10 - GLSA-201209-25

Executive Summary

This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.

Summary
Title	VMware Player, Server, Workstation: Multiple vulnerabilities

Informations
Name	GLSA-201209-25	First vendor Publication	2012-09-29
Vendor	Gentoo	Last vendor Modification	2012-09-29
Severity (Vendor)	High	Revision	N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score	10	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Synopsis

Multiple vulnerabilities have been found in VMware Player, Server, and Workstation, allowing remote and local attackers to conduct several attacks, including privilege escalation, remote execution of arbitrary code, and a Denial of Service.

Background

VMware Player, Server, and Workstation allow emulation of a complete PC on a PC without the usual performance overhead of most emulators.

Description

Multiple vulnerabilities have been discovered in VMware Player, Server, and Workstation. Please review the CVE identifiers referenced below for details.

Impact

Local users may be able to gain escalated privileges, cause a Denial of Service, or gain sensitive information.

A remote attacker could entice a user to open a specially crafted file, possibly resulting in the remote execution of arbitrary code, or a Denial of Service. Remote attackers also may be able to spoof DNS traffic, read arbitrary files, or inject arbitrary web script to the VMware Server Console.

Furthermore, guest OS users may be able to execute arbitrary code on the host OS, gain escalated privileges on the guest OS, or cause a Denial of Service (crash the host OS).

Workaround

There is no known workaround at this time.

Resolution

Gentoo discontinued support for VMware Player. We recommend that users unmerge VMware Player:
# emerge --unmerge "app-emulation/vmware-player"

NOTE: Users could upgrade to ">=app-emulation/vmware-player-3.1.5", however these packages are not currently stable.

Gentoo discontinued support for VMware Workstation. We recommend that users unmerge VMware Workstation:
# emerge --unmerge "app-emulation/vmware-workstation"

NOTE: Users could upgrade to
">=app-emulation/vmware-workstation-7.1.5", however these packages are not currently stable.

Gentoo discontinued support for VMware Server. We recommend that users unmerge VMware Server:
# emerge --unmerge "app-emulation/vmware-server"

References

[ 1 ] CVE-2007-5269 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5269
[ 2 ] CVE-2007-5503 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5503
[ 3 ] CVE-2007-5671 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5671
[ 4 ] CVE-2008-0967 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0967
[ 5 ] CVE-2008-1340 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1340
[ 6 ] CVE-2008-1361 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1361
[ 7 ] CVE-2008-1362 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1362
[ 8 ] CVE-2008-1363 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1363
[ 9 ] CVE-2008-1364 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1364
[ 10 ] CVE-2008-1392 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1392
[ 11 ] CVE-2008-1447 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1447
[ 12 ] CVE-2008-1806 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1806
[ 13 ] CVE-2008-1807 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1807
[ 14 ] CVE-2008-1808 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1808
[ 15 ] CVE-2008-2098 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2098
[ 16 ] CVE-2008-2100 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2100
[ 17 ] CVE-2008-2101 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2101
[ 18 ] CVE-2008-4915 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4915
[ 19 ] CVE-2008-4916 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4916
[ 20 ] CVE-2008-4917 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4917
[ 21 ] CVE-2009-0040 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0040
[ 22 ] CVE-2009-0909 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0909
[ 23 ] CVE-2009-0910 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0910
[ 24 ] CVE-2009-1244 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1244
[ 25 ] CVE-2009-2267 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2267
[ 26 ] CVE-2009-3707 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3707
[ 27 ] CVE-2009-3732 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3732
[ 28 ] CVE-2009-3733 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3733
[ 29 ] CVE-2009-4811 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4811
[ 30 ] CVE-2010-1137 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1137
[ 31 ] CVE-2010-1138 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1138
[ 32 ] CVE-2010-1139 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1139
[ 33 ] CVE-2010-1140 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1140
[ 34 ] CVE-2010-1141 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1141
[ 35 ] CVE-2010-1142 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1142
[ 36 ] CVE-2010-1143 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1143
[ 37 ] CVE-2011-3868 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3868

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201209-25.xml

Original Source

Url : http://security.gentoo.org/glsa/glsa-201209-25.xml

CAPEC : Common Attack Pattern Enumeration & Classification

Id	Name
CAPEC-234	Hijacking a privileged process

CWE : Common Weakness Enumeration

%	Id	Name
22 %	CWE-264	Permissions, Privileges, and Access Controls
16 %	CWE-119	Failure to Constrain Operations within the Bounds of a Memory Buffer
12 %	CWE-189	Numeric Errors (CWE/SANS Top 25)
12 %	CWE-134	Uncontrolled Format String (CWE/SANS Top 25)
9 %	CWE-399	Resource Management Errors
6 %	CWE-200	Information Exposure
6 %	CWE-79	Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)
6 %	CWE-20	Improper Input Validation
3 %	CWE-331	Insufficient Entropy
3 %	CWE-22	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25)
3 %	CWE-16	Configuration

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10316

Oval ID:	oval:org.mitre.oval:def:10316
Title:	The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialized pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables.
Description:	The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialized pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-0040	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section libpng10-devel is earlier than 0:1.0.13-20 AND seamonkey-nspr is earlier than 0:1.0.9-0.34.el3 AND seamonkey-js-debugger is earlier than 0:1.0.9-0.34.el3 AND libpng-devel is earlier than 2:1.2.2-29 AND seamonkey-nss-devel is earlier than 0:1.0.9-0.34.el3 AND seamonkey is earlier than 0:1.0.9-0.34.el3 AND libpng10 is earlier than 0:1.0.13-20 AND seamonkey-nspr-devel is earlier than 0:1.0.9-0.34.el3 AND seamonkey-mail is earlier than 0:1.0.9-0.34.el3 AND seamonkey-chat is earlier than 0:1.0.9-0.34.el3 AND seamonkey-nss is earlier than 0:1.0.9-0.34.el3 AND libpng is earlier than 2:1.2.2-29 AND seamonkey-devel is earlier than 0:1.0.9-0.34.el3 AND seamonkey-dom-inspector is earlier than 0:1.0.9-0.34.el3 OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section libpng10-devel is earlier than 0:1.0.16-3.el4_7.3 AND seamonkey-js-debugger is earlier than 0:1.0.9-38.el4 AND libpng-devel is earlier than 2:1.2.7-3.el4_7.2 AND seamonkey is earlier than 0:1.0.9-38.el4 AND libpng10 is earlier than 0:1.0.16-3.el4_7.3 AND firefox is earlier than 0:3.0.7-1.el4 AND seamonkey-mail is earlier than 0:1.0.9-38.el4 AND seamonkey-chat is earlier than 0:1.0.9-38.el4 AND seamonkey-dom-inspector is earlier than 0:1.0.9-38.el4 AND libpng is earlier than 2:1.2.7-3.el4_7.2 AND seamonkey-devel is earlier than 0:1.0.9-38.el4 OR OS Section: RHEL5, CentOS5, Oracle Linux 5 RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section xulrunner-devel-unstable is earlier than 0:1.9.0.7-1.el5 AND xulrunner-devel is earlier than 0:1.9.0.7-1.el5 AND firefox is earlier than 0:3.0.7-1.el5 AND libpng-devel is earlier than 2:1.2.10-7.1.el5_3.2 AND xulrunner is earlier than 0:1.9.0.7-1.el5 AND libpng is earlier than 2:1.2.10-7.1.el5_3.2

Definition Id: oval:org.mitre.oval:def:10614

Oval ID:	oval:org.mitre.oval:def:10614
Title:	Certain chunk handlers in libpng before 1.0.29 and 1.2.x before 1.2.21 allow remote attackers to cause a denial of service (crash) via crafted (1) pCAL (png_handle_pCAL), (2) sCAL (png_handle_sCAL), (3) tEXt (png_push_read_tEXt), (4) iTXt (png_handle_iTXt), and (5) ztXT (png_handle_ztXt) chunking in PNG images, which trigger out-of-bounds read operations.
Description:	Certain chunk handlers in libpng before 1.0.29 and 1.2.x before 1.2.21 allow remote attackers to cause a denial of service (crash) via crafted (1) pCAL (png_handle_pCAL), (2) sCAL (png_handle_sCAL), (3) tEXt (png_push_read_tEXt), (4) iTXt (png_handle_iTXt), and (5) ztXT (png_handle_ztXt) chunking in PNG images, which trigger out-of-bounds read operations.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2007-5269	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section libpng10-devel is earlier than 0:1.0.13-18 AND libpng-devel is earlier than 2:1.2.2-28 AND libpng is earlier than 2:1.2.2-28 AND libpng10 is earlier than 0:1.0.13-18 OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section libpng10-devel is earlier than 0:1.0.16-3.el4_5.1 AND libpng-devel is earlier than 2:1.2.7-3.el4_5.1 AND libpng is earlier than 2:1.2.7-3.el4_5.1 AND libpng10 is earlier than 0:1.0.16-3.el4_5.1 OR OS Section: RHEL5, CentOS5, Oracle Linux 5 RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section libpng-devel is earlier than 2:1.2.10-7.1.el5_0.1 AND libpng is earlier than 2:1.2.10-7.1.el5_0.1

Definition Id: oval:org.mitre.oval:def:11188

Oval ID:	oval:org.mitre.oval:def:11188
Title:	Multiple off-by-one errors in FreeType2 before 2.3.6 allow context-dependent attackers to execute arbitrary code via (1) a crafted table in a Printer Font Binary (PFB) file or (2) a crafted SHC instruction in a TrueType Font (TTF) file, which triggers a heap-based buffer overflow.
Description:	Multiple off-by-one errors in FreeType2 before 2.3.6 allow context-dependent attackers to execute arbitrary code via (1) a crafted table in a Printer Font Binary (PFB) file or (2) a crafted SHC instruction in a TrueType Font (TTF) file, which triggers a heap-based buffer overflow.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2008-1808	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section freetype is earlier than 0:2.1.4-12.el3 AND freetype-demos is earlier than 0:2.1.4-12.el3 AND freetype-utils is earlier than 0:2.1.4-12.el3 AND freetype-devel is earlier than 0:2.1.4-12.el3 OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section freetype is earlier than 0:2.1.9-10.el4.7 AND freetype-demos is earlier than 0:2.1.9-10.el4.7 AND freetype-devel is earlier than 0:2.1.9-10.el4.7 AND freetype-utils is earlier than 0:2.1.9-10.el4.7 OR OS Section: RHEL5, CentOS5, Oracle Linux 5 RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section freetype is earlier than 0:2.2.1-20.el5_2 AND freetype-demos is earlier than 0:2.2.1-20.el5_2 AND freetype-devel is earlier than 0:2.2.1-20.el5_2

Definition Id: oval:org.mitre.oval:def:11251

Oval ID:	oval:org.mitre.oval:def:11251
Title:	Multiple integer overflows in Cairo before 1.4.12 might allow remote attackers to execute arbitrary code, as demonstrated using a crafted PNG image with large width and height values, which is not properly handled by the read_png function.
Description:	Multiple integer overflows in Cairo before 1.4.12 might allow remote attackers to execute arbitrary code, as demonstrated using a crafted PNG image with large width and height values, which is not properly handled by the read_png function.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2007-5503	Version:	5
Platform(s):	Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section cairo-devel is earlier than 0:1.2.4-3.el5_1 AND cairo is earlier than 0:1.2.4-3.el5_1

Definition Id: oval:org.mitre.oval:def:12117

Oval ID:	oval:org.mitre.oval:def:12117
Title:	HP-UX Running BIND, Remote DNS Cache Poisoning
Description:	The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability" or "the Kaminsky bug."
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2008-1447	Version:	12
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
Criteria meets HP Security Bulletin HPSBUX02351 HP Release B.11.23 AND filesets tests InternetSrvcs.INETSVCS-INETD is installed AND InternetSrvcs.INETSVCS-RUN is installed AND InternetSrvcs.INETSVCS2-RUN is installed AND NOT Patch PHNE_37865 is installed OR Criteria meets HP Security Bulletin HPSBUX02351 HP Release B.11.11 AND BINDv920.INETSVCS-BIND version is less than B.11.11.01.015 OR Criteria meets HP Security Bulletin HPSBUX02351 HP Release B.11.23 AND filesets tests BindUpgrade.BIND-UPGRADE version is less than C.9.3.2.7.0 AND BindUpgrade.BIND2-UPGRADE version is less than C.9.3.2.7.0 OR Criteria meets HP Security Bulletin HPSBUX02351 HP Release B.11.11 AND InternetSrvcs.INETSVCS-RUN version is less than C.9.3.2.7.0 OR Criteria meets HP Security Bulletin HPSBUX02351 HP-UX B.11.31 AND filesets tests NameService.BIND-AUX version is less than C.9.3.2.7.0 AND NameService.BIND-RUN version is less than C.9.3.2.7.0

Definition Id: oval:org.mitre.oval:def:13052

Oval ID:	oval:org.mitre.oval:def:13052
Title:	USN-730-1 -- libpng vulnerabilities
Description:	It was discovered that libpng did not properly perform bounds checking in certain operations. An attacker could send a specially crafted PNG image and cause a denial of service in applications linked against libpng. This issue only affected Ubuntu 8.04 LTS. Tavis Ormandy discovered that libpng did not properly initialize memory. If a user or automated system were tricked into opening a crafted PNG image, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. This issue did not affect Ubuntu 8.10. Harald van Dijk discovered an off-by-one error in libpng. An attacker could could cause an application crash in programs using pngtest. It was discovered that libpng did not properly NULL terminate a keyword string. An attacker could exploit this to set arbitrary memory locations to zero. Glenn Randers-Pehrson discovered that libpng did not properly initialize pointers. If a user or automated system were tricked into opening a crafted PNG file, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program
Family:	unix	Class:	patch
Reference(s):	USN-730-1 CVE-2007-5268 CVE-2007-5269 CVE-2008-1382 CVE-2008-3964 CVE-2008-5907 CVE-2009-0040	Version:	5
Platform(s):	Ubuntu 7.10 Ubuntu 8.04 Ubuntu 6.06 Ubuntu 8.10	Product(s):	libpng
Definition Synopsis:
Release section Ubuntu 7.10 is installed AND Architecture section Architecture independent section Installed architecture is all AND libpng3 DPKG is earlier than 1.2.15~beta5-2ubuntu0.2 OR Architecture depended section Supported architectures section Installed architecture is amd64 AND Installed architecture is i386 AND Installed architecture is powerpc AND Installed architecture is sparc AND Installed architecture is lpia AND Packages section libpng12-0-udeb DPKG is earlier than 1.2.15~beta5-2ubuntu0.2 AND libpng12-dev DPKG is earlier than 1.2.15~beta5-2ubuntu0.2 AND libpng12-0 DPKG is earlier than 1.2.15~beta5-2ubuntu0.2 OR Release section Ubuntu 8.04 is installed AND Architecture section Architecture independent section Installed architecture is all AND libpng3 DPKG is earlier than 1.2.15~beta5-3ubuntu0.1 OR Architecture depended section Supported architectures section Installed architecture is amd64 AND Installed architecture is i386 AND Installed architecture is powerpc AND Installed architecture is sparc AND Installed architecture is lpia AND Packages section libpng12-0-udeb DPKG is earlier than 1.2.15~beta5-3ubuntu0.1 AND libpng12-dev DPKG is earlier than 1.2.15~beta5-3ubuntu0.1 AND libpng12-0 DPKG is earlier than 1.2.15~beta5-3ubuntu0.1 OR Release section Ubuntu 6.06 is installed AND Architecture section Architecture independent section Installed architecture is all AND libpng3 DPKG is earlier than 1.2.8rel-5ubuntu0.4 OR Architecture depended section Supported architectures section Installed architecture is sparc AND Installed architecture is powerpc AND Installed architecture is amd64 AND Installed architecture is i386 AND Packages section libpng12-0-udeb DPKG is earlier than 1.2.8rel-5ubuntu0.4 AND libpng12-dev DPKG is earlier than 1.2.8rel-5ubuntu0.4 AND libpng12-0 DPKG is earlier than 1.2.8rel-5ubuntu0.4 OR Release section Ubuntu 8.10 is installed AND Architecture section Architecture independent section Installed architecture is all AND libpng3 DPKG is earlier than 1.2.27-1ubuntu0.1 OR Architecture depended section Supported architectures section Installed architecture is amd64 AND Installed architecture is i386 AND Installed architecture is powerpc AND Installed architecture is sparc AND Installed architecture is lpia AND Packages section libpng12-0-udeb DPKG is earlier than 1.2.27-1ubuntu0.1 AND libpng12-dev DPKG is earlier than 1.2.27-1ubuntu0.1 AND libpng12-0 DPKG is earlier than 1.2.27-1ubuntu0.1

Definition Id: oval:org.mitre.oval:def:13613

Oval ID:	oval:org.mitre.oval:def:13613
Title:	DSA-1750-1 libpng -- several
Description:	Several vulnerabilities have been discovered in libpng, a library for reading and writing PNG files. The Common Vulnerabilities and Exposures project identifies the following problems: The png_handle_tRNS function allows attackers to cause a denial of service via a grayscale PNG image with a bad tRNS chunk CRC value. Certain chunk handlers allow attackers to cause a denial of service via crafted pCAL, sCAL, tEXt, iTXt, and ztXT chunking in PNG images, which trigger out-of-bounds read operations. libpng allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a PNG file with zero length "unknown" chunks, which trigger an access of uninitialised memory. The png_check_keyword might allow context-dependent attackers to set the value of an arbitrary memory location to zero via vectors involving creation of crafted PNG files with keywords. A memory leak in the png_handle_tEXt function allows context-dependent attackers to cause a denial of service via a crafted PNG file. libpng allows context-dependent attackers to cause a denial of service or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialised pointer in the png_read_png function, pCAL chunk handling, or setup of 16-bit gamma tables. For the old stable distribution, these problems have been fixed in version1.2.15~beta5-1+etch2. For the stable distribution, these problems have been fixed in version 1.2.27-2+lenny2. For the unstable distribution, these problems have been fixed in version 1.2.35-1. We recommend that you upgrade your libpng packages.
Family:	unix	Class:	patch
Reference(s):	DSA-1750-1 CVE-2007-2445 CVE-2007-5269 CVE-2008-1382 CVE-2008-5907 CVE-2008-6218 CVE-2009-0040	Version:	5
Platform(s):	Debian GNU/Linux 5.0 Debian GNU/Linux 4.0	Product(s):	libpng
Definition Synopsis:
Release section Debian GNU/Linux 5.0 is installed AND Architecture section Architecture independent section Installed architecture is all AND libpng3 DPKG is earlier than 1.2.27-2+lenny2 OR Architecture depended section Supported architectures section Installed architecture is s390 AND Installed architecture is amd64 AND Installed architecture is sparc AND Installed architecture is arm AND Installed architecture is i386 AND Installed architecture is armel AND Installed architecture is mips AND Installed architecture is ia64 AND Installed architecture is alpha AND Installed architecture is powerpc AND Installed architecture is mipsel AND Installed architecture is hppa AND Packages section libpng12-dev DPKG is earlier than 1.2.27-2+lenny2 AND libpng12-0 DPKG is earlier than 1.2.27-2+lenny2 OR Release section Debian GNU/Linux 4.0 is installed. AND Architecture section Architecture independent section Installed architecture is all AND libpng3 DPKG is earlier than 1.2.15~beta5-1+etch2 AND libpng12-dev DPKG is earlier than 1.2.15~beta5-1+etch2 AND libpng12-0 DPKG is earlier than 1.2.15~beta5-1+etch2

Definition Id: oval:org.mitre.oval:def:16298

Oval ID:	oval:org.mitre.oval:def:16298
Title:	VMware View 3.1.3 addresses an important cross-site scripting vulnerability
Description:	Cross-site scripting (XSS) vulnerability in VMware View (formerly Virtual Desktop Manager or VDM) 3.1.x before 3.1.3 build 252693 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2010-1143	Version:	4
Platform(s):	Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP	Product(s):	VMware View
Definition Synopsis:
VMware View is installed AND Determine if the version of VMware View is less than 3.1.3.252693 AND Determine if the version of VMware View is greater than or equal to 3.1.0

Definition Id: oval:org.mitre.oval:def:16949

Oval ID:	oval:org.mitre.oval:def:16949
Title:	USN-550-1 -- libcairo vulnerability
Description:	Peter Valchev discovered that Cairo did not correctly decode PNG image data.
Family:	unix	Class:	patch
Reference(s):	USN-550-1 CVE-2007-5503	Version:	7
Platform(s):	Ubuntu 6.06 Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10	Product(s):	libcairo
Definition Synopsis:
Release section Ubuntu 6.06 is installed AND libcairo2 DPKG is earlier than 1.0.4-0ubuntu1.1 AND Release section Ubuntu 6.10 is installed AND libcairo2 DPKG is earlier than 1.2.4-1ubuntu2.1 AND Release section Ubuntu 7.04 is installed AND libcairo2 DPKG is earlier than 1.4.2-0ubuntu1.1 AND Release section Ubuntu 7.10 is installed AND libcairo2 DPKG is earlier than 1.4.10-1ubuntu4.1

Definition Id: oval:org.mitre.oval:def:17512

Oval ID:	oval:org.mitre.oval:def:17512
Title:	USN-627-1 -- dnsmasq vulnerability
Description:	Dan Kaminsky discovered weaknesses in the DNS protocol as implemented by Dnsmasq.
Family:	unix	Class:	patch
Reference(s):	USN-627-1 CVE-2008-1447	Version:	7
Platform(s):	Ubuntu 8.04	Product(s):	dnsmasq
Definition Synopsis:
Ubuntu 8.04 is installed AND dnsmasq-base DPKG is earlier than 2.41-2ubuntu2.1

Definition Id: oval:org.mitre.oval:def:17563

Oval ID:	oval:org.mitre.oval:def:17563
Title:	USN-538-1 -- libpng vulnerabilities
Description:	It was discovered that libpng did not properly perform bounds checking and comparisons in certain operations.
Family:	unix	Class:	patch
Reference(s):	USN-538-1 CVE-2007-5268 CVE-2007-5269	Version:	7
Platform(s):	Ubuntu 6.06 Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10	Product(s):	libpng
Definition Synopsis:
Release section Ubuntu 6.06 is installed AND libpng12-0 DPKG is earlier than 1.2.8rel-5ubuntu0.3 AND Release section Ubuntu 6.10 is installed AND libpng12-0 DPKG is earlier than 1.2.8rel-5.1ubuntu0.3 AND Release section Ubuntu 7.04 is installed AND libpng12-0 DPKG is earlier than 1.2.15~beta5-1ubuntu1.1 AND Release section Ubuntu 7.10 is installed AND libpng12-0 DPKG is earlier than 1.2.15~beta5-2ubuntu0.1

Definition Id: oval:org.mitre.oval:def:17734

Oval ID:	oval:org.mitre.oval:def:17734
Title:	USN-622-1 -- bind9 vulnerability
Description:	Dan Kaminsky discovered weaknesses in the DNS protocol as implemented by Bind.
Family:	unix	Class:	patch
Reference(s):	USN-622-1 CVE-2008-1447	Version:	5
Platform(s):	Ubuntu 6.06 Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04	Product(s):	bind9
Definition Synopsis:
Release section Ubuntu 6.06 is installed AND libdns21 DPKG is earlier than 1:9.3.2-2ubuntu1.5 AND Release section Ubuntu 7.04 is installed AND libdns22 DPKG is earlier than 1:9.3.4-2ubuntu2.3 AND Release section Ubuntu 7.10 is installed AND libdns32 DPKG is earlier than 1:9.4.1-P1-3ubuntu2 AND Release section Ubuntu 8.04 is installed AND libdns35 DPKG is earlier than 1:9.4.2-10ubuntu0.1

Definition Id: oval:org.mitre.oval:def:17811

Oval ID:	oval:org.mitre.oval:def:17811
Title:	USN-643-1 -- freetype vulnerabilities
Description:	Multiple flaws were discovered in the PFB and TTF font handling code in freetype.
Family:	unix	Class:	patch
Reference(s):	USN-643-1 CVE-2008-1806 CVE-2008-1807 CVE-2008-1808	Version:	7
Platform(s):	Ubuntu 6.06 Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04	Product(s):	freetype
Definition Synopsis:
Release section Ubuntu 6.06 is installed AND libfreetype6 DPKG is earlier than 2.1.10-1ubuntu2.5 AND Release section Ubuntu 7.04 is installed AND libfreetype6 DPKG is earlier than 2.2.1-5ubuntu1.2 AND Release section Ubuntu 7.10 is installed AND libfreetype6 DPKG is earlier than 2.3.5-1ubuntu4.7.10.1 AND Release section Ubuntu 8.04 is installed AND libfreetype6 DPKG is earlier than 2.3.5-1ubuntu4.8.04.1

Definition Id: oval:org.mitre.oval:def:18704

Oval ID:	oval:org.mitre.oval:def:18704
Title:	DSA-1623-1 dnsmasq - cache poisoning
Description:	Dan Kaminsky discovered that properties inherent to the DNS protocol lead to practical DNS cache poisoning attacks. Among other things, successful attacks can lead to misdirected web traffic and email rerouting.
Family:	unix	Class:	patch
Reference(s):	DSA-1623-1 CVE-2008-1447	Version:	7
Platform(s):	Debian GNU/Linux 4.0	Product(s):	dnsmasq
Definition Synopsis:
Debian GNU/Linux 4.0 is installed. AND dnsmasq DPKG is earlier than 2.35-1+etch4

Definition Id: oval:org.mitre.oval:def:18724

Oval ID:	oval:org.mitre.oval:def:18724
Title:	DSA-1617-1 refpolicy - incompatible policy
Description:	In DSA-1603-1, Debian released an update to the BIND 9 domain name server, which introduced UDP source port randomization to mitigate the threat of DNS cache poisoning attacks (identified by the Common Vulnerabilities and Exposures project as <a href="http://security-tracker.debian.org/tracker/CVE-2008-1447">CVE-2008-1447</a>). The fix, while correct, was incompatible with the version of SELinux Reference Policy shipped with Debian Etch, which did not permit a process running in the named_t domain to bind sockets to UDP ports other than the standard 'domain' port (53). The incompatibility affects both the 'targeted' and 'strict' policy packages supplied by this version of refpolicy.
Family:	unix	Class:	patch
Reference(s):	DSA-1617-1 CVE-2008-1447	Version:	7
Platform(s):	Debian GNU/Linux 4.0	Product(s):	refpolicy
Definition Synopsis:
Debian GNU/Linux 4.0 is installed. AND refpolicy DPKG is earlier than 0.0.20061018-5.1+etch1

Definition Id: oval:org.mitre.oval:def:19448

Oval ID:	oval:org.mitre.oval:def:19448
Title:	DSA-1635-1 freetype - multiple vulnerabilities
Description:	Several local vulnerabilities have been discovered in freetype, a FreeType 2 font engine, which could allow the execution of arbitrary code.
Family:	unix	Class:	patch
Reference(s):	DSA-1635-1 CVE-2008-1806 CVE-2008-1807 CVE-2008-1808	Version:	5
Platform(s):	Debian GNU/Linux 4.0	Product(s):	freetype
Definition Synopsis:
Debian GNU/Linux 4.0 is installed. AND freetype DPKG is earlier than 0:2.2.1-5+etch3

Definition Id: oval:org.mitre.oval:def:19900

Oval ID:	oval:org.mitre.oval:def:19900
Title:	DSA-1603-1 bind9 - cache poisoning
Description:	Dan Kaminsky discovered that properties inherent to the DNS protocol lead to practical DNS cache poisoning attacks. Among other things, successful attacks can lead to misdirected web traffic and email rerouting.
Family:	unix	Class:	patch
Reference(s):	DSA-1603-1 CVE-2008-1447	Version:	5
Platform(s):	Debian GNU/Linux 4.0	Product(s):	bind9
Definition Synopsis:
Debian GNU/Linux 4.0 is installed. AND bind9 DPKG is earlier than 1:9.3.4-2etch3

Definition Id: oval:org.mitre.oval:def:20384

Oval ID:	oval:org.mitre.oval:def:20384
Title:	DSA-1542-1 libcairo - arbitrary code execution
Description:	Peter Valchev (Google Security) discovered a series of integer overflow weaknesses in Cairo, a vector graphics rendering library used by many other applications. If an application uses cairo to render a maliciously crafted PNG image, the vulnerability allows the execution of arbitrary code.
Family:	unix	Class:	patch
Reference(s):	DSA-1542-1 CVE-2007-5503	Version:	5
Platform(s):	Debian GNU/Linux 4.0	Product(s):	libcairo
Definition Synopsis:
Debian GNU/Linux 4.0 is installed. AND libcairo DPKG is earlier than 0:1.2.4-4.1+etch1

Definition Id: oval:org.mitre.oval:def:21970

Oval ID:	oval:org.mitre.oval:def:21970
Title:	ELSA-2008:0533: bind security update (Important)
Description:	The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability" or "the Kaminsky bug."
Family:	unix	Class:	patch
Reference(s):	ELSA-2008:0533-02 CVE-2008-1447	Version:	6
Platform(s):	Oracle Linux 5	Product(s):	bind selinux-policy-targeted selinux-policy
Definition Synopsis:
Oracle Linux 5.x rpm test selinux-policy-devel is earlier than 0:2.4.6-137.1.el5_2 AND selinux-policy-mls is earlier than 0:2.4.6-137.1.el5_2 AND selinux-policy-targeted is earlier than 0:2.4.6-137.1.el5_2 AND selinux-policy-strict is earlier than 0:2.4.6-137.1.el5_2 AND selinux-policy is earlier than 0:2.4.6-137.1.el5_2 AND bind-libbind-devel is earlier than 30:9.3.4-6.0.2.P1.el5_2 AND bind-utils is earlier than 30:9.3.4-6.0.2.P1.el5_2 AND bind-devel is earlier than 30:9.3.4-6.0.2.P1.el5_2 AND bind-chroot is earlier than 30:9.3.4-6.0.2.P1.el5_2 AND bind-sdb is earlier than 30:9.3.4-6.0.2.P1.el5_2 AND bind is earlier than 30:9.3.4-6.0.2.P1.el5_2 AND bind-libs is earlier than 30:9.3.4-6.0.2.P1.el5_2 AND caching-nameserver is earlier than 30:9.3.4-6.0.2.P1.el5_2

Definition Id: oval:org.mitre.oval:def:21991

Oval ID:	oval:org.mitre.oval:def:21991
Title:	ELSA-2007:1078: cairo security update (Important)
Description:	Multiple integer overflows in Cairo before 1.4.12 might allow remote attackers to execute arbitrary code, as demonstrated using a crafted PNG image with large width and height values, which is not properly handled by the read_png function.
Family:	unix	Class:	patch
Reference(s):	ELSA-2007:1078-02 CVE-2007-5503	Version:	6
Platform(s):	Oracle Linux 5	Product(s):	cairo
Definition Synopsis:
Oracle Linux 5.x rpm test cairo-devel is earlier than 0:1.2.4-3.el5_1 AND cairo is earlier than 0:1.2.4-3.el5_1

Definition Id: oval:org.mitre.oval:def:22177

Oval ID:	oval:org.mitre.oval:def:22177
Title:	ELSA-2008:0789: dnsmasq security update (Moderate)
Description:	The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability" or "the Kaminsky bug."
Family:	unix	Class:	patch
Reference(s):	ELSA-2008:0789-01 CVE-2008-1447	Version:	6
Platform(s):	Oracle Linux 5	Product(s):	dnsmasq
Definition Synopsis:
Oracle Linux 5.x AND dnsmasq is earlier than 0:2.45-1.el5_2.1

Definition Id: oval:org.mitre.oval:def:22555

Oval ID:	oval:org.mitre.oval:def:22555
Title:	ELSA-2007:0992: libpng security update (Moderate)
Description:	Certain chunk handlers in libpng before 1.0.29 and 1.2.x before 1.2.21 allow remote attackers to cause a denial of service (crash) via crafted (1) pCAL (png_handle_pCAL), (2) sCAL (png_handle_sCAL), (3) tEXt (png_push_read_tEXt), (4) iTXt (png_handle_iTXt), and (5) ztXT (png_handle_ztXt) chunking in PNG images, which trigger out-of-bounds read operations.
Family:	unix	Class:	patch
Reference(s):	ELSA-2007:0992-02 CVE-2007-5269	Version:	6
Platform(s):	Oracle Linux 5	Product(s):	libpng libpng10
Definition Synopsis:
Oracle Linux 5.x rpm test libpng is earlier than 2:1.2.10-7.1.el5_0.1 AND libpng-devel is earlier than 2:1.2.10-7.1.el5_0.1

Definition Id: oval:org.mitre.oval:def:22715

Oval ID:	oval:org.mitre.oval:def:22715
Title:	ELSA-2008:0556: freetype security update (Important)
Description:	Multiple off-by-one errors in FreeType2 before 2.3.6 allow context-dependent attackers to execute arbitrary code via (1) a crafted table in a Printer Font Binary (PFB) file or (2) a crafted SHC instruction in a TrueType Font (TTF) file, which triggers a heap-based buffer overflow.
Family:	unix	Class:	patch
Reference(s):	ELSA-2008:0556-02 CVE-2008-1806 CVE-2008-1807 CVE-2008-1808	Version:	17
Platform(s):	Oracle Linux 5	Product(s):	freetype
Definition Synopsis:
Oracle Linux 5.x rpm test freetype is earlier than 0:2.2.1-20.el5_2 AND freetype-demos is earlier than 0:2.2.1-20.el5_2 AND freetype-devel is earlier than 0:2.2.1-20.el5_2

Definition Id: oval:org.mitre.oval:def:22744

Oval ID:	oval:org.mitre.oval:def:22744
Title:	ELSA-2009:0333: libpng security update (Moderate)
Description:	The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialized pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables.
Family:	unix	Class:	patch
Reference(s):	ELSA-2009:0333-01 CVE-2008-1382 CVE-2009-0040	Version:	13
Platform(s):	Oracle Linux 5	Product(s):	libpng libpng10
Definition Synopsis:
Oracle Linux 5.x rpm test libpng is earlier than 2:1.2.10-7.1.el5_3.2 AND libpng-devel is earlier than 2:1.2.10-7.1.el5_3.2

Definition Id: oval:org.mitre.oval:def:28787

Oval ID:	oval:org.mitre.oval:def:28787
Title:	RHSA-2008:0533 -- bind security update (Important)
Description:	Updated bind packages that help mitigate DNS spoofing attacks are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. We have updated the Enterprise Linux 5 packages in this advisory. The default and sample caching-nameserver configuration files have been updated so that they do not specify a fixed query-source port. Administrators wishing to take advantage of randomized UDP source ports should check their configuration file to ensure they have not specified fixed query-source ports. ISC BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols.
Family:	unix	Class:	patch
Reference(s):	RHSA-2008:0533 CESA-2008:0533-CentOS 5 CESA-2008:0533-CentOS 2 CESA-2008:0533-CentOS 3 CVE-2008-1447	Version:	3
Platform(s):	Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 5 CentOS Linux 2 CentOS Linux 3	Product(s):	bind selinux-policy-targeted selinux-policy
Definition Synopsis:
Red Hat Enterprise Linux 5 release section The operating system installed on the system is Red Hat Enterprise Linux 5 Packages match section bind-chroot is earlier than 30:9.3.4-6.0.2.P1.el5_2 AND bind-devel is earlier than 30:9.3.4-6.0.2.P1.el5_2 AND bind-libbind-devel is earlier than 30:9.3.4-6.0.2.P1.el5_2 AND caching-nameserver is earlier than 30:9.3.4-6.0.2.P1.el5_2 AND selinux-policy-devel is earlier than 0:2.4.6-137.1.el5_2 AND bind is earlier than 30:9.3.4-6.0.2.P1.el5_2 AND bind-libs is earlier than 30:9.3.4-6.0.2.P1.el5_2 AND bind-sdb is earlier than 30:9.3.4-6.0.2.P1.el5_2 AND bind-utils is earlier than 30:9.3.4-6.0.2.P1.el5_2 AND selinux-policy is earlier than 0:2.4.6-137.1.el5_2 AND selinux-policy-mls is earlier than 0:2.4.6-137.1.el5_2 AND selinux-policy-strict is earlier than 0:2.4.6-137.1.el5_2 AND selinux-policy-targeted is earlier than 0:2.4.6-137.1.el5_2 AND Red Hat Enterprise Linux 3 release section The operating system installed on the system is Red Hat Enterprise Linux 3 Packages match section bind is earlier than 30:9.2.4-22.el3 AND bind-chroot is earlier than 30:9.2.4-22.el3 AND bind-devel is earlier than 30:9.2.4-22.el3 AND bind-libs is earlier than 30:9.2.4-22.el3 AND bind-utils is earlier than 30:9.2.4-22.el3 AND Red Hat Enterprise Linux 4 release section The operating system installed on the system is Red Hat Enterprise Linux 4 Packages match section bind is earlier than 30:9.2.4-28.0.1.el4 AND bind-chroot is earlier than 30:9.2.4-28.0.1.el4 AND bind-devel is earlier than 30:9.2.4-28.0.1.el4 AND bind-libs is earlier than 30:9.2.4-28.0.1.el4 AND bind-utils is earlier than 30:9.2.4-28.0.1.el4 AND selinux-policy-targeted is earlier than 0:1.17.30-2.150.el4 AND selinux-policy-targeted-sources is earlier than 0:1.17.30-2.150.el4 AND CentOS Linux 5 release section The operating system installed on the system is CentOS Linux 5.x Packages match section bind is earlier than 30:9.3.4-6.0.1.P1.el5_2 AND bind-chroot is earlier than 30:9.3.4-6.0.1.P1.el5_2 AND bind-devel is earlier than 30:9.3.4-6.0.1.P1.el5_2 AND bind-libbind-devel is earlier than 30:9.3.4-6.0.1.P1.el5_2 AND bind-libs is earlier than 30:9.3.4-6.0.1.P1.el5_2 AND bind-sdb is earlier than 30:9.3.4-6.0.1.P1.el5_2 AND bind-utils is earlier than 30:9.3.4-6.0.1.P1.el5_2 AND caching-nameserver is earlier than 30:9.3.4-6.0.1.P1.el5_2 AND selinux-policy is earlier than 0:2.4.6-137.1.el5 AND selinux-policy-devel is earlier than 0:2.4.6-137.1.el5 AND selinux-policy-mls is earlier than 0:2.4.6-137.1.el5 AND selinux-policy-strict is earlier than 0:2.4.6-137.1.el5 AND selinux-policy-targeted is earlier than 0:2.4.6-137.1.el5

Definition Id: oval:org.mitre.oval:def:29167

Oval ID:	oval:org.mitre.oval:def:29167
Title:	RHSA-2008:0789 -- dnsmasq security update (Moderate)
Description:	An updated dnsmasq package that implements UDP source-port randomization is now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Dnsmasq is lightweight DNS forwarder and DHCP server. It is designed to provide DNS and, optionally, DHCP, to a small network. The dnsmasq DNS resolver used a fixed source UDP port. This could have made DNS spoofing attacks easier. dnsmasq has been updated to use random UDP source ports, helping to make DNS spoofing attacks harder. (CVE-2008-1447) All dnsmasq users are advised to upgrade to this updated package, that upgrades dnsmasq to version 2.45, which resolves this issue.
Family:	unix	Class:	patch
Reference(s):	RHSA-2008:0789 CVE-2008-1447	Version:	3
Platform(s):	Red Hat Enterprise Linux 5	Product(s):	dnsmasq
Definition Synopsis:
The operating system installed on the system is Red Hat Enterprise Linux 5 AND dnsmasq is earlier than 0:2.45-1.el5_2.1

Definition Id: oval:org.mitre.oval:def:29196

Oval ID:	oval:org.mitre.oval:def:29196
Title:	RHSA-2009:0333 -- libpng security update (Moderate)
Description:	Updated libpng and libpng10 packages that fix a couple of security issues are now available for Red Hat Enterprise Linux 2.1, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The libpng packages contain a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. A flaw was discovered in libpng that could result in libpng trying to freerandom memory if certain, unlikely error conditions occurred. If a carefully-crafted PNG file was loaded by an application linked against libpng, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2009-0040)
Family:	unix	Class:	patch
Reference(s):	RHSA-2009:0333 CESA-2009:0333-CentOS 2 CVE-2008-1382 CVE-2009-0040	Version:	3
Platform(s):	Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 4 CentOS Linux 2	Product(s):	libpng libpng10
Definition Synopsis:
Red Hat Enterprise Linux 5 release section The operating system installed on the system is Red Hat Enterprise Linux 5 Packages match section libpng-devel is earlier than 2:1.2.10-7.1.el5_3.2 AND libpng is earlier than 2:1.2.10-7.1.el5_3.2 AND Red Hat Enterprise Linux 4 release section The operating system installed on the system is Red Hat Enterprise Linux 4 Packages match section libpng is earlier than 2:1.2.7-3.el4_7.2 AND libpng-devel is earlier than 2:1.2.7-3.el4_7.2 AND libpng10 is earlier than 2:1.0.16-3.el4_7.3 AND libpng10-devel is earlier than 2:1.0.16-3.el4_7.3

Definition Id: oval:org.mitre.oval:def:4768

Oval ID:	oval:org.mitre.oval:def:4768
Title:	VMware Unsafe Library Path in vmware-authd Lets Local Users Gain Elevated Privileges
Description:	Untrusted search path vulnerability in vmware-authd in VMware Workstation 5.x before 5.5.7 build 91707 and 6.x before 6.0.4 build 93057, VMware Player 1.x before 1.0.7 build 91707 and 2.x before 2.0.4 build 93057, and VMware Server before 1.0.6 build 91891 on Linux, and VMware ESXi 3.5 and VMware ESX 2.5.4 through 3.5, allows local users to gain privileges via a library path option in a configuration file.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2008-0967	Version:	3
Platform(s):	VMWare ESX Server 3 VMWare ESX Server 2	Product(s):
Definition Synopsis:
VMWare ESX Server 3.0.2 meets CVE-2008-0967 VMWare ESX Server 3.0.2 is installed AND All patches must be installed to not be vulnerable Patch ESX-1004727 is not installed AND Patch ESX-1004821 is not installed AND Patch ESX-1004216 is not installed AND Patch ESX-1004726 is not installed AND Patch ESX-1004722 is not installed AND Patch ESX-1004724 is not installed AND Patch ESX-1004719 is not installed AND Patch ESX-1004219 is not installed OR VMWare ESX Server 3.0.1 meets CVE-2008-0967 VMWare ESX Server 3.0.1 is installed AND All patches must be installed to not be vulnerable Patch ESX-1004186 is not installed AND Patch ESX-1004728 is not installed AND Patch ESX-1004725 is not installed AND Patch ESX-1004721 is not installed AND Patch ESX-1004723 is not installed AND Patch ESX-1004190 is not installed AND Patch ESX-1004189 is not installed OR VMWare ESX Server 2.5.5 meets CVE-2008-0967 VMWare ESX Server 2.5.5 build 57619 or higher is installed AND VMWare ESX Server 2.5.5 upgrade patch 8 is not installed OR VMWare ESX Server 2.5.4 meets CVE-2008-0967 VMWare ESX Server 2.5.4 build 32233 or higher is installed AND VMWare ESX Server 2.5.4 upgrade patch 19 is not installed

Definition Id: oval:org.mitre.oval:def:5081

Oval ID:	oval:org.mitre.oval:def:5081
Title:	VMware Buffer Overflows in VIX API Let Local Users Execute Arbitrary Code
Description:	Multiple buffer overflows in VIX API 1.1.x before 1.1.4 build 93057 on VMware Workstation 5.x and 6.x, VMware Player 1.x and 2.x, VMware ACE 2.x, VMware Server 1.x, VMware Fusion 1.x, VMware ESXi 3.5, and VMware ESX 3.0.1 through 3.5 allow guest OS users to execute arbitrary code on the host OS via unspecified vectors.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2008-2100	Version:	3
Platform(s):	VMWare ESX Server 3 VMWare ESX Server 2	Product(s):
Definition Synopsis:
VMWare ESX Server 3.0.2 meets CVE-2008-2100 VMWare ESX Server 3.0.2 is installed AND All patches must be installed to not be vulnerable Patch ESX-1004727 is not installed AND Patch ESX-1004821 is not installed AND Patch ESX-1004216 is not installed AND Patch ESX-1004726 is not installed AND Patch ESX-1004722 is not installed AND Patch ESX-1004724 is not installed AND Patch ESX-1004719 is not installed AND Patch ESX-1004219 is not installed OR VMWare ESX Server 3.0.1 meets CVE-2008-2100 VMWare ESX Server 3.0.1 is installed AND All patches must be installed to not be vulnerable Patch ESX-1004186 is not installed AND Patch ESX-1004728 is not installed AND Patch ESX-1004725 is not installed AND Patch ESX-1004721 is not installed AND Patch ESX-1004723 is not installed AND Patch ESX-1004190 is not installed AND Patch ESX-1004189 is not installed OR VMWare ESX Server 2.5.5 meets CVE-2008-2100 VMWare ESX Server 2.5.5 build 57619 or higher is installed AND VMWare ESX Server 2.5.5 upgrade patch 8 is not installed OR VMWare ESX Server 2.5.4 meets CVE-2008-2100 VMWare ESX Server 2.5.4 build 32233 or higher is installed AND VMWare ESX Server 2.5.4 upgrade patch 19 is not installed

Definition Id: oval:org.mitre.oval:def:5358

Oval ID:	oval:org.mitre.oval:def:5358
Title:	VMware Tools Input Validation Flaw in Windows Guest OS Lets Local Users Gain Elevated Privileges
Description:	HGFS.sys in the VMware Tools package in VMware Workstation 5.x before 5.5.6 build 80404, VMware Player before 1.0.6 build 80404, VMware ACE before 1.0.5 build 79846, VMware Server before 1.0.5 build 80187, and VMware ESX 2.5.4 through 3.0.2 does not properly validate arguments in user-mode METHOD_NEITHER IOCTLs to the \\.\hgfs device, which allows guest OS users to modify arbitrary memory locations in guest kernel memory and gain privileges.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2007-5671	Version:	3
Platform(s):	VMWare ESX Server 3 VMWare ESX Server 2	Product(s):
Definition Synopsis:
VMWare ESX Server 3.0.2 meets CVE-2007-5671 VMWare ESX Server 3.0.2 is installed AND All patches must be installed to not be vulnerable Patch ESX-1004727 is not installed AND Patch ESX-1004821 is not installed AND Patch ESX-1004216 is not installed AND Patch ESX-1004726 is not installed AND Patch ESX-1004722 is not installed AND Patch ESX-1004724 is not installed AND Patch ESX-1004719 is not installed AND Patch ESX-1004219 is not installed OR VMWare ESX Server 3.0.1 meets CVE-2007-5671 VMWare ESX Server 3.0.1 is installed AND All patches must be installed to not be vulnerable Patch ESX-1004186 is not installed AND Patch ESX-1004728 is not installed AND Patch ESX-1004725 is not installed AND Patch ESX-1004721 is not installed AND Patch ESX-1004723 is not installed AND Patch ESX-1004190 is not installed AND Patch ESX-1004189 is not installed OR VMWare ESX Server 2.5.5 meets CVE-2007-5671 VMWare ESX Server 2.5.5 build 57619 or higher is installed AND VMWare ESX Server 2.5.5 upgrade patch 8 is not installed OR VMWare ESX Server 2.5.4 meets CVE-2007-5671 VMWare ESX Server 2.5.4 build 32233 or higher is installed AND VMWare ESX Server 2.5.4 upgrade patch 19 is not installed

Definition Id: oval:org.mitre.oval:def:5583

Oval ID:	oval:org.mitre.oval:def:5583
Title:	VMware Unsafe Library Path in vmware-authd Lets Local Users Gain Elevated Privileges
Description:	Untrusted search path vulnerability in vmware-authd in VMware Workstation 5.x before 5.5.7 build 91707 and 6.x before 6.0.4 build 93057, VMware Player 1.x before 1.0.7 build 91707 and 2.x before 2.0.4 build 93057, and VMware Server before 1.0.6 build 91891 on Linux, and VMware ESXi 3.5 and VMware ESX 2.5.4 through 3.5, allows local users to gain privileges via a library path option in a configuration file.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2008-0967	Version:	3
Platform(s):	VMWare ESX Server 3 VMWare ESX Server 2	Product(s):
Definition Synopsis:
VMWare ESX Server 3.0.2 meets CVE-2008-0967 VMWare ESX Server 3.0.2 is installed AND All patches must be installed to not be vulnerable Patch ESX-1004727 is not installed AND Patch ESX-1004821 is not installed AND Patch ESX-1004216 is not installed AND Patch ESX-1004726 is not installed AND Patch ESX-1004722 is not installed AND Patch ESX-1004724 is not installed AND Patch ESX-1004719 is not installed AND Patch ESX-1004219 is not installed OR VMWare ESX Server 3.0.1 meets CVE-2008-0967 VMWare ESX Server 3.0.1 is installed AND All patches must be installed to not be vulnerable Patch ESX-1004186 is not installed AND Patch ESX-1004728 is not installed AND Patch ESX-1004725 is not installed AND Patch ESX-1004721 is not installed AND Patch ESX-1004723 is not installed AND Patch ESX-1004190 is not installed AND Patch ESX-1004189 is not installed OR VMWare ESX Server 2.5.5 meets CVE-2008-0967 VMWare ESX Server 2.5.5 build 57619 or higher is installed AND VMWare ESX Server 2.5.5 upgrade patch 8 is not installed OR VMWare ESX Server 2.5.4 meets CVE-2008-0967 VMWare ESX Server 2.5.4 build 32233 or higher is installed AND VMWare ESX Server 2.5.4 upgrade patch 19 is not installed

Definition Id: oval:org.mitre.oval:def:5647

Oval ID:	oval:org.mitre.oval:def:5647
Title:	VMware Buffer Overflows in VIX API Let Local Users Execute Arbitrary Code
Description:	Multiple buffer overflows in VIX API 1.1.x before 1.1.4 build 93057 on VMware Workstation 5.x and 6.x, VMware Player 1.x and 2.x, VMware ACE 2.x, VMware Server 1.x, VMware Fusion 1.x, VMware ESXi 3.5, and VMware ESX 3.0.1 through 3.5 allow guest OS users to execute arbitrary code on the host OS via unspecified vectors.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2008-2100	Version:	3
Platform(s):	VMWare ESX Server 3 VMWare ESX Server 2	Product(s):
Definition Synopsis:
VMWare ESX Server 3.0.2 meets CVE-2008-2100 VMWare ESX Server 3.0.2 is installed AND All patches must be installed to not be vulnerable Patch ESX-1004727 is not installed AND Patch ESX-1004821 is not installed AND Patch ESX-1004216 is not installed AND Patch ESX-1004726 is not installed AND Patch ESX-1004722 is not installed AND Patch ESX-1004724 is not installed AND Patch ESX-1004719 is not installed AND Patch ESX-1004219 is not installed OR VMWare ESX Server 3.0.1 meets CVE-2008-2100 VMWare ESX Server 3.0.1 is installed AND All patches must be installed to not be vulnerable Patch ESX-1004186 is not installed AND Patch ESX-1004728 is not installed AND Patch ESX-1004725 is not installed AND Patch ESX-1004721 is not installed AND Patch ESX-1004723 is not installed AND Patch ESX-1004190 is not installed AND Patch ESX-1004189 is not installed OR VMWare ESX Server 2.5.5 meets CVE-2008-2100 VMWare ESX Server 2.5.5 build 57619 or higher is installed AND VMWare ESX Server 2.5.5 upgrade patch 8 is not installed OR VMWare ESX Server 2.5.4 meets CVE-2008-2100 VMWare ESX Server 2.5.4 build 32233 or higher is installed AND VMWare ESX Server 2.5.4 upgrade patch 19 is not installed

Definition Id: oval:org.mitre.oval:def:5688

Oval ID:	oval:org.mitre.oval:def:5688
Title:	VMware Tools Input Validation Flaw in Windows Guest OS Lets Local Users Gain Elevated Privileges
Description:	HGFS.sys in the VMware Tools package in VMware Workstation 5.x before 5.5.6 build 80404, VMware Player before 1.0.6 build 80404, VMware ACE before 1.0.5 build 79846, VMware Server before 1.0.5 build 80187, and VMware ESX 2.5.4 through 3.0.2 does not properly validate arguments in user-mode METHOD_NEITHER IOCTLs to the \\.\hgfs device, which allows guest OS users to modify arbitrary memory locations in guest kernel memory and gain privileges.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2007-5671	Version:	3
Platform(s):	VMWare ESX Server 3 VMWare ESX Server 2	Product(s):
Definition Synopsis:
VMWare ESX Server 3.0.2 meets CVE-2007-5671 VMWare ESX Server 3.0.2 is installed AND All patches must be installed to not be vulnerable Patch ESX-1004727 is not installed AND Patch ESX-1004821 is not installed AND Patch ESX-1004216 is not installed AND Patch ESX-1004726 is not installed AND Patch ESX-1004722 is not installed AND Patch ESX-1004724 is not installed AND Patch ESX-1004719 is not installed AND Patch ESX-1004219 is not installed OR VMWare ESX Server 3.0.1 meets CVE-2007-5671 VMWare ESX Server 3.0.1 is installed AND All patches must be installed to not be vulnerable Patch ESX-1004186 is not installed AND Patch ESX-1004728 is not installed AND Patch ESX-1004725 is not installed AND Patch ESX-1004721 is not installed AND Patch ESX-1004723 is not installed AND Patch ESX-1004190 is not installed AND Patch ESX-1004189 is not installed OR VMWare ESX Server 2.5.5 meets CVE-2007-5671 VMWare ESX Server 2.5.5 build 57619 or higher is installed AND VMWare ESX Server 2.5.5 upgrade patch 8 is not installed OR VMWare ESX Server 2.5.4 meets CVE-2007-5671 VMWare ESX Server 2.5.4 build 32233 or higher is installed AND VMWare ESX Server 2.5.4 upgrade patch 19 is not installed

Definition Id: oval:org.mitre.oval:def:5725

Oval ID:	oval:org.mitre.oval:def:5725
Title:	DNS Insufficient Socket Entropy Vulnerability
Description:	The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability" or "the Kaminsky bug."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2008-1447	Version:	3
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003	Product(s):
Definition Synopsis:
Win 2K SP4 and vulnerable version of file Microsoft Windows 2000 SP4 or later is installed AND Check for vulnerable version of server or client file dnsapi.dll version is less than 5.0.2195.7280 AND Dns.exe version is less than 5.0.2195.7162 OR Win XP SP2 X86 and vulnerable version of client file Microsoft Windows XP (x86) SP2 is installed AND dnsapi.dll version is less than 5.1.2600.3394 OR Win XP SP3 X86 and vulnerable version of client file Microsoft Windows XP (x86) SP3 is installed AND dnsapi.dll version is less than 5.1.2600.5625 OR Win XP X64 SP1 and vulnerable version of client file Microsoft Windows XP Professional x64 Edition SP1 is installed AND dnsapi.dll version is less than 5.2.3790.3161 OR Win XP X64 and vulnerable version of client file Microsoft Windows XP x64 Edition SP2 is installed AND dnsapi.dll version is less than 5.2.3790.4318 OR Win 2k3 SP1 and vulnerable version of client or server file Win 2K3 SP1 (X86/ X64/IA64) Microsoft Windows Server 2003 SP1 (x86) is installed AND Microsoft Windows Server 2003 (x64) is installed AND Microsoft Windows Server 2003 SP1 for Itanium is installed AND Check for vulnerable version of client or server file dnsapi.dll version is less than 5.2.3790.3161 AND dns.exe version is less than 5.2.3790.3161 OR Win 2k3 SP2 and vulnerable version of client or server file Win 2K3 SP2 (X86/ X64/IA64) Microsoft Windows Server 2003 SP2 (x86) is installed AND Microsoft Windows Server 2003 SP2 (x64) is installed AND Microsoft Windows Server 2003 (ia64) SP2 is installed AND Check for vulnerable version of client or server file dnsapi.dll version is less than 5.2.3790.4318 AND dns.exe version is less than 5.2.3790.4318

Definition Id: oval:org.mitre.oval:def:5761

Oval ID:	oval:org.mitre.oval:def:5761
Title:	HP-UX Running BIND, Remote DNS Cache Poisoning
Description:	The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability" or "the Kaminsky bug."
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2008-1447	Version:	9
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
Criteria meets HP Security Bulletin HPSBUX02351 HP Release B.11.11 AND BindUpgrade.BIND-UPGRADE version is less than C.9.3.2.3.0 OR Criteria meets HP Security Bulletin HPSBUX02351 HP Release B.11.23 AND filesets tests InternetSrvcs.INETSVCS-INETD is installed AND InternetSrvcs.INETSVCS-RUN is installed AND InternetSrvcs.INETSVCS2-RUN is installed AND NOT Patch PHNE_37865 is installed OR Criteria meets HP Security Bulletin HPSBUX02351 HP Release B.11.23 AND filesets tests BindUpgrade.BIND-UPGRADE version is less than C.9.3.2.3.0 AND BindUpgrade.BIND2-UPGRADE version is less than C.9.3.2.3.0 OR Criteria meets HP Security Bulletin HPSBUX02351 HP Release B.11.11 AND BINDv920.INETSVCS-BIND version is less than B.11.11.01.011 OR Criteria meets HP Security Bulletin HPSBUX02351 HP-UX B.11.31 AND filesets tests NameService.BIND-AUX version is less than C.9.3.2.3.0 AND NameService.BIND-RUN version is less than C.9.3.2.3.0

Definition Id: oval:org.mitre.oval:def:5786

Oval ID:	oval:org.mitre.oval:def:5786
Title:	VMWare Guest Virtual Device Driver Vulnerability
Description:	Heap-based buffer overflow in the VNnc Codec in VMware Workstation 6.5.x before 6.5.2 build 156735, VMware Player 2.5.x before 2.5.2 build 156735, VMware ACE 2.5.x before 2.5.2 build 156735, and VMware Server 2.0.x before 2.0.1 build 156745 allows remote attackers to execute arbitrary code via a crafted web page or video file, aka ZDI-CAN-436.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-0910	Version:	2
Platform(s):	VMWare ESX Server 3 VMWare ESX Server 3.5	Product(s):
Definition Synopsis:
IF VMWare ESX Server 3.0.3 is installed AND Patch ESX303-200811401-BG is not installed OR VMWare ESX Server 3.0.2 is installed AND Patch ESX-1006980 is not installed OR VMware ESX Server 3.5.0 is installed AND Patch ESX350-200811401-SG is not installed

Definition Id: oval:org.mitre.oval:def:5917

Oval ID:	oval:org.mitre.oval:def:5917
Title:	Security Vulnerability in the DNS Protocol May Lead to DNS Cache Poisoning
Description:	The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability" or "the Kaminsky bug."
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2008-1447	Version:	1
Platform(s):	Sun Solaris 8 Sun Solaris 9 Sun Solaris 10	Product(s):
Definition Synopsis:
Software Section Solaris 8 (SPARC) meets Sun Alert 239392 Solaris 8 (SPARC) is installed AND NOT Patch 109326-23 or later installed OR Solaris 9 (SPARC) meets Sun Alert 239392 Solaris 9 (SPARC) is installed AND NOT Patch 112837-15 or later installed OR Solaris 10 (SPARC) meets Sun Alert 239392 Solaris 10 (SPARC) is installed AND NOT Patch 119783-06 or later installed OR Solaris 8 (x86) meets Sun Alert 239392 Solaris 8 (x86) is installed AND NOT Patch 109327-23 or later installed OR Solaris 9 (x86) meets Sun Alert 239392 Solaris 9 (x86) is installed AND NOT Patch 114265-14 or later installed OR Solaris 10 (x86) meets Sun Alert 239392 Solaris 10 (x86) is installed AND NOT Patch 119784-06 or later installed AND in.named running

Definition Id: oval:org.mitre.oval:def:6065

Oval ID:	oval:org.mitre.oval:def:6065
Title:	VMware Multiple Hosted Products Display Function Code Execution Vulnerability
Description:	Unspecified vulnerability in the virtual machine display function in VMware Workstation 6.5.1 and earlier; VMware Player 2.5.1 and earlier; VMware ACE 2.5.1 and earlier; VMware Server 1.x before 1.0.9 build 156507 and 2.x before 2.0.1 build 156745; VMware Fusion before 2.0.4 build 159196; VMware ESXi 3.5; and VMware ESX 3.0.2, 3.0.3, and 3.5 allows guest OS users to execute arbitrary code on the host OS via unknown vectors, a different vulnerability than CVE-2008-4916.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-1244	Version:	1
Platform(s):	VMWare ESX Server 3 VMWare ESX Server 3.5	Product(s):
Definition Synopsis:
IF VMWare ESX Server 3.0.3 is installed AND Patch ESX303-200904403-SG is not installed OR VMWare ESX Server 3.0.2 is installed AND Patch ESX-1008421 is not installed OR VMware ESX Server 3.5.0 is installed AND Patch ESX350-200904201-SG is not installed

Definition Id: oval:org.mitre.oval:def:6246

Oval ID:	oval:org.mitre.oval:def:6246
Title:	VMware ESX Virtual Hardware Memory Access Bug Lets Local Users Gain Elevated Privileges
Description:	Unspecified vulnerability in VMware Workstation 5.5.8 and earlier, and 6.0.5 and earlier 6.x versions; VMware Player 1.0.8 and earlier, and 2.0.5 and earlier 2.x versions; VMware Server 1.0.9 and earlier; VMware ESXi 3.5; and VMware ESX 3.0.2 through 3.5 allows guest OS users to have an unknown impact by sending the virtual hardware a request that triggers an arbitrary physical-memory write operation, leading to memory corruption.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2008-4917	Version:	3
Platform(s):	VMWare ESX Server 3 VMWare ESX Server 3.5	Product(s):
Definition Synopsis:
IF VMWare ESX Server 3.0.3 is installed AND All patches must be installed to not be vulnerable Patch ESX303-200811401-BG is not installed AND Patch ESX303-200811404-BG is not installed OR VMWare ESX Server 3.0.2 is installed AND All patches must be installed to not be vulnerable Patch ESX-1006980 is not installed AND Patch ESX-1006982 is not installed OR VMware ESX Server 3.5.0 is installed AND All patches must be installed to not be vulnerable Patch ESX350-200811401-SG is not installed AND Patch ESX350-200811406-SG is not installed

Definition Id: oval:org.mitre.oval:def:6251

Oval ID:	oval:org.mitre.oval:def:6251
Title:	VMware Heap Overflows in VNnc Codec Lets Remote Users Execute Arbitrary Code
Description:	Heap-based buffer overflow in the VNnc Codec in VMware Workstation 6.5.x before 6.5.2 build 156735, VMware Player 2.5.x before 2.5.2 build 156735, VMware ACE 2.5.x before 2.5.2 build 156735, and VMware Server 2.0.x before 2.0.1 build 156745 allows remote attackers to execute arbitrary code via a crafted web page or video file, aka ZDI-CAN-435.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-0909	Version:	2
Platform(s):	VMWare ESX Server 3 VMWare ESX Server 3.5	Product(s):
Definition Synopsis:
IF VMWare ESX Server 3.0.3 is installed AND Patch ESX303-200811401-BG is not installed OR VMWare ESX Server 3.0.2 is installed AND Patch ESX-1006980 is not installed OR VMware ESX Server 3.5.0 is installed AND Patch ESX350-200811401-SG is not installed

Definition Id: oval:org.mitre.oval:def:6309

Oval ID:	oval:org.mitre.oval:def:6309
Title:	VMware CPU Hardware Emulation Bug Lets Local Users Gain Elevated Privileges
Description:	The CPU hardware emulation in VMware Workstation 6.0.5 and earlier and 5.5.8 and earlier; Player 2.0.x through 2.0.5 and 1.0.x through 1.0.8; ACE 2.0.x through 2.0.5 and earlier, and 1.0.x through 1.0.7; Server 1.0.x through 1.0.7; ESX 2.5.4 through 3.5; and ESXi 3.5, when running 32-bit and 64-bit guest operating systems, does not properly handle the Trap flag, which allows authenticated guest OS users to gain privileges on the guest OS.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2008-4915	Version:	3
Platform(s):	VMWare ESX Server 3 VMWare ESX Server 3.5	Product(s):
Definition Synopsis:
IF VMWare ESX Server 3.0.3 is installed AND Patch ESX303-200810501-BG is not installed OR VMWare ESX Server 3.0.2 is installed AND Patch ESX-1006680 is not installed OR VMware ESX Server 3.5.0 is installed AND Patch ESX350-200810201-UG is not installed

Definition Id: oval:org.mitre.oval:def:6439

Oval ID:	oval:org.mitre.oval:def:6439
Title:	VMware Guest Virtual Device Driver Bug Lets Local Users Deny Service
Description:	Unspecified vulnerability in a guest virtual device driver in VMware Workstation before 5.5.9 build 126128, and 6.5.1 and earlier 6.x versions; VMware Player before 1.0.9 build 126128, and 2.5.1 and earlier 2.x versions; VMware ACE before 1.0.8 build 125922, and 2.5.1 and earlier 2.x versions; VMware Server 1.x before 1.0.8 build 126538 and 2.0.x before 2.0.1 build 156745; VMware Fusion before 2.0.1; VMware ESXi 3.5; and VMware ESX 3.0.2, 3.0.3, and 3.5 allows guest OS users to cause a denial of service (host OS crash) via unknown vectors.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2008-4916	Version:	1
Platform(s):	VMWare ESX Server 3 VMWare ESX Server 3.5	Product(s):
Definition Synopsis:
IF VMWare ESX Server 3.0.3 is installed AND Patch ESX303-200811401-BG is not installed OR VMWare ESX Server 3.0.2 is installed AND Patch ESX-1006980 is not installed OR VMware ESX Server 3.5.0 is installed AND Patch ESX350-200811401-SG is not installed

Definition Id: oval:org.mitre.oval:def:6458

Oval ID:	oval:org.mitre.oval:def:6458
Title:	Libpng Library Uninitialized Pointer Arrays Memory Corruption Vulnerability
Description:	The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialized pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-0040	Version:	1
Platform(s):	VMWare ESX Server 3 VMWare ESX Server 3.5	Product(s):
Definition Synopsis:
IF VMWare ESX Server 3.0.3 is installed AND Patch ESX303-200905401-SG is not installed OR VMWare ESX Server 3.0.2 is installed AND Patch ESX-1008420 is not installed OR VMware ESX Server 3.5.0 is installed AND Patch ESX350-200904401-BG is not installed

Definition Id: oval:org.mitre.oval:def:6557

Oval ID:	oval:org.mitre.oval:def:6557
Title:	DSA-1750 libpng -- several vulnerabilities
Description:	Several vulnerabilities have been discovered in libpng, a library for reading and writing PNG files. The Common Vulnerabilities and Exposures project identifies the following problems: The png_handle_tRNS function allows attackers to cause a denial of service (application crash) via a grayscale PNG image with a bad tRNS chunk CRC value. Certain chunk handlers allow attackers to cause a denial of service (crash) via crafted pCAL, sCAL, tEXt, iTXt, and ztXT chunking in PNG images, which trigger out-of-bounds read operations. libpng allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PNG file with zero length "unknown" chunks, which trigger an access of uninitialised memory. The png_check_keyword might allow context-dependent attackers to set the value of an arbitrary memory location to zero via vectors involving creation of crafted PNG files with keywords. A memory leak in the png_handle_tEXt function allows context-dependent attackers to cause a denial of service (memory exhaustion) via a crafted PNG file. libpng allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialised pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables.
Family:	unix	Class:	patch
Reference(s):	DSA-1750 CVE-2007-2445 CVE-2007-5269 CVE-2008-1382 CVE-2008-5907 CVE-2008-6218 CVE-2009-0040	Version:	3
Platform(s):	Debian GNU/Linux 5.0 Debian GNU/Linux 4.0	Product(s):	libpng
Definition Synopsis:
Release section Debian GNU/Linux 5.0 is installed AND Architecture section Architecture independent section Installed architecture is all AND libpng3 is earlier than 1.2.27-2+lenny2 OR Architecture dependent section Supported architectures section Installed architecture is s390 AND Installed architecture is amd64 AND Installed architecture is sparc AND Installed architecture is arm AND Installed architecture is i386 AND Installed architecture is armel AND Installed architecture is mips AND Installed architecture is ia64 AND Installed architecture is alpha AND Installed architecture is powerpc AND Installed architecture is mipsel AND Installed architecture is hppa AND Packages section libpng12-dev is earlier than 1.2.27-2+lenny2 AND libpng12-0 is earlier than 1.2.27-2+lenny2 OR Release section Debian GNU/Linux 4.0 is installed. AND Architecture section Architecture independent section Installed architecture is all AND libpng3 is earlier than 1.2.15~beta5-1+etch2 AND libpng12-dev is earlier than 1.2.15~beta5-1+etch2 AND libpng12-0 is earlier than 1.2.15~beta5-1+etch2

Definition Id: oval:org.mitre.oval:def:6863

Oval ID:	oval:org.mitre.oval:def:6863
Title:	WebAccess Virtual Machine Name Cross-site Scripting Vulnerability
Description:	Cross-site scripting (XSS) vulnerability in WebAccess in VMware VirtualCenter 2.0.2 and 2.5 and VMware ESX 3.0.3 and 3.5, and the Server Console in VMware Server 1.0, allows remote attackers to inject arbitrary web script or HTML via the name of a virtual machine.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2010-1137	Version:	3
Platform(s):	VMWare ESX Server 3.5	Product(s):
Definition Synopsis:
VMware ESX Server 3.5.0 is installed AND Patch ESX350-200903223-UG is not installed

Definition Id: oval:org.mitre.oval:def:7020

Oval ID:	oval:org.mitre.oval:def:7020
Title:	Windows-based VMware Tools Unsafe Library Loading vulnerability
Description:	VMware Tools in VMware Workstation 6.5.x before 6.5.4 build 246459; VMware Player 2.5.x before 2.5.4 build 246459; VMware ACE 2.5.x before 2.5.4 build 246459; VMware Server 2.x before 2.0.2 build 203138; VMware Fusion 2.x before 2.0.6 build 246742; VMware ESXi 3.5 and 4.0; and VMware ESX 2.5.5, 3.0.3, 3.5, and 4.0 does not properly access libraries, which allows user-assisted remote attackers to execute arbitrary code by tricking a Windows guest OS user into clicking on a file that is stored on a network share.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2010-1141	Version:	5
Platform(s):	VMWare ESX Server 3 VMWare ESX Server 3.5 VMWare ESX Server 4.0	Product(s):
Definition Synopsis:
IF VMWare ESX Server 3.0.3 is installed AND Patch ESX303-201002203-UG is not installed OR VMware ESX Server 3.5.0 is installed AND Patch ESX350-200912401-BG is not installed OR VMware ESX Server 4.0 is installed AND Patch ESX400-201002401-BG is not installed

Definition Id: oval:org.mitre.oval:def:7383

Oval ID:	oval:org.mitre.oval:def:7383
Title:	DSA-1635 freetype -- multiple vulnerabilities
Description:	Several local vulnerabilities have been discovered in freetype, a FreeType 2 font engine, which could allow the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: An integer overflow allows context-dependent attackers to execute arbitrary code via a crafted set of values within the Private dictionary table in a Printer Font Binary (PFB) file. The handling of an invalid number of axes field in the PFB file could trigger the freeing of arbitrary memory locations, leading to memory corruption. Multiple off-by-one errors allowed the execution of arbitrary code via malformed tables in PFB files, or invalid SHC instructions in TTF files.
Family:	unix	Class:	patch
Reference(s):	DSA-1635 CVE-2008-1806 CVE-2008-1807 CVE-2008-1808	Version:	3
Platform(s):	Debian GNU/Linux 4.0	Product(s):	freetype
Definition Synopsis:
Debian GNU/Linux 4.0 is installed. Supported architectures section Installed architecture is amd64 AND Installed architecture is sparc AND Installed architecture is arm AND Installed architecture is i386 AND Installed architecture is mips AND Installed architecture is ia64 AND Installed architecture is alpha AND Installed architecture is powerpc AND Installed architecture is mipsel AND Installed architecture is hppa Packages section libfreetype6-dev is earlier than 2.2.1-5+etch3 AND freetype2-demos is earlier than 2.2.1-5+etch3 AND libfreetype6 is earlier than 2.2.1-5+etch3

Definition Id: oval:org.mitre.oval:def:7531

Oval ID:	oval:org.mitre.oval:def:7531
Title:	DSA-1623 dnsmasq -- DNS cache poisoning
Description:	Dan Kaminsky discovered that properties inherent to the DNS protocol lead to practical DNS cache poisoning attacks. Among other things, successful attacks can lead to misdirected web traffic and email rerouting. This update changes Debian's dnsmasq packages to implement the recommended countermeasure: UDP query source port randomization. This change increases the size of the space from which an attacker has to guess values in a backwards-compatible fashion and makes successful attacks significantly more difficult. This update also switches the random number generator to Dan Bernstein's SURF.
Family:	unix	Class:	patch
Reference(s):	DSA-1623 CVE-2008-1447	Version:	3
Platform(s):	Debian GNU/Linux 4.0	Product(s):	dnsmasq
Definition Synopsis:
Debian GNU/Linux 4.0 is installed. Supported architectures section Installed architecture is s390 AND Installed architecture is amd64 AND Installed architecture is sparc AND Installed architecture is arm AND Installed architecture is i386 AND Installed architecture is ia64 AND Installed architecture is mips AND Installed architecture is powerpc AND Installed architecture is mipsel AND Installed architecture is hppa AND dnsmasq is earlier than 2.35-1+etch4

Definition Id: oval:org.mitre.oval:def:7660

Oval ID:	oval:org.mitre.oval:def:7660
Title:	DSA-1617 refpolicy -- incompatible policy
Description:	In DSA-1603-1, Debian released an update to the BIND 9 domain name server, which introduced UDP source port randomization to mitigate the threat of DNS cache poisoning attacks (identified by the Common Vulnerabilities and Exposures project as CVE-2008-1447). The fix, while correct, was incompatible with the version of SELinux Reference Policy shipped with Debian Etch, which did not permit a process running in the named_t domain to bind sockets to UDP ports other than the standard "domain" port (53). The incompatibility affects both the "targeted" and "strict" policy packages supplied by this version of refpolicy. This update to the refpolicy packages grants the ability to bind to arbitrary UDP ports to named_t processes. When installed, the updated packages will attempt to update the bind policy module on systems where it had been previously loaded and where the previous version of refpolicy was 0.0.20061018-5 or below. Because the Debian refpolicy packages are not yet designed with policy module upgradeability in mind, and because SELinux-enabled Debian systems often have some degree of site-specific policy customization, it is difficult to assure that the new bind policy can be successfully upgraded. To this end, the package upgrade will not abort if the bind policy update fails. The new policy module can be found at /usr/share/selinux/refpolicy-targeted/bind.pp after installation. Administrators wishing to use the bind service policy can reconcile any policy incompatibilities and install the upgrade manually thereafter. A more detailed discussion of the corrective procedure may be found on http://wiki.debian.org/SELinux/Issues/BindPortRandomization. For the stable distribution (etch), this problem has been fixed in version 0.0.20061018-5.1+etch1. The unstable distribution (sid) is not affected, as subsequent refpolicy releases have incorporated an analogous change. We recommend that you upgrade your refpolicy packages.
Family:	unix	Class:	patch
Reference(s):	DSA-1617 CVE-2008-1447	Version:	3
Platform(s):	Debian GNU/Linux 4.0	Product(s):	refpolicy
Definition Synopsis:
Debian GNU/Linux 4.0 is installed. AND Installed architecture is all Packages section selinux-policy-refpolicy-src is earlier than 0.0.20061018-5.1+etch1 AND selinux-policy-refpolicy-doc is earlier than 0.0.20061018-5.1+etch1 AND selinux-policy-refpolicy-strict is earlier than 0.0.20061018-5.1+etch1 AND selinux-policy-refpolicy-targeted is earlier than 0.0.20061018-5.1+etch1 AND selinux-policy-refpolicy-dev is earlier than 0.0.20061018-5.1+etch1

Definition Id: oval:org.mitre.oval:def:7822

Oval ID:	oval:org.mitre.oval:def:7822
Title:	VMware directory traversal vulnerability
Description:	Directory traversal vulnerability in VMware Server 1.x before 1.0.10 build 203137 and 2.x before 2.0.2 build 203138 on Linux, VMware ESXi 3.5, and VMware ESX 3.0.3 and 3.5 allows remote attackers to read arbitrary files via unspecified vectors.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-3733	Version:	2
Platform(s):	VMWare ESX Server 3 VMWare ESX Server 3.5	Product(s):
Definition Synopsis:
IF VMWare ESX Server 3.0.3 is installed AND Patch ESX303-200812406-BG is not installed OR Patch ESX350-200901401-SG is not installed AND VMware ESX Server 3.5.0 is installed AND Patch ESX350-200901401-SG is not installed

Definition Id: oval:org.mitre.oval:def:8092

Oval ID:	oval:org.mitre.oval:def:8092
Title:	DSA-1603 bind9 -- DNS cache poisoning
Description:	Dan Kaminsky discovered that properties inherent to the DNS protocol lead to practical DNS cache poisoning attacks. Among other things, successful attacks can lead to misdirected web traffic and email rerouting. This update changes Debian's BIND 9 packages to implement the recommended countermeasure: UDP query source port randomization. This change increases the size of the space from which an attacker has to guess values in a backwards-compatible fashion and makes successful attacks significantly more difficult. Note that this security update changes BIND network behavior in a fundamental way, and the following steps are recommended to ensure a smooth upgrade. 1. Make sure that your network configuration is compatible with source port randomization. If you guard your resolver with a stateless packet filter, you may need to make sure that no non-DNS services listen on the 1024--65535 UDP port range and open it at the packet filter. For instance, packet filters based on etch's Linux 2.6.18 kernel only support stateless filtering of IPv6 packets, and therefore pose this additional difficulty. (If you use IPv4 with iptables and ESTABLISHED rules, networking changes are likely not required.) 2. Install the BIND 9 upgrade, using "apt-get update" followed by "apt-get install bind9". Verify that the named process has been restarted and answers recursive queries. (If all queries result in timeouts, this indicates that networking changes are necessary; see the first step.) 3. Verify that source port randomization is active. Check that the /var/log/daemon.log file does not contain messages of the following form right after the "listening on IPv6 interface" and "listening on IPv4 interface" messages logged by BIND upon startup. If these messages are present, you should remove the indicated lines from the configuration, or replace the port numbers contained within them with "" sign (e.g., replace "port 53" with "port "). For additional certainty, use tcpdump or some other network monitoring tool to check for varying UDP source ports. If there is a NAT device in front of your resolver, make sure that it does not defeat the effect of source port randomization. 4. If you cannot activate source port randomization, consider configuring BIND 9 to forward queries to a resolver which can, possibly over a VPN such as OpenVPN to create the necessary trusted network link. (Use BIND's forward-only mode in this case.) Other caching resolvers distributed by Debian (PowerDNS, MaraDNS, Unbound) already employ source port randomization, and no updated packages are needed. BIND 9.5 up to and including version 1:9.5.0.dfsg-4 only implements a weak form of source port randomization and needs to be updated as well. For information on BIND 8, see DSA-1604-1, and for the status of the libc stub resolver, see DSA-1605-1. The updated bind9 packages contain changes originally scheduled for the next stable point release, including the changed IP address of L.ROOT-SERVERS.NET (Debian bug #449148).
Family:	unix	Class:	patch
Reference(s):	DSA-1603 CVE-2008-1447	Version:	5
Platform(s):	Debian GNU/Linux 4.0	Product(s):	bind9
Definition Synopsis:
Debian GNU/Linux 4.0 is installed. Architecture section Architecture independent section Installed architecture is all AND bind9-doc is earlier than 1:9.3.4-2etch3 AND dnsutils is earlier than 1:9.3.4-2etch3 AND libbind-dev is earlier than 1:9.3.4-2etch3 AND libdns22 is earlier than 1:9.3.4-2etch3 AND libisccfg1 is earlier than 1:9.3.4-2etch3 AND libisccc0 is earlier than 1:9.3.4-2etch3 AND libisc11 is earlier than 1:9.3.4-2etch3 AND libbind9-0 is earlier than 1:9.3.4-2etch3 AND bind9-host is earlier than 1:9.3.4-2etch3 AND bind9 is earlier than 1:9.3.4-2etch3 AND liblwres9 is earlier than 1:9.3.4-2etch3 AND lwresd is earlier than 1:9.3.4-2etch3

Definition Id: oval:org.mitre.oval:def:8136

Oval ID:	oval:org.mitre.oval:def:8136
Title:	DSA-1542 libcairo -- integer overflow
Description:	Peter Valchev (Google Security) discovered a series of integer overflow weaknesses in Cairo, a vector graphics rendering library used by many other applications. If an application uses cairo to render a maliciously crafted PNG image, the vulnerability allows the execution of arbitrary code.
Family:	unix	Class:	patch
Reference(s):	DSA-1542 CVE-2007-5503	Version:	3
Platform(s):	Debian GNU/Linux 4.0	Product(s):	libcairo
Definition Synopsis:
Debian GNU/Linux 4.0 is installed. Architecture section Architecture independent section Installed architecture is all AND libcairo2-doc is earlier than 1.2.4-4.1+etch1 AND libcairo2-dev is earlier than 1.2.4-4.1+etch1 AND libcairo-directfb2-dev is earlier than 1.2.4-4.1+etch1 AND libcairo-directfb2 is earlier than 1.2.4-4.1+etch1 AND libcairo2 is earlier than 1.2.4-4.1+etch1

Definition Id: oval:org.mitre.oval:def:8473

Oval ID:	oval:org.mitre.oval:def:8473
Title:	VMware improper setting of the exception code on page faults vulnerability
Description:	VMware Workstation 6.5.x before 6.5.3 build 185404, VMware Player 2.5.x before 2.5.3 build 185404, VMware ACE 2.5.x before 2.5.3 build 185404, VMware Server 1.x before 1.0.10 build 203137 and 2.x before 2.0.2 build 203138, VMware Fusion 2.x before 2.0.6 build 196839, VMware ESXi 3.5 and 4.0, and VMware ESX 2.5.5, 3.0.3, 3.5, and 4.0, when Virtual-8086 mode is used, do not properly set the exception code upon a page fault (aka #PF) exception, which allows guest OS users to gain privileges on the guest OS by specifying a crafted value for the cs register.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-2267	Version:	4
Platform(s):	VMWare ESX Server 3 VMWare ESX Server 3.5 VMWare ESX Server 4.0	Product(s):
Definition Synopsis:
IF VMWare ESX Server 3.0.3 is installed AND Patch ESX303-200910401-BG is not installed OR VMware ESX Server 3.5.0 is installed AND Patch ESX350-200910401-SG is not installed OR VMware ESX Server 4.0 is installed AND Patch ESX400-200909401-BG is not installed

Definition Id: oval:org.mitre.oval:def:9321

Oval ID:	oval:org.mitre.oval:def:9321
Title:	Integer overflow in FreeType2 before 2.3.6 allows context-dependent attackers to execute arbitrary code via a crafted set of 16-bit length values within the Private dictionary table in a Printer Font Binary (PFB) file, which triggers a heap-based buffer overflow.
Description:	Integer overflow in FreeType2 before 2.3.6 allows context-dependent attackers to execute arbitrary code via a crafted set of 16-bit length values within the Private dictionary table in a Printer Font Binary (PFB) file, which triggers a heap-based buffer overflow.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2008-1806	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section freetype is earlier than 0:2.1.4-10.el3 AND freetype-devel is earlier than 0:2.1.4-10.el3 OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section freetype is earlier than 0:2.1.9-8.el4.6 AND freetype-demos is earlier than 0:2.1.9-8.el4.6 AND freetype-utils is earlier than 0:2.1.9-8.el4.6 AND freetype-devel is earlier than 0:2.1.9-8.el4.6 OR OS Section: RHEL5, CentOS5, Oracle Linux 5 RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section freetype is earlier than 0:2.2.1-20.el5_2 AND freetype-demos is earlier than 0:2.2.1-20.el5_2 AND freetype-devel is earlier than 0:2.2.1-20.el5_2

Definition Id: oval:org.mitre.oval:def:9627

Oval ID:	oval:org.mitre.oval:def:9627
Title:	The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability" or "the Kaminsky bug."
Description:	The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability" or "the Kaminsky bug."
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2008-1447	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section bind-utils is earlier than 20:9.2.4-22.el3 AND bind-devel is earlier than 20:9.2.4-22.el3 AND bind-chroot is earlier than 20:9.2.4-22.el3 AND bind is earlier than 20:9.2.4-22.el3 AND bind-libs is earlier than 20:9.2.4-22.el3 OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section bind-utils is earlier than 20:9.2.4-28.0.1.el4 AND bind-devel is earlier than 20:9.2.4-28.0.1.el4 AND bind-chroot is earlier than 20:9.2.4-28.0.1.el4 AND selinux-policy-targeted is earlier than 0:1.17.30-2.150.el4 AND selinux-policy-targeted-sources is earlier than 0:1.17.30-2.150.el4 AND bind is earlier than 20:9.2.4-28.0.1.el4 AND bind-libs is earlier than 20:9.2.4-28.0.1.el4 OR OS Section: RHEL5, CentOS5, Oracle Linux 5 RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section bind-libbind-devel is earlier than 30:9.3.4-6.0.2.P1.el5_2 AND bind-devel is earlier than 30:9.3.4-6.0.2.P1.el5_2 AND bind-chroot is earlier than 30:9.3.4-6.0.2.P1.el5_2 AND selinux-policy-targeted is earlier than 0:2.4.6-137.1.el5_2 AND dnsmasq is earlier than 0:2.45-1.el5_2.1 AND bind-sdb is earlier than 30:9.3.4-6.0.2.P1.el5_2 AND bind is earlier than 30:9.3.4-6.0.2.P1.el5_2 AND bind-utils is earlier than 30:9.3.4-6.0.2.P1.el5_2 AND selinux-policy-devel is earlier than 0:2.4.6-137.1.el5_2 AND caching-nameserver is earlier than 30:9.3.4-6.0.2.P1.el5_2 AND selinux-policy is earlier than 0:2.4.6-137.1.el5_2 AND bind-libs is earlier than 30:9.3.4-6.0.2.P1.el5_2 AND selinux-policy-strict is earlier than 0:2.4.6-137.1.el5_2 AND selinux-policy-mls is earlier than 0:2.4.6-137.1.el5_2

Definition Id: oval:org.mitre.oval:def:9767

Oval ID:	oval:org.mitre.oval:def:9767
Title:	FreeType2 before 2.3.6 allow context-dependent attackers to execute arbitrary code via an invalid "number of axes" field in a Printer Font Binary (PFB) file, which triggers a free of arbitrary memory locations, leading to memory corruption.
Description:	FreeType2 before 2.3.6 allow context-dependent attackers to execute arbitrary code via an invalid "number of axes" field in a Printer Font Binary (PFB) file, which triggers a free of arbitrary memory locations, leading to memory corruption.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2008-1807	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section freetype is earlier than 0:2.1.4-10.el3 AND freetype-devel is earlier than 0:2.1.4-10.el3 OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section freetype is earlier than 0:2.1.9-8.el4.6 AND freetype-demos is earlier than 0:2.1.9-8.el4.6 AND freetype-utils is earlier than 0:2.1.9-8.el4.6 AND freetype-devel is earlier than 0:2.1.9-8.el4.6 OR OS Section: RHEL5, CentOS5, Oracle Linux 5 RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section freetype is earlier than 0:2.2.1-20.el5_2 AND freetype-demos is earlier than 0:2.2.1-20.el5_2 AND freetype-devel is earlier than 0:2.2.1-20.el5_2

CPE : Common Platform Enumeration

Type	Description	Count
Application	Apple Mac Os X cpe:2.3:a:apple:mac_os_x:10.5.6:::::::* cpe:2.3:a:apple:mac_os_x::::::::	2
Application	Emc Vmware Player cpe:2.3:a:emc:vmware_player::::::::	1
Application	Freetype cpe:2.3:a:freetype:freetype:2.3.5:::::::* cpe:2.3:a:freetype:freetype:2.3.4:::::::* cpe:2.3:a:freetype:freetype:2.3.3:::::::* cpe:2.3:a:freetype:freetype:2.2.10:::::::* cpe:2.3:a:freetype:freetype:2.2.1:::::::* cpe:2.3:a:freetype:freetype:2.2.0:::::::* cpe:2.3:a:freetype:freetype:2.1.9:::::::* cpe:2.3:a:freetype:freetype:2.1.7:::::::* cpe:2.3:a:freetype:freetype:2.1.10:::::::* cpe:2.3:a:freetype:freetype:2.0.9:::::::* cpe:2.3:a:freetype:freetype:2.0.6:::::::* cpe:2.3:a:freetype:freetype:1.3.1:::::::*	12
Application	Isc Bind cpe:2.3:a:isc:bind:9.2.9::::-::: cpe:2.3:a:isc:bind:8::::-::: cpe:2.3:a:isc:bind:4::::-:::	3
Application	Libpng cpe:2.3:a:libpng:libpng:1.2.9:beta10:::::: cpe:2.3:a:libpng:libpng:1.2.9:beta2:::::: cpe:2.3:a:libpng:libpng:1.2.9:rc1:::::: cpe:2.3:a:libpng:libpng:1.2.9:beta3:::::: cpe:2.3:a:libpng:libpng:1.2.9:beta4:::::: cpe:2.3:a:libpng:libpng:1.2.9:beta5:::::: cpe:2.3:a:libpng:libpng:1.2.9:beta6:::::: cpe:2.3:a:libpng:libpng:1.2.9:beta7:::::: cpe:2.3:a:libpng:libpng:1.2.9:beta1:::::: cpe:2.3:a:libpng:libpng:1.2.9:beta8:::::: cpe:2.3:a:libpng:libpng:1.2.9:beta9:::::: cpe:2.3:a:libpng:libpng:1.2.9:::::::* cpe:2.3:a:libpng:libpng:1.2.8:beta4:::::: cpe:2.3:a:libpng:libpng:1.2.8:beta5:::::: cpe:2.3:a:libpng:libpng:1.2.8:rc1:::::: cpe:2.3:a:libpng:libpng:1.2.8:rc2:::::: cpe:2.3:a:libpng:libpng:1.2.8:beta1:::::: cpe:2.3:a:libpng:libpng:1.2.8:rc3:::::: cpe:2.3:a:libpng:libpng:1.2.8:rc4:::::: cpe:2.3:a:libpng:libpng:1.2.8:beta2:::::: cpe:2.3:a:libpng:libpng:1.2.8:beta3:::::: cpe:2.3:a:libpng:libpng:1.2.8:rc5:::::: cpe:2.3:a:libpng:libpng:1.2.8:::::::* cpe:2.3:a:libpng:libpng:1.2.7:beta1:::::: cpe:2.3:a:libpng:libpng:1.2.7:beta2:::::: cpe:2.3:a:libpng:libpng:1.2.7:::::::* cpe:2.3:a:libpng:libpng:1.2.6:rc3:::::: cpe:2.3:a:libpng:libpng:1.2.6:rc4:::::: cpe:2.3:a:libpng:libpng:1.2.6:beta1:::::: cpe:2.3:a:libpng:libpng:1.2.6:rc5:::::: cpe:2.3:a:libpng:libpng:1.2.6:beta2:::::: cpe:2.3:a:libpng:libpng:1.2.6:beta3:::::: cpe:2.3:a:libpng:libpng:1.2.6:beta4:::::: cpe:2.3:a:libpng:libpng:1.2.6:rc1:::::: cpe:2.3:a:libpng:libpng:1.2.6:rc2:::::: cpe:2.3:a:libpng:libpng:1.2.6:::::::* cpe:2.3:a:libpng:libpng:1.2.5:rc1:::::: cpe:2.3:a:libpng:libpng:1.2.5:rc2:::::: cpe:2.3:a:libpng:libpng:1.2.5:rc3:::::: cpe:2.3:a:libpng:libpng:1.2.5:beta1:::::: cpe:2.3:a:libpng:libpng:1.2.5:beta2:::::: cpe:2.3:a:libpng:libpng:1.2.5:::::::* cpe:2.3:a:libpng:libpng:1.2.5:beta3:::::: cpe:2.3:a:libpng:libpng:1.2.4:beta1:::::: cpe:2.3:a:libpng:libpng:1.2.4:beta2:::::: cpe:2.3:a:libpng:libpng:1.2.4:beta3:::::: cpe:2.3:a:libpng:libpng:1.2.4:rc1:::::: cpe:2.3:a:libpng:libpng:1.2.4:::::::* cpe:2.3:a:libpng:libpng:1.2.34:::::::* cpe:2.3:a:libpng:libpng:1.2.33:::::::* cpe:2.3:a:libpng:libpng:1.2.32:::::::* cpe:2.3:a:libpng:libpng:1.2.31:::::::* cpe:2.3:a:libpng:libpng:1.2.30:::::::* cpe:2.3:a:libpng:libpng:1.2.3:rc5:::::: cpe:2.3:a:libpng:libpng:1.2.3:rc6:::::: cpe:2.3:a:libpng:libpng:1.2.3:rc1:::::: cpe:2.3:a:libpng:libpng:1.2.3:rc2:::::: cpe:2.3:a:libpng:libpng:1.2.3:rc3:::::: cpe:2.3:a:libpng:libpng:1.2.3:rc4:::::: cpe:2.3:a:libpng:libpng:1.2.3:::::::* cpe:2.3:a:libpng:libpng:1.2.29:::::::* cpe:2.3:a:libpng:libpng:1.2.28:::::::* cpe:2.3:a:libpng:libpng:1.2.27:::::::* cpe:2.3:a:libpng:libpng:1.2.26:beta04:::::: cpe:2.3:a:libpng:libpng:1.2.26:beta05:::::: cpe:2.3:a:libpng:libpng:1.2.26:beta06:::::: cpe:2.3:a:libpng:libpng:1.2.26:rc01:::::: cpe:2.3:a:libpng:libpng:1.2.26:beta01:::::: cpe:2.3:a:libpng:libpng:1.2.26:beta02:::::: cpe:2.3:a:libpng:libpng:1.2.26:beta03:::::: cpe:2.3:a:libpng:libpng:1.2.26:::::::* cpe:2.3:a:libpng:libpng:1.2.25:beta03:::::: cpe:2.3:a:libpng:libpng:1.2.25:beta04:::::: cpe:2.3:a:libpng:libpng:1.2.25:rc01:::::: cpe:2.3:a:libpng:libpng:1.2.25:rc02:::::: cpe:2.3:a:libpng:libpng:1.2.25:beta05:::::: cpe:2.3:a:libpng:libpng:1.2.25:beta06:::::: cpe:2.3:a:libpng:libpng:1.2.25:beta01:::::: cpe:2.3:a:libpng:libpng:1.2.25:beta02:::::: cpe:2.3:a:libpng:libpng:1.2.25:::::::* cpe:2.3:a:libpng:libpng:1.2.24:beta03:::::: cpe:2.3:a:libpng:libpng:1.2.24:rc01:::::: cpe:2.3:a:libpng:libpng:1.2.24:beta01:::::: cpe:2.3:a:libpng:libpng:1.2.24:beta02:::::: cpe:2.3:a:libpng:libpng:1.2.24:rc01-1.2.23:::::: cpe:2.3:a:libpng:libpng:1.2.24:beta02-1.2.23:::::: cpe:2.3:a:libpng:libpng:1.2.24:::::::* cpe:2.3:a:libpng:libpng:1.2.24:beta03-1.2.23:::::: cpe:2.3:a:libpng:libpng:1.2.24:beta01-1.2.23:::::: cpe:2.3:a:libpng:libpng:1.2.23:beta05:::::: cpe:2.3:a:libpng:libpng:1.2.23:rc01:::::: cpe:2.3:a:libpng:libpng:1.2.23:beta01:::::: cpe:2.3:a:libpng:libpng:1.2.23:beta02:::::: cpe:2.3:a:libpng:libpng:1.2.23:beta03:::::: cpe:2.3:a:libpng:libpng:1.2.23:beta04:::::: cpe:2.3:a:libpng:libpng:1.2.23:beta03-1.2.22:::::: cpe:2.3:a:libpng:libpng:1.2.23:rc01-1.2.22:::::: cpe:2.3:a:libpng:libpng:1.2.23:beta01-1.2.22:::::: cpe:2.3:a:libpng:libpng:1.2.23:beta04-1.2.22:::::: cpe:2.3:a:libpng:libpng:1.2.23:beta02-1.2.22:::::: cpe:2.3:a:libpng:libpng:1.2.23:::::::* cpe:2.3:a:libpng:libpng:1.2.23:beta05-1.2.22:::::: cpe:2.3:a:libpng:libpng:1.2.22:beta3-1.2.21:::::: cpe:2.3:a:libpng:libpng:1.2.22:beta4:::::: cpe:2.3:a:libpng:libpng:1.2.22:beta4-1.2.21:::::: cpe:2.3:a:libpng:libpng:1.2.22:beta1:::::: cpe:2.3:a:libpng:libpng:1.2.22:beta2:::::: cpe:2.3:a:libpng:libpng:1.2.22:rc1:::::: cpe:2.3:a:libpng:libpng:1.2.22:rc1-1.2.21:::::: cpe:2.3:a:libpng:libpng:1.2.22:beta2-1.2.21:::::: cpe:2.3:a:libpng:libpng:1.2.22:beta3:::::: cpe:2.3:a:libpng:libpng:1.2.22:::::::* cpe:2.3:a:libpng:libpng:1.2.21:rc3:::::: cpe:2.3:a:libpng:libpng:1.2.21:beta1:::::: cpe:2.3:a:libpng:libpng:1.2.21:rc2:::::: cpe:2.3:a:libpng:libpng:1.2.21:::::::* cpe:2.3:a:libpng:libpng:1.2.21:beta2:::::: cpe:2.3:a:libpng:libpng:1.2.21:rc1:::::: cpe:2.3:a:libpng:libpng:1.2.20:beta01:::::: cpe:2.3:a:libpng:libpng:1.2.20:rc4:::::: cpe:2.3:a:libpng:libpng:1.2.20:rc5:::::: cpe:2.3:a:libpng:libpng:1.2.20:beta04:::::: cpe:2.3:a:libpng:libpng:1.2.20:rc1:::::: cpe:2.3:a:libpng:libpng:1.2.20:beta02:::::: cpe:2.3:a:libpng:libpng:1.2.20:beta03:::::: cpe:2.3:a:libpng:libpng:1.2.20:rc6:::::: cpe:2.3:a:libpng:libpng:1.2.20:rc2:::::: cpe:2.3:a:libpng:libpng:1.2.20:rc3:::::: cpe:2.3:a:libpng:libpng:1.2.20:::::::* cpe:2.3:a:libpng:libpng:1.2.2:rc1:::::: cpe:2.3:a:libpng:libpng:1.2.2:beta3:::::: cpe:2.3:a:libpng:libpng:1.2.2:beta4:::::: cpe:2.3:a:libpng:libpng:1.2.2:beta1:::::: cpe:2.3:a:libpng:libpng:1.2.2:beta2:::::: cpe:2.3:a:libpng:libpng:1.2.2:beta5:::::: cpe:2.3:a:libpng:libpng:1.2.2:beta6:::::: cpe:2.3:a:libpng:libpng:1.2.2:::::::* cpe:2.3:a:libpng:libpng:1.2.19:beta10:::::: cpe:2.3:a:libpng:libpng:1.2.19:beta11:::::: cpe:2.3:a:libpng:libpng:1.2.19:beta18:::::: cpe:2.3:a:libpng:libpng:1.2.19:beta19:::::: cpe:2.3:a:libpng:libpng:1.2.19:beta26:::::: cpe:2.3:a:libpng:libpng:1.2.19:beta27:::::: cpe:2.3:a:libpng:libpng:1.2.19:beta5:::::: cpe:2.3:a:libpng:libpng:1.2.19:beta6:::::: cpe:2.3:a:libpng:libpng:1.2.19:rc4:::::: cpe:2.3:a:libpng:libpng:1.2.19:rc5:::::: cpe:2.3:a:libpng:libpng:1.2.19:rc6:::::: cpe:2.3:a:libpng:libpng:1.2.19:beta14:::::: cpe:2.3:a:libpng:libpng:1.2.19:beta15:::::: cpe:2.3:a:libpng:libpng:1.2.19:beta22:::::: cpe:2.3:a:libpng:libpng:1.2.19:beta23:::::: cpe:2.3:a:libpng:libpng:1.2.19:beta3:::::: cpe:2.3:a:libpng:libpng:1.2.19:beta30:::::: cpe:2.3:a:libpng:libpng:1.2.19:beta9:::::: cpe:2.3:a:libpng:libpng:1.2.19:rc1:::::: cpe:2.3:a:libpng:libpng:1.2.19:beta12:::::: cpe:2.3:a:libpng:libpng:1.2.19:beta13:::::: cpe:2.3:a:libpng:libpng:1.2.19:beta2:::::: cpe:2.3:a:libpng:libpng:1.2.19:beta20:::::: cpe:2.3:a:libpng:libpng:1.2.19:beta21:::::: cpe:2.3:a:libpng:libpng:1.2.19:beta28:::::: cpe:2.3:a:libpng:libpng:1.2.19:beta29:::::: cpe:2.3:a:libpng:libpng:1.2.19:beta7:::::: cpe:2.3:a:libpng:libpng:1.2.19:beta8:::::: cpe:2.3:a:libpng:libpng:1.2.19:beta1:::::: cpe:2.3:a:libpng:libpng:1.2.19:beta16:::::: cpe:2.3:a:libpng:libpng:1.2.19:beta17:::::: cpe:2.3:a:libpng:libpng:1.2.19:beta24:::::: cpe:2.3:a:libpng:libpng:1.2.19:beta25:::::: cpe:2.3:a:libpng:libpng:1.2.19:beta31:::::: cpe:2.3:a:libpng:libpng:1.2.19:beta4:::::: cpe:2.3:a:libpng:libpng:1.2.19:rc2:::::: cpe:2.3:a:libpng:libpng:1.2.19:rc3:::::: cpe:2.3:a:libpng:libpng:1.2.19:beta32:::::: cpe:2.3:a:libpng:libpng:1.2.19:::::::* cpe:2.3:a:libpng:libpng:1.2.19:beta33:::::: cpe:2.3:a:libpng:libpng:1.2.18:::::::* cpe:2.3:a:libpng:libpng:1.2.17:beta1:::::: cpe:2.3:a:libpng:libpng:1.2.17:rc2:::::: cpe:2.3:a:libpng:libpng:1.2.17:rc3:::::: cpe:2.3:a:libpng:libpng:1.2.17:beta2:::::: cpe:2.3:a:libpng:libpng:1.2.17:rc1:::::: cpe:2.3:a:libpng:libpng:1.2.17:rc4:::::: cpe:2.3:a:libpng:libpng:1.2.17:::::::* cpe:2.3:a:libpng:libpng:1.2.16:rc1:::::: cpe:2.3:a:libpng:libpng:1.2.16:beta1:::::: cpe:2.3:a:libpng:libpng:1.2.16:beta2:::::: cpe:2.3:a:libpng:libpng:1.2.16:::::::* cpe:2.3:a:libpng:libpng:1.2.15:::::::* cpe:2.3:a:libpng:libpng:1.2.15:beta1:::::: cpe:2.3:a:libpng:libpng:1.2.15:beta5:::::: cpe:2.3:a:libpng:libpng:1.2.15:beta6:::::: cpe:2.3:a:libpng:libpng:1.2.15:beta2:::::: cpe:2.3:a:libpng:libpng:1.2.15:rc3:::::: cpe:2.3:a:libpng:libpng:1.2.15:rc4:::::: cpe:2.3:a:libpng:libpng:1.2.15:rc5:::::: cpe:2.3:a:libpng:libpng:1.2.15:rc1:::::: cpe:2.3:a:libpng:libpng:1.2.15:rc2:::::: cpe:2.3:a:libpng:libpng:1.2.15:beta3:::::: cpe:2.3:a:libpng:libpng:1.2.15:beta4:::::: cpe:2.3:a:libpng:libpng:1.2.14:beta1:::::: cpe:2.3:a:libpng:libpng:1.2.14:::::::* cpe:2.3:a:libpng:libpng:1.2.14:beta2:::::: cpe:2.3:a:libpng:libpng:1.2.14:rc1:::::: cpe:2.3:a:libpng:libpng:1.2.13:rc2:::::: cpe:2.3:a:libpng:libpng:1.2.13:rc1:::::: cpe:2.3:a:libpng:libpng:1.2.13:::::::* cpe:2.3:a:libpng:libpng:1.2.13:beta1:::::: cpe:2.3:a:libpng:libpng:1.2.12:::::::* cpe:2.3:a:libpng:libpng:1.2.11:beta2:::::: cpe:2.3:a:libpng:libpng:1.2.11:rc1:::::: cpe:2.3:a:libpng:libpng:1.2.11:beta3:::::: cpe:2.3:a:libpng:libpng:1.2.11:rc2:::::: cpe:2.3:a:libpng:libpng:1.2.11:rc3:::::: cpe:2.3:a:libpng:libpng:1.2.11:rc5:::::: cpe:2.3:a:libpng:libpng:1.2.11:::::::* cpe:2.3:a:libpng:libpng:1.2.11:beta1:::::: cpe:2.3:a:libpng:libpng:1.2.11:beta4:::::: cpe:2.3:a:libpng:libpng:1.2.10:beta4:::::: cpe:2.3:a:libpng:libpng:1.2.10:rc3:::::: cpe:2.3:a:libpng:libpng:1.2.10:beta7:::::: cpe:2.3:a:libpng:libpng:1.2.10:beta5:::::: cpe:2.3:a:libpng:libpng:1.2.10:beta3:::::: cpe:2.3:a:libpng:libpng:1.2.10:beta2:::::: cpe:2.3:a:libpng:libpng:1.2.10:beta1:::::: cpe:2.3:a:libpng:libpng:1.2.10:beta6:::::: cpe:2.3:a:libpng:libpng:1.2.10:::::::* cpe:2.3:a:libpng:libpng:1.2.10:rc1:::::: cpe:2.3:a:libpng:libpng:1.2.10:rc2:::::: cpe:2.3:a:libpng:libpng:1.2.1:beta1:::::: cpe:2.3:a:libpng:libpng:1.2.1:rc1:::::: cpe:2.3:a:libpng:libpng:1.2.1:rc2:::::: cpe:2.3:a:libpng:libpng:1.2.1:::::::* cpe:2.3:a:libpng:libpng:1.2.1:beta4:::::: cpe:2.3:a:libpng:libpng:1.2.1:beta3:::::: cpe:2.3:a:libpng:libpng:1.2.1:beta2:::::: cpe:2.3:a:libpng:libpng:1.2.0:beta4:::::: cpe:2.3:a:libpng:libpng:1.2.0:beta2:::::: cpe:2.3:a:libpng:libpng:1.2.0:beta5:::::: cpe:2.3:a:libpng:libpng:1.2.0:beta3:::::: cpe:2.3:a:libpng:libpng:1.2.0:rc1:::::: cpe:2.3:a:libpng:libpng:1.2.0:::::::* cpe:2.3:a:libpng:libpng:1.2.0:beta1:::::: cpe:2.3:a:libpng:libpng:1.1.1:::::::* cpe:2.3:a:libpng:libpng:1.00:::::::* cpe:2.3:a:libpng:libpng:1.0.9:beta2:::::: cpe:2.3:a:libpng:libpng:1.0.9:beta7:::::: cpe:2.3:a:libpng:libpng:1.0.9:beta5:::::: cpe:2.3:a:libpng:libpng:1.0.9:::::::* cpe:2.3:a:libpng:libpng:1.0.9:rc1:::::: cpe:2.3:a:libpng:libpng:1.0.9:beta4:::::: cpe:2.3:a:libpng:libpng:1.0.9:beta10:::::: cpe:2.3:a:libpng:libpng:1.0.9:beta8:::::: cpe:2.3:a:libpng:libpng:1.0.9:beta9:::::: cpe:2.3:a:libpng:libpng:1.0.9:beta3:::::: cpe:2.3:a:libpng:libpng:1.0.9:rc2:::::: cpe:2.3:a:libpng:libpng:1.0.9:beta1:::::: cpe:2.3:a:libpng:libpng:1.0.9:beta6:::::: cpe:2.3:a:libpng:libpng:1.0.8:beta2:::::: cpe:2.3:a:libpng:libpng:1.0.8:rc1:::::: cpe:2.3:a:libpng:libpng:1.0.8:beta3:::::: cpe:2.3:a:libpng:libpng:1.0.8:beta1:::::: cpe:2.3:a:libpng:libpng:1.0.8:beta4:::::: cpe:2.3:a:libpng:libpng:1.0.8:::::::* cpe:2.3:a:libpng:libpng:1.0.7:beta12:::::: cpe:2.3:a:libpng:libpng:1.0.7:beta14:::::: cpe:2.3:a:libpng:libpng:1.0.7:rc1:::::: cpe:2.3:a:libpng:libpng:1.0.7:beta11:::::: cpe:2.3:a:libpng:libpng:1.0.7:::::::* cpe:2.3:a:libpng:libpng:1.0.7:rc2:::::: cpe:2.3:a:libpng:libpng:1.0.7:beta13:::::: cpe:2.3:a:libpng:libpng:1.0.7:beta16:::::: cpe:2.3:a:libpng:libpng:1.0.7:beta15:::::: cpe:2.3:a:libpng:libpng:1.0.7:beta18:::::: cpe:2.3:a:libpng:libpng:1.0.7:beta17:::::: cpe:2.3:a:libpng:libpng:1.0.6j:::::::* cpe:2.3:a:libpng:libpng:1.0.6i:::::::* cpe:2.3:a:libpng:libpng:1.0.6h:::::::* cpe:2.3:a:libpng:libpng:1.0.6g:::::::* cpe:2.3:a:libpng:libpng:1.0.6f:::::::* cpe:2.3:a:libpng:libpng:1.0.6e:::::::* cpe:2.3:a:libpng:libpng:1.0.6d:::::::* cpe:2.3:a:libpng:libpng:1.0.66:::::::* cpe:2.3:a:libpng:libpng:1.0.65:::::::* cpe:2.3:a:libpng:libpng:1.0.64:::::::* cpe:2.3:a:libpng:libpng:1.0.63:::::::* cpe:2.3:a:libpng:libpng:1.0.62:::::::* cpe:2.3:a:libpng:libpng:1.0.61:::::::* cpe:2.3:a:libpng:libpng:1.0.60:::::::* cpe:2.3:a:libpng:libpng:1.0.6:g:::::: cpe:2.3:a:libpng:libpng:1.0.6:h:::::: cpe:2.3:a:libpng:libpng:1.0.6:i:::::: cpe:2.3:a:libpng:libpng:1.0.6:::::::* cpe:2.3:a:libpng:libpng:1.0.6:j:::::: cpe:2.3:a:libpng:libpng:1.0.6:a:::::: cpe:2.3:a:libpng:libpng:1.0.6:d:::::: cpe:2.3:a:libpng:libpng:1.0.6:e:::::: cpe:2.3:a:libpng:libpng:1.0.6:f:::::: cpe:2.3:a:libpng:libpng:1.0.5v:::::::* cpe:2.3:a:libpng:libpng:1.0.5u:::::::* cpe:2.3:a:libpng:libpng:1.0.5t:::::::* cpe:2.3:a:libpng:libpng:1.0.5s:::::::* cpe:2.3:a:libpng:libpng:1.0.5r:::::::* cpe:2.3:a:libpng:libpng:1.0.5q:::::::* cpe:2.3:a:libpng:libpng:1.0.5p:::::::* cpe:2.3:a:libpng:libpng:1.0.5o:::::::* cpe:2.3:a:libpng:libpng:1.0.5n:::::::* cpe:2.3:a:libpng:libpng:1.0.5m:::::::* cpe:2.3:a:libpng:libpng:1.0.5l:::::::* cpe:2.3:a:libpng:libpng:1.0.5k:::::::* cpe:2.3:a:libpng:libpng:1.0.5j:::::::* cpe:2.3:a:libpng:libpng:1.0.5i:::::::* cpe:2.3:a:libpng:libpng:1.0.5h:::::::* cpe:2.3:a:libpng:libpng:1.0.5g:::::::* cpe:2.3:a:libpng:libpng:1.0.5f:::::::* cpe:2.3:a:libpng:libpng:1.0.5e:::::::* cpe:2.3:a:libpng:libpng:1.0.5d:::::::* cpe:2.3:a:libpng:libpng:1.0.5c:::::::* cpe:2.3:a:libpng:libpng:1.0.5b:::::::* cpe:2.3:a:libpng:libpng:1.0.5a:::::::* cpe:2.3:a:libpng:libpng:1.0.59:::::::* cpe:2.3:a:libpng:libpng:1.0.58:::::::* cpe:2.3:a:libpng:libpng:1.0.57:rc01:::::: cpe:2.3:a:libpng:libpng:1.0.57:::::::* cpe:2.3:a:libpng:libpng:1.0.56:::::::* cpe:2.3:a:libpng:libpng:1.0.56:devel:::::: cpe:2.3:a:libpng:libpng:1.0.55:::::::* cpe:2.3:a:libpng:libpng:1.0.55:rc01:::::: cpe:2.3:a:libpng:libpng:1.0.54:::::::* cpe:2.3:a:libpng:libpng:1.0.53:::::::* cpe:2.3:a:libpng:libpng:1.0.52:::::::* cpe:2.3:a:libpng:libpng:1.0.51:::::::* cpe:2.3:a:libpng:libpng:1.0.50:::::::* cpe:2.3:a:libpng:libpng:1.0.5:::::::* cpe:2.3:a:libpng:libpng:1.0.4f:::::::* cpe:2.3:a:libpng:libpng:1.0.4e:::::::* cpe:2.3:a:libpng:libpng:1.0.4d:::::::* cpe:2.3:a:libpng:libpng:1.0.4c:::::::* cpe:2.3:a:libpng:libpng:1.0.4b:::::::* cpe:2.3:a:libpng:libpng:1.0.4a:::::::* cpe:2.3:a:libpng:libpng:1.0.48:::::::* cpe:2.3:a:libpng:libpng:1.0.47:::::::* cpe:2.3:a:libpng:libpng:1.0.46:::::::* cpe:2.3:a:libpng:libpng:1.0.45:::::::* cpe:2.3:a:libpng:libpng:1.0.44:::::::* cpe:2.3:a:libpng:libpng:1.0.43:::::::* cpe:2.3:a:libpng:libpng:1.0.42:::::::* cpe:2.3:a:libpng:libpng:1.0.41:::::::* cpe:2.3:a:libpng:libpng:1.0.40:::::::* cpe:2.3:a:libpng:libpng:1.0.4:::::::* cpe:2.3:a:libpng:libpng:1.0.3d:::::::* cpe:2.3:a:libpng:libpng:1.0.3b:::::::* cpe:2.3:a:libpng:libpng:1.0.3a:::::::* cpe:2.3:a:libpng:libpng:1.0.39:::::::* cpe:2.3:a:libpng:libpng:1.0.38:::::::* cpe:2.3:a:libpng:libpng:1.0.37:::::::* cpe:2.3:a:libpng:libpng:1.0.35:::::::* cpe:2.3:a:libpng:libpng:1.0.34:::::::* cpe:2.3:a:libpng:libpng:1.0.33:::::::* cpe:2.3:a:libpng:libpng:1.0.32:::::::* cpe:2.3:a:libpng:libpng:1.0.31:rc01:::::: cpe:2.3:a:libpng:libpng:1.0.31:::::::* cpe:2.3:a:libpng:libpng:1.0.30:::::::* cpe:2.3:a:libpng:libpng:1.0.30:rc1:::::: cpe:2.3:a:libpng:libpng:1.0.3:::::::* cpe:2.3:a:libpng:libpng:1.0.2a:::::::* cpe:2.3:a:libpng:libpng:1.0.29:rc1:::::: cpe:2.3:a:libpng:libpng:1.0.29:rc3:::::: cpe:2.3:a:libpng:libpng:1.0.29:::::::* cpe:2.3:a:libpng:libpng:1.0.29:rc2:::::: cpe:2.3:a:libpng:libpng:1.0.29:beta1:::::: cpe:2.3:a:libpng:libpng:1.0.28:rc3:::::: cpe:2.3:a:libpng:libpng:1.0.28:rc4:::::: cpe:2.3:a:libpng:libpng:1.0.28:rc5:::::: cpe:2.3:a:libpng:libpng:1.0.28:rc6:::::: cpe:2.3:a:libpng:libpng:1.0.28:rc2:::::: cpe:2.3:a:libpng:libpng:1.0.28:::::::* cpe:2.3:a:libpng:libpng:1.0.27:rc5:::::: cpe:2.3:a:libpng:libpng:1.0.27:rc3:::::: cpe:2.3:a:libpng:libpng:1.0.27:rc4:::::: cpe:2.3:a:libpng:libpng:1.0.27:rc2:::::: cpe:2.3:a:libpng:libpng:1.0.27:::::::* cpe:2.3:a:libpng:libpng:1.0.27:rc1:::::: cpe:2.3:a:libpng:libpng:1.0.27:rc6:::::: cpe:2.3:a:libpng:libpng:1.0.26:::::::* cpe:2.3:a:libpng:libpng:1.0.25:rc2:::::: cpe:2.3:a:libpng:libpng:1.0.25:rc1:::::: cpe:2.3:a:libpng:libpng:1.0.25:::::::* cpe:2.3:a:libpng:libpng:1.0.24:rc1:::::: cpe:2.3:a:libpng:libpng:1.0.24:::::::* cpe:2.3:a:libpng:libpng:1.0.23:rc5:::::: cpe:2.3:a:libpng:libpng:1.0.23:::::::* cpe:2.3:a:libpng:libpng:1.0.23:rc4:::::: cpe:2.3:a:libpng:libpng:1.0.23:rc3:::::: cpe:2.3:a:libpng:libpng:1.0.23:rc2:::::: cpe:2.3:a:libpng:libpng:1.0.23:rc1:::::: cpe:2.3:a:libpng:libpng:1.0.22:::::::* cpe:2.3:a:libpng:libpng:1.0.22:rc1:::::: cpe:2.3:a:libpng:libpng:1.0.21:rc2:::::: cpe:2.3:a:libpng:libpng:1.0.21:::::::* cpe:2.3:a:libpng:libpng:1.0.21:rc1:::::: cpe:2.3:a:libpng:libpng:1.0.20:::::::* cpe:2.3:a:libpng:libpng:1.0.2:::::::* cpe:2.3:a:libpng:libpng:1.0.1e:::::::* cpe:2.3:a:libpng:libpng:1.0.1d:::::::* cpe:2.3:a:libpng:libpng:1.0.1c:::::::* cpe:2.3:a:libpng:libpng:1.0.1b:::::::* cpe:2.3:a:libpng:libpng:1.0.1a:::::::* cpe:2.3:a:libpng:libpng:1.0.19:::::::* cpe:2.3:a:libpng:libpng:1.0.19:rc1:::::: cpe:2.3:a:libpng:libpng:1.0.19:rc5:::::: cpe:2.3:a:libpng:libpng:1.0.19:rc2:::::: cpe:2.3:a:libpng:libpng:1.0.19:rc3:::::: cpe:2.3:a:libpng:libpng:1.0.18:::::::* cpe:2.3:a:libpng:libpng:1.0.17:rc1:::::: cpe:2.3:a:libpng:libpng:1.0.17:::::::* cpe:2.3:a:libpng:libpng:1.0.16:::::::* cpe:2.3:a:libpng:libpng:1.0.15:rc1:::::: cpe:2.3:a:libpng:libpng:1.0.15:rc2:::::: cpe:2.3:a:libpng:libpng:1.0.15:rc3:::::: cpe:2.3:a:libpng:libpng:1.0.15:::::::* cpe:2.3:a:libpng:libpng:1.0.14:::::::* cpe:2.3:a:libpng:libpng:1.0.13:::::::* cpe:2.3:a:libpng:libpng:1.0.12:rc1:::::: cpe:2.3:a:libpng:libpng:1.0.12:beta1:::::: cpe:2.3:a:libpng:libpng:1.0.12:::::::* cpe:2.3:a:libpng:libpng:1.0.11:beta1:::::: cpe:2.3:a:libpng:libpng:1.0.11:beta3:::::: cpe:2.3:a:libpng:libpng:1.0.11:rc1:::::: cpe:2.3:a:libpng:libpng:1.0.11:beta2:::::: cpe:2.3:a:libpng:libpng:1.0.11:::::::* cpe:2.3:a:libpng:libpng:1.0.10:beta1:::::: cpe:2.3:a:libpng:libpng:1.0.10:rc1:::::: cpe:2.3:a:libpng:libpng:1.0.10:::::::* cpe:2.3:a:libpng:libpng:1.0.1:::::::* cpe:2.3:a:libpng:libpng:1.0.0b:::::::* cpe:2.3:a:libpng:libpng:1.0.0a:::::::* cpe:2.3:a:libpng:libpng:1.0.0:::::::* cpe:2.3:a:libpng:libpng:0.99h:::::::* cpe:2.3:a:libpng:libpng:0.99g:::::::* cpe:2.3:a:libpng:libpng:0.99f:::::::* cpe:2.3:a:libpng:libpng:0.99e:::::::* cpe:2.3:a:libpng:libpng:0.99d:::::::* cpe:2.3:a:libpng:libpng:0.99c:::::::* cpe:2.3:a:libpng:libpng:0.99b:::::::* cpe:2.3:a:libpng:libpng:0.99a:::::::* cpe:2.3:a:libpng:libpng:0.99:::::::* cpe:2.3:a:libpng:libpng:0.98:::::::* cpe:2.3:a:libpng:libpng:0.97:::::::* cpe:2.3:a:libpng:libpng:0.96:::::::* cpe:2.3:a:libpng:libpng:0.95:::::::* cpe:2.3:a:libpng:libpng:0.90:::::::* cpe:2.3:a:libpng:libpng:0.89c:::::::* cpe:2.3:a:libpng:libpng:0.89:::::::* cpe:2.3:a:libpng:libpng:0.88:::::::* cpe:2.3:a:libpng:libpng:0.87:::::::* cpe:2.3:a:libpng:libpng:0.86:::::::* cpe:2.3:a:libpng:libpng:0.85:::::::* cpe:2.3:a:libpng:libpng:0.82:::::::* cpe:2.3:a:libpng:libpng:0.81:::::::* cpe:2.3:a:libpng:libpng:0.8:::::::* cpe:2.3:a:libpng:libpng:0.71:::::::* cpe:2.3:a:libpng:libpng:beta1:::::::* cpe:2.3:a:libpng:libpng::::::::	465
Application	Vmware Ace cpe:2.3:a:vmware:ace:2.6.1:::::::* cpe:2.3:a:vmware:ace:2.6:::::::* cpe:2.3:a:vmware:ace:2.5.4:::::::* cpe:2.3:a:vmware:ace:2.5.3:::::::* cpe:2.3:a:vmware:ace:2.5.2:::::::* cpe:2.3:a:vmware:ace:2.5.1:::::::* cpe:2.3:a:vmware:ace:2.5.0:::::::* cpe:2.3:a:vmware:ace:2.0.5:::::::* cpe:2.3:a:vmware:ace:2.0.4:::::::* cpe:2.3:a:vmware:ace:2.0.3:::::::* cpe:2.3:a:vmware:ace:2.0.2:::::::* cpe:2.3:a:vmware:ace:2.0.1_build_55017:::::::* cpe:2.3:a:vmware:ace:2.0.1:::::::* cpe:2.3:a:vmware:ace:2.0:::::::* cpe:2.3:a:vmware:ace:1.0.7:::::::* cpe:2.3:a:vmware:ace:1.0.6:::::::* cpe:2.3:a:vmware:ace:1.0.5:::::::* cpe:2.3:a:vmware:ace:1.0.4:::::::* cpe:2.3:a:vmware:ace:1.0.3_build_54075:::::::* cpe:2.3:a:vmware:ace:1.0.3:::::::* cpe:2.3:a:vmware:ace:1.0.2:::::::* cpe:2.3:a:vmware:ace:1.0.1:::::::* cpe:2.3:a:vmware:ace:1.0.0:::::::* cpe:2.3:a:vmware:ace:1.0:::::::* cpe:2.3:a:vmware:ace::::::::	25
Application	Vmware Ace 2 cpe:2.3:a:vmware:ace_2:2.01:::::::* cpe:2.3:a:vmware:ace_2:2.0:::::::*	2
Application	Vmware Ams cpe:2.3:a:vmware:ams::::::::	1
Application	Vmware Esx cpe:2.3:a:vmware:esx:4.0:::::::* cpe:2.3:a:vmware:esx:3.5:::::::* cpe:2.3:a:vmware:esx:3.0.3:::::::* cpe:2.3:a:vmware:esx:3.0.2:::::::* cpe:2.3:a:vmware:esx:3.0.1:::::::* cpe:2.3:a:vmware:esx:2.5.5:::::::*	6
Application	Vmware Esx Server cpe:2.3:a:vmware:esx_server:3.5:::::::* cpe:2.3:a:vmware:esx_server:3.3:::::::* cpe:2.3:a:vmware:esx_server:3.2:::::::* cpe:2.3:a:vmware:esx_server:3.1:::::::* cpe:2.3:a:vmware:esx_server:3.0.3:::::::* cpe:2.3:a:vmware:esx_server:3.0:::::::* cpe:2.3:a:vmware:esx_server:2.5.5:::::::*	7
Application	Vmware Esxi cpe:2.3:a:vmware:esxi:4.0:::::::* cpe:2.3:a:vmware:esxi:3.5:::::::*	2
Application	Vmware Fusion cpe:2.3:a:vmware:fusion:3.1.2:::::::* cpe:2.3:a:vmware:fusion:3.1.1:::::::* cpe:2.3:a:vmware:fusion:3.1:::::::* cpe:2.3:a:vmware:fusion:3.0:::::::* cpe:2.3:a:vmware:fusion:2.0.6:::::::* cpe:2.3:a:vmware:fusion:2.0.5:::::::* cpe:2.3:a:vmware:fusion:2.0.4:::::::* cpe:2.3:a:vmware:fusion:2.0.3:::::::* cpe:2.3:a:vmware:fusion:2.0.2:::::::* cpe:2.3:a:vmware:fusion:2.0.1:::::::* cpe:2.3:a:vmware:fusion:2.0:::::::* cpe:2.3:a:vmware:fusion:1.1.3:::::::* cpe:2.3:a:vmware:fusion:1.1.2:::::::* cpe:2.3:a:vmware:fusion:1.1.1:::::::* cpe:2.3:a:vmware:fusion:1.1:::::::* cpe:2.3:a:vmware:fusion:1.0:::::::* cpe:2.3:a:vmware:fusion:::~~~mac_os_x~~:::::* cpe:2.3:a:vmware:fusion:::::::: cpe:2.3:a:vmware:fusion::::::mac_os_x::* cpe:2.3:a:vmware:fusion:-:::::::*	20
Application	Vmware Player cpe:2.3:a:vmware:player:3.1.4:::::::* cpe:2.3:a:vmware:player:3.1.3:::::::* cpe:2.3:a:vmware:player:3.1.2:::::::* cpe:2.3:a:vmware:player:3.1.1:::::::* cpe:2.3:a:vmware:player:3.1:::::::* cpe:2.3:a:vmware:player:3.0.1:::::::* cpe:2.3:a:vmware:player:3.0:::::::* cpe:2.3:a:vmware:player:2.5.4:::::::* cpe:2.3:a:vmware:player:2.5.3:::::::* cpe:2.3:a:vmware:player:2.5.2_build_156735:::::::* cpe:2.3:a:vmware:player:2.5.2:::::::* cpe:2.3:a:vmware:player:2.5.1:::::::* cpe:2.3:a:vmware:player:2.5:::::::* cpe:2.3:a:vmware:player:2.0.5:::::::* cpe:2.3:a:vmware:player:2.0.4:::::::* cpe:2.3:a:vmware:player:2.0.3:::::::* cpe:2.3:a:vmware:player:2.0.2:::::::* cpe:2.3:a:vmware:player:2.0.1:::::::* cpe:2.3:a:vmware:player:2.0:::::::* cpe:2.3:a:vmware:player:1.0.8:::::::* cpe:2.3:a:vmware:player:1.0.7:::::::* cpe:2.3:a:vmware:player:1.0.6:::::::* cpe:2.3:a:vmware:player:1.0.5:::::::* cpe:2.3:a:vmware:player:1.0.4:::::::* cpe:2.3:a:vmware:player:1.0.3:::::::* cpe:2.3:a:vmware:player:1.0.2:::::::* cpe:2.3:a:vmware:player:1.0.1:::::::* cpe:2.3:a:vmware:player:1.0.0:::::::* cpe:2.3:a:vmware:player::::::::	29
Application	Vmware Server cpe:2.3:a:vmware:server:2.0.2:::::::* cpe:2.3:a:vmware:server:2.0.1:::::::* cpe:2.3:a:vmware:server:2.0.0:::::::* cpe:2.3:a:vmware:server:2.0:::::::* cpe:2.3:a:vmware:server:2.0:rc2:::::: cpe:2.3:a:vmware:server:1.0.9:::::::* cpe:2.3:a:vmware:server:1.0.8:::::::* cpe:2.3:a:vmware:server:1.0.7:::::::* cpe:2.3:a:vmware:server:1.0.6:::::::* cpe:2.3:a:vmware:server:1.0.5:::::::* cpe:2.3:a:vmware:server:1.0.4_build_56528:::::::* cpe:2.3:a:vmware:server:1.0.4:::::::* cpe:2.3:a:vmware:server:1.0.3:::::::* cpe:2.3:a:vmware:server:1.0.2:::::::* cpe:2.3:a:vmware:server:1.0.1_build_29996:::::::* cpe:2.3:a:vmware:server:1.0.1:::::::* cpe:2.3:a:vmware:server:1.0:::::::* cpe:2.3:a:vmware:server:::::::: cpe:2.3:a:vmware:server:-:::::::*	19
Application	Vmware View Manager cpe:2.3:a:vmware:view_manager:3.1.3:::::::* cpe:2.3:a:vmware:view_manager:3.1.2:::::::* cpe:2.3:a:vmware:view_manager:3.1.1:::::::*	3
Application	Vmware Virtualcenter cpe:2.3:a:vmware:virtualcenter:2.5:::::::* cpe:2.3:a:vmware:virtualcenter:2.0.2:::::::*	2
Application	Vmware Vix Api cpe:2.3:a:vmware:vix_api:1.6.1:::::::* cpe:2.3:a:vmware:vix_api:1.6.0:::::::*	2
Application	Vmware Vmware Ace cpe:2.3:a:vmware:vmware_ace:2.5.1:::::::* cpe:2.3:a:vmware:vmware_ace:2.5:::::::* cpe:2.3:a:vmware:vmware_ace:2.0.5:::::::* cpe:2.3:a:vmware:vmware_ace:2.0.3:::::::* cpe:2.3:a:vmware:vmware_ace:2.0.2:::::::* cpe:2.3:a:vmware:vmware_ace:2.0.1:::::::* cpe:2.3:a:vmware:vmware_ace:1.0.8:::::::* cpe:2.3:a:vmware:vmware_ace:1.0.7:::::::* cpe:2.3:a:vmware:vmware_ace:1.0.5:::::::* cpe:2.3:a:vmware:vmware_ace:1.0.4:::::::* cpe:2.3:a:vmware:vmware_ace:1.0.3:::::::* cpe:2.3:a:vmware:vmware_ace:1.0.2:::::::* cpe:2.3:a:vmware:vmware_ace:1.0:::::::*	13
Application	Vmware Vmware Esx cpe:2.3:a:vmware:vmware_esx:3.5:::::::* cpe:2.3:a:vmware:vmware_esx:3.0.3:::::::* cpe:2.3:a:vmware:vmware_esx:3.0.2:::::::*	3
Application	Vmware Vmware Esxi cpe:2.3:a:vmware:vmware_esxi:3.5:::::::*	1
Application	Vmware Vmware Player cpe:2.3:a:vmware:vmware_player:2.5.1:::::::* cpe:2.3:a:vmware:vmware_player:2.5:::::::* cpe:2.3:a:vmware:vmware_player:2.0.5:::::::* cpe:2.3:a:vmware:vmware_player:2.0.4:::::::* cpe:2.3:a:vmware:vmware_player:2.0.3:::::::* cpe:2.3:a:vmware:vmware_player:2.0.2:::::::* cpe:2.3:a:vmware:vmware_player:2.0.1:::::::* cpe:2.3:a:vmware:vmware_player:2.0:::::::* cpe:2.3:a:vmware:vmware_player:1.05:::::::* cpe:2.3:a:vmware:vmware_player:1.01:::::::* cpe:2.3:a:vmware:vmware_player:1.0.9:::::::* cpe:2.3:a:vmware:vmware_player:1.0.8:::::::* cpe:2.3:a:vmware:vmware_player:1.0.7:::::::* cpe:2.3:a:vmware:vmware_player:1.0.6:::::::* cpe:2.3:a:vmware:vmware_player:1.0.5:::::::* cpe:2.3:a:vmware:vmware_player:1.0.4:::::::* cpe:2.3:a:vmware:vmware_player:1.0.3:::::::* cpe:2.3:a:vmware:vmware_player:1.0.2:::::::* cpe:2.3:a:vmware:vmware_player:1.0.1:::::::* cpe:2.3:a:vmware:vmware_player:1.0.0:::::::*	20
Application	Vmware Vmware Player 2 cpe:2.3:a:vmware:vmware_player_2:2.03:::::::* cpe:2.3:a:vmware:vmware_player_2:2.02:::::::* cpe:2.3:a:vmware:vmware_player_2:2.01:::::::* cpe:2.3:a:vmware:vmware_player_2:2.0:::::::*	4
Application	Vmware Vmware Server cpe:2.3:a:vmware:vmware_server:2.0:::::::* cpe:2.3:a:vmware:vmware_server:1.05:::::::* cpe:2.3:a:vmware:vmware_server:1.0.7:::::::* cpe:2.3:a:vmware:vmware_server:1.0.6:::::::* cpe:2.3:a:vmware:vmware_server:1.0.5:::::::* cpe:2.3:a:vmware:vmware_server:1.0.4:::::::* cpe:2.3:a:vmware:vmware_server:1.0.3:::::::* cpe:2.3:a:vmware:vmware_server:1.0.2:::::::* cpe:2.3:a:vmware:vmware_server:1.0.1:::::::* cpe:2.3:a:vmware:vmware_server:1.0.0:::::::* cpe:2.3:a:vmware:vmware_server:1.0:::::::*	11
Application	Vmware Vmware Workstation cpe:2.3:a:vmware:vmware_workstation:6.5.1:::::::* cpe:2.3:a:vmware:vmware_workstation:6.5:::::::* cpe:2.3:a:vmware:vmware_workstation:6.03:::::::* cpe:2.3:a:vmware:vmware_workstation:6.0.5:::::::* cpe:2.3:a:vmware:vmware_workstation:6.0.4:::::::* cpe:2.3:a:vmware:vmware_workstation:6.0.4:build_93057:::::: cpe:2.3:a:vmware:vmware_workstation:6.0.3:::::::* cpe:2.3:a:vmware:vmware_workstation:6.0.2:::::::* cpe:2.3:a:vmware:vmware_workstation:6.0.1:::::::* cpe:2.3:a:vmware:vmware_workstation:6.0.0.45731:::::::* cpe:2.3:a:vmware:vmware_workstation:6.0:::::::* cpe:2.3:a:vmware:vmware_workstation:5.5.8:::::::* cpe:2.3:a:vmware:vmware_workstation:5.5.7:::::::* cpe:2.3:a:vmware:vmware_workstation:5.5.6:::::::* cpe:2.3:a:vmware:vmware_workstation:5.5.5:::::::* cpe:2.3:a:vmware:vmware_workstation:5.5.4:::::::* cpe:2.3:a:vmware:vmware_workstation:5.5.3:::::::* cpe:2.3:a:vmware:vmware_workstation:5.5.2:::::::* cpe:2.3:a:vmware:vmware_workstation:5.5.1:::::::* cpe:2.3:a:vmware:vmware_workstation:5.5.0:::::::* cpe:2.3:a:vmware:vmware_workstation:5.0:::::::* cpe:2.3:a:vmware:vmware_workstation:4.5.3:::::::*	22
Application	Vmware Workstation cpe:2.3:a:vmware:workstation:7.1.4:::::::* cpe:2.3:a:vmware:workstation:7.1.3:::::::* cpe:2.3:a:vmware:workstation:7.1.2:::::::* cpe:2.3:a:vmware:workstation:7.1.1:::::::* cpe:2.3:a:vmware:workstation:7.1:::::::* cpe:2.3:a:vmware:workstation:7.0.1:::::::* cpe:2.3:a:vmware:workstation:7.0:::::::* cpe:2.3:a:vmware:workstation:6.5.4:::::::* cpe:2.3:a:vmware:workstation:6.5.3:::::::* cpe:2.3:a:vmware:workstation:6.5.2:::::::* cpe:2.3:a:vmware:workstation:6.5.1:::::::* cpe:2.3:a:vmware:workstation:6.5.0:::::::* cpe:2.3:a:vmware:workstation:6.5:::::::* cpe:2.3:a:vmware:workstation:6.0.5:::::::* cpe:2.3:a:vmware:workstation:6.0.4:::::::* cpe:2.3:a:vmware:workstation:6.0.3:::::::* cpe:2.3:a:vmware:workstation:6.0.2:::::::* cpe:2.3:a:vmware:workstation:6.0.1_build_55017:::::::* cpe:2.3:a:vmware:workstation:6.0.1:::::::* cpe:2.3:a:vmware:workstation:6.0:::::::* cpe:2.3:a:vmware:workstation:5.5.8:::::::* cpe:2.3:a:vmware:workstation:5.5.7:::::::* cpe:2.3:a:vmware:workstation:5.5.6:::::::* cpe:2.3:a:vmware:workstation:5.5.5_build_56455:::::::* cpe:2.3:a:vmware:workstation:5.5.5:::::::* cpe:2.3:a:vmware:workstation:5.5.4_build_44386:::::::* cpe:2.3:a:vmware:workstation:5.5.4:::::::* cpe:2.3:a:vmware:workstation:5.5.3_build_42958:::::::* cpe:2.3:a:vmware:workstation:5.5.3_build_34685:::::::* cpe:2.3:a:vmware:workstation:5.5.3:::::::* cpe:2.3:a:vmware:workstation:5.5.3:42958:::::: cpe:2.3:a:vmware:workstation:5.5.2:::::::* cpe:2.3:a:vmware:workstation:5.5.1_build_19175:::::::* cpe:2.3:a:vmware:workstation:5.5.1:::::::* cpe:2.3:a:vmware:workstation:5.5.0_build_13124:::::::* cpe:2.3:a:vmware:workstation:5.5.0:::::::* cpe:2.3:a:vmware:workstation:5.5:::::::* cpe:2.3:a:vmware:workstation:5.0.0_build_13124:::::::* cpe:2.3:a:vmware:workstation:5.0.0:::::::* cpe:2.3:a:vmware:workstation:5:::::::* cpe:2.3:a:vmware:workstation:4.5.2_build_8848:::::::* cpe:2.3:a:vmware:workstation:4.5.2_build_8848:r4:::::: cpe:2.3:a:vmware:workstation:4.5.2:::::::* cpe:2.3:a:vmware:workstation:4.0.2:::::::* cpe:2.3:a:vmware:workstation:4.0.1_build_5289:::::::* cpe:2.3:a:vmware:workstation:4.0.1:::::::* cpe:2.3:a:vmware:workstation:4.0:::::::* cpe:2.3:a:vmware:workstation:3.4:::::::* cpe:2.3:a:vmware:workstation:3.2.1:patch1:::::: cpe:2.3:a:vmware:workstation:2.0.1:::::::* cpe:2.3:a:vmware:workstation:2.0:::::::* cpe:2.3:a:vmware:workstation:1.1.2:::::::* cpe:2.3:a:vmware:workstation:1.1.1:::::::* cpe:2.3:a:vmware:workstation:1.1:::::::* cpe:2.3:a:vmware:workstation:1.0.5:::::::* cpe:2.3:a:vmware:workstation:1.0.4:::::::* cpe:2.3:a:vmware:workstation:1.0.2:::::::* cpe:2.3:a:vmware:workstation:1.0.1:::::::* cpe:2.3:a:vmware:workstation:::::::: cpe:2.3:a:vmware:workstation:-:::::::*	60
Os	Apple Iphone Os cpe:2.3:o:apple:iphone_os:2.2.1:::::::* cpe:2.3:o:apple:iphone_os:2.2.1:-:iphone:::::* cpe:2.3:o:apple:iphone_os:2.2.1:-:ipodtouch:::::* cpe:2.3:o:apple:iphone_os:2.2:::::::* cpe:2.3:o:apple:iphone_os:2.2:-:iphone:::::* cpe:2.3:o:apple:iphone_os:2.2:-:ipodtouch:::::* cpe:2.3:o:apple:iphone_os:2.1.1:::::::* cpe:2.3:o:apple:iphone_os:2.1:::::::* cpe:2.3:o:apple:iphone_os:2.1:-:ipodtouch:::::* cpe:2.3:o:apple:iphone_os:2.1:-:iphone:::::* cpe:2.3:o:apple:iphone_os:2.0.2:::::::* cpe:2.3:o:apple:iphone_os:2.0.2:-:iphone:::::* cpe:2.3:o:apple:iphone_os:2.0.2:-:ipodtouch:::::* cpe:2.3:o:apple:iphone_os:2.0.1:::::::* cpe:2.3:o:apple:iphone_os:2.0.1:-:ipodtouch:::::* cpe:2.3:o:apple:iphone_os:2.0.1:-:iphone:::::* cpe:2.3:o:apple:iphone_os:2.0.0:::::::* cpe:2.3:o:apple:iphone_os:2.0.0:-:iphone:::::* cpe:2.3:o:apple:iphone_os:2.0.0:-:ipodtouch:::::* cpe:2.3:o:apple:iphone_os:2.0:::::::* cpe:2.3:o:apple:iphone_os:1.1.5:::::::* cpe:2.3:o:apple:iphone_os:1.1.5:-:iphone:::::* cpe:2.3:o:apple:iphone_os:1.1.5:-:ipodtouch:::::* cpe:2.3:o:apple:iphone_os:1.1.4:::::::* cpe:2.3:o:apple:iphone_os:1.1.4:-:ipodtouch:::::* cpe:2.3:o:apple:iphone_os:1.1.4:-:iphone:::::* cpe:2.3:o:apple:iphone_os:1.1.3:::::::* cpe:2.3:o:apple:iphone_os:1.1.3:-:iphone:::::* cpe:2.3:o:apple:iphone_os:1.1.3:-:ipodtouch:::::* cpe:2.3:o:apple:iphone_os:1.1.2:::::::* cpe:2.3:o:apple:iphone_os:1.1.2:-:ipodtouch:::::* cpe:2.3:o:apple:iphone_os:1.1.2:-:iphone:::::* cpe:2.3:o:apple:iphone_os:1.1.1:::::::* cpe:2.3:o:apple:iphone_os:1.1.1:-:iphone:::::* cpe:2.3:o:apple:iphone_os:1.1.0:::::::* cpe:2.3:o:apple:iphone_os:1.1.0:-:ipodtouch:::::* cpe:2.3:o:apple:iphone_os:1.1.0:-:iphone:::::* cpe:2.3:o:apple:iphone_os:1.1:::::::* cpe:2.3:o:apple:iphone_os:1.0.2:::::::* cpe:2.3:o:apple:iphone_os:1.0.2:-:iphone:::::* cpe:2.3:o:apple:iphone_os:1.0.1:::::::* cpe:2.3:o:apple:iphone_os:1.0.1:-:iphone:::::* cpe:2.3:o:apple:iphone_os:1.0.0:::::::* cpe:2.3:o:apple:iphone_os:1.0:::::::* cpe:2.3:o:apple:iphone_os:::::::: cpe:2.3:o:apple:iphone_os:::~~~~ipad2~:::::* cpe:2.3:o:apple:iphone_os:::~~~~iphone~:::::* cpe:2.3:o:apple:iphone_os:::~~~~ipodtouch~:::::* cpe:2.3:o:apple:iphone_os::::::ipod_touch::* cpe:2.3:o:apple:iphone_os:::::::ipad2:* cpe:2.3:o:apple:iphone_os:::::::iphone:* cpe:2.3:o:apple:iphone_os:::::::ipodtouch:* cpe:2.3:o:apple:iphone_os:-:::::::* cpe:2.3:o:apple:iphone_os:-::~~~~ipad2~::::: cpe:2.3:o:apple:iphone_os:-::~~~~iphone~::::: cpe:2.3:o:apple:iphone_os:-::~~~~ipodtouch~::::: cpe:2.3:o:apple:iphone_os:-::::::ipad2: cpe:2.3:o:apple:iphone_os:-::::::iphone: cpe:2.3:o:apple:iphone_os:-::::::ipodtouch:	59
Os	Apple Mac Os X cpe:2.3:o:apple:mac_os_x:10.5.7:::::::* cpe:2.3:o:apple:mac_os_x:10.5.6:::::::* cpe:2.3:o:apple:mac_os_x:10.5.5:::::::* cpe:2.3:o:apple:mac_os_x:10.5.4:::::::* cpe:2.3:o:apple:mac_os_x:10.5.3:::::::* cpe:2.3:o:apple:mac_os_x:10.5.2:::::::* cpe:2.3:o:apple:mac_os_x:10.5.2:2008-002:::::: cpe:2.3:o:apple:mac_os_x:10.5.1:::::::* cpe:2.3:o:apple:mac_os_x:10.5.0:::::::* cpe:2.3:o:apple:mac_os_x:10.5:::::::* cpe:2.3:o:apple:mac_os_x:10.4.9:::::::* cpe:2.3:o:apple:mac_os_x:10.4.8:::::::* cpe:2.3:o:apple:mac_os_x:10.4.8::macbook::::: cpe:2.3:o:apple:mac_os_x:10.4.8::mac_mini::::: cpe:2.3:o:apple:mac_os_x:10.4.8::macbook_pro::::: cpe:2.3:o:apple:mac_os_x:10.4.7:::::::* cpe:2.3:o:apple:mac_os_x:10.4.6:::::::* cpe:2.3:o:apple:mac_os_x:10.4.5:::::::* cpe:2.3:o:apple:mac_os_x:10.4.4:::::::* cpe:2.3:o:apple:mac_os_x:10.4.3:::::::* cpe:2.3:o:apple:mac_os_x:10.4.2:::::::* cpe:2.3:o:apple:mac_os_x:10.4.11:::::::* cpe:2.3:o:apple:mac_os_x:10.4.10:::::::* cpe:2.3:o:apple:mac_os_x:10.4.1:::::::* cpe:2.3:o:apple:mac_os_x:10.4.0:::::::* cpe:2.3:o:apple:mac_os_x:10.4.:::::::* cpe:2.3:o:apple:mac_os_x:10.4:::::::* cpe:2.3:o:apple:mac_os_x:10.3.9:::::::* cpe:2.3:o:apple:mac_os_x:10.3.8:::::::* cpe:2.3:o:apple:mac_os_x:10.3.7:::::::* cpe:2.3:o:apple:mac_os_x:10.3.6:::::::* cpe:2.3:o:apple:mac_os_x:10.3.5:::::::* cpe:2.3:o:apple:mac_os_x:10.3.4:::::::* cpe:2.3:o:apple:mac_os_x:10.3.3:::::::* cpe:2.3:o:apple:mac_os_x:10.3.2:::::::* cpe:2.3:o:apple:mac_os_x:10.3.1:::::::* cpe:2.3:o:apple:mac_os_x:10.3.0:::::::* cpe:2.3:o:apple:mac_os_x:10.3:::::::* cpe:2.3:o:apple:mac_os_x:10.2.8:::::::* cpe:2.3:o:apple:mac_os_x:10.2.7:::::::* cpe:2.3:o:apple:mac_os_x:10.2.6:::::::* cpe:2.3:o:apple:mac_os_x:10.2.5:::::::* cpe:2.3:o:apple:mac_os_x:10.2.4:::::::* cpe:2.3:o:apple:mac_os_x:10.2.3:::::::* cpe:2.3:o:apple:mac_os_x:10.2.2:::::::* cpe:2.3:o:apple:mac_os_x:10.2.1:::::::* cpe:2.3:o:apple:mac_os_x:10.2.0:::::::* cpe:2.3:o:apple:mac_os_x:10.2:::::::* cpe:2.3:o:apple:mac_os_x:10.1.5:::::::* cpe:2.3:o:apple:mac_os_x:10.1.4:::::::* cpe:2.3:o:apple:mac_os_x:10.1.3:::::::* cpe:2.3:o:apple:mac_os_x:10.1.2:::::::* cpe:2.3:o:apple:mac_os_x:10.1.1:::::::* cpe:2.3:o:apple:mac_os_x:10.1.0:::::::* cpe:2.3:o:apple:mac_os_x:10.1:::::::* cpe:2.3:o:apple:mac_os_x:10.0.4:::::::* cpe:2.3:o:apple:mac_os_x:10.0.3:::::::* cpe:2.3:o:apple:mac_os_x:10.0.2:::::::* cpe:2.3:o:apple:mac_os_x:10.0.1:::::::* cpe:2.3:o:apple:mac_os_x:10.0.0:::::::* cpe:2.3:o:apple:mac_os_x:10.0:::::::* cpe:2.3:o:apple:mac_os_x:::::::: cpe:2.3:o:apple:mac_os_x:-:::::::*	63
Os	Debian Debian Linux cpe:2.3:o:debian:debian_linux:5.0:::::::* cpe:2.3:o:debian:debian_linux:4.0:::::::*	2
Os	Fedoraproject Fedora cpe:2.3:o:fedoraproject:fedora:10:::::::* cpe:2.3:o:fedoraproject:fedora:9:::::::*	2
Os	Opensuse cpe:2.3:o:opensuse:opensuse:11.1:::::::* cpe:2.3:o:opensuse:opensuse:11.0:::::::* cpe:2.3:o:opensuse:opensuse:10.3:::::::*	3
Os	Suse Linux Enterprise cpe:2.3:o:suse:linux_enterprise:10.0:-:::::: cpe:2.3:o:suse:linux_enterprise:9.0:-::::::	2
Os	Suse Linux Enterprise Desktop cpe:2.3:o:suse:linux_enterprise_desktop:10:sp2::::::	1
Os	Suse Linux Enterprise Server cpe:2.3:o:suse:linux_enterprise_server:10:sp2::::::	1
Os	Vmware Esx cpe:2.3:o:vmware:esx:3.5:::::::* cpe:2.3:o:vmware:esx:3.5:update2:::::: cpe:2.3:o:vmware:esx:3.5:update1:::::: cpe:2.3:o:vmware:esx:3.5:update3:::::: cpe:2.3:o:vmware:esx:3.0.3:::::::* cpe:2.3:o:vmware:esx:3.0.2:::::::* cpe:2.3:o:vmware:esx:3.0.1:::::::* cpe:2.3:o:vmware:esx:3.0.0:::::::* cpe:2.3:o:vmware:esx:2.5.5:::::::* cpe:2.3:o:vmware:esx:2.5.4:::::::* cpe:2.3:o:vmware:esx:2.5.3:::::::* cpe:2.3:o:vmware:esx:2.5.2:::::::* cpe:2.3:o:vmware:esx:2.5:::::::* cpe:2.3:o:vmware:esx:2.1.3:::::::* cpe:2.3:o:vmware:esx:2.1.2:::::::* cpe:2.3:o:vmware:esx:2.1.1:::::::* cpe:2.3:o:vmware:esx:2.1:::::::* cpe:2.3:o:vmware:esx:2.0.2:::::::* cpe:2.3:o:vmware:esx:2.0.1:::::::* cpe:2.3:o:vmware:esx:2.0:::::::* cpe:2.3:o:vmware:esx:1.5.2:patch2:::::: cpe:2.3:o:vmware:esx:1.5.2:patch3:::::: cpe:2.3:o:vmware:esx:1.5.2:patch1:::::: cpe:2.3:o:vmware:esx::::::::	24

ExploitDB Exploits

id	Description
2009-10-27	VMware Server <= 2.0.1,ESXi Server <= 3.5 Directory Traversal Vulnerabi...
2010-05-14	VMware View Portal <= 3.1 XSS vulnerability
2010-04-12	VMware Remote Console e.x.p build-158248 - format string vulnerability
2008-07-25	BIND 9.x Remote DNS Cache Poisoning Flaw Exploit (c)
2008-07-24	BIND 9.x Remote DNS Cache Poisoning Flaw Exploit (py)
2008-07-23	BIND 9.4.1-9.4.2 Remote DNS Cache Poisoning Flaw Exploit (meta)

OpenVAS Exploits

Date	Description
2012-10-03	Name : Gentoo Security Advisory GLSA 201209-25 (vmware-server vmware-player vmware-w... File : nvt/glsa_201209_25.nasl
2012-04-16	Name : VMSA-2010-0007: VMware hosted products, vCenter Server and ESX patches resolv... File : nvt/gb_VMSA-2010-0007.nasl
2011-11-17	Name : VMware Fusion UDF File Systems Buffer Overflow Vulnerability (Mac OS X) File : nvt/secpod_vmware_fusion_udf_filesys_bof_vuln_macosx.nasl
2011-11-17	Name : VMware Products UDF File Systems Buffer Overflow Vulnerability (Linux) File : nvt/secpod_vmware_prdts_udf_filesys_bof_vuln_lin.nasl
2011-11-17	Name : VMware Products UDF File Systems Buffer Overflow Vulnerability (Win) File : nvt/secpod_vmware_prdts_udf_filesys_bof_vuln_win.nasl
2011-08-09	Name : CentOS Update for firefox CESA-2009:0315 centos4 i386 File : nvt/gb_CESA-2009_0315_firefox_centos4_i386.nasl
2011-08-09	Name : CentOS Update for firefox CESA-2009:0315 centos5 i386 File : nvt/gb_CESA-2009_0315_firefox_centos5_i386.nasl
2011-08-09	Name : CentOS Update for seamonkey CESA-2009:0325-01 centos2 i386 File : nvt/gb_CESA-2009_0325-01_seamonkey_centos2_i386.nasl
2011-08-09	Name : CentOS Update for seamonkey CESA-2009:0325 centos3 i386 File : nvt/gb_CESA-2009_0325_seamonkey_centos3_i386.nasl
2011-08-09	Name : CentOS Update for seamonkey CESA-2009:0325 centos4 i386 File : nvt/gb_CESA-2009_0325_seamonkey_centos4_i386.nasl
2011-08-09	Name : CentOS Update for freetype CESA-2009:0329 centos3 i386 File : nvt/gb_CESA-2009_0329_freetype_centos3_i386.nasl
2011-08-09	Name : CentOS Update for libpng CESA-2009:0333-01 centos2 i386 File : nvt/gb_CESA-2009_0333-01_libpng_centos2_i386.nasl
2011-08-09	Name : CentOS Update for libpng10 CESA-2009:0333 centos4 i386 File : nvt/gb_CESA-2009_0333_libpng10_centos4_i386.nasl
2011-08-09	Name : CentOS Update for libpng10 CESA-2009:0340 centos3 i386 File : nvt/gb_CESA-2009_0340_libpng10_centos3_i386.nasl
2010-05-12	Name : Mac OS X Security Update 2008-005 File : nvt/macosx_secupd_2008-005.nasl
2010-05-12	Name : Mac OS X Security Update 2009-001 File : nvt/macosx_secupd_2009-001.nasl
2010-05-12	Name : Mac OS X 10.5.3 Update / Mac OS X Security Update 2008-003 File : nvt/macosx_upd_10_5_3_secupd_2008-003.nasl
2010-05-12	Name : Mac OS X 10.5.5 Update / Security Update 2008-006 File : nvt/macosx_upd_10_5_5_secupd_2008-006.nasl
2010-05-12	Name : Mac OS X 10.5.7 Update / Mac OS X Security Update 2009-002 File : nvt/macosx_upd_10_5_7_secupd_2009-002.nasl
2010-05-12	Name : Mac OS X 10.5.8 Update / Mac OS X Security Update 2009-003 File : nvt/macosx_upd_10_5_8_secupd_2009-003.nasl
2010-04-29	Name : VMware Authorization Service Denial of Service Vulnerability (Win) -Apr10 File : nvt/secpod_vmware_prdts_dos_vuln_win_apr10.nasl
2010-04-16	Name : VMware Products Multiple Vulnerabilities (Windows) File : nvt/gb_vmware_prdts_mult_vuln_win01.nasl
2010-04-16	Name : VMware Products Tools Remote Code Execution Vulnerabilies (win) File : nvt/gb_vmware_prdts_tools_code_exec_vuln_lin.nasl
2010-04-16	Name : VMware Products Tools Remote Code Execution Vulnerabilies (win) File : nvt/gb_vmware_prdts_tools_code_exec_vuln_win.nasl
2010-04-16	Name : VMware Products USB Service Local Privilege Escalation Vulnerability (Win) File : nvt/gb_vmware_prdts_usb_service_local_prv_esc_vuln_win.nasl
2010-04-16	Name : VMware Products 'vmware-vmx' Information Disclosure Vulnerability (Linux) File : nvt/gb_vmware_prdts_vmx_info_disc_vuln_lin.nasl
2010-04-16	Name : VMware Products 'vmware-vmx' Information Disclosure Vulnerability (Win) File : nvt/gb_vmware_prdts_vmx_info_disc_vuln_win.nasl
2010-04-13	Name : VMware WebAccess Cross Site Scripting vulnerability (Linux) File : nvt/gb_vmware_server_webaccess_xss_vuln_lin.nasl
2010-04-13	Name : VMware WebAccess Cross Site Scripting vulnerability (Win) File : nvt/gb_vmware_server_webaccess_xss_vuln_win.nasl
2010-02-23	Name : VMware Products Directory Traversal Vulnerability File : nvt/vmware_36842_remote.nasl
2009-11-17	Name : Mac OS X Version File : nvt/macosx_version.nasl
2009-11-05	Name : VMware Products Guest Privilege Escalation Vulnerability - Nov09 (Linux) File : nvt/gb_vmware_prdts_priv_esc_vuln_nov09_lin.nasl
2009-11-05	Name : VMware Products Guest Privilege Escalation Vulnerability - Nov09 (Win) File : nvt/gb_vmware_prdts_priv_esc_vuln_nov09_win.nasl
2009-11-05	Name : VMware Serve Directory Traversal Vulnerability - Nov09 (Linux) File : nvt/gb_vmware_serv_dir_trav_vuln_nov09_lin.nasl
2009-10-22	Name : VMware Authorization Service Denial of Service Vulnerability (Win) File : nvt/gb_vmware_authorization_service_dos_vuln_win.nasl
2009-10-13	Name : SLES10: Security update for MozillaFirefox File : nvt/sles10_MozillaFirefox3.nasl
2009-10-13	Name : SLES10: Security update for bind File : nvt/sles10_bind0.nasl
2009-10-13	Name : SLES10: Security update for libpng File : nvt/sles10_libpng.nasl
2009-10-13	Name : SLES10: Security update for libpng File : nvt/sles10_libpng0.nasl
2009-10-11	Name : SLES11: Security update for MozillaFirefox File : nvt/sles11_MozillaFirefox.nasl
2009-10-11	Name : SLES11: Security update for libpng File : nvt/sles11_libpng12-0.nasl
2009-10-10	Name : SLES9: Security update for libpng File : nvt/sles9p5012132.nasl
2009-10-10	Name : SLES9: Security update for bind File : nvt/sles9p5030189.nasl
2009-10-10	Name : SLES9: Security update for libpng File : nvt/sles9p5043440.nasl
2009-10-10	Name : SLES9: Security update for libpng File : nvt/sles9p5043680.nasl
2009-07-29	Name : Debian Security Advisory DSA 1830-1 (icedove) File : nvt/deb_1830_1.nasl
2009-07-29	Name : Ubuntu USN-799-1 (dbus) File : nvt/ubuntu_799_1.nasl
2009-07-29	Name : Ubuntu USN-801-1 (tiff) File : nvt/ubuntu_801_1.nasl
2009-07-29	Name : Ubuntu USN-802-1 (apache2) File : nvt/ubuntu_802_1.nasl
2009-06-23	Name : Fedora Core 10 FEDORA-2009-6531 (libpng) File : nvt/fcore_2009_6531.nasl
2009-06-23	Name : Fedora Core 9 FEDORA-2009-6603 (libpng) File : nvt/fcore_2009_6603.nasl
2009-06-05	Name : Ubuntu USN-723-1 (git-core) File : nvt/ubuntu_723_1.nasl
2009-05-25	Name : RedHat Security Advisory RHSA-2009:0329 File : nvt/RHSA_2009_0329.nasl
2009-05-25	Name : CentOS Security Advisory CESA-2009:0329 (freetype) File : nvt/ovcesa2009_0329.nasl
2009-05-18	Name : VMware Products Multiple Vulnerabilities (Linux) Apr09 File : nvt/secpod_vmware_prdts_mult_vuln_lin_apr09.nasl
2009-05-18	Name : VMware Products Multiple Vulnerabilities (Win) Apr09 File : nvt/secpod_vmware_prdts_mult_vuln_win_apr09.nasl
2009-05-05	Name : HP-UX Update for BIND HPSBUX02351 File : nvt/gb_hp_ux_HPSBUX02351.nasl
2009-04-28	Name : CentOS Security Advisory CESA-2009:0333 (libpng) File : nvt/ovcesa2009_0333.nasl
2009-04-20	Name : SuSE Security Advisory SUSE-SA:2009:023 (MozillaFirefox) File : nvt/suse_sa_2009_023.nasl
2009-04-09	Name : Mandriva Update for libpng MDKSA-2007:217 (libpng) File : nvt/gb_mandriva_MDKSA_2007_217.nasl
2009-04-09	Name : Mandriva Update for cairo MDVSA-2008:019 (cairo) File : nvt/gb_mandriva_MDVSA_2008_019.nasl
2009-04-09	Name : Mandriva Update for freetype2 MDVSA-2008:121 (freetype2) File : nvt/gb_mandriva_MDVSA_2008_121.nasl
2009-04-09	Name : Mandriva Update for bind MDVSA-2008:139 (bind) File : nvt/gb_mandriva_MDVSA_2008_139.nasl
2009-04-06	Name : Mandrake Security Advisory MDVSA-2009:083 (mozilla-thunderbird) File : nvt/mdksa_2009_083.nasl
2009-03-31	Name : Debian Security Advisory DSA 1750-1 (libpng) File : nvt/deb_1750_1.nasl
2009-03-31	Name : Fedora Core 10 FEDORA-2009-2882 (thunderbird) File : nvt/fcore_2009_2882.nasl
2009-03-31	Name : Fedora Core 9 FEDORA-2009-2884 (thunderbird) File : nvt/fcore_2009_2884.nasl
2009-03-23	Name : Ubuntu Update for libpng vulnerabilities USN-538-1 File : nvt/gb_ubuntu_USN_538_1.nasl
2009-03-23	Name : Ubuntu Update for libcairo vulnerability USN-550-1 File : nvt/gb_ubuntu_USN_550_1.nasl
2009-03-23	Name : Ubuntu Update for libcairo regression USN-550-2 File : nvt/gb_ubuntu_USN_550_2.nasl
2009-03-23	Name : Ubuntu Update for bind9 vulnerability USN-622-1 File : nvt/gb_ubuntu_USN_622_1.nasl
2009-03-23	Name : Ubuntu Update for dnsmasq vulnerability USN-627-1 File : nvt/gb_ubuntu_USN_627_1.nasl
2009-03-23	Name : Ubuntu Update for freetype vulnerabilities USN-643-1 File : nvt/gb_ubuntu_USN_643_1.nasl
2009-03-23	Name : Ubuntu Update for ruby1.8 vulnerabilities USN-651-1 File : nvt/gb_ubuntu_USN_651_1.nasl
2009-03-20	Name : Gentoo Security Advisory GLSA 200903-28 (libpng) File : nvt/glsa_200903_28.nasl
2009-03-20	Name : Mandrake Security Advisory MDVSA-2009:075 (firefox) File : nvt/mdksa_2009_075.nasl
2009-03-20	Name : SuSE Security Advisory SUSE-SA:2009:012 (MozillaFirefox) File : nvt/suse_sa_2009_012.nasl
2009-03-13	Name : Fedora Core 10 FEDORA-2009-1976 (libpng10) File : nvt/fcore_2009_1976.nasl
2009-03-13	Name : Fedora Core 9 FEDORA-2009-2045 (libpng10) File : nvt/fcore_2009_2045.nasl
2009-03-13	Name : CentOS Security Advisory CESA-2009:0315 (firefox) File : nvt/ovcesa2009_0315.nasl
2009-03-13	Name : CentOS Security Advisory CESA-2009:0325-01 (seamonkey) File : nvt/ovcesa2009_0325_01.nasl
2009-03-13	Name : CentOS Security Advisory CESA-2009:0333-01 (libpng) File : nvt/ovcesa2009_0333_01.nasl
2009-03-13	Name : CentOS Security Advisory CESA-2009:0340 (libpng) File : nvt/ovcesa2009_0340.nasl
2009-03-07	Name : RedHat Security Advisory RHSA-2009:0315 File : nvt/RHSA_2009_0315.nasl
2009-03-07	Name : RedHat Security Advisory RHSA-2009:0325 File : nvt/RHSA_2009_0325.nasl
2009-03-07	Name : RedHat Security Advisory RHSA-2009:0333 File : nvt/RHSA_2009_0333.nasl
2009-03-07	Name : RedHat Security Advisory RHSA-2009:0340 File : nvt/RHSA_2009_0340.nasl
2009-03-07	Name : FreeBSD Ports: pngcrush File : nvt/freebsd_pngcrush.nasl
2009-03-07	Name : CentOS Security Advisory CESA-2009:0325 (seamonkey) File : nvt/ovcesa2009_0325.nasl
2009-03-07	Name : Ubuntu USN-728-1 (xulrunner-1.9) File : nvt/ubuntu_728_1.nasl
2009-03-07	Name : Ubuntu USN-730-1 (libpng) File : nvt/ubuntu_730_1.nasl
2009-03-06	Name : RedHat Update for cairo RHSA-2007:1078-02 File : nvt/gb_RHSA-2007_1078-02_cairo.nasl
2009-03-06	Name : RedHat Update for bind RHSA-2008:0533-01 File : nvt/gb_RHSA-2008_0533-01_bind.nasl
2009-03-06	Name : RedHat Update for freetype RHSA-2008:0556-01 File : nvt/gb_RHSA-2008_0556-01_freetype.nasl
2009-03-06	Name : RedHat Update for freetype RHSA-2008:0558-01 File : nvt/gb_RHSA-2008_0558-01_freetype.nasl
2009-03-06	Name : RedHat Update for dnsmasq RHSA-2008:0789-01 File : nvt/gb_RHSA-2008_0789-01_dnsmasq.nasl
2009-03-02	Name : Fedora Core 10 FEDORA-2009-2112 (libpng) File : nvt/fcore_2009_2112.nasl
2009-03-02	Name : Fedora Core 9 FEDORA-2009-2128 (libpng) File : nvt/fcore_2009_2128.nasl
2009-03-02	Name : Fedora Core 10 FEDORA-2009-2131 (mingw32-libpng) File : nvt/fcore_2009_2131.nasl
2009-03-02	Name : Mandrake Security Advisory MDVSA-2009:051 (libpng) File : nvt/mdksa_2009_051.nasl
2009-03-02	Name : SuSE Security Summary SUSE-SR:2009:005 File : nvt/suse_sr_2009_005.nasl
2009-02-27	Name : CentOS Update for bind CESA-2008:0533-03 centos2 i386 File : nvt/gb_CESA-2008_0533-03_bind_centos2_i386.nasl
2009-02-27	Name : CentOS Update for bind CESA-2008:0533 centos3 i386 File : nvt/gb_CESA-2008_0533_bind_centos3_i386.nasl
2009-02-27	Name : CentOS Update for bind CESA-2008:0533 centos3 x86_64 File : nvt/gb_CESA-2008_0533_bind_centos3_x86_64.nasl
2009-02-27	Name : CentOS Update for bind CESA-2008:0533 centos4 i386 File : nvt/gb_CESA-2008_0533_bind_centos4_i386.nasl
2009-02-27	Name : CentOS Update for bind CESA-2008:0533 centos4 x86_64 File : nvt/gb_CESA-2008_0533_bind_centos4_x86_64.nasl
2009-02-27	Name : CentOS Update for freetype CESA-2008:0556 centos3 i386 File : nvt/gb_CESA-2008_0556_freetype_centos3_i386.nasl
2009-02-27	Name : CentOS Update for freetype CESA-2008:0556 centos3 x86_64 File : nvt/gb_CESA-2008_0556_freetype_centos3_x86_64.nasl
2009-02-27	Name : CentOS Update for freetype CESA-2008:0556 centos4 i386 File : nvt/gb_CESA-2008_0556_freetype_centos4_i386.nasl
2009-02-27	Name : CentOS Update for freetype CESA-2008:0556 centos4 x86_64 File : nvt/gb_CESA-2008_0556_freetype_centos4_x86_64.nasl
2009-02-27	Name : CentOS Update for freetype CESA-2008:0558-01 centos2 i386 File : nvt/gb_CESA-2008_0558-01_freetype_centos2_i386.nasl
2009-02-27	Name : Fedora Update for libpng10 FEDORA-2007-2521 File : nvt/gb_fedora_2007_2521_libpng10_fc7.nasl
2009-02-27	Name : Fedora Update for libpng FEDORA-2007-2666 File : nvt/gb_fedora_2007_2666_libpng_fc7.nasl
2009-02-27	Name : Fedora Update for libpng FEDORA-2007-734 File : nvt/gb_fedora_2007_734_libpng_fc6.nasl
2009-02-24	Name : Fedora Update for cairo FEDORA-2007-3818 File : nvt/gb_fedora_2007_3818_cairo_fc7.nasl
2009-02-18	Name : Fedora Core 9 FEDORA-2009-1069 (dnsmasq) File : nvt/fcore_2009_1069.nasl
2009-02-17	Name : Fedora Update for libpng10 FEDORA-2008-3979 File : nvt/gb_fedora_2008_3979_libpng10_fc7.nasl
2009-02-17	Name : Fedora Update for libpng FEDORA-2008-4947 File : nvt/gb_fedora_2008_4947_libpng_fc7.nasl
2009-02-17	Name : Fedora Update for freetype FEDORA-2008-5425 File : nvt/gb_fedora_2008_5425_freetype_fc9.nasl
2009-02-17	Name : Fedora Update for freetype FEDORA-2008-5430 File : nvt/gb_fedora_2008_5430_freetype_fc8.nasl
2009-02-17	Name : Fedora Update for bind FEDORA-2008-6256 File : nvt/gb_fedora_2008_6256_bind_fc9.nasl
2009-02-17	Name : Fedora Update for bind FEDORA-2008-6281 File : nvt/gb_fedora_2008_6281_bind_fc8.nasl
2009-02-17	Name : Fedora Update for ruby FEDORA-2008-8736 File : nvt/gb_fedora_2008_8736_ruby_fc8.nasl
2009-02-17	Name : Fedora Update for ruby FEDORA-2008-8738 File : nvt/gb_fedora_2008_8738_ruby_fc9.nasl
2009-01-23	Name : SuSE Update for bind SUSE-SA:2008:033 File : nvt/gb_suse_2008_033.nasl
2009-01-23	Name : SuSE Update for openwsman SUSE-SA:2008:041 File : nvt/gb_suse_2008_041.nasl
2009-01-20	Name : Fedora Core 9 FEDORA-2009-0350 (bind) File : nvt/fcore_2009_0350.nasl
2009-01-13	Name : Gentoo Security Advisory GLSA 200901-03 (pdnsd) File : nvt/glsa_200901_03.nasl
2008-12-23	Name : Gentoo Security Advisory GLSA 200812-17 (ruby) File : nvt/glsa_200812_17.nasl
2008-12-15	Name : VMware Products Trap Flag In-Guest Privilege Escalation Vulnerability (Linux) File : nvt/gb_vmware_prdts_inguest_prv_esc_vuln_lin.nasl
2008-12-15	Name : VMware Products Trap Flag In-Guest Privilege Escalation Vulnerability (Win) File : nvt/gb_vmware_prdts_inguest_prv_esc_vuln_win.nasl
2008-09-29	Name : VMware VIX API Multiple Buffer Overflow Vulnerabilities (Win) File : nvt/gb_vmware_prdts_vix_api_mult_vuln.nasl
2008-09-26	Name : VMware Product(s) Local Privilege Escalation Vulnerability File : nvt/gb_vmware_prdts_prv_esc_vuln.nasl
2008-09-26	Name : VMware Tools Local Privilege Escalation Vulnerability (Linux) File : nvt/gb_vmware_tools_local_prv_esc_vuln_lin.nasl
2008-09-26	Name : VMware Tools Local Privilege Escalation Vulnerability (Win) File : nvt/gb_vmware_tools_local_prv_esc_vuln_win.nasl
2008-09-25	Name : VMCI/HGFS VmWare Code Execution Vulnerability (Linux) File : nvt/gb_vmware_prdts_mult_vuln_lin.nasl
2008-09-25	Name : VMCI/HGFS VmWare Code Execution Vulnerability (Win) File : nvt/gb_vmware_prdts_mult_vuln_win.nasl
2008-09-24	Name : Gentoo Security Advisory GLSA 200711-08 (libpng) File : nvt/glsa_200711_08.nasl
2008-09-24	Name : Gentoo Security Advisory GLSA 200712-04 (cairo) File : nvt/glsa_200712_04.nasl
2008-09-24	Name : Gentoo Security Advisory GLSA 200712-24 (emul-linux-x86-gtklibs) File : nvt/glsa_200712_24.nasl
2008-09-24	Name : Gentoo Security Advisory GLSA 200805-07 (ltsp) File : nvt/glsa_200805_07.nasl
2008-09-24	Name : Gentoo Security Advisory GLSA 200806-10 (freetype) File : nvt/glsa_200806_10.nasl
2008-09-24	Name : Gentoo Security Advisory GLSA 200807-08 (bind) File : nvt/glsa_200807_08.nasl
2008-09-24	Name : Gentoo Security Advisory GLSA 200809-02 (dnsmasq) File : nvt/glsa_200809_02.nasl
2008-09-17	Name : Debian Security Advisory DSA 1635-1 (freetype) File : nvt/deb_1635_1.nasl
2008-09-04	Name : FreeBSD Ports: freetype2 File : nvt/freebsd_freetype21.nasl
2008-09-04	Name : FreeBSD Ports: png File : nvt/freebsd_png0.nasl
2008-09-04	Name : FreeBSD Ports: ruby, ruby+pthreads, ruby+pthreads+oniguruma, ruby+oniguruma File : nvt/freebsd_ruby9.nasl
2008-09-04	Name : FreeBSD Security Advisory (FreeBSD-SA-08:06.bind.asc) File : nvt/freebsdsa_bind5.nasl
2008-08-22	Name : Vulnerabilities in DNS Could Allow Spoofing (953230) File : nvt/secpod_ms08-037_900005.nasl
2008-08-15	Name : Debian Security Advisory DSA 1617-1 (refpolicy) File : nvt/deb_1617_1.nasl
2008-08-15	Name : Debian Security Advisory DSA 1619-1 (python-dns) File : nvt/deb_1619_1.nasl
2008-08-15	Name : Debian Security Advisory DSA 1623-1 (dnsmasq) File : nvt/deb_1623_1.nasl
2008-07-15	Name : Debian Security Advisory DSA 1603-1 (bind9) File : nvt/deb_1603_1.nasl
2008-04-21	Name : Debian Security Advisory DSA 1542-1 (libcairo) File : nvt/deb_1542_1.nasl
0000-00-00	Name : Slackware Advisory SSA:2007-325-01 libpng File : nvt/esoft_slk_ssa_2007_325_01.nasl
0000-00-00	Name : Slackware Advisory SSA:2007-325-01a libpng for Slackware 10.1 and 10.2 File : nvt/esoft_slk_ssa_2007_325_01a.nasl
0000-00-00	Name : Slackware Advisory SSA:2007-337-01 cairo File : nvt/esoft_slk_ssa_2007_337_01.nasl
0000-00-00	Name : Slackware Advisory SSA:2008-191-02 bind File : nvt/esoft_slk_ssa_2008_191_02.nasl
0000-00-00	Name : Slackware Advisory SSA:2008-205-01 dnsmasq File : nvt/esoft_slk_ssa_2008_205_01.nasl
0000-00-00	Name : Slackware Advisory SSA:2008-334-01 ruby File : nvt/esoft_slk_ssa_2008_334_01.nasl
0000-00-00	Name : Slackware Advisory SSA:2009-051-01 libpng File : nvt/esoft_slk_ssa_2009_051_01.nasl
0000-00-00	Name : Slackware Advisory SSA:2009-083-02 seamonkey File : nvt/esoft_slk_ssa_2009_083_02.nasl
0000-00-00	Name : Slackware Advisory SSA:2009-083-03 mozilla-thunderbird File : nvt/esoft_slk_ssa_2009_083_03.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
76060	VMware Multiple Product UDF Filesystem ISO Image Handling Overflow
64440	VMware View View Manager Unspecified Parameter XSS
64127	VMware Multiple Products vmware-authd.exe Multiple Command \x25\x90 Sequence ...
63860	VMWare Multiple Products USB Service Host Privilege Escalation
63859	VMWare Tools Unsafe Library Loading Arbitrary Code Execution
63858	VMware Tools Malformed Executable Guest Arbitrary Code Execution
63607	VMware Fusion vmware-vmx Process Virtual Networking Stack Memory Disclosure
63606	VMware VIX API vmrun Utility Process List Format String Local Privilege Escal...
63605	VMware Remote Console (VMrc) Plugin Unspecified Format String
63319	VMware Server Console Virtual Machine Name XSS VMware WebAccess contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the virtual machine name in the machines listing. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
59441	VMware Multiple Products Guest OS Page Fault Local Privilege Escalation
59440	VMware Multiple Products sdk Path HTTP Request Directory Traversal Arbitrary ... VMWare hosted products contain a flaw that allows a remote attacker to traverse outside of a restricted path. The issue is due to the HTTP server not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) appended to the /sdk path. This directory traversal attack would allow the attacker to read arbitrary files on the host, including guest virtual machines.
58728	VMware Multiple Products Authorization Service vmware-authd.exe Login Request...
55943	VMWare Multiple Products VMnc Codec (vmnc.dll) Invalid RFB Message Type Handl...
55942	VMWare Multiple Products VMnc Codec (vmnc.dll) Open-DML Standard Index dwSize...
53917	HP Multiple Products DNS Query ID Field Prediction Cache Poisoning
53694	VMware Multiple Products Guest Virtual Device Driver Unspecified DoS
53634	VMware Multiple Products Display Function Host OS Arbitrary Code Execution
53530	Check Point DNS Query ID Field Prediction Cache Poisoning
53317	libpng 16-bit Gamma Table Handling Uninitialised Pointer Free Arbitrary Code ...
53316	libpng pCAL Chunk Handling Uninitialised Pointer Free Arbitrary Code Execution
53315	libpng png_read_png Function Uninitialised Pointer Free Arbitrary Code Execution
52704	VMware Multiple Products Unspecified Virtual Hardware Request Memory Corruption
49795	VMware Multiple Products CPU Hardware Emulation Trap Flag Handling Guest OS U...
48256	Ingate Firewall/SIParator DNS Query ID Field Prediction Cache Poisoning
48254	VMware ESX / ESXi VMware Consolidated Backup (VCB) Multiple Utility Command L...
48244	pdnsd DNS Query ID Field Prediction Cache Poisoning
48186	Apple Mac OS X DNS Query ID Field Prediction Cache Poisoning
47927	Nortel Business Communications Manager DNS Query ID Field Prediction Cache Po...
47926	Astaro Security Gateway DNS Query ID Field Prediction Cache Poisoning
47916	Citrix Access Gateway DNS Query ID Field Prediction Cache Poisoning
47660	VitalQIP DNS Query ID Field Prediction Cache Poisoning
47588	Yamaha RT Series Routers DNS Query ID Field Prediction Cache Poisoning
47546	Astaro Security Gateway DNS Proxy DNS Query ID Field Prediction Cache Poisoning
47510	Dnsmasq DNS Query ID Field Prediction Cache Poisoning
47233	Secure Computing Sidewinder / CyberGuard DNS Query ID Field Prediction Cache ...
47232	F5 Multiple Product DNS Query ID Field Prediction Cache Poisoning
46916	Juniper Networks Multiple Products DNS Query ID Field Prediction Cache Poisoning
46837	Solaris named(1M) DNS Query ID Field Prediction Cache Poisoning Solaris contains a flaw that may allow a malicious user to insert invalid records into a recursive DNS server cache. The issue is triggered by a flaw in the DNS protocol, which does not require sufficient randomness in selecting Query ID and UDP source port for queries to authoritative servers. It is possible that the flaw may allow an attacker to spoof a DNS response to a legitimate query resulting in a loss of integrity.
46836	Nominum CNS / Vantio DNS Query ID Field Prediction Cache Poisoning
46786	Cisco Multiple Products DNS Query ID Field Prediction Cache Poisoning Multiple Cisco products contain a flaw that may allow a malicious user to insert invalid records into a recursive DNS server cache. The issue is triggered by a flaw in the DNS protocol, which does not require sufficient randomness in selecting Query ID and UDP source port for queries to authoritative servers. It is possible that the flaw may allow an attacker to spoof a DNS response to a legitimate query resulting in a loss of integrity.
46777	Microsoft Windows DNS Socket Entropy Weakness Cache Poisoning Windows contains a flaw that may allow a malicious user to insert invalid records into a recursive DNS server cache. The issue is triggered by a flaw in the DNS protocol, which does not require sufficient randomness in selecting Query ID and UDP source port for queries to authoritative servers. It is possible that the flaw may allow an attacker to spoof a DNS response to a legitimate query resulting in a loss of integrity.
46776	ISC BIND DNS Query ID Field Prediction Cache Poisoning BIND contains a flaw that may allow a malicious user to insert invalid records into a recursive DNS server cache. The issue is triggered by a flaw in the DNS protocol, which does not require sufficient randomness in selecting Query ID and UDP source port for queries to authoritative servers. It is possible that the flaw may allow an attacker to spoof a DNS response to a legitimate query resulting in a loss of integrity.
46205	VMware Multiple Products HGFS.sys user-mode METHOD_NEITHER IOCTLs Local Privi...
46204	VMware Multiple Products vmware-authd Search Path Subversion Local Privilege ...
46203	VMware Multiple Products VIX API Unspecified VM Host Arbitrary Code Execution
46178	FreeType2 Library TrueType Font (TTF) Font Handling Off-by-one Overflow
46177	FreeType2 Library Printer Font Binary (PFB) Font Handling Off-by-one Overflow
46176	FreeType2 Library Printer Font Binary (PFB) Font Handling Memory Corruption
46175	FreeType2 Library Printer Font Binary (PFB) Font Handling Overflow
45890	VMware Multiple Products Host Guest File System (HGFS) Shared Folders Feature...
43901	VMware Multiple Products authd Process Arbitrary Named Pipe Unspecified Loca...
43900	VMware Multiple Products DHCP Service Unspecified DoS
43899	VMware Multiple Products Crafted Virtual Machine Communication Interface (VM...
43898	VMware Multiple Products authd Process Named Pipe Manipulation Local Privile...
43897	VMware Multiple Products Application Data Folder config.ini Handling Local P... VMware Server contains a flaw that may allow a malicious local user to gain access to unauthorized privileges. The issue is triggered when 'authd' connects to opened pipes controled by the attacker occurs. This flaw may lead to a loss of Confidentiality and Integrity.
43896	VMware Multiple Products Anonymous VIX API Call Guest OS Console Access
39242	Cairo read_png PNG Image Size Overflow
38274	libpng Chunk Handlers PNG Handling Multiple Method DoS

Information Assurance Vulnerability Management (IAVM)

Date	Description
2010-04-15	IAVM : 2010-A-0066 - Multiple Vulnerabilities in VMware Products Severity : Category I - VMSKEY : V0023997
2010-04-08	IAVM : 2010-B-0028 - Multiple Vulnerabilities in VMware WebAccess Severity : Category II - VMSKEY : V0023906
2009-04-09	IAVM : 2009-B-0015 - Multiple Vulnerabilities in VMware Severity : Category I - VMSKEY : V0018638
2008-07-17	IAVM : 2008-A-0045 - DNS Protocol Cache Poisoning Vulnerability Severity : Category I - VMSKEY : V0016170

Snort® IPS/IDS

Date	Description
2014-12-23	Microsoft and libpng multiple products PNG large image width overflow attempt RuleID : 32889-community - Revision : 2 - Type : FILE-IMAGE
2015-01-23	Microsoft and libpng multiple products PNG large image width overflow attempt RuleID : 32889 - Revision : 2 - Type : FILE-IMAGE
2014-01-10	Microsoft Multiple Products PNG large image height download attempt RuleID : 3133-community - Revision : 15 - Type : FILE-IMAGE
2014-01-10	Microsoft Multiple Products PNG large image height download attempt RuleID : 3133 - Revision : 15 - Type : FILE-IMAGE
2014-01-10	Microsoft and libpng multiple products PNG large image width overflow attempt RuleID : 3132-community - Revision : 15 - Type : FILE-IMAGE
2014-01-10	Microsoft and libpng multiple products PNG large image width overflow attempt RuleID : 3132 - Revision : 15 - Type : FILE-IMAGE
2014-01-10	VMWare Remote Console format string code execution attempt RuleID : 27658 - Revision : 3 - Type : BROWSER-PLUGINS
2014-01-10	VMWare Remote Console format string code execution attempt RuleID : 27657 - Revision : 3 - Type : BROWSER-PLUGINS
2014-01-10	VMWare Remote Console format string code execution attempt RuleID : 27656 - Revision : 4 - Type : BROWSER-PLUGINS
2014-01-10	PcVue SVUIGrd.ocx ActiveX function call access RuleID : 27112 - Revision : 5 - Type : BROWSER-PLUGINS
2014-01-10	PcVue SVUIGrd.ocx ActiveX clsid access RuleID : 27111 - Revision : 5 - Type : BROWSER-PLUGINS
2014-01-10	VMWare authorization service user credential parsing DoS attempt RuleID : 20058 - Revision : 4 - Type : SERVER-OTHER
2014-01-10	VMWare Remote Console format string code execution attempt RuleID : 18097 - Revision : 14 - Type : BROWSER-PLUGINS
2014-01-10	Adobe .pfb file download request RuleID : 16552 - Revision : 13 - Type : FILE-IDENTIFY
2014-01-10	Microsoft Windows DNS server spoofing attempt RuleID : 16206 - Revision : 12 - Type : OS-WINDOWS
2014-01-10	libpng malformed chunk denial of service attempt RuleID : 14772 - Revision : 7 - Type : FILE-IMAGE
2014-01-10	excessive outbound NXDOMAIN replies - possible spoof of domain run by local D... RuleID : 13949 - Revision : 17 - Type : PROTOCOL-DNS
2014-01-10	large number of NXDOMAIN replies - possible DNS cache poisoning RuleID : 13948 - Revision : 13 - Type : PROTOCOL-DNS
2014-01-10	dns cache poisoning attempt RuleID : 13667 - Revision : 19 - Type : PROTOCOL-DNS

Nessus® Vulnerability Scanner

Date	Description
2017-04-21	Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2017-0066.nasl - Type : ACT_GATHER_INFO
2016-03-08	Name : The remote VMware ESX host is missing a security-related patch. File : vmware_VMSA-2010-0007_remote.nasl - Type : ACT_GATHER_INFO
2014-12-15	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201412-08.nasl - Type : ACT_GATHER_INFO
2014-12-15	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201412-11.nasl - Type : ACT_GATHER_INFO
2014-11-26	Name : The remote OracleVM host is missing a security update. File : oraclevm_OVMSA-2009-0012.nasl - Type : ACT_GATHER_INFO
2014-11-26	Name : The remote OracleVM host is missing a security update. File : oraclevm_OVMSA-2009-0022.nasl - Type : ACT_GATHER_INFO
2014-10-10	Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL8938.nasl - Type : ACT_GATHER_INFO
2014-10-10	Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL9988.nasl - Type : ACT_GATHER_INFO
2014-03-05	Name : The DNS server running on the remote host is vulnerable to DNS spoofing attacks. File : ms_dns_kb951746.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-0992.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0533.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0556.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2008-0789.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-0315.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-0325.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-0329.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-0333.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-0340.nasl - Type : ACT_GATHER_INFO
2012-10-01	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201209-25.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20071023_libpng_on_SL3.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20071023_libpng_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20071129_cairo_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080620_freetype_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080711_bind_on_SL_3_0_x.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing a security update. File : sl_20080811_dnsmasq_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090304_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090304_libpng_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090304_seamonkey_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090522_freetype_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2011-09-21	Name : The remote VMware ESX host is missing a security-related patch. File : vmware_VMSA-2010-0007.nasl - Type : ACT_GATHER_INFO
2011-06-06	Name : The remote host has a virtualization application affected by multiple vulnera... File : macosx_fusion_3_1_3.nasl - Type : ACT_GATHER_INFO
2011-05-28	Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2008-191-02.nasl - Type : ACT_GATHER_INFO
2010-09-01	Name : The remote device is missing a vendor-supplied security patch. File : cisco-sa-20080708-dnshttp.nasl - Type : ACT_GATHER_INFO
2010-09-01	Name : The remote device is missing a vendor-supplied security patch. File : cisco-sa-20080924-iosipshttp.nasl - Type : ACT_GATHER_INFO
2010-04-15	Name : The remote host has a virtualization application affected by multiple vulnera... File : vmware_multiple_vmsa_2010_0007.nasl - Type : ACT_GATHER_INFO
2010-02-24	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1830.nasl - Type : ACT_GATHER_INFO
2010-02-17	Name : A web application on the remote host has a directory traversal vulnerability. File : vmware_dir_traversal_vmsa_2009_0015.nasl - Type : ACT_ATTACK
2010-01-06	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-0333.nasl - Type : ACT_GATHER_INFO
2009-10-29	Name : The remote host has a virtualization application affected by a privilege esca... File : vmware_multiple_vmsa_2009_0015.nasl - Type : ACT_GATHER_INFO
2009-10-28	Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2009-0015.nasl - Type : ACT_GATHER_INFO
2009-09-24	Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_11956.nasl - Type : ACT_GATHER_INFO
2009-09-24	Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12197.nasl - Type : ACT_GATHER_INFO
2009-09-24	Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12353.nasl - Type : ACT_GATHER_INFO
2009-09-24	Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12358.nasl - Type : ACT_GATHER_INFO
2009-09-24	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_MozillaFirefox-090319.nasl - Type : ACT_GATHER_INFO
2009-09-24	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libpng-090317.nasl - Type : ACT_GATHER_INFO
2009-09-24	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_MozillaFirefox-6187.nasl - Type : ACT_GATHER_INFO
2009-09-24	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_libpng-6003.nasl - Type : ACT_GATHER_INFO
2009-09-24	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_libpng-6024.nasl - Type : ACT_GATHER_INFO
2009-08-05	Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_10_5_8.nasl - Type : ACT_GATHER_INFO
2009-08-05	Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2009-003.nasl - Type : ACT_GATHER_INFO
2009-07-27	Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2008-0009.nasl - Type : ACT_GATHER_INFO
2009-07-27	Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2008-0014.nasl - Type : ACT_GATHER_INFO
2009-07-27	Name : The remote VMware ESXi / ESX host is missing a security-related patch. File : vmware_VMSA-2008-0018.nasl - Type : ACT_GATHER_INFO
2009-07-27	Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2008-0019.nasl - Type : ACT_GATHER_INFO
2009-07-27	Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2009-0005.nasl - Type : ACT_GATHER_INFO
2009-07-27	Name : The remote VMware ESXi / ESX host is missing a security-related patch. File : vmware_VMSA-2009-0006.nasl - Type : ACT_GATHER_INFO
2009-07-27	Name : The remote VMware ESX host is missing a security-related patch. File : vmware_VMSA-2009-0007.nasl - Type : ACT_GATHER_INFO
2009-07-21	Name : The remote openSUSE host is missing a security update. File : suse_11_0_MozillaFirefox-090312.nasl - Type : ACT_GATHER_INFO
2009-07-21	Name : The remote openSUSE host is missing a security update. File : suse_11_0_bind-080708.nasl - Type : ACT_GATHER_INFO
2009-07-21	Name : The remote openSUSE host is missing a security update. File : suse_11_0_dnsmasq-080813.nasl - Type : ACT_GATHER_INFO
2009-07-21	Name : The remote openSUSE host is missing a security update. File : suse_11_0_libpng-devel-090217.nasl - Type : ACT_GATHER_INFO
2009-07-21	Name : The remote openSUSE host is missing a security update. File : suse_11_0_libpng-devel-090225.nasl - Type : ACT_GATHER_INFO
2009-07-21	Name : The remote openSUSE host is missing a security update. File : suse_11_0_seamonkey-090617.nasl - Type : ACT_GATHER_INFO
2009-07-21	Name : The remote openSUSE host is missing a security update. File : suse_11_1_MozillaFirefox-090312.nasl - Type : ACT_GATHER_INFO
2009-07-21	Name : The remote openSUSE host is missing a security update. File : suse_11_1_libpng-devel-090217.nasl - Type : ACT_GATHER_INFO
2009-07-21	Name : The remote openSUSE host is missing a security update. File : suse_11_1_libpng-devel-090225.nasl - Type : ACT_GATHER_INFO
2009-07-21	Name : The remote openSUSE host is missing a security update. File : suse_11_1_seamonkey-090617.nasl - Type : ACT_GATHER_INFO
2009-06-19	Name : The remote openSUSE host is missing a security update. File : suse_seamonkey-6310.nasl - Type : ACT_GATHER_INFO
2009-06-09	Name : The remote host contains a web browser that is affected by several vulnerabil... File : safari_4.0.nasl - Type : ACT_GATHER_INFO
2009-05-23	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-0329.nasl - Type : ACT_GATHER_INFO
2009-05-23	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-0329.nasl - Type : ACT_GATHER_INFO
2009-05-13	Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_10_5_7.nasl - Type : ACT_GATHER_INFO
2009-04-23	Name : The remote Fedora host is missing a security update. File : fedora_2009-1976.nasl - Type : ACT_GATHER_INFO
2009-04-23	Name : The remote Fedora host is missing a security update. File : fedora_2009-2112.nasl - Type : ACT_GATHER_INFO
2009-04-23	Name : The remote Fedora host is missing a security update. File : fedora_2009-2131.nasl - Type : ACT_GATHER_INFO
2009-04-23	Name : The remote Fedora host is missing a security update. File : fedora_2009-2882.nasl - Type : ACT_GATHER_INFO
2009-04-23	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-019.nasl - Type : ACT_GATHER_INFO
2009-04-23	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-121.nasl - Type : ACT_GATHER_INFO
2009-04-23	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-139.nasl - Type : ACT_GATHER_INFO
2009-04-23	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-051.nasl - Type : ACT_GATHER_INFO
2009-04-23	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-075.nasl - Type : ACT_GATHER_INFO
2009-04-23	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-083.nasl - Type : ACT_GATHER_INFO
2009-04-23	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-643-1.nasl - Type : ACT_GATHER_INFO
2009-04-23	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-651-1.nasl - Type : ACT_GATHER_INFO
2009-04-23	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-728-1.nasl - Type : ACT_GATHER_INFO
2009-04-23	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-730-1.nasl - Type : ACT_GATHER_INFO
2009-04-21	Name : The remote openSUSE host is missing a security update. File : suse_MozillaFirefox-6194.nasl - Type : ACT_GATHER_INFO
2009-04-09	Name : The remote host has an application that is affected by multiple issues. File : vmware_multiple_vmsa_2009_0005.nasl - Type : ACT_GATHER_INFO
2009-03-25	Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2009-083-02.nasl - Type : ACT_GATHER_INFO
2009-03-25	Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2009-083-03.nasl - Type : ACT_GATHER_INFO
2009-03-23	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1750.nasl - Type : ACT_GATHER_INFO
2009-03-22	Name : The remote Fedora host is missing a security update. File : fedora_2009-2884.nasl - Type : ACT_GATHER_INFO
2009-03-20	Name : The remote Windows host contains a mail client that is affected by multiple v... File : mozilla_thunderbird_20021.nasl - Type : ACT_GATHER_INFO
2009-03-20	Name : A web browser on the remote host is affected by multiple vulnerabilities. File : seamonkey_1115.nasl - Type : ACT_GATHER_INFO
2009-03-16	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200903-28.nasl - Type : ACT_GATHER_INFO
2009-03-10	Name : The remote Fedora host is missing a security update. File : fedora_2009-2045.nasl - Type : ACT_GATHER_INFO
2009-03-08	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-0315.nasl - Type : ACT_GATHER_INFO
2009-03-06	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-0325.nasl - Type : ACT_GATHER_INFO
2009-03-05	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-0340.nasl - Type : ACT_GATHER_INFO
2009-03-05	Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_ea2411a408e811deb88a0022157515b2.nasl - Type : ACT_GATHER_INFO
2009-03-05	Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_307.nasl - Type : ACT_GATHER_INFO
2009-03-05	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-0315.nasl - Type : ACT_GATHER_INFO
2009-03-05	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-0325.nasl - Type : ACT_GATHER_INFO
2009-03-05	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-0333.nasl - Type : ACT_GATHER_INFO
2009-03-05	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-0340.nasl - Type : ACT_GATHER_INFO
2009-02-27	Name : The remote Fedora host is missing a security update. File : fedora_2009-2128.nasl - Type : ACT_GATHER_INFO
2009-02-27	Name : The remote openSUSE host is missing a security update. File : suse_libpng-6021.nasl - Type : ACT_GATHER_INFO
2009-02-24	Name : The remote openSUSE host is missing a security update. File : suse_libpng-6001.nasl - Type : ACT_GATHER_INFO
2009-02-23	Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2009-051-01.nasl - Type : ACT_GATHER_INFO
2009-02-17	Name : The remote Fedora host is missing a security update. File : fedora_2009-1069.nasl - Type : ACT_GATHER_INFO
2009-02-13	Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2009-001.nasl - Type : ACT_GATHER_INFO
2009-01-12	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200901-03.nasl - Type : ACT_GATHER_INFO
2008-12-17	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200812-17.nasl - Type : ACT_GATHER_INFO
2008-12-01	Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2008-334-01.nasl - Type : ACT_GATHER_INFO
2008-11-19	Name : The remote Windows host has an application that is affected by multiple vulne... File : vmware_multiple_vmsa_2008_0018.nasl - Type : ACT_GATHER_INFO
2008-10-10	Name : The remote Fedora host is missing a security update. File : fedora_2008-8738.nasl - Type : ACT_GATHER_INFO
2008-09-16	Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_10_5_5.nasl - Type : ACT_GATHER_INFO
2008-09-16	Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2008-006.nasl - Type : ACT_GATHER_INFO
2008-09-11	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1635.nasl - Type : ACT_GATHER_INFO
2008-09-05	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200809-02.nasl - Type : ACT_GATHER_INFO
2008-08-17	Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_959d384d6b5911dd9d79001fc61c2a55.nasl - Type : ACT_GATHER_INFO
2008-08-15	Name : The remote openSUSE host is missing a security update. File : suse_dnsmasq-5512.nasl - Type : ACT_GATHER_INFO
2008-08-12	Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHNE_37865.nasl - Type : ACT_GATHER_INFO
2008-08-12	Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2008-0789.nasl - Type : ACT_GATHER_INFO
2008-08-01	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1623.nasl - Type : ACT_GATHER_INFO
2008-08-01	Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2008-005.nasl - Type : ACT_GATHER_INFO
2008-07-28	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1617.nasl - Type : ACT_GATHER_INFO
2008-07-28	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1619.nasl - Type : ACT_GATHER_INFO
2008-07-24	Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2008-205-01.nasl - Type : ACT_GATHER_INFO
2008-07-23	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-627-1.nasl - Type : ACT_GATHER_INFO
2008-07-15	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200807-08.nasl - Type : ACT_GATHER_INFO
2008-07-15	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_bind-5409.nasl - Type : ACT_GATHER_INFO
2008-07-15	Name : The remote openSUSE host is missing a security update. File : suse_bind-5410.nasl - Type : ACT_GATHER_INFO
2008-07-10	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0533.nasl - Type : ACT_GATHER_INFO
2008-07-10	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1603.nasl - Type : ACT_GATHER_INFO
2008-07-10	Name : The remote Fedora host is missing a security update. File : fedora_2008-6256.nasl - Type : ACT_GATHER_INFO
2008-07-10	Name : The remote Fedora host is missing a security update. File : fedora_2008-6281.nasl - Type : ACT_GATHER_INFO
2008-07-10	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0533.nasl - Type : ACT_GATHER_INFO
2008-07-10	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-622-1.nasl - Type : ACT_GATHER_INFO
2008-07-09	Name : The remote name resolver (or the server it uses upstream) is affected by a DN... File : dns_non_random_source_ports.nasl - Type : ACT_GATHER_INFO
2008-07-08	Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_4fb43b2f46a911dd9d3800163e000016.nasl - Type : ACT_GATHER_INFO
2008-07-08	Name : The remote host is vulnerable to DNS spoofing attacks. File : smb_nt_ms08-037.nasl - Type : ACT_GATHER_INFO
2008-06-24	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0556.nasl - Type : ACT_GATHER_INFO
2008-06-24	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200806-10.nasl - Type : ACT_GATHER_INFO
2008-06-24	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0556.nasl - Type : ACT_GATHER_INFO
2008-06-24	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0558.nasl - Type : ACT_GATHER_INFO
2008-06-19	Name : The remote Fedora host is missing a security update. File : fedora_2008-5425.nasl - Type : ACT_GATHER_INFO
2008-06-19	Name : The remote Fedora host is missing a security update. File : fedora_2008-5430.nasl - Type : ACT_GATHER_INFO
2008-06-09	Name : The remote Windows host has an application that is affected by multiple issues. File : vmware_multiple_vmsa_2008_0009.nasl - Type : ACT_GATHER_INFO
2008-06-09	Name : The remote host contains an application that is affected by multiple buffer o... File : vmware_vix_api_buffer_overflow.nasl - Type : ACT_GATHER_INFO
2008-06-03	Name : The remote Windows host has an application that is affected by multiple issues. File : vmware_multiple_vmsa_2008_0008.nasl - Type : ACT_GATHER_INFO
2008-05-29	Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_10_5_3.nasl - Type : ACT_GATHER_INFO
2008-05-29	Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2008-003.nasl - Type : ACT_GATHER_INFO
2008-04-17	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1542.nasl - Type : ACT_GATHER_INFO
2008-04-02	Name : The remote Windows host has an application that is affected by multiple issues. File : vmware_multiple_vmsa_2008_0005.nasl - Type : ACT_GATHER_INFO
2008-03-19	Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2008-002.nasl - Type : ACT_GATHER_INFO
2008-03-04	Name : The remote host is missing Sun Security Patch number 137080-11 File : solaris10_137080.nasl - Type : ACT_GATHER_INFO
2008-03-04	Name : The remote host is missing Sun Security Patch number 137081-11 File : solaris10_x86_137081.nasl - Type : ACT_GATHER_INFO
2008-02-06	Name : The remote openSUSE host is missing a security update. File : suse_cairo-4947.nasl - Type : ACT_GATHER_INFO
2008-02-06	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_cairo-4961.nasl - Type : ACT_GATHER_INFO
2008-01-21	Name : The remote Fedora host is missing a security update. File : fedora_2007-3818.nasl - Type : ACT_GATHER_INFO
2007-12-13	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_libpng-4627.nasl - Type : ACT_GATHER_INFO
2007-12-11	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200712-04.nasl - Type : ACT_GATHER_INFO
2007-12-04	Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2007-337-01.nasl - Type : ACT_GATHER_INFO
2007-12-04	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-550-1.nasl - Type : ACT_GATHER_INFO
2007-11-30	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-1078.nasl - Type : ACT_GATHER_INFO
2007-11-26	Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2007-325-01.nasl - Type : ACT_GATHER_INFO
2007-11-26	Name : The remote openSUSE host is missing a security update. File : suse_libpng-4628.nasl - Type : ACT_GATHER_INFO
2007-11-14	Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-217.nasl - Type : ACT_GATHER_INFO
2007-11-10	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-538-1.nasl - Type : ACT_GATHER_INFO
2007-11-08	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200711-08.nasl - Type : ACT_GATHER_INFO
2007-11-06	Name : The remote Fedora host is missing a security update. File : fedora_2007-2521.nasl - Type : ACT_GATHER_INFO
2007-11-06	Name : The remote Fedora host is missing a security update. File : fedora_2007-2666.nasl - Type : ACT_GATHER_INFO
2007-11-06	Name : The remote Fedora Core host is missing a security update. File : fedora_2007-734.nasl - Type : ACT_GATHER_INFO
2007-10-25	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0992.nasl - Type : ACT_GATHER_INFO
2007-10-25	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0992.nasl - Type : ACT_GATHER_INFO
2007-10-17	Name : The remote host is missing Sun Security Patch number 114265-23 File : solaris9_x86_114265.nasl - Type : ACT_GATHER_INFO
2007-10-12	Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_172acf78780c11dcb3f40016179b2dd5.nasl - Type : ACT_GATHER_INFO
2007-09-25	Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHNE_36973.nasl - Type : ACT_GATHER_INFO
2007-09-25	Name : The remote host is missing Sun Security Patch number 112837-24 File : solaris9_112837.nasl - Type : ACT_GATHER_INFO
2004-07-12	Name : The remote host is missing Sun Security Patch number 109326-24 File : solaris8_109326.nasl - Type : ACT_GATHER_INFO
2004-07-12	Name : The remote host is missing Sun Security Patch number 109327-24 File : solaris8_x86_109327.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2014-02-17 11:37:37	Multiple Updates

Global Informations

Type	Count
Capec ID(s)	1
CWE ID(s)	35
Oval ID(s)	56
CPE ID(s)	892
osvdb(s)	59
ExploitDB Exploit(s)	6
Openvas Exploit(s)	164
IAVM(s)	4
Snort® Rule(s)	19
Nessus® Exploit(s)	183

	Related
10	CVE-2009-3732
10	CVE-2008-1392
9.3	CVE-2011-3868
9.3	CVE-2009-0909
8.5	CVE-2010-1142
8.5	CVE-2010-1141
7.8	CVE-2008-1364
7.5	CVE-2008-1808
7.5	CVE-2008-1807
7.5	CVE-2008-1806
7.2	CVE-2010-1139
7.2	CVE-2008-4917
7.2	CVE-2008-2100
7.2	CVE-2008-1363
7.2	CVE-2008-1362
7.1	CVE-2008-1340
6.9	CVE-2010-1140
6.9	CVE-2009-2267
6.9	CVE-2008-4915
6.9	CVE-2008-2098
6.9	CVE-2008-0967
6.8	CVE-2009-1244
6.8	CVE-2009-0910
6.8	CVE-2009-0040
6.8	CVE-2008-1447
6.8	CVE-2008-1361
6.8	CVE-2007-5503
5	CVE-2010-1138
5	CVE-2009-4811
5	CVE-2009-3733
5	CVE-2009-3707
5	CVE-2007-5269
4.6	CVE-2008-4916
4.4	CVE-2007-5671
4.3	CVE-2010-1143
4.3	CVE-2010-1137
2.1	CVE-2008-2101
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 37 more Alert(s)