Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title ESX Service Console and vMA third party updates
Informations
Name VMSA-2010-0004 First vendor Publication 2010-03-03
Vendor VMware Last vendor Modification 2010-03-03
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 9.3 Attack Range Network
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

a. vMA and Service Console update for newt to 0.52.2-12.el5_4.1

Newt is a programming library for color text mode, widget based user interfaces. Newt can be used to add stacked windows, entry widgets, checkboxes, radio buttons, labels, plain text fields, scrollbars, etc., to text mode user interfaces.

A heap-based buffer overflow flaw was found in the way newt processes content that is to be displayed in a text dialog box. A local attacker could issue a specially-crafted text dialog box display request (direct or via a custom application), leading to a denial of service (application crash) or, potentially, arbitrary code execution with the privileges of the user running the application using the newt library.

The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-2905 to this issue.

b. vMA and Service Console update for vMA package nfs-utils to 1.0.9-42.el5

The nfs-utils package provides a daemon for the kernel NFS server and related tools.

It was discovered that nfs-utils did not use tcp_wrappers correctly. Certain hosts access rules defined in "/etc/hosts.allow" and "/etc/hosts.deny" may not have been honored, possibly allowing remote attackers to bypass intended access restrictions.

The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2008-4552 to this issue.

c. vMA and Service Console package glib2 updated to 2.12.3-4.el5_3.1

GLib is the low-level core library that forms the basis for projects such as GTK+ and GNOME. It provides data structure handling for C, portability wrappers, and interfaces for such runtime functionality as an event loop, threads, dynamic loading, and an object system.

Multiple integer overflows in glib/gbase64.c in GLib before 2.20 allow context-dependent attackers to execute arbitrary code via a long string that is converted either from or to a base64 representation.

The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2008-4316 to this issue.

d. vMA and Service Console update for openssl to 0.9.8e-12.el5

SSL is a toolkit implementing SSL v2/v3 and TLS protocols with full- strength cryptography world-wide.

Multiple denial of service flaws were discovered in OpenSSL's DTLS implementation. A remote attacker could use these flaws to cause a DTLS server to use excessive amounts of memory, or crash on an invalid memory access or NULL pointer dereference.

The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the names CVE-2009-1377, CVE-2009-1378, CVE-2009-1379, CVE-2009-1386, CVE-2009-1387 to these issues.

An input validation flaw was found in the handling of the BMPString and UniversalString ASN1 string types in OpenSSL's ASN1_STRING_print_ex() function. An attacker could use this flaw to create a specially-crafted X.509 certificate that could cause applications using the affected function to crash when printing certificate contents.

The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-0590 to this issue.

e. vMA and Service Console package bind updated to 9.3.6-4.P1.el5_4.1

It was discovered that BIND was incorrectly caching responses without performing proper DNSSEC validation, when those responses were received during the resolution of a recursive client query that requested DNSSEC records but indicated that checking should be disabled. A remote attacker could use this flaw to bypass the DNSSEC validation check and perform a cache poisoning attack if the target BIND server was receiving such client queries.

The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-4022 to this issue.

f. vMA and Service Console package expat updated to 1.95.8-8.3.el5_4.2.

Two buffer over-read flaws were found in the way Expat handled malformed UTF-8 sequences when processing XML files. A specially- crafted XML file could cause applications using Expat to fail while parsing the file.

The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the names CVE-2009-3560 and CVE-2009-3720 to these issues.

g. vMA and Service Console package openssh update to 4.3p2-36.el5_4.2

A Red Hat specific patch used in the openssh packages as shipped in Red Hat Enterprise Linux 5.4 (RHSA-2009:1287) loosened certain ownership requirements for directories used as arguments for the ChrootDirectory configuration options. A malicious user that also has or previously had non-chroot shell access to a system could possibly use this flaw to escalate their privileges and run commands as any system user.

The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-2904 to this issue.

h. vMA and Service Console package ntp updated to ntp-4.2.2p1-9.el5_4.1.i386.rpm

A flaw was discovered in the way ntpd handled certain malformed NTP packets. ntpd logged information about all such packets and replied with an NTP packet that was treated as malformed when received by another ntpd. A remote attacker could use this flaw to create an NTP packet reply loop between two ntpd servers through a malformed packet with a spoofed source IP address and port, causing ntpd on those servers to use excessive amounts of CPU time and fill disk space with log messages.

The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-3563 to this issue.

i. vMA update for package kernel to 2.6.18-164.9.1.el5

Updated vMA package kernel addresses the security issues listed below.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2009-2849 to the security issue fixed in kernel 2.6.18-128.2.1

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-2695, CVE-2009-2908, CVE-2009-3228, CVE-2009-3286, CVE-2009-3547, CVE-2009-3613 to the security issues fixed in kernel 2.6.18-128.6.1

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-3612, CVE-2009-3620, CVE-2009-3621, CVE-2009-3726 to the security issues fixed in kernel 2.6.18-128.9.1

j. vMA 4.0 updates for the packages kpartx, libvolume-id, device-mapper-multipath, fipscheck, dbus, dbus-libs, and ed

kpartx updated to 0.4.7-23.el5_3.4, libvolume-id updated to 095-14.20.el5 device-mapper-multipath package updated to 0.4.7-23.el5_3.4, fipscheck updated to 1.0.3-1.el5, dbus updated to 1.1.2-12.el5, dbus-libs updated to 1.1.2-12.el5, and ed package updated to 0.2-39.el5_2.

The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the names CVE-2008-3916, CVE-2009-1189 and CVE-2009-0115 to these issues.

Original Source

Url : http://www.vmware.com/security/advisories/VMSA-2010-0004.html

CAPEC : Common Attack Pattern Enumeration & Classification

Id Name
CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs
CAPEC-17 Accessing, Modifying or Executing Executable Files
CAPEC-60 Reusing Session IDs (aka Session Replay)
CAPEC-61 Session Fixation
CAPEC-62 Cross Site Request Forgery (aka Session Riding)
CAPEC-122 Exploitation of Authorization
CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels
CAPEC-232 Exploitation of Privilege/Trust
CAPEC-234 Hijacking a privileged process

CWE : Common Weakness Enumeration

% Id Name
25 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
17 % CWE-476 NULL Pointer Dereference
12 % CWE-399 Resource Management Errors
8 % CWE-264 Permissions, Privileges, and Access Controls
4 % CWE-732 Incorrect Permission Assignment for Critical Resource (CWE/SANS Top 25)
4 % CWE-672 Operation on a Resource after Expiration or Release
4 % CWE-401 Failure to Release Memory Before Removing Last Reference ('Memory Leak')
4 % CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
4 % CWE-362 Race Condition
4 % CWE-200 Information Exposure
4 % CWE-189 Numeric Errors (CWE/SANS Top 25)
4 % CWE-20 Improper Input Validation
4 % CWE-16 Configuration

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10198
 
Oval ID: oval:org.mitre.oval:def:10198
Title: The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1) BMPString or (2) UniversalString with an invalid encoded length.
Description: The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1) BMPString or (2) UniversalString with an invalid encoded length.
Family: unix Class: vulnerability
Reference(s): CVE-2009-0590
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10209
 
Oval ID: oval:org.mitre.oval:def:10209
Title: The swiotlb functionality in the r8169 driver in drivers/net/r8169.c in the Linux kernel before 2.6.27.22 allows remote attackers to cause a denial of service (IOMMU space exhaustion and system crash) by using jumbo frames for a large amount of network traffic, as demonstrated by a flood ping.
Description: The swiotlb functionality in the r8169 driver in drivers/net/r8169.c in the Linux kernel before 2.6.27.22 allows remote attackers to cause a denial of service (IOMMU space exhaustion and system crash) by using jumbo frames for a large amount of network traffic, as demonstrated by a flood ping.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3613
Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10216
 
Oval ID: oval:org.mitre.oval:def:10216
Title: The d_delete function in fs/ecryptfs/inode.c in eCryptfs in the Linux kernel 2.6.31 allows local users to cause a denial of service (kernel OOPS) and possibly execute arbitrary code via unspecified vectors that cause a "negative dentry" and trigger a NULL pointer dereference, as demonstrated via a Mutt temporary directory in an eCryptfs mount.
Description: The d_delete function in fs/ecryptfs/inode.c in eCryptfs in the Linux kernel 2.6.31 allows local users to cause a denial of service (kernel OOPS) and possibly execute arbitrary code via unspecified vectors that cause a "negative dentry" and trigger a NULL pointer dereference, as demonstrated via a Mutt temporary directory in an eCryptfs mount.
Family: unix Class: vulnerability
Reference(s): CVE-2009-2908
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10308
 
Oval ID: oval:org.mitre.oval:def:10308
Title: The _dbus_validate_signature_with_reason function (dbus-marshal-validate.c) in D-Bus (aka DBus) before 1.2.14 uses incorrect logic to validate a basic type, which allows remote attackers to spoof a signature via a crafted key. NOTE: this is due to an incorrect fix for CVE-2008-3834.
Description: The _dbus_validate_signature_with_reason function (dbus-marshal-validate.c) in D-Bus (aka DBus) before 1.2.14 uses incorrect logic to validate a basic type, which allows remote attackers to spoof a signature via a crafted key. NOTE: this is due to an incorrect fix for CVE-2008-3834.
Family: unix Class: vulnerability
Reference(s): CVE-2009-1189
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10395
 
Oval ID: oval:org.mitre.oval:def:10395
Title: The tcf_fill_node function in net/sched/cls_api.c in the netlink subsystem in the Linux kernel 2.6.x before 2.6.32-rc5, and 2.4.37.6 and earlier, does not initialize a certain tcm__pad2 structure member, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors. NOTE: this issue exists because of an incomplete fix for CVE-2005-4881.
Description: The tcf_fill_node function in net/sched/cls_api.c in the netlink subsystem in the Linux kernel 2.6.x before 2.6.32-rc5, and 2.4.37.6 and earlier, does not initialize a certain tcm__pad2 structure member, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors. NOTE: this issue exists because of an incomplete fix for CVE-2005-4881.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3612
Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10396
 
Oval ID: oval:org.mitre.oval:def:10396
Title: The md driver (drivers/md/md.c) in the Linux kernel before 2.6.30.2 might allow local users to cause a denial of service (NULL pointer dereference) via vectors related to "suspend_* sysfs attributes" and the (1) suspend_lo_store or (2) suspend_hi_store functions. NOTE: this is only a vulnerability when sysfs is writable by an attacker.
Description: The md driver (drivers/md/md.c) in the Linux kernel before 2.6.30.2 might allow local users to cause a denial of service (NULL pointer dereference) via vectors related to "suspend_* sysfs attributes" and the (1) suspend_lo_store or (2) suspend_hi_store functions. NOTE: this is only a vulnerability when sysfs is writable by an attacker.
Family: unix Class: vulnerability
Reference(s): CVE-2009-2849
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10613
 
Oval ID: oval:org.mitre.oval:def:10613
Title: The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than CVE-2009-2625 and CVE-2009-3720.
Description: The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than CVE-2009-2625 and CVE-2009-3720.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3560
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10678
 
Oval ID: oval:org.mitre.oval:def:10678
Title: Heap-based buffer overflow in the strip_escapes function in signal.c in GNU ed before 1.0 allows context-dependent or user-assisted attackers to execute arbitrary code via a long filename. NOTE: since ed itself does not typically run with special privileges, this issue only crosses privilege boundaries when ed is invoked as a third-party component.
Description: Heap-based buffer overflow in the strip_escapes function in signal.c in GNU ed before 1.0 allows context-dependent or user-assisted attackers to execute arbitrary code via a long filename. NOTE: since ed itself does not typically run with special privileges, this issue only crosses privilege boundaries when ed is invoked as a third-party component.
Family: unix Class: vulnerability
Reference(s): CVE-2008-3916
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10740
 
Oval ID: oval:org.mitre.oval:def:10740
Title: The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL before 1.0.0 Beta 2 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence DTLS handshake message, related to a "fragment bug."
Description: The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL before 1.0.0 Beta 2 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence DTLS handshake message, related to a "fragment bug."
Family: unix Class: vulnerability
Reference(s): CVE-2009-1387
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10821
 
Oval ID: oval:org.mitre.oval:def:10821
Title: Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, and 9.7 beta before 9.7.0b3, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains an Additional section with crafted data, which is not properly handled when the response is processed "at the same time as requesting DNSSEC records (DO)," aka Bug 20438.
Description: Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, and 9.7 beta before 9.7.0b3, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains an Additional section with crafted data, which is not properly handled when the response is processed "at the same time as requesting DNSSEC records (DO)," aka Bug 20438.
Family: unix Class: vulnerability
Reference(s): CVE-2009-4022
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11019
 
Oval ID: oval:org.mitre.oval:def:11019
Title: The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafted UTF-8 sequences that trigger a buffer over-read, a different vulnerability than CVE-2009-2625.
Description: The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafted UTF-8 sequences that trigger a buffer over-read, a different vulnerability than CVE-2009-2625.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3720
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11179
 
Oval ID: oval:org.mitre.oval:def:11179
Title: ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a DTLS ChangeCipherSpec packet that occurs before ClientHello.
Description: ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a DTLS ChangeCipherSpec packet that occurs before ClientHello.
Family: unix Class: vulnerability
Reference(s): CVE-2009-1386
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11225
 
Oval ID: oval:org.mitre.oval:def:11225
Title: ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons.
Description: ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3563
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11309
 
Oval ID: oval:org.mitre.oval:def:11309
Title: Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consumption) via DTLS records that (1) are duplicates or (2) have sequence numbers much greater than current sequence numbers, aka "DTLS fragment handling memory leak."
Description: Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consumption) via DTLS records that (1) are duplicates or (2) have sequence numbers much greater than current sequence numbers, aka "DTLS fragment handling memory leak."
Family: unix Class: vulnerability
Reference(s): CVE-2009-1378
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11401
 
Oval ID: oval:org.mitre.oval:def:11401
Title: Multiple integer overflows in glib/gbase64.c in GLib before 2.20 allow context-dependent attackers to execute arbitrary code via a long string that is converted either (1) from or (2) to a base64 representation.
Description: Multiple integer overflows in glib/gbase64.c in GLib before 2.20 allow context-dependent attackers to execute arbitrary code via a long string that is converted either (1) from or (2) to a base64 representation.
Family: unix Class: vulnerability
Reference(s): CVE-2008-4316
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11513
 
Oval ID: oval:org.mitre.oval:def:11513
Title: Service Console update for COS kernel
Description: Multiple race conditions in fs/pipe.c in the Linux kernel before 2.6.32-rc6 allow local users to cause a denial of service (NULL pointer dereference and system crash) or gain privileges by attempting to open an anonymous pipe via a /proc/*/fd/ pathname.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3547
Version: 3
Platform(s): VMWare ESX Server 3.5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11544
 
Oval ID: oval:org.mitre.oval:def:11544
Title: nfs-utils 1.0.9, and possibly other versions before 1.1.3, invokes the hosts_ctl function with the wrong order of arguments, which causes TCP Wrappers to ignore netgroups and allows remote attackers to bypass intended access restrictions.
Description: The good_client function in nfs-utils 1.0.9, and possibly other versions before 1.1.3, invokes the hosts_ctl function with the wrong order of arguments, which causes TCP Wrappers to ignore netgroups and allows remote attackers to bypass intended access restrictions.
Family: unix Class: vulnerability
Reference(s): CVE-2008-4552
Version: 6
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11745
 
Oval ID: oval:org.mitre.oval:def:11745
Title: Vulnerability with DNSSEC validation enabled in BIND.
Description: Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, and 9.7 beta before 9.7.0b3, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains an Additional section with crafted data, which is not properly handled when the response is processed "at the same time as requesting DNSSEC records (DO)," aka Bug 20438.
Family: unix Class: vulnerability
Reference(s): CVE-2009-4022
Version: 3
Platform(s): IBM AIX 6.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12141
 
Oval ID: oval:org.mitre.oval:def:12141
Title: AIX xntpd denial-of-service vulnerability
Description: ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3563
Version: 3
Platform(s): IBM AIX 5.3
IBM AIX 6.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12719
 
Oval ID: oval:org.mitre.oval:def:12719
Title: HP-UX Apache Web Server, Remote Information Disclosure, Cross-Site Scripting (XSS), Denial of Service (DoS)
Description: The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafted UTF-8 sequences that trigger a buffer over-read, a different vulnerability than CVE-2009-2625.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3720
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12783
 
Oval ID: oval:org.mitre.oval:def:12783
Title: DSA-1992-1 chrony -- several
Description: Several vulnerabilities have been discovered in chrony, a pair of programs which are used to maintain the accuracy of the system clock on a computer. This issues are similar to the NTP security flaw CVE-2009-3563. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-0292 chronyd replies to all cmdmon packets with NOHOSTACCESS messages even for unauthorised hosts. An attacker can abuse this behaviour to force two chronyd instances to play packet ping-pong by sending such a packet with spoofed source address and port. This results in high CPU and network usage and thus denial of service conditions. CVE-2010-0293 The client logging facility of chronyd doesn't limit memory that is used to store client information. An attacker can cause chronyd to allocate large amounts of memory by sending NTP or cmdmon packets with spoofed source addresses resulting in memory exhaustion. CVE-2010-0294 chronyd lacks of a rate limit control to the syslog facility when logging received packets from unauthorised hosts. This allows an attacker to cause denial of service conditions via filling up the logs and thus disk space by repeatedly sending invalid cmdmon packets. For the oldstable distribution, this problem has been fixed in version 1.21z-5+etch1. For the stable distribution, this problem has been fixed in version 1.23-6+lenny1. For the testing and unstable distribution, this problem will be fixed soon. We recommend that you upgrade your chrony packages.
Family: unix Class: patch
Reference(s): DSA-1992-1
CVE-2010-0292
CVE-2010-0293
CVE-2010-0294
CVE-2009-3563
Version: 5
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
Product(s): chrony
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12942
 
Oval ID: oval:org.mitre.oval:def:12942
Title: HP-UX Apache Web Server, Remote Information Disclosure, Cross-Site Scripting (XSS), Denial of Service (DoS)
Description: The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than CVE-2009-2625 and CVE-2009-3720.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3560
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13090
 
Oval ID: oval:org.mitre.oval:def:13090
Title: USN-890-6 -- cmake vulnerabilities
Description: USN-890-1 fixed vulnerabilities in Expat. This update provides the corresponding updates for CMake. Original advisory details: Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat did not properly process malformed XML. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash. It was discovered that Expat did not properly process malformed UTF-8 sequences. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash
Family: unix Class: patch
Reference(s): USN-890-6
CVE-2009-2625
CVE-2009-3720
CVE-2009-3560
Version: 5
Platform(s): Ubuntu 8.10
Ubuntu 8.04
Ubuntu 9.04
Product(s): cmake
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13120
 
Oval ID: oval:org.mitre.oval:def:13120
Title: USN-890-5 -- xmlrpc-c vulnerabilities
Description: USN-890-1 fixed vulnerabilities in Expat. This update provides the corresponding updates for XML-RPC for C and C++. Original advisory details: Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat did not properly process malformed XML. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash. It was discovered that Expat did not properly process malformed UTF-8 sequences. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash
Family: unix Class: patch
Reference(s): USN-890-5
CVE-2009-2625
CVE-2009-3720
CVE-2009-3560
Version: 5
Platform(s): Ubuntu 9.10
Product(s): xmlrpc-c
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13155
 
Oval ID: oval:org.mitre.oval:def:13155
Title: USN-890-1 -- expat vulnerabilities
Description: Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat did not properly process malformed XML. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash. It was discovered that Expat did not properly process malformed UTF-8 sequences. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash
Family: unix Class: patch
Reference(s): USN-890-1
CVE-2009-2625
CVE-2009-3720
CVE-2009-3560
Version: 5
Platform(s): Ubuntu 8.04
Ubuntu 8.10
Ubuntu 9.10
Ubuntu 6.06
Ubuntu 9.04
Product(s): expat
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13228
 
Oval ID: oval:org.mitre.oval:def:13228
Title: USN-890-3 -- python2.4 vulnerabilities
Description: USN-890-1 fixed vulnerabilities in Expat. This update provides the corresponding updates for the PyExpat module in Python 2.4. Original advisory details: Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat did not properly process malformed XML. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash. It was discovered that Expat did not properly process malformed UTF-8 sequences. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash
Family: unix Class: patch
Reference(s): USN-890-3
CVE-2009-2625
CVE-2009-3720
CVE-2009-3560
Version: 5
Platform(s): Ubuntu 8.04
Ubuntu 8.10
Ubuntu 9.10
Ubuntu 6.06
Ubuntu 9.04
Product(s): python2.4
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13268
 
Oval ID: oval:org.mitre.oval:def:13268
Title: DSA-1894-1 newt -- buffer overflow
Description: Miroslav Lichvar discovered that newt, a windowing toolkit, is prone to a buffer overflow in the content processing code, which can lead to the execution of arbitrary code. For the stable distribution, this problem has been fixed in version 0.52.2-11.3+lenny1. For the oldstable distribution, this problem has been fixed in version 0.52.2-10+etch1. For the testing distribution and the unstable distribution, this problem will be fixed soon. We recommend that you upgrade your newt packages.
Family: unix Class: patch
Reference(s): DSA-1894-1
CVE-2009-2905
Version: 5
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
Product(s): newt
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13277
 
Oval ID: oval:org.mitre.oval:def:13277
Title: USN-865-1 -- bind9 vulnerability
Description: Michael Sinatra discovered that Bind did not correctly validate certain records added to its cache. When DNSSEC validation is in use, a remote attacker could exploit this to spoof DNS entries and poison DNS caches. Among other things, this could lead to misdirected email and web traffic.
Family: unix Class: patch
Reference(s): USN-865-1
CVE-2009-4022
Version: 5
Platform(s): Ubuntu 8.04
Ubuntu 8.10
Ubuntu 9.10
Ubuntu 6.06
Ubuntu 9.04
Product(s): bind9
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13312
 
Oval ID: oval:org.mitre.oval:def:13312
Title: USN-890-4 -- python-xml vulnerabilities
Description: USN-890-1 fixed vulnerabilities in Expat. This update provides the corresponding updates for PyXML. Original advisory details: Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat did not properly process malformed XML. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash. It was discovered that Expat did not properly process malformed UTF-8 sequences. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash
Family: unix Class: patch
Reference(s): USN-890-4
CVE-2009-2625
CVE-2009-3720
CVE-2009-3560
Version: 5
Platform(s): Ubuntu 6.06
Product(s): python-xml
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13351
 
Oval ID: oval:org.mitre.oval:def:13351
Title: DSA-1928-1 linux-2.6.24 -- privilege escalation/denial of service/sensitive memory leak
Description: Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, sensitive memory leak or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-2846 Michael Buesch noticed a typing issue in the eisa-eeprom driver for the hppa architecture. Local users could exploit this issue to gain access to restricted memory. CVE-2009-2847 Ulrich Drepper noticed an issue in the do_sigalstack routine on 64-bit systems. This issue allows local users to gain access to potentially sensitive memory on the kernel stack. CVE-2009-2848 Eric Dumazet discovered an issue in the execve path, where the clear_child_tid variable was not being properly cleared. Local users could exploit this issue to cause a denial of service. CVE-2009-2849 Neil Brown discovered an issue in the sysfs interface to md devices. When md arrays are not active, local users can exploit this vulnerability to cause a denial of service. CVE-2009-2903 Mark Smith discovered a memory leak in the appletalk implementation. When the appletalk and ipddp modules are loaded, but no ipddp"N" device is found, remote attackers can cause a denial of service by consuming large amounts of system memory. CVE-2009-2908 Loic Minier discovered an issue in the eCryptfs filesystem. A local user can cause a denial of service by causing a dentry value to go negative. CVE-2009-2909 Arjan van de Ven discovered an issue in the AX.25 protocol implementation. A specially crafted call to setsockopt can result in a denial of service. CVE-2009-2910 Jan Beulich discovered the existence of a sensitive kernel memory leak. Systems running the "amd64" kernel do not properly sanitise registers for 32-bit processes. CVE-2009-3001 Jiri Slaby fixed a sensitive memory leak issue in the ANSI/IEEE 802.2 LLC implementation. This is not exploitable in the Debian lenny kernel as root privileges are required to exploit this issue. CVE-2009-3002 Eric Dumazet fixed several sensitive memory leaks in the IrDA, X.25 PLP, NET/ROM, Acorn Econet/AUN, and Controller Area Network implementations. Local users can exploit these issues to gain access to kernel memory. CVE-2009-3228 Eric Dumazet reported an instance of uninitialised kernel memory in the network packet scheduler. Local users may be able to exploit this issue to read the contents of sensitive kernel memory. CVE-2009-3238 Linus Torvalds provided a change to the get_random_int function to increase its randomness. CVE-2009-3286 Eric Paris discovered an issue with the NFSv4 server implementation. When an O_EXCL create fails, files may be left with corrupted permissions, possibly granting unintentional privileges to other local users. CVE-2009-3547 Earl Chew discovered a NULL pointer dereference issue in the pipe_rdwr_open function which can be used by local users to gain elevated privileges. CVE-2009-3612 Jiri Pirko discovered a typo in the initialisation of a structure in the netlink subsystem that may allow local users to gain access to sensitive kernel memory. CVE-2009-3613 Alistair Strachan reported an issue in the r8169 driver. Remote users can cause a denial of service by transmitting a large amount of jumbo frames. CVE-2009-3620 Ben Hutchings discovered an issue in the DRM manager for ATI Rage 128 graphics adapters. Local users may be able to exploit this vulnerability to cause a denial of service. CVE-2009-3621 Tomoki Sekiyama discovered a deadlock condition in the UNIX domain socket implementation. Local users can exploit this vulnerability to cause a denial of service. For the oldstable distribution, this problem has been fixed in version 2.6.24-6~etchnhalf.9etch1. We recommend that you upgrade your linux-2.6.24 packages. Note: Debian "etch" includes linux kernel packages based upon both the 2.6.18 and 2.6.24 linux releases. All known security issues are carefully tracked against both packages and both packages will receive security updates until security support for Debian "etch" concludes. However, given the high frequency at which low-severity security issues are discovered in the kernel and the resource requirements of doing an update, lower severity 2.6.18 and 2.6.24 updates will typically release in a staggered or "leap-frog" fashion.
Family: unix Class: patch
Reference(s): DSA-1928-1
CVE-2009-2846
CVE-2009-2847
CVE-2009-2848
CVE-2009-2849
CVE-2009-2903
CVE-2009-2908
CVE-2009-2909
CVE-2009-2910
CVE-2009-3001
CVE-2009-3002
CVE-2009-3228
CVE-2009-3238
CVE-2009-3286
CVE-2009-3547
CVE-2009-3612
CVE-2009-3613
CVE-2009-3620
CVE-2009-3621
Version: 5
Platform(s): Debian GNU/Linux 4.0
Product(s): linux-2.6.24
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13375
 
Oval ID: oval:org.mitre.oval:def:13375
Title: USN-837-1 -- newt vulnerability
Description: Miroslav Lichvar discovered that Newt incorrectly handled rendering in a text box. An attacker could exploit this and cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program.
Family: unix Class: patch
Reference(s): USN-837-1
CVE-2009-2905
Version: 5
Platform(s): Ubuntu 8.04
Ubuntu 9.04
Ubuntu 6.06
Ubuntu 8.10
Product(s): newt
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13420
 
Oval ID: oval:org.mitre.oval:def:13420
Title: DSA-1953-2 expat -- denial of service
Description: The expat updates released in DSA-1953-1 caused a regression: In some cases, expat would abort with the message "error in processing external entity reference". For the old stable distribution, this problem has been fixed in version 1.95.8-3.4+etch3. For the stable distribution, this problem has been fixed in version 2.0.1-4+lenny3. For the testing distribution and the unstable distribution , this problem will be fixed soon. We recommend that you upgrade your expat packages. For reference, the original advisory text is provided below. Jan Lieskovsky discovered an error in expat, an XML parsing C library, when parsing certain UTF-8 sequences, which can be exploited to crash an application using the library.
Family: unix Class: patch
Reference(s): DSA-1953-2
CVE-2009-3560
Version: 5
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
Product(s): expat
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13427
 
Oval ID: oval:org.mitre.oval:def:13427
Title: DSA-1767-1 multipath-tools -- insecure file permissions
Description: It was discovered that multipathd of multipath-tools, a tool-chain to manage disk multipath device maps, uses insecure permissions on its unix domain control socket which enables local attackers to issue commands to multipathd prevent access to storage devices or corrupt file system data. For the oldstable distribution, this problem has been fixed in version 0.4.7-1.1etch2. For the stable distribution, this problem has been fixed in version 0.4.8-14+lenny1. For the testing distribution, this problem will be fixed soon. For the unstable distribution, this problem has been fixed in version 0.4.8-15. We recommend that you upgrade your multipath-tools packages.
Family: unix Class: patch
Reference(s): DSA-1767-1
CVE-2009-0115
Version: 5
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
Product(s): multipath-tools
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13451
 
Oval ID: oval:org.mitre.oval:def:13451
Title: DSA-1837-1 dbus -- programming error
Description: It was discovered that the dbus_signature_validate function in dbus, a simple interprocess messaging system, is prone to a denial of service attack. This issue was caused by an incorrect fix for DSA-1658-1. For the stable distribution, this problem has been fixed in version 1.2.1-5+lenny1. For the oldstable distribution, this problem has been fixed in version 1.0.2-1+etch3. Packages for ia64 and s390 will be released once they are available. For the testing distribution and the unstable distribution , this problem has been fixed in version 1.2.14-1. We recommend that you upgrade your dbus packages.
Family: unix Class: patch
Reference(s): DSA-1837-1
CVE-2009-1189
Version: 5
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
Product(s): dbus
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13488
 
Oval ID: oval:org.mitre.oval:def:13488
Title: USN-867-1 -- ntp vulnerability
Description: Robin Park and Dmitri Vinokurov discovered a logic error in ntpd. A remote attacker could send a crafted NTP mode 7 packet with a spoofed IP address of an affected server and cause a denial of service via CPU and disk resource consumption.
Family: unix Class: patch
Reference(s): USN-867-1
CVE-2009-3563
Version: 5
Platform(s): Ubuntu 8.04
Ubuntu 8.10
Ubuntu 9.10
Ubuntu 6.06
Ubuntu 9.04
Product(s): ntp
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13505
 
Oval ID: oval:org.mitre.oval:def:13505
Title: DSA-1872-1 linux-2.6 -- denial of service/privilege escalation/information leak
Description: CVE-2009-2698 Herbert Xu discovered an issue in the way UDP tracks corking status that could allow local users to cause a denial of service. Tavis Ormandy and Julien Tinnes discovered that this issue could also be used by local users to gain elevated privileges. CVE-2009-2846 Michael Buesch noticed a typing issue in the eisa-eeprom driver for the hppa architecture. Local users could exploit this issue to gain access to restricted memory. CVE-2009-2847 Ulrich Drepper noticed an issue in the do_sigalstack routine on 64-bit systems. This issue allows local users to gain access to potentially sensitive memory on the kernel stack. CVE-2009-2848 Eric Dumazet discovered an issue in the execve path, where the clear_child_tid variable was not being properly cleared. Local users could exploit this issue to cause a denial of service. CVE-2009-2849 Neil Brown discovered an issue in the sysfs interface to md devices. When md arrays are not active, local users can exploit this vulnerability to cause a denial of service. For the oldstable distribution, this problem has been fixed in version 2.6.18.dfsg.1-24etch4. We recommend that you upgrade your linux-2.6, fai-kernels, and user-mode-linux packages. Note: Debian carefully tracks all known security issues across every linux kernel package in all releases under active security support. However, given the high frequency at which low-severity security issues are discovered in the kernel and the resource requirements of doing an update, updates for lower priority issues will normally not be released for all kernels at the same time. Rather, they will be released in a staggered or "leap-frog" fashion. The following matrix lists additional source packages that were rebuilt for compatability with or to take advantage of this update: Debian 4.0 fai-kernels 1.17+etch.24etch4 user-mode-linux 2.6.18-1um-2etch.24etch4
Family: unix Class: patch
Reference(s): DSA-1872-1
CVE-2009-2698
CVE-2009-2846
CVE-2009-2847
CVE-2009-2848
CVE-2009-2849
Version: 7
Platform(s): Debian GNU/Linux 4.0
Product(s): linux-2.6
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13588
 
Oval ID: oval:org.mitre.oval:def:13588
Title: DSA-1915-1 linux-2.6 -- privilege escalation/denial of service/sensitive memory leak
Description: Notice: Debian 5.0.4, the next point release of Debian "lenny", will include a new default value for the mmap_min_addr tunable. This change will add an additional safeguard against a class of security vulnerabilities known as "NULL pointer dereference" vulnerabilities, but it will need to be overridden when using certain applications. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-2695 Eric Paris provided several fixes to increase the protection provided by the mmap_min_addr tunable against NULL pointer dereference vulnerabilities. CVE-2009-2903 Mark Smith discovered a memory leak in the appletalk implementation. When the appletalk and ipddp modules are loaded, but no ipddp"N" device is found, remote attackers can cause a denial of service by consuming large amounts of system memory. CVE-2009-2908 Loic Minier discovered an issue in the eCryptfs filesystem. A local user can cause a denial of service by causing a dentry value to go negative. CVE-2009-2909 Arjan van de Ven discovered an issue in the AX.25 protocol implementation. A specially crafted call to setsockopt can result in a denial of service. CVE-2009-2910 Jan Beulich discovered the existence of a sensitive kernel memory leak. Systems running the "amd64" kernel do not properly sanitise registers for 32-bit processes. CVE-2009-3001 Jiri Slaby fixed a sensitive memory leak issue in the ANSI/IEEE 802.2 LLC implementation. This is not exploitable in the Debian lenny kernel as root privileges are required to exploit this issue. CVE-2009-3002 Eric Dumazet fixed several sensitive memory leaks in the IrDA, X.25 PLP, NET/ROM, Acorn Econet/AUN, and Controller Area Network implementations. Local users can exploit these issues to gain access to kernel memory. CVE-2009-3286 Eric Paris discovered an issue with the NFSv4 server implementation. When an O_EXCL create fails, files may be left with corrupted permissions, possibly granting unintentional privileges to other local users. CVE-2009-3290 Jan Kiszka noticed that the kvm_emulate_hypercall function in KVM does not prevent access to MMU hypercalls from ring 0, which allows local guest OS users to cause a denial of service and read or write guest kernel memory. CVE-2009-3613 Alistair Strachan reported an issue in the r8169 driver. Remote users can cause a denial of service by transmitting a large amount of jumbo frames. For the stable distribution, this problem has been fixed in version 2.6.26-19lenny1. For the oldstable distribution, these problems, where applicable, will be fixed in updates to linux-2.6 and linux-2.6.24. We recommend that you upgrade your linux-2.6 and user-mode-linux packages. Note: Debian carefully tracks all known security issues across every linux kernel package in all releases under active security support. However, given the high frequency at which low-severity security issues are discovered in the kernel and the resource requirements of doing an update, updates for lower priority issues will normally not be released for all kernels at the same time. Rather, they will be released in a staggered or "leap-frog" fashion. The following matrix lists additional source packages that were rebuilt for compatibility with or to take advantage of this update: Debian 5.0 user-mode-linux 2.6.26-1um-2+19lenny1
Family: unix Class: patch
Reference(s): DSA-1915-1
CVE-2009-2695
CVE-2009-2903
CVE-2009-2908
CVE-2009-2909
CVE-2009-2910
CVE-2009-3001
CVE-2009-3002
CVE-2009-3286
CVE-2009-3290
CVE-2009-3613
Version: 5
Platform(s): Debian GNU/Linux 5.0
Product(s): linux-2.6
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13596
 
Oval ID: oval:org.mitre.oval:def:13596
Title: USN-890-2 -- python2.5 vulnerabilities
Description: USN-890-1 fixed vulnerabilities in Expat. This update provides the corresponding updates for the PyExpat module in Python 2.5. Original advisory details: Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat did not properly process malformed XML. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash. It was discovered that Expat did not properly process malformed UTF-8 sequences. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash
Family: unix Class: patch
Reference(s): USN-890-2
CVE-2009-2625
CVE-2009-3720
CVE-2009-3560
Version: 5
Platform(s): Ubuntu 8.04
Ubuntu 8.10
Ubuntu 9.10
Ubuntu 9.04
Product(s): python2.5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13648
 
Oval ID: oval:org.mitre.oval:def:13648
Title: DSA-1747-1 glib2.0 -- integer overflow
Description: Diego Petten discovered that glib2.0, the GLib library of C routines, handles large strings insecurely via its Base64 encoding functions. This could possible lead to the execution of arbitrary code. For the stable distribution, this problem has been fixed in version 2.16.6-1+lenny1. For the oldstable distribution, this problem has been fixed in version 2.12.4-2+etch1. For the testing distribution, this problem will be fixed soon. For the unstable distribution, this problem has been fixed in version 2.20.0-1. We recommend that you upgrade your glib2.0 packages.
Family: unix Class: patch
Reference(s): DSA-1747-1
CVE-2008-4316
Version: 5
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
Product(s): glib2.0
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13655
 
Oval ID: oval:org.mitre.oval:def:13655
Title: DSA-1953-1 expat -- denial of service
Description: Jan Lieskovsky discovered an error in expat, an XML parsing C library, when parsing certain UTF-8 sequences, which can be exploited to crash an application using the library. For the old stable distribution, this problem has been fixed in version 1.95.8-3.4+etch2. For the stable distribution, this problem has been fixed in version 2.0.1-4+lenny2. For the testing distribution and the unstable distribution , this problem will be in version 2.0.1-6. The builds for the mipsel architecture for the old stable distribution are not included yet. They will be released when they become available. We recommend that you upgrade your expat packages.
Family: unix Class: patch
Reference(s): DSA-1953-1
CVE-2009-3560
Version: 5
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
Product(s): expat
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13721
 
Oval ID: oval:org.mitre.oval:def:13721
Title: DSA-1888-1 openssl, openssl097 -- cryptographic weakness
Description: Certificates with MD2 hash signatures are no longer accepted by OpenSSL, since they’re no longer considered cryptographically secure. For the stable distribution, this problem has been fixed in version 0.9.8g-15+lenny5. For the old stable distribution, this problem has been fixed in version 0.9.8c-4etch9 for openssl and version 0.9.7k-3.1etch5 for openssl097. The OpenSSL 0.9.8 update for oldstable also provides updated packages for multiple denial of service vulnerabilities in the Datagram Transport Layer Security implementation. These fixes were already provided for Debian stable in a previous point update. The OpenSSL 0.9.7 package from oldstable is not affected. For the unstable distribution, this problem has been fixed in version 0.9.8k-5. We recommend that you upgrade your openssl packages.
Family: unix Class: patch
Reference(s): DSA-1888-1
CVE-2009-2409
CVE-2009-1377
CVE-2009-1378
CVE-2009-1379
CVE-2009-1386
CVE-2009-1387
Version: 5
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
Product(s): openssl
openssl097
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13728
 
Oval ID: oval:org.mitre.oval:def:13728
Title: DSA-1961-1 bind9 -- DNS cache poisoning
Description: Michael Sinatra discovered that the DNS resolver component in BIND does not properly check DNS records contained in additional sections of DNS responses, leading to a cache poisoning vulnerability. This vulnerability is only present in resolvers which have been configured with DNSSEC trust anchors, which is still rare. Note that this update contains an internal ABI change, which means that all BIND-related packages must be updated at the same time. In the unlikely event that you have compiled your own software against libdns, you must recompile this program, too. For the old stable distribution, this problem has been fixed in version 1:9.3.4-2etch6. For the stable distribution, this problem has been fixed in version 1:9.5.1.dfsg.P3-1+lenny1. For the unstable distribution and the testing distribution, this problem has been fixed in version 9.6.1.dfsg.P2-1. We recommend that you upgrade your bind9 packages.
Family: unix Class: patch
Reference(s): DSA-1961-1
CVE-2009-4022
Version: 7
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
Product(s): bind9
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13735
 
Oval ID: oval:org.mitre.oval:def:13735
Title: DSA-1929-1 linux-2.6 -- privilege escalation/denial of service/sensitive memory leak
Description: Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, sensitive memory leak or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-1883 Solar Designer discovered a missing capability check in the z90crypt driver or s390 systems. This vulnerability may allow a local user to gain elevated privileges. CVE-2009-2909 Arjan van de Ven discovered an issue in the AX.25 protocol implementation. A specially crafted call to setsockopt can result in a denial of service. CVE-2009-3001 Jiri Slaby fixed a sensitive memory leak issue in the ANSI/IEEE 802.2 LLC implementation. This is not exploitable in the Debian lenny kernel as root privileges are required to exploit this issue. CVE-2009-3002 Eric Dumazet fixed several sensitive memory leaks in the IrDA, X.25 PLP, NET/ROM, Acorn Econet/AUN, and Controller Area Network implementations. Local users can exploit these issues to gain access to kernel memory. CVE-2009-3228 Eric Dumazet reported an instance of uninitialised kernel memory in the network packet scheduler. Local users may be able to exploit this issue to read the contents of sensitive kernel memory. CVE-2009-3238 Linus Torvalds provided a change to the get_random_int function to increase its randomness. CVE-2009-3286 Eric Paris discovered an issue with the NFSv4 server implementation. When an O_EXCL create fails, files may be left with corrupted permissions, possibly granting unintentional privileges to other local users. CVE-2009-3547 Earl Chew discovered a NULL pointer dereference issue in the pipe_rdwr_open function which can be used by local users to gain elevated privileges. CVE-2009-3612 Jiri Pirko discovered a typo in the initialisation of a structure in the netlink subsystem that may allow local users to gain access to sensitive kernel memory. CVE-2009-3621 Tomoki Sekiyama discovered a deadlock condition in the UNIX domain socket implementation. Local users can exploit this vulnerability to cause a denial of service. For the oldstable distribution, this problem has been fixed in version 2.6.18.dfsg.1-26etch1. We recommend that you upgrade your linux-2.6, fai-kernels, and user-mode-linux packages. Note: Debian "etch" includes linux kernel packages based upon both the 2.6.18 and 2.6.24 linux releases. All known security issues are carefully tracked against both packages and both packages will receive security updates until security support for Debian "etch" concludes. However, given the high frequency at which low-severity security issues are discovered in the kernel and the resource requirements of doing an update, lower severity 2.6.18 and 2.6.24 updates will typically release in a staggered or "leap-frog" fashion. The following matrix lists additional source packages that were rebuilt for compatibility with or to take advantage of this update: Debian 4.0 fai-kernels 1.17+etch.26etch1 user-mode-linux 2.6.18-1um-2etch.26etch1
Family: unix Class: patch
Reference(s): DSA-1929-1
CVE-2009-1883
CVE-2009-2909
CVE-2009-3001
CVE-2009-3002
CVE-2009-3228
CVE-2009-3238
CVE-2009-3286
CVE-2009-3547
CVE-2009-3612
CVE-2009-3621
Version: 5
Platform(s): Debian GNU/Linux 4.0
Product(s): linux-2.6
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13751
 
Oval ID: oval:org.mitre.oval:def:13751
Title: DSA-1763-1 openssl -- programming error
Description: It was discovered that insufficient length validations in the ASN.1 handling of the OpenSSL crypto library may lead to denial of service when processing a manipulated certificate. For the old stable distribution, this problem has been fixed in version 0.9.8c-4etch5 of the openssl package and in version 0.9.7k-3.1etch3 of the openssl097 package. For the stable distribution, this problem has been fixed in version 0.9.8g-15+lenny1. For the unstable distribution, this problem has been fixed in version 0.9.8g-16. We recommend that you upgrade your openssl packages.
Family: unix Class: patch
Reference(s): DSA-1763-1
CVE-2009-0590
Version: 5
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
Product(s): openssl
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13799
 
Oval ID: oval:org.mitre.oval:def:13799
Title: USN-750-1 -- openssl vulnerability
Description: It was discovered that OpenSSL did not properly validate the length of an encoded BMPString or UniversalString when printing ASN.1 strings. If a user or automated system were tricked into processing a crafted certificate, an attacker could cause a denial of service via application crash in applications linked against OpenSSL.
Family: unix Class: patch
Reference(s): USN-750-1
CVE-2009-0590
Version: 5
Platform(s): Ubuntu 7.10
Ubuntu 8.04
Ubuntu 6.06
Ubuntu 8.10
Product(s): openssl
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13879
 
Oval ID: oval:org.mitre.oval:def:13879
Title: USN-738-1 -- glib2.0 vulnerability
Description: Diego Petten discovered that the Base64 encoding functions in GLib did not properly handle large strings. If a user or automated system were tricked into processing a crafted Base64 string, an attacker could possibly execute arbitrary code with the privileges of the user invoking the program.
Family: unix Class: patch
Reference(s): USN-738-1
CVE-2008-4316
Version: 5
Platform(s): Ubuntu 7.10
Ubuntu 8.10
Ubuntu 8.04
Product(s): glib2.0
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13891
 
Oval ID: oval:org.mitre.oval:def:13891
Title: USN-792-1 -- openssl vulnerabilities
Description: It was discovered that OpenSSL did not limit the number of DTLS records it would buffer when they arrived with a future epoch. A remote attacker could cause a denial of service via memory resource consumption by sending a large number of crafted requests. It was discovered that OpenSSL did not properly free memory when processing DTLS fragments. A remote attacker could cause a denial of service via memory resource consumption by sending a large number of crafted requests. It was discovered that OpenSSL did not properly handle certain server certificates when processing DTLS packets. A remote DTLS server could cause a denial of service by sending a message containing a specially crafted server certificate. It was discovered that OpenSSL did not properly handle a DTLS ChangeCipherSpec packet when it occured before ClientHello. A remote attacker could cause a denial of service by sending a specially crafted request. It was discovered that OpenSSL did not properly handle out of sequence DTLS handshake messages. A remote attacker could cause a denial of service by sending a specially crafted request
Family: unix Class: patch
Reference(s): USN-792-1
CVE-2009-1377
CVE-2009-1378
CVE-2009-1379
CVE-2009-1386
CVE-2009-1387
Version: 5
Platform(s): Ubuntu 8.04
Ubuntu 9.04
Ubuntu 6.06
Ubuntu 8.10
Product(s): openssl
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13931
 
Oval ID: oval:org.mitre.oval:def:13931
Title: USN-799-1 -- dbus vulnerability
Description: It was discovered that the D-Bus library did not correctly validate signatures. If a local user sent a specially crafted D-Bus key, they could spoof a valid signature and bypass security policies.
Family: unix Class: patch
Reference(s): USN-799-1
CVE-2009-1189
Version: 5
Platform(s): Ubuntu 8.04
Ubuntu 9.04
Ubuntu 6.06
Ubuntu 8.10
Product(s): dbus
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17196
 
Oval ID: oval:org.mitre.oval:def:17196
Title: USN-687-1 -- nfs-utils vulnerability
Description: It was discovered that nfs-utils did not properly enforce netgroup restrictions when using TCP Wrappers.
Family: unix Class: patch
Reference(s): USN-687-1
CVE-2008-4552
Version: 5
Platform(s): Ubuntu 6.06
Ubuntu 7.10
Ubuntu 8.04
Ubuntu 8.10
Product(s): nfs-utils
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17673
 
Oval ID: oval:org.mitre.oval:def:17673
Title: DSA-1948-1 ntp - denial of service
Description: Robin Park and Dmitri Vinokurov discovered that the daemon component of the ntp package, a reference implementation of the NTP protocol, is not properly reacting to certain incoming packets.
Family: unix Class: patch
Reference(s): DSA-1948-1
CVE-2009-3563
Version: 5
Platform(s): Debian GNU/Linux 4.0
Debian GNU/Linux 5.0
Product(s): ntp
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18064
 
Oval ID: oval:org.mitre.oval:def:18064
Title: DSA-1977-1 python - several vulnerabilities
Description: Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that the embedded Expat copy in the interpreter for the Python language, does not properly process malformed or crafted XML files. (<a href="http://security-tracker.debian.org/tracker/CVE-2009-3560">CVE-2009-3560</a> <a href="http://security-tracker.debian.org/tracker/CVE-2009-3720">CVE-2009-3720</a>) This vulnerability could allow an attacker to cause a denial of service while parsing a malformed XML file.
Family: unix Class: patch
Reference(s): DSA-1977-1
CVE-2008-2316
CVE-2009-3560
CVE-2009-3720
Version: 7
Platform(s): Debian GNU/Linux 4.0
Debian GNU/Linux 5.0
Product(s): python2.4
python2.5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19376
 
Oval ID: oval:org.mitre.oval:def:19376
Title: HP-UX Running XNTP, Remote Denial of Service (DoS) and Execution of Arbitrary Code
Description: ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3563
Version: 9
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20637
 
Oval ID: oval:org.mitre.oval:def:20637
Title: VMware ESXi and ESX updates to third party library and ESX Service Console
Description: The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafted UTF-8 sequences that trigger a buffer over-read, a different vulnerability than CVE-2009-2625.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3720
Version: 4
Platform(s): VMWare ESX Server 4.1
VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21744
 
Oval ID: oval:org.mitre.oval:def:21744
Title: ELSA-2008:0946: ed security update (Moderate)
Description: Heap-based buffer overflow in the strip_escapes function in signal.c in GNU ed before 1.0 allows context-dependent or user-assisted attackers to execute arbitrary code via a long filename. NOTE: since ed itself does not typically run with special privileges, this issue only crosses privilege boundaries when ed is invoked as a third-party component.
Family: unix Class: patch
Reference(s): ELSA-2008:0946-01
CVE-2008-3916
Version: 6
Platform(s): Oracle Linux 5
Product(s): ed
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21815
 
Oval ID: oval:org.mitre.oval:def:21815
Title: RHSA-2010:0018: dbus security update (Moderate)
Description: The _dbus_validate_signature_with_reason function (dbus-marshal-validate.c) in D-Bus (aka DBus) before 1.2.14 uses incorrect logic to validate a basic type, which allows remote attackers to spoof a signature via a crafted key. NOTE: this is due to an incorrect fix for CVE-2008-3834.
Family: unix Class: patch
Reference(s): RHSA-2010:0018-01
CESA-2010:0018
CVE-2009-1189
Version: 4
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): dbus
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21948
 
Oval ID: oval:org.mitre.oval:def:21948
Title: RHSA-2010:0002: PyXML security update (Moderate)
Description: The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafted UTF-8 sequences that trigger a buffer over-read, a different vulnerability than CVE-2009-2625.
Family: unix Class: patch
Reference(s): RHSA-2010:0002-01
CESA-2010:0002
CVE-2009-3720
Version: 4
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): PyXML
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22194
 
Oval ID: oval:org.mitre.oval:def:22194
Title: HP-UX Running OpenSSL, Remote Denial of Service (DoS), Bypass Security Restrictions
Description: The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1) BMPString or (2) UniversalString with an invalid encoded length.
Family: unix Class: vulnerability
Reference(s): CVE-2009-0590
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22678
 
Oval ID: oval:org.mitre.oval:def:22678
Title: ELSA-2009:0336: glib2 security update (Moderate)
Description: Multiple integer overflows in glib/gbase64.c in GLib before 2.20 allow context-dependent attackers to execute arbitrary code via a long string that is converted either (1) from or (2) to a base64 representation.
Family: unix Class: patch
Reference(s): ELSA-2009:0336-01
CVE-2008-4316
Version: 6
Platform(s): Oracle Linux 5
Product(s): glib2
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22733
 
Oval ID: oval:org.mitre.oval:def:22733
Title: ELSA-2009:1455: kernel security and bug fix update (Moderate)
Description: The md driver (drivers/md/md.c) in the Linux kernel before 2.6.30.2 might allow local users to cause a denial of service (NULL pointer dereference) via vectors related to "suspend_* sysfs attributes" and the (1) suspend_lo_store or (2) suspend_hi_store functions. NOTE: this is only a vulnerability when sysfs is writable by an attacker.
Family: unix Class: patch
Reference(s): ELSA-2009:1455-03
CVE-2009-2849
Version: 6
Platform(s): Oracle Linux 5
Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22736
 
Oval ID: oval:org.mitre.oval:def:22736
Title: ELSA-2010:0018: dbus security update (Moderate)
Description: The _dbus_validate_signature_with_reason function (dbus-marshal-validate.c) in D-Bus (aka DBus) before 1.2.14 uses incorrect logic to validate a basic type, which allows remote attackers to spoof a signature via a crafted key. NOTE: this is due to an incorrect fix for CVE-2008-3834.
Family: unix Class: patch
Reference(s): ELSA-2010:0018-01
CVE-2009-1189
Version: 6
Platform(s): Oracle Linux 5
Product(s): dbus
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22755
 
Oval ID: oval:org.mitre.oval:def:22755
Title: ELSA-2009:1335: openssl security, bug fix, and enhancement update (Moderate)
Description: The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL before 1.0.0 Beta 2 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence DTLS handshake message, related to a "fragment bug."
Family: unix Class: patch
Reference(s): ELSA-2009:1335-02
CVE-2006-7250
CVE-2009-0590
CVE-2009-1377
CVE-2009-1378
CVE-2009-1379
CVE-2009-1386
CVE-2009-1387
Version: 33
Platform(s): Oracle Linux 5
Product(s): openssl
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22800
 
Oval ID: oval:org.mitre.oval:def:22800
Title: ELSA-2009:1470: openssh security update (Moderate)
Description: A certain Red Hat modification to the ChrootDirectory feature in OpenSSH 4.8, as used in sshd in OpenSSH 4.3 in Red Hat Enterprise Linux (RHEL) 5.4 and Fedora 11, allows local users to gain privileges via hard links to setuid programs that use configuration files within the chroot directory, related to requirements for directory ownership.
Family: unix Class: patch
Reference(s): ELSA-2009:1470-01
CVE-2009-2904
Version: 6
Platform(s): Oracle Linux 5
Product(s): openssh
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22811
 
Oval ID: oval:org.mitre.oval:def:22811
Title: ELSA-2009:0411: device-mapper-multipath security update (Moderate)
Description: The Device Mapper multipathing driver (aka multipath-tools or device-mapper-multipath) 0.4.8, as used in SUSE openSUSE, SUSE Linux Enterprise Server (SLES), Fedora, and possibly other operating systems, uses world-writable permissions for the socket file (aka /var/run/multipathd.sock), which allows local users to send arbitrary commands to the multipath daemon.
Family: unix Class: patch
Reference(s): ELSA-2009:0411-01
CVE-2009-0115
Version: 6
Platform(s): Oracle Linux 5
Product(s): device-mapper-multipath
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22841
 
Oval ID: oval:org.mitre.oval:def:22841
Title: ELSA-2009:1620: bind security update (Moderate)
Description: Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, and 9.7 beta before 9.7.0b3, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains an Additional section with crafted data, which is not properly handled when the response is processed "at the same time as requesting DNSSEC records (DO)," aka Bug 20438.
Family: unix Class: patch
Reference(s): ELSA-2009:1620-01
CVE-2009-4022
Version: 6
Platform(s): Oracle Linux 5
Product(s): bind
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22865
 
Oval ID: oval:org.mitre.oval:def:22865
Title: ELSA-2009:1463: newt security update (Moderate)
Description: Heap-based buffer overflow in textbox.c in newt 0.51.5, 0.51.6, and 0.52.2 allows local users to cause a denial of service (application crash) or possibly execute arbitrary code via a request to display a crafted text dialog box.
Family: unix Class: patch
Reference(s): ELSA-2009:1463-01
CVE-2009-2905
Version: 6
Platform(s): Oracle Linux 5
Product(s): newt
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22880
 
Oval ID: oval:org.mitre.oval:def:22880
Title: ELSA-2009:1625: expat security update (Moderate)
Description: The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafted UTF-8 sequences that trigger a buffer over-read, a different vulnerability than CVE-2009-2625.
Family: unix Class: patch
Reference(s): ELSA-2009:1625-01
CVE-2009-3560
CVE-2009-3720
Version: 13
Platform(s): Oracle Linux 5
Product(s): expat
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22885
 
Oval ID: oval:org.mitre.oval:def:22885
Title: ELSA-2009:1321: nfs-utils security and bug fix update (Low)
Description: The good_client function in nfs-utils 1.0.9, and possibly other versions before 1.1.3, invokes the hosts_ctl function with the wrong order of arguments, which causes TCP Wrappers to ignore netgroups and allows remote attackers to bypass intended access restrictions.
Family: unix Class: patch
Reference(s): ELSA-2009:1321-02
CVE-2008-4552
Version: 6
Platform(s): Oracle Linux 5
Product(s): nfs-utils
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22999
 
Oval ID: oval:org.mitre.oval:def:22999
Title: ELSA-2009:1548: kernel security and bug fix update (Important)
Description: The swiotlb functionality in the r8169 driver in drivers/net/r8169.c in the Linux kernel before 2.6.27.22 allows remote attackers to cause a denial of service (IOMMU space exhaustion and system crash) by using jumbo frames for a large amount of network traffic, as demonstrated by a flood ping.
Family: unix Class: patch
Reference(s): ELSA-2009:1548-01
CVE-2009-2695
CVE-2009-2908
CVE-2009-3228
CVE-2009-3286
CVE-2009-3547
CVE-2009-3613
Version: 29
Platform(s): Oracle Linux 5
Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23002
 
Oval ID: oval:org.mitre.oval:def:23002
Title: ELSA-2010:0002: PyXML security update (Moderate)
Description: The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafted UTF-8 sequences that trigger a buffer over-read, a different vulnerability than CVE-2009-2625.
Family: unix Class: patch
Reference(s): ELSA-2010:0002-01
CVE-2009-3720
Version: 6
Platform(s): Oracle Linux 5
Product(s): PyXML
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23021
 
Oval ID: oval:org.mitre.oval:def:23021
Title: ELSA-2009:1670: kernel security and bug fix update (Important)
Description: The nfs4_proc_lock function in fs/nfs/nfs4proc.c in the NFSv4 client in the Linux kernel before 2.6.31-rc4 allows remote NFS servers to cause a denial of service (NULL pointer dereference and panic) by sending a certain response containing incorrect file attributes, which trigger attempted use of an open file that lacks NFSv4 state.
Family: unix Class: patch
Reference(s): ELSA-2009:1670-01
CVE-2009-3612
CVE-2009-3620
CVE-2009-3621
CVE-2009-3726
Version: 21
Platform(s): Oracle Linux 5
Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23033
 
Oval ID: oval:org.mitre.oval:def:23033
Title: ELSA-2009:1648: ntp security update (Moderate)
Description: ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons.
Family: unix Class: patch
Reference(s): ELSA-2009:1648-01
CVE-2009-3563
Version: 6
Platform(s): Oracle Linux 5
Product(s): ntp
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24227
 
Oval ID: oval:org.mitre.oval:def:24227
Title: Vulnerability in OpenSSL 0.9.8k and earlier 0.9.8 versions, allows remote attackers to cause a denial of service (memory consumption)
Description: The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allows remote attackers to cause a denial of service (memory consumption) via a large series of "future epoch" DTLS records that are buffered in a queue, aka "DTLS record buffer limitation bug."
Family: windows Class: vulnerability
Reference(s): CVE-2009-1377
Version: 3
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): OpenSSL
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24700
 
Oval ID: oval:org.mitre.oval:def:24700
Title: Vulnerability in OpenSSL before 1.0.0 Beta 2, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash)
Description: The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL before 1.0.0 Beta 2 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence DTLS handshake message, related to a "fragment bug."
Family: windows Class: vulnerability
Reference(s): CVE-2009-1387
Version: 3
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): OpenSSL
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25108
 
Oval ID: oval:org.mitre.oval:def:25108
Title: Vulnerability in OpenSSL before 0.9.8i, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash)
Description: ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a DTLS ChangeCipherSpec packet that occurs before ClientHello.
Family: windows Class: vulnerability
Reference(s): CVE-2009-1386
Version: 3
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): OpenSSL
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25119
 
Oval ID: oval:org.mitre.oval:def:25119
Title: Vulnerability in OpenSSL 1.0.0 Beta 2, allows remote attackers to cause a denial of service (openssl s_client crash)
Description: Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote attackers to cause a denial of service (openssl s_client crash) and possibly have unspecified other impact via a DTLS packet, as demonstrated by a packet from a server that uses a crafted server certificate.
Family: windows Class: vulnerability
Reference(s): CVE-2009-1379
Version: 3
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): OpenSSL
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25196
 
Oval ID: oval:org.mitre.oval:def:25196
Title: Vulnerability in OpenSSL before 0.9.8k, allows remote attackers to cause a denial of service (invalid memory access and application crash)
Description: The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1) BMPString or (2) UniversalString with an invalid encoded length.
Family: windows Class: vulnerability
Reference(s): CVE-2009-0590
Version: 3
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): OpenSSL
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28184
 
Oval ID: oval:org.mitre.oval:def:28184
Title: DEPRECATED: ELSA-2010-0018 -- dbus security update (moderate)
Description: [1.1.2-12.el5_4.1] - CVE-2009-1189 dbus: invalid fix for CVE-2008-3834
Family: unix Class: patch
Reference(s): ELSA-2010-0018
CVE-2009-1189
Version: 4
Platform(s): Oracle Linux 5
Product(s): dbus
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28749
 
Oval ID: oval:org.mitre.oval:def:28749
Title: RHSA-2009:1335 -- openssl security, bug fix, and enhancement update (Moderate)
Description: Updated openssl packages that fix several security issues, various bugs, and add enhancements are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength general purpose cryptography library. Datagram TLS (DTLS) is a protocol based on TLS that is capable of securing datagram transport (for example, UDP).
Family: unix Class: patch
Reference(s): RHSA-2009:1335
CESA-2009:1335-CentOS 5
CVE-2006-7250
CVE-2009-0590
CVE-2009-1377
CVE-2009-1378
CVE-2009-1379
CVE-2009-1386
CVE-2009-1387
Version: 3
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): openssl
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28862
 
Oval ID: oval:org.mitre.oval:def:28862
Title: RHSA-2009:1670 -- kernel security and bug fix update (Important)
Description: Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system.
Family: unix Class: patch
Reference(s): RHSA-2009:1670
CESA-2009:1670-CentOS 5
CVE-2009-3612
CVE-2009-3620
CVE-2009-3621
CVE-2009-3726
Version: 3
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29041
 
Oval ID: oval:org.mitre.oval:def:29041
Title: RHSA-2009:1463 -- newt security update (Moderate)
Description: Updated newt packages that fix one security issue are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Newt is a programming library for color text mode, widget-based user interfaces. Newt can be used to add stacked windows, entry widgets, checkboxes, radio buttons, labels, plain text fields, scrollbars, and so on, to text mode user interfaces.
Family: unix Class: patch
Reference(s): RHSA-2009:1463
CESA-2009:1463-CentOS 3
CESA-2009:1463-CentOS 5
CVE-2009-2905
Version: 3
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 3
CentOS Linux 5
Product(s): newt
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29068
 
Oval ID: oval:org.mitre.oval:def:29068
Title: RHSA-2009:0336 -- glib2 security update (Moderate)
Description: Updated glib2 packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. GLib is the low-level core library that forms the basis for projects such as GTK+ and GNOME. It provides data structure handling for C, portability wrappers, and interfaces for such runtime functionality as an event loop, threads, dynamic loading, and an object system.
Family: unix Class: patch
Reference(s): RHSA-2009:0336
CVE-2008-4316
Version: 3
Platform(s): Red Hat Enterprise Linux 5
Product(s): glib2
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29109
 
Oval ID: oval:org.mitre.oval:def:29109
Title: RHSA-2009:1620 -- bind security update (Moderate)
Description: Updated bind packages that fix one security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.
Family: unix Class: patch
Reference(s): RHSA-2009:1620
CESA-2009:1620-CentOS 5
CVE-2009-4022
Version: 3
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): bind
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29199
 
Oval ID: oval:org.mitre.oval:def:29199
Title: RHSA-2008:0946 -- ed security update (Moderate)
Description: An updated ed package that fixes one security issue is now available for Red Hat Enterprise Linux 2.1, 3, 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. ed is a line-oriented text editor, used to create, display, and modify text files (both interactively and via shell scripts). A heap-based buffer overflow was discovered in the way ed, the GNU line editor, processed long file names. An attacker could create a file with a specially-crafted name that could possibly execute an arbitrary code when opened in the ed editor. (CVE-2008-3916) Users of ed should upgrade to this updated package, which contains a backported patch to resolve this issue.
Family: unix Class: patch
Reference(s): RHSA-2008:0946
CESA-2008:0946-CentOS 3
CESA-2008:0946-CentOS 2
CESA-2008:0946-CentOS 5
CVE-2008-3916
Version: 3
Platform(s): Red Hat Enterprise Linux 3
Red Hat Enterprise Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 3
CentOS Linux 2
CentOS Linux 5
Product(s): ed
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29266
 
Oval ID: oval:org.mitre.oval:def:29266
Title: RHSA-2009:1648 -- ntp security update (Moderate)
Description: An updated ntp package that fixes a security issue is now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team.
Family: unix Class: patch
Reference(s): RHSA-2009:1648
CESA-2009:1648-CentOS 5
CVE-2009-3563
Version: 3
Platform(s): Red Hat Enterprise Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): ntp
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29269
 
Oval ID: oval:org.mitre.oval:def:29269
Title: RHSA-2009:1548 -- kernel security and bug fix update (Important)
Description: Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system.
Family: unix Class: patch
Reference(s): RHSA-2009:1548
CESA-2009:1548-CentOS 5
CVE-2009-2695
CVE-2009-2908
CVE-2009-3228
CVE-2009-3286
CVE-2009-3547
CVE-2009-3613
Version: 3
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29271
 
Oval ID: oval:org.mitre.oval:def:29271
Title: RHSA-2009:1470 -- openssh security update (Moderate)
Description: Updated openssh packages that fix a security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team.
Family: unix Class: patch
Reference(s): RHSA-2009:1470
CESA-2009:1470-CentOS 5
CVE-2009-2904
Version: 3
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): openssh
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29347
 
Oval ID: oval:org.mitre.oval:def:29347
Title: RHSA-2009:1625 -- expat security update (Moderate)
Description: Updated expat packages that fix two security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Expat is a C library written by James Clark for parsing XML documents. Two buffer over-read flaws were found in the way Expat handled malformed UTF-8 sequences when processing XML files. A specially-crafted XML file could cause applications using Expat to crash while parsing the file. (CVE-2009-3560, CVE-2009-3720)
Family: unix Class: patch
Reference(s): RHSA-2009:1625
CESA-2009:1625-CentOS 3
CESA-2009:1625-CentOS 5
CVE-2009-3560
CVE-2009-3720
Version: 3
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 3
CentOS Linux 5
Product(s): expat
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29369
 
Oval ID: oval:org.mitre.oval:def:29369
Title: RHSA-2009:1321 -- nfs-utils security and bug fix update (Low)
Description: An updated nfs-utils package that fixes a security issue and several bugs is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. The nfs-utils package provides a daemon for the kernel NFS server and related tools.
Family: unix Class: patch
Reference(s): RHSA-2009:1321
CESA-2009:1321-CentOS 5
CVE-2008-4552
Version: 3
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): nfs-utils
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29387
 
Oval ID: oval:org.mitre.oval:def:29387
Title: RHSA-2009:0411 -- device-mapper-multipath security update (Moderate)
Description: Updated device-mapper-multipath packages that fix a security issue are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The device-mapper multipath packages provide tools to manage multipath devices by issuing instructions to the device-mapper multipath kernel module, and by managing the creation and removal of partitions for device-mapper devices.
Family: unix Class: patch
Reference(s): RHSA-2009:0411
CESA-2009:0411-CentOS 5
CVE-2009-0115
Version: 3
Platform(s): Red Hat Enterprise Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): device-mapper-multipath
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6636
 
Oval ID: oval:org.mitre.oval:def:6636
Title: Linux Kernel 'nfs4_proc_lock()' Local Denial of Service Vulnerability
Description: The nfs4_proc_lock function in fs/nfs/nfs4proc.c in the NFSv4 client in the Linux kernel before 2.6.31-rc4 allows remote NFS servers to cause a denial of service (NULL pointer dereference and panic) by sending a certain response containing incorrect file attributes, which trigger attempted use of an open file that lacks NFSv4 state.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3726
Version: 5
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6683
 
Oval ID: oval:org.mitre.oval:def:6683
Title: OpenSSL DTLS Packets Multiple Denial of Service Vulnerabilities
Description: The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allows remote attackers to cause a denial of service (memory consumption) via a large series of "future epoch" DTLS records that are buffered in a queue, aka "DTLS record buffer limitation bug."
Family: unix Class: vulnerability
Reference(s): CVE-2009-1377
Version: 5
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6757
 
Oval ID: oval:org.mitre.oval:def:6757
Title: Linux Kernel 2.4 and 2.6 Multiple Local Information Disclosure Vulnerabilities
Description: The tc_fill_tclass function in net/sched/sch_api.c in the tc subsystem in the Linux kernel 2.4.x before 2.4.37.6 and 2.6.x before 2.6.31-rc9 does not initialize certain (1) tcm__pad1 and (2) tcm__pad2 structure members, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3228
Version: 5
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6760
 
Oval ID: oval:org.mitre.oval:def:6760
Title: DSA-1953 expat -- denial of service
Description: Jan Lieskovsky discovered an error in expat, an XML parsing C library, when parsing certain UTF-8 sequences, which can be exploited to crash an application using the library.
Family: unix Class: patch
Reference(s): DSA-1953
CVE-2009-3560
Version: 5
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
Product(s): expat
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6763
 
Oval ID: oval:org.mitre.oval:def:6763
Title: Linux Kernel r128 Driver CCE Initialization NULL Pointer Dereference Denial of Service Vulnerability
Description: The ATI Rage 128 (aka r128) driver in the Linux kernel before 2.6.31-git11 does not properly verify Concurrent Command Engine (CCE) state initialization, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly gain privileges via unspecified ioctl calls.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3620
Version: 5
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6848
 
Oval ID: oval:org.mitre.oval:def:6848
Title: OpenSSL 'dtls1_retrieve_buffered_fragment()' DTLS Packet Denial of Service Vulnerability
Description: Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote attackers to cause a denial of service (openssl s_client crash) and possibly have unspecified other impact via a DTLS packet, as demonstrated by a packet from a server that uses a crafted server certificate.
Family: unix Class: vulnerability
Reference(s): CVE-2009-1379
Version: 5
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6883
 
Oval ID: oval:org.mitre.oval:def:6883
Title: Expat Unspecified XML Parsing Remote Denial of Service Vulnerability
Description: The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than CVE-2009-2625 and CVE-2009-3720.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3560
Version: 5
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6895
 
Oval ID: oval:org.mitre.oval:def:6895
Title: Linux Kernel 'unix_stream_connect()' Local Denial of Service Vulnerability
Description: net/unix/af_unix.c in the Linux kernel 2.6.31.4 and earlier allows local users to cause a denial of service (system hang) by creating an abstract-namespace AF_UNIX listening socket, performing a shutdown operation on this socket, and then performing a series of connect operations to this socket.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3621
Version: 5
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6992
 
Oval ID: oval:org.mitre.oval:def:6992
Title: Linux Kernel eCryptfs Lower Dentry Null Pointer Dereference Local Denial of Service Vulnerability
Description: The d_delete function in fs/ecryptfs/inode.c in eCryptfs in the Linux kernel 2.6.31 allows local users to cause a denial of service (kernel OOPS) and possibly execute arbitrary code via unspecified vectors that cause a "negative dentry" and trigger a NULL pointer dereference, as demonstrated via a Mutt temporary directory in an eCryptfs mount.
Family: unix Class: vulnerability
Reference(s): CVE-2009-2908
Version: 5
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6996
 
Oval ID: oval:org.mitre.oval:def:6996
Title: OpenSSL Multiple Vulnerabilities
Description: The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1) BMPString or (2) UniversalString with an invalid encoded length.
Family: unix Class: vulnerability
Reference(s): CVE-2009-0590
Version: 5
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7076
 
Oval ID: oval:org.mitre.oval:def:7076
Title: NTP mode 7 MODE_PRIVATE Packet Remote Denial of Service Vulnerability
Description: ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3563
Version: 5
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7112
 
Oval ID: oval:org.mitre.oval:def:7112
Title: Expat UTF-8 Character XML Parsing Remote Denial of Service Vulnerability
Description: The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafted UTF-8 sequences that trigger a buffer over-read, a different vulnerability than CVE-2009-2625.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3720
Version: 5
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7144
 
Oval ID: oval:org.mitre.oval:def:7144
Title: Linux Kernel with SELinux 'mmap_min_addr' Low Memory NULL Pointer Dereference Vulnerability
Description: The Linux kernel before 2.6.31-rc7 does not properly prevent mmap operations that target page zero and other low memory addresses, which allows local users to gain privileges by exploiting NULL pointer dereference vulnerabilities, related to (1) the default configuration of the allow_unconfined_mmap_low boolean in SELinux on Red Hat Enterprise Linux (RHEL) 5, (2) an error that causes allow_unconfined_mmap_low to be ignored in the unconfined_t domain, (3) lack of a requirement for the CAP_SYS_RAWIO capability for these mmap operations, and (4) interaction between the mmap_min_addr protection mechanism and certain application programs.
Family: unix Class: vulnerability
Reference(s): CVE-2009-2695
Version: 5
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7152
 
Oval ID: oval:org.mitre.oval:def:7152
Title: DSA-1977 python2.4 python2.5 -- several vulnerabilities
Description: Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that the embedded Expat copy in the interpreter for the Python language, does not properly process malformed or crafted XML files. This vulnerability could allow an attacker to cause a denial of service while parsing a malformed XML file. In addition, this update fixes an integer overflow in the hashlib module in python2.5. This vulnerability could allow an attacker to defeat cryptographic digests. It only affects the oldstable distribution.
Family: unix Class: patch
Reference(s): DSA-1977
CVE-2008-2316
CVE-2009-3560
CVE-2009-3720
Version: 5
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
Product(s): python2.4 python2.5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7229
 
Oval ID: oval:org.mitre.oval:def:7229
Title: OpenSSL DTLS Packets Multiple Denial of Service Vulnerabilities
Description: Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consumption) via DTLS records that (1) are duplicates or (2) have sequence numbers much greater than current sequence numbers, aka "DTLS fragment handling memory leak."
Family: unix Class: vulnerability
Reference(s): CVE-2009-1378
Version: 5
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7261
 
Oval ID: oval:org.mitre.oval:def:7261
Title: HP-UX Running BIND, Remote Denial of Service (DoS), Unauthorized Disclosure of Information
Description: Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, and 9.7 beta before 9.7.0b3, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains an Additional section with crafted data, which is not properly handled when the response is processed "at the same time as requesting DNSSEC records (DO)," aka Bug 20438.
Family: unix Class: vulnerability
Reference(s): CVE-2009-4022
Version: 6
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7310
 
Oval ID: oval:org.mitre.oval:def:7310
Title: DSA-1992 chrony -- several vulnerabilities
Description: Several vulnerabilities have been discovered in chrony, a pair of programs which are used to maintain the accuracy of the system clock on a computer. This issues are similar to the NTP security flaw CVE-2009-3563. The Common Vulnerabilities and Exposures project identifies the following problems: chronyd replies to all cmdmon packets with NOHOSTACCESS messages even for unauthorised hosts. An attacker can abuse this behaviour to force two chronyd instances to play packet ping-pong by sending such a packet with spoofed source address and port. This results in high CPU and network usage and thus denial of service conditions. The client logging facility of chronyd doesn’t limit memory that is used to store client information. An attacker can cause chronyd to allocate large amounts of memory by sending NTP or cmdmon packets with spoofed source addresses resulting in memory exhaustion. chronyd lacks of a rate limit control to the syslog facility when logging received packets from unauthorised hosts. This allows an attacker to cause denial of service conditions via filling up the logs and thus disk space by repeatedly sending invalid cmdmon packets.
Family: unix Class: patch
Reference(s): DSA-1992
CVE-2010-0292
CVE-2010-0293
CVE-2010-0294
CVE-2009-3563
Version: 5
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
Product(s): chrony
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7332
 
Oval ID: oval:org.mitre.oval:def:7332
Title: DSA-1961 bind9 -- DNS cache poisoning
Description: Michael Sinatra discovered that the DNS resolver component in BIND does not properly check DNS records contained in additional sections of DNS responses, leading to a cache poisoning vulnerability. This vulnerability is only present in resolvers which have been configured with DNSSEC trust anchors, which is still rare. Note that this update contains an internal ABI change, which means that all BIND-related packages must be updated at the same time. In the unlikely event that you have compiled your own software against libdns, you must recompile this programs, too.
Family: unix Class: patch
Reference(s): DSA-1961
CVE-2009-4022
Version: 5
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
Product(s): bind9
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7377
 
Oval ID: oval:org.mitre.oval:def:7377
Title: Linux Kernel '/drivers/net/r8169.c' Out-of-IOMMU Error Local Denial of Service Vulnerability
Description: The swiotlb functionality in the r8169 driver in drivers/net/r8169.c in the Linux kernel before 2.6.27.22 allows remote attackers to cause a denial of service (IOMMU space exhaustion and system crash) by using jumbo frames for a large amount of network traffic, as demonstrated by a flood ping.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3613
Version: 5
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7379
 
Oval ID: oval:org.mitre.oval:def:7379
Title: DSA-1948 ntp -- denial of service
Description: Robin Park and Dmitri Vinokurov discovered that the daemon component of the ntp package, a reference implementation of the NTP protocol, is not properly reacting to certain incoming packets. An unexpected NTP mode 7 packet with spoofed IP data can lead ntpd to reply with a mode 7 response to the spoofed address. This may result in the service playing packet ping-pong with other ntp servers or even itself which causes CPU usage and excessive disk use due to logging. An attacker can use this to conduct denial of service attacks.
Family: unix Class: patch
Reference(s): DSA-1948
CVE-2009-3563
Version: 7
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
Product(s): ntp
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7459
 
Oval ID: oval:org.mitre.oval:def:7459
Title: Security Vulnerability in BIND DNS Software Shipped With Solaris May Allow DNS Cache Poisoning
Description: Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, and 9.7 beta before 9.7.0b3, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains an Additional section with crafted data, which is not properly handled when the response is processed "at the same time as requesting DNSSEC records (DO)," aka Bug 20438.
Family: unix Class: vulnerability
Reference(s): CVE-2009-4022
Version: 3
Platform(s): Sun Solaris 9
Sun Solaris 10
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7469
 
Oval ID: oval:org.mitre.oval:def:7469
Title: OpenSSL 'ChangeCipherSpec' DTLS Packet Denial of Service Vulnerability
Description: ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a DTLS ChangeCipherSpec packet that occurs before ClientHello.
Family: unix Class: vulnerability
Reference(s): CVE-2009-1386
Version: 5
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7527
 
Oval ID: oval:org.mitre.oval:def:7527
Title: Linux kernel 'O_EXCL' NFSv4 Privilege Escalation Vulnerability
Description: NFSv4 in the Linux kernel 2.6.18, and possibly other versions, does not properly clean up an inode when an O_EXCL create fails, which causes files to be created with insecure settings such as setuid bits, and possibly allows local users to gain privileges, related to the execution of the do_open_permission function even when a create fails.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3286
Version: 5
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7557
 
Oval ID: oval:org.mitre.oval:def:7557
Title: Linux Kernel 2.4 and 2.6 Local Information Disclosure Vulnerability
Description: The tcf_fill_node function in net/sched/cls_api.c in the netlink subsystem in the Linux kernel 2.6.x before 2.6.32-rc5, and 2.4.37.6 and earlier, does not initialize a certain tcm__pad2 structure member, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors. NOTE: this issue exists because of an incomplete fix for CVE-2005-4881.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3612
Version: 5
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7592
 
Oval ID: oval:org.mitre.oval:def:7592
Title: OpenSSL 'dtls1_retrieve_buffered_fragment()' DTLS Remote Denial of Service Vulnerability
Description: The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL before 1.0.0 Beta 2 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence DTLS handshake message, related to a "fragment bug."
Family: unix Class: vulnerability
Reference(s): CVE-2009-1387
Version: 5
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7608
 
Oval ID: oval:org.mitre.oval:def:7608
Title: Linux Kernel 'pipe.c' Local Privilege Escalation Vulnerability
Description: Multiple race conditions in fs/pipe.c in the Linux kernel before 2.6.32-rc6 allow local users to cause a denial of service (NULL pointer dereference and system crash) or gain privileges by attempting to open an anonymous pipe via a /proc/*/fd/ pathname.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3547
Version: 5
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7639
 
Oval ID: oval:org.mitre.oval:def:7639
Title: DSA-1915 linux-2.6 -- privilege escalation/denial of service/sensitive memory leak
Description: Notice: Debian 5.0.4, the next point release of Debian "lenny", will include a new default value for the mmap_min_addr tunable. This change will add an additional safeguard against a class of security vulnerabilities known as "NULL pointer dereference" vulnerabilities, but it will need to be overridden when using certain applications. Additional information about this change, including instructions for making this change locally in advance of 5.0.4 (recommended), can be found at: http://wiki.debian.org/mmap_min_addr. Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, sensitive memory leak or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems: Eric Paris provided several fixes to increase the protection provided by the mmap_min_addr tunable against NULL pointer dereference vulnerabilities. Mark Smith discovered a memory leak in the appletalk implementation. When the appletalk and ipddp modules are loaded, but no ipddp "N" device is found, remote attackers can cause a denial of service by consuming large amounts of system memory. Loic Minier discovered an issue in the eCryptfs filesystem. A local user can cause a denial of service (kernel oops) by causing a dentry value to go negative. Arjan van de Ven discovered an issue in the AX.25 protocol implementation. A specially crafted call to setsockopt() can result in a denial of service (kernel oops). Jan Beulich discovered the existence of a sensitive kernel memory leak. Systems running the "amd64" kernel do not properly sanitise registers for 32-bit processes. Jiri Slaby fixed a sensitive memory leak issue in the ANSI/IEEE 802.2 LLC implementation. This is not exploitable in the Debian lenny kernel as root privileges are required to exploit this issue. Eric Dumazet fixed several sensitive memory leaks in the IrDA, X.25 PLP (Rose), NET/ROM, Acorn Econet/AUN, and Controller Area Network (CAN) implementations. Local users can exploit these issues to gain access to kernel memory. Eric Paris discovered an issue with the NFSv4 server implementation. When an O_EXCL create fails, files may be left with corrupted permissions, possibly granting unintentional privileges to other local users. Jan Kiszka noticed that the kvm_emulate_hypercall function in KVM does not prevent access to MMU hypercalls from ring 0, which allows local guest OS users to cause a denial of service (guest kernel crash) and read or write guest kernel memory. Alistair Strachan reported an issue in the r8169 driver. Remote users can cause a denial of service (IOMMU space exhaustion and system crash) by transmitting a large amount of jumbo frames.
Family: unix Class: patch
Reference(s): DSA-1915
CVE-2009-2695
CVE-2009-2903
CVE-2009-2908
CVE-2009-2909
CVE-2009-2910
CVE-2009-3001
CVE-2009-3002
CVE-2009-3286
CVE-2009-3290
CVE-2009-3613
Version: 3
Platform(s): Debian GNU/Linux 5.0
Product(s): linux-2.6
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7908
 
Oval ID: oval:org.mitre.oval:def:7908
Title: DSA-1837 dbus -- programming error
Description: It was discovered that the dbus_signature_validate function in dbus, a simple interprocess messaging system, is prone to a denial of service attack. This issue was caused by an incorrect fix for DSA-1658-1.
Family: unix Class: patch
Reference(s): DSA-1837
CVE-2009-1189
Version: 3
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
Product(s): dbus
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7937
 
Oval ID: oval:org.mitre.oval:def:7937
Title: DSA-1928 linux-2.6.24 -- privilege escalation/denial of service/sensitive memory leak
Description: Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, sensitive memory leak or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems: Michael Buesch noticed a typing issue in the eisa-eeprom driver for the hppa architecture. Local users could exploit this issue to gain access to restricted memory. Ulrich Drepper noticed an issue in the do_sigalstack routine on 64-bit systems. This issue allows local users to gain access to potentially sensitive memory on the kernel stack. Eric Dumazet discovered an issue in the execve path, where the clear_child_tid variable was not being properly cleared. Local users could exploit this issue to cause a denial of service (memory corruption). Neil Brown discovered an issue in the sysfs interface to md devices. When md arrays are not active, local users can exploit this vulnerability to cause a denial of service (oops). Mark Smith discovered a memory leak in the appletalk implementation. When the appletalk and ipddp modules are loaded, but no ipddp"N" device is found, remote attackers can cause a denial of service by consuming large amounts of system memory. Loic Minier discovered an issue in the eCryptfs filesystem. A local user can cause a denial of service (kernel oops) by causing a dentry value to go negative. Arjan van de Ven discovered an issue in the AX.25 protocol implementation. A specially crafted call to setsockopt() can result in a denial of service (kernel oops). Jan Beulich discovered the existence of a sensitive kernel memory leak. Systems running the "amd64" kernel do not properly sanitise registers for 32-bit processes. Jiri Slaby fixed a sensitive memory leak issue in the ANSI/IEEE 802.2 LLC implementation. This is not exploitable in the Debian lenny kernel as root privileges are required to exploit this issue. Eric Dumazet fixed several sensitive memory leaks in the IrDA, X.25 PLP (Rose), NET/ROM, Acorn Econet/AUN, and Controller Area Network (CAN) implementations. Local users can exploit these issues to gain access to kernel memory. Eric Dumazet reported an instance of uninitialised kernel memory in the network packet scheduler. Local users may be able to exploit this issue to read the contents of sensitive kernel memory. CVE-2009-3238 Linus Torvalds provided a change to the get_random_int() function to increase its randomness. Eric Paris discovered an issue with the NFSv4 server implementation. When an O_EXCL create fails, files may be left with corrupted permissions, possibly granting unintentional privileges to other local users. Earl Chew discovered a NULL pointer dereference issue in the pipe_rdwr_open function which can be used by local users to gain elevated privileges. Jiri Pirko discovered a typo in the initialisation of a structure in the netlink subsystem that may allow local users to gain access to sensitive kernel memory. Alistair Strachan reported an issue in the r8169 driver. Remote users can cause a denial of service (IOMMU space exhaustion and system crash) by transmitting a large amount of jumbo frames. Ben Hutchings discovered an issue in the DRM manager for ATI Rage 128 graphics adapters. Local users may be able to exploit this vulnerability to cause a denial of service (NULL pointer dereference). Tomoki Sekiyama discovered a deadlock condition in the UNIX domain socket implementation. Local users can exploit this vulnerability to cause a denial of service (system hang).
Family: unix Class: patch
Reference(s): DSA-1928
CVE-2009-2846
CVE-2009-2847
CVE-2009-2848
CVE-2009-2849
CVE-2009-2903
CVE-2009-2908
CVE-2009-2909
CVE-2009-2910
CVE-2009-3001
CVE-2009-3002
CVE-2009-3228
CVE-2009-3238
CVE-2009-3286
CVE-2009-3547
CVE-2009-3612
CVE-2009-3613
CVE-2009-3620
CVE-2009-3621
Version: 3
Platform(s): Debian GNU/Linux 4.0
Product(s): linux-2.6.24
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8038
 
Oval ID: oval:org.mitre.oval:def:8038
Title: DSA-1763 openssl -- programming error
Description: It was discovered that insufficient length validations in the ASN.1 handling of the OpenSSL crypto library may lead to denial of service when processing a manipulated certificate.
Family: unix Class: patch
Reference(s): DSA-1763
CVE-2009-0590
Version: 3
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
Product(s): openssl
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8105
 
Oval ID: oval:org.mitre.oval:def:8105
Title: DSA-1747 glib2.0 -- integer overflow
Description: Diego Pettenograve discovered that glib2.0, the GLib library of C routines, handles large strings insecurely via its Base64 encoding functions. This could possible lead to the execution of arbitrary code.
Family: unix Class: patch
Reference(s): DSA-1747
CVE-2008-4316
Version: 3
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
Product(s): glib2.0
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8168
 
Oval ID: oval:org.mitre.oval:def:8168
Title: DSA-1872 linux-2.6 -- denial of service/privilege escalation/information leak
Description: Several vulnerabilities have been discovered in the Linux kernel that may lead to denial of service, privilege escalation or a leak of sensitive memory. The Common Vulnerabilities and Exposures project identifies the following problems: Herbert Xu discovered an issue in the way UDP tracks corking status that could allow local users to cause a denial of service (system crash). Tavis Ormandy and Julien Tinnes discovered that this issue could also be used by local users to gain elevated privileges. Michael Buesch noticed a typing issue in the eisa-eeprom driver for the hppa architecture. Local users could exploit this issue to gain access to restricted memory. Ulrich Drepper noticed an issue in the do_sigalstack routine on 64-bit systems. This issue allows local users to gain access to potentially sensitive memory on the kernel stack. Eric Dumazet discovered an issue in the execve path, where the clear_child_tid variable was not being properly cleared. Local users could exploit this issue to cause a denial of service (memory corruption). Neil Brown discovered an issue in the sysfs interface to md devices. When md arrays are not active, local users can exploit this vulnerability to cause a denial of service (oops).
Family: unix Class: patch
Reference(s): DSA-1872
CVE-2009-2698
CVE-2009-2846
CVE-2009-2847
CVE-2009-2848
CVE-2009-2849
Version: 5
Platform(s): Debian GNU/Linux 4.0
Product(s): linux-2.6
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8189
 
Oval ID: oval:org.mitre.oval:def:8189
Title: DSA-1767 multipath-tools -- insecure file permissions
Description: It was discovered that multipathd of multipath-tools, a tool-chain to manage disk multipath device maps, uses insecure permissions on its unix domain control socket which enables local attackers to issue commands to multipathd prevent access to storage devices or corrupt file system data.
Family: unix Class: patch
Reference(s): DSA-1767
CVE-2009-0115
Version: 3
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
Product(s): multipath-tools
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8285
 
Oval ID: oval:org.mitre.oval:def:8285
Title: DSA-1894 newt -- buffer overflow
Description: Miroslav Lichvar discovered that newt, a windowing toolkit, is prone to a buffer overflow in the content processing code, which can lead to the execution of arbitrary code.
Family: unix Class: patch
Reference(s): DSA-1894
CVE-2009-2905
Version: 3
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
Product(s): newt
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8325
 
Oval ID: oval:org.mitre.oval:def:8325
Title: VMware nfs-utils vulnerability
Description: The good_client function in nfs-utils 1.0.9, and possibly other versions before 1.1.3, invokes the hosts_ctl function with the wrong order of arguments, which causes TCP Wrappers to ignore netgroups and allows remote attackers to bypass intended access restrictions.
Family: unix Class: vulnerability
Reference(s): CVE-2008-4552
Version: 5
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8360
 
Oval ID: oval:org.mitre.oval:def:8360
Title: VMware glib2 vulnerability
Description: Multiple integer overflows in glib/gbase64.c in GLib before 2.20 allow context-dependent attackers to execute arbitrary code via a long string that is converted either (1) from or (2) to a base64 representation.
Family: unix Class: vulnerability
Reference(s): CVE-2008-4316
Version: 4
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8556
 
Oval ID: oval:org.mitre.oval:def:8556
Title: Buffer overflow vulnerability in newt
Description: Heap-based buffer overflow in textbox.c in newt 0.51.5, 0.51.6, and 0.52.2 allows local users to cause a denial of service (application crash) or possibly execute arbitrary code via a request to display a crafted text dialog box.
Family: unix Class: vulnerability
Reference(s): CVE-2009-2905
Version: 4
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9214
 
Oval ID: oval:org.mitre.oval:def:9214
Title: The Device Mapper multipathing driver (aka multipath-tools or device-mapper-multipath) 0.4.8, as used in SUSE openSUSE, SUSE Linux Enterprise Server (SLES), Fedora, and possibly other operating systems, uses world-writable permissions for the socket file (aka /var/run/multipathd.sock), which allows local users to send arbitrary commands to the multipath daemon.
Description: The Device Mapper multipathing driver (aka multipath-tools or device-mapper-multipath) 0.4.8, as used in SUSE openSUSE, SUSE Linux Enterprise Server (SLES), Fedora, and possibly other operating systems, uses world-writable permissions for the socket file (aka /var/run/multipathd.sock), which allows local users to send arbitrary commands to the multipath daemon.
Family: unix Class: vulnerability
Reference(s): CVE-2009-0115
Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9327
 
Oval ID: oval:org.mitre.oval:def:9327
Title: Multiple race conditions in fs/pipe.c in the Linux kernel before 2.6.32-rc6 allow local users to cause a denial of service (NULL pointer dereference and system crash) or gain privileges by attempting to open an anonymous pipe via a /proc/*/fd/ pathname.
Description: Multiple race conditions in fs/pipe.c in the Linux kernel before 2.6.32-rc6 allow local users to cause a denial of service (NULL pointer dereference and system crash) or gain privileges by attempting to open an anonymous pipe via a /proc/*/fd/ pathname.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3547
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9409
 
Oval ID: oval:org.mitre.oval:def:9409
Title: The tc_fill_tclass function in net/sched/sch_api.c in the tc subsystem in the Linux kernel 2.4.x before 2.4.37.6 and 2.6.x before 2.6.31-rc9 does not initialize certain (1) tcm__pad1 and (2) tcm__pad2 structure members, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors.
Description: The tc_fill_tclass function in net/sched/sch_api.c in the tc subsystem in the Linux kernel 2.4.x before 2.4.37.6 and 2.6.x before 2.6.31-rc9 does not initialize certain (1) tcm__pad1 and (2) tcm__pad2 structure members, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3228
Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9663
 
Oval ID: oval:org.mitre.oval:def:9663
Title: The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allows remote attackers to cause a denial of service (memory consumption) via a large series of "future epoch" DTLS records that are buffered in a queue, aka "DTLS record buffer limitation bug."
Description: The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allows remote attackers to cause a denial of service (memory consumption) via a large series of "future epoch" DTLS records that are buffered in a queue, aka "DTLS record buffer limitation bug."
Family: unix Class: vulnerability
Reference(s): CVE-2009-1377
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9664
 
Oval ID: oval:org.mitre.oval:def:9664
Title: Heap-based buffer overflow in textbox.c in newt 0.51.5, 0.51.6, and 0.52.2 allows local users to cause a denial of service (application crash) or possibly execute arbitrary code via a request to display a crafted text dialog box.
Description: Heap-based buffer overflow in textbox.c in newt 0.51.5, 0.51.6, and 0.52.2 allows local users to cause a denial of service (application crash) or possibly execute arbitrary code via a request to display a crafted text dialog box.
Family: unix Class: vulnerability
Reference(s): CVE-2009-2905
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9734
 
Oval ID: oval:org.mitre.oval:def:9734
Title: The nfs4_proc_lock function in fs/nfs/nfs4proc.c in the NFSv4 client in the Linux kernel before 2.6.31-rc4 allows remote NFS servers to cause a denial of service (NULL pointer dereference and panic) by sending a certain response containing incorrect file attributes, which trigger attempted use of an open file that lacks NFSv4 state.
Description: The nfs4_proc_lock function in fs/nfs/nfs4proc.c in the NFSv4 client in the Linux kernel before 2.6.31-rc4 allows remote NFS servers to cause a denial of service (NULL pointer dereference and panic) by sending a certain response containing incorrect file attributes, which trigger attempted use of an open file that lacks NFSv4 state.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3726
Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9744
 
Oval ID: oval:org.mitre.oval:def:9744
Title: Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote attackers to cause a denial of service (openssl s_client crash) and possibly have unspecified other impact via a DTLS packet, as demonstrated by a packet from a server that uses a crafted server certificate.
Description: Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote attackers to cause a denial of service (openssl s_client crash) and possibly have unspecified other impact via a DTLS packet, as demonstrated by a packet from a server that uses a crafted server certificate.
Family: unix Class: vulnerability
Reference(s): CVE-2009-1379
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9757
 
Oval ID: oval:org.mitre.oval:def:9757
Title: NFSv4 in the Linux kernel 2.6.18, and possibly other versions, does not properly clean up an inode when an O_EXCL create fails, which causes files to be created with insecure settings such as setuid bits, and possibly allows local users to gain privileges, related to the execution of the do_open_permission function even when a create fails.
Description: NFSv4 in the Linux kernel 2.6.18, and possibly other versions, does not properly clean up an inode when an O_EXCL create fails, which causes files to be created with insecure settings such as setuid bits, and possibly allows local users to gain privileges, related to the execution of the do_open_permission function even when a create fails.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3286
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9862
 
Oval ID: oval:org.mitre.oval:def:9862
Title: A certain Red Hat modification to the ChrootDirectory feature in OpenSSH 4.8, as used in sshd in OpenSSH 4.3 in Red Hat Enterprise Linux (RHEL) 5.4 and Fedora 11, allows local users to gain privileges via hard links to setuid programs that use configuration files within the chroot directory, related to requirements for directory ownership.
Description: A certain Red Hat modification to the ChrootDirectory feature in OpenSSH 4.8, as used in sshd in OpenSSH 4.3 in Red Hat Enterprise Linux (RHEL) 5.4 and Fedora 11, allows local users to gain privileges via hard links to setuid programs that use configuration files within the chroot directory, related to requirements for directory ownership.
Family: unix Class: vulnerability
Reference(s): CVE-2009-2904
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9882
 
Oval ID: oval:org.mitre.oval:def:9882
Title: The Linux kernel before 2.6.31-rc7 does not properly prevent mmap operations that target page zero and other low memory addresses, which allows local users to gain privileges by exploiting NULL pointer dereference vulnerabilities, related to (1) the default configuration of the allow_unconfined_mmap_low boolean in SELinux on Red Hat Enterprise Linux (RHEL) 5, (2) an error that causes allow_unconfined_mmap_low to be ignored in the unconfined_t domain, (3) lack of a requirement for the CAP_SYS_RAWIO capability for these mmap operations, and (4) interaction between the mmap_min_addr protection mechanism and certain application programs.
Description: The Linux kernel before 2.6.31-rc7 does not properly prevent mmap operations that target page zero and other low memory addresses, which allows local users to gain privileges by exploiting NULL pointer dereference vulnerabilities, related to (1) the default configuration of the allow_unconfined_mmap_low boolean in SELinux on Red Hat Enterprise Linux (RHEL) 5, (2) an error that causes allow_unconfined_mmap_low to be ignored in the unconfined_t domain, (3) lack of a requirement for the CAP_SYS_RAWIO capability for these mmap operations, and (4) interaction between the mmap_min_addr protection mechanism and certain application programs.
Family: unix Class: vulnerability
Reference(s): CVE-2009-2695
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9891
 
Oval ID: oval:org.mitre.oval:def:9891
Title: The ATI Rage 128 (aka r128) driver in the Linux kernel before 2.6.31-git11 does not properly verify Concurrent Command Engine (CCE) state initialization, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly gain privileges via unspecified ioctl calls.
Description: The ATI Rage 128 (aka r128) driver in the Linux kernel before 2.6.31-git11 does not properly verify Concurrent Command Engine (CCE) state initialization, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly gain privileges via unspecified ioctl calls.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3620
Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9921
 
Oval ID: oval:org.mitre.oval:def:9921
Title: net/unix/af_unix.c in the Linux kernel 2.6.31.4 and earlier allows local users to cause a denial of service (system hang) by creating an abstract-namespace AF_UNIX listening socket, performing a shutdown operation on this socket, and then performing a series of connect operations to this socket.
Description: net/unix/af_unix.c in the Linux kernel 2.6.31.4 and earlier allows local users to cause a denial of service (system hang) by creating an abstract-namespace AF_UNIX listening socket, performing a shutdown operation on this socket, and then performing a series of connect operations to this socket.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3621
Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 3
Application 1
Application 3
Application 1
Application 3
Application 51
Application 144
Application 8
Application 169
Application 2
Application 1
Application 1
Application 26
Application 27
Application 2
Application 211
Application 1
Application 3
Application 2
Application 1
Os 6
Os 2
Os 2
Os 1198
Os 1
Os 1
Os 5
Os 3
Os 2
Os 3
Os 3
Os 3
Os 7
Os 2
Os 2
Os 2
Os 1

ExploitDB Exploits

id Description
2009-06-04 OpenSSL < 0.9.8i DTLS ChangeCipherSpec Remote DoS Exploit
2009-05-18 OpenSSL <= 0.9.8k, 1.0.0-beta2 DTLS Remote Memory Exhaustion DoS

OpenVAS Exploits

Date Description
2012-09-26 Name : Gentoo Security Advisory GLSA 201209-06 (expat)
File : nvt/glsa_201209_06.nasl
2012-07-30 Name : CentOS Update for python CESA-2011:0491 centos4 x86_64
File : nvt/gb_CESA-2011_0491_python_centos4_x86_64.nasl
2012-07-30 Name : CentOS Update for python CESA-2011:0492 centos5 x86_64
File : nvt/gb_CESA-2011_0492_python_centos5_x86_64.nasl
2012-04-16 Name : VMSA-2010-0009: ESXi utilities and ESX Service Console third party updates
File : nvt/gb_VMSA-2010-0009.nasl
2012-03-15 Name : VMSA-2012-0001 VMware ESXi and ESX updates to third party library and ESX Ser...
File : nvt/gb_VMSA-2012-0001.nasl
2011-10-20 Name : Mac OS X v10.6.8 Multiple Vulnerabilities (2011-006)
File : nvt/gb_macosx_su11-006.nasl
2011-08-09 Name : CentOS Update for device-mapper-multipath CESA-2009:0411 centos4 i386
File : nvt/gb_CESA-2009_0411_device-mapper-multipath_centos4_i386.nasl
2011-08-09 Name : CentOS Update for device-mapper-multipath CESA-2009:0411 centos5 i386
File : nvt/gb_CESA-2009_0411_device-mapper-multipath_centos5_i386.nasl
2011-08-09 Name : CentOS Update for nfs-utils CESA-2009:1321 centos5 i386
File : nvt/gb_CESA-2009_1321_nfs-utils_centos5_i386.nasl
2011-08-09 Name : CentOS Update for openssl CESA-2009:1335 centos5 i386
File : nvt/gb_CESA-2009_1335_openssl_centos5_i386.nasl
2011-08-09 Name : CentOS Update for kernel CESA-2009:1455 centos5 i386
File : nvt/gb_CESA-2009_1455_kernel_centos5_i386.nasl
2011-08-09 Name : CentOS Update for newt CESA-2009:1463 centos3 i386
File : nvt/gb_CESA-2009_1463_newt_centos3_i386.nasl
2011-08-09 Name : CentOS Update for newt CESA-2009:1463 centos4 i386
File : nvt/gb_CESA-2009_1463_newt_centos4_i386.nasl
2011-08-09 Name : CentOS Update for newt CESA-2009:1463 centos5 i386
File : nvt/gb_CESA-2009_1463_newt_centos5_i386.nasl
2011-08-09 Name : CentOS Update for openssh CESA-2009:1470 centos5 i386
File : nvt/gb_CESA-2009_1470_openssh_centos5_i386.nasl
2011-08-09 Name : CentOS Update for kernel CESA-2009:1522 centos4 i386
File : nvt/gb_CESA-2009_1522_kernel_centos4_i386.nasl
2011-08-09 Name : CentOS Update for kernel CESA-2009:1541 centos4 i386
File : nvt/gb_CESA-2009_1541_kernel_centos4_i386.nasl
2011-08-09 Name : CentOS Update for kernel CESA-2009:1548 centos5 i386
File : nvt/gb_CESA-2009_1548_kernel_centos5_i386.nasl
2011-08-09 Name : CentOS Update for kernel CESA-2009:1550 centos3 i386
File : nvt/gb_CESA-2009_1550_kernel_centos3_i386.nasl
2011-08-09 Name : CentOS Update for 4Suite CESA-2009:1572 centos3 i386
File : nvt/gb_CESA-2009_1572_4Suite_centos3_i386.nasl
2011-08-09 Name : CentOS Update for 4Suite CESA-2009:1572 centos4 i386
File : nvt/gb_CESA-2009_1572_4Suite_centos4_i386.nasl
2011-08-09 Name : CentOS Update for bind CESA-2009:1620 centos5 i386
File : nvt/gb_CESA-2009_1620_bind_centos5_i386.nasl
2011-08-09 Name : CentOS Update for expat CESA-2009:1625 centos3 i386
File : nvt/gb_CESA-2009_1625_expat_centos3_i386.nasl
2011-08-09 Name : CentOS Update for expat CESA-2009:1625 centos4 i386
File : nvt/gb_CESA-2009_1625_expat_centos4_i386.nasl
2011-08-09 Name : CentOS Update for expat CESA-2009:1625 centos5 i386
File : nvt/gb_CESA-2009_1625_expat_centos5_i386.nasl
2011-08-09 Name : CentOS Update for ntp CESA-2009:1648 centos4 i386
File : nvt/gb_CESA-2009_1648_ntp_centos4_i386.nasl
2011-08-09 Name : CentOS Update for ntp CESA-2009:1648 centos5 i386
File : nvt/gb_CESA-2009_1648_ntp_centos5_i386.nasl
2011-08-09 Name : CentOS Update for ntp CESA-2009:1651 centos3 i386
File : nvt/gb_CESA-2009_1651_ntp_centos3_i386.nasl
2011-08-09 Name : CentOS Update for kernel CESA-2009:1670 centos5 i386
File : nvt/gb_CESA-2009_1670_kernel_centos5_i386.nasl
2011-08-09 Name : CentOS Update for kernel CESA-2009:1671 centos4 i386
File : nvt/gb_CESA-2009_1671_kernel_centos4_i386.nasl
2011-08-09 Name : CentOS Update for PyXML CESA-2010:0002 centos5 i386
File : nvt/gb_CESA-2010_0002_PyXML_centos5_i386.nasl
2011-08-09 Name : CentOS Update for dbus CESA-2010:0018 centos5 i386
File : nvt/gb_CESA-2010_0018_dbus_centos5_i386.nasl
2011-08-09 Name : CentOS Update for bind CESA-2010:0062 centos5 i386
File : nvt/gb_CESA-2010_0062_bind_centos5_i386.nasl
2011-08-09 Name : CentOS Update for python CESA-2011:0491 centos4 i386
File : nvt/gb_CESA-2011_0491_python_centos4_i386.nasl
2011-08-09 Name : CentOS Update for python CESA-2011:0492 centos5 i386
File : nvt/gb_CESA-2011_0492_python_centos5_i386.nasl
2011-06-06 Name : HP-UX Update for XNTP HPSBUX02639
File : nvt/gb_hp_ux_HPSBUX02639.nasl
2011-05-06 Name : RedHat Update for python RHSA-2011:0491-01
File : nvt/gb_RHSA-2011_0491-01_python.nasl
2011-05-06 Name : RedHat Update for python RHSA-2011:0492-01
File : nvt/gb_RHSA-2011_0492-01_python.nasl
2011-05-05 Name : Fedora Update for SimGear FEDORA-2011-5727
File : nvt/gb_fedora_2011_5727_SimGear_fc14.nasl
2011-05-05 Name : Fedora Update for SimGear FEDORA-2011-5744
File : nvt/gb_fedora_2011_5744_SimGear_fc13.nasl
2011-05-05 Name : HP-UX Update for Apache Web Server HPSBUX02645
File : nvt/gb_hp_ux_HPSBUX02645.nasl
2011-03-24 Name : Fedora Update for whatsup FEDORA-2011-2794
File : nvt/gb_fedora_2011_2794_whatsup_fc13.nasl
2011-03-24 Name : Fedora Update for whatsup FEDORA-2011-2801
File : nvt/gb_fedora_2011_2801_whatsup_fc14.nasl
2011-03-09 Name : Gentoo Security Advisory GLSA 201006-10 (multipath-tools)
File : nvt/glsa_201006_10.nasl
2011-03-09 Name : Gentoo Security Advisory GLSA 201006-11 (BIND)
File : nvt/glsa_201006_11.nasl
2011-03-09 Name : Gentoo Security Advisory GLSA 201006-14 (newt)
File : nvt/glsa_201006_14.nasl
2010-12-02 Name : Fedora Update for libtlen FEDORA-2010-17720
File : nvt/gb_fedora_2010_17720_libtlen_fc14.nasl
2010-12-02 Name : Fedora Update for udunits2 FEDORA-2010-17807
File : nvt/gb_fedora_2010_17807_udunits2_fc13.nasl
2010-12-02 Name : Fedora Update for udunits2 FEDORA-2010-17819
File : nvt/gb_fedora_2010_17819_udunits2_fc14.nasl
2010-11-23 Name : Fedora Update for libtlen FEDORA-2010-17732
File : nvt/gb_fedora_2010_17732_libtlen_fc13.nasl
2010-11-23 Name : Fedora Update for libtlen FEDORA-2010-17762
File : nvt/gb_fedora_2010_17762_libtlen_fc12.nasl
2010-10-19 Name : Mandriva Update for kernel MDVSA-2010:198 (kernel)
File : nvt/gb_mandriva_MDVSA_2010_198.nasl
2010-10-10 Name : FreeBSD Ports: apr
File : nvt/freebsd_apr0.nasl
2010-10-01 Name : HP-UX Update for BIND HPSBUX02546
File : nvt/gb_hp_ux_HPSBUX02546.nasl
2010-09-27 Name : Mandriva Update for kernel MDVSA-2010:188 (kernel)
File : nvt/gb_mandriva_MDVSA_2010_188.nasl
2010-08-30 Name : CentOS Update for kernel CESA-2010:0474 centos4 i386
File : nvt/gb_CESA-2010_0474_kernel_centos4_i386.nasl
2010-06-25 Name : Fedora Update for openssl FEDORA-2010-9421
File : nvt/gb_fedora_2010_9421_openssl_fc11.nasl
2010-06-18 Name : RedHat Update for kernel RHSA-2010:0474-01
File : nvt/gb_RHSA-2010_0474-01_kernel.nasl
2010-05-04 Name : Mandriva Update for kernel MDVSA-2010:088 (kernel)
File : nvt/gb_mandriva_MDVSA_2010_088.nasl
2010-04-19 Name : Fedora Update for openssl FEDORA-2010-5357
File : nvt/gb_fedora_2010_5357_openssl_fc11.nasl
2010-04-16 Name : Ubuntu Update for cmake vulnerabilities USN-890-6
File : nvt/gb_ubuntu_USN_890_6.nasl
2010-04-06 Name : Fedora Update for openssh FEDORA-2010-5429
File : nvt/gb_fedora_2010_5429_openssh_fc11.nasl
2010-03-31 Name : CentOS Update for openssl CESA-2010:0163 centos3 i386
File : nvt/gb_CESA-2010_0163_openssl_centos3_i386.nasl
2010-03-31 Name : CentOS Update for openssl CESA-2010:0163 centos4 i386
File : nvt/gb_CESA-2010_0163_openssl_centos4_i386.nasl
2010-03-31 Name : RedHat Update for openssl RHSA-2010:0163-01
File : nvt/gb_RHSA-2010_0163-01_openssl.nasl
2010-03-12 Name : Mandriva Update for rsnapshot MDVA-2010:088 (rsnapshot)
File : nvt/gb_mandriva_MDVA_2010_088.nasl
2010-03-02 Name : Fedora Update for bind FEDORA-2010-0861
File : nvt/gb_fedora_2010_0861_bind_fc11.nasl
2010-03-02 Name : Fedora Update for bind FEDORA-2010-0868
File : nvt/gb_fedora_2010_0868_bind_fc12.nasl
2010-03-02 Name : Fedora Update for kernel FEDORA-2010-0919
File : nvt/gb_fedora_2010_0919_kernel_fc11.nasl
2010-03-02 Name : Fedora Update for kernel FEDORA-2010-1500
File : nvt/gb_fedora_2010_1500_kernel_fc11.nasl
2010-03-02 Name : Fedora Update for kernel FEDORA-2010-1804
File : nvt/gb_fedora_2010_1804_kernel_fc11.nasl
2010-02-25 Name : Debian Security Advisory DSA 2003-1 (linux-2.6)
File : nvt/deb_2003_1.nasl
2010-02-19 Name : SuSE Update for kernel SUSE-SA:2010:012
File : nvt/gb_suse_2010_012.nasl
2010-02-19 Name : Ubuntu Update for xmlrpc-c vulnerabilities USN-890-5
File : nvt/gb_ubuntu_USN_890_5.nasl
2010-02-10 Name : Debian Security Advisory DSA 1992-1 (chrony)
File : nvt/deb_1992_1.nasl
2010-01-29 Name : SuSE Update for acroread SUSE-SA:2010:008
File : nvt/gb_suse_2010_008.nasl
2010-01-29 Name : Ubuntu Update for python-xml vulnerabilities USN-890-4
File : nvt/gb_ubuntu_USN_890_4.nasl
2010-01-25 Name : RedHat Update for bind RHSA-2010:0062-02
File : nvt/gb_RHSA-2010_0062-02_bind.nasl
2010-01-25 Name : Ubuntu Update for python2.4 vulnerabilities USN-890-3
File : nvt/gb_ubuntu_USN_890_3.nasl
2010-01-22 Name : Mandriva Update for bind MDVSA-2010:021 (bind)
File : nvt/gb_mandriva_MDVSA_2010_021.nasl
2010-01-22 Name : Ubuntu Update for bind9 vulnerabilities USN-888-1
File : nvt/gb_ubuntu_USN_888_1.nasl
2010-01-22 Name : Ubuntu Update for expat vulnerabilities USN-890-1
File : nvt/gb_ubuntu_USN_890_1.nasl
2010-01-22 Name : Ubuntu Update for python2.5 vulnerabilities USN-890-2
File : nvt/gb_ubuntu_USN_890_2.nasl
2010-01-19 Name : CentOS Update for PyXML CESA-2010:0002 centos4 i386
File : nvt/gb_CESA-2010_0002_PyXML_centos4_i386.nasl
2010-01-19 Name : CentOS Update for PyXML CESA-2010:0002 centos4 x86_64
File : nvt/gb_CESA-2010_0002_PyXML_centos4_x86_64.nasl
2010-01-15 Name : RedHat Update for PyXML RHSA-2010:0002-01
File : nvt/gb_RHSA-2010_0002-01_PyXML.nasl
2010-01-15 Name : RedHat Update for dbus RHSA-2010:0018-01
File : nvt/gb_RHSA-2010_0018-01_dbus.nasl
2010-01-15 Name : Mandriva Update for davfs MDVSA-2009:220-1 (davfs)
File : nvt/gb_mandriva_MDVSA_2009_220_1.nasl
2010-01-15 Name : Mandriva Update for expat MDVSA-2009:316-1 (expat)
File : nvt/gb_mandriva_MDVSA_2009_316_1.nasl
2010-01-15 Name : Mandriva Update for expat MDVSA-2009:316-2 (expat)
File : nvt/gb_mandriva_MDVSA_2009_316_2.nasl
2010-01-15 Name : Mandriva Update for expat MDVSA-2009:316-3 (expat)
File : nvt/gb_mandriva_MDVSA_2009_316_3.nasl
2010-01-15 Name : SuSE Update for kernel SUSE-SA:2010:001
File : nvt/gb_suse_2010_001.nasl
2010-01-11 Name : FreeBSD Security Advisory (FreeBSD-SA-10:01.bind.asc)
File : nvt/freebsdsa_bind8.nasl
2010-01-11 Name : FreeBSD Security Advisory (FreeBSD-SA-10:02.ntpd.asc)
File : nvt/freebsdsa_ntpd2.nasl
2010-01-07 Name : Gentoo Security Advisory GLSA 201001-01 (ntp)
File : nvt/glsa_201001_01.nasl
2009-12-30 Name : RedHat Security Advisory RHSA-2009:1670
File : nvt/RHSA_2009_1670.nasl
2009-12-30 Name : RedHat Security Advisory RHSA-2009:1671
File : nvt/RHSA_2009_1671.nasl
2009-12-30 Name : Debian Security Advisory DSA 1961-1 (bind9)
File : nvt/deb_1961_1.nasl
2009-12-30 Name : Fedora Core 11 FEDORA-2009-13694 (kernel)
File : nvt/fcore_2009_13694.nasl
2009-12-30 Name : CentOS Security Advisory CESA-2009:1620 (bind)
File : nvt/ovcesa2009_1620.nasl
2009-12-30 Name : CentOS Security Advisory CESA-2009:1670 (kernel)
File : nvt/ovcesa2009_1670.nasl
2009-12-30 Name : CentOS Security Advisory CESA-2009:1671 (kernel)
File : nvt/ovcesa2009_1671.nasl
2009-12-15 Name : NTP mode 7 MODE_PRIVATE Packet Remote Denial of Service Vulnerability
File : nvt/ntp_37255.nasl
2009-12-14 Name : RedHat Security Advisory RHSA-2009:1648
File : nvt/RHSA_2009_1648.nasl
2009-12-14 Name : RedHat Security Advisory RHSA-2009:1651
File : nvt/RHSA_2009_1651.nasl
2009-12-14 Name : Debian Security Advisory DSA 1948-1 (ntp)
File : nvt/deb_1948_1.nasl
2009-12-14 Name : Fedora Core 12 FEDORA-2009-13046 (ntp)
File : nvt/fcore_2009_13046.nasl
2009-12-14 Name : Fedora Core 11 FEDORA-2009-13090 (ntp)
File : nvt/fcore_2009_13090.nasl
2009-12-14 Name : Fedora Core 10 FEDORA-2009-13098 (kernel)
File : nvt/fcore_2009_13098.nasl
2009-12-14 Name : Fedora Core 10 FEDORA-2009-13121 (ntp)
File : nvt/fcore_2009_13121.nasl
2009-12-14 Name : Gentoo Security Advisory GLSA 200912-01 (openssl)
File : nvt/glsa_200912_01.nasl
2009-12-14 Name : CentOS Security Advisory CESA-2009:1648 (ntp)
File : nvt/ovcesa2009_1648.nasl
2009-12-14 Name : CentOS Security Advisory CESA-2009:1651 (ntp)
File : nvt/ovcesa2009_1651.nasl
2009-12-14 Name : SLES11: Security update for expat
File : nvt/sles11_expat0.nasl
2009-12-14 Name : SLES9: Security update for expat
File : nvt/sles9p5064331.nasl
2009-12-10 Name : RedHat Security Advisory RHSA-2009:1625
File : nvt/RHSA_2009_1625.nasl
2009-12-10 Name : RedHat Security Advisory RHSA-2009:1635
File : nvt/RHSA_2009_1635.nasl
2009-12-10 Name : Fedora Core 10 FEDORA-2009-12690 (expat)
File : nvt/fcore_2009_12690.nasl
2009-12-10 Name : Fedora Core 11 FEDORA-2009-12716 (expat)
File : nvt/fcore_2009_12716.nasl
2009-12-10 Name : Fedora Core 12 FEDORA-2009-12737 (expat)
File : nvt/fcore_2009_12737.nasl
2009-12-10 Name : Fedora Core 11 FEDORA-2009-12786 (kernel)
File : nvt/fcore_2009_12786.nasl
2009-12-10 Name : FreeBSD Ports: expat2
File : nvt/freebsd_expat2.nasl
2009-12-10 Name : FreeBSD Ports: expat2
File : nvt/freebsd_expat20.nasl
2009-12-10 Name : Mandriva Security Advisory MDVSA-2009:211-1 (expat)
File : nvt/mdksa_2009_211_1.nasl
2009-12-10 Name : Mandriva Security Advisory MDVSA-2009:212-1 (python)
File : nvt/mdksa_2009_212_1.nasl
2009-12-10 Name : Mandriva Security Advisory MDVSA-2009:213-1 (wxgtk)
File : nvt/mdksa_2009_213_1.nasl
2009-12-10 Name : Mandriva Security Advisory MDVSA-2009:215-1 (audacity)
File : nvt/mdksa_2009_215_1.nasl
2009-12-10 Name : Mandriva Security Advisory MDVSA-2009:217-3 (mozilla-thunderbird)
File : nvt/mdksa_2009_217_3.nasl
2009-12-10 Name : Mandriva Security Advisory MDVSA-2009:218-1 (w3c-libwww)
File : nvt/mdksa_2009_218_1.nasl
2009-12-10 Name : Mandriva Security Advisory MDVSA-2009:219-1 (kompozer)
File : nvt/mdksa_2009_219_1.nasl
2009-12-10 Name : Mandriva Security Advisory MDVSA-2009:249-1 (newt)
File : nvt/mdksa_2009_249_1.nasl
2009-12-10 Name : Mandriva Security Advisory MDVSA-2009:256-1 (dbus)
File : nvt/mdksa_2009_256_1.nasl
2009-12-10 Name : Mandriva Security Advisory MDVSA-2009:310 (openssl)
File : nvt/mdksa_2009_310.nasl
2009-12-10 Name : Mandriva Security Advisory MDVSA-2009:313-1 (bind)
File : nvt/mdksa_2009_313_1.nasl
2009-12-10 Name : CentOS Security Advisory CESA-2009:1625 (expat)
File : nvt/ovcesa2009_1625.nasl
2009-12-10 Name : SuSE Security Advisory SUSE-SA:2009:059 (bind)
File : nvt/suse_sa_2009_059.nasl
2009-12-10 Name : SuSE Security Advisory SUSE-SA:2009:060 (kernel)
File : nvt/suse_sa_2009_060.nasl
2009-12-10 Name : Ubuntu USN-865-1 (bind9)
File : nvt/ubuntu_865_1.nasl
2009-12-03 Name : RedHat Security Advisory RHSA-2009:1620
File : nvt/RHSA_2009_1620.nasl
2009-12-03 Name : Fedora Core 11 FEDORA-2009-12218 (bind)
File : nvt/fcore_2009_12218.nasl
2009-12-03 Name : Fedora Core 12 FEDORA-2009-12233 (bind)
File : nvt/fcore_2009_12233.nasl
2009-12-03 Name : SLES11: Security update for bind
File : nvt/sles11_bind0.nasl
2009-12-03 Name : SLES11: Security update for Linux kernel
File : nvt/sles11_ext4dev-kmp-def4.nasl
2009-11-25 Name : ISC BIND 9 DNSSEC Query Response Additional Section Remote Cache Poisoning Vu...
File : nvt/bind_37118.nasl
2009-11-23 Name : Mandriva Security Advisory MDVSA-2009:301 (kernel)
File : nvt/mdksa_2009_301.nasl
2009-11-23 Name : SLES10: Security update for expat
File : nvt/sles10_expat.nasl
2009-11-23 Name : SLES11: Security update for expat
File : nvt/sles11_expat.nasl
2009-11-23 Name : SLES9: Security update for expat
File : nvt/sles9p5062940.nasl
2009-11-17 Name : RedHat Security Advisory RHSA-2009:1572
File : nvt/RHSA_2009_1572.nasl
2009-11-17 Name : CentOS Security Advisory CESA-2009:1572 (4Suite)
File : nvt/ovcesa2009_1572.nasl
2009-11-17 Name : SLES10: Security update for Linux kernel
File : nvt/sles10_kernel9.nasl
2009-11-17 Name : SLES9: Security update for Linux kernel
File : nvt/sles9p5062456.nasl
2009-11-11 Name : RedHat Security Advisory RHSA-2009:1540
File : nvt/RHSA_2009_1540.nasl
2009-11-11 Name : RedHat Security Advisory RHSA-2009:1541
File : nvt/RHSA_2009_1541.nasl
2009-11-11 Name : RedHat Security Advisory RHSA-2009:1548
File : nvt/RHSA_2009_1548.nasl
2009-11-11 Name : RedHat Security Advisory RHSA-2009:1550
File : nvt/RHSA_2009_1550.nasl
2009-11-11 Name : Debian Security Advisory DSA 1927-1 (linux-2.6)
File : nvt/deb_1927_1.nasl
2009-11-11 Name : Debian Security Advisory DSA 1928-1 (linux-2.6.24)
File : nvt/deb_1928_1.nasl
2009-11-11 Name : Debian Security Advisory DSA 1929-1 (linux-2.6)
File : nvt/deb_1929_1.nasl
2009-11-11 Name : Fedora Core 11 FEDORA-2009-10639 (kernel)
File : nvt/fcore_2009_10639.nasl
2009-11-11 Name : Fedora Core 10 FEDORA-2009-10949 (PyXML)
File : nvt/fcore_2009_10949.nasl
2009-11-11 Name : Fedora Core 10 FEDORA-2009-10956 (python-4Suite-XML)
File : nvt/fcore_2009_10956.nasl
2009-11-11 Name : Fedora Core 11 FEDORA-2009-10972 (python-4Suite-XML)
File : nvt/fcore_2009_10972.nasl
2009-11-11 Name : Fedora Core 11 FEDORA-2009-10987 (expat)
File : nvt/fcore_2009_10987.nasl
2009-11-11 Name : Fedora Core 10 FEDORA-2009-11029 (expat)
File : nvt/fcore_2009_11029.nasl
2009-11-11 Name : Fedora Core 11 FEDORA-2009-11030 (PyXML)
File : nvt/fcore_2009_11030.nasl
2009-11-11 Name : Fedora Core 11 FEDORA-2009-11032 (kernel)
File : nvt/fcore_2009_11032.nasl
2009-11-11 Name : Fedora Core 10 FEDORA-2009-11038 (kernel)
File : nvt/fcore_2009_11038.nasl
2009-11-11 Name : Mandriva Security Advisory MDVSA-2009:289 (kernel)
File : nvt/mdksa_2009_289.nasl
2009-11-11 Name : CentOS Security Advisory CESA-2009:1455 (kernel)
File : nvt/ovcesa2009_1455.nasl
2009-11-11 Name : CentOS Security Advisory CESA-2009:1470 (openssh)
File : nvt/ovcesa2009_1470.nasl
2009-11-11 Name : CentOS Security Advisory CESA-2009:1541 (kernel)
File : nvt/ovcesa2009_1541.nasl
2009-11-11 Name : CentOS Security Advisory CESA-2009:1548 (kernel)
File : nvt/ovcesa2009_1548.nasl
2009-11-11 Name : CentOS Security Advisory CESA-2009:1550 (kernel)
File : nvt/ovcesa2009_1550.nasl
2009-11-11 Name : SuSE Security Summary SUSE-SR:2009:018
File : nvt/suse_sr_2009_018.nasl
2009-10-27 Name : RedHat Security Advisory RHSA-2009:1522
File : nvt/RHSA_2009_1522.nasl
2009-10-27 Name : Debian Security Advisory DSA 1915-1 (linux-2.6)
File : nvt/deb_1915_1.nasl
2009-10-27 Name : CentOS Security Advisory CESA-2009:1522 (kernel)
File : nvt/ovcesa2009_1522.nasl
2009-10-27 Name : SuSE Security Summary SUSE-SR:2009:017
File : nvt/suse_sr_2009_017.nasl
2009-10-19 Name : Fedora Core 10 FEDORA-2009-10525 (kernel)
File : nvt/fcore_2009_10525.nasl
2009-10-13 Name : Solaris Update for sshd 140119-11
File : nvt/gb_solaris_140119_11.nasl
2009-10-13 Name : Solaris Update for sshd 141742-04
File : nvt/gb_solaris_141742_04.nasl
2009-10-13 Name : Mandrake Security Advisory MDVSA-2009:256 (dbus)
File : nvt/mdksa_2009_256.nasl
2009-10-13 Name : SLES10: Security update for compat-openssl097g
File : nvt/sles10_compat-openssl0.nasl
2009-10-13 Name : SLES10: Security update for multipath-tools
File : nvt/sles10_multipath-tools.nasl
2009-10-13 Name : SLES10: Security update for nfs-utils
File : nvt/sles10_nfs-utils.nasl
2009-10-13 Name : SLES10: Security update for OpenSSL
File : nvt/sles10_openssl0.nasl
2009-10-13 Name : SLES10: Security update for OpenSSL
File : nvt/sles10_openssl1.nasl
2009-10-13 Name : SLES10: Security update for OpenSSL
File : nvt/sles10_openssl2.nasl
2009-10-11 Name : SLES11: Security update for glib2
File : nvt/sles11_glib2.nasl
2009-10-11 Name : SLES11: Security update for OpenSSL
File : nvt/sles11_libopenssl0_9_8.nasl
2009-10-11 Name : SLES11: Security update for OpenSSL
File : nvt/sles11_libopenssl0_9_80.nasl
2009-10-11 Name : SLES11: Security update for OpenSSL
File : nvt/sles11_libopenssl0_9_81.nasl
2009-10-10 Name : SLES9: Security update for nfs-utils
File : nvt/sles9p5040680.nasl
2009-10-10 Name : SLES9: Security update for multipath-tools
File : nvt/sles9p5046186.nasl
2009-10-10 Name : SLES9: Security update for OpenSSL
File : nvt/sles9p5048397.nasl
2009-10-06 Name : RedHat Security Advisory RHSA-2009:1455
File : nvt/RHSA_2009_1455.nasl
2009-10-06 Name : RedHat Security Advisory RHSA-2009:1470
File : nvt/RHSA_2009_1470.nasl
2009-10-06 Name : Mandrake Security Advisory MDVSA-2009:249 (newt)
File : nvt/mdksa_2009_249.nasl
2009-09-28 Name : RedHat Security Advisory RHSA-2009:1463
File : nvt/RHSA_2009_1463.nasl
2009-09-28 Name : Debian Security Advisory DSA 1894-1 (newt)
File : nvt/deb_1894_1.nasl
2009-09-28 Name : Fedora Core 10 FEDORA-2009-9957 (newt)
File : nvt/fcore_2009_9957.nasl
2009-09-28 Name : Fedora Core 11 FEDORA-2009-9961 (newt)
File : nvt/fcore_2009_9961.nasl
2009-09-28 Name : Mandrake Security Advisory MDVSA-2009:237 (openssl)
File : nvt/mdksa_2009_237.nasl
2009-09-28 Name : Mandrake Security Advisory MDVSA-2009:238 (openssl)
File : nvt/mdksa_2009_238.nasl
2009-09-28 Name : Mandrake Security Advisory MDVSA-2009:239 (openssl)
File : nvt/mdksa_2009_239.nasl
2009-09-28 Name : CentOS Security Advisory CESA-2009:1463 (newt)
File : nvt/ovcesa2009_1463.nasl
2009-09-28 Name : Ubuntu USN-837-1 (newt)
File : nvt/ubuntu_837_1.nasl
2009-09-23 Name : Solaris Update for sshd 140119-07
File : nvt/gb_solaris_140119_07.nasl
2009-09-23 Name : Solaris Update for sshd 140119-09
File : nvt/gb_solaris_140119_09.nasl
2009-09-23 Name : Solaris Update for sshd 141742-02
File : nvt/gb_solaris_141742_02.nasl
2009-09-21 Name : Debian Security Advisory DSA 1888-1 (openssl, openssl097)
File : nvt/deb_1888_1.nasl
2009-09-21 Name : CentOS Security Advisory CESA-2009:1321 (nfs-utils)
File : nvt/ovcesa2009_1321.nasl
2009-09-21 Name : CentOS Security Advisory CESA-2009:1335 (openssl)
File : nvt/ovcesa2009_1335.nasl
2009-09-09 Name : RedHat Security Advisory RHSA-2009:1321
File : nvt/RHSA_2009_1321.nasl
2009-09-09 Name : RedHat Security Advisory RHSA-2009:1335
File : nvt/RHSA_2009_1335.nasl
2009-09-02 Name : Debian Security Advisory DSA 1872-1 (linux-2.6)
File : nvt/deb_1872_1.nasl
2009-09-02 Name : Fedora Core 11 FEDORA-2009-9044 (kernel)
File : nvt/fcore_2009_9044.nasl
2009-07-29 Name : Debian Security Advisory DSA 1837-1 (dbus)
File : nvt/deb_1837_1.nasl
2009-07-29 Name : Ubuntu USN-799-1 (dbus)
File : nvt/ubuntu_799_1.nasl
2009-07-29 Name : Ubuntu USN-805-1 (ruby1.9)
File : nvt/ubuntu_805_1.nasl
2009-07-17 Name : HP-UX Update for OpenSSL HPSBUX02435
File : nvt/gb_hp_ux_HPSBUX02435.nasl
2009-07-06 Name : SuSE Security Summary SUSE-SR:2009:012
File : nvt/suse_sr_2009_012.nasl
2009-06-30 Name : Ubuntu USN-792-1 (openssl)
File : nvt/ubuntu_792_1.nasl
2009-06-23 Name : Fedora Core 10 FEDORA-2009-5412 (openssl)
File : nvt/fcore_2009_5412.nasl
2009-06-23 Name : Fedora Core 9 FEDORA-2009-5423 (openssl)
File : nvt/fcore_2009_5423.nasl
2009-06-23 Name : Fedora Core 11 FEDORA-2009-5452 (openssl)
File : nvt/fcore_2009_5452.nasl
2009-06-15 Name : SuSE Security Summary SUSE-SR:2009:011
File : nvt/suse_sr_2009_011.nasl
2009-06-12 Name : Denial Of Service Vulnerability in OpenSSL June-09 (Linux)
File : nvt/gb_openssl_dos_vuln_lin_jun09.nasl
2009-06-05 Name : FreeBSD Ports: opensll
File : nvt/freebsd_opensll.nasl
2009-06-05 Name : Mandrake Security Advisory MDVSA-2009:120 (openssl)
File : nvt/mdksa_2009_120.nasl
2009-06-05 Name : Ubuntu USN-743-1 (gs-gpl)
File : nvt/ubuntu_743_1.nasl
2009-06-05 Name : Ubuntu USN-744-1 (lcms)
File : nvt/ubuntu_744_1.nasl
2009-05-28 Name : OpenSSL DTLS Packets Multiple Denial of Service Vulnerabilities (Linux)
File : nvt/secpod_openssl_mult_dos_vuln_lin.nasl
2009-05-28 Name : OpenSSL DTLS Packets Multiple DOS Vulnerabilities (win)
File : nvt/secpod_openssl_mult_dos_vuln_win.nasl
2009-05-20 Name : SuSE Security Summary SUSE-SR:2009:010
File : nvt/suse_sr_2009_010.nasl
2009-05-11 Name : FreeBSD Ports: FreeBSD
File : nvt/freebsd_FreeBSD.nasl
2009-04-28 Name : Fedora Core 10 FEDORA-2009-2657 (glib2)
File : nvt/fcore_2009_2657.nasl
2009-04-28 Name : FreeBSD Security Advisory (FreeBSD-SA-09:08.openssl.asc)
File : nvt/freebsdsa_openssl7.nasl
2009-04-28 Name : SuSE Security Advisory SUSE-SA:2009:026 (glib2)
File : nvt/suse_sa_2009_026.nasl
2009-04-15 Name : RedHat Security Advisory RHSA-2009:0411
File : nvt/RHSA_2009_0411.nasl
2009-04-15 Name : Debian Security Advisory DSA 1763-1 (openssl)
File : nvt/deb_1763_1.nasl
2009-04-15 Name : Debian Security Advisory DSA 1767-1 (multipath-tools)
File : nvt/deb_1767_1.nasl
2009-04-15 Name : Fedora Core 10 FEDORA-2009-3449 (device-mapper-multipath)
File : nvt/fcore_2009_3449.nasl
2009-04-15 Name : Fedora Core 9 FEDORA-2009-3453 (device-mapper-multipath)
File : nvt/fcore_2009_3453.nasl
2009-04-15 Name : Gentoo Security Advisory GLSA 200904-08 (openssl)
File : nvt/glsa_200904_08.nasl
2009-04-15 Name : CentOS Security Advisory CESA-2009:0411 (device-mapper-multipath)
File : nvt/ovcesa2009_0411.nasl
2009-04-09 Name : Mandriva Update for ed MDVSA-2008:200 (ed)
File : nvt/gb_mandriva_MDVSA_2008_200.nasl
2009-04-06 Name : Fedora Core 9 FEDORA-2009-2688 (glib2)
File : nvt/fcore_2009_2688.nasl
2009-04-06 Name : Gentoo Security Advisory GLSA 200904-02 (glib)
File : nvt/glsa_200904_02.nasl
2009-04-06 Name : Mandrake Security Advisory MDVSA-2009:080 (glib2.0)
File : nvt/mdksa_2009_080.nasl
2009-04-06 Name : Mandrake Security Advisory MDVSA-2009:085 (gstreamer0.10-plugins-base)
File : nvt/mdksa_2009_085.nasl
2009-04-06 Name : Mandrake Security Advisory MDVSA-2009:087 (openssl)
File : nvt/mdksa_2009_087.nasl
2009-04-06 Name : SuSE Security Summary SUSE-SR:2009:008
File : nvt/suse_sr_2009_008.nasl
2009-04-06 Name : Ubuntu USN-746-1 (xine-lib)
File : nvt/ubuntu_746_1.nasl
2009-04-06 Name : Ubuntu USN-747-1 (icu)
File : nvt/ubuntu_747_1.nasl
2009-04-06 Name : Ubuntu USN-749-1 (libsndfile)
File : nvt/ubuntu_749_1.nasl
2009-04-06 Name : Ubuntu USN-750-1 (openssl)
File : nvt/ubuntu_750_1.nasl
2009-04-02 Name : OpenSSL Multiple Vulnerabilities (Linux)
File : nvt/gb_openssl_mult_vuln_lin.nasl
2009-04-02 Name : OpenSSL Multiple Vulnerabilities (Win)
File : nvt/gb_openssl_mult_vuln_win.nasl
2009-03-31 Name : RedHat Security Advisory RHSA-2009:0336
File : nvt/RHSA_2009_0336.nasl
2009-03-31 Name : Debian Security Advisory DSA 1747-1 (glib2.0)
File : nvt/deb_1747_1.nasl
2009-03-31 Name : Mandrake Security Advisory MDVSA-2009:060-1 (nfs-utils)
File : nvt/mdksa_2009_060_1.nasl
2009-03-31 Name : SuSE Security Summary SUSE-SR:2009:007
File : nvt/suse_sr_2009_007.nasl
2009-03-31 Name : Ubuntu USN-742-1 (jasper)
File : nvt/ubuntu_742_1.nasl
2009-03-23 Name : Ubuntu Update for nfs-utils vulnerability USN-687-1
File : nvt/gb_ubuntu_USN_687_1.nasl
2009-03-20 Name : Ubuntu USN-733-1 (evolution-data-server)
File : nvt/ubuntu_733_1.nasl
2009-03-20 Name : Ubuntu USN-734-1 (ffmpeg-debian)
File : nvt/ubuntu_734_1.nasl
2009-03-20 Name : Ubuntu USN-738-1 (glib2.0)
File : nvt/ubuntu_738_1.nasl
2009-03-13 Name : Gentoo Security Advisory GLSA 200903-06 (nfs-utils)
File : nvt/glsa_200903_06.nasl
2009-03-06 Name : RedHat Update for ed RHSA-2008:0946-01
File : nvt/gb_RHSA-2008_0946-01_ed.nasl
2009-02-27 Name : CentOS Update for ed CESA-2008:0946-01 centos2 i386
File : nvt/gb_CESA-2008_0946-01_ed_centos2_i386.nasl
2009-02-27 Name : CentOS Update for ed CESA-2008:0946 centos3 i386
File : nvt/gb_CESA-2008_0946_ed_centos3_i386.nasl
2009-02-27 Name : CentOS Update for ed CESA-2008:0946 centos3 x86_64
File : nvt/gb_CESA-2008_0946_ed_centos3_x86_64.nasl
2009-02-27 Name : CentOS Update for ed CESA-2008:0946 centos4 i386
File : nvt/gb_CESA-2008_0946_ed_centos4_i386.nasl
2009-02-27 Name : CentOS Update for ed CESA-2008:0946 centos4 x86_64
File : nvt/gb_CESA-2008_0946_ed_centos4_x86_64.nasl
2009-02-17 Name : Fedora Update for ed FEDORA-2008-9236
File : nvt/gb_fedora_2008_9236_ed_fc8.nasl
2009-02-17 Name : Fedora Update for ed FEDORA-2008-9263
File : nvt/gb_fedora_2008_9263_ed_fc9.nasl
2009-01-20 Name : SuSE Security Summary SUSE-SR:2009:001 (OpenSuSE 11.1)
File : nvt/suse_sr_2009_001.nasl
2009-01-20 Name : SuSE Security Summary SUSE-SR:2009:001 (OpenSuSE 11.0)
File : nvt/suse_sr_2009_001a.nasl
2009-01-20 Name : SuSE Security Summary SUSE-SR:2009:001 (OpenSuSE 10.3)
File : nvt/suse_sr_2009_001b.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200809-15 (ed)
File : nvt/glsa_200809_15.nasl
0000-00-00 Name : Slackware Advisory SSA:2009-086-02 glib2
File : nvt/esoft_slk_ssa_2009_086_02.nasl
0000-00-00 Name : Slackware Advisory SSA:2009-098-01 openssl
File : nvt/esoft_slk_ssa_2009_098_01.nasl
0000-00-00 Name : Slackware Advisory SSA:2009-336-01 bind
File : nvt/esoft_slk_ssa_2009_336_01.nasl
0000-00-00 Name : Slackware Advisory SSA:2009-343-01 ntp
File : nvt/esoft_slk_ssa_2009_343_01.nasl
0000-00-00 Name : Slackware Advisory SSA:2010-060-02 openssl
File : nvt/esoft_slk_ssa_2010_060_02.nasl
0000-00-00 Name : Slackware Advisory SSA:2010-176-01 bind
File : nvt/esoft_slk_ssa_2010_176_01.nasl
0000-00-00 Name : Slackware Advisory SSA:2011-041-02 expat
File : nvt/esoft_slk_ssa_2011_041_02.nasl
0000-00-00 Name : Slackware Advisory SSA:2011-041-03 httpd
File : nvt/esoft_slk_ssa_2011_041_03.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
62881 SSH Tectia Audit Player ASN1_STRING_print_ex() Function BMPString / Universal...

60847 NTP ntpd Mode 7 Request Crafted Packet Reply Loop Remote DoS

NTP contains a flaw that may allow a remote denial of service. The issue is triggered when ntpd processes specially crafted MODE_PRIVATE packets, and will result in loss of availability for the service.
60797 Expat libexpat lib/xmltok.c big2_toUtf8 Function UTF-8 XML Document Handling ...

60493 ISC BIND DNSSEC Recursive Query Additional Section Cache Poisoning

59877 Linux Kernel NFSv4 Client fs/nfs/nfs4proc.c nfs4_proc_lock Function Remote DoS

59737 Expat libexpat lib/xmltok_impl.c updatePosition Function UTF-8 XML Document H...

59654 Linux Kernel fs/pipe.c Multiple Function Locking Error NULL Dereference Local...

Linux Kernel 2.6.x contains a flaw that may allow a local denial of service or privilege escalation. The issue is triggered within the "pipe_rdwr_open()", "pipe_write_open()", and "pipe_read_open()" functions in "fs/pipe.c". This can be exploited to cause a NULL pointer deference by performing certain pipe operations.
59222 Linux Kernel Netlink Subsystem net/sched/cls_api.c tcf_fill_node Function Loc...

59211 Linux Kernel ATI Rage 128 Driver CCE NULL Dereference Local Privilege Escalation

59210 Linux Kernel net/unix/af_unix.c AF_UNIX Socket Reconnect Local DoS

59070 Linux Kernel tc Subsystem net/sched/sch_api.c tc_fill_tclass Function Local M...

59068 Linux Kernel drivers/net/r8169.c r8169 Driver swiotlb Functionality Jumbo Fra...

Linux Kernel Driver r8169 contains a flaw that may allow a remote denial of service. The issue is triggered when an error in the 'swiotlb' functionality in the r8169 driver in drivers/net/r8169.c in the Linux kernel occurs and will allow remote and local attackers to cause a denial or service attack that results in IOMMU space exhaustion and system crash by using jumbo frames for a large amount of network traffic, and will result in loss of availability for the platform.
58880 Linux Kernel eCryptfs fs/ecryptfs/inode.c d_delete Function NULL Dereference ...

58495 OpenSSH sshd ChrootDirectory Feature SetUID Hard Link Local Privilege Escalation

58330 Newt textbox.c doReflow() Function Overflow

58323 Linux Kernel NFSv4 o_EXCL inode Creation Failure Local Privilege Escalation

57821 Linux Kernel net/sched/sch_api.c tc_fill_tclass() Function Kernel Memory Disc...

57757 Linux Kernel Multiple mmap Operations Local Privilege Escalation

57209 Linux Kernel drivers/md/md.c Multiple Function NULL Dereference Local DoS

56386 GLib glib/gbase64.c Base64 Conversion Overflow

56165 D-Bus dbus-marshal-validate.c _dbus_validate_signature_with_reason Function C...

55073 OpenSSL ssl/s3_pkt.c DTLS ChangeCipherSpec Packet Handling Remote DoS

55072 OpenSSL ssl/d1_both.cdtls1_retrieve_buffered_fragment Function DTLS Handshake...

54614 OpenSSL ssl/d1_both.c dtls1_retrieve_buffered_fragment Function DTLS Packet H...

54613 OpenSSL ssl/d1_both.c dtls1_process_out_of_seq_message Function DTLS Record H...

54612 OpenSSL ssl/d1_pkt.c dtls1_buffer_record Function Buffered DTLS Record Handli...

53486 multipath-tools in SUSE /var/run/multipathd.sock Multipath Daemon Local Arbit...

52864 OpenSSL ASN1_STRING_print_ex() Function BMPString / UniversalString Handling DoS

49182 nfs-utils NFS Netgroups TCP Wrappers hosts_ctl Function Remote Security Bypass

48045 GNU ed signal.c strip_escapes Function Filename Handling Overflow

Information Assurance Vulnerability Management (IAVM)

Date Description
2015-07-16 IAVM : 2015-A-0150 - Multiple Security Vulnerabilities in Juniper Networks CTPView
Severity : Category I - VMSKEY : V0061073
2015-05-21 IAVM : 2015-A-0113 - Multiple Vulnerabilities in Juniper Networks CTPOS
Severity : Category I - VMSKEY : V0060737
2012-02-02 IAVM : 2012-A-0020 - Multiple Vulnerabilities in VMware ESX 4.1 and ESXi 4.1
Severity : Category I - VMSKEY : V0031252

Snort® IPS/IDS

Date Description
2014-01-10 Expat xml UTF-8 buffer over-read attempt
RuleID : 24070 - Revision : 3 - Type : FILE-OTHER
2014-01-10 Expat xml UTF-8 buffer over-read attempt
RuleID : 24069 - Revision : 3 - Type : FILE-OTHER
2014-01-10 Expat xml UTF-8 bufer over-read attempt
RuleID : 24068 - Revision : 3 - Type : FILE-OTHER
2014-01-10 Expat xml UTF-8 buffer over-read attempt
RuleID : 24067 - Revision : 3 - Type : FILE-OTHER
2014-01-10 ntp mode 7 denial of service attempt
RuleID : 16350 - Revision : 7 - Type : SERVER-OTHER

Nessus® Vulnerability Scanner

Date Description
2017-05-08 Name : An application installed on the remote host is affected by multiple vulnerabi...
File : itunes_12_6.nasl - Type : ACT_GATHER_INFO
2017-05-08 Name : An application running on the remote host is affected by multiple vulnerabili...
File : itunes_12_6_banner.nasl - Type : ACT_GATHER_INFO
2017-05-08 Name : The remote host contains an application that is affected by multiple vulnerab...
File : macos_itunes_12_6.nasl - Type : ACT_GATHER_INFO
2016-11-30 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_18449f92ab3911e68011005056925db4.nasl - Type : ACT_GATHER_INFO
2016-03-08 Name : The remote VMware ESX host is missing a security-related patch.
File : vmware_VMSA-2010-0004_remote.nasl - Type : ACT_GATHER_INFO
2016-03-08 Name : The remote VMware ESX / ESXi host is missing a security-related patch.
File : vmware_VMSA-2010-0009_remote.nasl - Type : ACT_GATHER_INFO
2016-03-08 Name : The remote VMware ESX host is missing a security-related patch.
File : vmware_VMSA-2010-0019_remote.nasl - Type : ACT_GATHER_INFO
2016-03-03 Name : The remote VMware ESXi / ESX host is missing a security-related patch.
File : vmware_VMSA-2012-0001_remote.nasl - Type : ACT_GATHER_INFO
2016-01-28 Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL10905.nasl - Type : ACT_GATHER_INFO
2015-01-07 Name : The remote OracleVM host is missing a security update.
File : oraclevm_OVMSA-2015-0001.nasl - Type : ACT_GATHER_INFO
2015-01-07 Name : The remote OracleVM host is missing a security update.
File : oraclevm_OVMSA-2015-0002.nasl - Type : ACT_GATHER_INFO
2014-12-15 Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL15905.nasl - Type : ACT_GATHER_INFO
2014-11-26 Name : The remote OracleVM host is missing a security update.
File : oraclevm_OVMSA-2009-0026.nasl - Type : ACT_GATHER_INFO
2014-11-26 Name : The remote OracleVM host is missing one or more security updates.
File : oraclevm_OVMSA-2009-0033.nasl - Type : ACT_GATHER_INFO
2014-11-26 Name : The remote OracleVM host is missing a security update.
File : oraclevm_OVMSA-2009-0036.nasl - Type : ACT_GATHER_INFO
2014-11-26 Name : The remote OracleVM host is missing one or more security updates.
File : oraclevm_OVMSA-2013-0039.nasl - Type : ACT_GATHER_INFO
2014-11-17 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0476.nasl - Type : ACT_GATHER_INFO
2014-11-04 Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL15787.nasl - Type : ACT_GATHER_INFO
2014-10-28 Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL15748.nasl - Type : ACT_GATHER_INFO
2014-10-10 Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL10898.nasl - Type : ACT_GATHER_INFO
2014-10-10 Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL15156.nasl - Type : ACT_GATHER_INFO
2014-10-10 Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL15348.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_compat-openssl097g-110721.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_4_compat-openssl097g-110721.nasl - Type : ACT_GATHER_INFO
2013-11-13 Name : The remote VMware ESXi 5.0 host is affected by multiple vulnerabilities.
File : vmware_esxi_5_0_build_608089_remote.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2008-0946.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-0336.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-0411.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-1455.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-1463.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-1470.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-1522.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-1541.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-1548.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-1550.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2009-1572.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-1620.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-1625.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2009-1648.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2009-1651.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-1670.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-1671.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2010-0002.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0018.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0062.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0163.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0474.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-0491.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-0492.nasl - Type : ACT_GATHER_INFO
2013-06-29 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-1541.nasl - Type : ACT_GATHER_INFO
2013-06-29 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-1548.nasl - Type : ACT_GATHER_INFO
2013-06-29 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-1550.nasl - Type : ACT_GATHER_INFO
2013-06-29 Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2009-1572.nasl - Type : ACT_GATHER_INFO
2013-05-19 Name : The remote HP-UX host is missing a security-related patch.
File : hpux_PHNE_42470.nasl - Type : ACT_GATHER_INFO
2013-03-06 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20091103_kernel_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote AIX host is missing a security patch.
File : aix_IZ68659.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote AIX host is missing a security patch.
File : aix_IZ71071.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote AIX host is missing a security patch.
File : aix_IZ71093.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote AIX host is missing a security patch.
File : aix_IZ71608.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote AIX host is missing a security patch.
File : aix_IZ71610.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote AIX host is missing a security patch.
File : aix_IZ71611.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote AIX host is missing a security patch.
File : aix_IZ71613.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote AIX host is missing a security patch.
File : aix_IZ71614.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1335.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1587.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1588.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1672.nasl - Type : ACT_GATHER_INFO
2012-09-25 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201209-06.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing a security update.
File : sl_20081021_ed_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20090324_glib2_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20090407_device_mapper_multipath_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20090902_nfs_utils_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20090902_openssl_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20090924_newt_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20090930_openssh_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20091022_kernel_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20091103_kernel_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20091103_kernel_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing a security update.
File : sl_20091110_4Suite_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20091130_bind_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20091207_expat_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing a security update.
File : sl_20091208_ntp_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20091215_kernel_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20091215_kernel_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing a security update.
File : sl_20100104_PyXML_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20100107_dbus_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20100120_bind_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20100325_openssl_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20100615_kernel_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20110505_python_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-05-17 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_kernel-6636.nasl - Type : ACT_GATHER_INFO
2012-05-17 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_kernel-6697.nasl - Type : ACT_GATHER_INFO
2012-05-17 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_kernel-6730.nasl - Type : ACT_GATHER_INFO
2012-01-31 Name : The remote VMware ESXi / ESX host is missing one or more security-related pat...
File : vmware_VMSA-2012-0001.nasl - Type : ACT_GATHER_INFO
2012-01-04 Name : The remote server is affected by a denial of service vulnerability.
File : openssl_0_9_8i.nasl - Type : ACT_GATHER_INFO
2012-01-04 Name : The remote server is affected by multiple vulnerabilities.
File : openssl_0_9_8k.nasl - Type : ACT_GATHER_INFO
2012-01-04 Name : The remote server is affected by multiple vulnerabilities.
File : openssl_0_9_8l.nasl - Type : ACT_GATHER_INFO
2012-01-04 Name : The remote server is affected by a denial of service vulnerability.
File : openssl_1_0_0.nasl - Type : ACT_GATHER_INFO
2011-12-13 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_compat-openssl097g-7645.nasl - Type : ACT_GATHER_INFO
2011-12-13 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_dbus-1-7482.nasl - Type : ACT_GATHER_INFO
2011-11-18 Name : The SSH server running on the remote host has a privilege escalation vulnerab...
File : openssh_rhel_43.nasl - Type : ACT_GATHER_INFO
2011-10-13 Name : The remote host is missing a Mac OS X update that fixes several security issues.
File : macosx_SecUpd2011-006.nasl - Type : ACT_GATHER_INFO
2011-07-28 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_compat-openssl097g-110721.nasl - Type : ACT_GATHER_INFO
2011-07-28 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_compat-openssl097g-7644.nasl - Type : ACT_GATHER_INFO
2011-05-28 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2009-336-01.nasl - Type : ACT_GATHER_INFO
2011-05-28 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2010-176-01.nasl - Type : ACT_GATHER_INFO
2011-05-06 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2011-0491.nasl - Type : ACT_GATHER_INFO
2011-05-06 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2011-0492.nasl - Type : ACT_GATHER_INFO
2011-05-06 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0491.nasl - Type : ACT_GATHER_INFO
2011-05-06 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0492.nasl - Type : ACT_GATHER_INFO
2011-05-05 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_ed-101129.nasl - Type : ACT_GATHER_INFO
2011-05-02 Name : The remote Fedora host is missing a security update.
File : fedora_2011-5727.nasl - Type : ACT_GATHER_INFO
2011-05-02 Name : The remote Fedora host is missing a security update.
File : fedora_2011-5744.nasl - Type : ACT_GATHER_INFO
2011-04-29 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_dbus-1-110418.nasl - Type : ACT_GATHER_INFO
2011-04-29 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_dbus-1-7483.nasl - Type : ACT_GATHER_INFO
2011-04-27 Name : The remote Fedora host is missing a security update.
File : fedora_2011-5777.nasl - Type : ACT_GATHER_INFO
2011-04-04 Name : The remote HP-UX host is missing a security-related patch.
File : hpux_PHNE_41177.nasl - Type : ACT_GATHER_INFO
2011-04-04 Name : The remote HP-UX host is missing a security-related patch.
File : hpux_PHNE_41907.nasl - Type : ACT_GATHER_INFO
2011-04-04 Name : The remote HP-UX host is missing a security-related patch.
File : hpux_PHNE_41908.nasl - Type : ACT_GATHER_INFO
2011-03-17 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_expat-100109.nasl - Type : ACT_GATHER_INFO
2011-03-16 Name : The remote Fedora host is missing a security update.
File : fedora_2011-2794.nasl - Type : ACT_GATHER_INFO
2011-03-16 Name : The remote Fedora host is missing a security update.
File : fedora_2011-2801.nasl - Type : ACT_GATHER_INFO
2011-03-16 Name : The remote Fedora host is missing a security update.
File : fedora_2011-3097.nasl - Type : ACT_GATHER_INFO
2011-02-11 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2011-041-02.nasl - Type : ACT_GATHER_INFO
2011-02-11 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2011-041-03.nasl - Type : ACT_GATHER_INFO
2011-01-27 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_libicecore-6857.nasl - Type : ACT_GATHER_INFO
2011-01-27 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_libicecore-6862.nasl - Type : ACT_GATHER_INFO
2011-01-21 Name : The remote SuSE 11 host is missing a security update.
File : suse_11_ed-110111.nasl - Type : ACT_GATHER_INFO
2011-01-21 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_ed-7301.nasl - Type : ACT_GATHER_INFO
2010-12-08 Name : The remote VMware ESX host is missing one or more security-related patches.
File : vmware_VMSA-2010-0019.nasl - Type : ACT_GATHER_INFO
2010-12-02 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_libpython2_6-1_0-100323.nasl - Type : ACT_GATHER_INFO
2010-11-28 Name : The remote Fedora host is missing a security update.
File : fedora_2010-17807.nasl - Type : ACT_GATHER_INFO
2010-11-28 Name : The remote Fedora host is missing a security update.
File : fedora_2010-17819.nasl - Type : ACT_GATHER_INFO
2010-11-24 Name : The remote Fedora host is missing a security update.
File : fedora_2010-17720.nasl - Type : ACT_GATHER_INFO
2010-11-22 Name : The remote Fedora host is missing a security update.
File : fedora_2010-17732.nasl - Type : ACT_GATHER_INFO
2010-11-22 Name : The remote Fedora host is missing a security update.
File : fedora_2010-17762.nasl - Type : ACT_GATHER_INFO
2010-10-20 Name : The remote web server is affected by multiple vulnerabilities.
File : apache_2_0_64.nasl - Type : ACT_GATHER_INFO
2010-10-20 Name : The remote web server may be affected by several issues.
File : apache_2_2_17.nasl - Type : ACT_GATHER_INFO
2010-10-11 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_expat-6619.nasl - Type : ACT_GATHER_INFO
2010-10-11 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_expat-6703.nasl - Type : ACT_GATHER_INFO
2010-10-11 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_expat-6765.nasl - Type : ACT_GATHER_INFO
2010-10-11 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_kernel-6694.nasl - Type : ACT_GATHER_INFO
2010-10-11 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_python-6946.nasl - Type : ACT_GATHER_INFO
2010-10-11 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_pyxml-6715.nasl - Type : ACT_GATHER_INFO
2010-10-11 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_xntp-6718.nasl - Type : ACT_GATHER_INFO
2010-10-08 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-198.nasl - Type : ACT_GATHER_INFO
2010-10-06 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_dd943fbbd0fe11df95a800219b0fc4d8.nasl - Type : ACT_GATHER_INFO
2010-09-24 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-188.nasl - Type : ACT_GATHER_INFO
2010-08-24 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0474.nasl - Type : ACT_GATHER_INFO
2010-07-30 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-239.nasl - Type : ACT_GATHER_INFO
2010-07-30 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-329.nasl - Type : ACT_GATHER_INFO
2010-07-30 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-088.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing a security update.
File : fedora_2010-5429.nasl - Type : ACT_GATHER_INFO
2010-06-28 Name : The remote VMware ESX host is missing a security-related patch.
File : vmware_VMSA-2010-0010.nasl - Type : ACT_GATHER_INFO
2010-06-22 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12591.nasl - Type : ACT_GATHER_INFO
2010-06-16 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0474.nasl - Type : ACT_GATHER_INFO
2010-06-07 Name : The remote HP-UX host is missing a security-related patch.
File : hpux_PHNE_40339.nasl - Type : ACT_GATHER_INFO
2010-06-03 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201006-14.nasl - Type : ACT_GATHER_INFO
2010-06-02 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201006-10.nasl - Type : ACT_GATHER_INFO
2010-06-02 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201006-11.nasl - Type : ACT_GATHER_INFO
2010-06-01 Name : The remote VMware ESXi / ESX host is missing one or more security-related pat...
File : vmware_VMSA-2010-0009.nasl - Type : ACT_GATHER_INFO
2010-05-19 Name : The remote AIX host is missing a vendor-supplied security patch.
File : aix_U832257.nasl - Type : ACT_GATHER_INFO
2010-05-15 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_libpython2_6-1_0-100328.nasl - Type : ACT_GATHER_INFO
2010-05-15 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_libpython2_6-1_0-100330.nasl - Type : ACT_GATHER_INFO
2010-05-15 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_libpython2_6-1_0-100329.nasl - Type : ACT_GATHER_INFO
2010-05-14 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12600.nasl - Type : ACT_GATHER_INFO
2010-05-11 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0163.nasl - Type : ACT_GATHER_INFO
2010-04-27 Name : The remote web server has multiple vulnerabilities.
File : hpsmh_6_0_0_95.nasl - Type : ACT_GATHER_INFO
2010-04-16 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-890-6.nasl - Type : ACT_GATHER_INFO
2010-03-26 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0163.nasl - Type : ACT_GATHER_INFO
2010-03-05 Name : The remote VMware ESX host is missing one or more security-related patches.
File : vmware_VMSA-2010-0004.nasl - Type : ACT_GATHER_INFO
2010-03-02 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2010-060-02.nasl - Type : ACT_GATHER_INFO
2010-03-02 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2005.nasl - Type : ACT_GATHER_INFO
2010-02-25 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201001-01.nasl - Type : ACT_GATHER_INFO
2010-02-24 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1837.nasl - Type : ACT_GATHER_INFO
2010-02-24 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1872.nasl - Type : ACT_GATHER_INFO
2010-02-24 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1888.nasl - Type : ACT_GATHER_INFO
2010-02-24 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1894.nasl - Type : ACT_GATHER_INFO
2010-02-24 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1915.nasl - Type : ACT_GATHER_INFO
2010-02-24 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1927.nasl - Type : ACT_GATHER_INFO
2010-02-24 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1928.nasl - Type : ACT_GATHER_INFO
2010-02-24 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1929.nasl - Type : ACT_GATHER_INFO
2010-02-24 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1948.nasl - Type : ACT_GATHER_INFO
2010-02-24 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1953.nasl - Type : ACT_GATHER_INFO
2010-02-24 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1961.nasl - Type : ACT_GATHER_INFO
2010-02-24 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1977.nasl - Type : ACT_GATHER_INFO
2010-02-24 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1992.nasl - Type : ACT_GATHER_INFO
2010-02-24 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2003.nasl - Type : ACT_GATHER_INFO
2010-02-23 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_libexpat0-100220.nasl - Type : ACT_GATHER_INFO
2010-02-23 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_libexpat0-100220.nasl - Type : ACT_GATHER_INFO
2010-02-23 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_libexpat0-100220.nasl - Type : ACT_GATHER_INFO
2010-02-19 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-890-5.nasl - Type : ACT_GATHER_INFO
2010-02-18 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12578.nasl - Type : ACT_GATHER_INFO
2010-02-16 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_kernel-100203.nasl - Type : ACT_GATHER_INFO
2010-01-27 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-890-4.nasl - Type : ACT_GATHER_INFO
2010-01-26 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_bind-100121.nasl - Type : ACT_GATHER_INFO
2010-01-26 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_bind-100121.nasl - Type : ACT_GATHER_INFO
2010-01-26 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_bind-100121.nasl - Type : ACT_GATHER_INFO
2010-01-26 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_bind-100121.nasl - Type : ACT_GATHER_INFO
2010-01-25 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-890-3.nasl - Type : ACT_GATHER_INFO
2010-01-22 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-890-2.nasl - Type : ACT_GATHER_INFO
2010-01-21 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0062.nasl - Type : ACT_GATHER_INFO
2010-01-21 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-021.nasl - Type : ACT_GATHER_INFO
2010-01-21 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0062.nasl - Type : ACT_GATHER_INFO
2010-01-21 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-888-1.nasl - Type : ACT_GATHER_INFO
2010-01-21 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-890-1.nasl - Type : ACT_GATHER_INFO
2010-01-15 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12568.nasl - Type : ACT_GATHER_INFO
2010-01-15 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_expat-100111.nasl - Type : ACT_GATHER_INFO
2010-01-15 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_expat-100111.nasl - Type : ACT_GATHER_INFO
2010-01-15 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_expat-100111.nasl - Type : ACT_GATHER_INFO
2010-01-15 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_expat-100108.nasl - Type : ACT_GATHER_INFO
2010-01-15 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_expat-6764.nasl - Type : ACT_GATHER_INFO
2010-01-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_ntp-091211.nasl - Type : ACT_GATHER_INFO
2010-01-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_ntp-091221.nasl - Type : ACT_GATHER_INFO
2010-01-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_ntp-091215.nasl - Type : ACT_GATHER_INFO
2010-01-13 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_ntp-091211.nasl - Type : ACT_GATHER_INFO
2010-01-08 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0018.nasl - Type : ACT_GATHER_INFO
2010-01-08 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0018.nasl - Type : ACT_GATHER_INFO
2010-01-06 Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2009-1321.nasl - Type : ACT_GATHER_INFO
2010-01-06 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-1335.nasl - Type : ACT_GATHER_INFO
2010-01-06 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-1455.nasl - Type : ACT_GATHER_INFO
2010-01-06 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-1470.nasl - Type : ACT_GATHER_INFO
2010-01-06 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-1620.nasl - Type : ACT_GATHER_INFO
2010-01-06 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-1670.nasl - Type : ACT_GATHER_INFO
2010-01-05 Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2010-0002.nasl - Type : ACT_GATHER_INFO
2010-01-05 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2010-0002.nasl - Type : ACT_GATHER_INFO
2010-01-05 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_kernel-091218.nasl - Type : ACT_GATHER_INFO
2009-12-27 Name : The remote Fedora host is missing a security update.
File : fedora_2009-12753.nasl - Type : ACT_GATHER_INFO
2009-12-23 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_kernel-6726.nasl - Type : ACT_GATHER_INFO
2009-12-21 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-1671.nasl - Type : ACT_GATHER_INFO
2009-12-21 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12559.nasl - Type : ACT_GATHER_INFO
2009-12-21 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_xntp-6719.nasl - Type : ACT_GATHER_INFO
2009-12-18 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_pyxml-091210.nasl - Type : ACT_GATHER_INFO
2009-12-18 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_pyxml-091210.nasl - Type : ACT_GATHER_INFO
2009-12-18 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_pyxml-091210.nasl - Type : ACT_GATHER_INFO
2009-12-18 Name : The remote SuSE 11 host is missing a security update.
File : suse_11_pyxml-091211.nasl - Type : ACT_GATHER_INFO
2009-12-18 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_pyxml-6714.nasl - Type : ACT_GATHER_INFO
2009-12-16 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1670.nasl - Type : ACT_GATHER_INFO
2009-12-16 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1671.nasl - Type : ACT_GATHER_INFO
2009-12-14 Name : The remote Fedora host is missing a security update.
File : fedora_2009-13046.nasl - Type : ACT_GATHER_INFO
2009-12-14 Name : The remote Fedora host is missing a security update.
File : fedora_2009-13090.nasl - Type : ACT_GATHER_INFO
2009-12-14 Name : The remote Fedora host is missing a security update.
File : fedora_2009-13121.nasl - Type : ACT_GATHER_INFO
2009-12-14 Name : The remote network time service has a denial of service vulnerability.
File : ntpd_mode7_ping_pong_dos.nasl - Type : ACT_GATHER_INFO
2009-12-14 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12558.nasl - Type : ACT_GATHER_INFO
2009-12-14 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_expat-091207.nasl - Type : ACT_GATHER_INFO
2009-12-14 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_expat-091207.nasl - Type : ACT_GATHER_INFO
2009-12-14 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_expat-091207.nasl - Type : ACT_GATHER_INFO
2009-12-14 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_expat-091207.nasl - Type : ACT_GATHER_INFO
2009-12-14 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_expat-6702.nasl - Type : ACT_GATHER_INFO
2009-12-11 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2009-343-01.nasl - Type : ACT_GATHER_INFO
2009-12-09 Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2009-1648.nasl - Type : ACT_GATHER_INFO
2009-12-09 Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2009-1651.nasl - Type : ACT_GATHER_INFO
2009-12-09 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-328.nasl - Type : ACT_GATHER_INFO
2009-12-09 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2009-1648.nasl - Type : ACT_GATHER_INFO
2009-12-09 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2009-1651.nasl - Type : ACT_GATHER_INFO
2009-12-09 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-867-1.nasl - Type : ACT_GATHER_INFO
2009-12-08 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-1625.nasl - Type : ACT_GATHER_INFO
2009-12-08 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_5f030587e39a11de881e001aa0166822.nasl - Type : ACT_GATHER_INFO
2009-12-08 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_e9fca207e39911de881e001aa0166822.nasl - Type : ACT_GATHER_INFO
2009-12-08 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1625.nasl - Type : ACT_GATHER_INFO
2009-12-08 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-865-1.nasl - Type : ACT_GATHER_INFO
2009-12-07 Name : The remote Fedora host is missing a security update.
File : fedora_2009-12690.nasl - Type : ACT_GATHER_INFO
2009-12-07 Name : The remote Fedora host is missing a security update.
File : fedora_2009-12716.nasl - Type : ACT_GATHER_INFO
2009-12-07 Name : The remote Fedora host is missing a security update.
File : fedora_2009-12737.nasl - Type : ACT_GATHER_INFO
2009-12-07 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-316.nasl - Type : ACT_GATHER_INFO
2009-12-07 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-864-1.nasl - Type : ACT_GATHER_INFO
2009-12-04 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-310.nasl - Type : ACT_GATHER_INFO
2009-12-04 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-313.nasl - Type : ACT_GATHER_INFO
2009-12-03 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_kernel-091123.nasl - Type : ACT_GATHER_INFO
2009-12-02 Name : The remote name server is affected by a cache poisoning vulnerability.
File : bind9_dnssec_cache_poisoning.nasl - Type : ACT_GATHER_INFO
2009-12-02 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200912-01.nasl - Type : ACT_GATHER_INFO
2009-12-01 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1620.nasl - Type : ACT_GATHER_INFO
2009-12-01 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_bind-091127.nasl - Type : ACT_GATHER_INFO
2009-12-01 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_bind-091127.nasl - Type : ACT_GATHER_INFO
2009-12-01 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_kernel-091123.nasl - Type : ACT_GATHER_INFO
2009-12-01 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_bind-091127.nasl - Type : ACT_GATHER_INFO
2009-12-01 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_bind-091127.nasl - Type : ACT_GATHER_INFO
2009-11-30 Name : The remote Fedora host is missing a security update.
File : fedora_2009-12218.nasl - Type : ACT_GATHER_INFO
2009-11-30 Name : The remote Fedora host is missing a security update.
File : fedora_2009-12233.nasl - Type : ACT_GATHER_INFO
2009-11-30 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-304.nasl - Type : ACT_GATHER_INFO
2009-11-23 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12529.nasl - Type : ACT_GATHER_INFO
2009-11-23 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_expat-091030.nasl - Type : ACT_GATHER_INFO
2009-11-23 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_expat-6618.nasl - Type : ACT_GATHER_INFO
2009-11-16 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12541.nasl - Type : ACT_GATHER_INFO
2009-11-11 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2009-1572.nasl - Type : ACT_GATHER_INFO
2009-11-11 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_kernel-6632.nasl - Type : ACT_GATHER_INFO
2009-11-06 Name : The remote Fedora host is missing a security update.
File : fedora_2009-11032.nasl - Type : ACT_GATHER_INFO
2009-11-06 Name : The remote Fedora host is missing a security update.
File : fedora_2009-11038.nasl - Type : ACT_GATHER_INFO
2009-11-05 Name : The remote Fedora host is missing a security update.
File : fedora_2009-10949.nasl - Type : ACT_GATHER_INFO
2009-11-05 Name : The remote Fedora host is missing a security update.
File : fedora_2009-10956.nasl - Type : ACT_GATHER_INFO
2009-11-05 Name : The remote Fedora host is missing a security update.
File : fedora_2009-10972.nasl - Type : ACT_GATHER_INFO
2009-11-05 Name : The remote Fedora host is missing a security update.
File : fedora_2009-10987.nasl - Type : ACT_GATHER_INFO
2009-11-05 Name : The remote Fedora host is missing a security update.
File : fedora_2009-11029.nasl - Type : ACT_GATHER_INFO
2009-11-05 Name : The remote Fedora host is missing a security update.
File : fedora_2009-11030.nasl - Type : ACT_GATHER_INFO
2009-11-05 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_expat-091030.nasl - Type : ACT_GATHER_INFO
2009-11-05 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_expat-091030.nasl - Type : ACT_GATHER_INFO
2009-11-05 Name : The remote openSUSE host is missing a security update.
File : suse_expat-6613.nasl - Type : ACT_GATHER_INFO
2009-11-04 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1541.nasl - Type : ACT_GATHER_INFO
2009-11-04 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1548.nasl - Type : ACT_GATHER_INFO
2009-11-04 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1550.nasl - Type : ACT_GATHER_INFO
2009-10-30 Name : The remote openSUSE host is missing a security update.
File : suse_libnewt0_52-6504.nasl - Type : ACT_GATHER_INFO
2009-10-28 Name : The remote Fedora host is missing a security update.
File : fedora_2009-10639.nasl - Type : ACT_GATHER_INFO
2009-10-28 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-289.nasl - Type : ACT_GATHER_INFO
2009-10-27 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-1522.nasl - Type : ACT_GATHER_INFO
2009-10-23 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1522.nasl - Type : ACT_GATHER_INFO
2009-10-22 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_libnewt0_52-090923.nasl - Type : ACT_GATHER_INFO
2009-10-22 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_libnewt0_52-090923.nasl - Type : ACT_GATHER_INFO
2009-10-22 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-852-1.nasl - Type : ACT_GATHER_INFO
2009-10-16 Name : The remote Fedora host is missing a security update.
File : fedora_2009-10525.nasl - Type : ACT_GATHER_INFO
2009-10-07 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-256.nasl - Type : ACT_GATHER_INFO
2009-10-01 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1470.nasl - Type : ACT_GATHER_INFO
2009-09-30 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1455.nasl - Type : ACT_GATHER_INFO
2009-09-28 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-1463.nasl - Type : ACT_GATHER_INFO
2009-09-28 Name : The remote Fedora host is missing a security update.
File : fedora_2009-9957.nasl - Type : ACT_GATHER_INFO
2009-09-28 Name : The remote Fedora host is missing a security update.
File : fedora_2009-9961.nasl - Type : ACT_GATHER_INFO
2009-09-28 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-249.nasl - Type : ACT_GATHER_INFO
2009-09-25 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1463.nasl - Type : ACT_GATHER_INFO
2009-09-25 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-837-1.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12274.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12377.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12397.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_compat-openssl097g-090416.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_glib2-090422.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_libopenssl-devel-090415.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_libopenssl-devel-090522.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_openssl-090610.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_compat-openssl097g-6170.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_multipath-tools-6083.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_nfs-utils-5713.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_openssl-6179.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_openssl-6267.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_openssl-6296.nasl - Type : ACT_GATHER_INFO
2009-09-22 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-238.nasl - Type : ACT_GATHER_INFO
2009-09-11 Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_SecUpd2009-005.nasl - Type : ACT_GATHER_INFO
2009-09-02 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2009-1321.nasl - Type : ACT_GATHER_INFO
2009-08-27 Name : The remote Fedora host is missing a security update.
File : fedora_2009-9044.nasl - Type : ACT_GATHER_INFO
2009-08-25 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-218.nasl - Type : ACT_GATHER_INFO
2009-08-25 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-219.nasl - Type : ACT_GATHER_INFO
2009-08-25 Name : The remote Mandriva Linux host is missing a security update.
File : mandriva_MDVSA-2009-220.nasl - Type : ACT_GATHER_INFO
2009-08-24 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-211.nasl - Type : ACT_GATHER_INFO
2009-08-24 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-212.nasl - Type : ACT_GATHER_INFO
2009-08-24 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-213.nasl - Type : ACT_GATHER_INFO
2009-08-24 Name : The remote Mandriva Linux host is missing a security update.
File : mandriva_MDVSA-2009-214.nasl - Type : ACT_GATHER_INFO
2009-08-24 Name : The remote Mandriva Linux host is missing a security update.
File : mandriva_MDVSA-2009-215.nasl - Type : ACT_GATHER_INFO
2009-08-24 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-217.nasl - Type : ACT_GATHER_INFO
2009-07-27 Name : The remote VMware ESX host is missing a security-related patch.
File : vmware_VMSA-2009-0003.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_compat-openssl097g-090416.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_glib2-090422.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_kpartx-090317.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_libopenssl-devel-090415.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_libopenssl-devel-090522.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_libopenssl-devel-090609.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_compat-openssl097g-090416.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_glib2-090422.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_libopenssl-devel-090415.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_libopenssl-devel-090522.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_libopenssl-devel-090609.nasl - Type : ACT_GATHER_INFO
2009-07-14 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-799-1.nasl - Type : ACT_GATHER_INFO
2009-06-26 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-792-1.nasl - Type : ACT_GATHER_INFO
2009-06-21 Name : The remote Fedora host is missing a security update.
File : fedora_2009-5412.nasl - Type : ACT_GATHER_INFO
2009-06-21 Name : The remote Fedora host is missing a security update.
File : fedora_2009-5423.nasl - Type : ACT_GATHER_INFO
2009-06-21 Name : The remote Fedora host is missing a security update.
File : fedora_2009-5452.nasl - Type : ACT_GATHER_INFO
2009-06-18 Name : The remote openSUSE host is missing a security update.
File : suse_libopenssl-devel-6291.nasl - Type : ACT_GATHER_INFO
2009-06-01 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_82b55df84d5a11de88110030843d3802.nasl - Type : ACT_GATHER_INFO
2009-05-27 Name : The remote openSUSE host is missing a security update.
File : suse_libopenssl-devel-6268.nasl - Type : ACT_GATHER_INFO
2009-05-26 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-0411.nasl - Type : ACT_GATHER_INFO
2009-05-22 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-120.nasl - Type : ACT_GATHER_INFO
2009-05-08 Name : The remote host is missing a security update
File : freebsd_pkg_fbc8413f2f7a11de9a3f001b77d09812.nasl - Type : ACT_GATHER_INFO
2009-04-30 Name : The remote openSUSE host is missing a security update.
File : suse_compat-openssl097g-6175.nasl - Type : ACT_GATHER_INFO
2009-04-30 Name : The remote openSUSE host is missing a security update.
File : suse_libopenssl-devel-6173.nasl - Type : ACT_GATHER_INFO
2009-04-27 Name : The remote Fedora host is missing a security update.
File : fedora_2009-2657.nasl - Type : ACT_GATHER_INFO
2009-04-27 Name : The remote openSUSE host is missing a security update.
File : suse_glib2-6209.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Fedora host is missing a security update.
File : fedora_2009-3449.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Mandriva Linux host is missing a security update.
File : mandriva_MDVSA-2008-200.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-060.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-080.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-085.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-087.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-687-1.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-738-1.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-750-1.nasl - Type : ACT_GATHER_INFO
2009-04-10 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1767.nasl - Type : ACT_GATHER_INFO
2009-04-10 Name : The remote Fedora host is missing a security update.
File : fedora_2009-3453.nasl - Type : ACT_GATHER_INFO
2009-04-08 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2009-098-01.nasl - Type : ACT_GATHER_INFO
2009-04-08 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-0411.nasl - Type : ACT_GATHER_INFO
2009-04-07 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1763.nasl - Type : ACT_GATHER_INFO
2009-04-07 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200904-08.nasl - Type : ACT_GATHER_INFO
2009-04-06 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200904-02.nasl - Type : ACT_GATHER_INFO
2009-04-01 Name : The remote Fedora host is missing a security update.
File : fedora_2009-2688.nasl - Type : ACT_GATHER_INFO
2009-03-30 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2009-086-02.nasl - Type : ACT_GATHER_INFO
2009-03-25 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-0336.nasl - Type : ACT_GATHER_INFO
2009-03-22 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1747.nasl - Type : ACT_GATHER_INFO
2009-03-20 Name : The remote openSUSE host is missing a security update.
File : suse_kpartx-6082.nasl - Type : ACT_GATHER_INFO
2009-03-08 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200903-06.nasl - Type : ACT_GATHER_INFO
2008-10-31 Name : The remote Fedora host is missing a security update.
File : fedora_2008-9236.nasl - Type : ACT_GATHER_INFO
2008-10-31 Name : The remote Fedora host is missing a security update.
File : fedora_2008-9263.nasl - Type : ACT_GATHER_INFO
2008-10-22 Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2008-0946.nasl - Type : ACT_GATHER_INFO
2008-10-22 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2008-0946.nasl - Type : ACT_GATHER_INFO
2008-09-24 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200809-15.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
Date Informations
2016-03-09 13:25:54
  • Multiple Updates
2014-02-17 12:07:15
  • Multiple Updates