via a long file: URL in an argument, aka Bug Id 6854303.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3867
Version: 5
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6753
 
Oval ID: oval:org.mitre.oval:def:6753
Title: Sun Java Updates Availability Notification System Failure
Description: The Java Update functionality in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22 and JDK and JRE 6 before Update 17, when a non-English version of Windows is used, does not retrieve available new JRE versions, which allows remote attackers to leverage vulnerabilities in older releases of this software, aka Bug Id 6869694.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3864
Version: 5
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6786
 
Oval ID: oval:org.mitre.oval:def:6786
Title: Sun Java Privilege Escalation via Crafted Image File Due Improper Color Profiles Parsing
Description: Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 does not properly parse color profiles, which allows remote attackers to gain privileges via a crafted image file, aka Bug Id 6862970.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3868
Version: 5
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6794
 
Oval ID: oval:org.mitre.oval:def:6794
Title: Java Web Start Improper Handling of Signed JAR Files
Description: The Java Web Start implementation in Sun Java SE 6 before Update 17 does not properly handle the interaction between a signed JAR file and a JNLP (1) application or (2) applet, which has unspecified impact and attack vectors, related to a "regression," aka Bug Id 6870531.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3886
Version: 5
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6805
 
Oval ID: oval:org.mitre.oval:def:6805
Title: OpenJDK ASN.1/DER Input Stream Parser Denial of Service via Crafted DER Encoded Data
Description: Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consumption) via crafted DER encoded data, which is not properly decoded by the ASN.1 DER input stream parser, aka Bug Id 6864911.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3876
Version: 5
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6906
 
Oval ID: oval:org.mitre.oval:def:6906
Title: OpenJDK Resurrected Classloaders Can Still Have Children
Description: Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, does not prevent the existence of children of a resurrected ClassLoader, which allows remote attackers to gain privileges via unspecified vectors, related to an "information leak vulnerability," aka Bug Id 6636650.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3881
Version: 5
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6960
 
Oval ID: oval:org.mitre.oval:def:6960
Title: OpenJDK Zoneinfo File Existence Information Leak
Description: The TimeZone.getTimeZone method in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, allows remote attackers to determine the existence of local files via vectors related to handling of zoneinfo (aka tz) files, aka Bug Id 6824265.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3884
Version: 5
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6963
 
Oval ID: oval:org.mitre.oval:def:6963
Title: JRE JPEG JFIF Decoder Vulnerability
Description: Unspecified vulnerability in the JPEG JFIF Decoder in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to gain privileges via a crafted image file, aka Bug Id 6862969.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3872
Version: 5
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6968
 
Oval ID: oval:org.mitre.oval:def:6968
Title: OpenJDK Information Leaks in Mutable Variables
Description: Multiple unspecified vulnerabilities in the Windows Pluggable Look and Feel (PL&F) feature in the Swing implementation in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, have unknown impact and remote attack vectors, related to "information leaks in mutable variables," aka Bug Id 6657138.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3883
Version: 5
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6970
 
Oval ID: oval:org.mitre.oval:def:6970
Title: OpenJDK JPEG Image Writer quantization problem
Description: The JPEG Image Writer in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to gain privileges via a crafted image file, related to a "quantization problem," aka Bug Id 6862968.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3873
Version: 5
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7094
 
Oval ID: oval:org.mitre.oval:def:7094
Title: OpenJDK BMP Parsing DoS With UNC ICC Links
Description: Sun Java SE 5.0 before Update 22 and 6 before Update 17 on Windows allows remote attackers to cause a denial of service via a BMP file containing a link to a UNC share pathname for an International Color Consortium (ICC) profile file, probably a related issue to CVE-2007-2789, aka Bug Id 6632445.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3885
Version: 5
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7148
 
Oval ID: oval:org.mitre.oval:def:7148
Title: OpenJDK ASN.1/DER Input Stream Parser Denial of Service via Crafted HTTP Headers
Description: Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consumption) via crafted HTTP headers, which are not properly parsed by the ASN.1 DER input stream parser, aka Bug Id 6864911.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3877
Version: 5
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7300
 
Oval ID: oval:org.mitre.oval:def:7300
Title: OpenJDK Information Leaks in Mutable Variables
Description: Multiple unspecified vulnerabilities in the Swing implementation in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, have unknown impact and remote attack vectors, related to "information leaks in mutable variables," aka Bug Id 6657026.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3882
Version: 5
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7306
 
Oval ID: oval:org.mitre.oval:def:7306
Title: DSA-1984 libxerces2-java -- denial of service
Description: It was discovered that libxerces2-java, a validating XML parser for Java, does not properly process malformed XML files. This vulnerability could allow an attacker to cause a denial of service while parsing a malformed XML file.
Family: unix Class: patch
Reference(s): DSA-1984
CVE-2009-2625
Version: 5
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
Product(s): libxerces2-java
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7316
 
Oval ID: oval:org.mitre.oval:def:7316
Title: OpenJDK UI Logging Information Leakage
Description: The Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, does not properly restrict the objects that may be sent to loggers, which allows attackers to obtain sensitive information via vectors related to the implementation of Component, KeyboardFocusManager, and DefaultKeyboardFocusManager, aka Bug Id 6664512.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3880
Version: 5
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7400
 
Oval ID: oval:org.mitre.oval:def:7400
Title: OpenJDK JRE AWT setDifflCM Stack Overflow Vulnerability
Description: Stack-based buffer overflow in the setDiffICM function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via a crafted argument, aka Bug Id 6872357.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3869
Version: 5
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7442
 
Oval ID: oval:org.mitre.oval:def:7442
Title: OpenJDK ImageI/O JPEG Heap Overflow Vulnerability
Description: Integer overflow in the JPEGImageReader implementation in the ImageI/O component in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via large subsample dimensions in a JPEG file that triggers a heap-based buffer overflow, aka Bug Id 6874643.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3874
Version: 5
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7537
 
Oval ID: oval:org.mitre.oval:def:7537
Title: JRE TrueType Font Parsing Crash
Description: Unspecified vulnerability in the TrueType font parsing functionality in Sun Java SE 5.0 before Update 22 and 6 before Update 17 allows remote attackers to cause a denial of service (application crash) via a certain test suite, aka Bug Id 6815780.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3729
Version: 5
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7545
 
Oval ID: oval:org.mitre.oval:def:7545
Title: OpenJDK GraphicsConfiguration Information Leak
Description: Multiple unspecified vulnerabilities in the (1) X11 and (2) Win32GraphicsDevice subsystems in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, have unknown impact and attack vectors, related to failure to clone arrays that are returned by the getConfigurations function, aka Bug Id 6822057.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3879
Version: 5
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7549
 
Oval ID: oval:org.mitre.oval:def:7549
Title: OpenJDK MessageDigest.isEqual Introduces Timing Attack Vulnerabilities
Description: The MessageDigest.isEqual function in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to spoof HMAC-based digital signatures, and possibly bypass authentication, via unspecified vectors related to "timing attack vulnerabilities," aka Bug Id 6863503.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3875
Version: 5
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7562
 
Oval ID: oval:org.mitre.oval:def:7562
Title: Sun Java Arbitrary Command Execution in JRE Deployment Toolkit
Description: The launch method in the Deployment Toolkit plugin in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 6 before Update 17 allows remote attackers to execute arbitrary commands via a crafted web page, aka Bug Id 6869752.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3865
Version: 5
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7723
 
Oval ID: oval:org.mitre.oval:def:7723
Title: HP-UX Running Java, Remote Increase in Privilege, Denial of Service and Other Vulnerabilities
Description: The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to browser cookies by untrusted (1) applets and (2) Java Web Start applications, which allows remote attackers to hijack web sessions via unspecified vectors.
Family: unix Class: vulnerability
Reference(s): CVE-2009-2672
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7750
 
Oval ID: oval:org.mitre.oval:def:7750
Title: HP-UX Running Java, Remote Increase in Privilege, Denial of Service and Other Vulnerabilities
Description: Stack-based buffer overflow in the HsbParser.getSoundBank function in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via a long file: URL in an argument, aka Bug Id 6854303.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3867
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7913
 
Oval ID: oval:org.mitre.oval:def:7913
Title: HP-UX Running Java, Remote Increase in Privilege, Denial of Service and Other Vulnerabilities
Description: The MessageDigest.isEqual function in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to spoof HMAC-based digital signatures, and possibly bypass authentication, via unspecified vectors related to "timing attack vulnerabilities," aka Bug Id 6863503.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3875
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8022
 
Oval ID: oval:org.mitre.oval:def:8022
Title: HP-UX Running Java, Remote Increase in Privilege, Denial of Service and Other Vulnerabilities
Description: The audio system in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to java.lang.System properties by (1) untrusted applets and (2) Java Web Start applications, which allows context-dependent attackers to obtain sensitive information by reading these properties.
Family: unix Class: vulnerability
Reference(s): CVE-2009-2670
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8037
 
Oval ID: oval:org.mitre.oval:def:8037
Title: DSA-1769 openjdk-6 -- several vulnerabilities
Description: Several vulnerabilities have been identified in OpenJDK, an implementation of the Java SE platform. Creation of large, temporary fonts could use up available disk space, leading to a denial of service condition. Several vulnerabilities existed in the embedded LittleCMS library, exploitable through crafted images: a memory leak, resulting in a denial of service condition (CVE-2009-0581), heap-based buffer overflows, potentially allowing arbitrary code execution (CVE-2009-0723, CVE-2009-0733), and a null-pointer dereference, leading to denial of service (CVE-2009-0793). The LDAP server implementation (in com.sun.jdni.ldap) did not properly close sockets if an error was encountered, leading to a denial-of-service condition. The LDAP client implementation (in com.sun.jdni.ldap) allowed malicious LDAP servers to execute arbitrary code on the client. The HTTP server implementation (sun.net.httpserver) contained an unspecified denial of service vulnerability. Several issues in Java Web Start have been addressed. The Debian packages currently do not support Java Web Start, so these issues are not directly exploitable, but the relevant code has been updated
Family: unix Class: patch
Reference(s): DSA-1769
CVE-2006-2426
CVE-2009-0581
CVE-2009-0723
CVE-2009-0733
CVE-2009-0793
CVE-2009-1093
CVE-2009-1094
CVE-2009-1095
CVE-2009-1096
CVE-2009-1097
CVE-2009-1098
CVE-2009-1101
Version: 3
Platform(s): Debian GNU/Linux 5.0
Product(s): openjdk-6
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8045
 
Oval ID: oval:org.mitre.oval:def:8045
Title: DSA-1921 expat -- denial of service
Description: Peter Valchev discovered an error in expat, an XML parsing C library, when parsing certain UTF-8 sequences, which can be exploited to crash an application using the library.
Family: unix Class: patch
Reference(s): DSA-1921
CVE-2009-2625
Version: 3
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
Product(s): expat
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8259
 
Oval ID: oval:org.mitre.oval:def:8259
Title: HP-UX Running Java, Remote Increase in Privilege, Denial of Service and Other Vulnerabilities
Description: The SOCKS proxy implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to discover the username of the account that invoked an untrusted (1) applet or (2) Java Web Start application via unspecified vectors.
Family: unix Class: vulnerability
Reference(s): CVE-2009-2671
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8275
 
Oval ID: oval:org.mitre.oval:def:8275
Title: HP-UX Running Java, Remote Increase in Privilege, Denial of Service and Other Vulnerabilities
Description: Heap-based buffer overflow in the setBytePixels function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via crafted arguments, aka Bug Id 6872358.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3871
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8330
 
Oval ID: oval:org.mitre.oval:def:8330
Title: HP-UX Running Java, Remote Increase in Privilege, Denial of Service and Other Vulnerabilities
Description: Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consumption) via crafted HTTP headers, which are not properly parsed by the ASN.1 DER input stream parser, aka Bug Id 6864911.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3877
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8396
 
Oval ID: oval:org.mitre.oval:def:8396
Title: HP-UX Running Java, Remote Increase in Privilege, Denial of Service and Other Vulnerabilities
Description: The JPEG Image Writer in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to gain privileges via a crafted image file, related to a "quantization problem," aka Bug Id 6862968.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3873
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8415
 
Oval ID: oval:org.mitre.oval:def:8415
Title: HP-UX Running Java, Remote Increase in Privilege, Denial of Service and Other Vulnerabilities
Description: Integer overflow in the unpack200 utility in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows context-dependent attackers to gain privileges via unspecified length fields in the header of a Pack200-compressed JAR file, which leads to a heap-based buffer overflow during decompression.
Family: unix Class: vulnerability
Reference(s): CVE-2009-2675
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8453
 
Oval ID: oval:org.mitre.oval:def:8453
Title: HP-UX Running Java, Remote Increase in Privilege, Denial of Service and Other Vulnerabilities
Description: Unspecified vulnerability in JNLPAppletlauncher in Sun Java SE, and SE for Business, in JDK and JRE 6 Update 14 and earlier and JDK and JRE 5.0 Update 19 and earlier; and Java SE for Business in SDK and JRE 1.4.2_21 and earlier; allows remote attackers to create or modify arbitrary files via vectors involving an untrusted Java applet that accesses an old version of JNLPAppletLauncher.
Family: unix Class: vulnerability
Reference(s): CVE-2009-2676
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8475
 
Oval ID: oval:org.mitre.oval:def:8475
Title: HP-UX Running Java, Remote Increase in Privilege, Denial of Service and Other Vulnerabilities
Description: Unspecified vulnerability in the JPEG JFIF Decoder in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to gain privileges via a crafted image file, aka Bug Id 6862969.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3872
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8520
 
Oval ID: oval:org.mitre.oval:def:8520
Title: HP-UX Running Java, Remote Increase in Privilege, Denial of Service and Other Vulnerabilities
Description: XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
Family: unix Class: vulnerability
Reference(s): CVE-2009-2625
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8558
 
Oval ID: oval:org.mitre.oval:def:8558
Title: HP-UX Running Java, Remote Increase in Privilege, Denial of Service and Other Vulnerabilities
Description: The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to bypass intended access restrictions and connect to arbitrary sites via unspecified vectors, related to a declaration that lacks the final keyword.
Family: unix Class: vulnerability
Reference(s): CVE-2009-2673
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8566
 
Oval ID: oval:org.mitre.oval:def:8566
Title: HP-UX Running Java, Remote Increase in Privilege, Denial of Service and Other Vulnerabilities
Description: Stack-based buffer overflow in the setDiffICM function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via a crafted argument, aka Bug Id 6872357.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3869
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8603
 
Oval ID: oval:org.mitre.oval:def:8603
Title: HP-UX Running Java, Remote Increase in Privilege, Denial of Service and Other Vulnerabilities
Description: Integer overflow in the JPEGImageReader implementation in the ImageI/O component in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via large subsample dimensions in a JPEG file that triggers a heap-based buffer overflow, aka Bug Id 6874643.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3874
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8608
 
Oval ID: oval:org.mitre.oval:def:8608
Title: HP-UX Running Java, Remote Increase in Privilege, Denial of Service and Other Vulnerabilities
Description: Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consumption) via crafted DER encoded data, which is not properly decoded by the ASN.1 DER input stream parser, aka Bug Id 6864911.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3876
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8622
 
Oval ID: oval:org.mitre.oval:def:8622
Title: HP-UX Running Java, Remote Increase in Privilege, Denial of Service and Other Vulnerabilities
Description: Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 does not properly parse color profiles, which allows remote attackers to gain privileges via a crafted image file, aka Bug Id 6862970.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3868
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8841
 
Oval ID: oval:org.mitre.oval:def:8841
Title: Multiple unspecified vulnerabilities in the Swing implementation in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, have unknown impact and remote attack vectors, related to "information leaks in mutable variables," aka Bug Id 6657026.
Description: Multiple unspecified vulnerabilities in the Swing implementation in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, have unknown impact and remote attack vectors, related to "information leaks in mutable variables," aka Bug Id 6657026.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3882
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8844
 
Oval ID: oval:org.mitre.oval:def:8844
Title: Buffer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers.
Description: Buffer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers.
Family: unix Class: vulnerability
Reference(s): CVE-2009-1096
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9356
 
Oval ID: oval:org.mitre.oval:def:9356
Title: XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
Description: XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
Family: unix Class: vulnerability
Reference(s): CVE-2009-2625
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9359
 
Oval ID: oval:org.mitre.oval:def:9359
Title: The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to browser cookies by untrusted (1) applets and (2) Java Web Start applications, which allows remote attackers to hijack web sessions via unspecified vectors.
Description: The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to browser cookies by untrusted (1) applets and (2) Java Web Start applications, which allows remote attackers to hijack web sessions via unspecified vectors.
Family: unix Class: vulnerability
Reference(s): CVE-2009-2672
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9360
 
Oval ID: oval:org.mitre.oval:def:9360
Title: Heap-based buffer overflow in the setBytePixels function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via crafted arguments, aka Bug Id 6872358.
Description: Heap-based buffer overflow in the setBytePixels function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via crafted arguments, aka Bug Id 6872358.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3871
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9568
 
Oval ID: oval:org.mitre.oval:def:9568
Title: Multiple unspecified vulnerabilities in the (1) X11 and (2) Win32GraphicsDevice subsystems in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, have unknown impact and attack vectors, related to failure to clone arrays that are returned by the getConfigurations function, aka Bug Id 6822057.
Description: Multiple unspecified vulnerabilities in the (1) X11 and (2) Win32GraphicsDevice subsystems in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, have unknown impact and attack vectors, related to failure to clone arrays that are returned by the getConfigurations function, aka Bug Id 6822057.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3879
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9602
 
Oval ID: oval:org.mitre.oval:def:9602
Title: The JPEG Image Writer in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to gain privileges via a crafted image file, related to a "quantization problem," aka Bug Id 6862968.
Description: The JPEG Image Writer in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to gain privileges via a crafted image file, related to a "quantization problem," aka Bug Id 6862968.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3873
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9956
 
Oval ID: oval:org.mitre.oval:def:9956
Title: Buffer overflow in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files or execute arbitrary code via a crafted GIF image, aka CR 6804998.
Description: Buffer overflow in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files or execute arbitrary code via a crafted GIF image, aka CR 6804998.
Family: unix Class: vulnerability
Reference(s): CVE-2009-1098
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1
Application 33
Application 3
Application 3
Application 1
Application 2
Application 5
Application 1
Application 359
Application 395
Application 1
Application 99
Os 5
Os 2
Os 2
Os 1
Os 3
Os 4

SAINT Exploits

Description Link
Java Runtime Environment HsbParser.getSoundBank Stack Buffer Overflow More info here
Java Runtime Environment AWT setDiffICM buffer overflow More info here

ExploitDB Exploits

id Description
2010-09-20 Sun Java JRE AWT setDiffICM Buffer Overflow
2010-09-20 Sun Java JRE getSoundbank file:// URI Buffer Overflow

OpenVAS Exploits

Date Description
2012-06-06 Name : RedHat Update for xerces-j2 RHSA-2011:0858-01
File : nvt/gb_RHSA-2011_0858-01_xerces-j2.nasl
2011-08-09 Name : CentOS Update for java CESA-2009:0377 centos5 i386
File : nvt/gb_CESA-2009_0377_java_centos5_i386.nasl
2011-08-09 Name : CentOS Update for java CESA-2009:1201 centos5 i386
File : nvt/gb_CESA-2009_1201_java_centos5_i386.nasl
2011-08-09 Name : CentOS Update for java CESA-2009:1584 centos5 i386
File : nvt/gb_CESA-2009_1584_java_centos5_i386.nasl
2011-08-09 Name : CentOS Update for xerces-j2 CESA-2009:1615 centos5 i386
File : nvt/gb_CESA-2009_1615_xerces-j2_centos5_i386.nasl
2011-06-20 Name : Mandriva Update for xerces-j2 MDVSA-2011:108 (xerces-j2)
File : nvt/gb_mandriva_MDVSA_2011_108.nasl
2010-10-10 Name : FreeBSD Ports: apr
File : nvt/freebsd_apr0.nasl
2010-05-28 Name : Java for Mac OS X 10.5 Update 4
File : nvt/macosx_java_for_10_5_upd_4.nasl
2010-05-28 Name : Java for Mac OS X 10.5 Update 5
File : nvt/macosx_java_for_10_5_upd_5.nasl
2010-05-28 Name : Java for Mac OS X 10.5 Update 6
File : nvt/macosx_java_for_10_5_upd_6.nasl
2010-05-28 Name : Java for Mac OS X 10.6 Update 1
File : nvt/macosx_java_for_10_6_upd_1.nasl
2010-05-28 Name : Java for Mac OS X 10.6 Update 2
File : nvt/macosx_java_for_10_6_upd_2.nasl
2010-04-30 Name : Mandriva Update for java-1.6.0-openjdk MDVSA-2010:084 (java-1.6.0-openjdk)
File : nvt/gb_mandriva_MDVSA_2010_084.nasl
2010-04-16 Name : Ubuntu Update for cmake vulnerabilities USN-890-6
File : nvt/gb_ubuntu_USN_890_6.nasl
2010-03-02 Name : Mandriva Update for x11-driver-video-ati MDVA-2010:084 (x11-driver-video-ati)
File : nvt/gb_mandriva_MDVA_2010_084.nasl
2010-02-19 Name : Ubuntu Update for xmlrpc-c vulnerabilities USN-890-5
File : nvt/gb_ubuntu_USN_890_5.nasl
2010-02-15 Name : HP-UX Update for Java HPSBUX02503
File : nvt/gb_hp_ux_HPSBUX02503.nasl
2010-01-29 Name : Ubuntu Update for python-xml vulnerabilities USN-890-4
File : nvt/gb_ubuntu_USN_890_4.nasl
2010-01-25 Name : Ubuntu Update for python2.4 vulnerabilities USN-890-3
File : nvt/gb_ubuntu_USN_890_3.nasl
2010-01-22 Name : Ubuntu Update for expat vulnerabilities USN-890-1
File : nvt/gb_ubuntu_USN_890_1.nasl
2010-01-22 Name : Ubuntu Update for python2.5 vulnerabilities USN-890-2
File : nvt/gb_ubuntu_USN_890_2.nasl
2010-01-15 Name : Mandriva Update for davfs MDVSA-2009:220-1 (davfs)
File : nvt/gb_mandriva_MDVSA_2009_220_1.nasl
2010-01-15 Name : Mandriva Update for expat MDVSA-2009:316-1 (expat)
File : nvt/gb_mandriva_MDVSA_2009_316_1.nasl
2010-01-15 Name : Mandriva Update for expat MDVSA-2009:316-2 (expat)
File : nvt/gb_mandriva_MDVSA_2009_316_2.nasl
2010-01-15 Name : Mandriva Update for expat MDVSA-2009:316-3 (expat)
File : nvt/gb_mandriva_MDVSA_2009_316_3.nasl
2009-12-30 Name : RedHat Security Advisory RHSA-2009:1694
File : nvt/RHSA_2009_1694.nasl
2009-12-30 Name : CentOS Security Advisory CESA-2009:1615 (xerces-j2)
File : nvt/ovcesa2009_1615.nasl
2009-12-14 Name : RedHat Security Advisory RHSA-2009:1643
File : nvt/RHSA_2009_1643.nasl
2009-12-14 Name : RedHat Security Advisory RHSA-2009:1647
File : nvt/RHSA_2009_1647.nasl
2009-12-10 Name : Mandriva Security Advisory MDVSA-2009:211-1 (expat)
File : nvt/mdksa_2009_211_1.nasl
2009-12-10 Name : Mandriva Security Advisory MDVSA-2009:212-1 (python)
File : nvt/mdksa_2009_212_1.nasl
2009-12-10 Name : Mandriva Security Advisory MDVSA-2009:213-1 (wxgtk)
File : nvt/mdksa_2009_213_1.nasl
2009-12-10 Name : Mandriva Security Advisory MDVSA-2009:215-1 (audacity)
File : nvt/mdksa_2009_215_1.nasl
2009-12-10 Name : Mandriva Security Advisory MDVSA-2009:217-3 (mozilla-thunderbird)
File : nvt/mdksa_2009_217_3.nasl
2009-12-10 Name : Mandriva Security Advisory MDVSA-2009:218-1 (w3c-libwww)
File : nvt/mdksa_2009_218_1.nasl
2009-12-10 Name : Mandriva Security Advisory MDVSA-2009:219-1 (kompozer)
File : nvt/mdksa_2009_219_1.nasl
2009-12-03 Name : RedHat Security Advisory RHSA-2009:1615
File : nvt/RHSA_2009_1615.nasl
2009-12-03 Name : SLES10: Security update for IBM Java 1.4.2
File : nvt/sles10_java-1_4_2-ibm4.nasl
2009-12-03 Name : SLES11: Security update for IBM Java 1.4.2
File : nvt/sles11_java-1_4_2-ibm1.nasl
2009-12-03 Name : SLES9: Security update for IBM Java2 and SDK
File : nvt/sles9p5063230.nasl
2009-11-23 Name : Gentoo Security Advisory GLSA 200911-02 (sun-jre-bin sun-jdk emul-linux-x86-j...
File : nvt/glsa_200911_02.nasl
2009-11-23 Name : CentOS Security Advisory CESA-2009:1584 (java-1.6.0-openjdk)
File : nvt/ovcesa2009_1584.nasl
2009-11-23 Name : Sun Java SE Multiple Vulnerabilities - Nov09 (Win)
File : nvt/secpod_sun_java_se_mult_vuln_nov09_win.nasl
2009-11-23 Name : SuSE Security Advisory SUSE-SA:2009:058 (java-1_6_0-sun)
File : nvt/suse_sa_2009_058.nasl
2009-11-17 Name : RedHat Security Advisory RHSA-2009:1571
File : nvt/RHSA_2009_1571.nasl
2009-11-17 Name : RedHat Security Advisory RHSA-2009:1582
File : nvt/RHSA_2009_1582.nasl
2009-11-17 Name : RedHat Security Advisory RHSA-2009:1584
File : nvt/RHSA_2009_1584.nasl
2009-11-17 Name : Fedora Core 11 FEDORA-2009-11486 (java-1.6.0-openjdk)
File : nvt/fcore_2009_11486.nasl
2009-11-17 Name : Fedora Core 12 FEDORA-2009-11489 (java-1.6.0-openjdk)
File : nvt/fcore_2009_11489.nasl
2009-11-17 Name : Fedora Core 10 FEDORA-2009-11490 (java-1.6.0-openjdk)
File : nvt/fcore_2009_11490.nasl
2009-11-13 Name : Sun Java JRE Remote Code Execution Vulnerability (Linux)
File : nvt/gb_sun_java_jre_code_exe_vuln_lin.nasl
2009-11-13 Name : Sun Java JRE Remote Code Execution Vulnerability (Win)
File : nvt/gb_sun_java_jre_code_exe_vuln_win.nasl
2009-11-13 Name : Sun Java JDK/JRE Multiple Vulnerabilities - Nov09 (Linux)
File : nvt/gb_sun_java_jre_mult_vuln_nov09_lin.nasl
2009-11-13 Name : Sun Java JDK/JRE Multiple Vulnerabilities - Nov09 (Win)
File : nvt/gb_sun_java_jre_mult_vuln_nov09_win.nasl
2009-11-11 Name : RedHat Security Advisory RHSA-2009:1560
File : nvt/RHSA_2009_1560.nasl
2009-11-11 Name : Debian Security Advisory DSA 1921-1 (expat)
File : nvt/deb_1921_1.nasl
2009-11-11 Name : SLES11: Security update for IBM Java 1.6.0
File : nvt/sles11_java-1_6_0-ibm1.nasl
2009-10-27 Name : SuSE Security Summary SUSE-SR:2009:017
File : nvt/suse_sr_2009_017.nasl
2009-10-19 Name : RedHat Security Advisory RHSA-2009:1505
File : nvt/RHSA_2009_1505.nasl
2009-10-19 Name : SuSE Security Summary SUSE-SR:2009:016
File : nvt/suse_sr_2009_016.nasl
2009-10-13 Name : Mandrake Security Advisory MDVSA-2009:217-1 (mozilla-thunderbird)
File : nvt/mdksa_2009_217_1.nasl
2009-10-13 Name : Mandrake Security Advisory MDVSA-2009:217-2 (mozilla-thunderbird)
File : nvt/mdksa_2009_217_2.nasl
2009-10-13 Name : SLES10: Security update for IBM Java 1.4.2
File : nvt/sles10_java-1_4_2-ibm.nasl
2009-10-13 Name : SLES10: Security update for IBM Java 5
File : nvt/sles10_java-1_5_0-ibm1.nasl
2009-10-13 Name : SLES10: Security update for Xerces-j2
File : nvt/sles10_xerces-j2.nasl
2009-10-11 Name : SLES11: Security update for IBM Java 1.4.2
File : nvt/sles11_java-1_4_2-ibm0.nasl
2009-10-11 Name : SLES11: Security update for IBM Java 1.6.0
File : nvt/sles11_java-1_6_0-ibm0.nasl
2009-10-11 Name : SLES11: Security update for Xerces-j2
File : nvt/sles11_xerces-j2.nasl
2009-10-10 Name : SLES9: Security update for IBM Java 5 JRE and IBM Java 5 SDK
File : nvt/sles9p5050060.nasl
2009-10-10 Name : SLES9: Security update for IBM Java2 JRE and SDK
File : nvt/sles9p5059500.nasl
2009-09-09 Name : SuSE Security Summary SUSE-SR:2009:014
File : nvt/suse_sr_2009_014.nasl
2009-09-02 Name : RedHat Security Advisory RHSA-2009:1236
File : nvt/RHSA_2009_1236.nasl
2009-09-02 Name : Mandrake Security Advisory MDVSA-2009:209 (java-1.6.0-openjdk)
File : nvt/mdksa_2009_209.nasl
2009-09-02 Name : Mandrake Security Advisory MDVSA-2009:211 (expat)
File : nvt/mdksa_2009_211.nasl
2009-09-02 Name : Mandrake Security Advisory MDVSA-2009:212 (python)
File : nvt/mdksa_2009_212.nasl
2009-09-02 Name : Mandrake Security Advisory MDVSA-2009:213 (wxgtk)
File : nvt/mdksa_2009_213.nasl
2009-09-02 Name : Mandrake Security Advisory MDVSA-2009:214 (python-celementtree)
File : nvt/mdksa_2009_214.nasl
2009-09-02 Name : Mandrake Security Advisory MDVSA-2009:215 (audacity)
File : nvt/mdksa_2009_215.nasl
2009-09-02 Name : Mandrake Security Advisory MDVSA-2009:216 (mozilla-thunderbird)
File : nvt/mdksa_2009_216.nasl
2009-09-02 Name : Mandrake Security Advisory MDVSA-2009:217 (mozilla-thunderbird)
File : nvt/mdksa_2009_217.nasl
2009-09-02 Name : Mandrake Security Advisory MDVSA-2009:218 (w3c-libwww)
File : nvt/mdksa_2009_218.nasl
2009-09-02 Name : Mandrake Security Advisory MDVSA-2009:219 (kompozer)
File : nvt/mdksa_2009_219.nasl
2009-09-02 Name : Mandrake Security Advisory MDVSA-2009:220 (davfs)
File : nvt/mdksa_2009_220.nasl
2009-08-24 Name : Sun Java SE Multiple Unspecified Vulnerabilities
File : nvt/secpod_sun_java_se_mult_unspecified_vuln.nasl
2009-08-24 Name : Unsafe Interaction In Sun Java SE Abstract Window Toolkit (Linux)
File : nvt/secpod_sun_java_se_unsafe_interaction_lin.nasl
2009-08-20 Name : Sun Java JDK/JRE JPEG Images Integer Overflow Vulnerability - Aug09
File : nvt/gb_sun_java_jre_int_overflow_vuln_aug09.nasl
2009-08-20 Name : Sun Java JDK/JRE Multiple Vulnerabilities - Aug09
File : nvt/gb_sun_java_jre_mult_vuln_aug09.nasl
2009-08-20 Name : Sun Java SE Unspecified Vulnerability In JDK/JRE/SDK - Aug09
File : nvt/gb_sun_java_se_unspecified_vuln_aug09.nasl
2009-08-17 Name : RedHat Security Advisory RHSA-2009:1198
File : nvt/RHSA_2009_1198.nasl
2009-08-17 Name : RedHat Security Advisory RHSA-2009:1199
File : nvt/RHSA_2009_1199.nasl
2009-08-17 Name : RedHat Security Advisory RHSA-2009:1200
File : nvt/RHSA_2009_1200.nasl
2009-08-17 Name : RedHat Security Advisory RHSA-2009:1201
File : nvt/RHSA_2009_1201.nasl
2009-08-17 Name : Fedora Core 11 FEDORA-2009-8329 (java-1.6.0-openjdk)
File : nvt/fcore_2009_8329.nasl
2009-08-17 Name : Fedora Core 10 FEDORA-2009-8337 (java-1.6.0-openjdk)
File : nvt/fcore_2009_8337.nasl
2009-08-17 Name : Mandrake Security Advisory MDVSA-2009:162 (java-1.6.0-openjdk)
File : nvt/mdksa_2009_162.nasl
2009-08-17 Name : CentOS Security Advisory CESA-2009:1201 (java-1.6.0-openjdk)
File : nvt/ovcesa2009_1201.nasl
2009-08-17 Name : SuSE Security Advisory SUSE-SA:2009:043 (java-1_5_0-sun,java-1_6_0-sun)
File : nvt/suse_sa_2009_043.nasl
2009-08-17 Name : Ubuntu USN-814-1 (openjdk-6)
File : nvt/ubuntu_814_1.nasl
2009-06-23 Name : Mandrake Security Advisory MDVSA-2009:137 (java-1.6.0-openjdk)
File : nvt/mdksa_2009_137.nasl
2009-06-15 Name : SuSE Security Summary SUSE-SR:2009:011
File : nvt/suse_sr_2009_011.nasl
2009-06-05 Name : Ubuntu USN-743-1 (gs-gpl)
File : nvt/ubuntu_743_1.nasl
2009-06-05 Name : Ubuntu USN-744-1 (lcms)
File : nvt/ubuntu_744_1.nasl
2009-06-01 Name : HP-UX Update for Java HPSBUX02429
File : nvt/gb_hp_ux_HPSBUX02429.nasl
2009-05-20 Name : RedHat Security Advisory RHSA-2009:1038
File : nvt/RHSA_2009_1038.nasl
2009-04-23 Name : Sun Java JRE Multiple Vulnerabilities (Linux)
File : nvt/gb_sun_java_jre_dos_vuln_lin.nasl
2009-04-23 Name : Sun Java JDK/JRE Multiple Vulnerabilities (Win)
File : nvt/gb_sun_java_jre_dos_vuln_win.nasl
2009-04-15 Name : RedHat Security Advisory RHSA-2009:0377
File : nvt/RHSA_2009_0377.nasl
2009-04-15 Name : Debian Security Advisory DSA 1769-1 (openjdk-6)
File : nvt/deb_1769_1.nasl
2009-04-15 Name : CentOS Security Advisory CESA-2009:0377 (java-1.6.0-openjdk)
File : nvt/ovcesa2009_0377.nasl
2009-04-06 Name : SuSE Security Advisory SUSE-SA:2009:016 (Sun Java 5 and 6)
File : nvt/suse_sa_2009_016.nasl
2009-04-06 Name : Ubuntu USN-746-1 (xine-lib)
File : nvt/ubuntu_746_1.nasl
2009-04-06 Name : Ubuntu USN-747-1 (icu)
File : nvt/ubuntu_747_1.nasl
2009-04-06 Name : Ubuntu USN-748-1 (openjdk-6)
File : nvt/ubuntu_748_1.nasl
2009-03-31 Name : RedHat Security Advisory RHSA-2009:0392
File : nvt/RHSA_2009_0392.nasl
2009-03-31 Name : RedHat Security Advisory RHSA-2009:0394
File : nvt/RHSA_2009_0394.nasl
0000-00-00 Name : Slackware Advisory SSA:2011-041-02 expat
File : nvt/esoft_slk_ssa_2011_041_02.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
59924 Sun Java SE TrueType Font Parsing Unspecified Remote DoS

59923 Sun Java SE Java Web Start Implementation Signed JAR File JNLP Application / ...

59922 Sun Java SE X11 / Win32GraphicsDevice Subsystems getConfigurations Function C...

59921 Sun Java SE JRE Abstract Window Toolkit (AWT) Logger Object Restriction Infor...

59920 Sun Java SE TimeZone.getTimeZone Method tz File Handling Local File Enumeration

59919 Sun Java SE BMP File ICC Profile UNC Pathname Handling DoS

59918 Sun Java SE JRE ICC_Profile.getInstance Method Traversal Arbitrary ICC Profil...

59917 Sun Java SE Resurrected ClassLoader Children Handling Unspecified Remote Priv...

59916 Sun Java SE Swing Implementation Mutable Variable Leak Unspecified Issues

59915 Sun Java SE Swing Implementation Windows Pluggable Look and Feel (PL&F) M...

59718 Sun Java JDK / JRE on Windows Update Notification Weakness

59717 Sun Java JDK / JRE Deployment Toolkit Web Page Handling Unspecified Arbitrary...

59716 Sun Java JDK / JRE Web Start Crafted Installer Extension JNLP Handling Truste...

59714 Sun Java JDK / JRE JPEG Image Writer Unspecified Overflow (6862968)

59713 Sun Java JDK / JRE JPEG JFIF Decoder Unspecified Overflow (6862969)

59712 Sun Java JDK / JRE Color Profile Handling Unspecified Overflow (6862970)

59711 Sun Java JDK / JRE HsbParser.getSoundBank Function file:// URI Parsing Overflow

59710 Sun Java JDK / JRE AWT setDifflCM Library Function Overflow

59709 Sun Java JDK / JRE AWT setBytePixels Library Function Overflow

59708 Sun Java JDK / JRE JPEGImageReader Subsample Dimension Handling Overflow

59707 Sun Java JDK / JRE MessageDigest.isEqual Function HMAC Digest Signature Forge...

59706 Sun Java JDK / JRE HTTP Header Parsing Unspecified Memory Exhaustion DoS

59705 Sun Java JDK / JRE DER Encoded Data Decoding Unspecified Memory Exhaustion DoS

57431 Sun Java JDK / JRE JNLPAppletlauncher Unspecified Arbitrary File Manipulation

56984 Apache Xerces2 Java Malformed XML Input DoS

56964 Sun Java SE Abstract Window Toolkit (AWT) Window Border Distance Rendering We...

56962 Sun Java SE Web Start Implementation JNLP File Handling DoS

56961 Sun Java SE Plugin Functionality Version Selection Weakness

56959 Sun Java SE Swing Implementation javax.swing.plaf.synth.SynthContext.isSubreg...

56958 Sun Java SE Provider Class Multiple Unspecified Issues (6406003)

56957 Sun Java SE Provider Class Multiple Unspecified Issues (6429594)

56956 Sun Java SE Provider Class Deserialization Unspecified Issue

56955 Sun Java SE java.lang Package Reflection Check Race Condition

56788 Sun Java JDK / JRE Audio System Unauthorized java.lang.System Properties Access

56786 Sun Java JDK / JRE Pack200 JAR File Decoding Inner Class Count Overflow

56785 Sun Java JDK / JRE Proxy Mechanism Implementation Arbitrary Host Connection

56784 Sun Java JDK / JRE Proxy Mechanism Implementation Unauthorized Browser Cookie...

56783 Sun Java JDK / JRE SOCKS Proxy Implementation Applet Process Owner Disclosure

53178 Sun Java JDK / JRE Java Plug-in Swing JLabel HTML Parsing Signed Applet Trust...

53177 Sun Java JDK / JRE Java Plug-in crossdomain.xml Parsing Restriction Bypass

53176 Sun Java JDK / JRE Java Plug-in Applet Execution Version Regression Weakness

53175 Sun Java JDK / JRE Java Plug-in LiveConnect Localhost Restriction Bypass

53174 Sun Java JDK / JRE Java Plug-in Deserializing Applets Unspecified Remote Priv...

53173 Sun Java JDK / JRE Virtual Machine Code Generation Unspecified Remote Privile...

53172 Sun Java JDK / JRE Lightweight HTTP Server Implementation JAX-WS Service Endp...

53171 Sun Java JDK / JRE Temporary Font File Unspecified Disk Consumption DoS (6632...

53170 Sun Java JDK / JRE Temporary Font File Creation Limit Unspecified Disk Consum...

53169 Sun Java JDK / JRE Type1 Font Glyph Description Handling Overflow

53168 Sun Java JDK / JRE GIF Image Handling Overflows

53167 Sun Java JDK / JRE Splash Screen PNG Image Handling Overflow

53166 Sun Java JDK / JRE unpack200 JAR File Pack200 Header Handling Multiple Overflows

53165 Sun Java JDK / JRE LDAP Implementation Serialized Data Unspecified Arbitrary ...

53164 Sun Java JDK / JRE LDAP Service LdapCtx Connection Persistence Remote DoS

Information Assurance Vulnerability Management (IAVM)

Date Description
2009-10-22 IAVM : 2009-A-0105 - Multiple Vulnerabilities in VMware Products
Severity : Category I - VMSKEY : V0021867

Snort® IPS/IDS

Date Description
2017-08-01 multiple products PNG processing buffer overflow attempt
RuleID : 43399 - Revision : 2 - Type : FILE-IMAGE
2014-01-10 Phoenix exploit kit post-compromise behavior
RuleID : 21860 - Revision : 5 - Type : MALWARE-CNC
2014-01-10 Phoenix exploit kit landing page
RuleID : 21640 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10 Oracle Java getSoundBank overflow Attempt malicious jar file
RuleID : 20858 - Revision : 8 - Type : FILE-JAVA
2014-01-10 Oracle Java GIF LZW minimum code size overflow attempt
RuleID : 20239 - Revision : 6 - Type : FILE-JAVA
2014-01-10 Oracle Java runtime JPEGImageReader overflow attempt
RuleID : 20055 - Revision : 11 - Type : FILE-JAVA
2014-01-10 Oracle Java Runtime AWT setDiffICM stack buffer overflow attempt
RuleID : 19926 - Revision : 10 - Type : FILE-JAVA
2014-01-10 Oracle Java HsbParser.getSoundBank stack buffer overflow attempt
RuleID : 17776 - Revision : 11 - Type : FILE-JAVA
2014-01-10 Oracle Java Runtime Environment Type1 Font parsing integer overflow attempt
RuleID : 17624 - Revision : 10 - Type : FILE-JAVA
2014-01-10 Oracle Java Runtime Environment Type1 Font parsing integer overflow attempt
RuleID : 17623 - Revision : 16 - Type : FILE-JAVA
2014-01-10 Oracle Java Runtime Environment Pack200 Decompression Integer Overflow
RuleID : 17522 - Revision : 12 - Type : FILE-JAVA
2014-01-10 multiple products PNG processing buffer overflow attempt
RuleID : 16716 - Revision : 17 - Type : FILE-IMAGE
2014-01-10 Oracle Java Runtime AWT setDiffICM stack buffer overflow attempt
RuleID : 16288 - Revision : 11 - Type : FILE-JAVA

Nessus® Vulnerability Scanner

Date Description
2016-11-30 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_18449f92ab3911e68011005056925db4.nasl - Type : ACT_GATHER_INFO
2016-03-08 Name : The remote VMware ESX host is missing a security-related patch.
File : vmware_VMSA-2010-0002_remote.nasl - Type : ACT_GATHER_INFO
2016-03-03 Name : The remote host is missing a security-related patch.
File : vmware_VMSA-2009-0014_remote.nasl - Type : ACT_GATHER_INFO
2016-03-03 Name : The remote host is missing a security-related patch.
File : vmware_VMSA-2009-0016_remote.nasl - Type : ACT_GATHER_INFO
2014-12-15 Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL15905.nasl - Type : ACT_GATHER_INFO
2014-11-08 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2012-1537.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-0377.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-1201.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-1584.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-1615.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-0858.nasl - Type : ACT_GATHER_INFO
2013-06-29 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-1584.nasl - Type : ACT_GATHER_INFO
2013-02-22 Name : The remote Unix host contains a runtime environment that is affected by multi...
File : sun_java_jre_254569_unix.nasl - Type : ACT_GATHER_INFO
2013-02-22 Name : The remote Unix host contains a runtime environment that is affected by multi...
File : sun_java_jre_263408_unix.nasl - Type : ACT_GATHER_INFO
2013-02-22 Name : The remote Unix host contains a runtime environment that is affected by multi...
File : sun_java_jre_269868_unix.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1636.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1637.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1649.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1650.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20090326_java__jdk_1_6_0__on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20090806_java_1_6_0_openjdk_on_SL5_3.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20090824_java__jdk_1_6_0__on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20091109_java__jdk_1_6_0__on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20091130_xerces_j2_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20110608_xerces_j2_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2011-06-14 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2011-108.nasl - Type : ACT_GATHER_INFO
2011-06-09 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0858.nasl - Type : ACT_GATHER_INFO
2011-04-23 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1662.nasl - Type : ACT_GATHER_INFO
2011-02-11 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2011-041-02.nasl - Type : ACT_GATHER_INFO
2011-01-27 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_libicecore-6857.nasl - Type : ACT_GATHER_INFO
2011-01-27 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_libicecore-6862.nasl - Type : ACT_GATHER_INFO
2010-12-02 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_libpython2_6-1_0-100323.nasl - Type : ACT_GATHER_INFO
2010-10-11 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_java-1_4_2-ibm-6523.nasl - Type : ACT_GATHER_INFO
2010-10-11 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_java-1_4_2-ibm-6647.nasl - Type : ACT_GATHER_INFO
2010-10-11 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_java-1_4_2-ibm-6755.nasl - Type : ACT_GATHER_INFO
2010-10-11 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_java-1_5_0-ibm-6741.nasl - Type : ACT_GATHER_INFO
2010-10-11 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_python-6946.nasl - Type : ACT_GATHER_INFO
2010-06-22 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12591.nasl - Type : ACT_GATHER_INFO
2010-05-19 Name : The remote host has a version of Java that is affected by multiple vulnerabil...
File : macosx_java_10_6_update2.nasl - Type : ACT_GATHER_INFO
2010-05-15 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_libpython2_6-1_0-100328.nasl - Type : ACT_GATHER_INFO
2010-05-15 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_libpython2_6-1_0-100330.nasl - Type : ACT_GATHER_INFO
2010-05-15 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_libpython2_6-1_0-100329.nasl - Type : ACT_GATHER_INFO
2010-05-14 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12600.nasl - Type : ACT_GATHER_INFO
2010-04-29 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-084.nasl - Type : ACT_GATHER_INFO
2010-04-16 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-890-6.nasl - Type : ACT_GATHER_INFO
2010-03-31 Name : The remote VMware ESX host is missing a security-related patch.
File : vmware_VMSA-2010-0002.nasl - Type : ACT_GATHER_INFO
2010-02-24 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1921.nasl - Type : ACT_GATHER_INFO
2010-02-24 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1984.nasl - Type : ACT_GATHER_INFO
2010-02-23 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_libexpat0-100220.nasl - Type : ACT_GATHER_INFO
2010-02-23 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_libexpat0-100220.nasl - Type : ACT_GATHER_INFO
2010-02-23 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_libexpat0-100220.nasl - Type : ACT_GATHER_INFO
2010-02-19 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-890-5.nasl - Type : ACT_GATHER_INFO
2010-01-27 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-890-4.nasl - Type : ACT_GATHER_INFO
2010-01-25 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-890-3.nasl - Type : ACT_GATHER_INFO
2010-01-22 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-890-2.nasl - Type : ACT_GATHER_INFO
2010-01-21 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-890-1.nasl - Type : ACT_GATHER_INFO
2010-01-15 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0043.nasl - Type : ACT_GATHER_INFO
2010-01-13 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_java-1_6_0-ibm-100105.nasl - Type : ACT_GATHER_INFO
2010-01-12 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12565.nasl - Type : ACT_GATHER_INFO
2010-01-12 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_java-1_4_2-ibm-100105.nasl - Type : ACT_GATHER_INFO
2010-01-12 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_java-1_4_2-ibm-6757.nasl - Type : ACT_GATHER_INFO
2010-01-08 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_java-1_5_0-ibm-6740.nasl - Type : ACT_GATHER_INFO
2010-01-06 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-0377.nasl - Type : ACT_GATHER_INFO
2010-01-06 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-1201.nasl - Type : ACT_GATHER_INFO
2010-01-06 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-1615.nasl - Type : ACT_GATHER_INFO
2009-12-27 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1694.nasl - Type : ACT_GATHER_INFO
2009-12-27 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12564.nasl - Type : ACT_GATHER_INFO
2009-12-09 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1647.nasl - Type : ACT_GATHER_INFO
2009-12-08 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1643.nasl - Type : ACT_GATHER_INFO
2009-12-07 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-316.nasl - Type : ACT_GATHER_INFO
2009-12-04 Name : The remote host has a version of Java that is affected by multiple vulnerabil...
File : macosx_java_10_5_update6.nasl - Type : ACT_GATHER_INFO
2009-12-04 Name : The remote host has a version of Java that is affected by multiple vulnerabil...
File : macosx_java_10_6_update1.nasl - Type : ACT_GATHER_INFO
2009-12-01 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1615.nasl - Type : ACT_GATHER_INFO
2009-11-30 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12531.nasl - Type : ACT_GATHER_INFO
2009-11-30 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_java-1_6_0-openjdk-091125.nasl - Type : ACT_GATHER_INFO
2009-11-30 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_java-1_6_0-openjdk-091125.nasl - Type : ACT_GATHER_INFO
2009-11-30 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_java-1_6_0-openjdk-091127.nasl - Type : ACT_GATHER_INFO
2009-11-30 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_java-1_4_2-ibm-091106.nasl - Type : ACT_GATHER_INFO
2009-11-30 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_java-1_4_2-ibm-6648.nasl - Type : ACT_GATHER_INFO
2009-11-23 Name : The remote VMware ESXi / ESX host is missing one or more security-related pat...
File : vmware_VMSA-2009-0016.nasl - Type : ACT_GATHER_INFO
2009-11-19 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_java-1_6_0-sun-091113.nasl - Type : ACT_GATHER_INFO
2009-11-19 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_java-1_6_0-sun-091113.nasl - Type : ACT_GATHER_INFO
2009-11-19 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_java-1_6_0-sun-091113.nasl - Type : ACT_GATHER_INFO
2009-11-19 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_java-1_6_0-sun-091113.nasl - Type : ACT_GATHER_INFO
2009-11-18 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200911-02.nasl - Type : ACT_GATHER_INFO
2009-11-17 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1584.nasl - Type : ACT_GATHER_INFO
2009-11-16 Name : The remote Fedora host is missing a security update.
File : fedora_2009-11486.nasl - Type : ACT_GATHER_INFO
2009-11-16 Name : The remote Fedora host is missing a security update.
File : fedora_2009-11489.nasl - Type : ACT_GATHER_INFO
2009-11-16 Name : The remote Fedora host is missing a security update.
File : fedora_2009-11490.nasl - Type : ACT_GATHER_INFO
2009-11-16 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-859-1.nasl - Type : ACT_GATHER_INFO
2009-11-13 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1582.nasl - Type : ACT_GATHER_INFO
2009-11-11 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1571.nasl - Type : ACT_GATHER_INFO
2009-11-11 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_java-1_5_0-sun-091109.nasl - Type : ACT_GATHER_INFO
2009-11-11 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_java-1_5_0-sun-091109.nasl - Type : ACT_GATHER_INFO
2009-11-10 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1560.nasl - Type : ACT_GATHER_INFO
2009-11-05 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_java-1_6_0-ibm-091102.nasl - Type : ACT_GATHER_INFO
2009-11-04 Name : The remote Windows host contains a runtime environment that is affected by mu...
File : sun_java_jre_269868.nasl - Type : ACT_GATHER_INFO
2009-10-19 Name : The remote VMware ESX host is missing one or more security-related patches.
File : vmware_VMSA-2009-0014.nasl - Type : ACT_GATHER_INFO
2009-10-15 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1505.nasl - Type : ACT_GATHER_INFO
2009-10-06 Name : The remote openSUSE host is missing a security update.
File : suse_java-1_5_0-sun-6396.nasl - Type : ACT_GATHER_INFO
2009-10-06 Name : The remote openSUSE host is missing a security update.
File : suse_java-1_6_0-sun-6395.nasl - Type : ACT_GATHER_INFO
2009-10-06 Name : The remote openSUSE host is missing a security update.
File : suse_xerces-j2-6445.nasl - Type : ACT_GATHER_INFO
2009-10-02 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_java-1_4_2-ibm-6508.nasl - Type : ACT_GATHER_INFO
2009-10-01 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12511.nasl - Type : ACT_GATHER_INFO
2009-10-01 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_java-1_4_2-ibm-090924.nasl - Type : ACT_GATHER_INFO
2009-09-25 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_java-1_6_0-openjdk-090920.nasl - Type : ACT_GATHER_INFO
2009-09-25 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_java-1_6_0-openjdk-090922.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12422.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_java-1_6_0-ibm-090629.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_java-1_6_0-sun-090327.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_java-1_6_0-sun-090806.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_xerces-j2-090820.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_java-1_5_0-ibm-6253.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_xerces-j2-6449.nasl - Type : ACT_GATHER_INFO
2009-09-03 Name : The remote host has a version of Java that is affected by multiple vulnerabil...
File : macosx_java_10_5_update5.nasl - Type : ACT_GATHER_INFO
2009-08-31 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1236.nasl - Type : ACT_GATHER_INFO
2009-08-31 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_kompozer-090827.nasl - Type : ACT_GATHER_INFO
2009-08-27 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_xerces-j2-090820.nasl - Type : ACT_GATHER_INFO
2009-08-27 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_xerces-j2-090820.nasl - Type : ACT_GATHER_INFO
2009-08-25 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-218.nasl - Type : ACT_GATHER_INFO
2009-08-25 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-219.nasl - Type : ACT_GATHER_INFO
2009-08-25 Name : The remote Mandriva Linux host is missing a security update.
File : mandriva_MDVSA-2009-220.nasl - Type : ACT_GATHER_INFO
2009-08-24 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-209.nasl - Type : ACT_GATHER_INFO
2009-08-24 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-211.nasl - Type : ACT_GATHER_INFO
2009-08-24 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-212.nasl - Type : ACT_GATHER_INFO
2009-08-24 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-213.nasl - Type : ACT_GATHER_INFO
2009-08-24 Name : The remote Mandriva Linux host is missing a security update.
File : mandriva_MDVSA-2009-214.nasl - Type : ACT_GATHER_INFO
2009-08-24 Name : The remote Mandriva Linux host is missing a security update.
File : mandriva_MDVSA-2009-215.nasl - Type : ACT_GATHER_INFO
2009-08-24 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-217.nasl - Type : ACT_GATHER_INFO
2009-08-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-0392.nasl - Type : ACT_GATHER_INFO
2009-08-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-0394.nasl - Type : ACT_GATHER_INFO
2009-08-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1038.nasl - Type : ACT_GATHER_INFO
2009-08-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1198.nasl - Type : ACT_GATHER_INFO
2009-08-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1199.nasl - Type : ACT_GATHER_INFO
2009-08-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1200.nasl - Type : ACT_GATHER_INFO
2009-08-11 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-814-1.nasl - Type : ACT_GATHER_INFO
2009-08-10 Name : The remote Fedora host is missing a security update.
File : fedora_2009-8337.nasl - Type : ACT_GATHER_INFO
2009-08-10 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_java-1_5_0-sun-090806.nasl - Type : ACT_GATHER_INFO
2009-08-10 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_java-1_6_0-sun-090806.nasl - Type : ACT_GATHER_INFO
2009-08-10 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_java-1_5_0-sun-090806.nasl - Type : ACT_GATHER_INFO
2009-08-10 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_java-1_6_0-sun-090806.nasl - Type : ACT_GATHER_INFO
2009-08-07 Name : The remote Fedora host is missing a security update.
File : fedora_2009-8329.nasl - Type : ACT_GATHER_INFO
2009-08-07 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1201.nasl - Type : ACT_GATHER_INFO
2009-08-05 Name : The remote Windows host contains a runtime environment that is affected by mu...
File : sun_java_jre_263408.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_java-1_5_0-sun-090327.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_java-1_6_0-sun-090327.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_java-1_5_0-sun-090328.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_java-1_6_0-sun-090328.nasl - Type : ACT_GATHER_INFO
2009-07-09 Name : The remote host has a version of Java that is affected by multiple vulnerabil...
File : macosx_java_rel9.nasl - Type : ACT_GATHER_INFO
2009-06-21 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-137.nasl - Type : ACT_GATHER_INFO
2009-06-17 Name : The remote host has a version of Java that is affected by multiple vulnerabil...
File : macosx_java_10_5_update4.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-748-1.nasl - Type : ACT_GATHER_INFO
2009-04-13 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1769.nasl - Type : ACT_GATHER_INFO
2009-04-08 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-0377.nasl - Type : ACT_GATHER_INFO
2009-04-01 Name : The remote openSUSE host is missing a security update.
File : suse_java-1_5_0-sun-6125.nasl - Type : ACT_GATHER_INFO
2009-04-01 Name : The remote openSUSE host is missing a security update.
File : suse_java-1_6_0-sun-6128.nasl - Type : ACT_GATHER_INFO
2009-03-27 Name : The remote Windows host contains a runtime environment that is affected by mu...
File : sun_java_jre_254569.nasl - Type : ACT_GATHER_INFO
2009-01-19 Name : The remote host is missing Sun Security Patch number 128640-30
File : solaris10_128640.nasl - Type : ACT_GATHER_INFO
2009-01-19 Name : The remote host is missing Sun Security Patch number 128641-30
File : solaris10_x86_128641.nasl - Type : ACT_GATHER_INFO
2009-01-19 Name : The remote host is missing Sun Security Patch number 128640-30
File : solaris9_128640.nasl - Type : ACT_GATHER_INFO
2009-01-19 Name : The remote host is missing Sun Security Patch number 128641-30
File : solaris9_x86_128641.nasl - Type : ACT_GATHER_INFO
2007-10-18 Name : The remote host is missing Sun Security Patch number 124672-20
File : solaris8_124672.nasl - Type : ACT_GATHER_INFO
2007-10-17 Name : The remote host is missing Sun Security Patch number 124672-20
File : solaris10_124672.nasl - Type : ACT_GATHER_INFO
2007-10-17 Name : The remote host is missing Sun Security Patch number 124673-20
File : solaris10_x86_124673.nasl - Type : ACT_GATHER_INFO
2007-10-17 Name : The remote host is missing Sun Security Patch number 124672-20
File : solaris9_124672.nasl - Type : ACT_GATHER_INFO
2007-10-17 Name : The remote host is missing Sun Security Patch number 124673-20
File : solaris9_x86_124673.nasl - Type : ACT_GATHER_INFO
2007-10-12 Name : The remote host is missing Sun Security Patch number 125136-97
File : solaris10_125136.nasl - Type : ACT_GATHER_INFO
2007-10-12 Name : The remote host is missing Sun Security Patch number 125137-97
File : solaris10_125137.nasl - Type : ACT_GATHER_INFO
2007-10-12 Name : The remote host is missing Sun Security Patch number 125139-97
File : solaris10_x86_125139.nasl - Type : ACT_GATHER_INFO
2007-10-12 Name : The remote host is missing Sun Security Patch number 125136-97
File : solaris8_125136.nasl - Type : ACT_GATHER_INFO
2007-10-12 Name : The remote host is missing Sun Security Patch number 125137-97
File : solaris8_125137.nasl - Type : ACT_GATHER_INFO
2007-10-12 Name : The remote host is missing Sun Security Patch number 125139-97
File : solaris8_x86_125139.nasl - Type : ACT_GATHER_INFO
2007-10-12 Name : The remote host is missing Sun Security Patch number 125136-97
File : solaris9_125136.nasl - Type : ACT_GATHER_INFO
2007-10-12 Name : The remote host is missing Sun Security Patch number 125137-97
File : solaris9_125137.nasl - Type : ACT_GATHER_INFO
2007-10-12 Name : The remote host is missing Sun Security Patch number 125139-97
File : solaris9_x86_125139.nasl - Type : ACT_GATHER_INFO
2006-11-06 Name : The remote host is missing Sun Security Patch number 119166-43
File : solaris10_119166.nasl - Type : ACT_GATHER_INFO
2006-11-06 Name : The remote host is missing Sun Security Patch number 119167-43
File : solaris10_x86_119167.nasl - Type : ACT_GATHER_INFO
2006-11-06 Name : The remote host is missing Sun Security Patch number 119166-43
File : solaris8_119166.nasl - Type : ACT_GATHER_INFO
2006-11-06 Name : The remote host is missing Sun Security Patch number 119166-43
File : solaris9_119166.nasl - Type : ACT_GATHER_INFO
2006-11-06 Name : The remote host is missing Sun Security Patch number 119167-43
File : solaris9_x86_119167.nasl - Type : ACT_GATHER_INFO
2005-09-06 Name : The remote host is missing Sun Security Patch number 118669-86
File : solaris10_x86_118669.nasl - Type : ACT_GATHER_INFO
2005-09-06 Name : The remote host is missing Sun Security Patch number 118669-86
File : solaris8_x86_118669.nasl - Type : ACT_GATHER_INFO
2005-09-06 Name : The remote host is missing Sun Security Patch number 118669-86
File : solaris9_x86_118669.nasl - Type : ACT_GATHER_INFO
2005-08-18 Name : The remote host is missing Sun Security Patch number 118667-86
File : solaris10_118667.nasl - Type : ACT_GATHER_INFO
2005-08-18 Name : The remote host is missing Sun Security Patch number 118667-86
File : solaris8_118667.nasl - Type : ACT_GATHER_INFO
2005-08-18 Name : The remote host is missing Sun Security Patch number 118667-86
File : solaris9_118667.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
Date Informations
2016-03-09 13:25:54
  • Multiple Updates
2014-02-17 12:07:14
  • Multiple Updates
2013-05-11 00:56:38
  • Multiple Updates