Executive Summary
This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
| Summary | |
|---|---|
| Title | IcedTea JDK: Multiple vulnerabilities |
| Informations | |||
|---|---|---|---|
| Name | GLSA-201406-32 | First vendor Publication | 2014-06-29 |
| Vendor | Gentoo | Last vendor Modification | 2014-06-29 |
| Severity (Vendor) | High | Revision | N/A |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 10 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Synopsis Multiple vulnerabilities have been found in the IcedTea JDK, the worst of which could lead to arbitrary code execution. Background Description Impact Workaround Resolution References Availability http://security.gentoo.org/glsa/glsa-201406-32.xml |
Original Source
| Url : http://security.gentoo.org/glsa/glsa-201406-32.xml |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 18 % | CWE-200 | Information Exposure |
| 18 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 12 % | CWE-264 | Permissions, Privileges, and Access Controls |
| 12 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
| 12 % | CWE-20 | Improper Input Validation |
| 6 % | CWE-326 | Inadequate Encryption Strength |
| 6 % | CWE-310 | Cryptographic Issues |
| 6 % | CWE-295 | Certificate Issues |
| 6 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
| 6 % | CWE-59 | Improper Link Resolution Before File Access ('Link Following') |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:10088 | |||
| Oval ID: | oval:org.mitre.oval:def:10088 | ||
| Title: | The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue. | ||
| Description: | The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-3555 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11268 | |||
| Oval ID: | oval:org.mitre.oval:def:11268 | ||
| Title: | Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions | ||
| Description: | Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to the modification of "behavior and state of certain JDK classes" and "mutable static." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3557 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11330 | |||
| Oval ID: | oval:org.mitre.oval:def:11330 | ||
| Title: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 and earlier versions | ||
| Description: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3551 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11578 | |||
| Oval ID: | oval:org.mitre.oval:def:11578 | ||
| Title: | Security Vulnerability in the Transport Layer Security (TLS) and Secure Sockets Layer 3.0 (SSLv3) Protocols Involving Handshake Renegotiation Affects OpenSSL | ||
| Description: | The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-3555 | Version: | 3 |
| Platform(s): | Sun Solaris 10 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11617 | |||
| Oval ID: | oval:org.mitre.oval:def:11617 | ||
| Title: | AIX OpenSSL session renegotiation vulnerability | ||
| Description: | The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-3555 | Version: | 3 |
| Platform(s): | IBM AIX 5.2 IBM AIX 5.3 IBM AIX 6.1 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11649 | |||
| Oval ID: | oval:org.mitre.oval:def:11649 | ||
| Title: | DEPRECATED: Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions | ||
| Description: | Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to unsafe reflection involving the UIDefault.ProxyLazyValue class. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3553 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11714 | |||
| Oval ID: | oval:org.mitre.oval:def:11714 | ||
| Title: | Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, and 5.0 Update 25 and earlier versions | ||
| Description: | Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to a calculation error in right-to-left text character counts for the ICU OpenType font rendering implementation, which triggers an out-of-bounds memory access. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3567 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11798 | |||
| Oval ID: | oval:org.mitre.oval:def:11798 | ||
| Title: | Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions | ||
| Description: | Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to unsafe reflection involving the UIDefault.ProxyLazyValue class. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3553 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11876 | |||
| Oval ID: | oval:org.mitre.oval:def:11876 | ||
| Title: | DEPRECATED: Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, and 5.0 Update 25 and earlier versions | ||
| Description: | Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to a calculation error in right-to-left text character counts for the ICU OpenType font rendering implementation, which triggers an out-of-bounds memory access. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3567 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11893 | |||
| Oval ID: | oval:org.mitre.oval:def:11893 | ||
| Title: | Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions | ||
| Description: | Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is a double free vulnerability in IndexColorModel that allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3562 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11990 | |||
| Oval ID: | oval:org.mitre.oval:def:11990 | ||
| Title: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21 and earlier versions | ||
| Description: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to missing validation of request headers in the HttpURLConnection class when they are set by applets, which allows remote attackers to bypass the intended security policy. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3573 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12029 | |||
| Oval ID: | oval:org.mitre.oval:def:12029 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 and earlier versions | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is a race condition related to deserialization. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3568 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12040 | |||
| Oval ID: | oval:org.mitre.oval:def:12040 | ||
| Title: | DEPRECATED: Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update and 25 and earlier versions | ||
| Description: | Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update and 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow that leads to a buffer overflow via a crafted devs (device information) tag structure in a color profile. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3566 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12180 | |||
| Oval ID: | oval:org.mitre.oval:def:12180 | ||
| Title: | Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 and earlier versions | ||
| Description: | Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow that triggers memory corruption via large values in a subsample of a JPEG image, related to JPEGImageWriter.writeImage in the imageio API. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3565 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12189 | |||
| Oval ID: | oval:org.mitre.oval:def:12189 | ||
| Title: | Unspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions | ||
| Description: | Unspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to "permissions granted to certain system objects." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3554 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12200 | |||
| Oval ID: | oval:org.mitre.oval:def:12200 | ||
| Title: | Unspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update and 25 and earlier versions | ||
| Description: | Unspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this involves the use of the privileged accept method in the ServerSocket class, which does not limit which hosts can connect and allows remote attackers to bypass intended network access restrictions. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3561 | Version: | 8 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12225 | |||
| Oval ID: | oval:org.mitre.oval:def:12225 | ||
| Title: | Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update and 25 and earlier versions | ||
| Description: | Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update and 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow that leads to a buffer overflow via a crafted devs (device information) tag structure in a color profile. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3566 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12226 | |||
| Oval ID: | oval:org.mitre.oval:def:12226 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 and earlier versions | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this allows remote attackers to execute arbitrary code by causing the defaultReadObject method in the Serialization API to set a volatile field multiple times. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3569 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12229 | |||
| Oval ID: | oval:org.mitre.oval:def:12229 | ||
| Title: | DEPRECATED: Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions | ||
| Description: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3574 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12274 | |||
| Oval ID: | oval:org.mitre.oval:def:12274 | ||
| Title: | DEPRECATED: Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21 and earlier versions | ||
| Description: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to missing validation of request headers in the HttpURLConnection class when they are set by applets, which allows remote attackers to bypass the intended security policy. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3573 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12328 | |||
| Oval ID: | oval:org.mitre.oval:def:12328 | ||
| Title: | DEPRECATED: Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions | ||
| Description: | Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is a double free vulnerability in IndexColorModel that allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3562 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12367 | |||
| Oval ID: | oval:org.mitre.oval:def:12367 | ||
| Title: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions | ||
| Description: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3574 | Version: | 11 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12459 | |||
| Oval ID: | oval:org.mitre.oval:def:12459 | ||
| Title: | DEPRECATED: Unspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update and 25 and earlier versions | ||
| Description: | Unspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this involves the use of the privileged accept method in the ServerSocket class, which does not limit which hosts can connect and allows remote attackers to bypass intended network access restrictions. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3561 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12484 | |||
| Oval ID: | oval:org.mitre.oval:def:12484 | ||
| Title: | DEPRECATED: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 and earlier versions | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this allows remote attackers to execute arbitrary code by causing the defaultReadObject method in the Serialization API to set a volatile field multiple times. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3569 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12488 | |||
| Oval ID: | oval:org.mitre.oval:def:12488 | ||
| Title: | DEPRECATED: Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 and earlier versions | ||
| Description: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3551 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12518 | |||
| Oval ID: | oval:org.mitre.oval:def:12518 | ||
| Title: | DEPRECATED: Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions | ||
| Description: | Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to the modification of "behavior and state of certain JDK classes" and "mutable static." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3557 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12531 | |||
| Oval ID: | oval:org.mitre.oval:def:12531 | ||
| Title: | DEPRECATED: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 and earlier versions | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is a race condition related to deserialization. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3568 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12571 | |||
| Oval ID: | oval:org.mitre.oval:def:12571 | ||
| Title: | DEPRECATED: Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 and earlier versions | ||
| Description: | Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow that triggers memory corruption via large values in a subsample of a JPEG image, related to JPEGImageWriter.writeImage in the imageio API. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3565 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12597 | |||
| Oval ID: | oval:org.mitre.oval:def:12597 | ||
| Title: | DEPRECATED: Unspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions | ||
| Description: | Unspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to "permissions granted to certain system objects." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3554 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12879 | |||
| Oval ID: | oval:org.mitre.oval:def:12879 | ||
| Title: | DSA-2161-1 openjdk-6 -- denial of service | ||
| Description: | It was discovered that the floating point parser in OpenJDK, an implementation of the Java platform, can enter an infinite loop when processing certain input strings. Such input strings represent valid numbers and can be contained in data supplied by an attacker over the network, leading to a denial-of-service attack. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2161-1 CVE-2010-4476 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | openjdk-6 |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:13043 | |||
| Oval ID: | oval:org.mitre.oval:def:13043 | ||
| Title: | DSA-2224-1 openjdk-6 -- several | ||
| Description: | Several security vulnerabilities were discovered in OpenJDK, an implementation of the Java platform. CVE-2010-4351 The JNLP SecurityManager returns from the checkPermission method instead of throwing an exception in certain circumstances, which might allow context-dependent attackers to bypass the intended security policy by creating instances of ClassLoader. CVE-2010-4448 Malicious applets can perform DNS cache poisoning. CVE-2010-4450 An empty LD_LIBRARY_PATH environment variable results in a misconstructed library search path, resulting in code execution from possibly untrusted sources. CVE-2010-4465 Malicious applets can extend their privileges by abusing Swing timers. CVE-2010-4469 The Hotspot just-in-time compiler miscompiles crafted byte sequences, resulting in heap corruption. CVE-2010-4470 JAXP can be exploited by untrusted code to elevate privileges. CVE-2010-4471 Java2D can be exploited by untrusted code to elevate privileges. CVE-2010-4472 Untrusted code can replace the XML DSIG implementation. CVE-2011-0025 Signatures on JAR files are not properly verified, which allows remote attackers to trick users into executing code that appears to come from a trusted source. CVE-2011-0706 The JNLPClassLoader class allows remote attackers to gain privileges via unknown vectors related to multiple signers and the assignment of "an inappropriate security descriptor In addition, this security update contains stability fixes, such as switching to the recommended Hotspot version for this particular version of OpenJDK. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2224-1 CVE-2010-4351 CVE-2010-4448 CVE-2010-4450 CVE-2010-4465 CVE-2010-4469 CVE-2010-4470 CVE-2010-4471 CVE-2010-4472 CVE-2011-0025 CVE-2011-0706 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | openjdk-6 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13085 | |||
| Oval ID: | oval:org.mitre.oval:def:13085 | ||
| Title: | USN-927-1 -- nss vulnerability | ||
| Description: | Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user�s session. This update adds support for the new new renegotiation extension and will use it when the server supports it. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-927-1 CVE-2009-3555 | Version: | 5 |
| Platform(s): | Ubuntu 9.10 | Product(s): | nss |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13241 | |||
| Oval ID: | oval:org.mitre.oval:def:13241 | ||
| Title: | USN-1079-1 -- openjdk-6 vulnerabilities | ||
| Description: | It was discovered that untrusted Java applets could create domain name resolution cache entries, allowing an attacker to manipulate name resolution within the JVM. It was discovered that the Java launcher did not did not properly setup the LD_LIBRARY_PATH environment variable. A local attacker could exploit this to execute arbitrary code as the user invoking the program. It was discovered that within the Swing library, forged timer events could allow bypass of SecurityManager checks. This could allow an attacker to access restricted resources. It was discovered that certain bytecode combinations confused memory management within the HotSpot JVM. This could allow an attacker to cause a denial of service through an application crash or possibly inject code. It was discovered that the way JAXP components were handled allowed them to be manipulated by untrusted applets. An attacker could use this to bypass XML processing restrictions and elevate privileges. It was discovered that the Java2D subcomponent, when processing broken CFF fonts could leak system properties. It was discovered that a flaw in the XML Digital Signature component could allow an attacker to cause untrusted code to replace the XML Digital Signature Transform or C14N algorithm implementations. Konstantin Preißer and others discovered that specific double literals were improperly handled, allowing a remote attacker to cause a denial of service. It was discovered that the JNLPClassLoader class when handling multiple signatures allowed remote attackers to gain privileges due to the assignment of an inappropriate security descriptor | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1079-1 CVE-2010-4448 CVE-2010-4450 CVE-2010-4465 CVE-2010-4469 CVE-2010-4470 CVE-2010-4471 CVE-2010-4472 CVE-2010-4476 CVE-2011-0706 | Version: | 5 |
| Platform(s): | Ubuntu 10.10 Ubuntu 9.10 Ubuntu 10.04 | Product(s): | openjdk-6 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13305 | |||
| Oval ID: | oval:org.mitre.oval:def:13305 | ||
| Title: | USN-1010-1 -- openjdk-6, openjdk-6b18 vulnerabilities | ||
| Description: | Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user�s session. USN-923-1 disabled SSL/TLS renegotiation by default; this update implements the TLS Renegotiation Indication Extension as defined in RFC 5746, and thus supports secure renegotiation between updated clients and servers. It was discovered that the HttpURLConnection class did not validate request headers set by java applets, which could allow an attacker to trigger actions otherwise not allowed to HTTP clients. It was discovered that JNDI could leak information that would allow an attacker to access information about otherwise-protected internal network names. It was discovered that HttpURLConnection improperly handled the "chunked" transfer encoding method, which could allow attackers to conduct HTTP response splitting attacks. It was discovered that the NetworkInterface class improperly checked the network "connect" permissions for local network addresses. This could allow an attacker to read local network addresses. It was discovered that UIDefault.ProxyLazyValue had unsafe reflection usage, allowing an attacker to create objects. It was discovered that multiple flaws in the CORBA reflection implementation could allow an attacker to execute arbitrary code by misusing permissions granted to certain system objects. It was discovered that unspecified flaws in the Swing library could allow untrusted applications to modify the behavior and state of certain JDK classes. It was discovered that the privileged accept method of the ServerSocket class in the CORBA implementation allowed it to receive connections from any host, instead of just the host of the current connection. An attacker could use this flaw to bypass restrictions defined by network permissions. It was discovered that there exists a double free in java�s indexColorModel that could allow an attacker to cause an applet or application to crash, or possibly execute arbitrary code with the privilege of the user running the java applet or application. It was discovered that the Kerberos implementation improperly checked AP-REQ requests, which could allow an attacker to cause a denial of service against the receiving JVM. It was discovered that improper checks of unspecified image metadata in JPEGImageWriter.writeImage of the imageio API could allow an attacker to execute arbitrary code with the privileges of the user running a java applet or application. It was discovered that an unspecified vulnerability in the ICC profile handling code could allow an attacker to execute arbitrary code with the privileges of the user running a java applet or application. It was discovered that a miscalculation in the OpenType font rendering implementation would allow out-of-bounds memory access. This could allow an attacker to execute arbitrary code with the privileges of the user running a java application. It was discovered that an unspecified race condition in the way objects were deserialized could allow an attacker to cause an applet or application to misuse the privileges of the user running the java applet or application. It was discovered that the defaultReadObject of the Serialization API could be tricked into setting a volatile field multiple times. This could allow an attacker to execute arbitrary code with the privileges of the user running a java applet or application. It was discovered that the HttpURLConnection class did not validate request headers set by java applets, which could allow an attacker to trigger actions otherwise not allowed to HTTP clients. It was discovered that the HttpURLConnection class improperly checked whether the calling code was granted the "allowHttpTrace" permission, allowing an attacker to create HTTP TRACE requests | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1010-1 CVE-2009-3555 CVE-2010-3541 CVE-2010-3548 CVE-2010-3549 CVE-2010-3551 CVE-2010-3553 CVE-2010-3554 CVE-2010-3557 CVE-2010-3561 CVE-2010-3562 CVE-2010-3564 CVE-2010-3565 CVE-2010-3566 CVE-2010-3567 CVE-2010-3568 CVE-2010-3569 CVE-2010-3573 CVE-2010-3574 | Version: | 5 |
| Platform(s): | Ubuntu 8.04 Ubuntu 10.10 Ubuntu 9.10 Ubuntu 10.04 | Product(s): | openjdk-6 openjdk-6b18 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13317 | |||
| Oval ID: | oval:org.mitre.oval:def:13317 | ||
| Title: | Multiple unspecified vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allow remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. | ||
| Description: | Multiple unspecified vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allow remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-0862 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13407 | |||
| Oval ID: | oval:org.mitre.oval:def:13407 | ||
| Title: | USN-1079-3 -- openjdk-6b18 vulnerabilities | ||
| Description: | USN-1079-2 fixed vulnerabilities in OpenJDK 6 for armel architectures in Ubuntu 9.10 and Ubuntu 10.04 LTS. This update fixes vulnerabilities in OpenJDK 6 for armel architectures for Ubuntu 10.10. Original advisory details: It was discovered that untrusted Java applets could create domain name resolution cache entries, allowing an attacker to manipulate name resolution within the JVM. It was discovered that the Java launcher did not did not properly setup the LD_LIBRARY_PATH environment variable. A local attacker could exploit this to execute arbitrary code as the user invoking the program. It was discovered that within the Swing library, forged timer events could allow bypass of SecurityManager checks. This could allow an attacker to access restricted resources. It was discovered that certain bytecode combinations confused memory management within the HotSpot JVM. This could allow an attacker to cause a denial of service through an application crash or possibly inject code. It was discovered that the way JAXP components were handled allowed them to be manipulated by untrusted applets. An attacker could use this to bypass XML processing restrictions and elevate privileges. It was discovered that the Java2D subcomponent, when processing broken CFF fonts could leak system properties. It was discovered that a flaw in the XML Digital Signature component could allow an attacker to cause untrusted code to replace the XML Digital Signature Transform or C14N algorithm implementations. Konstantin Preißer and others discovered that specific double literals were improperly handled, allowing a remote attacker to cause a denial of service. It was discovered that the JNLPClassLoader class when handling multiple signatures allowed remote attackers to gain privileges due to the assignment of an inappropriate security descriptor | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1079-3 CVE-2010-4448 CVE-2010-4450 CVE-2010-4465 CVE-2010-4469 CVE-2010-4470 CVE-2010-4471 CVE-2010-4472 CVE-2010-4476 CVE-2011-0706 | Version: | 5 |
| Platform(s): | Ubuntu 10.10 | Product(s): | openjdk-6b18 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13424 | |||
| Oval ID: | oval:org.mitre.oval:def:13424 | ||
| Title: | USN-990-1 -- openssl vulnerability | ||
| Description: | Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user�s session. This update adds backported support for the new RFC5746 renegotiation extension and will use it when both the client and the server support it. ATTENTION: After applying this update, a patched server will allow both patched and unpatched clients to connect, but unpatched clients will not be able to renegotiate | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-990-1 CVE-2009-3555 | Version: | 5 |
| Platform(s): | Ubuntu 8.04 Ubuntu 10.04 Ubuntu 9.10 Ubuntu 6.06 Ubuntu 9.04 | Product(s): | openssl |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13440 | |||
| Oval ID: | oval:org.mitre.oval:def:13440 | ||
| Title: | USN-927-4 -- nss vulnerability | ||
| Description: | USN-927-1 fixed vulnerabilities in nss in Ubuntu 9.10. This update provides the corresponding updates for Ubuntu 8.04 LTS. Original advisory details: Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user�s session. This update adds support for the new new renegotiation extension and will use it when the server supports it. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-927-4 CVE-2009-3555 | Version: | 5 |
| Platform(s): | Ubuntu 8.04 | Product(s): | nss |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13475 | |||
| Oval ID: | oval:org.mitre.oval:def:13475 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to HotSpot. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to HotSpot. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-3558 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment Java Development Kit |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13532 | |||
| Oval ID: | oval:org.mitre.oval:def:13532 | ||
| Title: | USN-927-6 -- nss vulnerability | ||
| Description: | USN-927-1 fixed vulnerabilities in NSS on Ubuntu 9.10. This update provides the corresponding updates for Ubuntu 9.04. Original advisory details: Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user�s session. This update adds support for the new new renegotiation extension and will use it when the server supports it. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-927-6 CVE-2009-3555 | Version: | 5 |
| Platform(s): | Ubuntu 9.04 | Product(s): | nss |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13623 | |||
| Oval ID: | oval:org.mitre.oval:def:13623 | ||
| Title: | DSA-1934-1 apache2 -- multiple issues | ||
| Description: | A design flaw has been found in the TLS and SSL protocol that allows an attacker to inject arbitrary content at the beginning of a TLS/SSL connection. The attack is related to the way how TLS and SSL handle session renegotiations. CVE-2009-3555 has been assigned to this vulnerability. As a partial mitigation against this attack, this apache2 update disables client-initiated renegotiations. This should fix the vulnerability for the majority of Apache configurations in use. NOTE: This is not a complete fix for the problem. The attack is still possible in configurations where the server initiates the renegotiation. This is the case for the following configurations: - - The "SSLVerifyClient" directive is used in a Directory or Location context. - - The "SSLCipherSuite" directive is used in a Directory or Location context. As a workaround, you may rearrange your configuration in a way that SSLVerifyClient and SSLCipherSuite are only used on the server or virtual host level. A complete fix for the problem will require a protocol change. Further information will be included in a separate announcement about this issue. In addition, this update fixes the following issues in Apache's mod_proxy_ftp: CVE-2009-3094: Insufficient input validation in the mod_proxy_ftp module allowed remote FTP servers to cause a denial of service via a malformed reply to an EPSV command. CVE-2009-3095: Insufficient input validation in the mod_proxy_ftp module allowed remote authenticated attackers to bypass intended access restrictions and send arbitrary FTP commands to an FTP server. For the stable distribution, these problems have been fixed in version 2.2.9-10+lenny6. This version also includes some non-security bug fixes that were scheduled for inclusion in the next stable point release. The oldstable distribution, these problems have been fixed in version 2.2.3-4+etch11. For the testing distribution and the unstable distribution, these problems will be fixed in version 2.2.14-2. This advisory also provides updated apache2-mpm-itk packages which have been recompiled against the new apache2 packages. Updated apache2-mpm-itk packages for the armel architecture are not included yet. They will be released as soon as they become available. We recommend that you upgrade your apache2 and apache2-mpm-itk packages. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1934-1 CVE-2009-3094 CVE-2009-3095 CVE-2009-3555 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 4.0 | Product(s): | apache2 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13639 | |||
| Oval ID: | oval:org.mitre.oval:def:13639 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to HotSpot. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is heap corruption related to the Verifier and "backward jsrs." | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to HotSpot. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is heap corruption related to the Verifier and "backward jsrs." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-4469 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13662 | |||
| Oval ID: | oval:org.mitre.oval:def:13662 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE, 7, 6 Update 27 and earlier, and 5.0 Update 31 earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deserialization. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE, 7, 6 Update 27 and earlier, and 5.0 Update 31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deserialization. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-3521 | Version: | 10 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment Java Development Kit |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13733 | |||
| Oval ID: | oval:org.mitre.oval:def:13733 | ||
| Title: | USN-1079-2 -- openjdk-6b18 vulnerabilities | ||
| Description: | USN-1079-1 fixed vulnerabilities in OpenJDK 6 for non-armel architectures. This update provides the corresponding updates for OpenJDK 6 for use with the armel architectures. In order to build the armel OpenJDK 6 update for Ubuntu 10.04 LTS, it was necessary to rebuild binutils and gcj-4.4 from Ubuntu 10.04 LTS updates. Original advisory details: It was discovered that untrusted Java applets could create domain name resolution cache entries, allowing an attacker to manipulate name resolution within the JVM. It was discovered that the Java launcher did not did not properly setup the LD_LIBRARY_PATH environment variable. A local attacker could exploit this to execute arbitrary code as the user invoking the program. It was discovered that within the Swing library, forged timer events could allow bypass of SecurityManager checks. This could allow an attacker to access restricted resources. It was discovered that certain bytecode combinations confused memory management within the HotSpot JVM. This could allow an attacker to cause a denial of service through an application crash or possibly inject code. It was discovered that the way JAXP components were handled allowed them to be manipulated by untrusted applets. An attacker could use this to bypass XML processing restrictions and elevate privileges. It was discovered that the Java2D subcomponent, when processing broken CFF fonts could leak system properties. It was discovered that a flaw in the XML Digital Signature component could allow an attacker to cause untrusted code to replace the XML Digital Signature Transform or C14N algorithm implementations. Konstantin Preißer and others discovered that specific double literals were improperly handled, allowing a remote attacker to cause a denial of service. It was discovered that the JNLPClassLoader class when handling multiple signatures allowed remote attackers to gain privileges due to the assignment of an inappropriate security descriptor | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1079-2 CVE-2010-4448 CVE-2010-4450 CVE-2010-4465 CVE-2010-4469 CVE-2010-4470 CVE-2010-4471 CVE-2010-4472 CVE-2010-4476 CVE-2011-0706 | Version: | 5 |
| Platform(s): | Ubuntu 9.10 Ubuntu 10.04 | Product(s): | openjdk-6b18 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13947 | |||
| Oval ID: | oval:org.mitre.oval:def:13947 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7 and 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Scripting. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7 and 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Scripting. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-3544 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment Java Development Kit |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13976 | |||
| Oval ID: | oval:org.mitre.oval:def:13976 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Serialization. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Serialization. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-0505 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14034 | |||
| Oval ID: | oval:org.mitre.oval:def:14034 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Swing. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is related to the lack of framework support by AWT event dispatch, and/or "clipboard access in Applets." | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Swing. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is related to the lack of framework support by AWT event dispatch, and/or "clipboard access in Applets." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-4465 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14045 | |||
| Oval ID: | oval:org.mitre.oval:def:14045 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to Networking. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue involves "DNS cache poisoning by untrusted applets." | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to Networking. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue involves "DNS cache poisoning by untrusted applets." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-4448 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14076 | |||
| Oval ID: | oval:org.mitre.oval:def:14076 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23, and, and earlier allows remote attackers to affect availability via unknown vectors related to JAXP and unspecified APIs. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is related to "Features set on SchemaFactory not inherited by Validator." | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23, and, and earlier allows remote attackers to affect availability via unknown vectors related to JAXP and unspecified APIs. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is related to "Features set on SchemaFactory not inherited by Validator." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-4470 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14081 | |||
| Oval ID: | oval:org.mitre.oval:def:14081 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to Deserialization. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to Deserialization. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-0865 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14082 | |||
| Oval ID: | oval:org.mitre.oval:def:14082 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to CORBA. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to CORBA. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-0506 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14112 | |||
| Oval ID: | oval:org.mitre.oval:def:14112 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Swing. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Swing. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-0871 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14114 | |||
| Oval ID: | oval:org.mitre.oval:def:14114 | ||
| Title: | USN-1154-1 -- openjdk-6, openjdk-6b18 vulnerabilities | ||
| Description: | openjdk-6: Open Source Java implementation - openjdk-6b18: Open Source Java implementation Multiple OpenJDK 6 vulnerabilities have been fixed. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1154-1 CVE-2011-0815 CVE-2011-0822 CVE-2011-0862 CVE-2011-0864 CVE-2011-0865 CVE-2011-0867 CVE-2011-0868 CVE-2011-0869 CVE-2011-0870 CVE-2011-0871 CVE-2011-0872 | Version: | 5 |
| Platform(s): | Ubuntu 11.04 Ubuntu 10.04 Ubuntu 10.10 | Product(s): | openjdk-6 openjdk-6b18 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14117 | |||
| Oval ID: | oval:org.mitre.oval:def:14117 | ||
| Title: | The JNLPClassLoader class in IcedTea-Web before 1.0.1, as used in OpenJDK Runtime Environment 1.6.0, allows remote attackers to gain privileges via unknown vectors related to multiple signers and the assignment of "an inappropriate security descriptor." | ||
| Description: | The JNLPClassLoader class in IcedTea-Web before 1.0.1, as used in OpenJDK Runtime Environment 1.6.0, allows remote attackers to gain privileges via unknown vectors related to multiple signers and the assignment of "an inappropriate security descriptor." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-0706 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14118 | |||
| Oval ID: | oval:org.mitre.oval:def:14118 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote attackers to affect availability, related to XML Digital Signature and unspecified APIs. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue involves the replacement of the "XML DSig Transform or C14N algorithm implementations." | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote attackers to affect availability, related to XML Digital Signature and unspecified APIs. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue involves the replacement of the "XML DSig Transform or C14N algorithm implementations." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-4472 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14135 | |||
| Oval ID: | oval:org.mitre.oval:def:14135 | ||
| Title: | DEPRECATED: Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Solaris and Linux; 5.0 Update 27 and earlier for Solaris and Linux; and 1.4.2_29 and earlier for Solaris and Linux allows local standalone applications to affect confidentiality, integrity, and availability via unknown vectors related to Launcher. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is an untrusted search path vulnerability involving an empty LD_LIBRARY_PATH environment variable. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Solaris and Linux; 5.0 Update 27 and earlier for Solaris and Linux; and 1.4.2_29 and earlier for Solaris and Linux allows local standalone applications to affect confidentiality, integrity, and availability via unknown vectors related to Launcher. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is an untrusted search path vulnerability involving an empty LD_LIBRARY_PATH environment variable. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-4450 | Version: | 8 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14225 | |||
| Oval ID: | oval:org.mitre.oval:def:14225 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to HotSpot. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to HotSpot. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-0864 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14241 | |||
| Oval ID: | oval:org.mitre.oval:def:14241 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier allows remote attackers to affect availability via unknown vectors related to NIO. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier allows remote attackers to affect availability via unknown vectors related to NIO. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-0872 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14264 | |||
| Oval ID: | oval:org.mitre.oval:def:14264 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier allows remote attackers to affect confidentiality via unknown vectors related to 2D. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier allows remote attackers to affect confidentiality via unknown vectors related to 2D. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-0868 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14311 | |||
| Oval ID: | oval:org.mitre.oval:def:14311 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JRockit R28.1.4 and earlier allows remote authenticated users to affect confidentiality, related to JAXWS. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JRockit R28.1.4 and earlier allows remote authenticated users to affect confidentiality, related to JAXWS. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-3553 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment Java Development Kit |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14316 | |||
| Oval ID: | oval:org.mitre.oval:def:14316 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to RMI. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to RMI. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-3556 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14318 | |||
| Oval ID: | oval:org.mitre.oval:def:14318 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-3551 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment Java Development Kit |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14328 | |||
| Oval ID: | oval:org.mitre.oval:def:14328 | ||
| Title: | The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308. | ||
| Description: | The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-4476 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14335 | |||
| Oval ID: | oval:org.mitre.oval:def:14335 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to AWT. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to AWT. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-0815 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14338 | |||
| Oval ID: | oval:org.mitre.oval:def:14338 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 26 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to SAAJ. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 26 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to SAAJ. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-0869 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment Java Development Kit |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14339 | |||
| Oval ID: | oval:org.mitre.oval:def:14339 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Networking. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Networking. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-3547 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14340 | |||
| Oval ID: | oval:org.mitre.oval:def:14340 | ||
| Title: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is an HTTP request splitting vulnerability involving the handling of the chunked transfer encoding method by the HttpURLConnection class. | ||
| Description: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is an HTTP request splitting vulnerability involving the handling of the chunked transfer encoding method by the HttpURLConnection class. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3549 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment Java Development Kit |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14354 | |||
| Oval ID: | oval:org.mitre.oval:def:14354 | ||
| Title: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to missing validation of request headers in the HttpURLConnection class when they are set by applets, which allows remote attackers to bypass the intended security policy. | ||
| Description: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to missing validation of request headers in the HttpURLConnection class when they are set by applets, which allows remote attackers to bypass the intended security policy. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3541 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment Java Development Kit |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14373 | |||
| Oval ID: | oval:org.mitre.oval:def:14373 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to RMI. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to RMI. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-3557 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14384 | |||
| Oval ID: | oval:org.mitre.oval:def:14384 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 10 through 6 Update 23 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 10 through 6 Update 23 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-4467 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14394 | |||
| Oval ID: | oval:org.mitre.oval:def:14394 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and integrity, related to JSSE. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and integrity, related to JSSE. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-3560 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14417 | |||
| Oval ID: | oval:org.mitre.oval:def:14417 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, and 5.0 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to 2D. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is related to the exposure of system properties via vectors related to Font.createFont and exception text. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, and 5.0 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to 2D. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is related to the exposure of system properties via vectors related to Font.createFont and exception text. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-4471 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14465 | |||
| Oval ID: | oval:org.mitre.oval:def:14465 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote attackers to affect integrity via unknown vectors related to Networking. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote attackers to affect integrity via unknown vectors related to Networking. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-3552 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14475 | |||
| Oval ID: | oval:org.mitre.oval:def:14475 | ||
| Title: | Unspecified vulnerability in the Java Naming and Directory Interface (JNDI) component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this allows remote attackers to determine internal IP addresses or "otherwise-protected internal network names." | ||
| Description: | Unspecified vulnerability in the Java Naming and Directory Interface (JNDI) component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this allows remote attackers to determine internal IP addresses or "otherwise-protected internal network names." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3548 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14492 | |||
| Oval ID: | oval:org.mitre.oval:def:14492 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability, related to AWT. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability, related to AWT. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-3548 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14524 | |||
| Oval ID: | oval:org.mitre.oval:def:14524 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-3554 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment Java Development Kit |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14589 | |||
| Oval ID: | oval:org.mitre.oval:def:14589 | ||
| Title: | HP-UX Apache Running Tomcat Servlet Engine, Remote Information Disclosure, Authentication Bypass, Cross-Site Scripting (XSS), Unauthorized Access, Denial of Service (DoS) | ||
| Description: | The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-4476 | Version: | 11 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:14752 | |||
| Oval ID: | oval:org.mitre.oval:def:14752 | ||
| Title: | SSL and TLS Protocols Vulnerability | ||
| Description: | The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-3389 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14772 | |||
| Oval ID: | oval:org.mitre.oval:def:14772 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, and 6 Update 30 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, and 6 Update 30 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-0497 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14813 | |||
| Oval ID: | oval:org.mitre.oval:def:14813 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability, related to I18n. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability, related to I18n. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-0503 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14900 | |||
| Oval ID: | oval:org.mitre.oval:def:14900 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and availability, related to AWT. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and availability, related to AWT. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-0502 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14942 | |||
| Oval ID: | oval:org.mitre.oval:def:14942 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote attackers to affect confidentiality and availability via unknown vectors related to Sound. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote attackers to affect confidentiality and availability via unknown vectors related to Sound. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-3563 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:15069 | |||
| Oval ID: | oval:org.mitre.oval:def:15069 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect availability via unknown vectors. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect availability via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-0501 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:15238 | |||
| Oval ID: | oval:org.mitre.oval:def:15238 | ||
| Title: | DSA-2311-1 openjdk-6 -- several | ||
| Description: | Several vulnerabilities have been discovered in OpenJDK, an implementation of the Java SE platform. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2011-0862 Integer overflow errors in the JPEG and font parser allow untrusted code to elevate its privileges. CVE-2011-0864 Hotspot, the just-in-time compiler in OpenJDK, mishandled certain byte code instructions, allowing untrusted code to crash the virtual machine. CVE-2011-0865 A race condition in signed object deserialization could allow untrusted code to modify signed content, apparently leaving its signature intact. CVE-2011-0867 Untrusted code could access information about network interfaces which was not intended to be public. CVE-2011-0868 A float-to-long conversion could overflow, allowing untrusted code to crash the virtual machine. CVE-2011-0869 Untrusted code could intercept HTTP requests by reconfiguring proxy settings through a SOAP connection. CVE-2011-0871 Untrusted code could elevate its privileges through the Swing MediaTracker code. In addition, this update removes support for the Zero/Shark and Cacao Hotspot variants from the i386 and amd64 due to stability issues. These Hotspot variants are included in the openjdk-6-jre-zero and icedtea-6-jre-cacao packages, and these packages must be removed during this update. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2311-1 CVE-2011-0862 CVE-2011-0864 CVE-2011-0865 CVE-2011-0867 CVE-2011-0868 CVE-2011-0869 CVE-2011-0871 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | openjdk-6 |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:15241 | |||
| Oval ID: | oval:org.mitre.oval:def:15241 | ||
| Title: | DSA-2368-1 lighttpd -- multiple | ||
| Description: | Several vulnerabilities have been discovered in lighttpd, a small and fast webserver with minimal memory footprint. CVE-2011-4362 Xi Wang discovered that the base64 decoding routine which is used to decode user input during an HTTP authentication, suffers of a signedness issue when processing user input. As a result it is possible to force lighttpd to perform an out-of-bounds read which results in Denial of Service conditions. CVE-2011-3389 When using CBC ciphers on an SSL enabled virtual host to communicate with certain client, a so called "BEAST" attack allows man-in-the-middle attackers to obtain plaintext HTTP traffic via a blockwise chosen-boundary attack on an HTTPS session. Technically this is no lighttpd vulnerability. However, lighttpd offers a workaround to mitigate this problem by providing a possibility to disable CBC ciphers. This updates includes this option by default. System administrators are advised to read the NEWS file of this update. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2368-1 CVE-2011-4362 CVE-2011-3389 | Version: | 7 |
| Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | lighttpd |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:15281 | |||
| Oval ID: | oval:org.mitre.oval:def:15281 | ||
| Title: | DSA-2356-1 openjdk-6 -- several | ||
| Description: | Several vulnerabilities have been discovered in OpenJDK, an implementation of the Java platform: CVE-2011-3389 The TLS implementation does not guard properly against certain chosen-plaintext attacks when block ciphers are used in CBC mode. CVE-2011-3521 The CORBA implementation contains a deserialization vulnerability in the IIOP implementation, allowing untrusted Java code to elevate its privileges. CVE-2011-3544 The Java scripting engine lacks necessary security manager checks, allowing untrusted Java code to elevate its privileges. CVE-2011-3547 The skip method in java.io.InputStream uses a shared buffer, allowing untrusted Java code to access data that is skipped by other code. CVE-2011-3548 The java.awt.AWTKeyStroke class contains a flaw which allows untrusted Java code to elevate its privileges. CVE-2011-3551 The Java2D C code contains an integer overflow which results in a heap-based buffer overflow, potentially allowing untrusted Java code to elevate its privileges. CVE-2011-3552 Malicous Java code can use up an excessive amount of UDP ports, leading to a denial of service. CVE-2011-3553 JAX-WS enables stack traces for certain server responses by default, potentially leaking sensitive information. CVE-2011-3554 JAR files in pack200 format are not properly checked for errors, potentially leading to arbitrary code execution when unpacking crafted pack200 files. CVE-2011-3556 The RMI Registry server lacks access restrictions on certain methods, allowing a remote client to execute arbitary code. CVE-2011-3557 The RMI Registry server fails to properly restrict privileges of untrusted Java code, allowing RMI clients to elevate their privileges on the RMI Registry server. CVE-2011-3560 The com.sun.net.ssl.HttpsURLConnection class does not perform proper security manager checks in the setSSLSocketFactory method, allowing untrusted Java code to bypass security policy restrictions. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2356-1 CVE-2011-3389 CVE-2011-3521 CVE-2011-3544 CVE-2011-3547 CVE-2011-3548 CVE-2011-3551 CVE-2011-3552 CVE-2011-3553 CVE-2011-3554 CVE-2011-3556 CVE-2011-3557 CVE-2011-3560 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | openjdk-6 |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:15374 | |||
| Oval ID: | oval:org.mitre.oval:def:15374 | ||
| Title: | DSA-2358-1 openjdk-6 -- several | ||
| Description: | Several vulnerabilities have been discovered in OpenJDK, an implementation of the Java platform. This combines the two previous openjdk-6 advisories, DSA-2311-1 and DSA-2356-1. CVE-2011-0862 Integer overflow errors in the JPEG and font parser allow untrusted code to elevate its privileges. CVE-2011-0864 Hotspot, the just-in-time compiler in OpenJDK, mishandled certain byte code instructions, allowing untrusted code to crash the virtual machine. CVE-2011-0865 A race condition in signed object deserialization could allow untrusted code to modify signed content, apparently leaving its signature intact. CVE-2011-0867 Untrusted code could access information about network interfaces which was not intended to be public. CVE-2011-0868 A float-to-long conversion could overflow, allowing untrusted code to crash the virtual machine. CVE-2011-0869 Untrusted code could intercept HTTP requests by reconfiguring proxy settings through a SOAP connection. CVE-2011-0871 Untrusted code could elevate its privileges through the Swing MediaTracker code. CVE-2011-3389 The TLS implementation does not guard properly against certain chosen-plaintext attacks when block ciphers are used in CBC mode. CVE-2011-3521 The CORBA implementation contains a deserialization vulnerability in the IIOP implementation, allowing untrusted Java code to elevate its privileges. CVE-2011-3544 The Java scripting engine lacks necessary security manager checks, allowing untrusted Java code to elevate its privileges. CVE-2011-3547 The skip method in java.io.InputStream uses a shared buffer, allowing untrusted Java code to access data that is skipped by other code. CVE-2011-3548 The java.awt.AWTKeyStroke class contains a flaw which allows untrusted Java code to elevate its privileges. CVE-2011-3551 The Java2D C code contains an integer overflow which results in a heap-based buffer overflow, potentially allowing untrusted Java code to elevate its privileges. CVE-2011-3552 Malicous Java code can use up an excessive amount of UDP ports, leading to a denial of service. CVE-2011-3553 JAX-WS enables stack traces for certain server responses by default, potentially leaking sensitive information. CVE-2011-3554 JAR files in pack200 format are not properly checked for errors, potentially leading to arbitrary code execution when unpacking crafted pack200 files. CVE-2011-3556 The RMI Registry server lacks access restrictions on certain methods, allowing a remote client to execute arbitary code. CVE-2011-3557 The RMI Registry server fails to properly restrict privileges of untrusted Java code, allowing RMI clients to elevate their privileges on the RMI Registry server. CVE-2011-3560 The com.sun.net.ssl.HttpsURLConnection class does not perform proper security manager checks in the setSSLSocketFactory method, allowing untrusted Java code to bypass security policy restrictions. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2358-1 CVE-2011-0862 CVE-2011-0864 CVE-2011-0865 CVE-2011-0867 CVE-2011-0868 CVE-2011-0869 CVE-2011-0871 CVE-2011-3389 CVE-2011-3521 CVE-2011-3544 CVE-2011-3547 CVE-2011-3548 CVE-2011-3551 CVE-2011-3552 CVE-2011-3553 CVE-2011-3554 CVE-2011-3556 CVE-2011-3557 CVE-2011-3560 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 5.0 | Product(s): | openjdk-6 |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:15708 | |||
| Oval ID: | oval:org.mitre.oval:def:15708 | ||
| Title: | Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and before, 6 Update 43 and before, 5.0 Update 41 and before and JavaFX 2.2.7 and before. Very difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; JavaFX 2.2.7 and earlier; and OpenJDK 6 and 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to ImageIO. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "JPEGImageReader state corruption" when using native code. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-2430 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment JavaFX |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:15733 | |||
| Oval ID: | oval:org.mitre.oval:def:15733 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: 2D) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient validation of raster parameters" that can trigger an integer overflow and memory corruption. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient validation of raster parameters" that can trigger an integer overflow and memory corruption. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-1478 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:15832 | |||
| Oval ID: | oval:org.mitre.oval:def:15832 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: JSSE) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect validation of Diffie-Hellman keys, which allows remote attackers to conduct a "small subgroup attack" to force the use of weak session keys or obtain sensitive information about the private key. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect validation of Diffie-Hellman keys, which allows remote attackers to conduct a "small subgroup attack" to force the use of weak session keys or obtain sensitive information about the private key. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-0443 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:15888 | |||
| Oval ID: | oval:org.mitre.oval:def:15888 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Libraries) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0425 and CVE-2013-0428. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect "access control checks" in the logging API that allow remote attackers to bypass Java sandbox restrictions. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0425 and CVE-2013-0428. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect "access control checks" in the logging API that allow remote attackers to bypass Java sandbox restrictions. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-0426 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:15923 | |||
| Oval ID: | oval:org.mitre.oval:def:15923 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Security) 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect availability via unknown vectors related to Security. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect availability via unknown vectors related to Security. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-1718 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:15996 | |||
| Oval ID: | oval:org.mitre.oval:def:15996 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: CORBA) 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to CORBA. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to CORBA. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-1711 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16011 | |||
| Oval ID: | oval:org.mitre.oval:def:16011 | ||
| Title: | Vulnerability in the Java Runtime Environment component of Oracle Java SE (subcomponent: JAX-WS) 7 Update 17 and before. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized read access to a subset of Java Runtime Environment accessible data. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows local users to affect confidentiality via vectors related to JAX-WS. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "processing of MTOM attachments" and the creation of temporary files with weak permissions. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-2415 | Version: | 5 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:16013 | |||
| Oval ID: | oval:org.mitre.oval:def:16013 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Libraries) 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, allows remote attackers to affect integrity via unknown vectors related to Libraries. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to interrupt certain threads that should not be interrupted. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect integrity via unknown vectors related to Libraries. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to interrupt certain threads that should not be interrupted. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-0427 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16035 | |||
| Oval ID: | oval:org.mitre.oval:def:16035 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: AWT) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to an improper check of "privileges of the code" that bypasses the sandbox. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to an improper check of "privileges of the code" that bypasses the sandbox. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-0442 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16043 | |||
| Oval ID: | oval:org.mitre.oval:def:16043 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect availability, related to JSSE. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect availability, related to JSSE. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-5081 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16045 | |||
| Oval ID: | oval:org.mitre.oval:def:16045 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: AWT) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient validation of raster parameters" in awt_parseImage.c, which triggers memory corruption. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient validation of raster parameters" in awt_parseImage.c, which triggers memory corruption. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-1480 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16058 | |||
| Oval ID: | oval:org.mitre.oval:def:16058 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Libraries) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0428 and CVE-2013-0426. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect "access control checks" in the logging API that allow remote attackers to bypass Java sandbox restrictions. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0428 and CVE-2013-0426. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect "access control checks" in the logging API that allow remote attackers to bypass Java sandbox restrictions. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-0425 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16093 | |||
| Oval ID: | oval:org.mitre.oval:def:16093 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, related to JMX. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, related to JMX. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-5070 | Version: | 3 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:16168 | |||
| Oval ID: | oval:org.mitre.oval:def:16168 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Swing) 7 update 4 and earlier, 6 update 32 and earlier, and 5 update 35 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Swing. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, and 5 update 35 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Swing. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-1716 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16227 | |||
| Oval ID: | oval:org.mitre.oval:def:16227 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality and integrity, related to JMX. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality and integrity, related to JMX. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-5071 | Version: | 5 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16258 | |||
| Oval ID: | oval:org.mitre.oval:def:16258 | ||
| Title: | Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and before. Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to HotSpot. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect MethodHandle lookups, which allows remote attackers to bypass Java sandbox restrictions. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-2421 | Version: | 5 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:16259 | |||
| Oval ID: | oval:org.mitre.oval:def:16259 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Hotspot) 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-1723 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16297 | |||
| Oval ID: | oval:org.mitre.oval:def:16297 | ||
| Title: | Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and before, 6 Update 43 and before, 5.0 Update 41 and before. Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java Runtime Environment accessible data as well as read access to a subset of Java Runtime Environment accessible data. | ||
| Description: | The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to execute arbitrary code via vectors related to AWT, as demonstrated by Ben Murphy during a Pwn2Own competition at CanSecWest 2013. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to invocation of the system class loader by the sun.awt.datatransfer.ClassLoaderObjectInputStream class, which allows remote attackers to bypass Java sandbox restrictions. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-0401 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16311 | |||
| Oval ID: | oval:org.mitre.oval:def:16311 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect confidentiality via vectors related to CORBA. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via vectors related to CORBA. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue does not properly enforce access restrictions for CORBA output streams. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-2446 | Version: | 8 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16312 | |||
| Oval ID: | oval:org.mitre.oval:def:16312 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: CORBA) 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect integrity, related to CORBA. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect integrity, related to CORBA. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-1719 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16314 | |||
| Oval ID: | oval:org.mitre.oval:def:16314 | ||
| Title: | Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and before, 6 Update 43 and before, 5.0 Update 41 and before. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java Runtime Environment. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality via vectors related to JMX. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient class access checks" when "creating new instances" using MBeanInstantiator. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-2424 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16387 | |||
| Oval ID: | oval:org.mitre.oval:def:16387 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-5086 | Version: | 3 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16410 | |||
| Oval ID: | oval:org.mitre.oval:def:16410 | ||
| Title: | Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and before. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to HotSpot. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to bypassing the Java sandbox using "method handle intrinsic frames." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-2431 | Version: | 5 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:16446 | |||
| Oval ID: | oval:org.mitre.oval:def:16446 | ||
| Title: | Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and before, 6 Update 43 and before, 5.0 Update 41 and before. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java Runtime Environment. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect availability via unknown vectors related to Networking. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to an information leak involving InetAddress serialization. CVE has not investigated the apparent discrepancy between vendor reports regarding the impact of this issue. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-2417 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16466 | |||
| Oval ID: | oval:org.mitre.oval:def:16466 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect integrity via unknown vectors related to Libraries. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect integrity via unknown vectors related to Libraries. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-5073 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment JavaFX |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16489 | |||
| Oval ID: | oval:org.mitre.oval:def:16489 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: JAX-WS) 7 through Update 11 and 6 through Update 38, allows remote attackers to affect confidentiality via vectors related to JAX-WS. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper restriction of com.sun.xml.internal packages and "Better handling of UI elements." | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality via vectors related to JAX-WS. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper restriction of com.sun.xml.internal packages and "Better handling of UI elements." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-0435 | Version: | 4 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16496 | |||
| Oval ID: | oval:org.mitre.oval:def:16496 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Libraries) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0425 and CVE-2013-0426. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "incorrect checks for proxy classes" in the Reflection API. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0425 and CVE-2013-0426. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "incorrect checks for proxy classes" in the Reflection API. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-0428 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16502 | |||
| Oval ID: | oval:org.mitre.oval:def:16502 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: 2D) 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, 1.4.2_37 and earlier, and JavaFX 2.1 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, 1.4.2_37 and earlier, and JavaFX 2.1 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-1713 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment JavaFX |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16506 | |||
| Oval ID: | oval:org.mitre.oval:def:16506 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JMX. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JMX. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-5089 | Version: | 5 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16508 | |||
| Oval ID: | oval:org.mitre.oval:def:16508 | ||
| Title: | DEPRECATED: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Java Runtime Environment) 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows local users to affect confidentiality via unknown vectors related to printing on Solaris or Linux. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows local users to affect confidentiality via unknown vectors related to printing on Solaris or Linux. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-1717 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16511 | |||
| Oval ID: | oval:org.mitre.oval:def:16511 | ||
| Title: | Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and before. Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. | ||
| Description: | The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows remote attackers to execute arbitrary code via unspecified vectors involving reflection, Libraries, "improper toString calls," and the JDBC driver manager, as demonstrated by James Forshaw during a Pwn2Own competition at CanSecWest 2013. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-1488 | Version: | 5 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:16513 | |||
| Oval ID: | oval:org.mitre.oval:def:16513 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Hotspot) 7 update 4 and earlier, 6 update 32 and earlier, and 5 update 35 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, and 5 update 35 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-1725 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16519 | |||
| Oval ID: | oval:org.mitre.oval:def:16519 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: RMI) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to affect integrity via vectors related to RMI. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to cross-site scripting (XSS) in the sun.rmi.transport.proxy CGIHandler class that does not properly handle error messages in a (1) command or (2) port number. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via vectors related to RMI. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to cross-site scripting (XSS) in the sun.rmi.transport.proxy CGIHandler class that does not properly handle error messages in a (1) command or (2) port number. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-0424 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16522 | |||
| Oval ID: | oval:org.mitre.oval:def:16522 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality via unknown vectors related to Security. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality via unknown vectors related to Security. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-5072 | Version: | 3 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16527 | |||
| Oval ID: | oval:org.mitre.oval:def:16527 | ||
| Title: | Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and before, 6 Update 43 and before, 5.0 Update 41 and before. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java Runtime Environment. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect availability via unknown vectors related to 2D. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "font processing errors" in the International Components for Unicode (ICU) Layout Engine before 51.2. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-2419 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16528 | |||
| Oval ID: | oval:org.mitre.oval:def:16528 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: JAXP) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to affect confidentiality via vectors related to JAXP. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to the public declaration of the loadPropertyFile method in the JAXP FuncSystemProperty class, which allows remote attackers to obtain sensitive information. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality via vectors related to JAXP. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to the public declaration of the loadPropertyFile method in the JAXP FuncSystemProperty class, which allows remote attackers to obtain sensitive information. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-0434 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16533 | |||
| Oval ID: | oval:org.mitre.oval:def:16533 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-5068 | Version: | 3 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16537 | |||
| Oval ID: | oval:org.mitre.oval:def:16537 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Networking) 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, allows remote attackers to affect integrity via unknown vectors related to Networking. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to avoid triggering an exception during the deserialization of invalid InetSocketAddress data. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect integrity via unknown vectors related to Networking. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to avoid triggering an exception during the deserialization of invalid InetSocketAddress data. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-0433 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16538 | |||
| Oval ID: | oval:org.mitre.oval:def:16538 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Libraries. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Libraries. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-3216 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16540 | |||
| Oval ID: | oval:org.mitre.oval:def:16540 | ||
| Title: | Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and before. Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-1488 and CVE-2013-2426. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect "type checks" and "method handle binding" involving Wrapper.convert. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-2436 | Version: | 5 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:16545 | |||
| Oval ID: | oval:org.mitre.oval:def:16545 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect integrity via vectors related to JMX. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect integrity via vectors related to JMX. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is due to a missing check for "package access" by the MBeanServer Introspector. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-2453 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16549 | |||
| Oval ID: | oval:org.mitre.oval:def:16549 | ||
| Title: | Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5 Update 41 and earlier can result in unauthorized update, insert or delete access to some Java Runtime Environment accessible data as well as read access to a subset of Java Runtime Environment accessible data. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-1569, CVE-2013-2383, and CVE-2013-2420. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "font layout" in the International Components for Unicode (ICU) Layout Engine before 51.2. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-2384 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16550 | |||
| Oval ID: | oval:org.mitre.oval:def:16550 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: JMX) 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper checks of "access control context" in the JMX RequiredModelMBean class. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper checks of "access control context" in the JMX RequiredModelMBean class. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-0450 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16553 | |||
| Oval ID: | oval:org.mitre.oval:def:16553 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Swing. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Swing. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-5084 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16558 | |||
| Oval ID: | oval:org.mitre.oval:def:16558 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: JSSE) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to affect availability via vectors related to JSSE. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to CPU consumption in the the SSL/TLS implementation via a large number of ClientHello packets that are not properly handled by (1) ClientHandshaker.java and (2) ServerHandshaker.java. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 7, allows remote attackers to affect availability via vectors related to JSSE. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to CPU consumption in the the SSL/TLS implementation via a large number of ClientHello packets that are not properly handled by (1) ClientHandshaker.java and (2) ServerHandshaker.java. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-0440 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16560 | |||
| Oval ID: | oval:org.mitre.oval:def:16560 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-5087 | Version: | 3 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:16561 | |||
| Oval ID: | oval:org.mitre.oval:def:16561 | ||
| Title: | Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and before, 6 Update 43 and before. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper method-invocation restrictions by the MethodUtil trampoline class, which allows remote attackers to bypass the Java sandbox. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-2422 | Version: | 5 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16564 | |||
| Oval ID: | oval:org.mitre.oval:def:16564 | ||
| Title: | Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5 Update 41 and earlier can result in unauthorized update, insert or delete access to some Java Runtime Environment accessible data as well as read access to a subset of Java Runtime Environment accessible data. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-1569, CVE-2013-2384, and CVE-2013-2420. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "handling of [a] glyph table" in the International Components for Unicode (ICU) Layout Engine before 51.2. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-2383 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16566 | |||
| Oval ID: | oval:org.mitre.oval:def:16566 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: CORBA) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient validation of raster parameters" in awt_parseImage.c, which triggers memory corruption. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2013-1476 and CVE-2013-1475. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass Java sandbox restrictions via certain methods that should not be serialized, aka "missing serialization restriction." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-0441 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16567 | |||
| Oval ID: | oval:org.mitre.oval:def:16567 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: AWT) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to affect confidentiality and integrity via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient clipboard access premission checks." | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality and integrity via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient clipboard access premission checks." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-0432 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16578 | |||
| Oval ID: | oval:org.mitre.oval:def:16578 | ||
| Title: | Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and before, 6 Update 43 and before, 5.0 Update 41 and before. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to the default java.rmi.server.useCodebaseOnly setting of false, which allows remote attackers to perform "dynamic class downloading" and execute arbitrary code. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-1537 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16579 | |||
| Oval ID: | oval:org.mitre.oval:def:16579 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: JMX) 7 through Update 11, allows user-assisted remote attackers to bypass the Java security sandbox via unspecified vectors related to JMX, aka "Issue 52," a different vulnerability than CVE-2013-1490. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, and OpenJDK 7, allows user-assisted remote attackers to bypass the Java security sandbox via unspecified vectors related to JMX, aka "Issue 52," a different vulnerability than CVE-2013-1490. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-0431 | Version: | 4 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:16580 | |||
| Oval ID: | oval:org.mitre.oval:def:16580 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Libraries. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Libraries, a different vulnerability than CVE-2013-2443 and CVE-2013-2455. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "network address handling in virtual machine identifiers" and the lack of "unique and unpredictable IDs" in the java.rmi.dgc.VMID class. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-2452 | Version: | 8 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16585 | |||
| Oval ID: | oval:org.mitre.oval:def:16585 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Security. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Security. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-5077 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16597 | |||
| Oval ID: | oval:org.mitre.oval:def:16597 | ||
| Title: | Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and before, 6 Update 43 and before and 5.0 Update 41 and before. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to insufficient "validation of images" in share/native/sun/awt/image/awt_ImageRep.c, possibly involving offsets. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-2420 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16613 | |||
| Oval ID: | oval:org.mitre.oval:def:16613 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: CORBA) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "IIOP type reuse management" in ObjectStreamClass.java. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "IIOP type reuse management" in ObjectStreamClass.java. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-1475 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16614 | |||
| Oval ID: | oval:org.mitre.oval:def:16614 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Beans) 7 through Update 11, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient checks for cached results" by the Java Beans MethodFinder, which might allow attackers to access methods that should only be accessible to privileged code. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient checks for cached results" by the Java Beans MethodFinder, which might allow attackers to access methods that should only be accessible to privileged code. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-0444 | Version: | 4 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:16623 | |||
| Oval ID: | oval:org.mitre.oval:def:16623 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Hotspot. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Hotspot. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-4416 | Version: | 3 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16641 | |||
| Oval ID: | oval:org.mitre.oval:def:16641 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality and integrity, related to JMX. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JAX-WS. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-5076 | Version: | 4 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:16649 | |||
| Oval ID: | oval:org.mitre.oval:def:16649 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: CORBA) 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue involves the creation of a single PresentationManager that is shared across multiple thread groups, which allows remote attackers to bypass Java sandbox restrictions. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue involves the creation of a single PresentationManager that is shared across multiple thread groups, which allows remote attackers to bypass Java sandbox restrictions. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-0429 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16652 | |||
| Oval ID: | oval:org.mitre.oval:def:16652 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: CORBA) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2013-0441 and CVE-2013-1475. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass Java sandbox restrictions via "certain value handler constructors." | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2013-0441 and CVE-2013-1475. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass Java sandbox restrictions via "certain value handler constructors." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-1476 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16654 | |||
| Oval ID: | oval:org.mitre.oval:def:16654 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote authenticated users to have an unspecified impact via unknown vectors related to Networking. NOTE: the Oracle CPU states that this issue has a 0.0 CVSS score. If so, then this is not a vulnerability and this issue should not be included in CVE. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote authenticated users to have an unspecified impact via unknown vectors related to Networking. NOTE: the Oracle CPU states that this issue has a 0.0 CVSS score. If so, then this is not a vulnerability and this issue should not be included in CVE. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-5085 | Version: | 8 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16659 | |||
| Oval ID: | oval:org.mitre.oval:def:16659 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: JAXP) 7 update 4 and earlier, and 6 update 32 and earlier, allows remote attackers to affect availability, related to JAXP. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, and 6 update 32 and earlier, allows remote attackers to affect availability, related to JAXP. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-1724 | Version: | 4 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16668 | |||
| Oval ID: | oval:org.mitre.oval:def:16668 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality and integrity, related to JMX. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality and integrity, related to JAX-WS. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-5074 | Version: | 4 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:16683 | |||
| Oval ID: | oval:org.mitre.oval:def:16683 | ||
| Title: | Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and before.Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect invocation of the defaultReadObject method in the ConcurrentHashMap class, which allows remote attackers to bypass the Java sandbox. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-2426 | Version: | 5 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:16684 | |||
| Oval ID: | oval:org.mitre.oval:def:16684 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality, related to JMX. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality, related to JMX. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-5075 | Version: | 5 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16685 | |||
| Oval ID: | oval:org.mitre.oval:def:16685 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Concurrency. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Concurrency. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-5069 | Version: | 5 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16688 | |||
| Oval ID: | oval:org.mitre.oval:def:16688 | ||
| Title: | Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and before, 6 Update 43 and before, 5.0 Update 41 and before. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "missing security restrictions" in the LogStream.setDefaultStream method. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-1557 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16697 | |||
| Oval ID: | oval:org.mitre.oval:def:16697 | ||
| Title: | Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5 Update 41 and earlier can result in unauthorized update, insert or delete access to some Java Runtime Environment accessible data as well as read access to a subset of Java Runtime Environment accessible data. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "checking of [a] glyph table" in the International Components for Unicode (ICU) Layout Engine before 51.2. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-1569 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16699 | |||
| Oval ID: | oval:org.mitre.oval:def:16699 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Libraries) 7 update 4 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-1726 | Version: | 4 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:16700 | |||
| Oval ID: | oval:org.mitre.oval:def:16700 | ||
| Title: | Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and before. Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java Runtime Environment accessible data. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via unknown vectors related to HotSpot. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from the original researcher that this vulnerability allows remote attackers to bypass permission checks by the MethodHandles method and modify arbitrary public final fields using reflection and type confusion, as demonstrated using integer and double fields to disable the security manager. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-2423 | Version: | 4 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:16702 | |||
| Oval ID: | oval:org.mitre.oval:def:16702 | ||
| Title: | Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and before, 6 Update 43 and before, 5.0 Update 41 and before. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAXP. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "missing security restrictions." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-1518 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16712 | |||
| Oval ID: | oval:org.mitre.oval:def:16712 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect ShortBandedRaster size checks" in 2D. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-2472 | Version: | 8 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16770 | |||
| Oval ID: | oval:org.mitre.oval:def:16770 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Networking. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Networking. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to obtain a socket's local address via vectors involving inconsistencies between Socket.getLocalAddress and InetAddress.getLocalHost. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-2447 | Version: | 8 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16806 | |||
| Oval ID: | oval:org.mitre.oval:def:16806 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "ImagingLib byte lookup processing." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-2470 | Version: | 8 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16840 | |||
| Oval ID: | oval:org.mitre.oval:def:16840 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect IntegerComponentRaster size checks." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-2471 | Version: | 8 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16851 | |||
| Oval ID: | oval:org.mitre.oval:def:16851 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, 5.0 Update 45 and earlier, and JavaFX 2.2.21 and earlier allows remote attackers to affect availability via vectors related to AWT. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier; JavaFX 2.2.21 and earlier; and OpenJDK 7 allows remote attackers to affect availability via vectors related to AWT. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue does not "properly manage and restrict certain resources related to the processing of fonts," possibly involving temporary files. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-2444 | Version: | 8 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment JavaFX |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16887 | |||
| Oval ID: | oval:org.mitre.oval:def:16887 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier; the Oracle JRockit component in Oracle Fusion Middleware R27.7.5 and earlier and R28.2.7 and earlier; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. NOTE: the previous information is from the June and July 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass verification of XML signatures via vectors related to a "Missing check for [a] valid DOMCanonicalizationMethod canonicalization algorithm." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-2461 | Version: | 8 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16908 | |||
| Oval ID: | oval:org.mitre.oval:def:16908 | ||
| Title: | Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Container). Supported versions that are affected are 9.2.4, 10.0.2, 10.3.5, 10.3.6 and 12.1.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server | ||
| Description: | Oracle Glassfish 2.1.1, 3.0.1, and 3.1.1, as used in Communications Server 2.0, Sun Java System Application Server 8.1 and 8.2, and possibly other products, computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, aka Oracle security ticket S0104869. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-5035 | Version: | 4 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Oracle WebLogic Server |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:17042 | |||
| Oval ID: | oval:org.mitre.oval:def:17042 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect image layout verification" in 2D. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-2469 | Version: | 8 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:17052 | |||
| Oval ID: | oval:org.mitre.oval:def:17052 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to insufficient "access restrictions" and "robustness of sound classes." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-2448 | Version: | 8 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:17069 | |||
| Oval ID: | oval:org.mitre.oval:def:17069 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via "an error related to method handles." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-2458 | Version: | 7 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:17090 | |||
| Oval ID: | oval:org.mitre.oval:def:17090 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect availability via unknown vectors related to Hotspot. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect availability via unknown vectors related to Hotspot. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "handling of memory allocation errors." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-2445 | Version: | 8 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:17098 | |||
| Oval ID: | oval:org.mitre.oval:def:17098 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Serviceability. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Serviceability. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to insufficient indication of an SSL connection failure by JConsole, related to RMI connection dialog box. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-2412 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:17106 | |||
| Oval ID: | oval:org.mitre.oval:def:17106 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect image channel verification" in 2D. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-2465 | Version: | 8 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:17116 | |||
| Oval ID: | oval:org.mitre.oval:def:17116 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Serviceability. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Serviceability. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "insufficient access checks" in the tracing component. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-2460 | Version: | 7 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:17149 | |||
| Oval ID: | oval:org.mitre.oval:def:17149 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect image attribute verification" in 2D. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-2463 | Version: | 8 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:17176 | |||
| Oval ID: | oval:org.mitre.oval:def:17176 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect availability via unknown vectors related to Serialization. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect availability via unknown vectors related to Serialization. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper handling of circular references in ObjectStreamClass. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-2450 | Version: | 8 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:17181 | |||
| Oval ID: | oval:org.mitre.oval:def:17181 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "integer overflow checks." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-2459 | Version: | 8 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:17189 | |||
| Oval ID: | oval:org.mitre.oval:def:17189 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect ByteBandedRaster size checks" in 2D. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-2473 | Version: | 8 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:17192 | |||
| Oval ID: | oval:org.mitre.oval:def:17192 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Libraries. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Libraries. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to GnomeFileTypeDetector and a missing check for read permissions for a path. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-2449 | Version: | 7 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:17195 | |||
| Oval ID: | oval:org.mitre.oval:def:17195 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality and availability via unknown vectors related to Libraries. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality and availability via unknown vectors related to Libraries. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "XML security and the class loader." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-2407 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:17214 | |||
| Oval ID: | oval:org.mitre.oval:def:17214 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Libraries. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Libraries, a different vulnerability than CVE-2013-2443 and CVE-2013-2452. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect access checks by the (1) getEnclosingClass, (2) getEnclosingMethod, and (3) getEnclosingConstructor methods. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-2455 | Version: | 8 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:17215 | |||
| Oval ID: | oval:org.mitre.oval:def:17215 | ||
| Title: | Unspecified vulnerability in the Javadoc component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, 5.0 Update 45 and earlier, and JavaFX 2.2.21 and earlier allows remote attackers to affect integrity via unknown vectors related to Javadoc. | ||
| Description: | Unspecified vulnerability in the Javadoc component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier; JavaFX 2.2.21 and earlier; and OpenJDK 7 allows remote attackers to affect integrity via unknown vectors related to Javadoc. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to frame injection in HTML that is generated by Javadoc. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-1571 | Version: | 8 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment JavaFX |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:17221 | |||
| Oval ID: | oval:org.mitre.oval:def:17221 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows local users to affect confidentiality and integrity via unknown vectors related to 2D. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows local users to affect confidentiality and integrity via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to weak permissions for shared memory. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-1500 | Version: | 8 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:17230 | |||
| Oval ID: | oval:org.mitre.oval:def:17230 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Libraries. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Libraries, a different vulnerability than CVE-2013-2452 and CVE-2013-2455. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is due to an incorrect "checking order" within the AccessControlContext class. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-2443 | Version: | 8 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:17236 | |||
| Oval ID: | oval:org.mitre.oval:def:17236 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect confidentiality and integrity via vectors related to JDBC. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality and integrity via vectors related to JDBC. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue does not properly restrict access to certain class packages in the SerialJavaObject class, which allows remote attackers to bypass the Java sandbox. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-2454 | Version: | 8 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:17256 | |||
| Oval ID: | oval:org.mitre.oval:def:17256 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect integrity via vectors related to JMX. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via vectors related to JMX. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is due to an incorrect implementation of "certain class checks" that allows remote attackers to bypass intended class restrictions. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-2457 | Version: | 8 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:17265 | |||
| Oval ID: | oval:org.mitre.oval:def:17265 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Networking. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier, and OpenJDK 7, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Networking. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper enforcement of exclusive port binds when running on Windows, which allows attackers to bind to ports that are already in use. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-2451 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:17294 | |||
| Oval ID: | oval:org.mitre.oval:def:17294 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Serialization. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Serialization. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper access checks for subclasses in the ObjectOutputStream class. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-2456 | Version: | 8 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:17489 | |||
| Oval ID: | oval:org.mitre.oval:def:17489 | ||
| Title: | USN-1625-1 -- icedtea-web vulnerability | ||
| Description: | The Icedtea-Web plugin could be made to crash or run programs as your log in if it opened a specially crafted web page. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1625-1 CVE-2012-4540 | Version: | 7 |
| Platform(s): | Ubuntu 12.10 Ubuntu 12.04 Ubuntu 11.10 Ubuntu 10.04 | Product(s): | icedtea-web |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:17565 | |||
| Oval ID: | oval:org.mitre.oval:def:17565 | ||
| Title: | USN-1505-2 -- icedtea-web regression | ||
| Description: | USN 1505-1 introduced a regression in the IcedTea-Web Java web browser plugin that prevented it from working with the Chromium web browser. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1505-2 CVE-2012-1711 CVE-2012-1719 CVE-2012-1713 CVE-2012-1716 CVE-2012-1717 CVE-2012-1718 CVE-2012-1723 CVE-2012-1725 CVE-2012-1724 | Version: | 7 |
| Platform(s): | Ubuntu 11.10 Ubuntu 11.04 | Product(s): | icedtea-web |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:17669 | |||
| Oval ID: | oval:org.mitre.oval:def:17669 | ||
| Title: | USN-1521-1 -- icedtea-web vulnerabilities | ||
| Description: | The IcedTea-Web Java web browser plugin could be made to crash or possibly run programs as your login if it opened a specially crafted applet. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1521-1 CVE-2012-3422 CVE-2012-3423 | Version: | 7 |
| Platform(s): | Ubuntu 12.04 Ubuntu 11.10 Ubuntu 11.04 Ubuntu 10.04 | Product(s): | icedtea-web |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:17879 | |||
| Oval ID: | oval:org.mitre.oval:def:17879 | ||
| Title: | USN-1505-1 -- icedtea-web, openjdk-6 vulnerabilities | ||
| Description: | Several security issues were fixed in OpenJDK 6. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1505-1 CVE-2012-1711 CVE-2012-1719 CVE-2012-1713 CVE-2012-1716 CVE-2012-1717 CVE-2012-1718 CVE-2012-1723 CVE-2012-1725 CVE-2012-1724 | Version: | 7 |
| Platform(s): | Ubuntu 12.04 Ubuntu 11.10 Ubuntu 11.04 Ubuntu 10.04 | Product(s): | openjdk-6 icedtea-web |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:18173 | |||
| Oval ID: | oval:org.mitre.oval:def:18173 | ||
| Title: | DSA-2507-1 openjdk-6 - several | ||
| Description: | Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2507-1 CVE-2012-1711 CVE-2012-1713 CVE-2012-1716 CVE-2012-1717 CVE-2012-1718 CVE-2012-1719 CVE-2012-1723 CVE-2012-1724 CVE-2012-1725 | Version: | 7 |
| Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | openjdk-6 |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:18236 | |||
| Oval ID: | oval:org.mitre.oval:def:18236 | ||
| Title: | USN-1907-2 -- icedtea-web update | ||
| Description: | IcedTea Web updated to work with new OpenJDK 7. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1907-2 CVE-2013-1500 CVE-2013-2454 CVE-2013-2458 CVE-2013-1571 CVE-2013-2407 CVE-2013-2412 CVE-2013-2443 CVE-2013-2446 CVE-2013-2447 CVE-2013-2449 CVE-2013-2452 CVE-2013-2456 CVE-2013-2444 CVE-2013-2445 CVE-2013-2450 CVE-2013-2448 CVE-2013-2451 CVE-2013-2459 CVE-2013-2460 CVE-2013-2461 CVE-2013-2463 CVE-2013-2465 CVE-2013-2469 CVE-2013-2470 CVE-2013-2471 CVE-2013-2472 CVE-2013-2473 CVE-2013-2453 CVE-2013-2455 CVE-2013-2457 | Version: | 7 |
| Platform(s): | Ubuntu 13.04 Ubuntu 12.10 Ubuntu 12.04 | Product(s): | icedtea-web |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:18247 | |||
| Oval ID: | oval:org.mitre.oval:def:18247 | ||
| Title: | USN-1755-2 -- openjdk-7 vulnerabilities | ||
| Description: | OpenJDK could be made to crash or run programs as your login if it opened a specially crafted file. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1755-2 CVE-2013-0809 CVE-2013-1493 | Version: | 7 |
| Platform(s): | Ubuntu 12.10 | Product(s): | openjdk-7 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:18302 | |||
| Oval ID: | oval:org.mitre.oval:def:18302 | ||
| Title: | USN-1732-1 -- openssl vulnerabilities | ||
| Description: | Several security issues were fixed in OpenSSL. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1732-1 CVE-2012-2686 CVE-2013-0166 CVE-2013-0169 | Version: | 7 |
| Platform(s): | Ubuntu 12.10 Ubuntu 12.04 Ubuntu 11.10 Ubuntu 10.04 Ubuntu 8.04 | Product(s): | openssl |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:18436 | |||
| Oval ID: | oval:org.mitre.oval:def:18436 | ||
| Title: | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier | ||
| Description: | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-5842 | Version: | 8 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:18501 | |||
| Oval ID: | oval:org.mitre.oval:def:18501 | ||
| Title: | Unspecified vulnerability in Oracle Java SE 7u40 and earlier | ||
| Description: | Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Swing, a different vulnerability than CVE-2013-5805. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-5806 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:18504 | |||
| Oval ID: | oval:org.mitre.oval:def:18504 | ||
| Title: | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier | ||
| Description: | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-5809 | Version: | 8 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:18565 | |||
| Oval ID: | oval:org.mitre.oval:def:18565 | ||
| Title: | DSA-2621-1 openssl - several vulnerabilities | ||
| Description: | Multiple vulnerabilities have been found in OpenSSL. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2621-1 CVE-2013-0166 CVE-2013-0169 | Version: | 7 |
| Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | openssl |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:18622 | |||
| Oval ID: | oval:org.mitre.oval:def:18622 | ||
| Title: | HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality and availability via unknown vectors related to Libraries. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "XML security and the class loader." | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-2407 | Version: | 11 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:18645 | |||
| Oval ID: | oval:org.mitre.oval:def:18645 | ||
| Title: | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier | ||
| Description: | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-5782 | Version: | 8 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment JRockit |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:18699 | |||
| Oval ID: | oval:org.mitre.oval:def:18699 | ||
| Title: | HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Networking. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to obtain a socket's local address via vectors involving inconsistencies between Socket.getLocalAddress and InetAddress.getLocalHost. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-2447 | Version: | 11 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:18717 | |||
| Oval ID: | oval:org.mitre.oval:def:18717 | ||
| Title: | HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Libraries. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to GnomeFileTypeDetector and a missing check for read permissions for a path. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-2449 | Version: | 11 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:18733 | |||
| Oval ID: | oval:org.mitre.oval:def:18733 | ||
| Title: | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier | ||
| Description: | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to BEANS. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-5790 | Version: | 8 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:18783 | |||
| Oval ID: | oval:org.mitre.oval:def:18783 | ||
| Title: | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier | ||
| Description: | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect availability via unknown vectors related to Security. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-5823 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment JRockit |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:18874 | |||
| Oval ID: | oval:org.mitre.oval:def:18874 | ||
| Title: | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier | ||
| Description: | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect availability via vectors related to JGSS. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-5803 | Version: | 8 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment JRockit |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:18905 | |||
| Oval ID: | oval:org.mitre.oval:def:18905 | ||
| Title: | DSA-2727-1 openjdk-6 - several | ||
| Description: | Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure or denial of service. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2727-1 CVE-2013-1500 CVE-2013-1571 CVE-2013-2407 CVE-2013-2412 CVE-2013-2443 CVE-2013-2444 CVE-2013-2445 CVE-2013-2446 CVE-2013-2447 CVE-2013-2448 CVE-2013-2450 CVE-2013-2451 CVE-2013-2452 CVE-2013-2453 CVE-2013-2455 CVE-2013-2456 CVE-2013-2457 CVE-2013-2459 CVE-2013-2461 CVE-2013-2463 CVE-2013-2465 CVE-2013-2469 CVE-2013-2470 CVE-2013-2471 CVE-2013-2472 CVE-2013-2473 | Version: | 8 |
| Platform(s): | Debian GNU/Linux 6.0 Debian GNU/Linux 7 Debian GNU/kFreeBSD 6.0 Debian GNU/kFreeBSD 7 | Product(s): | openjdk-6 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:18943 | |||
| Oval ID: | oval:org.mitre.oval:def:18943 | ||
| Title: | Unspecified vulnerability in Oracle Java SE 7u40 and earlier | ||
| Description: | Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Swing, a different vulnerability than CVE-2013-5806. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-5805 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:18956 | |||
| Oval ID: | oval:org.mitre.oval:def:18956 | ||
| Title: | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and JavaFX 2.2.40 and earlier | ||
| Description: | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and JavaFX 2.2.40 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Javadoc. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-5797 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment JavaFX JRockit |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:18971 | |||
| Oval ID: | oval:org.mitre.oval:def:18971 | ||
| Title: | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier | ||
| Description: | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to AWT. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-5849 | Version: | 8 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:18990 | |||
| Oval ID: | oval:org.mitre.oval:def:18990 | ||
| Title: | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier | ||
| Description: | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Libraries. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-5840 | Version: | 8 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19002 | |||
| Oval ID: | oval:org.mitre.oval:def:19002 | ||
| Title: | Unspecified vulnerability in Oracle Java SE Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier | ||
| Description: | Unspecified vulnerability in the Java SE, Java SE Embedded component in Oracle Java SE Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-3829 | Version: | 8 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19010 | |||
| Oval ID: | oval:org.mitre.oval:def:19010 | ||
| Title: | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect validation of Diffie-Hellman keys, which allows remote attackers to conduct a "small subgroup attack" to force the use of weak session keys or obtain sensitive information about the private key. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-0443 | Version: | 12 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19016 | |||
| Oval ID: | oval:org.mitre.oval:def:19016 | ||
| Title: | OpenSSL vulnerability before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d in VisualSVN Server (CVE-2013-0169) | ||
| Description: | The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-0169 | Version: | 6 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | VisualSVN Server |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19020 | |||
| Oval ID: | oval:org.mitre.oval:def:19020 | ||
| Title: | Unspecified vulnerability in Oracle Java SE Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier | ||
| Description: | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, 6u60 and earlier, 5.0u51 and earlier, and Embedded 7u40 and earlier allows remote attackers to affect confidentiality via unknown vectors related to 2D. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-5778 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19024 | |||
| Oval ID: | oval:org.mitre.oval:def:19024 | ||
| Title: | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier | ||
| Description: | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JNDI. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-5817 | Version: | 8 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19032 | |||
| Oval ID: | oval:org.mitre.oval:def:19032 | ||
| Title: | Unspecified vulnerability in Oracle Java SE Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier | ||
| Description: | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, 6u60 and earlier, 5.0u51 and earlier, and Embedded 7u40 and earlier allows remote attackers to affect integrity via unknown vectors related to Libraries. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-5774 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19046 | |||
| Oval ID: | oval:org.mitre.oval:def:19046 | ||
| Title: | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier | ||
| Description: | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect availability via vectors related to JAXP. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-5825 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment JRockit |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19049 | |||
| Oval ID: | oval:org.mitre.oval:def:19049 | ||
| Title: | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier | ||
| Description: | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect integrity via vectors related to SCRIPTING. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-5784 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19061 | |||
| Oval ID: | oval:org.mitre.oval:def:19061 | ||
| Title: | Unspecified vulnerability in Oracle Java SE 7u40 and earlier | ||
| Description: | Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to JAXP. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-5851 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:19078 | |||
| Oval ID: | oval:org.mitre.oval:def:19078 | ||
| Title: | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality via vectors related to JAX-WS. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper restriction of com.sun.xml.internal packages and "Better handling of UI elements." | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-0435 | Version: | 11 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19088 | |||
| Oval ID: | oval:org.mitre.oval:def:19088 | ||
| Title: | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier | ||
| Description: | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Swing. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-5783 | Version: | 8 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19093 | |||
| Oval ID: | oval:org.mitre.oval:def:19093 | ||
| Title: | Unspecified vulnerability in Oracle Java SE 7u40 and earlier | ||
| Description: | Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to JGSS. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-5800 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:19096 | |||
| Oval ID: | oval:org.mitre.oval:def:19096 | ||
| Title: | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier | ||
| Description: | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-5830 | Version: | 8 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment JRockit |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19101 | |||
| Oval ID: | oval:org.mitre.oval:def:19101 | ||
| Title: | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier | ||
| Description: | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Libraries. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-5780 | Version: | 8 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment JRockit |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19129 | |||
| Oval ID: | oval:org.mitre.oval:def:19129 | ||
| Title: | HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Serviceability. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "insufficient access checks" in the tracing component. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-2460 | Version: | 11 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19131 | |||
| Oval ID: | oval:org.mitre.oval:def:19131 | ||
| Title: | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via vectors related to RMI. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to cross-site scripting (XSS) in the sun.rmi.transport.proxy CGIHandler class that does not properly handle error messages in a (1) command or (2) port number. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-0424 | Version: | 11 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19150 | |||
| Oval ID: | oval:org.mitre.oval:def:19150 | ||
| Title: | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier | ||
| Description: | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-5850 | Version: | 8 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19185 | |||
| Oval ID: | oval:org.mitre.oval:def:19185 | ||
| Title: | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier | ||
| Description: | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-5814 | Version: | 8 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19188 | |||
| Oval ID: | oval:org.mitre.oval:def:19188 | ||
| Title: | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, and JRockit R27.7.6 and earlier | ||
| Description: | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, and JRockit R27.7.6 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Javadoc. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-5804 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment JRockit |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19189 | |||
| Oval ID: | oval:org.mitre.oval:def:19189 | ||
| Title: | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier | ||
| Description: | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-5829 | Version: | 8 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19206 | |||
| Oval ID: | oval:org.mitre.oval:def:19206 | ||
| Title: | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier | ||
| Description: | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect integrity via vectors related to JAX-WS. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-5820 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19207 | |||
| Oval ID: | oval:org.mitre.oval:def:19207 | ||
| Title: | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier | ||
| Description: | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAXP. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-5802 | Version: | 8 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment JRockit |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19219 | |||
| Oval ID: | oval:org.mitre.oval:def:19219 | ||
| Title: | Unspecified vulnerability in the Java SE component in Oracle Java SE Java SE 7u40 and earlier and Java SE 6u60 and earlier | ||
| Description: | Unspecified vulnerability in the Java SE component in Oracle Java SE Java SE 7u40 and earlier and Java SE 6u60 and earlier allows remote attackers to affect integrity via unknown vectors related to jhat. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-5772 | Version: | 5 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19225 | |||
| Oval ID: | oval:org.mitre.oval:def:19225 | ||
| Title: | HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via vectors related to CORBA. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue does not properly enforce access restrictions for CORBA output streams. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-2446 | Version: | 12 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19237 | |||
| Oval ID: | oval:org.mitre.oval:def:19237 | ||
| Title: | HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality and integrity via vectors related to JDBC. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue does not properly restrict access to certain class packages in the SerialJavaObject class, which allows remote attackers to bypass the Java sandbox. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-2454 | Version: | 12 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19246 | |||
| Oval ID: | oval:org.mitre.oval:def:19246 | ||
| Title: | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | The color management (CMM) functionality in the 2D component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (crash) via an image with crafted raster parameters, which triggers (1) an out-of-bounds read or (2) memory corruption in the JVM, as exploited in the wild in February 2013. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-1493 | Version: | 12 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19261 | |||
| Oval ID: | oval:org.mitre.oval:def:19261 | ||
| Title: | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0425 and CVE-2013-0428. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect "access control checks" in the logging API that allow remote attackers to bypass Java sandbox restrictions. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-0426 | Version: | 12 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19267 | |||
| Oval ID: | oval:org.mitre.oval:def:19267 | ||
| Title: | HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Serialization. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper access checks for subclasses in the ObjectOutputStream class. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-2456 | Version: | 12 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19285 | |||
| Oval ID: | oval:org.mitre.oval:def:19285 | ||
| Title: | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 7, allows remote attackers to affect availability via vectors related to JSSE. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to CPU consumption in the the SSL/TLS implementation via a large number of ClientHello packets that are not properly handled by (1) ClientHandshaker.java and (2) ServerHandshaker.java. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-0440 | Version: | 12 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19289 | |||
| Oval ID: | oval:org.mitre.oval:def:19289 | ||
| Title: | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2013-1476 and CVE-2013-1475. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass Java sandbox restrictions via certain methods that should not be serialized, aka "missing serialization restriction." | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-0441 | Version: | 12 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19299 | |||
| Oval ID: | oval:org.mitre.oval:def:19299 | ||
| Title: | HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Libraries, a different vulnerability than CVE-2013-2452 and CVE-2013-2455. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is due to an incorrect "checking order" within the AccessControlContext class. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-2443 | Version: | 12 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19307 | |||
| Oval ID: | oval:org.mitre.oval:def:19307 | ||
| Title: | HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier; JavaFX 2.2.21 and earlier; and OpenJDK 7 allows remote attackers to affect availability via vectors related to AWT. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue does not "properly manage and restrict certain resources related to the processing of fonts," possibly involving temporary files. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-2444 | Version: | 12 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19310 | |||
| Oval ID: | oval:org.mitre.oval:def:19310 | ||
| Title: | HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "integer overflow checks." | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-2459 | Version: | 12 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19320 | |||
| Oval ID: | oval:org.mitre.oval:def:19320 | ||
| Title: | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in the 2D component in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2013-1493. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-0809 | Version: | 12 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19325 | |||
| Oval ID: | oval:org.mitre.oval:def:19325 | ||
| Title: | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "IIOP type reuse management" in ObjectStreamClass.java. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-1475 | Version: | 12 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19349 | |||
| Oval ID: | oval:org.mitre.oval:def:19349 | ||
| Title: | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient checks for cached results" by the Java Beans MethodFinder, which might allow attackers to access methods that should only be accessible to privileged code. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-0444 | Version: | 12 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19363 | |||
| Oval ID: | oval:org.mitre.oval:def:19363 | ||
| Title: | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper checks of "access control context" in the JMX RequiredModelMBean class. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-0450 | Version: | 11 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19375 | |||
| Oval ID: | oval:org.mitre.oval:def:19375 | ||
| Title: | HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Serviceability. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to insufficient indication of an SSL connection failure by JConsole, related to RMI connection dialog box. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-2412 | Version: | 11 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19382 | |||
| Oval ID: | oval:org.mitre.oval:def:19382 | ||
| Title: | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect validation of Diffie-Hellman keys, which allows remote attackers to conduct a "small subgroup attack" to force the use of weak session keys or obtain sensitive information about the private key. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-0443 | Version: | 11 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19388 | |||
| Oval ID: | oval:org.mitre.oval:def:19388 | ||
| Title: | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier allows remote attackers to affect integrity via unknown vectors related to Libraries. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-1485 | Version: | 11 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19408 | |||
| Oval ID: | oval:org.mitre.oval:def:19408 | ||
| Title: | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Oracle Glassfish 2.1.1, 3.0.1, and 3.1.1, as used in Communications Server 2.0, Sun Java System Application Server 8.1 and 8.2, and possibly other products, computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, aka Oracle security ticket S0104869. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2011-5035 | Version: | 10 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19418 | |||
| Oval ID: | oval:org.mitre.oval:def:19418 | ||
| Title: | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, and OpenJDK 7, allows user-assisted remote attackers to bypass the Java security sandbox via unspecified vectors related to JMX, aka "Issue 52," a different vulnerability than CVE-2013-1490. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-0431 | Version: | 11 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19424 | |||
| Oval ID: | oval:org.mitre.oval:def:19424 | ||
| Title: | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-0169 | Version: | 11 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19428 | |||
| Oval ID: | oval:org.mitre.oval:def:19428 | ||
| Title: | HP-UX Apache Web Server, Remote Denial of Service (DoS) | ||
| Description: | The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-0169 | Version: | 7 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19434 | |||
| Oval ID: | oval:org.mitre.oval:def:19434 | ||
| Title: | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to an improper check of "privileges of the code" that bypasses the sandbox. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-0442 | Version: | 11 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19441 | |||
| Oval ID: | oval:org.mitre.oval:def:19441 | ||
| Title: | HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect IntegerComponentRaster size checks." | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-2471 | Version: | 11 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19445 | |||
| Oval ID: | oval:org.mitre.oval:def:19445 | ||
| Title: | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and availability, related to AWT. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2012-0502 | Version: | 10 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19455 | |||
| Oval ID: | oval:org.mitre.oval:def:19455 | ||
| Title: | HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect image channel verification" in 2D. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-2465 | Version: | 11 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19457 | |||
| Oval ID: | oval:org.mitre.oval:def:19457 | ||
| Title: | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue involves the creation of a single PresentationManager that is shared across multiple thread groups, which allows remote attackers to bypass Java sandbox restrictions. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-0429 | Version: | 11 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19459 | |||
| Oval ID: | oval:org.mitre.oval:def:19459 | ||
| Title: | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect integrity via unknown vectors related to Networking. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to avoid triggering an exception during the deserialization of invalid InetSocketAddress data. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-0433 | Version: | 11 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19466 | |||
| Oval ID: | oval:org.mitre.oval:def:19466 | ||
| Title: | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2013-0441 and CVE-2013-1475. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass Java sandbox restrictions via "certain value handler constructors." | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-1476 | Version: | 11 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19469 | |||
| Oval ID: | oval:org.mitre.oval:def:19469 | ||
| Title: | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier, 6 Update 39 and earlier, and 5.0 Update 39 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-1486 | Version: | 11 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19480 | |||
| Oval ID: | oval:org.mitre.oval:def:19480 | ||
| Title: | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0425 and CVE-2013-0426. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "incorrect checks for proxy classes" in the Reflection API. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-0428 | Version: | 11 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19483 | |||
| Oval ID: | oval:org.mitre.oval:def:19483 | ||
| Title: | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0428 and CVE-2013-0426. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect "access control checks" in the logging API that allow remote attackers to bypass Java sandbox restrictions. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-0425 | Version: | 11 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19486 | |||
| Oval ID: | oval:org.mitre.oval:def:19486 | ||
| Title: | DSA-2722-1 openjdk-7 - several | ||
| Description: | Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure or denial of service. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2722-1 CVE-2013-1500 CVE-2013-1571 CVE-2013-2407 CVE-2013-2412 CVE-2013-2443 CVE-2013-2444 CVE-2013-2445 CVE-2013-2446 CVE-2013-2447 CVE-2013-2448 CVE-2013-2449 CVE-2013-2450 CVE-2013-2451 CVE-2013-2452 CVE-2013-2453 CVE-2013-2454 CVE-2013-2455 CVE-2013-2456 CVE-2013-2457 CVE-2013-2458 CVE-2013-2459 CVE-2013-2460 CVE-2013-2461 CVE-2013-2463 CVE-2013-2465 CVE-2013-2469 CVE-2013-2470 CVE-2013-2471 CVE-2013-2472 CVE-2013-2473 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 7 Debian GNU/kFreeBSD 7 | Product(s): | openjdk-7 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19488 | |||
| Oval ID: | oval:org.mitre.oval:def:19488 | ||
| Title: | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect integrity via unknown vectors related to Libraries. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to interrupt certain threads that should not be interrupted. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-0427 | Version: | 11 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19489 | |||
| Oval ID: | oval:org.mitre.oval:def:19489 | ||
| Title: | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality and integrity via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient clipboard access premission checks." | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-0432 | Version: | 11 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19493 | |||
| Oval ID: | oval:org.mitre.oval:def:19493 | ||
| Title: | HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other Vulnerabilities | ||
| Description: | The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-4476 | Version: | 11 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:19504 | |||
| Oval ID: | oval:org.mitre.oval:def:19504 | ||
| Title: | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient validation of raster parameters" in awt_parseImage.c, which triggers memory corruption. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-1480 | Version: | 11 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19505 | |||
| Oval ID: | oval:org.mitre.oval:def:19505 | ||
| Title: | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality via vectors related to JAXP. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to the public declaration of the loadPropertyFile method in the JAXP FuncSystemProperty class, which allows remote attackers to obtain sensitive information. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-0434 | Version: | 11 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19508 | |||
| Oval ID: | oval:org.mitre.oval:def:19508 | ||
| Title: | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-1484 | Version: | 11 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19516 | |||
| Oval ID: | oval:org.mitre.oval:def:19516 | ||
| Title: | HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect availability via unknown vectors related to Hotspot. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "handling of memory allocation errors." | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-2445 | Version: | 11 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19517 | |||
| Oval ID: | oval:org.mitre.oval:def:19517 | ||
| Title: | HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "ImagingLib byte lookup processing." | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-2470 | Version: | 11 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19518 | |||
| Oval ID: | oval:org.mitre.oval:def:19518 | ||
| Title: | HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in the Javadoc component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier; JavaFX 2.2.21 and earlier; and OpenJDK 7 allows remote attackers to affect integrity via unknown vectors related to Javadoc. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to frame injection in HTML that is generated by Javadoc. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-1571 | Version: | 11 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19524 | |||
| Oval ID: | oval:org.mitre.oval:def:19524 | ||
| Title: | HP-UX Running Java5 Runtime Environment (JRE) and Java Developer Kit (JDK), Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect availability via unknown vectors related to Networking. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to an information leak involving InetAddress serialization. CVE has not investigated the apparent discrepancy between vendor reports regarding the impact of this issue. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-2417 | Version: | 12 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19527 | |||
| Oval ID: | oval:org.mitre.oval:def:19527 | ||
| Title: | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to CORBA. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2012-0506 | Version: | 10 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19529 | |||
| Oval ID: | oval:org.mitre.oval:def:19529 | ||
| Title: | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient validation of raster parameters" that can trigger an integer overflow and memory corruption. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-1478 | Version: | 11 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19543 | |||
| Oval ID: | oval:org.mitre.oval:def:19543 | ||
| Title: | HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect ShortBandedRaster size checks" in 2D. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-2472 | Version: | 11 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19550 | |||
| Oval ID: | oval:org.mitre.oval:def:19550 | ||
| Title: | HP-UX Running Java5 Runtime Environment (JRE) and Java Developer Kit (JDK), Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to the default java.rmi.server.useCodebaseOnly setting of false, which allows remote attackers to perform "dynamic class downloading" and execute arbitrary code. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-1537 | Version: | 12 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19552 | |||
| Oval ID: | oval:org.mitre.oval:def:19552 | ||
| Title: | HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect image layout verification" in 2D. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-2469 | Version: | 11 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19557 | |||
| Oval ID: | oval:org.mitre.oval:def:19557 | ||
| Title: | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, and 6 Update 30 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2012-0497 | Version: | 10 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19560 | |||
| Oval ID: | oval:org.mitre.oval:def:19560 | ||
| Title: | HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Libraries, a different vulnerability than CVE-2013-2443 and CVE-2013-2452. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect access checks by the (1) getEnclosingClass, (2) getEnclosingMethod, and (3) getEnclosingConstructor methods. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-2455 | Version: | 11 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19571 | |||
| Oval ID: | oval:org.mitre.oval:def:19571 | ||
| Title: | Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
| Description: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to missing validation of request headers in the HttpURLConnection class when they are set by applets, which allows remote attackers to bypass the intended security policy. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-3541 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.0 VMWare ESX Server 4.1 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19582 | |||
| Oval ID: | oval:org.mitre.oval:def:19582 | ||
| Title: | HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier; the Oracle JRockit component in Oracle Fusion Middleware R27.7.5 and earlier and R28.2.7 and earlier; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. NOTE: the previous information is from the June and July 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass verification of XML signatures via vectors related to a "Missing check for [a] valid DOMCanonicalizationMethod canonicalization algorithm." | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-2461 | Version: | 11 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19599 | |||
| Oval ID: | oval:org.mitre.oval:def:19599 | ||
| Title: | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect availability via unknown vectors. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2012-0501 | Version: | 10 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19608 | |||
| Oval ID: | oval:org.mitre.oval:def:19608 | ||
| Title: | Multiple OpenSSL vulnerabilities | ||
| Description: | The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-0169 | Version: | 5 |
| Platform(s): | IBM AIX 5.3 IBM AIX 6.1 IBM AIX 7.1 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19611 | |||
| Oval ID: | oval:org.mitre.oval:def:19611 | ||
| Title: | HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect integrity via vectors related to JMX. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is due to a missing check for "package access" by the MBeanServer Introspector. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-2453 | Version: | 11 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19620 | |||
| Oval ID: | oval:org.mitre.oval:def:19620 | ||
| Title: | HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect image attribute verification" in 2D. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-2463 | Version: | 11 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19632 | |||
| Oval ID: | oval:org.mitre.oval:def:19632 | ||
| Title: | HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to insufficient "access restrictions" and "robustness of sound classes." | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-2448 | Version: | 11 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19641 | |||
| Oval ID: | oval:org.mitre.oval:def:19641 | ||
| Title: | HP-UX Running Java5 Runtime Environment (JRE) and Java Developer Kit (JDK), Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to execute arbitrary code via vectors related to AWT, as demonstrated by Ben Murphy during a Pwn2Own competition at CanSecWest 2013. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to invocation of the system class loader by the sun.awt.datatransfer.ClassLoaderObjectInputStream class, which allows remote attackers to bypass Java sandbox restrictions. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-0401 | Version: | 12 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19644 | |||
| Oval ID: | oval:org.mitre.oval:def:19644 | ||
| Title: | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability, related to I18n. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2012-0503 | Version: | 10 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19645 | |||
| Oval ID: | oval:org.mitre.oval:def:19645 | ||
| Title: | HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect availability via unknown vectors related to Serialization. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper handling of circular references in ObjectStreamClass. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-2450 | Version: | 11 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19652 | |||
| Oval ID: | oval:org.mitre.oval:def:19652 | ||
| Title: | HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect ByteBandedRaster size checks" in 2D. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-2473 | Version: | 11 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19665 | |||
| Oval ID: | oval:org.mitre.oval:def:19665 | ||
| Title: | HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Libraries, a different vulnerability than CVE-2013-2443 and CVE-2013-2455. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "network address handling in virtual machine identifiers" and the lack of "unique and unpredictable IDs" in the java.rmi.dgc.VMID class. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-2452 | Version: | 11 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19696 | |||
| Oval ID: | oval:org.mitre.oval:def:19696 | ||
| Title: | HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via vectors related to JMX. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is due to an incorrect implementation of "certain class checks" that allows remote attackers to bypass intended class restrictions. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-2457 | Version: | 11 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19709 | |||
| Oval ID: | oval:org.mitre.oval:def:19709 | ||
| Title: | HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via "an error related to method handles." | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-2458 | Version: | 11 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19776 | |||
| Oval ID: | oval:org.mitre.oval:def:19776 | ||
| Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Solaris and Linux; 5.0 Update 27 and earlier for Solaris and Linux; and 1.4.2_29 and earlier for Solaris and Linux allows local standalone applications to affect confidentiality, integrity, and availability via unknown vectors related to Launcher. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is an untrusted search path vulnerability involving an empty LD_LIBRARY_PATH environment variable. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-4450 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19813 | |||
| Oval ID: | oval:org.mitre.oval:def:19813 | ||
| Title: | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote attackers to affect confidentiality and availability via unknown vectors related to Sound. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2011-3563 | Version: | 10 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19829 | |||
| Oval ID: | oval:org.mitre.oval:def:19829 | ||
| Title: | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Serialization. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2012-0505 | Version: | 10 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19842 | |||
| Oval ID: | oval:org.mitre.oval:def:19842 | ||
| Title: | HP-UX Running Java, Remote Execution of Arbitrary Code, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier, and 6 Update 34 and earlier, has no impact and remote attack vectors involving AWT and "a security-in-depth issue that is not directly exploitable but which can be used to aggravate security vulnerabilities that can be directly exploited." NOTE: this identifier was assigned by the Oracle CNA, but CVE is not intended to cover defense-in-depth issues that are only exposed by the presence of other vulnerabilities. NOTE: Oracle has not commented on claims from a downstream vendor that this issue is related to "toolkit internals references." | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2012-0547 | Version: | 10 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19857 | |||
| Oval ID: | oval:org.mitre.oval:def:19857 | ||
| Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to Networking. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue involves "DNS cache poisoning by untrusted applets." | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-4448 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19986 | |||
| Oval ID: | oval:org.mitre.oval:def:19986 | ||
| Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23, and, and earlier allows remote attackers to affect availability via unknown vectors related to JAXP and unspecified APIs. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is related to "Features set on SchemaFactory not inherited by Validator." | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-4470 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.1 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20077 | |||
| Oval ID: | oval:org.mitre.oval:def:20077 | ||
| Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
| Description: | Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow that triggers memory corruption via large values in a subsample of a JPEG image, related to JPEGImageWriter.writeImage in the imageio API. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-3565 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20094 | |||
| Oval ID: | oval:org.mitre.oval:def:20094 | ||
| Title: | DSA-2768-1 icedtea-web - heap-based buffer overflow | ||
| Description: | A heap-based buffer overflow vulnerability was found in icedtea-web, a web browser plugin for running applets written in the Java programming language. If a user were tricked into opening a malicious website, an attacker could cause the plugin to crash or possibly execute arbitrary code as the user invoking the program. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2768-1 CVE-2013-4349 CVE-2012-4540 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 7 Debian GNU/kFreeBSD 7 | Product(s): | icedtea-web |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20157 | |||
| Oval ID: | oval:org.mitre.oval:def:20157 | ||
| Title: | RHSA-2013:0246: java-1.6.0-openjdk security update (Important) | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient validation of raster parameters" in awt_parseImage.c, which triggers memory corruption. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2013:0246-00 CESA-2013:0246 CVE-2013-0424 CVE-2013-0425 CVE-2013-0426 CVE-2013-0427 CVE-2013-0428 CVE-2013-0429 CVE-2013-0432 CVE-2013-0433 CVE-2013-0434 CVE-2013-0435 CVE-2013-0440 CVE-2013-0441 CVE-2013-0442 CVE-2013-0443 CVE-2013-0445 CVE-2013-0450 CVE-2013-1475 CVE-2013-1476 CVE-2013-1478 CVE-2013-1480 | Version: | 283 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | java-1.6.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20185 | |||
| Oval ID: | oval:org.mitre.oval:def:20185 | ||
| Title: | RHSA-2013:0601: java-1.6.0-sun security update (Critical) | ||
| Description: | The color management (CMM) functionality in the 2D component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (crash) via an image with crafted raster parameters, which triggers (1) an out-of-bounds read or (2) memory corruption in the JVM, as exploited in the wild in February 2013. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2013:0601-02 CVE-2013-0809 CVE-2013-1493 | Version: | 31 |
| Platform(s): | Red Hat Enterprise Linux 6 | Product(s): | java-1.6.0-sun |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20190 | |||
| Oval ID: | oval:org.mitre.oval:def:20190 | ||
| Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
| Description: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to missing validation of request headers in the HttpURLConnection class when they are set by applets, which allows remote attackers to bypass the intended security policy. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-3573 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20195 | |||
| Oval ID: | oval:org.mitre.oval:def:20195 | ||
| Title: | Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
| Description: | Unspecified vulnerability in the Java Naming and Directory Interface (JNDI) component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this allows remote attackers to determine internal IP addresses or "otherwise-protected internal network names." | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-3548 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20243 | |||
| Oval ID: | oval:org.mitre.oval:def:20243 | ||
| Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, and 5.0 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to 2D. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is related to the exposure of system properties via vectors related to Font.createFont and exception text. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-4471 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.1 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20270 | |||
| Oval ID: | oval:org.mitre.oval:def:20270 | ||
| Title: | Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
| Description: | Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to unsafe reflection involving the UIDefault.ProxyLazyValue class. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-3553 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.0 VMWare ESX Server 4.1 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20272 | |||
| Oval ID: | oval:org.mitre.oval:def:20272 | ||
| Title: | Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
| Description: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality via unknown vectors. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-3551 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.0 VMWare ESX Server 4.1 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20306 | |||
| Oval ID: | oval:org.mitre.oval:def:20306 | ||
| Title: | Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
| Description: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-3574 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.0 VMWare ESX Server 4.1 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20333 | |||
| Oval ID: | oval:org.mitre.oval:def:20333 | ||
| Title: | RHSA-2013:0605: java-1.6.0-openjdk security update (Critical) | ||
| Description: | The color management (CMM) functionality in the 2D component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (crash) via an image with crafted raster parameters, which triggers (1) an out-of-bounds read or (2) memory corruption in the JVM, as exploited in the wild in February 2013. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2013:0605-02 CESA-2013:0605 CVE-2013-0809 CVE-2013-1493 | Version: | 31 |
| Platform(s): | Red Hat Enterprise Linux 6 CentOS Linux 6 | Product(s): | java-1.6.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20336 | |||
| Oval ID: | oval:org.mitre.oval:def:20336 | ||
| Title: | Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
| Description: | Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to the modification of "behavior and state of certain JDK classes" and "mutable static." | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-3557 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.0 VMWare ESX Server 4.1 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20357 | |||
| Oval ID: | oval:org.mitre.oval:def:20357 | ||
| Title: | Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
| Description: | The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-3555 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20443 | |||
| Oval ID: | oval:org.mitre.oval:def:20443 | ||
| Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this allows remote attackers to execute arbitrary code by causing the defaultReadObject method in the Serialization API to set a volatile field multiple times. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-3569 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20453 | |||
| Oval ID: | oval:org.mitre.oval:def:20453 | ||
| Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
| Description: | Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update and 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow that leads to a buffer overflow via a crafted devs (device information) tag structure in a color profile. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-3566 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20460 | |||
| Oval ID: | oval:org.mitre.oval:def:20460 | ||
| Title: | Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
| Description: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is an HTTP request splitting vulnerability involving the handling of the chunked transfer encoding method by the HttpURLConnection class. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-3549 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.0 VMWare ESX Server 4.1 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20492 | |||
| Oval ID: | oval:org.mitre.oval:def:20492 | ||
| Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
| Description: | Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is a double free vulnerability in IndexColorModel that allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-3562 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20504 | |||
| Oval ID: | oval:org.mitre.oval:def:20504 | ||
| Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to HotSpot. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2011-0864 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20505 | |||
| Oval ID: | oval:org.mitre.oval:def:20505 | ||
| Title: | Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
| Description: | Unspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to "permissions granted to certain system objects." | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-3554 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.0 VMWare ESX Server 4.1 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20534 | |||
| Oval ID: | oval:org.mitre.oval:def:20534 | ||
| Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
| Description: | Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to a calculation error in right-to-left text character counts for the ICU OpenType font rendering implementation, which triggers an out-of-bounds memory access. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-3567 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20543 | |||
| Oval ID: | oval:org.mitre.oval:def:20543 | ||
| Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to HotSpot. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is heap corruption related to the Verifier and "backward jsrs." | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-4469 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20544 | |||
| Oval ID: | oval:org.mitre.oval:def:20544 | ||
| Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to Deserialization. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2011-0865 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20557 | |||
| Oval ID: | oval:org.mitre.oval:def:20557 | ||
| Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is a race condition related to deserialization. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-3568 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20558 | |||
| Oval ID: | oval:org.mitre.oval:def:20558 | ||
| Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
| Description: | Unspecified vulnerability in the Java Naming and Directory Interface (JNDI) component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this allows remote attackers to determine internal IP addresses or "otherwise-protected internal network names." | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-3548 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.1 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20565 | |||
| Oval ID: | oval:org.mitre.oval:def:20565 | ||
| Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote attackers to affect availability, related to XML Digital Signature and unspecified APIs. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue involves the replacement of the "XML DSig Transform or C14N algorithm implementations." | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-4472 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.1 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20575 | |||
| Oval ID: | oval:org.mitre.oval:def:20575 | ||
| Title: | RHSA-2013:0274: java-1.6.0-openjdk security update (Important) | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier, 6 Update 39 and earlier, and 5.0 Update 39 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2013:0274-00 CESA-2013:0274 CVE-2013-0169 CVE-2013-1486 | Version: | 31 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | java-1.6.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20580 | |||
| Oval ID: | oval:org.mitre.oval:def:20580 | ||
| Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Swing. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is related to the lack of framework support by AWT event dispatch, and/or "clipboard access in Applets." | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-4465 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20591 | |||
| Oval ID: | oval:org.mitre.oval:def:20591 | ||
| Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
| Description: | Unspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this involves the use of the privileged accept method in the ServerSocket class, which does not limit which hosts can connect and allows remote attackers to bypass intended network access restrictions. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-3561 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.1 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20596 | |||
| Oval ID: | oval:org.mitre.oval:def:20596 | ||
| Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 10 through 6 Update 23 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-4467 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.1 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20597 | |||
| Oval ID: | oval:org.mitre.oval:def:20597 | ||
| Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
| Description: | Multiple unspecified vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allow remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2011-0862 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20649 | |||
| Oval ID: | oval:org.mitre.oval:def:20649 | ||
| Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
| Description: | The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-4476 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20679 | |||
| Oval ID: | oval:org.mitre.oval:def:20679 | ||
| Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Swing. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2011-0871 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20744 | |||
| Oval ID: | oval:org.mitre.oval:def:20744 | ||
| Title: | RHSA-2013:0602: java-1.7.0-openjdk security update (Critical) | ||
| Description: | The color management (CMM) functionality in the 2D component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (crash) via an image with crafted raster parameters, which triggers (1) an out-of-bounds read or (2) memory corruption in the JVM, as exploited in the wild in February 2013. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2013:0602-01 CESA-2013:0602 CVE-2013-0809 CVE-2013-1493 | Version: | 31 |
| Platform(s): | Red Hat Enterprise Linux 6 CentOS Linux 6 | Product(s): | java-1.7.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20766 | |||
| Oval ID: | oval:org.mitre.oval:def:20766 | ||
| Title: | RHSA-2013:0273: java-1.6.0-openjdk security update (Critical) | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier, 6 Update 39 and earlier, and 5.0 Update 39 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2013:0273-01 CESA-2013:0273 CVE-2013-0169 CVE-2013-1486 | Version: | 31 |
| Platform(s): | Red Hat Enterprise Linux 6 CentOS Linux 6 | Product(s): | java-1.6.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20775 | |||
| Oval ID: | oval:org.mitre.oval:def:20775 | ||
| Title: | RHSA-2013:0604: java-1.6.0-openjdk security update (Important) | ||
| Description: | The color management (CMM) functionality in the 2D component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (crash) via an image with crafted raster parameters, which triggers (1) an out-of-bounds read or (2) memory corruption in the JVM, as exploited in the wild in February 2013. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2013:0604-00 CESA-2013:0604 CVE-2013-0809 CVE-2013-1493 | Version: | 31 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | java-1.6.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20778 | |||
| Oval ID: | oval:org.mitre.oval:def:20778 | ||
| Title: | RHSA-2013:0275: java-1.7.0-openjdk security update (Important) | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier, 6 Update 39 and earlier, and 5.0 Update 39 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2013:0275-01 CESA-2013:0275 CVE-2013-0169 CVE-2013-1484 CVE-2013-1485 CVE-2013-1486 | Version: | 59 |
| Platform(s): | Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 5 CentOS Linux 5 CentOS Linux 6 | Product(s): | java-1.7.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20786 | |||
| Oval ID: | oval:org.mitre.oval:def:20786 | ||
| Title: | VMware vSphere, ESX and ESXi updates to third party libraries | ||
| Description: | The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-0169 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20835 | |||
| Oval ID: | oval:org.mitre.oval:def:20835 | ||
| Title: | RHSA-2013:0245: java-1.6.0-openjdk security update (Critical) | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient validation of raster parameters" in awt_parseImage.c, which triggers memory corruption. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2013:0245-02 CESA-2013:0245 CVE-2013-0424 CVE-2013-0425 CVE-2013-0426 CVE-2013-0427 CVE-2013-0428 CVE-2013-0429 CVE-2013-0432 CVE-2013-0433 CVE-2013-0434 CVE-2013-0435 CVE-2013-0440 CVE-2013-0441 CVE-2013-0442 CVE-2013-0443 CVE-2013-0445 CVE-2013-0450 CVE-2013-1475 CVE-2013-1476 CVE-2013-1478 CVE-2013-1480 | Version: | 283 |
| Platform(s): | Red Hat Enterprise Linux 6 CentOS Linux 6 | Product(s): | java-1.6.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20870 | |||
| Oval ID: | oval:org.mitre.oval:def:20870 | ||
| Title: | RHSA-2013:0600: java-1.7.0-oracle security update (Critical) | ||
| Description: | The color management (CMM) functionality in the 2D component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (crash) via an image with crafted raster parameters, which triggers (1) an out-of-bounds read or (2) memory corruption in the JVM, as exploited in the wild in February 2013. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2013:0600-02 CVE-2013-0809 CVE-2013-1493 | Version: | 31 |
| Platform(s): | Red Hat Enterprise Linux 6 | Product(s): | java-1.7.0-oracle |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20981 | |||
| Oval ID: | oval:org.mitre.oval:def:20981 | ||
| Title: | RHSA-2013:0247: java-1.7.0-openjdk security update (Important) | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient validation of raster parameters" in awt_parseImage.c, which triggers memory corruption. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2013:0247-01 CESA-2013:0247 CVE-2013-0424 CVE-2013-0425 CVE-2013-0426 CVE-2013-0427 CVE-2013-0428 CVE-2013-0429 CVE-2013-0431 CVE-2013-0432 CVE-2013-0433 CVE-2013-0434 CVE-2013-0435 CVE-2013-0440 CVE-2013-0441 CVE-2013-0442 CVE-2013-0443 CVE-2013-0444 CVE-2013-0445 CVE-2013-0450 CVE-2013-1475 CVE-2013-1476 CVE-2013-1478 CVE-2013-1480 | Version: | 311 |
| Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 CentOS Linux 5 CentOS Linux 6 | Product(s): | java-1.7.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21045 | |||
| Oval ID: | oval:org.mitre.oval:def:21045 | ||
| Title: | RHSA-2012:1132: icedtea-web security update (Important) | ||
| Description: | The IcedTea-Web plugin before 1.2.1 does not properly handle NPVariant NPStrings without NUL terminators, which allows remote attackers to cause a denial of service (crash), obtain sensitive information from memory, or execute arbitrary code via a crafted Java applet. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2012:1132-01 CESA-2012:1132 CVE-2012-3422 CVE-2012-3423 | Version: | 29 |
| Platform(s): | Red Hat Enterprise Linux 6 CentOS Linux 6 | Product(s): | icedtea-web |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:21056 | |||
| Oval ID: | oval:org.mitre.oval:def:21056 | ||
| Title: | RHSA-2011:0857: java-1.6.0-openjdk security update (Important) | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Swing. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2011:0857-01 CESA-2011:0857 CVE-2011-0862 CVE-2011-0864 CVE-2011-0865 CVE-2011-0867 CVE-2011-0868 CVE-2011-0869 CVE-2011-0871 | Version: | 94 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | java-1.6.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21074 | |||
| Oval ID: | oval:org.mitre.oval:def:21074 | ||
| Title: | RHSA-2013:0751: java-1.7.0-openjdk security update (Critical) | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-1488 and CVE-2013-2426. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect "type checks" and "method handle binding" involving Wrapper.convert. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2013:0751-01 CESA-2013:0751 CVE-2013-0401 CVE-2013-1488 CVE-2013-1518 CVE-2013-1537 CVE-2013-1557 CVE-2013-1558 CVE-2013-1569 CVE-2013-2383 CVE-2013-2384 CVE-2013-2415 CVE-2013-2417 CVE-2013-2419 CVE-2013-2420 CVE-2013-2421 CVE-2013-2422 CVE-2013-2423 CVE-2013-2424 CVE-2013-2426 CVE-2013-2429 CVE-2013-2430 CVE-2013-2431 CVE-2013-2436 | Version: | 311 |
| Platform(s): | Red Hat Enterprise Linux 6 CentOS Linux 6 | Product(s): | java-1.7.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21079 | |||
| Oval ID: | oval:org.mitre.oval:def:21079 | ||
| Title: | RHSA-2013:0587: openssl security update (Moderate) | ||
| Description: | The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2013:0587-01 CESA-2013:0587 CVE-2012-4929 CVE-2013-0166 CVE-2013-0169 | Version: | 45 |
| Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 CentOS Linux 5 CentOS Linux 6 | Product(s): | openssl |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21129 | |||
| Oval ID: | oval:org.mitre.oval:def:21129 | ||
| Title: | RHSA-2013:1804: libjpeg security update (Moderate) | ||
| Description: | The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2013:1804-00 CESA-2013:1804 CVE-2013-6629 | Version: | 4 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | libjpeg |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21135 | |||
| Oval ID: | oval:org.mitre.oval:def:21135 | ||
| Title: | RHSA-2013:0957: java-1.7.0-openjdk security update (Critical) | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect ByteBandedRaster size checks" in 2D. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2013:0957-00 CESA-2013:0957 CVE-2013-1500 CVE-2013-1571 CVE-2013-2407 CVE-2013-2412 CVE-2013-2443 CVE-2013-2444 CVE-2013-2445 CVE-2013-2446 CVE-2013-2447 CVE-2013-2448 CVE-2013-2449 CVE-2013-2450 CVE-2013-2452 CVE-2013-2453 CVE-2013-2454 CVE-2013-2455 CVE-2013-2456 CVE-2013-2457 CVE-2013-2458 CVE-2013-2459 CVE-2013-2460 CVE-2013-2461 CVE-2013-2463 CVE-2013-2465 CVE-2013-2469 CVE-2013-2470 CVE-2013-2471 CVE-2013-2472 CVE-2013-2473 | Version: | 409 |
| Platform(s): | Red Hat Enterprise Linux 6 CentOS Linux 6 | Product(s): | java-1.7.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21156 | |||
| Oval ID: | oval:org.mitre.oval:def:21156 | ||
| Title: | RHSA-2013:0603: java-1.7.0-openjdk security update (Important) | ||
| Description: | The color management (CMM) functionality in the 2D component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (crash) via an image with crafted raster parameters, which triggers (1) an out-of-bounds read or (2) memory corruption in the JVM, as exploited in the wild in February 2013. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2013:0603-00 CESA-2013:0603 CVE-2013-0809 CVE-2013-1493 | Version: | 31 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | java-1.7.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21176 | |||
| Oval ID: | oval:org.mitre.oval:def:21176 | ||
| Title: | RHSA-2012:0730: java-1.6.0-openjdk security update (Important) | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, and 5 update 35 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2012:0730-00 CESA-2012:0730 CVE-2012-1711 CVE-2012-1713 CVE-2012-1716 CVE-2012-1717 CVE-2012-1718 CVE-2012-1719 CVE-2012-1723 CVE-2012-1724 CVE-2012-1725 | Version: | 120 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | java-1.6.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21222 | |||
| Oval ID: | oval:org.mitre.oval:def:21222 | ||
| Title: | RHSA-2013:0958: java-1.7.0-openjdk security update (Important) | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect ByteBandedRaster size checks" in 2D. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2013:0958-00 CESA-2013:0958 CVE-2013-1500 CVE-2013-1571 CVE-2013-2407 CVE-2013-2412 CVE-2013-2443 CVE-2013-2444 CVE-2013-2445 CVE-2013-2446 CVE-2013-2447 CVE-2013-2448 CVE-2013-2449 CVE-2013-2450 CVE-2013-2452 CVE-2013-2453 CVE-2013-2454 CVE-2013-2455 CVE-2013-2456 CVE-2013-2457 CVE-2013-2458 CVE-2013-2459 CVE-2013-2460 CVE-2013-2461 CVE-2013-2463 CVE-2013-2465 CVE-2013-2469 CVE-2013-2470 CVE-2013-2471 CVE-2013-2472 CVE-2013-2473 | Version: | 409 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | java-1.7.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21236 | |||
| Oval ID: | oval:org.mitre.oval:def:21236 | ||
| Title: | The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image. | ||
| Description: | The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-6629 | Version: | 15 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Google Chrome Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21255 | |||
| Oval ID: | oval:org.mitre.oval:def:21255 | ||
| Title: | RHSA-2010:0155: java-1.4.2-ibm security and bug fix update (Moderate) | ||
| Description: | The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2010:0155-01 CVE-2009-3555 | Version: | 4 |
| Platform(s): | Red Hat Enterprise Linux 5 | Product(s): | java-1.4.2-ibm |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21309 | |||
| Oval ID: | oval:org.mitre.oval:def:21309 | ||
| Title: | RHSA-2012:0729: java-1.6.0-openjdk security update (Critical) | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, and 5 update 35 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2012:0729-01 CESA-2012:0729 CVE-2012-1711 CVE-2012-1713 CVE-2012-1716 CVE-2012-1717 CVE-2012-1718 CVE-2012-1719 CVE-2012-1723 CVE-2012-1724 CVE-2012-1725 | Version: | 120 |
| Platform(s): | Red Hat Enterprise Linux 6 CentOS Linux 6 | Product(s): | java-1.6.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21420 | |||
| Oval ID: | oval:org.mitre.oval:def:21420 | ||
| Title: | RHSA-2011:0336: tomcat5 security update (Important) | ||
| Description: | The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2011:0336-01 CESA-2011:0336 CVE-2010-4476 | Version: | 4 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | tomcat5 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21422 | |||
| Oval ID: | oval:org.mitre.oval:def:21422 | ||
| Title: | RHSA-2012:1385: java-1.6.0-openjdk security update (Important) | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JMX. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2012:1385-00 CESA-2012:1385 CVE-2012-3216 CVE-2012-4416 CVE-2012-5068 CVE-2012-5069 CVE-2012-5071 CVE-2012-5072 CVE-2012-5073 CVE-2012-5075 CVE-2012-5077 CVE-2012-5079 CVE-2012-5081 CVE-2012-5084 CVE-2012-5085 CVE-2012-5086 CVE-2012-5089 | Version: | 198 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | java-1.6.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21487 | |||
| Oval ID: | oval:org.mitre.oval:def:21487 | ||
| Title: | RHSA-2011:0856: java-1.6.0-openjdk security update (Critical) | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Swing. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2011:0856-01 CVE-2011-0862 CVE-2011-0864 CVE-2011-0865 CVE-2011-0867 CVE-2011-0868 CVE-2011-0869 CVE-2011-0871 | Version: | 94 |
| Platform(s): | Red Hat Enterprise Linux 6 | Product(s): | java-1.6.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21498 | |||
| Oval ID: | oval:org.mitre.oval:def:21498 | ||
| Title: | RHSA-2011:0152: java-1.4.2-ibm security update (Moderate) | ||
| Description: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2011:0152-01 CVE-2010-1321 CVE-2010-3574 | Version: | 29 |
| Platform(s): | Red Hat Enterprise Linux 5 | Product(s): | java-1.4.2-ibm |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21550 | |||
| Oval ID: | oval:org.mitre.oval:def:21550 | ||
| Title: | RHSA-2012:1434: icedtea-web security update (Critical) | ||
| Description: | Off-by-one error in the invoke function in IcedTeaScriptablePluginObject.cc in IcedTea-Web 1.1.x before 1.1.7, 1.2.x before 1.2.2, 1.3.x before 1.3.1, and 1.4.x before 1.4.1 allows remote attackers to obtain sensitive information, cause a denial of service (crash), or possibly execute arbitrary code via a crafted webpage that triggers a heap-based buffer overflow, related to an error message and a "triggering event attached to applet." NOTE: the 1.4.x versions were originally associated with CVE-2013-4349, but that entry has been MERGED with this one. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2012:1434-01 CESA-2012:1434 CVE-2012-4540 | Version: | 4 |
| Platform(s): | Red Hat Enterprise Linux 6 CentOS Linux 6 | Product(s): | icedtea-web |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:21576 | |||
| Oval ID: | oval:org.mitre.oval:def:21576 | ||
| Title: | HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 allows remote attackers to affect availability via unknown vectors. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-4002 | Version: | 9 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21580 | |||
| Oval ID: | oval:org.mitre.oval:def:21580 | ||
| Title: | RHSA-2012:1009: java-1.7.0-openjdk security and bug fix update (Important) | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2012:1009-01 CESA-2012:1009 CVE-2012-1711 CVE-2012-1713 CVE-2012-1716 CVE-2012-1717 CVE-2012-1718 CVE-2012-1719 CVE-2012-1723 CVE-2012-1724 CVE-2012-1725 CVE-2012-1726 | Version: | 133 |
| Platform(s): | Red Hat Enterprise Linux 6 CentOS Linux 6 | Product(s): | java-1.7.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21586 | |||
| Oval ID: | oval:org.mitre.oval:def:21586 | ||
| Title: | RHSA-2012:1386: java-1.7.0-openjdk security update (Important) | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JMX. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2012:1386-02 CESA-2012:1386 CVE-2012-3216 CVE-2012-4416 CVE-2012-5068 CVE-2012-5069 CVE-2012-5070 CVE-2012-5071 CVE-2012-5072 CVE-2012-5073 CVE-2012-5074 CVE-2012-5075 CVE-2012-5076 CVE-2012-5077 CVE-2012-5079 CVE-2012-5081 CVE-2012-5084 CVE-2012-5085 CVE-2012-5086 CVE-2012-5087 CVE-2012-5088 CVE-2012-5089 | Version: | 263 |
| Platform(s): | Red Hat Enterprise Linux 6 CentOS Linux 6 | Product(s): | java-1.7.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21587 | |||
| Oval ID: | oval:org.mitre.oval:def:21587 | ||
| Title: | RHSA-2010:0165: nss security update (Moderate) | ||
| Description: | The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2010:0165-01 CESA-2010:0165 CVE-2009-3555 | Version: | 4 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | nspr nss |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21593 | |||
| Oval ID: | oval:org.mitre.oval:def:21593 | ||
| Title: | RHSA-2012:1384: java-1.6.0-openjdk security update (Critical) | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JMX. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2012:1384-01 CESA-2012:1384 CVE-2012-3216 CVE-2012-4416 CVE-2012-5068 CVE-2012-5069 CVE-2012-5071 CVE-2012-5072 CVE-2012-5073 CVE-2012-5075 CVE-2012-5077 CVE-2012-5079 CVE-2012-5081 CVE-2012-5084 CVE-2012-5085 CVE-2012-5086 CVE-2012-5089 | Version: | 198 |
| Platform(s): | Red Hat Enterprise Linux 6 CentOS Linux 6 | Product(s): | java-1.6.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21713 | |||
| Oval ID: | oval:org.mitre.oval:def:21713 | ||
| Title: | RHSA-2011:0214: java-1.6.0-openjdk security update (Moderate) | ||
| Description: | The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2011:0214-01 CVE-2010-4476 CESA-2011:0214-CentOS 5 | Version: | 6 |
| Platform(s): | Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | java-1.6.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21716 | |||
| Oval ID: | oval:org.mitre.oval:def:21716 | ||
| Title: | RHSA-2010:0768: java-1.6.0-openjdk security and bug fix update (Important) | ||
| Description: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2010:0768-01 CESA-2010:0768 CVE-2009-3555 CVE-2010-3541 CVE-2010-3548 CVE-2010-3549 CVE-2010-3551 CVE-2010-3553 CVE-2010-3554 CVE-2010-3557 CVE-2010-3561 CVE-2010-3562 CVE-2010-3564 CVE-2010-3565 CVE-2010-3567 CVE-2010-3568 CVE-2010-3569 CVE-2010-3573 CVE-2010-3574 | Version: | 224 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | java-1.6.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21749 | |||
| Oval ID: | oval:org.mitre.oval:def:21749 | ||
| Title: | RHSA-2011:0176: java-1.6.0-openjdk security update (Moderate) | ||
| Description: | The JNLP SecurityManager in IcedTea (IcedTea.so) 1.7 before 1.7.7, 1.8 before 1.8.4, and 1.9 before 1.9.4 for Java OpenJDK returns from the checkPermission method instead of throwing an exception in certain circumstances, which might allow context-dependent attackers to bypass the intended security policy by creating instances of ClassLoader. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2011:0176-01 CESA-2011:0176 CVE-2010-3860 CVE-2010-4351 | Version: | 29 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | java-1.6.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21828 | |||
| Oval ID: | oval:org.mitre.oval:def:21828 | ||
| Title: | RHSA-2010:0166: gnutls security update (Moderate) | ||
| Description: | The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2010:0166-01 CESA-2010:0166 CVE-2009-2409 CVE-2009-3555 | Version: | 29 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | gnutls |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21832 | |||
| Oval ID: | oval:org.mitre.oval:def:21832 | ||
| Title: | HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and JavaFX 2.2.40 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Javadoc. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-5797 | Version: | 9 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21843 | |||
| Oval ID: | oval:org.mitre.oval:def:21843 | ||
| Title: | HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-5829 | Version: | 9 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21877 | |||
| Oval ID: | oval:org.mitre.oval:def:21877 | ||
| Title: | RHSA-2010:0164: openssl097a security update (Moderate) | ||
| Description: | The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2010:0164-01 CESA-2010:0164 CVE-2009-3555 | Version: | 4 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | openssl097a |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:21907 | |||
| Oval ID: | oval:org.mitre.oval:def:21907 | ||
| Title: | RHSA-2011:0292: java-1.4.2-ibm security update (Moderate) | ||
| Description: | The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2011:0292-01 CVE-2010-4476 | Version: | 4 |
| Platform(s): | Red Hat Enterprise Linux 5 | Product(s): | java-1.4.2-ibm |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21918 | |||
| Oval ID: | oval:org.mitre.oval:def:21918 | ||
| Title: | HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in the Java SE, Java SE Embedded component in Oracle Java SE Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-3829 | Version: | 9 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21931 | |||
| Oval ID: | oval:org.mitre.oval:def:21931 | ||
| Title: | RHSA-2011:0281: java-1.6.0-openjdk security update (Important) | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote attackers to affect availability, related to XML Digital Signature and unspecified APIs. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue involves the replacement of the "XML DSig Transform or C14N algorithm implementations." | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2011:0281-01 CVE-2010-4448 CVE-2010-4450 CVE-2010-4465 CVE-2010-4469 CVE-2010-4470 CVE-2010-4472 CESA-2011:0281-CentOS 5 | Version: | 83 |
| Platform(s): | Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | java-1.6.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21978 | |||
| Oval ID: | oval:org.mitre.oval:def:21978 | ||
| Title: | HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Swing. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-5783 | Version: | 9 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21993 | |||
| Oval ID: | oval:org.mitre.oval:def:21993 | ||
| Title: | HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JNDI. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-5817 | Version: | 9 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22015 | |||
| Oval ID: | oval:org.mitre.oval:def:22015 | ||
| Title: | HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-5809 | Version: | 9 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22046 | |||
| Oval ID: | oval:org.mitre.oval:def:22046 | ||
| Title: | HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Libraries. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-5780 | Version: | 9 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22124 | |||
| Oval ID: | oval:org.mitre.oval:def:22124 | ||
| Title: | RHSA-2010:0770: java-1.6.0-sun security update (Critical) | ||
| Description: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2010:0770-01 CVE-2009-3555 CVE-2010-1321 CVE-2010-3541 CVE-2010-3548 CVE-2010-3549 CVE-2010-3550 CVE-2010-3551 CVE-2010-3552 CVE-2010-3553 CVE-2010-3554 CVE-2010-3555 CVE-2010-3556 CVE-2010-3557 CVE-2010-3558 CVE-2010-3559 CVE-2010-3560 CVE-2010-3561 CVE-2010-3562 CVE-2010-3563 CVE-2010-3565 CVE-2010-3566 CVE-2010-3567 CVE-2010-3568 CVE-2010-3569 CVE-2010-3570 CVE-2010-3571 CVE-2010-3572 CVE-2010-3573 CVE-2010-3574 | Version: | 380 |
| Platform(s): | Red Hat Enterprise Linux 5 | Product(s): | java-1.6.0-sun |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22137 | |||
| Oval ID: | oval:org.mitre.oval:def:22137 | ||
| Title: | HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-5814 | Version: | 9 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22176 | |||
| Oval ID: | oval:org.mitre.oval:def:22176 | ||
| Title: | HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in the Java SE component in Oracle Java SE Java SE 7u40 and earlier and Java SE 6u60 and earlier allows remote attackers to affect integrity via unknown vectors related to jhat. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-5772 | Version: | 9 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22202 | |||
| Oval ID: | oval:org.mitre.oval:def:22202 | ||
| Title: | HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, 6u60 and earlier, 5.0u51 and earlier, and Embedded 7u40 and earlier allows remote attackers to affect confidentiality via unknown vectors related to 2D. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-5778 | Version: | 9 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22205 | |||
| Oval ID: | oval:org.mitre.oval:def:22205 | ||
| Title: | HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Swing, a different vulnerability than CVE-2013-5805. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-5806 | Version: | 9 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22237 | |||
| Oval ID: | oval:org.mitre.oval:def:22237 | ||
| Title: | HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Libraries. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-5840 | Version: | 9 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22239 | |||
| Oval ID: | oval:org.mitre.oval:def:22239 | ||
| Title: | HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, and JRockit R27.7.6 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Javadoc. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-5804 | Version: | 9 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22241 | |||
| Oval ID: | oval:org.mitre.oval:def:22241 | ||
| Title: | HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, 6u60 and earlier, 5.0u51 and earlier, and Embedded 7u40 and earlier allows remote attackers to affect integrity via unknown vectors related to Libraries. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-5774 | Version: | 9 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22256 | |||
| Oval ID: | oval:org.mitre.oval:def:22256 | ||
| Title: | HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect integrity via vectors related to JAX-WS. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-5820 | Version: | 9 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22260 | |||
| Oval ID: | oval:org.mitre.oval:def:22260 | ||
| Title: | HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-5842 | Version: | 9 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22284 | |||
| Oval ID: | oval:org.mitre.oval:def:22284 | ||
| Title: | RHSA-2010:0935: java-1.4.2-ibm security update (Moderate) | ||
| Description: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2010:0935-01 CVE-2010-1321 CVE-2010-3574 | Version: | 29 |
| Platform(s): | Red Hat Enterprise Linux 5 | Product(s): | java-1.4.2-ibm |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22285 | |||
| Oval ID: | oval:org.mitre.oval:def:22285 | ||
| Title: | RHSA-2010:0865: java-1.6.0-openjdk security and bug fix update (Important) | ||
| Description: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2010:0865-02 CVE-2009-3555 CVE-2010-3541 CVE-2010-3548 CVE-2010-3549 CVE-2010-3551 CVE-2010-3553 CVE-2010-3554 CVE-2010-3557 CVE-2010-3561 CVE-2010-3562 CVE-2010-3564 CVE-2010-3565 CVE-2010-3567 CVE-2010-3568 CVE-2010-3569 CVE-2010-3573 CVE-2010-3574 | Version: | 224 |
| Platform(s): | Red Hat Enterprise Linux 6 | Product(s): | java-1.6.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22342 | |||
| Oval ID: | oval:org.mitre.oval:def:22342 | ||
| Title: | RHSA-2010:0873: java-1.5.0-ibm security update (Critical) | ||
| Description: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2010:0873-02 CVE-2010-1321 CVE-2010-3541 CVE-2010-3548 CVE-2010-3549 CVE-2010-3550 CVE-2010-3551 CVE-2010-3556 CVE-2010-3559 CVE-2010-3562 CVE-2010-3565 CVE-2010-3566 CVE-2010-3568 CVE-2010-3569 CVE-2010-3572 CVE-2010-3573 CVE-2010-3574 | Version: | 211 |
| Platform(s): | Red Hat Enterprise Linux 6 | Product(s): | java-1.5.0-ibm |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22361 | |||
| Oval ID: | oval:org.mitre.oval:def:22361 | ||
| Title: | RHSA-2010:0807: java-1.5.0-ibm security update (Critical) | ||
| Description: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2010:0807-01 CVE-2009-3555 CVE-2010-1321 CVE-2010-3541 CVE-2010-3548 CVE-2010-3549 CVE-2010-3550 CVE-2010-3551 CVE-2010-3556 CVE-2010-3559 CVE-2010-3562 CVE-2010-3565 CVE-2010-3566 CVE-2010-3568 CVE-2010-3569 CVE-2010-3572 CVE-2010-3573 CVE-2010-3574 | Version: | 224 |
| Platform(s): | Red Hat Enterprise Linux 5 | Product(s): | java-1.5.0-ibm |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22386 | |||
| Oval ID: | oval:org.mitre.oval:def:22386 | ||
| Title: | HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Swing, a different vulnerability than CVE-2013-5806. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-5805 | Version: | 9 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22463 | |||
| Oval ID: | oval:org.mitre.oval:def:22463 | ||
| Title: | HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to BEANS. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-5790 | Version: | 9 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22466 | |||
| Oval ID: | oval:org.mitre.oval:def:22466 | ||
| Title: | HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAXP. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-5802 | Version: | 9 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22469 | |||
| Oval ID: | oval:org.mitre.oval:def:22469 | ||
| Title: | HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect integrity via vectors related to SCRIPTING. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-5784 | Version: | 9 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22475 | |||
| Oval ID: | oval:org.mitre.oval:def:22475 | ||
| Title: | HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect availability via vectors related to JAXP. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-5825 | Version: | 9 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22527 | |||
| Oval ID: | oval:org.mitre.oval:def:22527 | ||
| Title: | HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to AWT. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-5849 | Version: | 9 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22539 | |||
| Oval ID: | oval:org.mitre.oval:def:22539 | ||
| Title: | HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect availability via vectors related to JGSS. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-5803 | Version: | 9 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22567 | |||
| Oval ID: | oval:org.mitre.oval:def:22567 | ||
| Title: | HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-5782 | Version: | 9 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22570 | |||
| Oval ID: | oval:org.mitre.oval:def:22570 | ||
| Title: | HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-5850 | Version: | 9 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22571 | |||
| Oval ID: | oval:org.mitre.oval:def:22571 | ||
| Title: | HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-5830 | Version: | 9 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22580 | |||
| Oval ID: | oval:org.mitre.oval:def:22580 | ||
| Title: | HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect availability via unknown vectors related to Security. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-5823 | Version: | 9 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22663 | |||
| Oval ID: | oval:org.mitre.oval:def:22663 | ||
| Title: | ELSA-2011:0176: java-1.6.0-openjdk security update (Moderate) | ||
| Description: | The JNLP SecurityManager in IcedTea (IcedTea.so) 1.7 before 1.7.7, 1.8 before 1.8.4, and 1.9 before 1.9.4 for Java OpenJDK returns from the checkPermission method instead of throwing an exception in certain circumstances, which might allow context-dependent attackers to bypass the intended security policy by creating instances of ClassLoader. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2011:0176-01 CVE-2010-3860 CVE-2010-4351 | Version: | 13 |
| Platform(s): | Oracle Linux 5 | Product(s): | java-1.6.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22816 | |||
| Oval ID: | oval:org.mitre.oval:def:22816 | ||
| Title: | ELSA-2011:0152: java-1.4.2-ibm security update (Moderate) | ||
| Description: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2011:0152-01 CVE-2010-1321 CVE-2010-3574 | Version: | 13 |
| Platform(s): | Oracle Linux 5 | Product(s): | java-1.4.2-ibm |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22820 | |||
| Oval ID: | oval:org.mitre.oval:def:22820 | ||
| Title: | ELSA-2009:1579: httpd security update (Moderate) | ||
| Description: | The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2009:1579-02 CVE-2009-3094 CVE-2009-3095 CVE-2009-3555 | Version: | 17 |
| Platform(s): | Oracle Linux 5 | Product(s): | httpd |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:22826 | |||
| Oval ID: | oval:org.mitre.oval:def:22826 | ||
| Title: | ELSA-2011:0292: java-1.4.2-ibm security update (Moderate) | ||
| Description: | The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2011:0292-01 CVE-2010-4476 | Version: | 6 |
| Platform(s): | Oracle Linux 5 | Product(s): | java-1.4.2-ibm |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22845 | |||
| Oval ID: | oval:org.mitre.oval:def:22845 | ||
| Title: | ELSA-2011:0281: java-1.6.0-openjdk security update (Important) | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote attackers to affect availability, related to XML Digital Signature and unspecified APIs. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue involves the replacement of the "XML DSig Transform or C14N algorithm implementations." | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2011:0281-01 CVE-2010-4448 CVE-2010-4450 CVE-2010-4465 CVE-2010-4469 CVE-2010-4470 CVE-2010-4472 | Version: | 29 |
| Platform(s): | Oracle Linux 6 | Product(s): | java-1.6.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22873 | |||
| Oval ID: | oval:org.mitre.oval:def:22873 | ||
| Title: | ELSA-2010:0807: java-1.5.0-ibm security update (Critical) | ||
| Description: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2010:0807-01 CVE-2009-3555 CVE-2010-1321 CVE-2010-3541 CVE-2010-3548 CVE-2010-3549 CVE-2010-3550 CVE-2010-3551 CVE-2010-3556 CVE-2010-3559 CVE-2010-3562 CVE-2010-3565 CVE-2010-3566 CVE-2010-3568 CVE-2010-3569 CVE-2010-3572 CVE-2010-3573 CVE-2010-3574 | Version: | 73 |
| Platform(s): | Oracle Linux 5 | Product(s): | java-1.5.0-ibm |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22881 | |||
| Oval ID: | oval:org.mitre.oval:def:22881 | ||
| Title: | ELSA-2013:0246: java-1.6.0-openjdk security update (Important) | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient validation of raster parameters" in awt_parseImage.c, which triggers memory corruption. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2013:0246-00 CVE-2013-0424 CVE-2013-0425 CVE-2013-0426 CVE-2013-0427 CVE-2013-0428 CVE-2013-0429 CVE-2013-0432 CVE-2013-0433 CVE-2013-0434 CVE-2013-0435 CVE-2013-0440 CVE-2013-0441 CVE-2013-0442 CVE-2013-0443 CVE-2013-0445 CVE-2013-0450 CVE-2013-1475 CVE-2013-1476 CVE-2013-1478 CVE-2013-1480 | Version: | 85 |
| Platform(s): | Oracle Linux 5 | Product(s): | java-1.6.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22894 | |||
| Oval ID: | oval:org.mitre.oval:def:22894 | ||
| Title: | ELSA-2011:0857: java-1.6.0-openjdk security update (Important) | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Swing. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2011:0857-01 CVE-2011-0862 CVE-2011-0864 CVE-2011-0865 CVE-2011-0867 CVE-2011-0868 CVE-2011-0869 CVE-2011-0871 | Version: | 33 |
| Platform(s): | Oracle Linux 5 | Product(s): | java-1.6.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22913 | |||
| Oval ID: | oval:org.mitre.oval:def:22913 | ||
| Title: | ELSA-2010:0155: java-1.4.2-ibm security and bug fix update (Moderate) | ||
| Description: | The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2010:0155-01 CVE-2009-3555 | Version: | 6 |
| Platform(s): | Oracle Linux 5 | Product(s): | java-1.4.2-ibm |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22954 | |||
| Oval ID: | oval:org.mitre.oval:def:22954 | ||
| Title: | ELSA-2010:0770: java-1.6.0-sun security update (Critical) | ||
| Description: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2010:0770-01 CVE-2009-3555 CVE-2010-1321 CVE-2010-3541 CVE-2010-3548 CVE-2010-3549 CVE-2010-3550 CVE-2010-3551 CVE-2010-3552 CVE-2010-3553 CVE-2010-3554 CVE-2010-3555 CVE-2010-3556 CVE-2010-3557 CVE-2010-3558 CVE-2010-3559 CVE-2010-3560 CVE-2010-3561 CVE-2010-3562 CVE-2010-3563 CVE-2010-3565 CVE-2010-3566 CVE-2010-3567 CVE-2010-3568 CVE-2010-3569 CVE-2010-3570 CVE-2010-3571 CVE-2010-3572 CVE-2010-3573 CVE-2010-3574 | Version: | 121 |
| Platform(s): | Oracle Linux 5 | Product(s): | java-1.6.0-sun |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22962 | |||
| Oval ID: | oval:org.mitre.oval:def:22962 | ||
| Title: | ELSA-2010:0768: java-1.6.0-openjdk security and bug fix update (Important) | ||
| Description: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2010:0768-01 CVE-2009-3555 CVE-2010-3541 CVE-2010-3548 CVE-2010-3549 CVE-2010-3551 CVE-2010-3553 CVE-2010-3554 CVE-2010-3557 CVE-2010-3561 CVE-2010-3562 CVE-2010-3564 CVE-2010-3565 CVE-2010-3567 CVE-2010-3568 CVE-2010-3569 CVE-2010-3573 CVE-2010-3574 | Version: | 73 |
| Platform(s): | Oracle Linux 5 | Product(s): | java-1.6.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22977 | |||
| Oval ID: | oval:org.mitre.oval:def:22977 | ||
| Title: | ELSA-2011:0336: tomcat5 security update (Important) | ||
| Description: | The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2011:0336-01 CVE-2010-4476 | Version: | 6 |
| Platform(s): | Oracle Linux 5 | Product(s): | tomcat5 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22993 | |||
| Oval ID: | oval:org.mitre.oval:def:22993 | ||
| Title: | ELSA-2010:0165: nss security update (Moderate) | ||
| Description: | The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2010:0165-01 CVE-2009-3555 | Version: | 6 |
| Platform(s): | Oracle Linux 5 | Product(s): | nspr nss |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:23000 | |||
| Oval ID: | oval:org.mitre.oval:def:23000 | ||
| Title: | ELSA-2010:0166: gnutls security update (Moderate) | ||
| Description: | The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2010:0166-01 CVE-2009-2409 CVE-2009-3555 | Version: | 13 |
| Platform(s): | Oracle Linux 5 | Product(s): | gnutls |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:23009 | |||
| Oval ID: | oval:org.mitre.oval:def:23009 | ||
| Title: | ELSA-2013:0603: java-1.7.0-openjdk security update (Important) | ||
| Description: | The color management (CMM) functionality in the 2D component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (crash) via an image with crafted raster parameters, which triggers (1) an out-of-bounds read or (2) memory corruption in the JVM, as exploited in the wild in February 2013. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2013:0603-00 CVE-2013-0809 CVE-2013-1493 | Version: | 13 |
| Platform(s): | Oracle Linux 5 | Product(s): | java-1.7.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:23077 | |||
| Oval ID: | oval:org.mitre.oval:def:23077 | ||
| Title: | ELSA-2012:0006: java-1.4.2-ibm security update (Critical) | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and integrity, related to JSSE. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012:0006-01 CVE-2011-3389 CVE-2011-3545 CVE-2011-3547 CVE-2011-3548 CVE-2011-3549 CVE-2011-3552 CVE-2011-3556 CVE-2011-3557 CVE-2011-3560 | Version: | 37 |
| Platform(s): | Oracle Linux 5 | Product(s): | java-1.4.2-ibm |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:23090 | |||
| Oval ID: | oval:org.mitre.oval:def:23090 | ||
| Title: | ELSA-2010:0164: openssl097a security update (Moderate) | ||
| Description: | The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2010:0164-01 CVE-2009-3555 | Version: | 6 |
| Platform(s): | Oracle Linux 5 | Product(s): | openssl097a |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:23179 | |||
| Oval ID: | oval:org.mitre.oval:def:23179 | ||
| Title: | ELSA-2013:0602: java-1.7.0-openjdk security update (Critical) | ||
| Description: | The color management (CMM) functionality in the 2D component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (crash) via an image with crafted raster parameters, which triggers (1) an out-of-bounds read or (2) memory corruption in the JVM, as exploited in the wild in February 2013. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2013:0602-01 CVE-2013-0809 CVE-2013-1493 | Version: | 13 |
| Platform(s): | Oracle Linux 6 | Product(s): | java-1.7.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:23195 | |||
| Oval ID: | oval:org.mitre.oval:def:23195 | ||
| Title: | ELSA-2012:0734: java-1.6.0-sun security update (Critical) | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, and 5 update 35 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012:0734-02 CVE-2012-0551 CVE-2012-1711 CVE-2012-1713 CVE-2012-1716 CVE-2012-1717 CVE-2012-1718 CVE-2012-1719 CVE-2012-1721 CVE-2012-1722 CVE-2012-1723 CVE-2012-1724 CVE-2012-1725 | Version: | 53 |
| Platform(s): | Oracle Linux 6 | Product(s): | java-1.6.0-sun |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:23223 | |||
| Oval ID: | oval:org.mitre.oval:def:23223 | ||
| Title: | ELSA-2012:1009: java-1.7.0-openjdk security and bug fix update (Important) | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012:1009-01 CVE-2012-1711 CVE-2012-1713 CVE-2012-1716 CVE-2012-1717 CVE-2012-1718 CVE-2012-1719 CVE-2012-1723 CVE-2012-1724 CVE-2012-1725 CVE-2012-1726 | Version: | 45 |
| Platform(s): | Oracle Linux 6 | Product(s): | java-1.7.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:23241 | |||
| Oval ID: | oval:org.mitre.oval:def:23241 | ||
| Title: | ELSA-2012:1434: icedtea-web security update (Critical) | ||
| Description: | Off-by-one error in the invoke function in IcedTeaScriptablePluginObject.cc in IcedTea-Web 1.1.x before 1.1.7, 1.2.x before 1.2.2, 1.3.x before 1.3.1, and 1.4.x before 1.4.1 allows remote attackers to obtain sensitive information, cause a denial of service (crash), or possibly execute arbitrary code via a crafted webpage that triggers a heap-based buffer overflow, related to an error message and a "triggering event attached to applet." NOTE: the 1.4.x versions were originally associated with CVE-2013-4349, but that entry has been MERGED with this one. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012:1434-01 CVE-2012-4540 | Version: | 6 |
| Platform(s): | Oracle Linux 6 | Product(s): | icedtea-web |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:23245 | |||
| Oval ID: | oval:org.mitre.oval:def:23245 | ||
| Title: | ELSA-2010:0935: java-1.4.2-ibm security update (Moderate) | ||
| Description: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2010:0935-01 CVE-2010-1321 CVE-2010-3574 | Version: | 13 |
| Platform(s): | Oracle Linux 5 | Product(s): | java-1.4.2-ibm |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:23249 | |||
| Oval ID: | oval:org.mitre.oval:def:23249 | ||
| Title: | ELSA-2011:0856: java-1.6.0-openjdk security update (Critical) | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Swing. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2011:0856-01 CVE-2011-0862 CVE-2011-0864 CVE-2011-0865 CVE-2011-0867 CVE-2011-0868 CVE-2011-0869 CVE-2011-0871 | Version: | 33 |
| Platform(s): | Oracle Linux 6 | Product(s): | java-1.6.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:23296 | |||
| Oval ID: | oval:org.mitre.oval:def:23296 | ||
| Title: | ELSA-2012:0730: java-1.6.0-openjdk security update (Important) | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, and 5 update 35 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012:0730-00 CVE-2012-1711 CVE-2012-1713 CVE-2012-1716 CVE-2012-1717 CVE-2012-1718 CVE-2012-1719 CVE-2012-1723 CVE-2012-1724 CVE-2012-1725 | Version: | 41 |
| Platform(s): | Oracle Linux 5 | Product(s): | java-1.6.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:23319 | |||
| Oval ID: | oval:org.mitre.oval:def:23319 | ||
| Title: | ELSA-2011:0214: java-1.6.0-openjdk security update (Moderate) | ||
| Description: | The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2011:0214-01 CVE-2010-4476 | Version: | 6 |
| Platform(s): | Oracle Linux 6 | Product(s): | java-1.6.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:23321 | |||
| Oval ID: | oval:org.mitre.oval:def:23321 | ||
| Title: | ELSA-2013:0274: java-1.6.0-openjdk security update (Important) | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier, 6 Update 39 and earlier, and 5.0 Update 39 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2013:0274-00 CVE-2013-0169 CVE-2013-1486 | Version: | 13 |
| Platform(s): | Oracle Linux 5 | Product(s): | java-1.6.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:23342 | |||
| Oval ID: | oval:org.mitre.oval:def:23342 | ||
| Title: | ELSA-2012:1466: java-1.6.0-ibm security update (Critical) | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "IIOP type reuse management" in ObjectStreamClass.java. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012:1466-01 CVE-2012-0547 CVE-2012-1531 CVE-2012-1532 CVE-2012-1533 CVE-2012-1682 CVE-2012-3143 CVE-2012-3159 CVE-2012-3216 CVE-2012-4820 CVE-2012-4822 CVE-2012-4823 CVE-2012-5068 CVE-2012-5069 CVE-2012-5071 CVE-2012-5072 CVE-2012-5073 CVE-2012-5075 CVE-2012-5079 CVE-2012-5081 CVE-2012-5083 CVE-2012-5084 CVE-2012-5089 CVE-2013-1475 | Version: | 97 |
| Platform(s): | Oracle Linux 6 | Product(s): | java-1.6.0-ibm |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:23377 | |||
| Oval ID: | oval:org.mitre.oval:def:23377 | ||
| Title: | ELSA-2013:0958: java-1.7.0-openjdk security update (Important) | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect ByteBandedRaster size checks" in 2D. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2013:0958-00 CVE-2013-1500 CVE-2013-1571 CVE-2013-2407 CVE-2013-2412 CVE-2013-2443 CVE-2013-2444 CVE-2013-2445 CVE-2013-2446 CVE-2013-2447 CVE-2013-2448 CVE-2013-2449 CVE-2013-2450 CVE-2013-2452 CVE-2013-2453 CVE-2013-2454 CVE-2013-2455 CVE-2013-2456 CVE-2013-2457 CVE-2013-2458 CVE-2013-2459 CVE-2013-2460 CVE-2013-2461 CVE-2013-2463 CVE-2013-2465 CVE-2013-2469 CVE-2013-2470 CVE-2013-2471 CVE-2013-2472 CVE-2013-2473 | Version: | 121 |
| Platform(s): | Oracle Linux 5 | Product(s): | java-1.7.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:23436 | |||
| Oval ID: | oval:org.mitre.oval:def:23436 | ||
| Title: | ELSA-2013:0604: java-1.6.0-openjdk security update (Important) | ||
| Description: | The color management (CMM) functionality in the 2D component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (crash) via an image with crafted raster parameters, which triggers (1) an out-of-bounds read or (2) memory corruption in the JVM, as exploited in the wild in February 2013. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2013:0604-00 CVE-2013-0809 CVE-2013-1493 | Version: | 13 |
| Platform(s): | Oracle Linux 5 | Product(s): | java-1.6.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:23437 | |||
| Oval ID: | oval:org.mitre.oval:def:23437 | ||
| Title: | ELSA-2012:1465: java-1.5.0-ibm security update (Critical) | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "IIOP type reuse management" in ObjectStreamClass.java. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012:1465-01 CVE-2012-1531 CVE-2012-3143 CVE-2012-3216 CVE-2012-4820 CVE-2012-4822 CVE-2012-5069 CVE-2012-5071 CVE-2012-5073 CVE-2012-5075 CVE-2012-5079 CVE-2012-5081 CVE-2012-5083 CVE-2012-5084 CVE-2012-5089 CVE-2013-1475 | Version: | 65 |
| Platform(s): | Oracle Linux 6 | Product(s): | java-1.5.0-ibm |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:23489 | |||
| Oval ID: | oval:org.mitre.oval:def:23489 | ||
| Title: | DEPRECATED: ELSA-2013:0587: openssl security update (Moderate) | ||
| Description: | The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2013:0587-01 CVE-2012-4929 CVE-2013-0166 CVE-2013-0169 | Version: | 18 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | openssl |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:23563 | |||
| Oval ID: | oval:org.mitre.oval:def:23563 | ||
| Title: | ELSA-2010:0865: java-1.6.0-openjdk security and bug fix update (Important) | ||
| Description: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2010:0865-02 CVE-2009-3555 CVE-2010-3541 CVE-2010-3548 CVE-2010-3549 CVE-2010-3551 CVE-2010-3553 CVE-2010-3554 CVE-2010-3557 CVE-2010-3561 CVE-2010-3562 CVE-2010-3564 CVE-2010-3565 CVE-2010-3567 CVE-2010-3568 CVE-2010-3569 CVE-2010-3573 CVE-2010-3574 | Version: | 73 |
| Platform(s): | Oracle Linux 6 | Product(s): | java-1.6.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:23606 | |||
| Oval ID: | oval:org.mitre.oval:def:23606 | ||
| Title: | ELSA-2010:0873: java-1.5.0-ibm security update (Critical) | ||
| Description: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2010:0873-02 CVE-2010-1321 CVE-2010-3541 CVE-2010-3548 CVE-2010-3549 CVE-2010-3550 CVE-2010-3551 CVE-2010-3556 CVE-2010-3559 CVE-2010-3562 CVE-2010-3565 CVE-2010-3566 CVE-2010-3568 CVE-2010-3569 CVE-2010-3572 CVE-2010-3573 CVE-2010-3574 | Version: | 69 |
| Platform(s): | Oracle Linux 6 | Product(s): | java-1.5.0-ibm |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:23612 | |||
| Oval ID: | oval:org.mitre.oval:def:23612 | ||
| Title: | ELSA-2012:0729: java-1.6.0-openjdk security update (Critical) | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, and 5 update 35 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012:0729-01 CVE-2012-1711 CVE-2012-1713 CVE-2012-1716 CVE-2012-1717 CVE-2012-1718 CVE-2012-1719 CVE-2012-1723 CVE-2012-1724 CVE-2012-1725 | Version: | 41 |
| Platform(s): | Oracle Linux 6 | Product(s): | java-1.6.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:23646 | |||
| Oval ID: | oval:org.mitre.oval:def:23646 | ||
| Title: | ELSA-2013:1804: libjpeg security update (Moderate) | ||
| Description: | The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2013:1804-00 CVE-2013-6629 | Version: | 6 |
| Platform(s): | Oracle Linux 5 | Product(s): | libjpeg |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:23722 | |||
| Oval ID: | oval:org.mitre.oval:def:23722 | ||
| Title: | ELSA-2012:1132: icedtea-web security update (Important) | ||
| Description: | The IcedTea-Web plugin before 1.2.1 does not properly handle NPVariant NPStrings without NUL terminators, which allows remote attackers to cause a denial of service (crash), obtain sensitive information from memory, or execute arbitrary code via a crafted Java applet. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012:1132-01 CVE-2012-3422 CVE-2012-3423 | Version: | 13 |
| Platform(s): | Oracle Linux 6 | Product(s): | icedtea-web |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:23723 | |||
| Oval ID: | oval:org.mitre.oval:def:23723 | ||
| Title: | The unpacker::redirect_stdio function in unpack.cpp in unpack200 in OpenJDK 6, 7, and 8; Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1 does not securely create temporary files when a log file cannot be opened, which allows local users to overwrite arbitrary files via a symlink attack on /tmp/unpack.log | ||
| Description: | The unpacker::redirect_stdio function in unpack.cpp in unpack200 in OpenJDK 6, 7, and 8; Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 does not securely create temporary files when a log file cannot be opened, which allows local users to overwrite arbitrary files via a symlink attack on /tmp/unpack.log. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2014-1876 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment JRockit |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:23803 | |||
| Oval ID: | oval:org.mitre.oval:def:23803 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier allows remote attackers to affect integrity via unknown vectors related to Libraries | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier allows remote attackers to affect integrity via unknown vectors related to Libraries. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-1485 | Version: | 3 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:23824 | |||
| Oval ID: | oval:org.mitre.oval:def:23824 | ||
| Title: | ELSA-2012:1245: java-1.5.0-ibm security update (Critical) | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, and 5 update 35 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012:1245-01 CVE-2012-1713 CVE-2012-1716 CVE-2012-1717 CVE-2012-1718 CVE-2012-1719 CVE-2012-1725 | Version: | 29 |
| Platform(s): | Oracle Linux 6 | Product(s): | java-1.5.0-ibm |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:23887 | |||
| Oval ID: | oval:org.mitre.oval:def:23887 | ||
| Title: | ELSA-2013:0957: java-1.7.0-openjdk security update (Critical) | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect ByteBandedRaster size checks" in 2D. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2013:0957-00 CVE-2013-1500 CVE-2013-1571 CVE-2013-2407 CVE-2013-2412 CVE-2013-2443 CVE-2013-2444 CVE-2013-2445 CVE-2013-2446 CVE-2013-2447 CVE-2013-2448 CVE-2013-2449 CVE-2013-2450 CVE-2013-2452 CVE-2013-2453 CVE-2013-2454 CVE-2013-2455 CVE-2013-2456 CVE-2013-2457 CVE-2013-2458 CVE-2013-2459 CVE-2013-2460 CVE-2013-2461 CVE-2013-2463 CVE-2013-2465 CVE-2013-2469 CVE-2013-2470 CVE-2013-2471 CVE-2013-2472 CVE-2013-2473 | Version: | 121 |
| Platform(s): | Oracle Linux 6 | Product(s): | java-1.7.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:23891 | |||
| Oval ID: | oval:org.mitre.oval:def:23891 | ||
| Title: | ELSA-2013:0273: java-1.6.0-openjdk security update (Critical) | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier, 6 Update 39 and earlier, and 5.0 Update 39 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2013:0273-01 CVE-2013-0169 CVE-2013-1486 | Version: | 13 |
| Platform(s): | Oracle Linux 6 | Product(s): | java-1.6.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:23909 | |||
| Oval ID: | oval:org.mitre.oval:def:23909 | ||
| Title: | ELSA-2013:0587: openssl security update (Moderate) | ||
| Description: | The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2013:0587-01 CVE-2012-4929 CVE-2013-0166 CVE-2013-0169 | Version: | 17 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | openssl |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:23933 | |||
| Oval ID: | oval:org.mitre.oval:def:23933 | ||
| Title: | ELSA-2013:0245: java-1.6.0-openjdk security update (Critical) | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient validation of raster parameters" in awt_parseImage.c, which triggers memory corruption. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2013:0245-02 CVE-2013-0424 CVE-2013-0425 CVE-2013-0426 CVE-2013-0427 CVE-2013-0428 CVE-2013-0429 CVE-2013-0432 CVE-2013-0433 CVE-2013-0434 CVE-2013-0435 CVE-2013-0440 CVE-2013-0441 CVE-2013-0442 CVE-2013-0443 CVE-2013-0445 CVE-2013-0450 CVE-2013-1475 CVE-2013-1476 CVE-2013-1478 CVE-2013-1480 | Version: | 85 |
| Platform(s): | Oracle Linux 6 | Product(s): | java-1.6.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:23968 | |||
| Oval ID: | oval:org.mitre.oval:def:23968 | ||
| Title: | DEPRECATED: ELSA-2014:0408: java-1.6.0-openjdk security and bug fix update (Important) | ||
| Description: | The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2014-0429) Multiple flaws were discovered in the Hotspot and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to trigger Java Virtual Machine memory corruption and possibly bypass Java sandbox restrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421) Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2014-0457, CVE-2014-0461) Multiple improper permission check issues were discovered in the AWT, JAX-WS, JAXB, Libraries, and Sound components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-2412, CVE-2014-0451, CVE-2014-0458, CVE-2014-2423, CVE-2014-0452, CVE-2014-2414, CVE-2014-0446, CVE-2014-2427) Multiple flaws were identified in the Java Naming and Directory Interface (JNDI) DNS client. These flaws could make it easier for a remote attacker to perform DNS spoofing attacks. (CVE-2014-0460) It was discovered that the JAXP component did not properly prevent access to arbitrary files when a SecurityManager was present. This flaw could cause a Java application using JAXP to leak sensitive information, or affect application availability. (CVE-2014-2403) It was discovered that the Security component in OpenJDK could leak some timing information when performing PKCS#1 unpadding. This could possibly lead to the disclosure of some information that was meant to be protected by encryption. (CVE-2014-0453) It was discovered that the fix for CVE-2013-5797 did not properly resolve input sanitization flaws in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting (XSS) attacks. (CVE-2014-2398) An insecure temporary file use flaw was found in the way the unpack200 utility created log files. A local attacker could possibly use this flaw to perform a symbolic link attack and overwrite arbitrary files with the privileges of the user running unpack200. (CVE-2014-1876) This update also fixes the following bug: * The OpenJDK update to IcedTea version 1.13 introduced a regression related to the handling of the jdk_version_info variable. This variable was not properly zeroed out before being passed to the Java Virtual Machine, resulting in a memory leak in the java.lang.ref.Finalizer class. This update fixes this issue, and memory leaks no longer occur. (BZ#1085373) All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2014:0408-00 CVE-2014-0429 CVE-2014-0446 CVE-2014-0451 CVE-2014-0452 CVE-2014-0453 CVE-2014-0456 CVE-2014-0457 CVE-2014-0458 CVE-2014-0460 CVE-2014-0461 CVE-2014-1876 CVE-2014-2397 CVE-2014-2398 CVE-2014-2403 CVE-2014-2412 CVE-2014-2414 CVE-2014-2421 CVE-2014-2423 CVE-2014-2427 | Version: | 5 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | java-1.6.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:23975 | |||
| Oval ID: | oval:org.mitre.oval:def:23975 | ||
| Title: | ELSA-2013:0601: java-1.6.0-sun security update (Critical) | ||
| Description: | The color management (CMM) functionality in the 2D component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (crash) via an image with crafted raster parameters, which triggers (1) an out-of-bounds read or (2) memory corruption in the JVM, as exploited in the wild in February 2013. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2013:0601-02 CVE-2013-0809 CVE-2013-1493 | Version: | 13 |
| Platform(s): | Oracle Linux 6 | Product(s): | java-1.6.0-sun |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:23985 | |||
| Oval ID: | oval:org.mitre.oval:def:23985 | ||
| Title: | ELSA-2014:0408: java-1.6.0-openjdk security and bug fix update (Important) | ||
| Description: | The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2014-0429) Multiple flaws were discovered in the Hotspot and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to trigger Java Virtual Machine memory corruption and possibly bypass Java sandbox restrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421) Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2014-0457, CVE-2014-0461) Multiple improper permission check issues were discovered in the AWT, JAX-WS, JAXB, Libraries, and Sound components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-2412, CVE-2014-0451, CVE-2014-0458, CVE-2014-2423, CVE-2014-0452, CVE-2014-2414, CVE-2014-0446, CVE-2014-2427) Multiple flaws were identified in the Java Naming and Directory Interface (JNDI) DNS client. These flaws could make it easier for a remote attacker to perform DNS spoofing attacks. (CVE-2014-0460) It was discovered that the JAXP component did not properly prevent access to arbitrary files when a SecurityManager was present. This flaw could cause a Java application using JAXP to leak sensitive information, or affect application availability. (CVE-2014-2403) It was discovered that the Security component in OpenJDK could leak some timing information when performing PKCS#1 unpadding. This could possibly lead to the disclosure of some information that was meant to be protected by encryption. (CVE-2014-0453) It was discovered that the fix for CVE-2013-5797 did not properly resolve input sanitization flaws in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting (XSS) attacks. (CVE-2014-2398) An insecure temporary file use flaw was found in the way the unpack200 utility created log files. A local attacker could possibly use this flaw to perform a symbolic link attack and overwrite arbitrary files with the privileges of the user running unpack200. (CVE-2014-1876) This update also fixes the following bug: * The OpenJDK update to IcedTea version 1.13 introduced a regression related to the handling of the jdk_version_info variable. This variable was not properly zeroed out before being passed to the Java Virtual Machine, resulting in a memory leak in the java.lang.ref.Finalizer class. This update fixes this issue, and memory leaks no longer occur. (BZ#1085373) All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2014:0408-00 CVE-2014-0429 CVE-2014-0446 CVE-2014-0451 CVE-2014-0452 CVE-2014-0453 CVE-2014-0456 CVE-2014-0457 CVE-2014-0458 CVE-2014-0460 CVE-2014-0461 CVE-2014-1876 CVE-2014-2397 CVE-2014-2398 CVE-2014-2403 CVE-2014-2412 CVE-2014-2414 CVE-2014-2421 CVE-2014-2423 CVE-2014-2427 | Version: | 5 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | java-1.6.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24006 | |||
| Oval ID: | oval:org.mitre.oval:def:24006 | ||
| Title: | ELSA-2013:0751: java-1.7.0-openjdk security update (Critical) | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-1488 and CVE-2013-2426. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect "type checks" and "method handle binding" involving Wrapper.convert. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2013:0751-01 CVE-2013-0401 CVE-2013-1488 CVE-2013-1518 CVE-2013-1537 CVE-2013-1557 CVE-2013-1558 CVE-2013-1569 CVE-2013-2383 CVE-2013-2384 CVE-2013-2415 CVE-2013-2417 CVE-2013-2419 CVE-2013-2420 CVE-2013-2421 CVE-2013-2422 CVE-2013-2423 CVE-2013-2424 CVE-2013-2426 CVE-2013-2429 CVE-2013-2430 CVE-2013-2431 CVE-2013-2436 | Version: | 93 |
| Platform(s): | Oracle Linux 6 | Product(s): | java-1.7.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24013 | |||
| Oval ID: | oval:org.mitre.oval:def:24013 | ||
| Title: | Unspecified vulnerability in Oracle Java SE 7u51 and 8 allows remote attackers to affect availability via unknown vectors related to 2D | ||
| Description: | Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect availability via unknown vectors related to 2D. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2014-0459 | Version: | 4 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24070 | |||
| Oval ID: | oval:org.mitre.oval:def:24070 | ||
| Title: | ELSA-2013:0605: java-1.6.0-openjdk security update (Critical) | ||
| Description: | The color management (CMM) functionality in the 2D component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (crash) via an image with crafted raster parameters, which triggers (1) an out-of-bounds read or (2) memory corruption in the JVM, as exploited in the wild in February 2013. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2013:0605-02 CVE-2013-0809 CVE-2013-1493 | Version: | 13 |
| Platform(s): | Oracle Linux 6 | Product(s): | java-1.6.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24072 | |||
| Oval ID: | oval:org.mitre.oval:def:24072 | ||
| Title: | ELSA-2013:0600: java-1.7.0-oracle security update (Critical) | ||
| Description: | The color management (CMM) functionality in the 2D component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (crash) via an image with crafted raster parameters, which triggers (1) an out-of-bounds read or (2) memory corruption in the JVM, as exploited in the wild in February 2013. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2013:0600-02 CVE-2013-0809 CVE-2013-1493 | Version: | 13 |
| Platform(s): | Oracle Linux 6 | Product(s): | java-1.7.0-oracle |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24141 | |||
| Oval ID: | oval:org.mitre.oval:def:24141 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier, 6 Update 39 and earlier, and 5.0 Update 39 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier, 6 Update 39 and earlier, and 5.0 Update 39 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-1486 | Version: | 5 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24201 | |||
| Oval ID: | oval:org.mitre.oval:def:24201 | ||
| Title: | Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and JRockit R27.8.1 and R28.3.1 allows remote authenticated users to affect integrity via unknown vectors related to Javadoc | ||
| Description: | Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and JRockit R27.8.1 and R28.3.1 allows remote authenticated users to affect integrity via unknown vectors related to Javadoc. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2014-2398 | Version: | 5 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment JRockit JavaFX |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24228 | |||
| Oval ID: | oval:org.mitre.oval:def:24228 | ||
| Title: | Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS | ||
| Description: | Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0452 and CVE-2014-2423. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2014-0458 | Version: | 4 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24250 | |||
| Oval ID: | oval:org.mitre.oval:def:24250 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-1484 | Version: | 3 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:24276 | |||
| Oval ID: | oval:org.mitre.oval:def:24276 | ||
| Title: | ELSA-2014:0406: java-1.7.0-openjdk security update (Critical) | ||
| Description: | The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2014-0429) Multiple flaws were discovered in the Hotspot and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to trigger Java Virtual Machine memory corruption and possibly bypass Java sandbox restrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421) Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2014-0457, CVE-2014-0455, CVE-2014-0461) Multiple improper permission check issues were discovered in the AWT, JAX-WS, JAXB, Libraries, Security, Sound, and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-2412, CVE-2014-0451, CVE-2014-0458, CVE-2014-2423, CVE-2014-0452, CVE-2014-2414, CVE-2014-2402, CVE-2014-0446, CVE-2014-2413, CVE-2014-0454, CVE-2014-2427, CVE-2014-0459) Multiple flaws were identified in the Java Naming and Directory Interface (JNDI) DNS client. These flaws could make it easier for a remote attacker to perform DNS spoofing attacks. (CVE-2014-0460) It was discovered that the JAXP component did not properly prevent access to arbitrary files when a SecurityManager was present. This flaw could cause a Java application using JAXP to leak sensitive information, or affect application availability. (CVE-2014-2403) It was discovered that the Security component in OpenJDK could leak some timing information when performing PKCS#1 unpadding. This could possibly lead to the disclosure of some information that was meant to be protected by encryption. (CVE-2014-0453) It was discovered that the fix for CVE-2013-5797 did not properly resolve input sanitization flaws in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting (XSS) attacks. (CVE-2014-2398) An insecure temporary file use flaw was found in the way the unpack200 utility created log files. A local attacker could possibly use this flaw to perform a symbolic link attack and overwrite arbitrary files with the privileges of the user running unpack200. (CVE-2014-1876) Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2014:0406-00 CVE-2014-0429 CVE-2014-0446 CVE-2014-0451 CVE-2014-0452 CVE-2014-0453 CVE-2014-0454 CVE-2014-0455 CVE-2014-0456 CVE-2014-0457 CVE-2014-0458 CVE-2014-0459 CVE-2014-0460 CVE-2014-0461 CVE-2014-1876 CVE-2014-2397 CVE-2014-2398 CVE-2014-2402 CVE-2014-2403 CVE-2014-2412 CVE-2014-2413 CVE-2014-2414 CVE-2014-2421 CVE-2014-2423 CVE-2014-2427 | Version: | 5 |
| Platform(s): | Oracle Linux 6 | Product(s): | java-1.7.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24376 | |||
| Oval ID: | oval:org.mitre.oval:def:24376 | ||
| Title: | Unspecified vulnerability in Oracle Java SE 7u51 and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot | ||
| Description: | Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2014-2397 | Version: | 4 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24405 | |||
| Oval ID: | oval:org.mitre.oval:def:24405 | ||
| Title: | Vulnerability in the TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products | ||
| Description: | The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-0169 | Version: | 5 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24441 | |||
| Oval ID: | oval:org.mitre.oval:def:24441 | ||
| Title: | Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Security | ||
| Description: | Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Security. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2014-0453 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment JRockit |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24444 | |||
| Oval ID: | oval:org.mitre.oval:def:24444 | ||
| Title: | RHSA-2014:0408: java-1.6.0-openjdk security and bug fix update (Important) | ||
| Description: | The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2014-0429) Multiple flaws were discovered in the Hotspot and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to trigger Java Virtual Machine memory corruption and possibly bypass Java sandbox restrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421) Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2014-0457, CVE-2014-0461) Multiple improper permission check issues were discovered in the AWT, JAX-WS, JAXB, Libraries, and Sound components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-2412, CVE-2014-0451, CVE-2014-0458, CVE-2014-2423, CVE-2014-0452, CVE-2014-2414, CVE-2014-0446, CVE-2014-2427) Multiple flaws were identified in the Java Naming and Directory Interface (JNDI) DNS client. These flaws could make it easier for a remote attacker to perform DNS spoofing attacks. (CVE-2014-0460) It was discovered that the JAXP component did not properly prevent access to arbitrary files when a SecurityManager was present. This flaw could cause a Java application using JAXP to leak sensitive information, or affect application availability. (CVE-2014-2403) It was discovered that the Security component in OpenJDK could leak some timing information when performing PKCS#1 unpadding. This could possibly lead to the disclosure of some information that was meant to be protected by encryption. (CVE-2014-0453) It was discovered that the fix for CVE-2013-5797 did not properly resolve input sanitization flaws in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting (XSS) attacks. (CVE-2014-2398) An insecure temporary file use flaw was found in the way the unpack200 utility created log files. A local attacker could possibly use this flaw to perform a symbolic link attack and overwrite arbitrary files with the privileges of the user running unpack200. (CVE-2014-1876) This update also fixes the following bug: * The OpenJDK update to IcedTea version 1.13 introduced a regression related to the handling of the jdk_version_info variable. This variable was not properly zeroed out before being passed to the Java Virtual Machine, resulting in a memory leak in the java.lang.ref.Finalizer class. This update fixes this issue, and memory leaks no longer occur. (BZ#1085373) All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2014:0408-00 CESA-2014:0408 CVE-2014-0429 CVE-2014-0446 CVE-2014-0451 CVE-2014-0452 CVE-2014-0453 CVE-2014-0456 CVE-2014-0457 CVE-2014-0458 CVE-2014-0460 CVE-2014-0461 CVE-2014-1876 CVE-2014-2397 CVE-2014-2398 CVE-2014-2403 CVE-2014-2412 CVE-2014-2414 CVE-2014-2421 CVE-2014-2423 CVE-2014-2427 | Version: | 3 |
| Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 CentOS Linux 5 CentOS Linux 6 | Product(s): | java-1.6.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24482 | |||
| Oval ID: | oval:org.mitre.oval:def:24482 | ||
| Title: | Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D | ||
| Description: | Unspecified vulnerability in Oracle Java SE 5.0u61, SE 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2014-0457 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment JavaFX |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24502 | |||
| Oval ID: | oval:org.mitre.oval:def:24502 | ||
| Title: | Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries | ||
| Description: | Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2014-0446 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24510 | |||
| Oval ID: | oval:org.mitre.oval:def:24510 | ||
| Title: | Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound | ||
| Description: | Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2014-2427 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24515 | |||
| Oval ID: | oval:org.mitre.oval:def:24515 | ||
| Title: | Vulnerability in Java SE 6u71, Java SE 7u51, Java SE 8, JRockit R28.3.1 allows successful unauthenticated network attacks via multiple protocols | ||
| Description: | The png_do_expand_palette function in libpng before 1.6.8 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via (1) a PLTE chunk of zero bytes or (2) a NULL palette, related to pngrtran.c and pngset.c. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-6954 | Version: | 4 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment JRockit |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24520 | |||
| Oval ID: | oval:org.mitre.oval:def:24520 | ||
| Title: | Unspecified vulnerability in Oracle Java SE 5.0u61, SE 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries | ||
| Description: | Unspecified vulnerability in Oracle Java SE 5.0u61, SE 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2014-0457 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment JRockit |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24522 | |||
| Oval ID: | oval:org.mitre.oval:def:24522 | ||
| Title: | Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries | ||
| Description: | Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2014-0461 | Version: | 4 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24523 | |||
| Oval ID: | oval:org.mitre.oval:def:24523 | ||
| Title: | Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, SE 7u51, and 8 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT | ||
| Description: | Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, SE 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT, a different vulnerability than CVE-2014-0451. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2014-2412 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24535 | |||
| Oval ID: | oval:org.mitre.oval:def:24535 | ||
| Title: | Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot | ||
| Description: | Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2014-0456 | Version: | 4 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24587 | |||
| Oval ID: | oval:org.mitre.oval:def:24587 | ||
| Title: | Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAXB | ||
| Description: | Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAXB. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2014-2414 | Version: | 4 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24623 | |||
| Oval ID: | oval:org.mitre.oval:def:24623 | ||
| Title: | Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8 allows remote attackers to affect confidentiality via vectors related to JAXP | ||
| Description: | Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality via vectors related to JAXP. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2014-2403 | Version: | 4 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24636 | |||
| Oval ID: | oval:org.mitre.oval:def:24636 | ||
| Title: | Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS | ||
| Description: | Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0452 and CVE-2014-0458. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2014-2423 | Version: | 4 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24641 | |||
| Oval ID: | oval:org.mitre.oval:def:24641 | ||
| Title: | RHSA-2014:0407: java-1.7.0-openjdk security update (Important) | ||
| Description: | The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2014-0429) Multiple flaws were discovered in the Hotspot and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to trigger Java Virtual Machine memory corruption and possibly bypass Java sandbox restrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421) Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2014-0457, CVE-2014-0455, CVE-2014-0461) Multiple improper permission check issues were discovered in the AWT, JAX-WS, JAXB, Libraries, Security, Sound, and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-2412, CVE-2014-0451, CVE-2014-0458, CVE-2014-2423, CVE-2014-0452, CVE-2014-2414, CVE-2014-2402, CVE-2014-0446, CVE-2014-2413, CVE-2014-0454, CVE-2014-2427, CVE-2014-0459) Multiple flaws were identified in the Java Naming and Directory Interface (JNDI) DNS client. These flaws could make it easier for a remote attacker to perform DNS spoofing attacks. (CVE-2014-0460) It was discovered that the JAXP component did not properly prevent access to arbitrary files when a SecurityManager was present. This flaw could cause a Java application using JAXP to leak sensitive information, or affect application availability. (CVE-2014-2403) It was discovered that the Security component in OpenJDK could leak some timing information when performing PKCS#1 unpadding. This could possibly lead to the disclosure of some information that was meant to be protected by encryption. (CVE-2014-0453) It was discovered that the fix for CVE-2013-5797 did not properly resolve input sanitization flaws in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting (XSS) attacks. (CVE-2014-2398) An insecure temporary file use flaw was found in the way the unpack200 utility created log files. A local attacker could possibly use this flaw to perform a symbolic link attack and overwrite arbitrary files with the privileges of the user running unpack200. (CVE-2014-1876) All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2014:0407-00 CESA-2014:0407 CVE-2014-0429 CVE-2014-0446 CVE-2014-0451 CVE-2014-0452 CVE-2014-0453 CVE-2014-0454 CVE-2014-0455 CVE-2014-0456 CVE-2014-0457 CVE-2014-0458 CVE-2014-0459 CVE-2014-0460 CVE-2014-0461 CVE-2014-1876 CVE-2014-2397 CVE-2014-2398 CVE-2014-2402 CVE-2014-2403 CVE-2014-2412 CVE-2014-2413 CVE-2014-2414 CVE-2014-2421 CVE-2014-2423 CVE-2014-2427 | Version: | 3 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | java-1.7.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24662 | |||
| Oval ID: | oval:org.mitre.oval:def:24662 | ||
| Title: | ELSA-2014:0407: java-1.7.0-openjdk security update (Important) | ||
| Description: | The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2014-0429) Multiple flaws were discovered in the Hotspot and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to trigger Java Virtual Machine memory corruption and possibly bypass Java sandbox restrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421) Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2014-0457, CVE-2014-0455, CVE-2014-0461) Multiple improper permission check issues were discovered in the AWT, JAX-WS, JAXB, Libraries, Security, Sound, and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-2412, CVE-2014-0451, CVE-2014-0458, CVE-2014-2423, CVE-2014-0452, CVE-2014-2414, CVE-2014-2402, CVE-2014-0446, CVE-2014-2413, CVE-2014-0454, CVE-2014-2427, CVE-2014-0459) Multiple flaws were identified in the Java Naming and Directory Interface (JNDI) DNS client. These flaws could make it easier for a remote attacker to perform DNS spoofing attacks. (CVE-2014-0460) It was discovered that the JAXP component did not properly prevent access to arbitrary files when a SecurityManager was present. This flaw could cause a Java application using JAXP to leak sensitive information, or affect application availability. (CVE-2014-2403) It was discovered that the Security component in OpenJDK could leak some timing information when performing PKCS#1 unpadding. This could possibly lead to the disclosure of some information that was meant to be protected by encryption. (CVE-2014-0453) It was discovered that the fix for CVE-2013-5797 did not properly resolve input sanitization flaws in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting (XSS) attacks. (CVE-2014-2398) An insecure temporary file use flaw was found in the way the unpack200 utility created log files. A local attacker could possibly use this flaw to perform a symbolic link attack and overwrite arbitrary files with the privileges of the user running unpack200. (CVE-2014-1876) All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2014:0407-00 CVE-2014-0429 CVE-2014-0446 CVE-2014-0451 CVE-2014-0452 CVE-2014-0453 CVE-2014-0454 CVE-2014-0455 CVE-2014-0456 CVE-2014-0457 CVE-2014-0458 CVE-2014-0459 CVE-2014-0460 CVE-2014-0461 CVE-2014-1876 CVE-2014-2397 CVE-2014-2398 CVE-2014-2402 CVE-2014-2403 CVE-2014-2412 CVE-2014-2413 CVE-2014-2414 CVE-2014-2421 CVE-2014-2423 CVE-2014-2427 | Version: | 5 |
| Platform(s): | Oracle Linux 5 | Product(s): | java-1.7.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24666 | |||
| Oval ID: | oval:org.mitre.oval:def:24666 | ||
| Title: | RHSA-2014:0406: java-1.7.0-openjdk security update (Critical) | ||
| Description: | The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2014-0429) Multiple flaws were discovered in the Hotspot and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to trigger Java Virtual Machine memory corruption and possibly bypass Java sandbox restrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421) Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2014-0457, CVE-2014-0455, CVE-2014-0461) Multiple improper permission check issues were discovered in the AWT, JAX-WS, JAXB, Libraries, Security, Sound, and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-2412, CVE-2014-0451, CVE-2014-0458, CVE-2014-2423, CVE-2014-0452, CVE-2014-2414, CVE-2014-2402, CVE-2014-0446, CVE-2014-2413, CVE-2014-0454, CVE-2014-2427, CVE-2014-0459) Multiple flaws were identified in the Java Naming and Directory Interface (JNDI) DNS client. These flaws could make it easier for a remote attacker to perform DNS spoofing attacks. (CVE-2014-0460) It was discovered that the JAXP component did not properly prevent access to arbitrary files when a SecurityManager was present. This flaw could cause a Java application using JAXP to leak sensitive information, or affect application availability. (CVE-2014-2403) It was discovered that the Security component in OpenJDK could leak some timing information when performing PKCS#1 unpadding. This could possibly lead to the disclosure of some information that was meant to be protected by encryption. (CVE-2014-0453) It was discovered that the fix for CVE-2013-5797 did not properly resolve input sanitization flaws in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting (XSS) attacks. (CVE-2014-2398) An insecure temporary file use flaw was found in the way the unpack200 utility created log files. A local attacker could possibly use this flaw to perform a symbolic link attack and overwrite arbitrary files with the privileges of the user running unpack200. (CVE-2014-1876) Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2014:0406-00 CESA-2014:0406 CVE-2014-0429 CVE-2014-0446 CVE-2014-0451 CVE-2014-0452 CVE-2014-0453 CVE-2014-0454 CVE-2014-0455 CVE-2014-0456 CVE-2014-0457 CVE-2014-0458 CVE-2014-0459 CVE-2014-0460 CVE-2014-0461 CVE-2014-1876 CVE-2014-2397 CVE-2014-2398 CVE-2014-2402 CVE-2014-2403 CVE-2014-2412 CVE-2014-2413 CVE-2014-2414 CVE-2014-2421 CVE-2014-2423 CVE-2014-2427 | Version: | 3 |
| Platform(s): | Red Hat Enterprise Linux 6 CentOS Linux 6 | Product(s): | java-1.7.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24672 | |||
| Oval ID: | oval:org.mitre.oval:def:24672 | ||
| Title: | Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D | ||
| Description: | Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2014-0429 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment JRockit |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24676 | |||
| Oval ID: | oval:org.mitre.oval:def:24676 | ||
| Title: | Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT | ||
| Description: | Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT, a different vulnerability than CVE-2014-2412. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2014-0451 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24709 | |||
| Oval ID: | oval:org.mitre.oval:def:24709 | ||
| Title: | Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; allows remote attackers to affect confidentiality and integrity via vectors related to JNDI | ||
| Description: | Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality and integrity via vectors related to JNDI. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2014-0460 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment JRockit |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24712 | |||
| Oval ID: | oval:org.mitre.oval:def:24712 | ||
| Title: | Vulnerability in Java SE 5.0u61, Java SE 6u71, Java SE 7u51, Java SE 8 allows successful unauthenticated network attacks via multiple protocols | ||
| Description: | The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-6629 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24719 | |||
| Oval ID: | oval:org.mitre.oval:def:24719 | ||
| Title: | Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS | ||
| Description: | Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0458 and CVE-2014-2423. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2014-0452 | Version: | 4 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24751 | |||
| Oval ID: | oval:org.mitre.oval:def:24751 | ||
| Title: | DSA-2912-1 openjdk-6 - security update | ||
| Description: | Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure or denial of service. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2912-1 CVE-2014-0429 CVE-2014-0446 CVE-2014-0451 CVE-2014-0452 CVE-2014-0453 CVE-2014-0456 CVE-2014-0457 CVE-2014-0458 CVE-2014-0459 CVE-2014-0460 CVE-2014-0461 CVE-2014-0462 CVE-2014-1876 CVE-2014-2397 CVE-2014-2398 CVE-2014-2403 CVE-2014-2405 CVE-2014-2412 CVE-2014-2414 CVE-2014-2421 CVE-2014-2423 CVE-2014-2427 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 6.0 Debian GNU/Linux 7 Debian GNU/kFreeBSD 6.0 Debian GNU/kFreeBSD 7 | Product(s): | openjdk-6 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24880 | |||
| Oval ID: | oval:org.mitre.oval:def:24880 | ||
| Title: | RHSA-2014:0675: java-1.7.0-openjdk security update (Critical) | ||
| Description: | The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2014-0429) Multiple flaws were discovered in the Hotspot and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to trigger Java Virtual Machine memory corruption and possibly bypass Java sandbox restrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421) Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2014-0457, CVE-2014-0455, CVE-2014-0461) Multiple improper permission check issues were discovered in the AWT, JAX-WS, JAXB, Libraries, Security, Sound, and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-2412, CVE-2014-0451, CVE-2014-0458, CVE-2014-2423, CVE-2014-0452, CVE-2014-2414, CVE-2014-2402, CVE-2014-0446, CVE-2014-2413, CVE-2014-0454, CVE-2014-2427, CVE-2014-0459) Multiple flaws were identified in the Java Naming and Directory Interface (JNDI) DNS client. These flaws could make it easier for a remote attacker to perform DNS spoofing attacks. (CVE-2014-0460) It was discovered that the JAXP component did not properly prevent access to arbitrary files when a SecurityManager was present. This flaw could cause a Java application using JAXP to leak sensitive information, or affect application availability. (CVE-2014-2403) It was discovered that the Security component in OpenJDK could leak some timing information when performing PKCS#1 unpadding. This could possibly lead to the disclosure of some information that was meant to be protected by encryption. (CVE-2014-0453) It was discovered that the fix for CVE-2013-5797 did not properly resolve input sanitization flaws in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting (XSS) attacks. (CVE-2014-2398) An insecure temporary file use flaw was found in the way the unpack200 utility created log files. A local attacker could possibly use this flaw to perform a symbolic link attack and overwrite arbitrary files with the privileges of the user running unpack200. (CVE-2014-1876) Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2014:0675-00 CVE-2014-0429 CVE-2014-0446 CVE-2014-0451 CVE-2014-0452 CVE-2014-0453 CVE-2014-0454 CVE-2014-0455 CVE-2014-0456 CVE-2014-0457 CVE-2014-0458 CVE-2014-0459 CVE-2014-0460 CVE-2014-0461 CVE-2014-1876 CVE-2014-2397 CVE-2014-2398 CVE-2014-2402 CVE-2014-2403 CVE-2014-2412 CVE-2014-2413 CVE-2014-2414 CVE-2014-2421 CVE-2014-2423 CVE-2014-2427 | Version: | 4 |
| Platform(s): | Red Hat Enterprise Linux 7 CentOS Linux 7 | Product(s): | java-1.7.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24938 | |||
| Oval ID: | oval:org.mitre.oval:def:24938 | ||
| Title: | OpenSSL vulnerability before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d, allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks | ||
| Description: | The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-0169 | Version: | 4 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | OpenSSL |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:25042 | |||
| Oval ID: | oval:org.mitre.oval:def:25042 | ||
| Title: | SUSE-SU-2013:1808-1 -- Security update for OpenJDK 1.6 | ||
| Description: | OpenJDK 1.6 was updated to the new Icedtea release 1.12.7, which includes many fixes for bugs and security issues. | ||
| Family: | unix | Class: | patch |
| Reference(s): | SUSE-SU-2013:1808-1 CVE-2013-3829 CVE-2013-5780 CVE-2013-5772 CVE-2013-5814 CVE-2013-5790 CVE-2013-5849 CVE-2013-5802 CVE-2013-5851 CVE-2013-5809 CVE-2013-5817 CVE-2013-5783 CVE-2013-5782 CVE-2013-5778 CVE-2013-5803 CVE-2013-5840 CVE-2013-5825 CVE-2013-5842 CVE-2013-5774 CVE-2013-5804 CVE-2013-5797 CVE-2013-5850 CVE-2013-5829 CVE-2013-5830 CVE-2013-4002 CVE-2013-5784 CVE-2013-5820 CVE-2013-5823 | Version: | 3 |
| Platform(s): | SUSE Linux Enterprise Desktop 11 | Product(s): | OpenJDK 1.6 |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:25097 | |||
| Oval ID: | oval:org.mitre.oval:def:25097 | ||
| Title: | Vulnerability in OpenSSL before 0.9.8i, allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL | ||
| Description: | The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-3555 | Version: | 4 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | OpenSSL |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:25220 | |||
| Oval ID: | oval:org.mitre.oval:def:25220 | ||
| Title: | RHSA-2014:0685: java-1.6.0-openjdk security update (Important) | ||
| Description: | The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2014-0429) Multiple flaws were discovered in the Hotspot and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to trigger Java Virtual Machine memory corruption and possibly bypass Java sandbox restrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421) Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2014-0457, CVE-2014-0461) Multiple improper permission check issues were discovered in the AWT, JAX-WS, JAXB, Libraries, and Sound components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-2412, CVE-2014-0451, CVE-2014-0458, CVE-2014-2423, CVE-2014-0452, CVE-2014-2414, CVE-2014-0446, CVE-2014-2427) Multiple flaws were identified in the Java Naming and Directory Interface (JNDI) DNS client. These flaws could make it easier for a remote attacker to perform DNS spoofing attacks. (CVE-2014-0460) It was discovered that the JAXP component did not properly prevent access to arbitrary files when a SecurityManager was present. This flaw could cause a Java application using JAXP to leak sensitive information, or affect application availability. (CVE-2014-2403) It was discovered that the Security component in OpenJDK could leak some timing information when performing PKCS#1 unpadding. This could possibly lead to the disclosure of some information that was meant to be protected by encryption. (CVE-2014-0453) It was discovered that the fix for CVE-2013-5797 did not properly resolve input sanitization flaws in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting (XSS) attacks. (CVE-2014-2398) An insecure temporary file use flaw was found in the way the unpack200 utility created log files. A local attacker could possibly use this flaw to perform a symbolic link attack and overwrite arbitrary files with the privileges of the user running unpack200. (CVE-2014-1876) All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2014:0685-00 CVE-2014-0429 CVE-2014-0446 CVE-2014-0451 CVE-2014-0452 CVE-2014-0453 CVE-2014-0456 CVE-2014-0457 CVE-2014-0458 CVE-2014-0460 CVE-2014-0461 CVE-2014-1876 CVE-2014-2397 CVE-2014-2398 CVE-2014-2403 CVE-2014-2412 CVE-2014-2414 CVE-2014-2421 CVE-2014-2423 CVE-2014-2427 | Version: | 4 |
| Platform(s): | Red Hat Enterprise Linux 7 CentOS Linux 7 | Product(s): | java-1.6.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:25315 | |||
| Oval ID: | oval:org.mitre.oval:def:25315 | ||
| Title: | SUSE-SU-2014:0639-1 -- Security update for OpenJDK | ||
| Description: | This java-1_7_0-openjdk update to version 2.4.7 fixes the following security and non-security issues: * Security fixes o S8023046: Enhance splashscreen support o S8025005: Enhance CORBA initializations o S8025010, CVE-2014-2412: Enhance AWT contexts o S8025030, CVE-2014-2414: Enhance stream handling o S8025152, CVE-2014-0458: Enhance activation set up o S8026067: Enhance signed jar verification o S8026163, CVE-2014-2427: Enhance media provisioning o S8026188, CVE-2014-2423: Enhance envelope factory o S8026200: Enhance RowSet Factory o S8026716, CVE-2014-2402: (aio) Enhance asynchronous channel handling o S8026736, CVE-2014-2398: Enhance Javadoc pages o S8026797, CVE-2014-0451: Enhance data transfers o S8026801, CVE-2014-0452: Enhance endpoint addressing o S8027766, CVE-2014-0453: Enhance RSA processing o S8027775: Enhance ICU code. o S8027841, CVE-2014-0429: Enhance pixel manipulations o S8028385: Enhance RowSet Factory o S8029282, CVE-2014-2403: Enhance CharInfo set up o S8029286: Enhance subject delegation o S8029699: Update Poller demo o S8029730: Improve audio device additions o S8029735: Enhance service mgmt natives o S8029740, CVE-2014-0446: Enhance handling of loggers o S8029745, CVE-2014-0454: Enhance algorithm checking o S8029750: Enhance LCMS color processing (in-tree LCMS) o S8029760, CVE-2013-6629: Enhance AWT image libraries (in-tree libjpeg) o S8029844, CVE-2014-0455: Enhance argument validation o S8029854, CVE-2014-2421: Enhance JPEG decodings o S8029858, CVE-2014-0456: Enhance array copies o S8030731, CVE-2014-0460: Improve name service robustness o S8031330: Refactor ObjectFactory o S8031335, CVE-2014-0459: Better color profiling (in-tree LCMS) o S8031352, CVE-2013-6954: Enhance PNG handling (in-tree libpng) o S8031394, CVE-2014-0457: (sl) Fix exception handling in ServiceLoader o S8031395: Enhance LDAP processing o S8032686, CVE-2014-2413: Issues with method invoke o S8033618, CVE-2014-1876: Correct logging output o S8034926, CVE-2014-2397: Attribute classes properly o S8036794, CVE-2014-0461: Manage JavaScript instances * Backports o S8004145: New improved hgforest.sh, ctrl-c now properly terminates mercurial processes. o S8007625: race with nested repos in /common/bin/hgforest.sh o S8011178: improve common/bin/hgforest.sh python detection (MacOS) o S8011342: hgforest.sh : 'python --version' not supported on older python o S8011350: hgforest.sh uses non-POSIX sh features that may fail with some shells o S8024200: handle hg wrapper with space after #! o S8025796: hgforest.sh could trigger unbuffered output from hg without complicated machinations o S8028388: 9 jaxws tests failed in nightly build with java.lang.ClassCastException o S8031477: [macosx] Loading AWT native library fails o S8032370: No "Truncated file" warning from IIOReadWarningListener on JPEGImageReader o S8035834: InetAddress.getLocalHost() can hang after JDK-8030731 was fixed * Bug fixes o PR1393: JPEG support in build is broken on non-system-libjpeg builds o PR1726: configure fails looking for ecj.jar before even trying to find javac o Red Hat local: Fix for repo with path statting with / . o Remove unused hgforest script | ||
| Family: | unix | Class: | patch |
| Reference(s): | SUSE-SU-2014:0639-1 CVE-2014-2412 CVE-2014-2414 CVE-2014-0458 CVE-2014-2427 CVE-2014-2423 CVE-2014-2402 CVE-2014-2398 CVE-2014-0451 CVE-2014-0452 CVE-2014-0453 CVE-2014-0429 CVE-2014-2403 CVE-2014-0446 CVE-2014-0454 CVE-2013-6629 CVE-2014-0455 CVE-2014-2421 CVE-2014-0456 CVE-2014-0460 CVE-2014-0459 CVE-2013-6954 CVE-2014-0457 CVE-2014-2413 CVE-2014-1876 CVE-2014-2397 CVE-2014-0461 | Version: | 3 |
| Platform(s): | SUSE Linux Enterprise Desktop 11 | Product(s): | OpenJDK |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:25661 | |||
| Oval ID: | oval:org.mitre.oval:def:25661 | ||
| Title: | SUSE-SU-2013:1174-1 -- Security update for icedtea-web | ||
| Description: | This update to IcedTea-Web 1.4 provides some fixes and enhancements. | ||
| Family: | unix | Class: | patch |
| Reference(s): | SUSE-SU-2013:1174-1 CVE-2013-1926 CVE-2013-1927 CVE-2012-3422 CVE-2012-3423 | Version: | 3 |
| Platform(s): | SUSE Linux Enterprise Desktop 11 | Product(s): | icedtea-web |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:25719 | |||
| Oval ID: | oval:org.mitre.oval:def:25719 | ||
| Title: | SUSE-SU-2013:1666-1 -- Security update for OpenJDK 7 | ||
| Description: | This release updates our OpenJDK 7 support in the 2.4.x series with a number of security fixes and synchronises it with upstream development. The security issues fixed (a long list) can be found in the following link: http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-O ctober/025087.html <http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013- October/025087.html> | ||
| Family: | unix | Class: | patch |
| Reference(s): | SUSE-SU-2013:1666-1 CVE-2013-3829 CVE-2013-5780 CVE-2013-5772 CVE-2013-5814 CVE-2013-5790 CVE-2013-5849 CVE-2013-5802 CVE-2013-5851 CVE-2013-5809 CVE-2013-5817 CVE-2013-5783 CVE-2013-5782 CVE-2013-5778 CVE-2013-5803 CVE-2013-5840 CVE-2013-5825 CVE-2013-5842 CVE-2013-5774 CVE-2013-5804 CVE-2013-5797 CVE-2013-5850 CVE-2013-5829 CVE-2013-5830 CVE-2013-4002 CVE-2013-5784 CVE-2013-5820 CVE-2013-5805 CVE-2013-5806 CVE-2013-5823 CVE-2013-5800 | Version: | 3 |
| Platform(s): | SUSE Linux Enterprise Desktop 11 | Product(s): | OpenJDK 7 |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:25782 | |||
| Oval ID: | oval:org.mitre.oval:def:25782 | ||
| Title: | SUSE-SU-2013:1254-1 -- Security update for java-1_7_0-openjdk | ||
| Description: | This update to icedtea-2.4.1 fixes various security issues. | ||
| Family: | unix | Class: | patch |
| Reference(s): | SUSE-SU-2013:1254-1 CVE-2013-2407 CVE-2013-2445 CVE-2013-2451 CVE-2013-2450 CVE-2013-2446 CVE-2013-2452 CVE-2013-1500 CVE-2013-2444 CVE-2013-2447 CVE-2013-2443 CVE-2013-2412 CVE-2013-2449 CVE-2013-2448 CVE-2013-2455 CVE-2013-2457 CVE-2013-2453 CVE-2013-2456 CVE-2013-2459 CVE-2013-2458 CVE-2013-2454 CVE-2013-2460 CVE-2013-2470 CVE-2013-2471 CVE-2013-2472 CVE-2013-2473 CVE-2013-1571 CVE-2013-2463 CVE-2013-2465 CVE-2013-2469 CVE-2013-2461 | Version: | 3 |
| Platform(s): | SUSE Linux Enterprise Desktop 11 | Product(s): | java-1_7_0-openjdk |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:25783 | |||
| Oval ID: | oval:org.mitre.oval:def:25783 | ||
| Title: | SUSE-SU-2013:1293-2 -- Security update for IBM Java 1.4.2 | ||
| Description: | IBM Java 1.4.2 has been updated to SR13-FP18 to fix bugs and security issues: CVE-2013-3009, CVE-2013-3011, CVE-2013-3012, CVE-2013-2469, CVE-2013-2465, CVE-2013-2464, CVE-2013-2463, CVE-2013-2473, CVE-2013-2472, CVE-2013-2471, CVE-2013-2470, CVE-2013-2459, CVE-2013-2456, CVE-2013-2447, CVE-2013-2452, CVE-2013-2446, CVE-2013-2450, CVE-2013-1500 Please see also http://www.ibm.com/developerworks/java/jdk/alerts/ <http://www.ibm.com/developerworks/java/jdk/alerts/> Also following bug has been fixed: * mark files in jre/bin and bin/ as executable (bnc#823034) | ||
| Family: | unix | Class: | patch |
| Reference(s): | SUSE-SU-2013:1293-2 CVE-2013-3009 CVE-2013-3011 CVE-2013-3012 CVE-2013-2469 CVE-2013-2465 CVE-2013-2464 CVE-2013-2463 CVE-2013-2473 CVE-2013-2472 CVE-2013-2471 CVE-2013-2470 CVE-2013-2459 CVE-2013-2456 CVE-2013-2447 CVE-2013-2452 CVE-2013-2446 CVE-2013-2450 CVE-2013-1500 | Version: | 3 |
| Platform(s): | SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server 10 | Product(s): | IBM Java 1.4.2 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:25800 | |||
| Oval ID: | oval:org.mitre.oval:def:25800 | ||
| Title: | SUSE-SU-2013:0851-1 -- Security update for icedtea-web | ||
| Description: | This update of icedtea-web fixes several bugs and security issues. | ||
| Family: | unix | Class: | patch |
| Reference(s): | SUSE-SU-2013:0851-1 CVE-2013-1926 CVE-2013-1927 CVE-2012-3422 CVE-2012-3423 | Version: | 3 |
| Platform(s): | SUSE Linux Enterprise Desktop 11 | Product(s): | icedtea-web |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:25811 | |||
| Oval ID: | oval:org.mitre.oval:def:25811 | ||
| Title: | SUSE-SU-2013:0701-1 -- Security update for java-1_7_0-ibm | ||
| Description: | IBM Java 7 was updated to SR4-FP1, fixing bugs and security issues. | ||
| Family: | unix | Class: | patch |
| Reference(s): | SUSE-SU-2013:0701-1 CVE-2013-0485 CVE-2013-0809 CVE-2013-1493 CVE-2013-0169 | Version: | 3 |
| Platform(s): | SUSE Linux Enterprise Server 11 | Product(s): | java-1_7_0-ibm |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:25834 | |||
| Oval ID: | oval:org.mitre.oval:def:25834 | ||
| Title: | SUSE-SU-2013:1264-1 -- Security update for java-1_4_2-ibm | ||
| Description: | IBM Java 1.4.2 has been updated to SR13-FP18 to fix bugs and security issues. Please see also http://www.ibm.com/developerworks/java/jdk/alerts/ <http://www.ibm.com/developerworks/java/jdk/alerts/> Also the following bug has been fixed: * mark files in jre/bin and bin/ as executable (bnc#823034) | ||
| Family: | unix | Class: | patch |
| Reference(s): | SUSE-SU-2013:1264-1 CVE-2013-3009 CVE-2013-3011 CVE-2013-3012 CVE-2013-2469 CVE-2013-2465 CVE-2013-2464 CVE-2013-2463 CVE-2013-2473 CVE-2013-2472 CVE-2013-2471 CVE-2013-2470 CVE-2013-2459 CVE-2013-2456 CVE-2013-2447 CVE-2013-2452 CVE-2013-2446 CVE-2013-2450 CVE-2013-1500 | Version: | 3 |
| Platform(s): | SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server 10 | Product(s): | java-1_4_2-ibm |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:25853 | |||
| Oval ID: | oval:org.mitre.oval:def:25853 | ||
| Title: | SUSE-SU-2013:1256-1 -- Security update for java-1_7_0-ibm | ||
| Description: | IBM Java 1.7.0 has been updated to SR5 to fix bugs and security issues. | ||
| Family: | unix | Class: | patch |
| Reference(s): | SUSE-SU-2013:1256-1 CVE-2013-3006 CVE-2013-3007 CVE-2013-3008 CVE-2013-3009 CVE-2013-3010 CVE-2013-3011 CVE-2013-3012 CVE-2013-4002 CVE-2013-2468 CVE-2013-2469 CVE-2013-2465 CVE-2013-2464 CVE-2013-2463 CVE-2013-2473 CVE-2013-2472 CVE-2013-2471 CVE-2013-2470 CVE-2013-2459 CVE-2013-2466 CVE-2013-2462 CVE-2013-2460 CVE-2013-3743 CVE-2013-2448 CVE-2013-2442 CVE-2013-2407 CVE-2013-2454 CVE-2013-2458 CVE-2013-3744 CVE-2013-2400 CVE-2013-2456 CVE-2013-2453 CVE-2013-2457 | Version: | 3 |
| Platform(s): | SUSE Linux Enterprise Server 11 | Product(s): | java-1_7_0-ibm |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:25872 | |||
| Oval ID: | oval:org.mitre.oval:def:25872 | ||
| Title: | SUSE-SU-2013:0710-1 -- Security update for IBM Java | ||
| Description: | IBM Java 1.4.2 has been updated to SR13 FP16 which fixes bugs and security issues. | ||
| Family: | unix | Class: | patch |
| Reference(s): | SUSE-SU-2013:0710-1 CVE-2013-0485 CVE-2013-0809 CVE-2013-1493 | Version: | 3 |
| Platform(s): | SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server 10 | Product(s): | IBM Java |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:25883 | |||
| Oval ID: | oval:org.mitre.oval:def:25883 | ||
| Title: | SUSE-SU-2013:0814-1 -- Security update for java-1_6_0-openjdk | ||
| Description: | java-1_6_0-openjdk has been updated to version Icedtea6-1.12.5 which fixes several security issues. | ||
| Family: | unix | Class: | patch |
| Reference(s): | SUSE-SU-2013:0814-1 CVE-2013-1518 CVE-2013-2417 CVE-2013-2419 CVE-2013-1537 CVE-2013-1557 CVE-2013-2415 CVE-2013-2431 CVE-2013-2383 CVE-2013-2384 CVE-2013-1569 CVE-2013-2424 CVE-2013-2420 CVE-2013-2430 CVE-2013-2429 CVE-2013-2426 CVE-2013-0401 CVE-2013-2421 CVE-2013-1488 CVE-2013-2422 | Version: | 3 |
| Platform(s): | SUSE Linux Enterprise Desktop 11 | Product(s): | java-1_6_0-openjdk |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:25934 | |||
| Oval ID: | oval:org.mitre.oval:def:25934 | ||
| Title: | SUSE-SU-2013:0434-1 -- Security update for Java | ||
| Description: | This release of Icedtea6-1.12.4 fixes the following two issues that allowed a remote attacker to execute arbitrary code remotely by providing crafted images to the affected code. | ||
| Family: | unix | Class: | patch |
| Reference(s): | SUSE-SU-2013:0434-1 CVE-2013-0809 CVE-2013-1493 | Version: | 3 |
| Platform(s): | SUSE Linux Enterprise Desktop 11 | Product(s): | Java |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:25940 | |||
| Oval ID: | oval:org.mitre.oval:def:25940 | ||
| Title: | SUSE-SU-2013:0440-2 -- Security update for Java | ||
| Description: | IBM Java 1.4.2 has been updated to SR13-FP15 which fixes various critical security issues and bugs. | ||
| Family: | unix | Class: | patch |
| Reference(s): | SUSE-SU-2013:0440-2 CVE-2013-1478 CVE-2013-1480 CVE-2013-1476 CVE-2013-0442 CVE-2013-0425 CVE-2013-0426 CVE-2013-0428 CVE-2013-1481 CVE-2013-0432 CVE-2013-0434 CVE-2013-0424 CVE-2013-0440 CVE-2013-0443 | Version: | 3 |
| Platform(s): | SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server 10 | Product(s): | Java |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:25952 | |||
| Oval ID: | oval:org.mitre.oval:def:25952 | ||
| Title: | SUSE-SU-2013:1238-1 -- Security update for java-1_6_0-openjdk | ||
| Description: | java-1_6_0-openjdk has been updated to Icedtea6-1.12.6 version. | ||
| Family: | unix | Class: | patch |
| Reference(s): | SUSE-SU-2013:1238-1 CVE-2013-2407 CVE-2013-2445 CVE-2013-2451 CVE-2013-2450 CVE-2013-2446 CVE-2013-2452 CVE-2013-1500 CVE-2013-2444 CVE-2013-2447 CVE-2013-2443 CVE-2013-2412 CVE-2013-2448 CVE-2013-2455 CVE-2013-2457 CVE-2013-2453 CVE-2013-2456 CVE-2013-2459 CVE-2013-2470 CVE-2013-2471 CVE-2013-2472 CVE-2013-2473 CVE-2013-1571 CVE-2013-2463 CVE-2013-2465 CVE-2013-2469 CVE-2013-2461 | Version: | 3 |
| Platform(s): | SUSE Linux Enterprise Desktop 11 | Product(s): | java-1_6_0-openjdk |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:25988 | |||
| Oval ID: | oval:org.mitre.oval:def:25988 | ||
| Title: | SUSE-SU-2013:0934-1 -- Security update for Java 1.4.2 | ||
| Description: | IBM Java 1.4.2 has been updated to SR13-FP17 fixing bugs and security issues. http://www.ibm.com/developerworks/java/jdk/alerts/ <http://www.ibm.com/developerworks/java/jdk/alerts/> | ||
| Family: | unix | Class: | patch |
| Reference(s): | SUSE-SU-2013:0934-1 CVE-2013-1491 CVE-2013-2420 CVE-2013-2432 CVE-2013-1569 CVE-2013-2384 CVE-2013-2383 CVE-2013-1557 CVE-2013-1537 CVE-2013-2429 CVE-2013-2430 CVE-2013-2394 CVE-2013-2419 CVE-2013-2417 | Version: | 3 |
| Platform(s): | SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server 10 | Product(s): | Java 1.4.2 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:26128 | |||
| Oval ID: | oval:org.mitre.oval:def:26128 | ||
| Title: | SUSE-SU-2013:0315-1 -- Security update for Java 1.6.0 | ||
| Description: | java-1_6_0-openjdk based on Icedtea6-1.12.2 was released, fixing various security issues. | ||
| Family: | unix | Class: | patch |
| Reference(s): | SUSE-SU-2013:0315-1 CVE-2013-0424 CVE-2013-0425 CVE-2013-0426 CVE-2013-0427 CVE-2013-0429 CVE-2013-0432 CVE-2013-0443 CVE-2013-0440 CVE-2013-0442 CVE-2013-0428 CVE-2013-0441 CVE-2013-0435 CVE-2013-0433 CVE-2013-0450 CVE-2013-1475 CVE-2013-1476 CVE-2013-0434 CVE-2013-1478 CVE-2013-1480 | Version: | 3 |
| Platform(s): | SUSE Linux Enterprise Desktop 11 | Product(s): | Java 1.6.0 |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:26214 | |||
| Oval ID: | oval:org.mitre.oval:def:26214 | ||
| Title: | SUSE-SU-2013:0328-1 -- Security update for Java | ||
| Description: | java-1_6_0-openjdk has been updated to IcedTea 1.12.3 (bnc#804654) which contains security and bugfixes: * Security fixes o S8006446: Restrict MBeanServer access (CVE-2013-1486) o S8006777: Improve TLS handling of invalid messages Lucky 13 (CVE-2013-0169) o S8007688: Blacklist known bad certificate (issued by DigiCert) * Backports o S8007393: Possible race condition after JDK-6664509 o S8007611: logging behavior in applet changed * Bug fixes o PR1319: Support GIF lib v5. | ||
| Family: | unix | Class: | patch |
| Reference(s): | SUSE-SU-2013:0328-1 CVE-2013-1486 CVE-2013-0169 | Version: | 3 |
| Platform(s): | SUSE Linux Enterprise Desktop 11 | Product(s): | Java |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:26257 | |||
| Oval ID: | oval:org.mitre.oval:def:26257 | ||
| Title: | HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in Oracle Java SE 5.0u61, SE 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2014-0457 | Version: | 8 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:26262 | |||
| Oval ID: | oval:org.mitre.oval:def:26262 | ||
| Title: | SUSE-SU-2013:0440-3 -- Security update for Java | ||
| Description: | IBM Java 1.4.2 has been updated to SR13-FP15 which fixes various critical security issues and bugs. | ||
| Family: | unix | Class: | patch |
| Reference(s): | SUSE-SU-2013:0440-3 CVE-2013-1478 CVE-2013-1480 CVE-2013-1476 CVE-2013-0442 CVE-2013-0425 CVE-2013-0426 CVE-2013-0428 CVE-2013-1481 CVE-2013-0432 CVE-2013-0434 CVE-2013-0424 CVE-2013-0440 CVE-2013-0443 | Version: | 3 |
| Platform(s): | SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server 10 | Product(s): | Java |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:26596 | |||
| Oval ID: | oval:org.mitre.oval:def:26596 | ||
| Title: | ELSA-2014-1319 -- xerces-j2 security update (Moderate) | ||
| Description: | Apache Xerces for Java (Xerces-J) is a high performance, standards compliant, validating XML parser written in Java. The xerces-j2 packages provide Xerces-J version 2. A resource consumption issue was found in the way Xerces-J handled XML declarations. A remote attacker could use an XML document with a specially crafted declaration using a long pseudo-attribute name that, when parsed by an application using Xerces-J, would cause that application to use an excessive amount of CPU. (CVE-2013-4002) All xerces-j2 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. Applications using the Xerces-J must be restarted for this update to take effect. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2014-1319 CVE-2013-4002 | Version: | 3 |
| Platform(s): | Oracle Linux 7 | Product(s): | xerces-j2 |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:26653 | |||
| Oval ID: | oval:org.mitre.oval:def:26653 | ||
| Title: | HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2014-0429 | Version: | 8 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:26692 | |||
| Oval ID: | oval:org.mitre.oval:def:26692 | ||
| Title: | DEPRECATED: ELSA-2013-0604 -- java-1.6.0-openjdk security update (important) | ||
| Description: | [ 1:1.6.0.0-1.36.1.11.9.0.1.el5_9] - Add oracle-enterprise.patch [1:1.6.0.0-1.36.1.11.9] - Updated to icedtea6 1.11.9 - Resolves: rhbz#917176 | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2013-0604 CVE-2013-1493 CVE-2013-0809 | Version: | 4 |
| Platform(s): | Oracle Linux 5 | Product(s): | java-1.6.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:26825 | |||
| Oval ID: | oval:org.mitre.oval:def:26825 | ||
| Title: | DEPRECATED: ELSA-2014-0407 -- java-1.7.0-openjdk security update (Important) | ||
| Description: | The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2014-0429) Multiple flaws were discovered in the Hotspot and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to trigger Java Virtual Machine memory corruption and possibly bypass Java sandbox restrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421) Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2014-0457, CVE-2014-0455, CVE-2014-0461) Multiple improper permission check issues were discovered in the AWT, JAX-WS, JAXB, Libraries, Security, Sound, and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-2412, CVE-2014-0451, CVE-2014-0458, CVE-2014-2423, CVE-2014-0452, CVE-2014-2414, CVE-2014-2402, CVE-2014-0446, CVE-2014-2413, CVE-2014-0454, CVE-2014-2427, CVE-2014-0459) Multiple flaws were identified in the Java Naming and Directory Interface (JNDI) DNS client. These flaws could make it easier for a remote attacker to perform DNS spoofing attacks. (CVE-2014-0460) It was discovered that the JAXP component did not properly prevent access to arbitrary files when a SecurityManager was present. This flaw could cause a Java application using JAXP to leak sensitive information, or affect application availability. (CVE-2014-2403) It was discovered that the Security component in OpenJDK could leak some timing information when performing PKCS#1 unpadding. This could possibly lead to the disclosure of some information that was meant to be protected by encryption. (CVE-2014-0453) It was discovered that the fix for CVE-2013-5797 did not properly resolve input sanitization flaws in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting (XSS) attacks. (CVE-2014-2398) An insecure temporary file use flaw was found in the way the unpack200 utility created log files. A local attacker could possibly use this flaw to perform a symbolic link attack and overwrite arbitrary files with the privileges of the user running unpack200. (CVE-2014-1876) All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2014-0407 CVE-2014-0429 CVE-2014-0446 CVE-2014-0451 CVE-2014-0452 CVE-2014-0453 CVE-2014-0454 CVE-2014-0455 CVE-2014-0456 CVE-2014-0457 CVE-2014-0458 CVE-2014-0459 CVE-2014-0460 CVE-2014-0461 CVE-2014-1876 CVE-2014-2397 CVE-2014-2398 CVE-2014-2402 CVE-2014-2403 CVE-2014-2412 CVE-2014-2413 CVE-2014-2414 CVE-2014-2421 CVE-2014-2423 CVE-2014-2427 CVE-2013-5797 | Version: | 4 |
| Platform(s): | Oracle Linux 5 | Product(s): | java-1.7.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:26920 | |||
| Oval ID: | oval:org.mitre.oval:def:26920 | ||
| Title: | DEPRECATED: ELSA-2014-0408 -- java-1.6.0-openjdk security and bug fix update (Important) | ||
| Description: | The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2014-0429) Multiple flaws were discovered in the Hotspot and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to trigger Java Virtual Machine memory corruption and possibly bypass Java sandbox restrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421) Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2014-0457, CVE-2014-0461) Multiple improper permission check issues were discovered in the AWT, JAX-WS, JAXB, Libraries, and Sound components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-2412, CVE-2014-0451, CVE-2014-0458, CVE-2014-2423, CVE-2014-0452, CVE-2014-2414, CVE-2014-0446, CVE-2014-2427) Multiple flaws were identified in the Java Naming and Directory Interface (JNDI) DNS client. These flaws could make it easier for a remote attacker to perform DNS spoofing attacks. (CVE-2014-0460) It was discovered that the JAXP component did not properly prevent access to arbitrary files when a SecurityManager was present. This flaw could cause a Java application using JAXP to leak sensitive information, or affect application availability. (CVE-2014-2403) It was discovered that the Security component in OpenJDK could leak some timing information when performing PKCS#1 unpadding. This could possibly lead to the disclosure of some information that was meant to be protected by encryption. (CVE-2014-0453) It was discovered that the fix for CVE-2013-5797 did not properly resolve input sanitization flaws in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting (XSS) attacks. (CVE-2014-2398) An insecure temporary file use flaw was found in the way the unpack200 utility created log files. A local attacker could possibly use this flaw to perform a symbolic link attack and overwrite arbitrary files with the privileges of the user running unpack200. (CVE-2014-1876) This update also fixes the following bug: * The OpenJDK update to IcedTea version 1.13 introduced a regression related to the handling of the jdk_version_info variable. This variable was not properly zeroed out before being passed to the Java Virtual Machine, resulting in a memory leak in the java.lang.ref.Finalizer class. This update fixes this issue, and memory leaks no longer occur. (BZ#1085373) All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2014-0408 CVE-2014-0429 CVE-2014-0446 CVE-2014-0451 CVE-2014-0452 CVE-2014-0453 CVE-2014-0456 CVE-2014-0457 CVE-2014-0458 CVE-2014-0460 CVE-2014-0461 CVE-2014-1876 CVE-2014-2397 CVE-2014-2398 CVE-2014-2403 CVE-2014-2412 CVE-2014-2414 CVE-2014-2421 CVE-2014-2423 CVE-2014-2427 CVE-2013-5797 | Version: | 4 |
| Platform(s): | Oracle Linux 6 Oracle Linux 5 | Product(s): | java-1.6.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:26976 | |||
| Oval ID: | oval:org.mitre.oval:def:26976 | ||
| Title: | DEPRECATED: ELSA-2013-1804 -- libjpeg security update (moderate) | ||
| Description: | [6b-38] - Add patch for CVE-2013-6629 - Resolves: #1031952 | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2013-1804 CVE-2013-6629 | Version: | 4 |
| Platform(s): | Oracle Linux 5 | Product(s): | libjpeg |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:26987 | |||
| Oval ID: | oval:org.mitre.oval:def:26987 | ||
| Title: | DEPRECATED: ELSA-2014-0406 -- java-1.7.0-openjdk security update (Critical) | ||
| Description: | The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2014-0429) Multiple flaws were discovered in the Hotspot and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to trigger Java Virtual Machine memory corruption and possibly bypass Java sandbox restrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421) Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2014-0457, CVE-2014-0455, CVE-2014-0461) Multiple improper permission check issues were discovered in the AWT, JAX-WS, JAXB, Libraries, Security, Sound, and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-2412, CVE-2014-0451, CVE-2014-0458, CVE-2014-2423, CVE-2014-0452, CVE-2014-2414, CVE-2014-2402, CVE-2014-0446, CVE-2014-2413, CVE-2014-0454, CVE-2014-2427, CVE-2014-0459) Multiple flaws were identified in the Java Naming and Directory Interface (JNDI) DNS client. These flaws could make it easier for a remote attacker to perform DNS spoofing attacks. (CVE-2014-0460) It was discovered that the JAXP component did not properly prevent access to arbitrary files when a SecurityManager was present. This flaw could cause a Java application using JAXP to leak sensitive information, or affect application availability. (CVE-2014-2403) It was discovered that the Security component in OpenJDK could leak some timing information when performing PKCS#1 unpadding. This could possibly lead to the disclosure of some information that was meant to be protected by encryption. (CVE-2014-0453) It was discovered that the fix for CVE-2013-5797 did not properly resolve input sanitization flaws in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting (XSS) attacks. (CVE-2014-2398) An insecure temporary file use flaw was found in the way the unpack200 utility created log files. A local attacker could possibly use this flaw to perform a symbolic link attack and overwrite arbitrary files with the privileges of the user running unpack200. (CVE-2014-1876) Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2014-0406 CVE-2014-0429 CVE-2014-0446 CVE-2014-0451 CVE-2014-0452 CVE-2014-0453 CVE-2014-0454 CVE-2014-0455 CVE-2014-0456 CVE-2014-0457 CVE-2014-0458 CVE-2014-0459 CVE-2014-0460 CVE-2014-0461 CVE-2014-1876 CVE-2014-2397 CVE-2014-2398 CVE-2014-2402 CVE-2014-2403 CVE-2014-2412 CVE-2014-2413 CVE-2014-2414 CVE-2014-2421 CVE-2014-2423 CVE-2014-2427 CVE-2013-5797 | Version: | 4 |
| Platform(s): | Oracle Linux 6 | Product(s): | java-1.7.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:27040 | |||
| Oval ID: | oval:org.mitre.oval:def:27040 | ||
| Title: | DEPRECATED: ELSA-2013-1505 -- java-1.6.0-openjdk security update (important) | ||
| Description: | [1:1.6.0.0-1.68.1.11.14] - updated to icedtea6-1.11.14.tar.gz - added and applied 1.11.14-fixes.patch, patch10 to fix build issues - adapted patch8 java-1.6.0-openjdk-timezone-id.patch - Resolves: rhbz#1017618 [1:1.6.0.1-1.67.1.13.0] - reverted previous update - Resolves: rhbz#1017618 [1:1.6.0.1-1.66.1.13.0] - updated to icedtea 1.13 - updated to openjdk-6-src-b28-04_oct_2013 - added --disable-lcms2 configure switch to fix tck - removed upstreamed patch7,java-1.6.0-openjdk-jstack.patch - added patch7 1.13_fixes.patch to fix 1.13 build issues - adapted patch0 java-1.6.0-openjdk-optflags.patch - adapted patch3 java-1.6.0-openjdk-java-access-bridge-security.patch - adapted patch8 java-1.6.0-openjdk-timezone-id.patch - removed useless runtests parts - included also java.security.old files - Resolves: rhbz#1017618 | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2013-1505 CVE-2013-3829 CVE-2013-4002 CVE-2013-5772 CVE-2013-5774 CVE-2013-5778 CVE-2013-5780 CVE-2013-5782 CVE-2013-5783 CVE-2013-5784 CVE-2013-5790 CVE-2013-5797 CVE-2013-5802 CVE-2013-5803 CVE-2013-5804 CVE-2013-5809 CVE-2013-5814 CVE-2013-5817 CVE-2013-5820 CVE-2013-5823 CVE-2013-5825 CVE-2013-5829 CVE-2013-5830 CVE-2013-5840 CVE-2013-5842 CVE-2013-5849 CVE-2013-5850 | Version: | 4 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | java-1.6.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:27193 | |||
| Oval ID: | oval:org.mitre.oval:def:27193 | ||
| Title: | DEPRECATED: ELSA-2013-1447 -- java-1.7.0-openjdk security update (important) | ||
| Description: | [1.7.0.45-2.4.3.1.0.1.el5_10] - Add oracle-enterprise.patch - Fix DISTRO_NAME to 'Enterprise Linux' [1.7.0.45-2.4.3.1.el5] - Updated to icedtea 2.4.3 - Resolves: rhbz#1017623 [1.7.0.45-2.4.3.0.el5] - fixed and updated tapset - removed bootstrap - source 11 redeclared to 1111 - added source12: TestCryptoLevel.java - removed upstreamed patch103 java-1.7.0-openjdk-arm-fixes.patch - removed unnecessary patch112 java-1.7.0-openjdk-doNotUseDisabledEcc.patch - added patch120: java-1.7.0-openjdk-freetype-check-fix.patch - fixed nss - cleaned sources - Resolves: rhbz#1017623 [1.7.0.25-2.4.1.4.el5] - updated to icedtea 2.4.1 - improoved handling of patch111 - nss-config-2.patch - backported uniquesuffix from 6.5 - Resolves: rhbz#978421 | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2013-1447 CVE-2013-3829 CVE-2013-4002 CVE-2013-5772 CVE-2013-5774 CVE-2013-5778 CVE-2013-5780 CVE-2013-5782 CVE-2013-5783 CVE-2013-5784 CVE-2013-5790 CVE-2013-5797 CVE-2013-5800 CVE-2013-5802 CVE-2013-5803 CVE-2013-5804 CVE-2013-5809 CVE-2013-5814 CVE-2013-5817 CVE-2013-5820 CVE-2013-5823 CVE-2013-5825 CVE-2013-5829 CVE-2013-5830 CVE-2013-5838 CVE-2013-5840 CVE-2013-5842 CVE-2013-5849 CVE-2013-5850 CVE-2013-5851 | Version: | 4 |
| Platform(s): | Oracle Linux 5 | Product(s): | java-1.7.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:27229 | |||
| Oval ID: | oval:org.mitre.oval:def:27229 | ||
| Title: | RHSA-2014:1319: xerces-j2 security update (Moderate) | ||
| Description: | Apache Xerces for Java (Xerces-J) is a high performance, standards compliant, validating XML parser written in Java. The xerces-j2 packages provide Xerces-J version 2. A resource consumption issue was found in the way Xerces-J handled XML declarations. A remote attacker could use an XML document with a specially crafted declaration using a long pseudo-attribute name that, when parsed by an application using Xerces-J, would cause that application to use an excessive amount of CPU. (CVE-2013-4002) All xerces-j2 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. Applications using the Xerces-J must be restarted for this update to take effect. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2014:1319-00 CESA-2014:1319 CVE-2013-4002 | Version: | 3 |
| Platform(s): | Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 CentOS Linux 6 CentOS Linux 7 | Product(s): | xerces-j2 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:27291 | |||
| Oval ID: | oval:org.mitre.oval:def:27291 | ||
| Title: | DEPRECATED: ELSA-2013-0957 -- java-1.7.0-openjdk security update (critical) | ||
| Description: | [1.7.0.25-2.3.10.3.0.1.el6_4] - Update DISTRO_NAME in specfile [1.7.0.25-2.3.10.3.el6] - removed upstreamed patch1000 MBeanFix.patch - updated to newer IcedTea7-forest 2.3.10 with 8010118 fix - Resolves: rhbz#973119 [1.7.0.25-2.3.10.2.el6] - added patch1000 MBeanFix.patch to fix regressions caused by security patches - Resolves: rhbz#973119 [1.7.0.25-2.3.10.1.el6] - build bumped to 25 - Resolves: rhbz#973119 [1.7.0.19-2.3.10.0.el6] - Updated to latest IcedTea7-forest 2.3.10 - patch 107 renamed to 500 for cosmetic purposes - improved handling of patch111 - nss-config-2.patch - removed patch 117, java-1.7.0-openjdk-nss-multiplePKCS11libraryInitialisationNnonCritical.patch duplicated with patch 108 (java-1.7.0-openjdk-nss-icedtea-e9c857dcb964) - Added client/server directories so they can be owned - Added fix for RH857717, owned /etc/.java/ and /etc/.java/.systemPrefs - Resolves: rhbz#973119 | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2013-0957 CVE-2013-1500 CVE-2013-1571 CVE-2013-2407 CVE-2013-2412 CVE-2013-2443 CVE-2013-2444 CVE-2013-2445 CVE-2013-2446 CVE-2013-2447 CVE-2013-2448 CVE-2013-2449 CVE-2013-2450 CVE-2013-2452 CVE-2013-2453 CVE-2013-2454 CVE-2013-2455 CVE-2013-2456 CVE-2013-2457 CVE-2013-2458 CVE-2013-2459 CVE-2013-2460 CVE-2013-2461 CVE-2013-2463 CVE-2013-2465 CVE-2013-2469 CVE-2013-2470 CVE-2013-2471 CVE-2013-2472 CVE-2013-2473 | Version: | 4 |
| Platform(s): | Oracle Linux 6 | Product(s): | java-1.7.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:27295 | |||
| Oval ID: | oval:org.mitre.oval:def:27295 | ||
| Title: | DEPRECATED: ELSA-2010-0164 -- openssl097a security update (moderate) | ||
| Description: | [0.9.7a-9.2] - CVE-2009-3555 - support the secure renegotiation RFC (#533125) | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2010-0164 CVE-2009-3555 | Version: | 4 |
| Platform(s): | Oracle Linux 5 | Product(s): | openssl097a |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:27328 | |||
| Oval ID: | oval:org.mitre.oval:def:27328 | ||
| Title: | DEPRECATED: ELSA-2013-0274 -- java-1.6.0-openjdk security update (important) | ||
| Description: | [ 1:1.6.0.0-1.35.1.11.8.0.1.el5_9] - Add oracle-enterprise.patch [1:1.6.0.0-1.35.1.11.8] - Rebuild with updated source tarball - Resolves: rhbz#911522 [1:1.6.0.0-1.34.1.11.8] - Updated to icedtea6 1.11.8 - Removed patch9 7201064.patch - Removed patch10 8005615.patch - Removed not-applied patch 6664509.patch - Removed mauve as deadly outdated and run on QA - jtreg kept, useless, but valid - Rewritten java-1.6.0-openjdk-java-access-bridge-security.patch - Resolves: rhbz#911522 | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2013-0274 CVE-2013-0169 CVE-2013-1486 | Version: | 4 |
| Platform(s): | Oracle Linux 5 | Product(s): | java-1.6.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:27330 | |||
| Oval ID: | oval:org.mitre.oval:def:27330 | ||
| Title: | DEPRECATED: ELSA-2012-1009 -- java-1.7.0-openjdk security and bug fix update (important) | ||
| Description: | [1.7.0.5-2.2.1.0.1.el6] - Modify DISTRO_NAME for Oracle [1.7.0.5-2.2.1.el6] - Updated priority to be > 17000 and to depend on buildver variable - Variable buildver increased to 5 as it should be - Resolves: rhbz#828759 [1.7.0.3-2.2.1.el6] - Used newly prepared tarball with security fixes - Bump to icedtea7-forest-2.2.1 - _mandir/man1/jcmd-name.1 added to alternatives - Updated rhino.patch - Updated java-1.7.0-openjdk-java-access-bridge-security.patch - Modified partially upstreamed patch302 - systemtap.patch - Temporarly disabled patch102 - java-1.7.0-openjdk-size_t.patch - Removed already upstreamed patches 104,108,109,301,110: - java-1.7.0-openjdk-arm-ftbfs.patch - java-1.7.0-openjdk-system-zlib.patch - java-1.7.0-openjdk-remove-mimpure-opt.patch - systemtap-alloc-size-workaround.patch - java-1.7.0-fix-gio-detection.patch - Access gnome bridge jar forced to be 644 - Added patch303 - java-1.7.0-openjdk-jstack.patch which resolved RH804632 for openjdk6 - Resolves: rhbz#828759 | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012-1009 CVE-2012-1711 CVE-2012-1713 CVE-2012-1716 CVE-2012-1717 CVE-2012-1718 CVE-2012-1719 CVE-2012-1723 CVE-2012-1724 CVE-2012-1725 CVE-2012-1726 | Version: | 4 |
| Platform(s): | Oracle Linux 6 | Product(s): | java-1.7.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:27331 | |||
| Oval ID: | oval:org.mitre.oval:def:27331 | ||
| Title: | ELSA-2014-0675 -- java-1.7.0-openjdk security update (critical) | ||
| Description: | [1.7.0.55-2.4.7.2.0.1.el7_0] - Update DISTRO_NAME in specfile [1.7.0.55-2.4.7.2] - Remove NSS patches. Issues with PKCS11 provider mean it shouldn't be enabled. - Always setup nss.cfg and depend on nss-devel at build-time to do so. - This allows users who wish to use PKCS11+NSS to just add it to java.security. - Patches to PKCS11 provider will be included upstream in 2.4.8 (ETA July 2014) - Resolves: rhbz#1099565 [1.7.0.55-2.4.7.0.el7] - bumped to future icedtea-forest 2.4.7 - updatever set to 55, buildver se to 13, release reset to 0 - removed upstreamed patch402 gstackbounds.patch - removed Requires: rhino, BuildRequires is enough - ppc64 repalced by power64 macro - patch111 applied as dry-run (6.6 forward port) - nss enabled, but notused as default (6.6 forward port) - Resolves: rhbz#1099565 | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2014-0675 CVE-2014-0454 CVE-2014-0455 CVE-2014-0456 CVE-2014-0457 CVE-2014-0458 CVE-2014-0459 CVE-2014-0460 CVE-2014-0461 CVE-2014-1876 CVE-2014-2397 CVE-2014-2398 CVE-2014-2402 CVE-2014-2403 CVE-2014-2412 CVE-2014-2413 CVE-2014-2414 CVE-2014-2421 CVE-2014-2423 CVE-2014-2427 CVE-2014-0429 CVE-2014-0446 CVE-2014-0451 CVE-2014-0452 CVE-2014-0453 | Version: | 5 |
| Platform(s): | Oracle Linux 7 | Product(s): | java-1.7.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:27353 | |||
| Oval ID: | oval:org.mitre.oval:def:27353 | ||
| Title: | DEPRECATED: ELSA-2013-0770 -- java-1.6.0-openjdk security update (important) | ||
| Description: | [1:1.6.0.0-1.61.1.11.11] - added and applied (temporally) patch10 fixToFontSecurityFix.patch. - fixing regression in fonts introduced by one security patch. - Resolves: rhbz#950386 [1:1.6.0.0-1.60.1.11.11] - added and applied (temporally) one more patch to xalan/xerces privileges - patch9 jaxp-backport-factoryfinder.patch - will be upstreamed - Resolves: rhbz#950386 [1:1.6.0.0-1.59.1.11.11] - Updated to icedtea6 1.11.11 - fixed xalan/xerxes privledges - removed patch 8 - removingOfAarch64.patch.patch - fixed upstream - Resolves: rhbz#950386 [1:1.6.0.0-1.58.1.11.10] - Updated to icedtea6 1.11.10 - rewritten java-1.6.0-openjdk-java-access-bridge-security.patch - excluded aarch64.patch - by patch 8 - removingOfAarch64.patch.patch - Resolves: rhbz#950386 | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2013-0770 CVE-2013-2420 CVE-2013-2422 CVE-2013-2429 CVE-2013-2431 CVE-2013-1537 CVE-2013-2419 CVE-2013-2421 CVE-2013-2424 CVE-2013-2426 CVE-2013-2430 CVE-2013-0401 CVE-2013-1518 CVE-2013-2383 CVE-2013-1488 CVE-2013-1558 CVE-2013-1569 CVE-2013-2417 CVE-2013-1557 CVE-2013-2384 CVE-2013-2415 | Version: | 4 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | java-1.6.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:27509 | |||
| Oval ID: | oval:org.mitre.oval:def:27509 | ||
| Title: | DEPRECATED: ELSA-2013-0246 -- java-1.6.0-openjdk security update (important) | ||
| Description: | [ 1:1.6.0.0-1.33.1.11.6.0.1.el5_9] - Add oracle-enterprise.patch [1:1.6.0.0-1.33.1.11.6] - removed patch9 revertTwoWrongSecurityPatches2013-02-06.patch - added patch9: 7201064.patch to be reverted - added patch10: 8005615.patch to fix the 6664509.patch - Resolves: rhbz#906705 [1:1.6.0.0-1.32.1.11.6] - added patch9 revertTwoWrongSecurityPatches2013-02-06.patch to remove 6664509 and 7201064 from 1.11.6 tarball - Resolves: rhbz#906705 [1:1.6.0.0-1.31.1.11.6] - Updated to icedtea6 1.11.6 - Rewritten java-1.6.0-openjdk-java-access-bridge-security.patch - Resolves: rhbz#906705 | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2013-0246 CVE-2013-0424 CVE-2013-0425 CVE-2013-0426 CVE-2013-0427 CVE-2013-0428 CVE-2013-0429 CVE-2013-0432 CVE-2013-0433 CVE-2013-0434 CVE-2013-0435 CVE-2013-0440 CVE-2013-0441 CVE-2013-0442 CVE-2013-0443 CVE-2013-0445 CVE-2013-0450 CVE-2013-1475 CVE-2013-1476 CVE-2013-1478 CVE-2013-1480 | Version: | 4 |
| Platform(s): | Oracle Linux 5 | Product(s): | java-1.6.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:27537 | |||
| Oval ID: | oval:org.mitre.oval:def:27537 | ||
| Title: | DEPRECATED: ELSA-2011-0176 -- java-1.6.0-openjdk security update (moderate) | ||
| Description: | [1:1.6.0.0-1.17.b17.0.1.el5] - Add oracle-enterprise.patch [1:1.6.0.0-1.17.b17.el5] - Updated to 1.7.7 tarball - Resolves: bz668487 - Also resolves bz668488 | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2011-0176 CVE-2010-3860 CVE-2010-4351 | Version: | 4 |
| Platform(s): | Oracle Linux 5 | Product(s): | java-1.6.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:27551 | |||
| Oval ID: | oval:org.mitre.oval:def:27551 | ||
| Title: | DEPRECATED: ELSA-2013-0275 -- java-1.7.0-openjdk security update (important) | ||
| Description: | [1.7.0.9-2.3.7.1.0.2.el6_3] - Increase release number and rebuild. [1.7.0.9-2.3.7.1.0.1.el6_3] - Update DISTRO_NAME in specfile [1.7.0.9-2.3.7.1.el6_3] - Updated main source tarball - Resolves: rhbz#911529 [1.7.0.9-2.3.7.0.el6_3] - Removed patch1000 sec-2013-02-01-8005615.patch - Removed patch1001 sec-2013-02-01-8005615-sync_with_jdk7u.patch - Removed patch1010 sec-2013-02-01-7201064.patch - Removed testing - mauve was outdated and - jtreg was icedtea relict - Updated to icedtea 2.3.7 - Added java -Xshare:dump to post (see 513605) fo jitarchs - Resolves: rhbz#911529 | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2013-0275 CVE-2013-1485 CVE-2013-1484 CVE-2013-1486 CVE-2013-0169 | Version: | 4 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | java-1.7.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:27569 | |||
| Oval ID: | oval:org.mitre.oval:def:27569 | ||
| Title: | DEPRECATED: ELSA-2013-0605 -- java-1.6.0-openjdk security update (critical) | ||
| Description: | [1:1.6.0.0-1.57.1.11.9] - Updated to icedtea6 1.11.9 - Resolves: rhbz#917179 | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2013-0605 CVE-2013-1493 CVE-2013-0809 | Version: | 4 |
| Platform(s): | Oracle Linux 6 | Product(s): | java-1.6.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:27572 | |||
| Oval ID: | oval:org.mitre.oval:def:27572 | ||
| Title: | DEPRECATED: ELSA-2013-0603 -- java-1.7.0-openjdk security update (important) | ||
| Description: | [1.7.0.9-2.3.8.0.0.1.el5_9] - Add oracle-enterprise.patch - Fix DISTRO_NAME to 'Enterprise Linux' [1.7.0.9-2.3.8.0.el5_9] - Updated to icedtea7-forest-2.3 - Resolves: rhbz#917181 | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2013-0603 CVE-2013-0809 CVE-2013-1493 | Version: | 4 |
| Platform(s): | Oracle Linux 5 | Product(s): | java-1.7.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:27578 | |||
| Oval ID: | oval:org.mitre.oval:def:27578 | ||
| Title: | DEPRECATED: ELSA-2013-0273 -- java-1.6.0-openjdk security update (critical) | ||
| Description: | [1:1.6.0.0-1.56.1.11.8] - Rebuild with updated sources - Resolves: rhbz#911524 [1:1.6.0.0-1.55.1.11.8] - Updated to icedtea6 1.11.8 - Removed patch9 7201064.patch - Removed patch10 8005615.patch - Removed not-applied patch 6664509.patch - Removed mauve as deadly outdated and run on QA - jtreg kept, useless, but working - Resolves: rhbz#911524 | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2013-0273 CVE-2013-0169 CVE-2013-1486 | Version: | 4 |
| Platform(s): | Oracle Linux 6 | Product(s): | java-1.6.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:27582 | |||
| Oval ID: | oval:org.mitre.oval:def:27582 | ||
| Title: | DEPRECATED: ELSA-2013-0958 -- java-1.7.0-openjdk security update (important) | ||
| Description: | [1.7.0.25-2.3.10.4.0.1.el5_9] - Add oracle-enterprise.patch - Fix DISTRO_NAME to 'Enterprise Linux' [1.7.0.25-2.3.10.4.el5] - updated to newer IcedTea7-forest 2.3.10 with 8010118 fix - removed upstreamed patch1000 MBeanFix.patch - Resolves: rhbz#973117 [1.7.0.25-2.3.10.3.el5] - reverted fix for license files owning - Resolves: rhbz#973117 [1.7.0.25-2.3.10.2.el5] - added patch1000 MBeanFix.patch to fix regressions caused by security patches - Resolves: rhbz#973117 [1.7.0.25-2.3.10.1.el6] - build bumped to 25 - Resolves: rhbz#973117 [1.7.0.19-2.3.10.0.el5] - Updated to latest IcedTea7-forest 2.3.10 - patch 107 renamed to 500 for cosmetic purposes - Added fix for RH857717, owned /etc/.java/ and /etc/.java/.systemPrefs - Resolves: rhbz#973117 [1.7.0.19-2.3.10.0.el5] - Updated to latest IcedTea7-forest 2.3.10 - Resolves: rhbz#973117 | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2013-0958 CVE-2013-1500 CVE-2013-1571 CVE-2013-2407 CVE-2013-2412 CVE-2013-2443 CVE-2013-2444 CVE-2013-2445 CVE-2013-2446 CVE-2013-2447 CVE-2013-2448 CVE-2013-2449 CVE-2013-2450 CVE-2013-2452 CVE-2013-2453 CVE-2013-2454 CVE-2013-2455 CVE-2013-2456 CVE-2013-2457 CVE-2013-2458 CVE-2013-2459 CVE-2013-2460 CVE-2013-2461 CVE-2013-2463 CVE-2013-2465 CVE-2013-2469 CVE-2013-2470 CVE-2013-2471 CVE-2013-2472 CVE-2013-2473 | Version: | 4 |
| Platform(s): | Oracle Linux 5 | Product(s): | java-1.7.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:27591 | |||
| Oval ID: | oval:org.mitre.oval:def:27591 | ||
| Title: | DEPRECATED: ELSA-2012-0730 -- java-1.6.0-openjdk security update (important) | ||
| Description: | [1.6.0.0-1.27.1.10.8.0.1.el5_8] - Add oracle-enterprise.patch [1:1.6.0.0-1.27.1.10.8] - Modified patch3, java-1.6.0-openjdk-java-access-bridge-security.patch: - com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils. - packages added also to package.definition - Resolves: rhbz#828749 [1:1.6.0.0-1.26.1.10.8] - Updated to IcedTea6 1.10.8 - Modified patch3, java-1.6.0-openjdk-java-access-bridge-security.patch: - com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils. - packages added to patch - Resolves: rhbz#828749 | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012-0730 CVE-2012-1711 CVE-2012-1713 CVE-2012-1716 CVE-2012-1717 CVE-2012-1718 CVE-2012-1719 CVE-2012-1723 CVE-2012-1724 CVE-2012-1725 | Version: | 4 |
| Platform(s): | Oracle Linux 5 | Product(s): | java-1.6.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:27593 | |||
| Oval ID: | oval:org.mitre.oval:def:27593 | ||
| Title: | DEPRECATED: ELSA-2013-0602 -- java-1.7.0-openjdk security update (critical) | ||
| Description: | [1.7.0.9-2.3.8.0.0.1.el6_4] - Update DISTRO_NAME in specfile [1.7.0.9-2.3.8.0el6] - Revert to rhel 6.3 version of spec file - Revert to icedtea7 2.3.8 forest - Resolves: rhbz#917183 [1.7.0.11-2.4.0.pre5.el6] - Update to latest snapshot of icedtea7 2.4 forest - Resolves: rhbz#917183 [1.7.0.9-2.4.0.pre4.3.el6] - Updated to icedtea 2.4.0.pre4, - Rewritten (again) patch3 java-1.7.0-openjdk-java-access-bridge-security.patch - Resolves: rhbz#911530 [1.7.0.9-2.4.0.pre3.3.el6] - Updated to icedtea 2.4.0.pre3, updated! - Rewritten patch3 java-1.7.0-openjdk-java-access-bridge-security.patch - Resolves: rhbz#911530 [1.7.0.9-2.4.0.pre2.3.el6] - Removed testing - mauve was outdated and - jtreg was icedtea relict - Updated to icedtea 2.4.0.pre2, updated? - Added java -Xshare:dump to post (see 513605) fo jitarchs - Resolves: rhbz#911530 [1.7.0.11-2.4.0.2.el6] - Unapplied but kept (for 2.3revert) patch110, java-1.7.0-openjdk-nss-icedtea-e9c857dcb964.patch - Added and applied patch113: java-1.7.0-openjdk-aes-update_reset.patch - Added and applied patch114: java-1.7.0-openjdk-nss-tck.patch - Added and applied patch115: java-1.7.0-openjdk-nss-split_results.patch - NSS enabled by default - enable_nss set to 1 - rewritten patch109 - java-1.7.0-openjdk-nss-config-1.patch - rewritten patch111 - java-1.7.0-openjdk-nss-config-2.patch - Resolves: rhbz#831734 [1.7.0.11-2.4.0.1.el6] - Rewritten patch105: java-1.7.0-openjdk-disable-system-lcms.patch - Added jxmd and idlj to alternatives - make executed with DISABLE_INTREE_EC=true and UNLIMITED_CRYPTO=true - Unapplied patch302 and deleted systemtap.patch - buildver increased to 11 - icedtea_version set to 2.4.0 - Added and applied patch112 java-1.7.openjdk-doNotUseDisabledEcc.patch - removed tmp-patches source tarball - Added /lib/security/US_export_policy.jar and lib/security/local_policy.jar - Disabled nss - enable_nss set to 0 - Resolves: rhbz#895034 | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2013-0602 CVE-2013-0809 CVE-2013-1493 | Version: | 4 |
| Platform(s): | Oracle Linux 6 | Product(s): | java-1.7.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:27605 | |||
| Oval ID: | oval:org.mitre.oval:def:27605 | ||
| Title: | DEPRECATED: ELSA-2013-0587 -- openssl security update (moderate) | ||
| Description: | [1.0.0-27.2] - fix for CVE-2013-0169 - SSL/TLS CBC timing attack (#907589) - fix for CVE-2013-0166 - DoS in OCSP signatures checking (#908052) - enable compression only if explicitly asked for or OPENSSL_DEFAULT_ZLIB environment variable is set (fixes CVE-2012-4929 #857051) - use __secure_getenv() everywhere instead of getenv() (#839735) | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2013-0587 CVE-2013-0166 CVE-2012-4929 CVE-2013-0169 | Version: | 4 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | openssl |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:27631 | |||
| Oval ID: | oval:org.mitre.oval:def:27631 | ||
| Title: | DEPRECATED: ELSA-2013-0245 -- java-1.6.0-openjdk security update (critical) | ||
| Description: | [1:1.6.0.0-1.54.1.11.6] - removed patch8 revertTwoWrongSecurityPatches2013-02-06.patch - added patch8: 7201064.patch to be reverted - added patch9: 8005615.patch to fix the 6664509.patch - Resolves: rhbz#906707 [1:1.6.0.0-1.53.1.11.6] - added patch8 revertTwoWrongSecurityPatches2013-02-06.patch to remove 6664509 and 7201064 from 1.11.6 tarball - Resolves: rhbz#906707 [1:1.6.0.0-1.51.1.11.6] - Updated to icedtea6 1.11.6 - Rewritten java-1.6.0-openjdk-java-access-bridge-security.patch - Resolves: rhbz#906707 | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2013-0245 CVE-2013-0424 CVE-2013-0425 CVE-2013-0426 CVE-2013-0427 CVE-2013-0428 CVE-2013-0429 CVE-2013-0432 CVE-2013-0433 CVE-2013-0434 CVE-2013-0435 CVE-2013-0440 CVE-2013-0441 CVE-2013-0442 CVE-2013-0443 CVE-2013-0445 CVE-2013-0450 CVE-2013-1475 CVE-2013-1476 CVE-2013-1478 CVE-2013-1480 | Version: | 4 |
| Platform(s): | Oracle Linux 6 | Product(s): | java-1.6.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:27748 | |||
| Oval ID: | oval:org.mitre.oval:def:27748 | ||
| Title: | DEPRECATED: ELSA-2010-0162 -- openssl security update (important) | ||
| Description: | [0.9.8e-12.6] - fix CVE-2009-3245 - add missing bn_wexpand return checks (#570924) [0.9.8e-12.5] - fix CVE-2010-0433 - do not pass NULL princ to krb5_kt_get_entry which in the RHEL-5 and newer versions will crash in such case (#569774) [0.9.8e-12.4] - do not disable SSLv2 in the renegotiation patch - SSLv2 does not support renegotiation - allow unsafe renegotiation on clients with SSL_OP_LEGACY_SERVER_CONNECT [0.9.8e-12.3] - mention the RFC5746 in the CVE-2009-3555 doc [0.9.8e-12.2] - fix CVE-2009-3555 - support the safe renegotiation extension and do not allow legacy renegotiation on the server by default (#533125) | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2010-0162 CVE-2010-0433 CVE-2009-3245 CVE-2009-3555 | Version: | 4 |
| Platform(s): | Oracle Linux 5 | Product(s): | openssl |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:27766 | |||
| Oval ID: | oval:org.mitre.oval:def:27766 | ||
| Title: | DEPRECATED: ELSA-2012-0729 -- java-1.6.0-openjdk security update (critical) | ||
| Description: | [1:1.6.0.0-1.48.1.11.3] - Access gnome bridge jar is forced to have 644 permissions - Resolves: rhbz#828751 [1:1.6.0.0-1.47.1.11.3] - Modified patch3, java-1.6.0-openjdk-java-access-bridge-security.patch: - com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils. - packages added also to package.definition - Resolves: rhbz#828751 [1:1.6.0.0-1.46.1.11.3] - Sync with 6.3: - Bump to IcedTea6 1.11.3 - With removed patch8 - java-1.6.0-openjdk-jirafix_2820_2821.patch - Including patch7 - java-1.6.0-openjdk-jstack.patch - Including patch3, java-1.6.0-openjdk-java-access-bridge-security.patch modification - Resolves: rhbz#828751 | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012-0729 CVE-2012-1711 CVE-2012-1713 CVE-2012-1716 CVE-2012-1717 CVE-2012-1718 CVE-2012-1719 CVE-2012-1723 CVE-2012-1724 CVE-2012-1725 | Version: | 4 |
| Platform(s): | Oracle Linux 6 | Product(s): | java-1.6.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:27804 | |||
| Oval ID: | oval:org.mitre.oval:def:27804 | ||
| Title: | DEPRECATED: ELSA-2012-1384 -- java-1.6.0-openjdk security update (critical) | ||
| Description: | [1:1.6.0.0-1.50.1.11.5] - Changed permissions of sa-jdi.jar to correct 644 - Resolves: rhbz#865045 [1:1.6.0.0-1.49.1.11.5] - Updated to IcedTea6 1.11.5 - Resolves rhbz#s 856124, 865346, 865348, 865350, 865352, 865354, 865357, 865359, 865363, 865365, 865370, 865428, 865471, 865434, 865511, 865514, 865519, 865531, 865541, 865568 | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012-1384 CVE-2012-3216 CVE-2012-4416 CVE-2012-5068 CVE-2012-5069 CVE-2012-5071 CVE-2012-5072 CVE-2012-5073 CVE-2012-5075 CVE-2012-5077 CVE-2012-5079 CVE-2012-5081 CVE-2012-5084 CVE-2012-5085 CVE-2012-5086 CVE-2012-5089 | Version: | 4 |
| Platform(s): | Oracle Linux 6 | Product(s): | java-1.6.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:27810 | |||
| Oval ID: | oval:org.mitre.oval:def:27810 | ||
| Title: | DEPRECATED: ELSA-2012-1385 -- java-1.6.0-openjdk security update (important) | ||
| Description: | [1:1.6.0.0-1.28.1.10.10.0.1.el5_8] - Add oracle-enterprise.patch [1:1.6.0.0-1.28.1.10.10] - Updated to IcedTea6 1.10.10 - Resolves rhbz#s 856124, 865346, 865348, 865350, 865352, 865354, 865357, 865359, 865363, 865365, 865370, 865428, 865471, 865434, 865511, 865514, 865519, 865531, 865541, 865568 | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012-1385 CVE-2012-3216 CVE-2012-4416 CVE-2012-5068 CVE-2012-5069 CVE-2012-5071 CVE-2012-5072 CVE-2012-5073 CVE-2012-5075 CVE-2012-5077 CVE-2012-5079 CVE-2012-5081 CVE-2012-5084 CVE-2012-5085 CVE-2012-5086 CVE-2012-5089 | Version: | 4 |
| Platform(s): | Oracle Linux 5 | Product(s): | java-1.6.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:27832 | |||
| Oval ID: | oval:org.mitre.oval:def:27832 | ||
| Title: | DEPRECATED: ELSA-2012-1132 -- icedtea-web security update (important) | ||
| Description: | [1.2.1-1] - Updated to 1.2.1 - Resolves: CVE-2012-3422 - Resolves: CVE-2012-3423 | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012-1132 CVE-2012-3422 CVE-2012-3423 | Version: | 4 |
| Platform(s): | Oracle Linux 6 | Product(s): | icedtea-web |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:27853 | |||
| Oval ID: | oval:org.mitre.oval:def:27853 | ||
| Title: | DEPRECATED: ELSA-2012-1434 -- icedtea-web security update (critical) | ||
| Description: | [1.2.2-1] - Updated to 1.2.2 - Resolves: CVE-2012-4540 | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012-1434 CVE-2012-4540 | Version: | 4 |
| Platform(s): | Oracle Linux 6 | Product(s): | icedtea-web |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:27881 | |||
| Oval ID: | oval:org.mitre.oval:def:27881 | ||
| Title: | DEPRECATED: ELSA-2010-0166 -- gnutls security update (moderate) | ||
| Description: | [1.4.1-3.8] - fix safe renegotiation on SSL3 protocol [1.4.1-3.7] - implement safe renegotiation - CVE-2009-3555 (#533125) - do not allow MD2 in certificate signatures by default - CVE-2009-2409 (#510197) | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2010-0166 CVE-2009-2409 CVE-2009-3555 | Version: | 4 |
| Platform(s): | Oracle Linux 5 | Product(s): | gnutls |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:27917 | |||
| Oval ID: | oval:org.mitre.oval:def:27917 | ||
| Title: | DEPRECATED: ELSA-2011-0856 -- java-1.6.0-openjdk security update (critical) | ||
| Description: | [1.6.0.0-1.39.1.9.8] - Resolves: rhbz#709375 - Bumped to IcedTea6 1.9.8 - Copy fontconfig files to match names for current and next release - RH706250, S6213702, CVE-2011-0872: (so) non-blocking sockets with TCP urgent disabled get still selected for read ops (win) - RH706106, S6618658, CVE-2011-0865: Vulnerability in deserialization - RH706111, S7012520, CVE-2011-0815: Heap overflow vulnerability in FileDialog.show() - RH706139, S7013519, CVE-2011-0822, CVE-2011-0862: Integer overflows in 2D code - RH706153, S7013969, CVE-2011-0867: NetworkInterface.toString can reveal bindings - RH706234, S7013971, CVE-2011-0869: Vulnerability in SAAJ - RH706239, S7016340, CVE-2011-0870: Vulnerability in SAAJ - RH706241, S7016495, CVE-2011-0868: Crash in Java 2D transforming an image with scale close to zero - RH706248, S7020198, CVE-2011-0871: ImageIcon creates Component with null acc - RH706245, S7020373, CVE-2011-0864: JSR rewriting can overflow memory address size variables | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2011-0856 CVE-2011-0862 CVE-2011-0864 CVE-2011-0865 CVE-2011-0867 CVE-2011-0868 CVE-2011-0869 CVE-2011-0871 | Version: | 4 |
| Platform(s): | Oracle Linux 6 | Product(s): | java-1.6.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:28054 | |||
| Oval ID: | oval:org.mitre.oval:def:28054 | ||
| Title: | DEPRECATED: ELSA-2011-0214 -- java-1.6.0-openjdk security update (moderate) | ||
| Description: | [1.6.0.0-1.36.b17] - removed plugin. How it comes in?! - Resolves: rhbz#676295 [1.6.0.0-1.33.b17] - bumped release number, it was accidentaly reduced, and now lower version then last one was released. - Resolves: rhbz#676295 [1.6.0.0-1.22.b17] - Updated to 1.7.9 tarball - removed patch6, fixed upstrream - Resolves: rhbz#676295 | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2011-0214 CVE-2010-4476 | Version: | 4 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | java-1.6.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:28104 | |||
| Oval ID: | oval:org.mitre.oval:def:28104 | ||
| Title: | DEPRECATED: ELSA-2011-1380 -- java-1.6.0-openjdk security update (critical) | ||
| Description: | [1:1.6.0.0-1.40.1.9.10] - Resolves: rhbz#744788 - Bumped to IcedTea6 1.9.8 -removed font copying Security fixes - S7000600, CVE-2011-3547: InputStream skip() information leak - S7019773, CVE-2011-3548: mutable static AWTKeyStroke.ctor - S7023640, CVE-2011-3551: Java2D TransformHelper integer overflow - S7032417, CVE-2011-3552: excessive default UDP socket limit under SecurityManager - S7046823, CVE-2011-3544: missing SecurityManager checks in scripting engine - S7055902, CVE-2011-3521: IIOP deserialization code execution - S7057857, CVE-2011-3554: insufficient pack200 JAR files uncompress error checks - S7064341, CVE-2011-3389: JSSE - S7070134, CVE-2011-3558: Hotspot unspecified issue - S7077466, CVE-2011-3556: RMI DGC server remote code execution - S7083012, CVE-2011-3557: RMI registry privileged code execution - S7096936, CVE-2011-3560: missing checkSetFactory calls in HttpsURLConnection NetX - PR794: javaws does not work if a Web Start app jar has a Class-Path element in the manifest | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2011-1380 CVE-2011-3389 CVE-2011-3521 CVE-2011-3544 CVE-2011-3547 CVE-2011-3548 CVE-2011-3551 CVE-2011-3552 CVE-2011-3553 CVE-2011-3554 CVE-2011-3556 CVE-2011-3557 CVE-2011-3558 CVE-2011-3560 | Version: | 4 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | java-1.6.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:28113 | |||
| Oval ID: | oval:org.mitre.oval:def:28113 | ||
| Title: | DEPRECATED: ELSA-2011-0857 -- java-1.6.0-openjdk security update (important) | ||
| Description: | [1:1.6.0.0-1.22.1.9.8.0.1.el5_6] - Add oracle-enterprise.patch [1:1.6.0.0-1.22.1.9.8] - Resolves: rhbz#668488 - Bumped to IcedTea6 1.9.8 - RH706250, S6213702, CVE-2011-0872: (so) non-blocking sockets with TCP urgent disabled get still selected for read ops (win) - RH706106, S6618658, CVE-2011-0865: Vulnerability in deserialization - RH706111, S7012520, CVE-2011-0815: Heap overflow vulnerability in FileDialog.show() - RH706139, S7013519, CVE-2011-0822, CVE-2011-0862: Integer overflows in 2D code - RH706153, S7013969, CVE-2011-0867: NetworkInterface.toString can reveal bindings - RH706234, S7013971, CVE-2011-0869: Vulnerability in SAAJ - RH706239, S7016340, CVE-2011-0870: Vulnerability in SAAJ - RH706241, S7016495, CVE-2011-0868: Crash in Java 2D transforming an image with scale close to zero - RH706248, S7020198, CVE-2011-0871: ImageIcon creates Component with null acc - RH706245, S7020373, CVE-2011-0864: JSR rewriting can overflow memory address size variables [1:1.6.0.0-1.22.1.9.7] - Resolves bz690289 - Import from RHEL-5_6-Z - Updated to IcedTea6 1.9.7 - Removed all plugin/webstart related commented lines - Modified bz entry format in previous logs to get around cvs ack checking bug | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2011-0857 CVE-2011-0862 CVE-2011-0864 CVE-2011-0865 CVE-2011-0867 CVE-2011-0868 CVE-2011-0869 CVE-2011-0871 | Version: | 4 |
| Platform(s): | Oracle Linux 5 | Product(s): | java-1.6.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:28188 | |||
| Oval ID: | oval:org.mitre.oval:def:28188 | ||
| Title: | DEPRECATED: ELSA-2010-0768 -- java-1.6.0-openjdk security and bug fix update (important) | ||
| Description: | [1.6.0.0-1.16.b17.0.1.el5] - Add oracle-enterprise.patch [1.6.0.0-1.16.b17.el5] - Updated 1.7.5 tarball (contains additional security fixes) - Resolves: bz639951 [1.6.0.0-1.15.b17.el5] - Rebuild - Resolves: bz639951 [1.6.0.0-1.14.b17.el5] - Synched with el6 branch - Updated to IcedTea 1.7.5 - Resolves: bz639951 - Also resolves 619800 and 621303 | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2010-0768 CVE-2010-3541 CVE-2010-3548 CVE-2010-3549 CVE-2010-3551 CVE-2010-3553 CVE-2010-3554 CVE-2010-3557 CVE-2010-3561 CVE-2010-3562 CVE-2010-3564 CVE-2010-3565 CVE-2010-3567 CVE-2010-3568 CVE-2010-3569 CVE-2010-3573 CVE-2010-3574 CVE-2009-3555 | Version: | 4 |
| Platform(s): | Oracle Linux 5 | Product(s): | java-1.6.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:28269 | |||
| Oval ID: | oval:org.mitre.oval:def:28269 | ||
| Title: | DEPRECATED: ELSA-2010-0339 -- java-1.6.0-openjdk security update (important) | ||
| Description: | [1:1.6.0.0-1.11.b16.0.1.el5] - Add oracle-enterprise.patch [1:1.6.0.0-1.11.b16.el5] - Remove javaws alternative due to conflict with java-1.6.0-sun's alternatives [1:1.6.0-1.10.b16] - Update to openjdk build b16 - Update to icedtea6-1.6 - Added tzdata-java requirement - Added autoconf and automake build requirement - Added tzdata-java requirement - Added java-1.6.0-openjdk-gcc-stack-markings.patch - Added java-1.6.0-openjdk-memory-barriers.patch - Added java-1.6.0-openjdk-jar-misc.patch - Added java-1.6.0-openjdk-linux-separate-debuginfo.patch - Added java-1.6.0-openjdk-securitypatches-20100323.patch - Added STRIP_KEEP_SYMTAB=libjvm* to install section, fix bz530402 - Resolves: rhbz#576124 [1:1.6.0-1.8.b09] - Added java-1.6.0-openjdk-debuginfo.patch - Added java-1.6.0-openjdk-elf-debuginfo.patch | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2010-0339 CVE-2010-0082 CVE-2010-0084 CVE-2010-0085 CVE-2010-0088 CVE-2010-0091 CVE-2010-0092 CVE-2010-0093 CVE-2010-0094 CVE-2010-0095 CVE-2010-0837 CVE-2010-0838 CVE-2010-0840 CVE-2010-0845 CVE-2010-0847 CVE-2010-0848 CVE-2009-3555 | Version: | 4 |
| Platform(s): | Oracle Linux 5 | Product(s): | java-1.6.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:29317 | |||
| Oval ID: | oval:org.mitre.oval:def:29317 | ||
| Title: | RHSA-2009:1579 -- httpd security update (Moderate) | ||
| Description: | Updated httpd packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server. A flaw was found in the way the TLS/SSL (Transport Layer Security/Secure Sockets Layer) protocols handle session renegotiation. A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client's session (for example, an HTTPS connection to a website). This could force the server to process an attacker's request as if authenticated using the victim's credentials. This update partially mitigates this flaw for SSL sessions to HTTP servers using mod_ssl by rejecting client-requested renegotiation. (CVE-2009-3555) | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2009:1579 CESA-2009:1579-CentOS 3 CESA-2009:1579-CentOS 5 CVE-2009-3094 CVE-2009-3095 CVE-2009-3555 | Version: | 3 |
| Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 3 CentOS Linux 3 CentOS Linux 5 | Product(s): | httpd |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:7315 | |||
| Oval ID: | oval:org.mitre.oval:def:7315 | ||
| Title: | TLS/SSL Renegotiation Vulnerability | ||
| Description: | The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-3555 | Version: | 23 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:7478 | |||
| Oval ID: | oval:org.mitre.oval:def:7478 | ||
| Title: | VMware ESX, Service Console update for OpenSSL, GnuTLS, NSS and NSPR. | ||
| Description: | The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-3555 | Version: | 5 |
| Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:7973 | |||
| Oval ID: | oval:org.mitre.oval:def:7973 | ||
| Title: | Security Vulnerability in the Transport Layer Security (TLS) and Secure Sockets Layer 3.0 (SSLv3) Protocols Involving Handshake Renegotiation Affects Applications Utilizing Network Security Services (NSS) | ||
| Description: | The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-3555 | Version: | 1 |
| Platform(s): | Sun Solaris 8 Sun Solaris 9 Sun Solaris 10 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:8201 | |||
| Oval ID: | oval:org.mitre.oval:def:8201 | ||
| Title: | DSA-1934 apache2 -- multiple issues | ||
| Description: | A design flaw has been found in the TLS and SSL protocol that allows an attacker to inject arbitrary content at the beginning of a TLS/SSL connection. The attack is related to the way how TLS and SSL handle session renegotiations. CVE-2009-3555 has been assigned to this vulnerability. As a partial mitigation against this attack, this apache2 update disables client-initiated renegotiations. This should fix the vulnerability for the majority of Apache configurations in use. NOTE: This is not a complete fix for the problem. The attack is still possible in configurations where the server initiates the renegotiation. This is the case for the following configurations (the information in the changelog of the updated packages is slightly inaccurate): As a workaround, you may rearrange your configuration in a way that SSLVerifyClient and SSLCipherSuite are only used on the server or virtual host level. A complete fix for the problem will require a protocol change. Further information will be included in a separate announcement about this issue. In addition, this update fixes the following issues in Apache's mod_proxy_ftp: Insufficient input validation in the mod_proxy_ftp module allowed remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command. Insufficient input validation in the mod_proxy_ftp module allowed remote authenticated attackers to bypass intended access restrictions and send arbitrary FTP commands to an FTP server. The oldstable distribution (etch), these problems have been fixed in version 2.2.3-4+etch11. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1934 CVE-2009-3094 CVE-2009-3095 CVE-2009-3555 | Version: | 3 |
| Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 4.0 | Product(s): | apache2 |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
SAINT Exploits
| Description | Link |
|---|---|
| Java MBeanInstantiator findClass and Introspector Sandbox Escape | More info here |
| Java JAX-WS gmbal package sandbox breach | More info here |
| Java JAX-WS statistics.impl package sandbox breach | More info here |
| Oracle Java java.awt.image.ByteComponentRaster Overflow | More info here |
| Java Runtime Environment DriverManager doPrivileged block sandbox bypass | More info here |
| Oracle Java Runtime Hotspot Bytecode Verifier Type Confusion | More info here |
| Oracle Java Runtime Environment AWT storeImageArray Vulnerability | More info here |
| Oracle Java Rhino Script Engine Code Execution | More info here |
| Java Runtime Environment Hotspot final field vulnerability | More info here |
| Java Runtime Environment java.awt.image.IntegerComponentRaster buffer overflow | More info here |
| Java Runtime Environment Color Management memory overwrite | More info here |
| Oracle Java Serviceability Subcomponent ProviderSkeleton Class Vulnerability | More info here |
ExploitDB Exploits
| id | Description |
|---|---|
| 2013-09-03 | Oracle Java lookUpByteBI - Heap Buffer Overflow |
| 2013-08-19 | Java storeImageArray() Invalid Array Indexing Vulnerability |
| 2013-07-01 | Java Applet ProviderSkeleton Insecure Invoke Method |
| 2013-06-11 | Java Applet Driver Manager Privileged toString() Remote Code Execution |
| 2013-04-18 | Java Web Start Launcher ActiveX Control - Memory Corruption |
| 2013-03-29 | Java CMM Remote Code Execution |
| 2013-02-25 | Java Applet JMX Remote Code Execution |
| 2013-01-24 | Java Applet AverageRangeStatisticImpl Remote Code Execution |
| 2012-11-13 | Java Applet JAX-WS Remote Code Execution |
| 2012-07-11 | Java Applet Field Bytecode Verifier Cache Remote Code Execution |
| 2012-01-03 | PHP Hash Table Collision Proof Of Concept |
| 2011-11-30 | Java Applet Rhino Script Engine Remote Code Execution |
| 2009-12-21 | TLS Renegotiation Vulnerability PoC Exploit |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2012-12-13 | Name : SuSE Update for java-1_6_0-openjdk openSUSE-SU-2012:0828-1 (java-1_6_0-openjdk) File : nvt/gb_suse_2012_0828_1.nasl |
| 2012-12-13 | Name : SuSE Update for icedtea-web openSUSE-SU-2012:0981-1 (icedtea-web) File : nvt/gb_suse_2012_0981_1.nasl |
| 2012-12-13 | Name : SuSE Update for update openSUSE-SU-2012:0982-1 (update) File : nvt/gb_suse_2012_0982_1.nasl |
| 2012-12-13 | Name : SuSE Update for java-1_6_0-openjdk openSUSE-SU-2012:1175-1 (java-1_6_0-openjdk) File : nvt/gb_suse_2012_1175_1.nasl |
| 2012-12-13 | Name : SuSE Update for java-1_6_0-openjdk openSUSE-SU-2012:1423-1 (java-1_6_0-openjdk) File : nvt/gb_suse_2012_1423_1.nasl |
| 2012-12-13 | Name : SuSE Update for java-1_6_0-openjdk openSUSE-SU-2012:1424-1 (java-1_6_0-openjdk) File : nvt/gb_suse_2012_1424_1.nasl |
| 2012-11-15 | Name : Fedora Update for icedtea-web FEDORA-2012-17745 File : nvt/gb_fedora_2012_17745_icedtea-web_fc16.nasl |
| 2012-11-15 | Name : Fedora Update for icedtea-web FEDORA-2012-17762 File : nvt/gb_fedora_2012_17762_icedtea-web_fc17.nasl |
| 2012-11-09 | Name : CentOS Update for icedtea-web CESA-2012:1434 centos6 File : nvt/gb_CESA-2012_1434_icedtea-web_centos6.nasl |
| 2012-11-09 | Name : RedHat Update for icedtea-web RHSA-2012:1434-01 File : nvt/gb_RHSA-2012_1434-01_icedtea-web.nasl |
| 2012-11-09 | Name : Ubuntu Update for icedtea-web USN-1625-1 File : nvt/gb_ubuntu_USN_1625_1.nasl |
| 2012-11-02 | Name : Mandriva Update for java-1.6.0-openjdk MDVSA-2012:169 (java-1.6.0-openjdk) File : nvt/gb_mandriva_MDVSA_2012_169.nasl |
| 2012-10-29 | Name : Ubuntu Update for openjdk-7 USN-1619-1 File : nvt/gb_ubuntu_USN_1619_1.nasl |
| 2012-10-19 | Name : CentOS Update for java CESA-2012:1384 centos6 File : nvt/gb_CESA-2012_1384_java_centos6.nasl |
| 2012-10-19 | Name : CentOS Update for java CESA-2012:1385 centos5 File : nvt/gb_CESA-2012_1385_java_centos5.nasl |
| 2012-10-19 | Name : CentOS Update for java CESA-2012:1386 centos6 File : nvt/gb_CESA-2012_1386_java_centos6.nasl |
| 2012-10-19 | Name : RedHat Update for java-1.6.0-openjdk RHSA-2012:1384-01 File : nvt/gb_RHSA-2012_1384-01_java-1.6.0-openjdk.nasl |
| 2012-10-19 | Name : RedHat Update for java-1.6.0-openjdk RHSA-2012:1385-01 File : nvt/gb_RHSA-2012_1385-01_java-1.6.0-openjdk.nasl |
| 2012-10-19 | Name : RedHat Update for java-1.7.0-openjdk RHSA-2012:1386-01 File : nvt/gb_RHSA-2012_1386-01_java-1.7.0-openjdk.nasl |
| 2012-10-19 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2012-16351 File : nvt/gb_fedora_2012_16351_java-1.6.0-openjdk_fc16.nasl |
| 2012-10-19 | Name : Fedora Update for java-1.7.0-openjdk FEDORA-2012-16351 File : nvt/gb_fedora_2012_16351_java-1.7.0-openjdk_fc16.nasl |
| 2012-10-19 | Name : Oracle Java SE JRE Multiple Unspecified Vulnerabilities-01 Oct (Windows) File : nvt/gb_oracle_java_se_mult_vuln01_oct12_win.nasl |
| 2012-10-19 | Name : Oracle Java SE JRE Multiple Unspecified Vulnerabilities-02 oct12 (Windows) File : nvt/gb_oracle_java_se_mult_vuln02_oct12_win.nasl |
| 2012-10-19 | Name : Oracle Java SE JRE Multiple Unspecified Vulnerabilities-03 oct12 (Windows) File : nvt/gb_oracle_java_se_mult_vuln03_oct12_win.nasl |
| 2012-10-19 | Name : Oracle Java SE JRE Multiple Unspecified Vulnerabilities-04 oct12 (Windows) File : nvt/gb_oracle_java_se_mult_vuln04_oct12_win.nasl |
| 2012-10-09 | Name : Mandriva Update for java-1.6.0-openjdk MDVSA-2012:150-1 (java-1.6.0-openjdk) File : nvt/gb_mandriva_MDVSA_2012_150_1.nasl |
| 2012-09-25 | Name : Mac OS X v10.6.8 Multiple Vulnerabilities (2012-004) File : nvt/gb_macosx_su12-004.nasl |
| 2012-09-22 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2012-13127 File : nvt/gb_fedora_2012_13127_java-1.6.0-openjdk_fc16.nasl |
| 2012-09-22 | Name : Fedora Update for icedtea-web FEDORA-2012-14316 File : nvt/gb_fedora_2012_14316_icedtea-web_fc17.nasl |
| 2012-09-22 | Name : Fedora Update for icedtea-web FEDORA-2012-14340 File : nvt/gb_fedora_2012_14340_icedtea-web_fc16.nasl |
| 2012-09-21 | Name : Java for Mac OS X 10.6 Update 10 File : nvt/gb_macosx_java_10_6_upd_10.nasl |
| 2012-09-06 | Name : Ubuntu Update for icedtea-web USN-1505-2 File : nvt/gb_ubuntu_USN_1505_2.nasl |
| 2012-09-04 | Name : CentOS Update for java CESA-2012:1221 centos6 File : nvt/gb_CESA-2012_1221_java_centos6.nasl |
| 2012-09-04 | Name : CentOS Update for java CESA-2012:1222 centos5 File : nvt/gb_CESA-2012_1222_java_centos5.nasl |
| 2012-09-04 | Name : CentOS Update for java CESA-2012:1223 centos6 File : nvt/gb_CESA-2012_1223_java_centos6.nasl |
| 2012-09-04 | Name : RedHat Update for java-1.6.0-openjdk RHSA-2012:1221-01 File : nvt/gb_RHSA-2012_1221-01_java-1.6.0-openjdk.nasl |
| 2012-09-04 | Name : RedHat Update for java-1.6.0-openjdk RHSA-2012:1222-01 File : nvt/gb_RHSA-2012_1222-01_java-1.6.0-openjdk.nasl |
| 2012-09-04 | Name : RedHat Update for java-1.7.0-openjdk RHSA-2012:1223-01 File : nvt/gb_RHSA-2012_1223-01_java-1.7.0-openjdk.nasl |
| 2012-09-04 | Name : Fedora Update for java-1.7.0-openjdk FEDORA-2012-13138 File : nvt/gb_fedora_2012_13138_java-1.7.0-openjdk_fc16.nasl |
| 2012-09-04 | Name : Mandriva Update for fetchmail MDVSA-2012:149 (fetchmail) File : nvt/gb_mandriva_MDVSA_2012_149.nasl |
| 2012-09-04 | Name : Ubuntu Update for openjdk-6 USN-1553-1 File : nvt/gb_ubuntu_USN_1553_1.nasl |
| 2012-09-03 | Name : Oracle Java SE JRE AWT Component Unspecified Vulnerability - (Windows) File : nvt/gb_oracle_java_se_jre_awt_comp_unspecified_vuln_win.nasl |
| 2012-08-30 | Name : FreeBSD Ports: fetchmail File : nvt/freebsd_fetchmail16.nasl |
| 2012-08-30 | Name : FreeBSD Ports: icedtea-web File : nvt/freebsd_icedtea-web.nasl |
| 2012-08-30 | Name : Fedora Update for java-1.7.0-openjdk FEDORA-2012-2595 File : nvt/gb_fedora_2012_2595_java-1.7.0-openjdk_fc17.nasl |
| 2012-08-30 | Name : Fedora Update for python3 FEDORA-2012-5785 File : nvt/gb_fedora_2012_5785_python3_fc17.nasl |
| 2012-08-30 | Name : Fedora Update for python-docs FEDORA-2012-5892 File : nvt/gb_fedora_2012_5892_python-docs_fc17.nasl |
| 2012-08-30 | Name : Fedora Update for python FEDORA-2012-5892 File : nvt/gb_fedora_2012_5892_python_fc17.nasl |
| 2012-08-30 | Name : Fedora Update for java-1.7.0-openjdk FEDORA-2012-9590 File : nvt/gb_fedora_2012_9590_java-1.7.0-openjdk_fc17.nasl |
| 2012-08-23 | Name : Oracle Java SE Java Runtime Environment Multiple Unspecified Vulnerabilities(... File : nvt/gb_oracle_java_se_mult_unspecified_vuln02_aug12_win.nasl |
| 2012-08-22 | Name : Oracle Java SE Java Runtime Environment Multiple Unspecified Vulnerabilities(... File : nvt/gb_oracle_java_se_mult_unspecified_vuln01_aug12_win.nasl |
| 2012-08-22 | Name : Oracle Java SE Java Runtime Environment Multiple Unspecified Vulnerabilities ... File : nvt/gb_oracle_java_se_mult_unspecified_vuln_aug12_win.nasl |
| 2012-08-22 | Name : Oracle Java SE Java Runtime Environment Unspecified Vulnerability - (Windows) File : nvt/gb_oracle_java_se_unspecified_vuln_win.nasl |
| 2012-08-10 | Name : Debian Security Advisory DSA 2507-1 (openjdk-6) File : nvt/deb_2507_1.nasl |
| 2012-08-10 | Name : Gentoo Security Advisory GLSA 201206-18 (GnuTLS) File : nvt/glsa_201206_18.nasl |
| 2012-08-03 | Name : CentOS Update for icedtea-web CESA-2012:1132 centos6 File : nvt/gb_CESA-2012_1132_icedtea-web_centos6.nasl |
| 2012-08-03 | Name : RedHat Update for icedtea-web RHSA-2012:1132-01 File : nvt/gb_RHSA-2012_1132-01_icedtea-web.nasl |
| 2012-08-03 | Name : Mandriva Update for curl MDVSA-2012:058 (curl) File : nvt/gb_mandriva_MDVSA_2012_058.nasl |
| 2012-08-03 | Name : Mandriva Update for java-1.6.0-openjdk MDVSA-2012:095 (java-1.6.0-openjdk) File : nvt/gb_mandriva_MDVSA_2012_095.nasl |
| 2012-08-03 | Name : Mandriva Update for icedtea-web MDVSA-2012:122 (icedtea-web) File : nvt/gb_mandriva_MDVSA_2012_122.nasl |
| 2012-08-03 | Name : Ubuntu Update for icedtea-web USN-1521-1 File : nvt/gb_ubuntu_USN_1521_1.nasl |
| 2012-08-02 | Name : SuSE Update for java-1_6_0-openjdk openSUSE-SU-2012:0309-1 (java-1_6_0-openjdk) File : nvt/gb_suse_2012_0309_1.nasl |
| 2012-07-30 | Name : CentOS Update for java CESA-2011:0176 centos5 x86_64 File : nvt/gb_CESA-2011_0176_java_centos5_x86_64.nasl |
| 2012-07-30 | Name : CentOS Update for java CESA-2011:0214 centos5 x86_64 File : nvt/gb_CESA-2011_0214_java_centos5_x86_64.nasl |
| 2012-07-30 | Name : CentOS Update for java CESA-2011:0281 centos5 x86_64 File : nvt/gb_CESA-2011_0281_java_centos5_x86_64.nasl |
| 2012-07-30 | Name : CentOS Update for tomcat5 CESA-2011:0336 centos5 x86_64 File : nvt/gb_CESA-2011_0336_tomcat5_centos5_x86_64.nasl |
| 2012-07-30 | Name : CentOS Update for java CESA-2011:0857 centos5 x86_64 File : nvt/gb_CESA-2011_0857_java_centos5_x86_64.nasl |
| 2012-07-30 | Name : CentOS Update for java CESA-2011:1380 centos5 x86_64 File : nvt/gb_CESA-2011_1380_java_centos5_x86_64.nasl |
| 2012-07-30 | Name : CentOS Update for java CESA-2012:0135 centos6 File : nvt/gb_CESA-2012_0135_java_centos6.nasl |
| 2012-07-30 | Name : CentOS Update for java CESA-2012:0729 centos6 File : nvt/gb_CESA-2012_0729_java_centos6.nasl |
| 2012-07-30 | Name : CentOS Update for java CESA-2012:0730 centos5 File : nvt/gb_CESA-2012_0730_java_centos5.nasl |
| 2012-07-30 | Name : CentOS Update for java CESA-2012:1009 centos6 File : nvt/gb_CESA-2012_1009_java_centos6.nasl |
| 2012-07-30 | Name : CentOS Update for firefox CESA-2012:1088 centos5 File : nvt/gb_CESA-2012_1088_firefox_centos5.nasl |
| 2012-07-30 | Name : CentOS Update for firefox CESA-2012:1088 centos6 File : nvt/gb_CESA-2012_1088_firefox_centos6.nasl |
| 2012-07-30 | Name : CentOS Update for thunderbird CESA-2012:1089 centos5 File : nvt/gb_CESA-2012_1089_thunderbird_centos5.nasl |
| 2012-07-30 | Name : CentOS Update for thunderbird CESA-2012:1089 centos6 File : nvt/gb_CESA-2012_1089_thunderbird_centos6.nasl |
| 2012-07-19 | Name : RedHat Update for firefox RHSA-2012:1088-01 File : nvt/gb_RHSA-2012_1088-01_firefox.nasl |
| 2012-07-19 | Name : RedHat Update for thunderbird RHSA-2012:1089-01 File : nvt/gb_RHSA-2012_1089-01_thunderbird.nasl |
| 2012-07-16 | Name : Ubuntu Update for openjdk-6 USN-1505-1 File : nvt/gb_ubuntu_USN_1505_1.nasl |
| 2012-07-09 | Name : RedHat Update for java-1.6.0-openjdk RHSA-2012:0135-01 File : nvt/gb_RHSA-2012_0135-01_java-1.6.0-openjdk.nasl |
| 2012-06-22 | Name : RedHat Update for java-1.7.0-openjdk RHSA-2012:1009-01 File : nvt/gb_RHSA-2012_1009-01_java-1.7.0-openjdk.nasl |
| 2012-06-22 | Name : Fedora Update for python3 FEDORA-2012-9135 File : nvt/gb_fedora_2012_9135_python3_fc16.nasl |
| 2012-06-22 | Name : Mandriva Update for python MDVSA-2012:096 (python) File : nvt/gb_mandriva_MDVSA_2012_096.nasl |
| 2012-06-22 | Name : Mandriva Update for python MDVSA-2012:097 (python) File : nvt/gb_mandriva_MDVSA_2012_097.nasl |
| 2012-06-19 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2012-9541 File : nvt/gb_fedora_2012_9541_java-1.6.0-openjdk_fc15.nasl |
| 2012-06-19 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2012-9545 File : nvt/gb_fedora_2012_9545_java-1.6.0-openjdk_fc16.nasl |
| 2012-06-19 | Name : Fedora Update for java-1.7.0-openjdk FEDORA-2012-9593 File : nvt/gb_fedora_2012_9593_java-1.7.0-openjdk_fc16.nasl |
| 2012-06-15 | Name : RedHat Update for java-1.6.0-openjdk RHSA-2012:0729-01 File : nvt/gb_RHSA-2012_0729-01_java-1.6.0-openjdk.nasl |
| 2012-06-15 | Name : RedHat Update for java-1.6.0-openjdk RHSA-2012:0730-01 File : nvt/gb_RHSA-2012_0730-01_java-1.6.0-openjdk.nasl |
| 2012-06-06 | Name : RedHat Update for tomcat6 RHSA-2011:0335-01 File : nvt/gb_RHSA-2011_0335-01_tomcat6.nasl |
| 2012-06-06 | Name : RedHat Update for java-1.6.0-openjdk RHSA-2011:0856-01 File : nvt/gb_RHSA-2011_0856-01_java-1.6.0-openjdk.nasl |
| 2012-05-18 | Name : Mac OS X Multiple Vulnerabilities (2012-002) File : nvt/gb_macosx_su12-002.nasl |
| 2012-05-08 | Name : Fedora Update for python-docs FEDORA-2012-5924 File : nvt/gb_fedora_2012_5924_python-docs_fc16.nasl |
| 2012-05-08 | Name : Fedora Update for python FEDORA-2012-5924 File : nvt/gb_fedora_2012_5924_python_fc16.nasl |
| 2012-05-04 | Name : Fedora Update for python3 FEDORA-2012-5916 File : nvt/gb_fedora_2012_5916_python3_fc15.nasl |
| 2012-04-30 | Name : Debian Security Advisory DSA 2398-2 (curl) File : nvt/deb_2398_2.nasl |
| 2012-04-30 | Name : Gentoo Security Advisory GLSA 201203-22 (nginx) File : nvt/glsa_201203_22.nasl |
| 2012-04-09 | Name : Java Runtime Environment Multiple Vulnerabilities (MAC OS X) File : nvt/gb_jre_mult_vuln_macosx.nasl |
| 2012-04-06 | Name : Opera Extended Validation Information Disclosure Vulnerabilities (Linux) File : nvt/gb_opera_extented_validation_info_disc_vuln_lin.nasl |
| 2012-04-02 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2011-15020 File : nvt/gb_fedora_2011_15020_java-1.6.0-openjdk_fc16.nasl |
| 2012-04-02 | Name : Fedora Update for firefox FEDORA-2011-17400 File : nvt/gb_fedora_2011_17400_firefox_fc16.nasl |
| 2012-04-02 | Name : Fedora Update for nss-softokn FEDORA-2011-17400 File : nvt/gb_fedora_2011_17400_nss-softokn_fc16.nasl |
| 2012-04-02 | Name : Fedora Update for nss-util FEDORA-2011-17400 File : nvt/gb_fedora_2011_17400_nss-util_fc16.nasl |
| 2012-04-02 | Name : Fedora Update for thunderbird-lightning FEDORA-2011-17400 File : nvt/gb_fedora_2011_17400_thunderbird-lightning_fc16.nasl |
| 2012-04-02 | Name : Fedora Update for thunderbird FEDORA-2011-17400 File : nvt/gb_fedora_2011_17400_thunderbird_fc16.nasl |
| 2012-04-02 | Name : Fedora Update for xulrunner FEDORA-2011-17400 File : nvt/gb_fedora_2011_17400_xulrunner_fc16.nasl |
| 2012-04-02 | Name : Fedora Update for java-1.7.0-openjdk FEDORA-2012-1690 File : nvt/gb_fedora_2012_1690_java-1.7.0-openjdk_fc16.nasl |
| 2012-04-02 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2012-1711 File : nvt/gb_fedora_2012_1711_java-1.6.0-openjdk_fc16.nasl |
| 2012-03-19 | Name : Fedora Update for java-1.7.0-openjdk FEDORA-2011-15555 File : nvt/gb_fedora_2011_15555_java-1.7.0-openjdk_fc16.nasl |
| 2012-03-19 | Name : Fedora Update for nss FEDORA-2011-17400 File : nvt/gb_fedora_2011_17400_nss_fc16.nasl |
| 2012-03-16 | Name : VMSA-2011-0003.2 Third party component updates for VMware vCenter Server, vCe... File : nvt/gb_VMSA-2011-0003.nasl |
| 2012-03-15 | Name : VMSA-2011-0013.2 VMware third party component updates for VMware vCenter Serv... File : nvt/gb_VMSA-2011-0013.nasl |
| 2012-03-12 | Name : Debian Security Advisory DSA 2420-1 (openjdk-6) File : nvt/deb_2420_1.nasl |
| 2012-03-12 | Name : Gentoo Security Advisory GLSA 201203-02 (cURL) File : nvt/glsa_201203_02.nasl |
| 2012-03-09 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2012-1721 File : nvt/gb_fedora_2012_1721_java-1.6.0-openjdk_fc15.nasl |
| 2012-03-09 | Name : Ubuntu Update for openjdk-6 USN-1373-1 File : nvt/gb_ubuntu_USN_1373_1.nasl |
| 2012-03-07 | Name : Ubuntu Update for openjdk-6b18 USN-1373-2 File : nvt/gb_ubuntu_USN_1373_2.nasl |
| 2012-02-27 | Name : RedHat Update for java-1.6.0-openjdk RHSA-2012:0322-01 File : nvt/gb_RHSA-2012_0322-01_java-1.6.0-openjdk.nasl |
| 2012-02-21 | Name : Mandriva Update for java-1.6.0-openjdk MDVSA-2012:021 (java-1.6.0-openjdk) File : nvt/gb_mandriva_MDVSA_2012_021.nasl |
| 2012-02-21 | Name : Oracle Java SE JDK Multiple Vulnerabilities - February 2012 (Windows - 01) File : nvt/gb_oracle_java_se_jdk_mult_vuln_feb12_win_01.nasl |
| 2012-02-21 | Name : Oracle Java SE JDK Multiple Vulnerabilities - February 2012 (Windows - 02) File : nvt/gb_oracle_java_se_jdk_mult_vuln_feb12_win_02.nasl |
| 2012-02-21 | Name : Oracle Java SE JDK Multiple Vulnerabilities - February 2012 (Windows - 03) File : nvt/gb_oracle_java_se_jdk_mult_vuln_feb12_win_03.nasl |
| 2012-02-21 | Name : Oracle Java SE JRE Multiple Vulnerabilities - February 2012 (Windows - 01) File : nvt/gb_oracle_java_se_mult_vuln_feb12_win_01.nasl |
| 2012-02-21 | Name : Oracle Java SE JRE Multiple Vulnerabilities - February 2012 (Windows - 02) File : nvt/gb_oracle_java_se_mult_vuln_feb12_win_02.nasl |
| 2012-02-21 | Name : Oracle Java SE JRE Multiple Vulnerabilities - February 2012 (Windows - 03) File : nvt/gb_oracle_java_se_mult_vuln_feb12_win_03.nasl |
| 2012-02-12 | Name : Debian Security Advisory DSA 2398-1 (curl) File : nvt/deb_2398_1.nasl |
| 2012-02-12 | Name : Gentoo Security Advisory GLSA 201110-05 (gnutls) File : nvt/glsa_201110_05.nasl |
| 2012-02-12 | Name : Gentoo Security Advisory GLSA 201111-02 (sun-jre-bin sun-jdk emul-linux-x86-j... File : nvt/glsa_201111_02.nasl |
| 2012-02-11 | Name : Debian Security Advisory DSA 2356-1 (openjdk-6) File : nvt/deb_2356_1.nasl |
| 2012-02-11 | Name : Debian Security Advisory DSA 2358-1 (openjdk-6) File : nvt/deb_2358_1.nasl |
| 2012-02-11 | Name : Debian Security Advisory DSA 2368-1 (lighttpd) File : nvt/deb_2368_1.nasl |
| 2012-02-06 | Name : Mac OS X Multiple Vulnerabilities (2012-001) File : nvt/gb_macosx_su12-001.nasl |
| 2012-01-25 | Name : Ubuntu Update for openjdk-6 USN-1263-2 File : nvt/gb_ubuntu_USN_1263_2.nasl |
| 2012-01-23 | Name : Fedora Update for firefox FEDORA-2011-17399 File : nvt/gb_fedora_2011_17399_firefox_fc15.nasl |
| 2012-01-23 | Name : Fedora Update for gnome-python2-extras FEDORA-2011-17399 File : nvt/gb_fedora_2011_17399_gnome-python2-extras_fc15.nasl |
| 2012-01-23 | Name : Fedora Update for nspr FEDORA-2011-17399 File : nvt/gb_fedora_2011_17399_nspr_fc15.nasl |
| 2012-01-23 | Name : Fedora Update for nss-softokn FEDORA-2011-17399 File : nvt/gb_fedora_2011_17399_nss-softokn_fc15.nasl |
| 2012-01-23 | Name : Fedora Update for nss-util FEDORA-2011-17399 File : nvt/gb_fedora_2011_17399_nss-util_fc15.nasl |
| 2012-01-23 | Name : Fedora Update for nss FEDORA-2011-17399 File : nvt/gb_fedora_2011_17399_nss_fc15.nasl |
| 2012-01-23 | Name : Fedora Update for perl-Gtk2-MozEmbed FEDORA-2011-17399 File : nvt/gb_fedora_2011_17399_perl-Gtk2-MozEmbed_fc15.nasl |
| 2012-01-23 | Name : Fedora Update for thunderbird-lightning FEDORA-2011-17399 File : nvt/gb_fedora_2011_17399_thunderbird-lightning_fc15.nasl |
| 2012-01-23 | Name : Fedora Update for thunderbird FEDORA-2011-17399 File : nvt/gb_fedora_2011_17399_thunderbird_fc15.nasl |
| 2012-01-23 | Name : Fedora Update for xulrunner FEDORA-2011-17399 File : nvt/gb_fedora_2011_17399_xulrunner_fc15.nasl |
| 2012-01-11 | Name : Microsoft Windows SSL/TLS Information Disclosure Vulnerability (2643584) File : nvt/secpod_ms12-006.nasl |
| 2012-01-05 | Name : Oracle GlassFish Server Hash Collision Denial of Service Vulnerability File : nvt/gb_glassfish_hash_collision_dos_vuln.nasl |
| 2011-11-18 | Name : Ubuntu Update for icedtea-web USN-1263-1 File : nvt/gb_ubuntu_USN_1263_1.nasl |
| 2011-11-15 | Name : Oracle Java SE Multiple Vulnerabilities - October 2011 (Windows01) File : nvt/gb_oracle_java_se_mult_vuln_oct11_win_01.nasl |
| 2011-11-15 | Name : Oracle Java SE Multiple Vulnerabilities - October 2011 (Windows02) File : nvt/gb_oracle_java_se_mult_vuln_oct11_win_02.nasl |
| 2011-11-15 | Name : Oracle Java SE Multiple Vulnerabilities - October 2011 (Windows04) File : nvt/gb_oracle_java_se_mult_vuln_oct11_win_04.nasl |
| 2011-11-14 | Name : Mandriva Update for java-1.6.0-openjdk MDVSA-2011:170 (java-1.6.0-openjdk) File : nvt/gb_mandriva_MDVSA_2011_170.nasl |
| 2011-10-21 | Name : CentOS Update for java CESA-2011:1380 centos5 i386 File : nvt/gb_CESA-2011_1380_java_centos5_i386.nasl |
| 2011-10-21 | Name : RedHat Update for java-1.6.0-openjdk RHSA-2011:1380-01 File : nvt/gb_RHSA-2011_1380-01_java-1.6.0-openjdk.nasl |
| 2011-10-21 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2011-14638 File : nvt/gb_fedora_2011_14638_java-1.6.0-openjdk_fc14.nasl |
| 2011-10-21 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2011-14648 File : nvt/gb_fedora_2011_14648_java-1.6.0-openjdk_fc15.nasl |
| 2011-10-16 | Name : Debian Security Advisory DSA 2311-1 (openjdk-6) File : nvt/deb_2311_1.nasl |
| 2011-09-09 | Name : Opera Extended Validation Information Disclosure Vulnerabilities (Mac OS X) File : nvt/gb_opera_extented_validation_info_disc_vuln_macosx.nasl |
| 2011-09-09 | Name : Opera Extended Validation Information Disclosure Vulnerabilities (Windows) File : nvt/gb_opera_extented_validation_info_disc_vuln_win.nasl |
| 2011-08-29 | Name : Java for Mac OS X 10.5 Update 9 File : nvt/secpod_macosx_java_10_5_upd_9.nasl |
| 2011-08-29 | Name : Java for Mac OS X 10.6 Update 4 File : nvt/secpod_macosx_java_10_6_upd_4.nasl |
| 2011-08-26 | Name : Java for Mac OS X 10.5 Update 10 File : nvt/secpod_macosx_java_10_5_upd_10.nasl |
| 2011-08-26 | Name : Java for Mac OS X 10.6 Update 5 File : nvt/secpod_macosx_java_10_6_upd_5.nasl |
| 2011-08-18 | Name : Mandriva Update for java-1.6.0-openjdk MDVSA-2011:126 (java-1.6.0-openjdk) File : nvt/gb_mandriva_MDVSA_2011_126.nasl |
| 2011-08-12 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2011-9523 File : nvt/gb_fedora_2011_9523_java-1.6.0-openjdk_fc14.nasl |
| 2011-08-09 | Name : CentOS Update for httpd CESA-2009:1579 centos3 i386 File : nvt/gb_CESA-2009_1579_httpd_centos3_i386.nasl |
| 2011-08-09 | Name : CentOS Update for httpd CESA-2009:1579 centos5 i386 File : nvt/gb_CESA-2009_1579_httpd_centos5_i386.nasl |
| 2011-08-09 | Name : CentOS Update for httpd CESA-2009:1580 centos4 i386 File : nvt/gb_CESA-2009_1580_httpd_centos4_i386.nasl |
| 2011-08-09 | Name : CentOS Update for openssl CESA-2010:0162 centos5 i386 File : nvt/gb_CESA-2010_0162_openssl_centos5_i386.nasl |
| 2011-08-09 | Name : CentOS Update for openssl097a CESA-2010:0164 centos5 i386 File : nvt/gb_CESA-2010_0164_openssl097a_centos5_i386.nasl |
| 2011-08-09 | Name : CentOS Update for nspr CESA-2010:0165 centos5 i386 File : nvt/gb_CESA-2010_0165_nspr_centos5_i386.nasl |
| 2011-08-09 | Name : CentOS Update for gnutls CESA-2010:0166 centos5 i386 File : nvt/gb_CESA-2010_0166_gnutls_centos5_i386.nasl |
| 2011-08-09 | Name : CentOS Update for java CESA-2010:0339 centos5 i386 File : nvt/gb_CESA-2010_0339_java_centos5_i386.nasl |
| 2011-08-09 | Name : CentOS Update for java CESA-2010:0768 centos5 i386 File : nvt/gb_CESA-2010_0768_java_centos5_i386.nasl |
| 2011-08-09 | Name : CentOS Update for java CESA-2011:0176 centos5 i386 File : nvt/gb_CESA-2011_0176_java_centos5_i386.nasl |
| 2011-08-09 | Name : CentOS Update for java CESA-2011:0214 centos5 i386 File : nvt/gb_CESA-2011_0214_java_centos5_i386.nasl |
| 2011-08-09 | Name : CentOS Update for java CESA-2011:0281 centos5 i386 File : nvt/gb_CESA-2011_0281_java_centos5_i386.nasl |
| 2011-08-09 | Name : CentOS Update for tomcat5 CESA-2011:0336 centos5 i386 File : nvt/gb_CESA-2011_0336_tomcat5_centos5_i386.nasl |
| 2011-08-09 | Name : CentOS Update for java CESA-2011:0857 centos5 i386 File : nvt/gb_CESA-2011_0857_java_centos5_i386.nasl |
| 2011-07-12 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2011-8028 File : nvt/gb_fedora_2011_8028_java-1.6.0-openjdk_fc15.nasl |
| 2011-06-24 | Name : Ubuntu Update for openjdk-6 USN-1154-1 File : nvt/gb_ubuntu_USN_1154_1.nasl |
| 2011-06-24 | Name : Oracle Java SE Multiple Unspecified Vulnerabilities 01 - June11 (Windows) File : nvt/secpod_oracle_java_mult_unspecified_vuln_win01_jun11.nasl |
| 2011-06-24 | Name : Oracle Java SE Multiple Unspecified Vulnerabilities - June11 (Windows) File : nvt/secpod_oracle_java_mult_unspecified_vuln_win_jun11.nasl |
| 2011-06-20 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2011-8003 File : nvt/gb_fedora_2011_8003_java-1.6.0-openjdk_fc14.nasl |
| 2011-06-20 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2011-8020 File : nvt/gb_fedora_2011_8020_java-1.6.0-openjdk_fc13.nasl |
| 2011-06-10 | Name : RedHat Update for java-1.6.0-openjdk RHSA-2011:0857-01 File : nvt/gb_RHSA-2011_0857-01_java-1.6.0-openjdk.nasl |
| 2011-06-06 | Name : HP-UX Update for Java HPSBUX02685 File : nvt/gb_hp_ux_HPSBUX02685.nasl |
| 2011-05-12 | Name : Debian Security Advisory DSA 2224-1 (openjdk-6) File : nvt/deb_2224_1.nasl |
| 2011-05-05 | Name : HP-UX Update for Apache Web Server HPSBUX02645 File : nvt/gb_hp_ux_HPSBUX02645.nasl |
| 2011-04-01 | Name : Mandriva Update for java-1.6.0-openjdk MDVSA-2011:054 (java-1.6.0-openjdk) File : nvt/gb_mandriva_MDVSA_2011_054.nasl |
| 2011-03-15 | Name : RedHat Update for tomcat5 RHSA-2011:0336-01 File : nvt/gb_RHSA-2011_0336-01_tomcat5.nasl |
| 2011-03-09 | Name : Gentoo Security Advisory GLSA 201006-18 (sun-jre-bin sun-jdk emul-linux-x86-j... File : nvt/glsa_201006_18.nasl |
| 2011-03-07 | Name : Debian Security Advisory DSA 2161-1 (openjdk-6) File : nvt/deb_2161_1.nasl |
| 2011-03-07 | Name : Debian Security Advisory DSA 2161-2 (openjdk-6) File : nvt/deb_2161_2.nasl |
| 2011-03-07 | Name : Ubuntu Update for openjdk-6 vulnerabilities USN-1079-1 File : nvt/gb_ubuntu_USN_1079_1.nasl |
| 2011-02-28 | Name : SuSE Update for java-1_6_0-sun SUSE-SA:2011:010 File : nvt/gb_suse_2011_010.nasl |
| 2011-02-28 | Name : Oracle Java SE Code Execution Vulnerability (Windows) File : nvt/secpod_oracle_java_code_exec_vuln_win.nasl |
| 2011-02-28 | Name : Oracle Java SE Code Execution Vulnerabilities (Windows) File : nvt/secpod_oracle_java_mult_code_exec_vuln_win.nasl |
| 2011-02-28 | Name : Oracle Java SE Multiple Unspecified Vulnerabilities (Windows) File : nvt/secpod_oracle_java_mult_unspecified_vuln_win.nasl |
| 2011-02-28 | Name : Oracle Java SE Multiple Unspecified Vulnerabilities (Windows) File : nvt/secpod_oracle_java_mult_unspecified_vuln_win_feb11.nasl |
| 2011-02-18 | Name : RedHat Update for java-1.6.0-openjdk RHSA-2011:0281-01 File : nvt/gb_RHSA-2011_0281-01_java-1.6.0-openjdk.nasl |
| 2011-02-18 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2011-1631 File : nvt/gb_fedora_2011_1631_java-1.6.0-openjdk_fc13.nasl |
| 2011-02-18 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2011-1645 File : nvt/gb_fedora_2011_1645_java-1.6.0-openjdk_fc14.nasl |
| 2011-02-16 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2011-1231 File : nvt/gb_fedora_2011_1231_java-1.6.0-openjdk_fc13.nasl |
| 2011-02-16 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2011-1263 File : nvt/gb_fedora_2011_1263_java-1.6.0-openjdk_fc14.nasl |
| 2011-02-11 | Name : RedHat Update for java-1.6.0-openjdk RHSA-2011:0214-01 File : nvt/gb_RHSA-2011_0214-01_java-1.6.0-openjdk.nasl |
| 2011-02-04 | Name : Ubuntu Update for openjdk-6, openjdk-6b18 vulnerabilities USN-1055-1 File : nvt/gb_ubuntu_USN_1055_1.nasl |
| 2011-01-31 | Name : RedHat Update for java-1.6.0-openjdk RHSA-2011:0176-01 File : nvt/gb_RHSA-2011_0176-01_java-1.6.0-openjdk.nasl |
| 2011-01-31 | Name : Ubuntu Update for openjdk-6, openjdk-6b18 vulnerability USN-1052-1 File : nvt/gb_ubuntu_USN_1052_1.nasl |
| 2011-01-21 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2011-0500 File : nvt/gb_fedora_2011_0500_java-1.6.0-openjdk_fc13.nasl |
| 2011-01-21 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2011-0521 File : nvt/gb_fedora_2011_0521_java-1.6.0-openjdk_fc14.nasl |
| 2011-01-04 | Name : HP-UX Update for Java HPSBUX02608 File : nvt/gb_hp_ux_HPSBUX02608.nasl |
| 2010-12-09 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2010-18393 File : nvt/gb_fedora_2010_18393_java-1.6.0-openjdk_fc14.nasl |
| 2010-12-09 | Name : Ubuntu Update for openjdk-6 vulnerability USN-1024-1 File : nvt/gb_ubuntu_USN_1024_1.nasl |
| 2010-12-02 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2010-16312 File : nvt/gb_fedora_2010_16312_java-1.6.0-openjdk_fc14.nasl |
| 2010-11-23 | Name : Fedora Update for openssl FEDORA-2010-17826 File : nvt/gb_fedora_2010_17826_openssl_fc12.nasl |
| 2010-11-16 | Name : Fedora Update for nss FEDORA-2010-15989 File : nvt/gb_fedora_2010_15989_nss_fc12.nasl |
| 2010-11-16 | Name : Fedora Update for proftpd FEDORA-2010-17220 File : nvt/gb_fedora_2010_17220_proftpd_fc12.nasl |
| 2010-11-04 | Name : Ubuntu Update for openjdk-6, openjdk-6b18 vulnerabilities USN-1010-1 File : nvt/gb_ubuntu_USN_1010_1.nasl |
| 2010-10-28 | Name : Oracle Java SE Multiple Vulnerabilities (Windows) File : nvt/gb_sun_java_se_mult_vuln_oct10_win.nasl |
| 2010-10-22 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2010-16240 File : nvt/gb_fedora_2010_16240_java-1.6.0-openjdk_fc12.nasl |
| 2010-10-22 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2010-16294 File : nvt/gb_fedora_2010_16294_java-1.6.0-openjdk_fc13.nasl |
| 2010-10-19 | Name : RedHat Update for java-1.6.0-openjdk RHSA-2010:0768-01 File : nvt/gb_RHSA-2010_0768-01_java-1.6.0-openjdk.nasl |
| 2010-09-27 | Name : Ubuntu Update for openssl vulnerability USN-990-1 File : nvt/gb_ubuntu_USN_990_1.nasl |
| 2010-09-27 | Name : Ubuntu Update for apache2 vulnerability USN-990-2 File : nvt/gb_ubuntu_USN_990_2.nasl |
| 2010-08-20 | Name : Ubuntu Update for openjdk-6 vulnerabilities USN-971-1 File : nvt/gb_ubuntu_USN_971_1.nasl |
| 2010-08-11 | Name : Remote Code Execution Vulnerabilities in SChannel (980436) File : nvt/secpod_ms10-049.nasl |
| 2010-07-26 | Name : Ubuntu Update for nss vulnerability USN-927-6 File : nvt/gb_ubuntu_USN_927_6.nasl |
| 2010-07-02 | Name : Ubuntu Update for nss vulnerability USN-927-4 File : nvt/gb_ubuntu_USN_927_4.nasl |
| 2010-07-02 | Name : Ubuntu Update for nspr update USN-927-5 File : nvt/gb_ubuntu_USN_927_5.nasl |
| 2010-06-28 | Name : Fedora Update for gnutls FEDORA-2010-9487 File : nvt/gb_fedora_2010_9487_gnutls_fc12.nasl |
| 2010-06-25 | Name : Fedora Update for openssl FEDORA-2010-9421 File : nvt/gb_fedora_2010_9421_openssl_fc11.nasl |
| 2010-06-25 | Name : Fedora Update for gnutls FEDORA-2010-9518 File : nvt/gb_fedora_2010_9518_gnutls_fc13.nasl |
| 2010-06-18 | Name : Fedora Update for openssl FEDORA-2010-9639 File : nvt/gb_fedora_2010_9639_openssl_fc12.nasl |
| 2010-06-07 | Name : Fedora Update for httpd FEDORA-2010-6055 File : nvt/gb_fedora_2010_6055_httpd_fc12.nasl |
| 2010-06-07 | Name : HP-UX Update for Java HPSBUX02524 File : nvt/gb_hp_ux_HPSBUX02524.nasl |
| 2010-05-28 | Name : Fedora Update for openssl FEDORA-2010-8742 File : nvt/gb_fedora_2010_8742_openssl_fc12.nasl |
| 2010-05-28 | Name : Java for Mac OS X 10.5 Update 7 File : nvt/macosx_java_for_10_5_upd_7.nasl |
| 2010-05-28 | Name : Java for Mac OS X 10.6 Update 2 File : nvt/macosx_java_for_10_6_upd_2.nasl |
| 2010-05-07 | Name : Fedora Update for httpd FEDORA-2010-6131 File : nvt/gb_fedora_2010_6131_httpd_fc11.nasl |
| 2010-04-30 | Name : HP-UX Update for OpenSSL HPSBUX02517 File : nvt/gb_hp_ux_HPSBUX02517.nasl |
| 2010-04-30 | Name : Mandriva Update for java-1.6.0-openjdk MDVSA-2010:084 (java-1.6.0-openjdk) File : nvt/gb_mandriva_MDVSA_2010_084.nasl |
| 2010-04-29 | Name : Mandriva Update for firefox MDVSA-2010:070-1 (firefox) File : nvt/gb_mandriva_MDVSA_2010_070_1.nasl |
| 2010-04-29 | Name : Mandriva Update for openssl MDVSA-2010:076-1 (openssl) File : nvt/gb_mandriva_MDVSA_2010_076_1.nasl |
| 2010-04-29 | Name : SuSE Update for MozillaFirefox,MozillaThunderbird,seamonkey,mozilla-nss SUSE-... File : nvt/gb_suse_2010_021.nasl |
| 2010-04-19 | Name : Fedora Update for openssl FEDORA-2010-5357 File : nvt/gb_fedora_2010_5357_openssl_fc11.nasl |
| 2010-04-19 | Name : Mandriva Update for openssl MDVSA-2010:076 (openssl) File : nvt/gb_mandriva_MDVSA_2010_076.nasl |
| 2010-04-16 | Name : Mandriva Update for firefox MDVSA-2010:070 (firefox) File : nvt/gb_mandriva_MDVSA_2010_070.nasl |
| 2010-04-16 | Name : Ubuntu Update for nss vulnerability USN-927-1 File : nvt/gb_ubuntu_USN_927_1.nasl |
| 2010-04-09 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2010-6025 File : nvt/gb_fedora_2010_6025_java-1.6.0-openjdk_fc12.nasl |
| 2010-04-09 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2010-6039 File : nvt/gb_fedora_2010_6039_java-1.6.0-openjdk_fc11.nasl |
| 2010-04-09 | Name : Mandriva Update for nss MDVSA-2010:069 (nss) File : nvt/gb_mandriva_MDVSA_2010_069.nasl |
| 2010-04-09 | Name : Ubuntu Update for openjdk-6 vulnerabilities USN-923-1 File : nvt/gb_ubuntu_USN_923_1.nasl |
| 2010-04-07 | Name : Oracle Java SE Multiple Vulnerabilities (Linux) File : nvt/gb_oracle_java_se_mult_vuln_lin_apr10.nasl |
| 2010-04-07 | Name : Oracle Java SE Multiple Vulnerabilities (Windows) File : nvt/gb_oracle_java_se_mult_vuln_win_apr10.nasl |
| 2010-04-06 | Name : FreeBSD Ports: seamonkey File : nvt/freebsd_seamonkey0.nasl |
| 2010-04-06 | Name : RedHat Update for java-1.6.0-openjdk RHSA-2010:0339-01 File : nvt/gb_RHSA-2010_0339-01_java-1.6.0-openjdk.nasl |
| 2010-04-06 | Name : Mac OS X Security Update 2010-001 File : nvt/macosx_secupd_2010-001.nasl |
| 2010-03-31 | Name : CentOS Update for openssl CESA-2010:0163 centos3 i386 File : nvt/gb_CESA-2010_0163_openssl_centos3_i386.nasl |
| 2010-03-31 | Name : CentOS Update for openssl CESA-2010:0163 centos4 i386 File : nvt/gb_CESA-2010_0163_openssl_centos4_i386.nasl |
| 2010-03-31 | Name : CentOS Update for nspr CESA-2010:0165 centos4 i386 File : nvt/gb_CESA-2010_0165_nspr_centos4_i386.nasl |
| 2010-03-31 | Name : CentOS Update for gnutls CESA-2010:0167 centos4 i386 File : nvt/gb_CESA-2010_0167_gnutls_centos4_i386.nasl |
| 2010-03-31 | Name : RedHat Update for openssl RHSA-2010:0162-01 File : nvt/gb_RHSA-2010_0162-01_openssl.nasl |
| 2010-03-31 | Name : RedHat Update for openssl RHSA-2010:0163-01 File : nvt/gb_RHSA-2010_0163-01_openssl.nasl |
| 2010-03-31 | Name : RedHat Update for openssl097a RHSA-2010:0164-01 File : nvt/gb_RHSA-2010_0164-01_openssl097a.nasl |
| 2010-03-31 | Name : RedHat Update for nss RHSA-2010:0165-01 File : nvt/gb_RHSA-2010_0165-01_nss.nasl |
| 2010-03-31 | Name : RedHat Update for gnutls RHSA-2010:0166-01 File : nvt/gb_RHSA-2010_0166-01_gnutls.nasl |
| 2010-03-31 | Name : RedHat Update for gnutls RHSA-2010:0167-01 File : nvt/gb_RHSA-2010_0167-01_gnutls.nasl |
| 2010-03-31 | Name : Fedora Update for nss FEDORA-2010-3905 File : nvt/gb_fedora_2010_3905_nss_fc11.nasl |
| 2010-03-12 | Name : Mandriva Update for cacti MDVA-2010:089 (cacti) File : nvt/gb_mandriva_MDVA_2010_089.nasl |
| 2010-03-02 | Name : Fedora Update for httpd FEDORA-2009-12747 File : nvt/gb_fedora_2009_12747_httpd_fc11.nasl |
| 2010-03-02 | Name : Fedora Update for nss FEDORA-2010-1127 File : nvt/gb_fedora_2010_1127_nss_fc12.nasl |
| 2010-03-02 | Name : Mandriva Update for rsh MDVA-2010:076 (rsh) File : nvt/gb_mandriva_MDVA_2010_076.nasl |
| 2010-03-02 | Name : Mandriva Update for x11-driver-video-ati MDVA-2010:084 (x11-driver-video-ati) File : nvt/gb_mandriva_MDVA_2010_084.nasl |
| 2010-02-19 | Name : Mandriva Update for mandriva-release MDVA-2010:069 (mandriva-release) File : nvt/gb_mandriva_MDVA_2010_069.nasl |
| 2010-02-11 | Name : Microsoft Windows TLS/SSL Spoofing Vulnerability (977377) File : nvt/gb_ms_tls_ssl_spoofing_vuln.nasl |
| 2009-12-30 | Name : Fedora Core 12 FEDORA-2009-12229 (tomcat-native) File : nvt/fcore_2009_12229.nasl |
| 2009-12-30 | Name : Fedora Core 11 FEDORA-2009-12305 (tomcat-native) File : nvt/fcore_2009_12305.nasl |
| 2009-12-30 | Name : Fedora Core 12 FEDORA-2009-12606 (httpd) File : nvt/fcore_2009_12606.nasl |
| 2009-12-30 | Name : Fedora Core 11 FEDORA-2009-13236 (proftpd) File : nvt/fcore_2009_13236.nasl |
| 2009-12-30 | Name : Fedora Core 12 FEDORA-2009-13250 (proftpd) File : nvt/fcore_2009_13250.nasl |
| 2009-12-14 | Name : Fedora Core 10 FEDORA-2009-12604 (httpd) File : nvt/fcore_2009_12604.nasl |
| 2009-12-14 | Name : Fedora Core 12 FEDORA-2009-12968 (nss-util) File : nvt/fcore_2009_12968.nasl |
| 2009-12-14 | Name : Gentoo Security Advisory GLSA 200912-01 (openssl) File : nvt/glsa_200912_01.nasl |
| 2009-12-10 | Name : Fedora Core 12 FEDORA-2009-12750 (nginx) File : nvt/fcore_2009_12750.nasl |
| 2009-12-10 | Name : Fedora Core 10 FEDORA-2009-12775 (nginx) File : nvt/fcore_2009_12775.nasl |
| 2009-12-10 | Name : Fedora Core 11 FEDORA-2009-12782 (nginx) File : nvt/fcore_2009_12782.nasl |
| 2009-12-10 | Name : FreeBSD Security Advisory (FreeBSD-SA-09:15.ssl.asc) File : nvt/freebsdsa_ssl.nasl |
| 2009-12-10 | Name : Mandriva Security Advisory MDVSA-2009:323 (apache) File : nvt/mdksa_2009_323.nasl |
| 2009-11-23 | Name : SLES9: Security update for OpenSSL File : nvt/sles9p5062661.nasl |
| 2009-11-23 | Name : SuSE Security Advisory SUSE-SA:2009:057 (openssl) File : nvt/suse_sa_2009_057.nasl |
| 2009-11-17 | Name : RedHat Security Advisory RHSA-2009:1579 File : nvt/RHSA_2009_1579.nasl |
| 2009-11-17 | Name : RedHat Security Advisory RHSA-2009:1580 File : nvt/RHSA_2009_1580.nasl |
| 2009-11-17 | Name : CentOS Security Advisory CESA-2009:1579 (httpd) File : nvt/ovcesa2009_1579.nasl |
| 2009-11-17 | Name : CentOS Security Advisory CESA-2009:1580 (httpd) File : nvt/ovcesa2009_1580.nasl |
| 2009-11-17 | Name : SLES10: Security update for OpenSSL File : nvt/sles10_compat-openssl02.nasl |
| 2009-11-17 | Name : SLES10: Security update for OpenSSL File : nvt/sles10_openssl3.nasl |
| 2009-11-17 | Name : SLES11: Security update for libopenssl File : nvt/sles11_libopenssl0_9_82.nasl |
| 0000-00-00 | Name : Slackware Advisory SSA:2009-320-01 openssl File : nvt/esoft_slk_ssa_2009_320_01.nasl |
| 0000-00-00 | Name : Slackware Advisory SSA:2010-067-01 httpd File : nvt/esoft_slk_ssa_2010_067_01.nasl |
| 0000-00-00 | Name : FreeBSD Ports: opera, linux-opera File : nvt/freebsd_opera25.nasl |
| 0000-00-00 | Name : Java for Mac OS X 10.6 Update 6 And 10.7 Update 1 File : nvt/secpod_macosx_java_10_6_upd_6_and_10_7_upd_1.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 78413 | Oracle Virtual Desktop Infrastructure Session Component Unspecified Remote Issue Oracle Virtual Desktop Infrastructure contains a flaw related to the Session component that may allow a remote attacker to manipulate certain unspecified data and gain unauthorized access to certain unspecified information. No further details have been provided. |
| 78114 | Oracle GlassFish Server Hash Collission Form Parameter Parsing Remote DoS Oracle GlassFish Server contains a flaw that may allow a remote denial of service. The issue is triggered when an attacker sends multiple crafted parameters which trigger hash collisions, and will result in loss of availability for the program via CPU consumption. |
| 77832 | Parallels Plesk Panel Billing System TLS Renegotiation Handshakes MiTM Plaint... |
| 76512 | Oracle Java SE JRE JAXWS Component Unspecified Remote Information Disclosure Oracle Java SE contains a flaw related to the JAXWS sub-component within the Java Runtime Environment component that may allow a remote attacker to gain unauthorized access to unspecified information. No further details have been provided. |
| 76511 | Oracle Java SE JRE Networking Component Unspecified Remote Information Disclo... Oracle Java SE contains a flaw related to the Networking sub-component within the Java Runtime Environment component that may allow a remote attacker to gain unauthorized access to unspecified information. No further details have been provided. |
| 76510 | Oracle Java SE JRE HotSpot Component Unspecified Remote Information Disclosure Oracle Java SE contains a flaw related to the HotSpot sub-component within the Java Runtime Environment component that may allow a remote attacker to gain unauthorized access to unspecified information. No further details have been provided. |
| 76507 | Oracle Java SE JRE JSSE Component Unspecified Remote Issue Oracle Java SE contains a flaw related to the JSSE sub-component within the Java Runtime Environment component that may allow a remote attacker to gain unauthorized access to unspecified information and manipulate unspecified data. No further details have been provided. |
| 76506 | Oracle Java SE JRE RMI Component Unspecified Remote Issue (2011-3557) Oracle Java SE contains a flaw related to the RMI sub-component within the Java Runtime Environment component that may allow a remote attacker to gain unauthorized access to unspecified information, manipulate unspecified data, and cause a denial of service. No further details have been provided. |
| 76505 | Oracle Java SE JRE RMI Component Unspecified Remote Issue (2011-3556) Oracle Java SE contains a flaw related to the RMI sub-component within the Java Runtime Environment component that may allow a remote attacker to gain unauthorized access to unspecified information, manipulate unspecified data, and cause a denial of service. No further details have been provided. |
| 76502 | Oracle Java SE JRE 2D Component Unspecified Remote Issue Oracle Java SE contains a flaw related to the 2D sub-component within the Java Runtime Environment component that may allow a remote attacker to gain unauthorized access to unspecified information, manipulate unspecified data, and cause a denial of service. No further details have been provided. |
| 76500 | Oracle Java SE JRE Rhino Javascript Error Parsing Input Sanitation Weakness R... |
| 76498 | Oracle Java SE JRE Component Unspecified Remote Issue (2011-3554) Oracle Java SE contains a flaw related to the Java Runtime Environment component that may allow a remote attacker to gain unauthorized access to unspecified information, manipulate unspecified data, and cause a denial of service. No further details have been provided. |
| 76497 | Oracle Java SE JRE Networking Component java.net.Socket API UDP Socket Satura... |
| 76496 | Oracle Java SE JRE IIOP Deserialization Applet Handling Remote Code Execution |
| 76495 | Oracle Java SE JRE AWT Component Unspecified Remote Issue (2011-3548) Oracle Java SE contains a flaw related to the AWT sub-component within the Java Runtime Environment component that may allow a remote attacker to gain unauthorized access to unspecified information, manipulate unspecified data, and cause a denial of service. No further details have been provided. |
| 75622 | Blue Coat Director TLS Renegotiation Handshakes MiTM Plaintext Data Injection |
| 75194 | OpenJDK IcedTea Plugin Crafted Applet Arbitrary File Access (2010-2783) |
| 74829 | SSL Chained Initialization Vector CBC Mode MiTM Weakness |
| 74335 | Hitachi Web Server TLS Renegotiation Handshakes MiTM Plaintext Data Injection Hitachi Web Server contains a flaw related to the SSL protocol failing to properly associate renegotiation handshakes with an existing connection, allowing a man-in-the-middle attacker to insert data into HTTPS sessions, and possibly other sessions which are protected by TLS or SSL. The issue is triggered when a remote attacker sends an unauthenticated request which is processed retroactively by the server in a post-renegotiation context, related to a plaintext injection attack. |
| 73931 | Oracle Enterprise Manager Grid Control Streams, AQ & Replication Mgmt Uns... Oracle Enterprise Manager Grid Control contains a flaw related to the Streams, AQ & Replication Mgmt component that may allow a remote attacker to partially affect integrity, confidentiality and availability. No further details have been provided. |
| 73928 | Oracle Enterprise Manager Grid Control Schema Management Unspecified Remote I... Oracle Enterprise Manager Grid Control contains a flaw related to the Schema Management component that may allow a remote attacker to partially affect integrity, confidentiality and availability. No further details have been provided. |
| 73765 | OpenJDK Runtime Environment IcedTea-Web JNLPClassLoader Multiple Signer Remot... |
| 73764 | OpenJDK IcedTea JAR File Signature Verification Weakness |
| 73085 | Oracle Java SE / JRE Deserialization Unspecified Remote Issue |
| 73084 | Oracle Java SE / JRE SAAJ Unspecified Remote Information Disclosure |
| 73082 | Oracle Java SE / JRE NIO Unspecified Remote DoS |
| 73081 | Oracle Java SE / JRE 2D Unspecified Remote Information Disclosure |
| 73077 | Oracle Java SE / JRE Swing Unspecified Remote Code Execution |
| 73074 | Oracle Java SE / JRE Hotspot Unspecified Remote Code Execution |
| 73071 | Oracle Java SE / JRE AWT Unspecified Remote Code Execution |
| 73069 | Oracle Java SE / JRE ICC Profile Multiple Tag Parsing Memory Corruption |
| 71961 | Oracle Fusion Middleware Oracle WebLogic Server TLS Renegotiation Handshakes ... Oracle Fusion Middleware contains a flaw related to the Oracle WebLogic Server component. The component fails to properly associate renegotiation handshakes with an existing connection, allowing a man-in-the-middle attacker to insert data into HTTPS sessions, and possibly other sessions which are protected by TLS or SSL. The issue is triggered when a remote attacker sends an unauthenticated request which is processed retroactively by the server in a post-renegotiation context, related to a plaintext injection attack. |
| 71951 | Oracle Multiple Products Oracle Security Service TLS Renegotiation Handshakes... Oracle Database and Fusion Middleware contain a flaw related to the Oracle Security Service component. The component fails to properly associate renegotiation handshakes with an existing connection, allowing a man-in-the-middle attacker to insert data into HTTPS sessions, and possibly other sessions which are protected by TLS or SSL. The issue is triggered when a remote attacker sends an unauthenticated request which is processed retroactively by the server in a post-renegotiation context, related to a plaintext injection attack. |
| 71622 | Oracle Java SE / Java for Business XML Digital Signature Unspecified Remote DoS |
| 71621 | Oracle Java SE / Java for Business Networking Unspecified Remote DoS |
| 71620 | Oracle Java SE / Java for Business Launcher Unspecified Local Issue |
| 71616 | Oracle Java SE / Java for Business 2D Unspecified Remote Information Disclosure |
| 71615 | Oracle Java SE / Java for Business JAXP Unspecified Remote DoS |
| 71610 | Oracle Java SE / Java for Business Hotspot Unspecified Remote Compromise |
| 71609 | Oracle Java SE / Java for Business Deployment Unspecified Remote Compromise (... |
| 71608 | Oracle Java SE / Java for Business Swing Clipboard Handle Arbitrary Command I... |
| 70965 | Oracle Java SE / Java for Business Double.parseDouble Method Floating Point ... Oracle Java SE and Java for Business contain a flaw that may allow a remote denial of service. The issue is triggered when the 'Double.parseDouble' method in JRE allows remote attackers to trigger an infinite loop with a crafted string, resulting in a denial of service. |
| 70620 | mGuard TLS Renegotiation Handshakes MiTM Plaintext Data Injection mGuard contains a flaw related to the TLS protocol's failure to properly associate renegotiation handshakes with an existing connection. The issue is triggered when a man-in-the-middle attacker uses unauthenticated requests processed retroactively. This may allow an attacker to inject data into HTTPS sessions. |
| 70605 | OpenJDK IcedTea JNLP SecurityManager checkPermission Method Exception Bypass Java OpenJDK contains a flaw related to the 'JNLPSecurityManager' class not properly enforcing security policies in the 'IcedTea.so' component. This may allow a context-dependent attacker to use a crafted website or applet to execute arbitrary code. |
| 70072 | Oracle Communications Messaging Server Webmail Kerberos AP-REQ Denial of Service Oracle Sun Products Suite contains a flaw related to the Oracle Communications Messaging Server component's Kerberos implementation failing to properly check AP-REQ requests. This may allow a remote attacker to cause a denial of service against the receiving JVM. |
| 70055 | Oracle Supply Chain Transportation Management TLS Renegotiation Handshakes Mi... Oracle Supply Chain contains a flaw related to the Transportation Management component. The component fails to properly associate renegotiation handshakes with an existing connection, allowing a man-in-the-middle attacker to insert data into HTTPS sessions, and possibly other sessions which are protected by TLS or SSL. The issue is triggered when a remote attacker sends an unauthenticated request which is processed retroactively by the server in a post-renegotiation context, related to a plaintext injection attack. |
| 69675 | IcedTea Multiple Variable Public Declaration Remote Information Disclosure IcedTea contains a flaw that may lead to an unauthorized information disclosure. Â Multiple sensitive variables are declared public, which will disclose user.name, user.home and java.home information to a remote attacker. |
| 69561 | IBM WebSphere MQ Internet Pass-Thru TLS Renegotiation Handshake MiTM Plaintex... IBM WebSphere MQ Internet Pass-Thru contains a flaw related to the TLS Renegotiation Handshake protocol. The issue is triggered when a remote attacker uses a MiTM attack to insert arbitrary plaintext into data sent by a legitimate client. |
| 69059 | Oracle Java SE / Java for Business Networking Component HttpURLConnection App... Oracle Java SE and Java for Business contain a flaw related to the Networking component's HttpURLConnection class's failure to properly validate request headers set by applets. This may allow a remote attacker to trigger otherwise restricted actions. |
| 69058 | Oracle Java SE / Java for Business JNDI Internal Network Names Information Di... Oracle Java SE and Java for Business contain a flaw that may lead to an unauthorized information disclosure. Â The issue is triggered when an information leak in the JNDI component occurs, which will disclose confidential internal network names to a remote attacker. |
| 69057 | Oracle Java SE / Java for Business Networking Component HttpURLConnection chu... Oracle Java SE and Java for Business contains a flaw related to the Networking component's HttpURLConnection class's failure to properly handle the 'chunked' transfer encoding method. This may allow a remote attacker to conduct HTTP request splitting attacks. |
| 69055 | Oracle Java SE / Java for Business Networking Component Network Address Infor... Oracle Java SE and Java for Business contains a flaw that may lead to an unauthorized information disclosure. Â The issue is triggered whentThe NetworkInterface class fails to properly check the network 'connect' permissions for local network addresses, which will disclose local network addresses to a remote attacker. |
| 69053 | Oracle Java SE / Java for Business Swing Component Unspecified Issue (2010-3553) Oracle Java SE and Java for Business contain an unspecified flaw related to the Swing component. This may allow a remote attacker to affect confidentiality, integrity, and availability. No further details have been provided. |
| 69052 | Oracle Java SE / Java for Business CORBA Component Remote Code Execution Oracle Java SE and Java for Business contain an unspecified flaw related to the CORBA component. This may allow a remote attacker to execute arbitrary code by misusing permissions granted to certain system objects. No further details have been provided |
| 69049 | Oracle Java SE / Java for Business Swing Component Unspecified Issue (2010-3557) Oracle Java SE and Java for Business contain an unspecified flaw related to the Swing component. This may allow a remote attacker to affect confidentiality, integrity, and availability. This is related to the modification of the behavior and state of certain JDK classes. No further details have been provided. |
| 69045 | Oracle Java SE / Java for Business CORBA Component ServerSocket Network Permi... Oracle Java SE and Java for Business contain a flaw related to the CORBA Component's ServerSocket class's privileged accept method allowing it to receive connections from any host. This may allow a remote attacker to bypass network permission restrictions. |
| 69044 | Oracle Java SE / Java for Business 2D Component IndexColorModel Double-free E... Oracle Java SE and Java for Business contain a flaw related to the 2D Component. IndexColorModel suffers from a double free error when running an untrusted applet or application, which may allow a remote attacker to potentially execute arbitrary code. |
| 69042 | Oracle Java SE / Java for Business JRE JPEGImageWriter.writeImage Overflow Oracle Java SE and Java for Business are prone to an overflow condition. The JPEGImageWriter.writeImage in the imageio API in the JRE component fails to properly sanitize user-supplied input resulting in an integer overflow. With a specially crafted JPEG image file, a context-dependent attacker can potentially execute arbitrary code. |
| 69041 | Oracle Java SE / Java for Business JRE ICC Profile devs Tag Structure Overflow Oracle Java SE and Java for Business are prone to an overflow condition. The color profile parser in the JRE component fails to properly sanitize user-supplied input resulting in an integer overflow. With a specially crafted 'devs' tag structure in a color profile, a context-dependent attacker can potentially execute arbitrary code. |
| 69040 | Oracle Java SE / Java for Business 2D Component ICU Opentype out-of-bounds Re... Oracle Java SE and Java for Business contains a flaw related to the 2D component. The issue is triggered when a crash in ICU Opentype layout engine is caused by a miscalculation in character counts for right-to-left text causing out-of-bounds memory access. This may allow a remote attacker to execute arbitrary code. |
| 69039 | Oracle Java SE / Java for Business JRE Component Unspecified Issue (2010-3568) Oracle Java SE and Java for Business contain an unspecified flaw related to the JRE component. This may allow a remote attacker to affect confidentiality, integrity, and availability. No further details have been provided. |
| 69038 | Oracle Java SE / Java for Business JRE Component Unspecified Issue (2010-3569) Oracle Java SE and Java for Business contain a flaw related to the JRE component. The 'defaultReadObject' method of the Serialization API. can be tricked into setting a volatile field repeatedly. This may allow a remote attacker to execute arbitrary code. |
| 69034 | Oracle Java SE / Java for Business java.net.URLConnection Same-of-origin Poli... Oracle Java SE and Java for Business contain a flaw related to the 'HttpURLConnection' class in the Networking component's failure to properly validate applet request headers. This may allow a remote attacker to trigger actions which are normally restricted to HTTP clients. |
| 69033 | Oracle Java SE / Java for Business Networking Component HttpURLConnection all... Oracle Java SE and Java for Business contain a flaw related to the 'Networking' component. The 'HttpURLConnection' class fails to properly check if the calling code had the 'allowHttpTrace' permission, allowing the creation of HTTP TRACE requests by untrusted code. |
| 69032 | Oracle Java SE / Java for Business TLS Renegotiation Handshake MiTM Plaintext... Oracle Java SE and Java for Business contains a flaw related to the JSSE component. The application fails to properly associate renegotiation handshakes with an existing connection, allowing a MiTM attacker to use an unauthenticated request to insert data into HTTPS sessions, related to a 'plaintext injection' attack |
| 67029 | HP Threat Management Services zl Module TLS Renegotiation Handshakes MiTM Pla... |
| 66315 | HP Insight Manager TLS Renegotiation Handshakes MiTM Plaintext Data Injection |
| 65202 | OpenOffice.org (OOo) TLS Renegotiation Handshakes MiTM Plaintext Data Injection |
| 64725 | HP System Management Homepage (SMH) TLS Renegotiation Handshakes MiTM Plainte... |
| 64499 | ArubaOS HTTPS WebUI Admin Interface TLS Renegotiation Handshakes MiTM Plainte... |
| 64040 | IBM DB2 TLS Renegotiation Handshakes MiTM Plaintext Data Injection |
| 62877 | SSH Tectia Audit Player TLS Renegotiation Handshakes MiTM Plaintext Data Inje... |
| 62536 | Blue Coat Products TLS Renegotiation Handshakes MiTM Plaintext Data Injection |
| 62273 | Opera TLS Renegotiation Handshakes MiTM Plaintext Data Injection |
| 62210 | Aruba Mobility Controller TLS Renegotiation Handshakes MiTM Plaintext Data In... |
| 62135 | Network Security Services (NSS) TLS Renegotiation Handshakes MiTM Plaintext D... |
| 62064 | IBM Java TLS Renegotiation Handshakes MiTM Plaintext Data Injection |
| 61929 | IBM WebSphere Application Server TLS Renegotiation Handshakes MiTM Plaintext ... |
| 61785 | Avaya Products Multiple Product TLS Renegotiation Handshakes MiTM Plaintext D... |
| 61784 | Sun Java System Multiple Product TLS Renegotiation Handshakes MiTM Plaintext ... |
| 61718 | IBM WebSphere DataPower TLS Renegotiation Handshakes MiTM Plaintext Data Inje... |
| 61234 | IBM SDK for Java TLS Renegotiation Handshakes MiTM Plaintext Data Injection |
| 60521 | Ingate Firewall/SIParator SSL / TLS Renegotiation Handshakes MiTM Plaintext D... |
| 60366 | Cisco Multiple Devices TLS Renegotiation Handshakes MiTM Plaintext Data Injec... |
| 59974 | MatrixSSL TLS Renegotiation Handshakes MiTM Plaintext Data Injection |
| 59973 | Citrix Secure Gateway TLS Renegotiation Handshakes MiTM Plaintext Data Injection |
| 59972 | GnuTLS TLS Renegotiation Handshakes MiTM Plaintext Data Injection |
| 59971 | OpenSSL TLS Renegotiation Handshakes MiTM Plaintext Data Injection |
| 59970 | Mozilla Network Security Services (NSS) SSL / TLS Renegotiation Handshakes Mi... |
| 59969 | Apache HTTP Server mod_ssl SSL / TLS Renegotiation Handshakes MiTM Plaintext ... |
| 59968 | Microsoft Multiple Products SSL / TLS Renegotiation Handshakes MiTM Plaintext... |
Information Assurance Vulnerability Management (IAVM)
| Date | Description |
|---|---|
| 2015-01-22 | IAVM : 2015-B-0007 - Multiple Vulnerabilities in Juniper Secure Analytics (JSA) and Security Threa... Severity : Category I - VMSKEY : V0058213 |
| 2014-04-17 | IAVM : 2014-A-0056 - Multiple Vulnerabilities in Oracle Java SE Severity : Category I - VMSKEY : V0049583 |
| 2014-03-13 | IAVM : 2014-B-0024 - Multiple Security Vulnerabilities in Apple iOS Severity : Category I - VMSKEY : V0046157 |
| 2014-02-27 | IAVM : 2014-A-0030 - Apple Mac OS X Security Update 2014-001 Severity : Category I - VMSKEY : V0044547 |
| 2014-02-27 | IAVM : 2014-B-0019 - Multiple Vulnerabilities in Apache Tomcat Severity : Category I - VMSKEY : V0044527 |
| 2013-12-12 | IAVM : 2013-A-0233 - Multiple Vulnerabilities in Mozilla Products Severity : Category I - VMSKEY : V0042596 |
| 2013-11-14 | IAVM : 2013-B-0124 - Multiple Vulnerabilities in Google Chrome Severity : Category I - VMSKEY : V0042301 |
| 2013-10-17 | IAVM : 2013-A-0199 - Multiple Vulnerabilities in Oracle Fusion Middleware Severity : Category I - VMSKEY : V0040786 |
| 2013-10-17 | IAVM : 2013-A-0200 - Multiple Vulnerabilities in Oracle Java Severity : Category I - VMSKEY : V0040783 |
| 2013-10-17 | IAVM : 2013-A-0191 - Multiple Vulnerabilities in Java for Mac OS X Severity : Category I - VMSKEY : V0040779 |
| 2013-09-19 | IAVM : 2013-A-0181 - Multiple Vulnerabilities in Junos Pulse Secure Access Service (IVE) Severity : Category I - VMSKEY : V0040371 |
| 2013-09-19 | IAVM : 2013-A-0179 - Apple Mac OS X Security Update 2013-004 Severity : Category I - VMSKEY : V0040373 |
| 2013-09-19 | IAVM : 2013-A-0180 - Multiple Vulnerabilities in Juniper Networks Junos Pulse Access Service Acces... Severity : Category I - VMSKEY : V0040372 |
| 2013-04-11 | IAVM : 2013-A-0077 - Multiple Vulnerabilities in OpenSSL Severity : Category I - VMSKEY : V0037605 |
| 2012-09-27 | IAVM : 2012-A-0153 - Multiple Vulnerabilities in VMware ESX 4.0 and ESXi 4.0 Severity : Category I - VMSKEY : V0033884 |
| 2012-09-13 | IAVM : 2012-A-0148 - Multiple Vulnerabilities in VMware ESXi 4.1 and ESX 4.1 Severity : Category I - VMSKEY : V0033794 |
| 2012-09-13 | IAVM : 2012-A-0147 - Multiple Vulnerabilities in VMware vCenter Server 4.1 Severity : Category I - VMSKEY : V0033793 |
| 2012-09-13 | IAVM : 2012-A-0146 - Multiple Vulnerabilities in VMware vCenter Update Manager 4.1 Severity : Category I - VMSKEY : V0033792 |
| 2012-08-16 | IAVM : 2012-A-0136 - Multiple Vulnerabilities in Juniper Network Management Products Severity : Category I - VMSKEY : V0033662 |
| 2012-05-03 | IAVM : 2012-B-0048 - Multiple Vulnerabilities in HP Systems Insight Manager Severity : Category I - VMSKEY : V0032178 |
| 2012-04-05 | IAVM : 2012-B-0038 - Multiple Vulnerabilities in HP Onboard Administrator Severity : Category I - VMSKEY : V0031972 |
| 2012-03-29 | IAVM : 2012-A-0048 - Multiple Vulnerabilities in VMware vCenter Update Manager 5.0 Severity : Category I - VMSKEY : V0031901 |
| 2012-01-13 | IAVM : 2012-B-0006 - Microsoft SSL/TLS Information Disclosure Vulnerability Severity : Category I - VMSKEY : V0031054 |
| 2011-12-15 | IAVM : 2011-A-0173 - Multiple Vulnerabilities in VMware ESX 4.0 Severity : Category I - VMSKEY : V0030824 |
| 2011-12-01 | IAVM : 2011-A-0160 - Multiple Vulnerabilities in VMware vCenter Server 4.0 and vCenter Update Mana... Severity : Category I - VMSKEY : V0030769 |
| 2011-05-12 | IAVM : 2011-A-0066 - Multiple Vulnerabilities in VMware Products Severity : Category I - VMSKEY : V0027158 |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2019-03-26 | Oracle Java ImagingLib buffer overflow attempt RuleID : 49256 - Revision : 1 - Type : FILE-JAVA |
| 2019-03-26 | Oracle Java ImagingLib buffer overflow attempt RuleID : 49255 - Revision : 2 - Type : FILE-JAVA |
| 2019-03-12 | Oracle Java JPEGImageWriter memory corruption attempt RuleID : 49117 - Revision : 1 - Type : FILE-JAVA |
| 2019-03-12 | Oracle Java JPEGImageWriter memory corruption attempt RuleID : 49116 - Revision : 1 - Type : FILE-JAVA |
| 2018-04-05 | limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt RuleID : 45830 - Revision : 1 - Type : SERVER-OTHER |
| 2018-01-17 | limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt RuleID : 45201 - Revision : 2 - Type : SERVER-OTHER |
| 2018-01-17 | limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt RuleID : 45200 - Revision : 2 - Type : SERVER-OTHER |
| 2018-01-17 | limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt RuleID : 45199 - Revision : 2 - Type : SERVER-OTHER |
| 2016-07-28 | Oracle Java RangeStatisticImpl sandbox breach attempt RuleID : 39355 - Revision : 1 - Type : FILE-JAVA |
| 2016-07-28 | Oracle Java RangeStatisticImpl sandbox breach attempt RuleID : 39354 - Revision : 1 - Type : FILE-JAVA |
| 2016-03-24 | Oracle Java sun.awt.image.ImagingLib.lookupByteBI memory corruption attempt RuleID : 37821 - Revision : 1 - Type : FILE-JAVA |
| 2016-03-24 | Oracle Java sun.awt.image.ImagingLib.lookupByteBI memory corruption attempt RuleID : 37820 - Revision : 1 - Type : FILE-JAVA |
| 2016-03-24 | Oracle Java sun.awt.image.ImagingLib.lookupByteBI memory corruption attempt RuleID : 37819 - Revision : 1 - Type : FILE-JAVA |
| 2016-03-24 | Oracle Java sun.awt.image.ImagingLib.lookupByteBI memory corruption attempt RuleID : 37818 - Revision : 1 - Type : FILE-JAVA |
| 2016-03-22 | Oracle Java IntegerInterleavedRaster integer overflow attempt RuleID : 37805 - Revision : 3 - Type : FILE-JAVA |
| 2016-03-22 | Oracle Java IntegerInterleavedRaster integer overflow attempt RuleID : 37804 - Revision : 4 - Type : FILE-JAVA |
| 2016-03-22 | Oracle Java IntegerInterleavedRaster integer overflow attempt RuleID : 37803 - Revision : 2 - Type : FILE-JAVA |
| 2016-03-22 | Oracle Java IntegerInterleavedRaster integer overflow attempt RuleID : 37802 - Revision : 2 - Type : FILE-JAVA |
| 2016-03-15 | Oracle Java ServiceLoader exception handling exploit attempt RuleID : 37665 - Revision : 3 - Type : FILE-JAVA |
| 2016-03-15 | Oracle Java ServiceLoader exception handling exploit attempt RuleID : 37664 - Revision : 4 - Type : FILE-JAVA |
| 2016-03-14 | Oracle Java System.arraycopy race condition attempt RuleID : 36240 - Revision : 2 - Type : FILE-JAVA |
| 2016-03-14 | Oracle Java System.arraycopy race condition attempt RuleID : 36239 - Revision : 2 - Type : FILE-JAVA |
| 2015-04-30 | Nuclear exploit kit obfuscated file download RuleID : 33983 - Revision : 5 - Type : EXPLOIT-KIT |
| 2015-04-30 | Nuclear exploit kit landing page detected RuleID : 33982 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-11-19 | Oracle Java ServiceLoader exception handling exploit attempt RuleID : 32235 - Revision : 6 - Type : FILE-JAVA |
| 2014-11-19 | Oracle Java ServiceLoader exception handling exploit attempt RuleID : 32234 - Revision : 7 - Type : FILE-JAVA |
| 2014-11-19 | Oracle Java ServiceLoader exception handling exploit attempt RuleID : 32233 - Revision : 6 - Type : FILE-JAVA |
| 2014-11-19 | Oracle Java ServiceLoader exception handling exploit attempt RuleID : 32232 - Revision : 7 - Type : FILE-JAVA |
| 2014-11-16 | Oracle Java IntegerInterleavedRaster integer overflow attempt RuleID : 31541 - Revision : 7 - Type : FILE-JAVA |
| 2014-11-16 | Oracle Java IntegerInterleavedRaster integer overflow attempt RuleID : 31540 - Revision : 6 - Type : FILE-JAVA |
| 2014-11-16 | Oracle Java field bytecode verifier cache code execution attempt RuleID : 31512 - Revision : 3 - Type : FILE-JAVA |
| 2014-11-16 | Oracle Java field bytecode verifier cache code execution attempt RuleID : 31511 - Revision : 3 - Type : FILE-JAVA |
| 2014-11-16 | Oracle Java sun.tracing.ProviderSkeleton sandbox bypass attempt RuleID : 31367 - Revision : 6 - Type : FILE-JAVA |
| 2014-11-16 | Oracle Java sun.tracing.ProviderSkeleton sandbox bypass attempt RuleID : 31366 - Revision : 7 - Type : FILE-JAVA |
| 2014-11-16 | CottonCastle exploit kit decryption page outbound request RuleID : 31279 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-11-16 | CottonCastle exploit kit Oracle java outbound connection RuleID : 31278 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-11-16 | CottonCastle exploit kit Oracle Java outbound connection RuleID : 31277 - Revision : 2 - Type : EXPLOIT-KIT |
| 2018-06-15 | Hello/LightsOut exploit kit payload download attempt RuleID : 30003-community - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-04-03 | Hello/LightsOut exploit kit payload download attempt RuleID : 30003 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-03-29 | Oracle Java java.util.concurrent.ConcurrentHashMap memory corruption attempt RuleID : 29972 - Revision : 2 - Type : FILE-JAVA |
| 2014-03-29 | Oracle Java java.util.concurrent.ConcurrentHashMap memory corruption attempt RuleID : 29971 - Revision : 2 - Type : FILE-JAVA |
| 2014-03-29 | Oracle Java java.util.concurrent.ConcurrentHashMap memory corruption attempt RuleID : 29970 - Revision : 2 - Type : FILE-JAVA |
| 2014-03-29 | Oracle Java java.util.concurrent.ConcurrentHashMap memory corruption attempt RuleID : 29969 - Revision : 2 - Type : FILE-JAVA |
| 2014-03-06 | Oracle Java 2D ImagingLib AffineTransformOp integer overflow attempt RuleID : 29606 - Revision : 4 - Type : FILE-JAVA |
| 2014-03-06 | Oracle Java 2D ImagingLib AffineTransformOp integer overflow attempt RuleID : 29605 - Revision : 3 - Type : FILE-JAVA |
| 2014-03-06 | Oracle Java Rhino script engine remote code execution attempt RuleID : 29535 - Revision : 4 - Type : FILE-JAVA |
| 2014-03-01 | Oracle Java ShortComponentRaster integer overflow attempt RuleID : 29491 - Revision : 4 - Type : FILE-JAVA |
| 2014-03-01 | Oracle Java ShortComponentRaster integer overflow attempt RuleID : 29490 - Revision : 4 - Type : FILE-JAVA |
| 2014-02-21 | Styx exploit kit eot outbound connection RuleID : 29453 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-02-21 | Styx exploit kit landing page request RuleID : 29452 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-02-21 | Styx exploit kit outbound jar request RuleID : 29451 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-02-21 | Styx exploit kit outbound connection attempt RuleID : 29450 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-02-21 | Styx exploit kit landing page RuleID : 29449 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-02-21 | Styx exploit kit landing page RuleID : 29448 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-02-21 | Styx exploit kit jar outbound connection RuleID : 29446 - Revision : 9 - Type : EXPLOIT-KIT |
| 2014-02-21 | Styx exploit kit fonts download page RuleID : 29445 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-02-08 | Oracle Java sun.awt.image.ImagingLib.lookupByteBI memory corruption attempt RuleID : 29273 - Revision : 7 - Type : FILE-JAVA |
| 2014-02-08 | Oracle Java sun.awt.image.ImagingLib.lookupByteBI memory corruption attempt RuleID : 29272 - Revision : 7 - Type : FILE-JAVA |
| 2014-02-08 | Oracle Java sun.awt.image.ImagingLib.lookupByteBI memory corruption attempt RuleID : 29271 - Revision : 6 - Type : FILE-JAVA |
| 2014-02-08 | Oracle Java sun.awt.image.ImagingLib.lookupByteBI memory corruption attempt RuleID : 29270 - Revision : 6 - Type : FILE-JAVA |
| 2014-02-08 | Oracle Java sun.awt.image.ImageRepresentation.setPixels integer overflow attempt RuleID : 29269 - Revision : 2 - Type : FILE-JAVA |
| 2014-02-08 | Oracle Java sun.awt.image.ImageRepresentation.setPixels integer overflow attempt RuleID : 29268 - Revision : 3 - Type : FILE-JAVA |
| 2014-02-08 | Oracle Java and JavaFX JPEGImageReader memory corruption attempt RuleID : 29219 - Revision : 2 - Type : FILE-JAVA |
| 2014-02-08 | Oracle Java and JavaFX JPEGImageReader memory corruption attempt RuleID : 29218 - Revision : 3 - Type : FILE-JAVA |
| 2014-02-08 | Oracle Java sun.awt.image.ImageRepresentation.setPixels integer overflow attempt RuleID : 29215 - Revision : 2 - Type : FILE-JAVA |
| 2014-02-08 | Oracle Java JPEGImageWriter memory corruption attempt RuleID : 29214 - Revision : 3 - Type : FILE-JAVA |
| 2014-01-30 | Stamp exploit kit PDF exploit retrieval attempt RuleID : 29131 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-30 | Stamp exploit kit malicious payload download attempt RuleID : 29130 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-30 | Stamp exploit kit jar exploit download - specific structure RuleID : 29129 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-30 | Stamp exploit kit plugin detection page RuleID : 29128 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-16 | Oracle Java ImagingLib buffer overflow attempt RuleID : 28927 - Revision : 3 - Type : FILE-JAVA |
| 2014-01-16 | Oracle Java ImagingLib buffer overflow attempt RuleID : 28926 - Revision : 3 - Type : FILE-JAVA |
| 2014-01-16 | Oracle Java IntegerInterleavedRaster.verify method integer overflow attempt RuleID : 28916 - Revision : 6 - Type : FILE-JAVA |
| 2014-01-16 | Oracle Java IntegerInterleavedRaster.verify method integer overflow attempt RuleID : 28915 - Revision : 7 - Type : FILE-JAVA |
| 2014-01-11 | Neutrino exploit kit initial outbound request - generic detection RuleID : 28911 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Styx exploit kit landing page request RuleID : 28478 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Styx exploit kit outbound pdf request RuleID : 28477 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Neutrino exploit kit outbound request by Java - generic detection RuleID : 28476 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Neutrino exploit kit outbound request - generic detection RuleID : 28475 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Neutrino exploit kit outbound plugin detection response - generic detection RuleID : 28474 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Neutrino exploit kit outbound request format RuleID : 28460 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-10 | Neutrino exploit kit outbound request format RuleID : 28459 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-10 | Neutrino exploit kit landing page RuleID : 28458 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-10 | Neutrino exploit kit outbound request format RuleID : 28457 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-10 | Neutrino exploit kit outbound request format RuleID : 28456 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-10 | Neutrino exploit kit outbound request format RuleID : 28455 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-10 | Glazunov exploit kit zip file download RuleID : 28430-community - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Glazunov exploit kit zip file download RuleID : 28430 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Glazunov exploit kit outbound jnlp download attempt RuleID : 28429-community - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Glazunov exploit kit outbound jnlp download attempt RuleID : 28429 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Glazunov exploit kit landing page RuleID : 28428-community - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Glazunov exploit kit landing page RuleID : 28428 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Nuclear/Magnitude exploit kit Oracle Java exploit download attempt RuleID : 28414 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Magnitude exploit kit embedded redirection attempt RuleID : 28413 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Magnitude exploit kit embedded redirection attempt RuleID : 28412 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Himan exploit kit payload - Oracle Java compromise RuleID : 28310 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-10 | Himan exploit kit payload - Oracle Java compromise RuleID : 28309 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Himan exploit kit landing page RuleID : 28307 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-10 | Neutrino exploit kit outbound request format RuleID : 28304 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Neutrino exploit kit outbound request format RuleID : 28298 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Oracle Java 2D ImagingLib AffineTransformOp storeImageArray memory corruption... RuleID : 28277 - Revision : 7 - Type : FILE-JAVA |
| 2014-01-10 | Oracle Java 2D ImagingLib AffineTransformOp storeImageArray memory corruption... RuleID : 28276 - Revision : 7 - Type : FILE-JAVA |
| 2014-01-10 | Neutrino exploit kit outbound request format RuleID : 28275 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Neutrino exploit kit outbound request format RuleID : 28274 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Neutrino exploit kit outbound request format RuleID : 28273 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Magnitude/Nuclear exploit kit landing page RuleID : 28236 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Neutrino exploit kit outbound request format RuleID : 28214 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Oracle Java XML digital signature spoofing attempt RuleID : 28157 - Revision : 3 - Type : BROWSER-PLUGINS |
| 2014-01-10 | Nuclear/Magnitude exploit kit post Java compromise download attempt RuleID : 28111 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Nuclear/Magnitude exploit kit Oracle Java exploit download attempt RuleID : 28109 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Nuclear/Magnitude exploit kit Adobe Flash exploit download attempt RuleID : 28108 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Neutrino exploit kit outbound request format RuleID : 28032 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Neutrino exploit kit Oracle Java exploit download attempt RuleID : 28031 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Magnitude/Popads/Nuclear exploit kit jnlp request RuleID : 28029 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Multiple exploit kit Payload detection - readme.dll RuleID : 27898 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-10 | Multiple exploit kit Payload detection - calc.dll RuleID : 27897 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-10 | Multiple exploit kit Payload detection - contacts.dll RuleID : 27896 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-10 | Multiple exploit kit Payload detection - info.dll RuleID : 27895 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-10 | Multiple exploit kit Payload detection - about.dll RuleID : 27894 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-10 | Teletubbies exploit kit payload download RuleID : 27885 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-10 | Teletubbies exploit kit exploit attempt for Oracle Java RuleID : 27883 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-10 | Styx exploit kit malicious redirection attempt RuleID : 27815 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Styx exploit kit landing page request RuleID : 27814 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Styx exploit kit landing page with payload RuleID : 27813 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Oracle Java ImagingLib buffer overflow attempt RuleID : 27787 - Revision : 4 - Type : FILE-JAVA |
| 2014-01-10 | Oracle Java ImagingLib buffer overflow attempt RuleID : 27786 - Revision : 3 - Type : FILE-JAVA |
| 2014-01-10 | Neutrino exploit kit outbound request format RuleID : 27785 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Neutrino exploit kit Oracle Java exploit download attempt RuleID : 27784 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Oracle Java ImagingLib buffer overflow attempt RuleID : 27765 - Revision : 4 - Type : FILE-JAVA |
| 2014-01-10 | Oracle Java ImagingLib buffer overflow attempt RuleID : 27764 - Revision : 3 - Type : FILE-JAVA |
| 2014-01-10 | Oracle Java IntegerInterleavedRaster integer overflow attempt RuleID : 27751 - Revision : 7 - Type : FILE-JAVA |
| 2014-01-10 | Oracle Java IntegerInterleavedRaster integer overflow attempt RuleID : 27750 - Revision : 7 - Type : FILE-JAVA |
| 2014-01-10 | Gong Da exploit kit possible jar download RuleID : 27706 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Gong Da exploit kit Java exploit requested RuleID : 27705 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Gong Da exploit kit Java exploit requested RuleID : 27704 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Gong Da exploit kit plugin detection RuleID : 27703 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-10 | Gong Da exploit kit landing page RuleID : 27702 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Gong Da Jar file download RuleID : 27701 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-10 | Kore exploit kit successful Java exploit RuleID : 27697 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-10 | Kore exploit kit landing page RuleID : 27696 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-10 | Kore exploit kit landing page RuleID : 27695 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Oracle Java IntegerInterleavedRaster integer overflow attempt RuleID : 27692 - Revision : 9 - Type : FILE-JAVA |
| 2014-01-10 | Oracle Java IntegerInterleavedRaster integer overflow attempt RuleID : 27691 - Revision : 9 - Type : FILE-JAVA |
| 2014-01-10 | Oracle Java 2D ImagingLib AffineTransformOp storeImageArray memory corruption... RuleID : 27677 - Revision : 8 - Type : FILE-JAVA |
| 2014-01-10 | Oracle Java 2D ImagingLib AffineTransformOp storeImageArray memory corruption... RuleID : 27676 - Revision : 9 - Type : FILE-JAVA |
| 2014-01-10 | Oracle Java 2D ImagingLib AffineTransformOp storeImageArray memory corruption... RuleID : 27675 - Revision : 8 - Type : FILE-JAVA |
| 2014-01-10 | Oracle Java 2D ImagingLib AffineTransformOp storeImageArray memory corruption... RuleID : 27674 - Revision : 9 - Type : FILE-JAVA |
| 2014-01-10 | Oracle Java 2D ImagingLib AffineTransformOp storeImageArray memory corruption... RuleID : 27673 - Revision : 8 - Type : FILE-JAVA |
| 2014-01-10 | Oracle Java 2D ImagingLib AffineTransformOp storeImageArray memory corruption... RuleID : 27672 - Revision : 9 - Type : FILE-JAVA |
| 2014-01-10 | Oracle Java 2D ImagingLib AffineTransformOp storeImageArray memory corruption... RuleID : 27622 - Revision : 10 - Type : FILE-JAVA |
| 2014-01-10 | Oracle Java 2D ImagingLib AffineTransformOp storeImageArray memory corruption... RuleID : 27621 - Revision : 10 - Type : FILE-JAVA |
| 2014-01-10 | iFramer toolkit injected iframe detected - specific structure RuleID : 27271 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Oracle Java Applet ProviderSkeleton sandbox bypass attempt RuleID : 27191 - Revision : 6 - Type : FILE-JAVA |
| 2014-01-10 | Oracle Java Applet ProviderSkeleton sandbox bypass attempt RuleID : 27190 - Revision : 8 - Type : FILE-JAVA |
| 2014-01-10 | Oracle Java Applet ProviderSkeleton sandbox bypass attempt RuleID : 27189 - Revision : 7 - Type : FILE-JAVA |
| 2014-01-10 | Oracle Java Applet ProviderSkeleton sandbox bypass attempt RuleID : 27188 - Revision : 8 - Type : FILE-JAVA |
| 2014-01-10 | Private exploit kit outbound traffic RuleID : 27144-community - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Private exploit kit outbound traffic RuleID : 27144 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Private exploit kit landing page RuleID : 27143 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Private exploit kit landing page RuleID : 27142 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Private exploit kit landing page RuleID : 27141 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Private exploit kit numerically named exe file dowload RuleID : 27140 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | DotkaChef/Rmayana/DotCache exploit kit Zeroaccess download attempt RuleID : 27113-community - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | DotkaChef/Rmayana/DotCache exploit kit Zeroaccess download attempt RuleID : 27113 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Nailed exploit kit rhino remote code execution exploit download - autopwn RuleID : 27084 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-10 | Oracle Java Applet disable security manager attempt RuleID : 27077 - Revision : 6 - Type : FILE-JAVA |
| 2014-01-10 | Oracle Java Applet disable security manager attempt RuleID : 27076 - Revision : 8 - Type : FILE-JAVA |
| 2014-01-10 | Blackhole exploit kit landing page retrieval RuleID : 27072 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole exploit kit landing page retrieval RuleID : 27071 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackholev2 exploit kit JNLP request RuleID : 27070 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackholev2 exploit kit landing page - specific structure RuleID : 27067 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Styx exploit kit plugin detection connection jovf RuleID : 27042-community - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Styx exploit kit plugin detection connection jovf RuleID : 27042 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Styx exploit kit plugin detection connection jlnp RuleID : 27041-community - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Styx exploit kit plugin detection connection jlnp RuleID : 27041 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Styx exploit kit plugin detection connection jorg RuleID : 27040-community - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Styx exploit kit plugin detection connection jorg RuleID : 27040 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Oracle Javadoc generated frame replacement attempt RuleID : 26994 - Revision : 4 - Type : BROWSER-PLUGINS |
| 2014-01-10 | DotkaChef/Rmayana/DotCache exploit kit Zeroaccess download attempt RuleID : 26950-community - Revision : 9 - Type : EXPLOIT-KIT |
| 2014-01-10 | DotkaChef/Rmayana/DotCache exploit kit Zeroaccess download attempt RuleID : 26950 - Revision : 10 - Type : EXPLOIT-KIT |
| 2014-01-10 | DotkaChef/Rmayana/DotCache exploit kit inbound java exploit download RuleID : 26948-community - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | DotkaChef/Rmayana/DotCache exploit kit inbound java exploit download RuleID : 26948 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | DotkaChef/Rmayana/DotCache exploit kit inbound java exploit download RuleID : 26947-community - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | DotkaChef/Rmayana/DotCache exploit kit inbound java exploit download RuleID : 26947 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Java Applet sql.DriverManager exploit attempt RuleID : 26901 - Revision : 7 - Type : BROWSER-PLUGINS |
| 2014-01-10 | Java Applet sql.DriverManager exploit attempt RuleID : 26900 - Revision : 5 - Type : BROWSER-PLUGINS |
| 2014-01-10 | Java Applet sql.DriverManager fakedriver exploit attempt RuleID : 26899 - Revision : 5 - Type : BROWSER-PLUGINS |
| 2014-01-10 | Java Applet sql.DriverManager fakedriver exploit attempt RuleID : 26898 - Revision : 5 - Type : BROWSER-PLUGINS |
| 2014-01-10 | Sweet Orange exploit kit landing page in.php base64 uri RuleID : 26834-community - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Sweet Orange exploit kit landing page in.php base64 uri RuleID : 26834 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Goon/Infinity/Redkit exploit kit short jar request RuleID : 26808 - Revision : 11 - Type : EXPLOIT-KIT |
| 2014-01-10 | Redkit exploit kit landing page RuleID : 26807 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-10 | Redkit exploit kit short JNLP request RuleID : 26806 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Redkit exploit kit encrypted binary download RuleID : 26805 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-10 | Sweet Orange exploit kit landing page RuleID : 26804 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Multiple exploit kit landing page - specific structure RuleID : 26653 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | iFramer injection - specific structure RuleID : 26617 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Impact/Stamp exploit kit landing page RuleID : 26600 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-10 | Impact/Stamp exploit kit landing page RuleID : 26599 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-10 | Oracle Java runtime JMX findclass sandbox breach attempt RuleID : 26588 - Revision : 9 - Type : FILE-JAVA |
| 2014-01-10 | Oracle Java runtime JMX findclass sandbox breach attempt RuleID : 26587 - Revision : 9 - Type : FILE-JAVA |
| 2014-01-10 | Oracle Java JRE reflection types public final field overwrite attempt RuleID : 26552 - Revision : 4 - Type : FILE-JAVA |
| 2014-01-10 | Oracle Java JRE reflection types public final field overwrite attempt RuleID : 26551 - Revision : 4 - Type : FILE-JAVA |
| 2014-01-10 | Oracle Java JRE reflection types public final field overwrite attempt RuleID : 26550 - Revision : 5 - Type : FILE-JAVA |
| 2014-01-10 | Oracle Java JRE reflection types public final field overwrite attempt RuleID : 26549 - Revision : 5 - Type : FILE-JAVA |
| 2014-01-10 | Multiple exploit kit successful redirection - jnlp bypass RuleID : 26541 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | iFramer injection - specific structure RuleID : 26540 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Sakura exploit kit pdf download detection RuleID : 26539 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-10 | Sakura exploit kit landing page received RuleID : 26538 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-10 | Sakura exploit kit jar download detection RuleID : 26537 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-10 | Stamp exploit kit landing page RuleID : 26536 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Multiple exploit kit landing page - specific structure RuleID : 26535 - Revision : 6 - Type : EXPLOIT-KIT |
| 2018-06-15 | Stamp exploit kit portable executable download RuleID : 26534-community - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Stamp exploit kit portable executable download RuleID : 26534 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Portable Executable downloaded with bad DOS stub RuleID : 26526-community - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Portable Executable downloaded with bad DOS stub RuleID : 26526 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit java payload detection RuleID : 26512 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Sakura exploit kit redirection structure RuleID : 26511 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit pdf payload detection RuleID : 26510 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Multiple exploit kit java payload detection RuleID : 26509 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Multiple exploit kit Payload detection - info.dll RuleID : 26508 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit landing page - specific structure RuleID : 26507 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit jar file redirection RuleID : 26506 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Oracle Java JRE reflection types public final field overwrite attempt RuleID : 26500 - Revision : 4 - Type : FILE-JAVA |
| 2014-01-10 | Oracle Java JRE reflection types public final field overwrite attempt RuleID : 26499 - Revision : 5 - Type : FILE-JAVA |
| 2014-01-10 | Oracle Java JRE reflection types public final field overwrite attempt RuleID : 26487 - Revision : 4 - Type : FILE-JAVA |
| 2014-01-10 | Oracle Java JRE reflection types public final field overwrite attempt RuleID : 26486 - Revision : 5 - Type : FILE-JAVA |
| 2014-01-10 | Oracle Java JRE reflection types public final field overwrite attempt RuleID : 26485 - Revision : 5 - Type : FILE-JAVA |
| 2014-01-10 | Oracle Java JRE reflection types public final field overwrite attempt RuleID : 26484 - Revision : 6 - Type : FILE-JAVA |
| 2014-01-10 | Blackholev2 exploit kit jar file downloaded RuleID : 26434 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Redkit exploit kit landing page RuleID : 26384 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Redkit exploit kit landing page RuleID : 26383 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Redkit exploit kit java exploit request RuleID : 26377 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Redkit exploit kit landing page redirection RuleID : 26351 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | TDS redirection - may lead to exploit kit RuleID : 26350 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Redkit exploit kit obfuscated portable executable RuleID : 26349 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Redkit exploit kit java exploit delivery RuleID : 26348 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Redkit exploit kit java exploit request RuleID : 26347 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-10 | Redkit exploit kit payload requested RuleID : 26346 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Redkit exploit kit landing page RuleID : 26345 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Redkit exploit kit landing page redirection RuleID : 26344 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Nuclear exploit kit landing page RuleID : 26343 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Nuclear exploit kit landing page - specific structure RuleID : 26342 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Nuclear exploit kit landing page RuleID : 26341 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole exploit kit landing page retrieval - ff.php RuleID : 26339 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | IFRAMEr injection detection - leads to exploit kit RuleID : 26338 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole exploit kit landing page - specific structure RuleID : 26337 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Styx exploit kit redirection page RuleID : 26297 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Styx exploit kit landing page RuleID : 26296 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Watering Hole Campaign applet download RuleID : 26295 - Revision : 6 - Type : FILE-OTHER |
| 2014-01-10 | Cool exploit kit malicious jar download RuleID : 26256 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit redirection page RuleID : 26254 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole exploit kit landing page RuleID : 26253 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Impact exploit kit landing page RuleID : 26252 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Sweet Orange exploit kit landing page RuleID : 26233 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Sweet Orange exploit kit landing page RuleID : 26232 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit MyApplet class retrieval RuleID : 26229 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit redirection page RuleID : 26228 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole exploit kit landing page retrieval RuleID : 26227 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Crimeboss exploit kit redirection attempt RuleID : 26226 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-10 | Oracle Java 2D ImagingLib ConvolveOp integer overflow attempt RuleID : 26200 - Revision : 8 - Type : FILE-JAVA |
| 2014-01-10 | Oracle Java 2D ImagingLib LookupOp integer overflow attempt RuleID : 26199 - Revision : 8 - Type : FILE-JAVA |
| 2014-01-10 | Oracle Java 2D ImagingLib AffineTransformOp integer overflow attempt RuleID : 26198 - Revision : 8 - Type : FILE-JAVA |
| 2014-01-10 | Oracle Java 2D ImagingLib ConvolveOp integer overflow attempt RuleID : 26197 - Revision : 7 - Type : FILE-JAVA |
| 2014-01-10 | Oracle Java 2D ImagingLib LookupOp integer overflow attempt RuleID : 26196 - Revision : 7 - Type : FILE-JAVA |
| 2014-01-10 | Oracle Java 2D ImagingLib AffineTransformOp integer overflow attempt RuleID : 26195 - Revision : 7 - Type : FILE-JAVA |
| 2014-01-10 | Oracle Java Gmbal package sandbox breach attempt RuleID : 26186 - Revision : 7 - Type : FILE-JAVA |
| 2014-01-10 | Oracle Java Gmbal package sandbox breach attempt RuleID : 26185 - Revision : 7 - Type : FILE-JAVA |
| 2014-01-10 | Neutrino exploit kit redirection page RuleID : 26100 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Neutrino exploit kit redirection page RuleID : 26099 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Neutrino exploit kit Java archive transfer RuleID : 26098 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Neutrino exploit kit Java archive transfer RuleID : 26097 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Neutrino exploit kit landing page RuleID : 26096 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Neutrino exploit kit landing page RuleID : 26095 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Sweet Orange exploit kit landing page RuleID : 26094 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit landing page RuleID : 26091 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Styx exploit kit landing page RuleID : 26090 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit Portable Executable download RuleID : 26056 - Revision : 7 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit malicious class file download RuleID : 26055 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit malicious class file download RuleID : 26054 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit malicious class file download RuleID : 26053 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit malicious class file download RuleID : 26052 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit malicious jar file download RuleID : 26051 - Revision : 7 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit SWF file download RuleID : 26050 - Revision : 7 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit EOT file download RuleID : 26049 - Revision : 7 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit PDF exploit RuleID : 26048 - Revision : 8 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit redirection structure RuleID : 26047 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit landing page RuleID : 26046 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackholev2 exploit kit iframe redirection attempt RuleID : 26033 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackholev2 exploit kit landing page RuleID : 26031 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Known malicious jar archive download attempt RuleID : 26030 - Revision : 3 - Type : FILE-OTHER |
| 2014-01-10 | Java user-agent request to svchost.jpg RuleID : 26025 - Revision : 3 - Type : INDICATOR-COMPROMISE |
| 2014-01-10 | Gong Da exploit kit redirection page received RuleID : 26013 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Redkit exploit kit landing page RuleID : 25989 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Redkit exploit kit landing page RuleID : 25988 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Redkit exploit kit redirection RuleID : 25971 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit Portable Executable download RuleID : 25968 - Revision : 7 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit malicious class file download RuleID : 25967 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit malicious class file download RuleID : 25966 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit malicious class file download RuleID : 25965 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit malicious class file download RuleID : 25964 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit SWF file download RuleID : 25963 - Revision : 7 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit EOT file download RuleID : 25962 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit former location - has been removed RuleID : 25960 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit malicious class file download RuleID : 25959 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit malicious class file download RuleID : 25958 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit malicious class file download RuleID : 25957 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit malicious class file download RuleID : 25956 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit malicious jar file download RuleID : 25955 - Revision : 7 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit SWF file download RuleID : 25954 - Revision : 8 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit landing page RuleID : 25953 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit landing page RuleID : 25952 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit EOT file download RuleID : 25951 - Revision : 7 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit PDF exploit RuleID : 25950 - Revision : 8 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit java exploit retrieval RuleID : 25862 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit java exploit retrieval RuleID : 25861 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit landing page RuleID : 25860 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit malicious jar file download RuleID : 25859 - Revision : 8 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit Java exploit download RuleID : 25858 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit PDF exploit RuleID : 25857 - Revision : 9 - Type : EXPLOIT-KIT |
| 2014-01-10 | Oracle Java malicious class download attempt RuleID : 25833 - Revision : 6 - Type : FILE-JAVA |
| 2014-01-10 | Oracle Java JMX class arbitrary code execution attempt RuleID : 25832 - Revision : 7 - Type : FILE-JAVA |
| 2014-01-10 | Oracle Java malicious class download attempt RuleID : 25830 - Revision : 12 - Type : FILE-JAVA |
| 2014-01-10 | SSLv3 plaintext recovery attempt RuleID : 25828 - Revision : 4 - Type : SERVER-OTHER |
| 2014-01-10 | TLSv1.2 plaintext recovery attempt RuleID : 25827 - Revision : 4 - Type : SERVER-OTHER |
| 2014-01-10 | TLSv1.1 plaintext recovery attempt RuleID : 25826 - Revision : 4 - Type : SERVER-OTHER |
| 2014-01-10 | TLSv1.0 plaintext recovery attempt RuleID : 25825 - Revision : 4 - Type : SERVER-OTHER |
| 2014-01-10 | Fiesta exploit kit landing page detection - specific-structure RuleID : 25808 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Whitehole exploit kit landing page RuleID : 25806 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Whitehole exploit kit Java exploit retrieval RuleID : 25805 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Whitehole exploit kit malicious jar download attempt RuleID : 25804 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Stamp exploit kit encoded portable executable request RuleID : 25802 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Stamp exploit kit jar file request RuleID : 25801 - Revision : 10 - Type : EXPLOIT-KIT |
| 2014-01-10 | Stamp exploit kit Javascript request RuleID : 25800 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Stamp exploit kit pdf request RuleID : 25799 - Revision : 11 - Type : EXPLOIT-KIT |
| 2014-01-10 | Multiple exploit kit 32-alpha jar request RuleID : 25798 - Revision : 10 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackholev2 exploit kit redirection successful RuleID : 25611 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit EOT file download RuleID : 25598 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit EOT file download RuleID : 25597 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit EOT file download RuleID : 25596 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit java exploit retrieval RuleID : 25595 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit java exploit retrieval RuleID : 25594 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit java exploit retrieval RuleID : 25593 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole exploit kit landing page - specific structure RuleID : 25591 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackholev2 exploit kit landing page - specific structure RuleID : 25590 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool Exploit Kit SWF file download RuleID : 25576 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool Exploit Kit SWF file download RuleID : 25575 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool Exploit Kit SWF file download RuleID : 25574 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool Exploit Kit SWF file download RuleID : 25573 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackholev2 exploit kit landing page RuleID : 25569 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole exploit kit landing page retrieval RuleID : 25568 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Red Dot executable retrieval attempt RuleID : 25540 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-10 | Red Dot java retrieval attempt RuleID : 25539 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Red Dot landing page RuleID : 25538 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-10 | Multiple Exploit Kit Payload detection - setup.exe RuleID : 25526 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit java exploit retrieval RuleID : 25510 - Revision : 9 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit pdf exploit retrieval RuleID : 25509 - Revision : 9 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit java exploit retrieval RuleID : 25508 - Revision : 9 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit pdf exploit retrieval RuleID : 25507 - Revision : 9 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit EOT file download RuleID : 25506 - Revision : 7 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit EOT file download RuleID : 25505 - Revision : 8 - Type : EXPLOIT-KIT |
| 2014-01-10 | Oracle Java JMX class arbitrary code execution attempt RuleID : 25472 - Revision : 12 - Type : FILE-JAVA |
| 2014-01-10 | Oracle Java Rhino script engine remote code execution attempt RuleID : 25392 - Revision : 8 - Type : FILE-JAVA |
| 2014-01-10 | Sweet Orange exploit kit obfuscated payload download RuleID : 25391 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Sweet Orange exploit kit landing page - specific structure RuleID : 25390 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-10 | Sweet Orange exploit kit landing page - specific structure RuleID : 25389 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackholev2 exploit kit redirection successful RuleID : 25388 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Multiple exploit kit Payload detection - readme.exe RuleID : 25387 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Multiple exploit kit Payload detection - about.exe RuleID : 25386 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Multiple exploit kit Payload detection - calc.exe RuleID : 25385 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Multiple exploit kit Payload detection - contacts.exe RuleID : 25384 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Multiple exploit kit Payload detection - info.exe RuleID : 25383 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Multiple exploit kit malicious jar file dropped RuleID : 25382 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit java exploit retrieval RuleID : 25328 - Revision : 9 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit pdf exploit retrieval RuleID : 25327 - Revision : 9 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit java exploit retrieval RuleID : 25326 - Revision : 10 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit pdf exploit retrieval RuleID : 25325 - Revision : 9 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit landing page detected RuleID : 25324 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit EOT file download RuleID : 25323 - Revision : 10 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit EOT file download RuleID : 25322 - Revision : 9 - Type : EXPLOIT-KIT |
| 2014-01-10 | Redkit exploit kit redirection attempt RuleID : 25255 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Styx exploit kit portable executable download request RuleID : 25140 - Revision : 7 - Type : EXPLOIT-KIT |
| 2014-01-10 | Styx exploit kit eot outbound connection RuleID : 25139 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Styx exploit kit pdf outbound connection RuleID : 25138 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Styx exploit kit jar outbound connection RuleID : 25137 - Revision : 9 - Type : EXPLOIT-KIT |
| 2014-01-10 | Styx exploit kit plugin detection connection RuleID : 25136 - Revision : 8 - Type : EXPLOIT-KIT |
| 2014-01-10 | Styx Exploit Kit outbound connection RuleID : 25135 - Revision : 9 - Type : EXPLOIT-KIT |
| 2014-01-10 | Oracle Java field bytecode verifier cache code execution attempt RuleID : 25123 - Revision : 10 - Type : FILE-JAVA |
| 2014-01-10 | Oracle Java field bytecode verifier cache code execution attempt RuleID : 25122 - Revision : 9 - Type : FILE-JAVA |
| 2014-01-10 | Oracle Java field bytecode verifier cache code execution attempt RuleID : 25121 - Revision : 5 - Type : FILE-JAVA |
| 2014-01-10 | Cool exploit kit 32-bit font file download RuleID : 25056 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit 64-bit font file download RuleID : 25055 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit requesting payload RuleID : 25045 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Sweet Orange exploit kit landing page - specific structure RuleID : 25044 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackholev2 exploit kit url structure detected RuleID : 25043 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Java User-Agent downloading Portable Executable - Possible exploit kit RuleID : 25042 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Oracle Java Applet remote code execution attempt RuleID : 24993 - Revision : 9 - Type : FILE-JAVA |
| 2014-01-10 | Nuclear exploit kit landing page detected RuleID : 24888 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackholev2 exploit kit landing page in an email RuleID : 24865 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackholev2 exploit kit landing page - specific-structure RuleID : 24864 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackholev2 exploit kit landing page in an email RuleID : 24863 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackholev2 exploit kit landing page - specific-structure RuleID : 24862 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackholev2 exploit kit landing page in an email RuleID : 24861 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackholev2 exploit kit landing page - specific-structure RuleID : 24860 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Sibhost exploit kit outbound JAR download attempt RuleID : 24841 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Sweet Orange exploit kit landing page - JAR redirection RuleID : 24840 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Sweet Orange exploit kit landing page - specific structure RuleID : 24839 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Sweet Orange User-Agent - contype RuleID : 24838 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-10 | Sweet Orange initial landing page RuleID : 24837 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | KaiXin exploit kit Java Class download RuleID : 24793 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit 64-bit font file download RuleID : 24784 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit 32-bit font file download RuleID : 24783 - Revision : 7 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit outbound request RuleID : 24782 - Revision : 7 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit outbound request RuleID : 24781 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit - PDF Exploit RuleID : 24780 - Revision : 9 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit - PDF Exploit RuleID : 24779 - Revision : 8 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit landing page - Title RuleID : 24778 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | KaiXin exploit kit attack vector attempt RuleID : 24670 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | KaiXin exploit kit attack vector attempt RuleID : 24669 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | KaiXin exploit kit attack vector attempt RuleID : 24668 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | KaiXin exploit kit attack vector attempt RuleID : 24667 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackholev2 exploit kit redirection successful RuleID : 24638 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackholev2 exploit kit redirection page - specific structure RuleID : 24637 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackholev2 exploit kit redirection page - specific structure RuleID : 24636 - Revision : 7 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackholev2 exploit kit landing page download attempt RuleID : 24608 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackholev2 exploit kit landing page received - specific structure RuleID : 24593 - Revision : 7 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole exploit kit landing page download attempt RuleID : 24548 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole exploit kit landing page download attempt RuleID : 24547 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackholev2 exploit kit landing page download attempt RuleID : 24546 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole admin page outbound access attempt RuleID : 24544 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole admin page inbound access attempt RuleID : 24543 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackholev2 exploit kit fallback executable download RuleID : 24501 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole - Cookie Set RuleID : 24475 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Crimeboss exploit kit outbound connection RuleID : 24234 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Crimeboss exploit kit outbound connection RuleID : 24233 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Crimeboss exploit kit outbound connection RuleID : 24232 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Crimeboss exploit kit redirection attempt RuleID : 24231 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackholev2 exploit kit landing page Received RuleID : 24228 - Revision : 7 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackholev2 - URI Structure RuleID : 24227 - Revision : 9 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackholev2 exploit kit landing page received RuleID : 24226 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Oracle Java field bytecode verifier cache code execution attempt RuleID : 24202 - Revision : 10 - Type : FILE-JAVA |
| 2014-01-10 | Oracle Java field bytecode verifier cache code execution attempt RuleID : 24201 - Revision : 9 - Type : FILE-JAVA |
| 2014-01-10 | Blackhole possible email Landing to 8 chr folder RuleID : 24171 - Revision : 8 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole exploit kit landing page with specific structure RuleID : 24054 - Revision : 10 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole exploit kit landing page with specific structure RuleID : 24053 - Revision : 7 - Type : EXPLOIT-KIT |
| 2014-01-10 | Oracle Java privileged protection domain exploitation attempt RuleID : 24026 - Revision : 16 - Type : FILE-JAVA |
| 2014-01-10 | Blackhole exploit kit landing page with specific structure - fewbgazr catch RuleID : 23962 - Revision : 7 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole exploit kit landing page with specific structure - hwehes RuleID : 23850 - Revision : 7 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole redirection attempt RuleID : 23849 - Revision : 8 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole redirection attempt RuleID : 23848 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole redirection page RuleID : 23797 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole exploit kit landing page with specific structure - Math.round catch RuleID : 23786 - Revision : 9 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole exploit kit landing page with specific structure - Math.floor catch RuleID : 23785 - Revision : 9 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole exploit kit landing page RuleID : 23781 - Revision : 7 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole exploit kit landing page request - tkr RuleID : 23622 - Revision : 7 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole exploit kit landing page with specific structure - prototype catch ... RuleID : 23619 - Revision : 7 - Type : EXPLOIT-KIT |
| 2014-01-10 | Oracle Java Zip file directory record overflow attempt RuleID : 23560 - Revision : 8 - Type : FILE-JAVA |
| 2014-01-10 | Oracle Java field bytecode verifier cache code execution attempt RuleID : 23277 - Revision : 9 - Type : FILE-JAVA |
| 2014-01-10 | Oracle Java field bytecode verifier cache code execution attempt RuleID : 23276 - Revision : 9 - Type : FILE-JAVA |
| 2014-01-10 | Oracle Java field bytecode verifier cache code execution attempt RuleID : 23275 - Revision : 9 - Type : FILE-JAVA |
| 2014-01-10 | Oracle Java field bytecode verifier cache code execution attempt RuleID : 23274 - Revision : 9 - Type : FILE-JAVA |
| 2014-01-10 | Oracle Java field bytecode verifier cache code execution attempt RuleID : 23273 - Revision : 11 - Type : FILE-JAVA |
| 2014-01-10 | Oracle Java Zip file directory record overflow attempt RuleID : 23243 - Revision : 13 - Type : FILE-JAVA |
| 2014-01-10 | Redkit exploit kit landing page Received - applet and flowbit RuleID : 23225 - Revision : 7 - Type : EXPLOIT-KIT |
| 2014-01-10 | Redkit exploit kit landing page Requested - 8Digit.html RuleID : 23224 - Revision : 13 - Type : EXPLOIT-KIT |
| 2014-01-10 | Redkit exploit kit landing page Received - applet and code RuleID : 23223 - Revision : 8 - Type : EXPLOIT-KIT |
| 2014-01-10 | Redkit exploit kit landing page Received - applet and 5 digit jar attempt RuleID : 23222 - Revision : 10 - Type : EXPLOIT-KIT |
| 2014-01-10 | Redkit Jar File Naming Algorithm RuleID : 23221 - Revision : 8 - Type : EXPLOIT-KIT |
| 2014-01-10 | Redkit exploit kit Java Exploit Requested - 5 digit jar RuleID : 23220 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Redkit exploit kit Java Exploit request to .class file RuleID : 23219 - Revision : 7 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole exploit kit landing page download attempt RuleID : 23159 - Revision : 9 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole exploit kit landing page with specific structure - prototype catch RuleID : 23158 - Revision : 7 - Type : EXPLOIT-KIT |
| 2014-01-10 | Nuclear Pack exploit kit binary download RuleID : 23157 - Revision : 10 - Type : EXPLOIT-KIT |
| 2014-01-10 | Nuclear Pack exploit kit landing page RuleID : 23156 - Revision : 11 - Type : EXPLOIT-KIT |
| 2014-01-10 | Oracle Java Rhino script engine remote code execution attempt RuleID : 23008 - Revision : 9 - Type : FILE-JAVA |
| 2014-01-10 | Blackhole redirection attempt RuleID : 22949 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole Exploit Kit javascript service method RuleID : 22088 - Revision : 12 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole landing redirection page RuleID : 22041 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole suspected landing page RuleID : 22040 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole suspected landing page RuleID : 22039 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole exploit landing page with specific structure - Loading RuleID : 21876 - Revision : 8 - Type : EXPLOIT-KIT |
| 2014-01-10 | Possible exploit kit post compromise activity - taskkill RuleID : 21875 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Possible exploit kit post compromise activity - StrReverse RuleID : 21874 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Phoenix exploit kit post-compromise behavior RuleID : 21860 - Revision : 5 - Type : MALWARE-CNC |
| 2014-01-10 | Java exploit kit iframe drive by attempt RuleID : 21668 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole exploit kit landing page with specific structure - catch RuleID : 21661 - Revision : 8 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole exploit kit landing page Requested - /Index/index.php RuleID : 21660 - Revision : 8 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole exploit kit landing page Requested - /Home/index.php RuleID : 21659 - Revision : 7 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole exploit kit landing page RuleID : 21658 - Revision : 7 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole exploit kit landing page - specific structure RuleID : 21657 - Revision : 7 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole exploit kit landing page with specific structure - prototype catch RuleID : 21646-community - Revision : 16 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole exploit kit landing page with specific structure - prototype catch RuleID : 21646 - Revision : 16 - Type : EXPLOIT-KIT |
| 2014-01-10 | Phoenix exploit kit landing page RuleID : 21640 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole exploit kit landing page with specific structure - BBB RuleID : 21581 - Revision : 9 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole exploit kit landing page with specific header RuleID : 21549 - Revision : 8 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole exploit kit landing page with specific header RuleID : 21539 - Revision : 8 - Type : EXPLOIT-KIT |
| 2014-01-10 | Sakura exploit kit rhino jar request RuleID : 21509 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole exploit kit landing page with specific structure - prototype catch RuleID : 21492-community - Revision : 22 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole exploit kit landing page with specific structure - prototype catch RuleID : 21492 - Revision : 22 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole exploit kit JavaScript carat string splitting with hostile applet RuleID : 21438-community - Revision : 7 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole exploit kit JavaScript carat string splitting with hostile applet RuleID : 21438 - Revision : 7 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole exploit kit URL - search.php?page= RuleID : 21348 - Revision : 8 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole exploit kit URL - .php?page= RuleID : 21347 - Revision : 12 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole exploit kit malicious jar download RuleID : 21346 - Revision : 7 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole exploit kit malicious jar request RuleID : 21345 - Revision : 9 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole exploit kit pdf download RuleID : 21344 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole exploit kit pdf request RuleID : 21343 - Revision : 7 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole exploit kit response RuleID : 21259 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole exploit kit control panel access RuleID : 21141 - Revision : 7 - Type : EXPLOIT-KIT |
| 2014-01-10 | Eleanore exploit kit post-exploit page request RuleID : 21071 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Eleanore exploit kit pdf exploit page request RuleID : 21070 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Eleanore exploit kit exploit fetch request RuleID : 21069 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Eleanore exploit kit landing page RuleID : 21068 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Java Applet Rhino script engine remote code execution attempt RuleID : 21057 - Revision : 9 - Type : FILE-OTHER |
| 2014-01-10 | Blackhole exploit kit landing page RuleID : 21045 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole exploit kit landing page RuleID : 21044 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole exploit kit post-compromise download attempt - .php?e= RuleID : 21043 - Revision : 10 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole exploit kit post-compromise download attempt - .php?f= RuleID : 21042 - Revision : 11 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole exploit kit URL - main.php?page= RuleID : 21041 - Revision : 12 - Type : EXPLOIT-KIT |
| 2014-01-10 | Yang Pack yg.htm landing page RuleID : 21006 - Revision : 5 - Type : MALWARE-CNC |
| 2014-01-10 | Oracle Java Applet Rhino script engine remote code execution attempt RuleID : 20831 - Revision : 12 - Type : FILE-JAVA |
| 2014-01-10 | Oracle Java Applet remote code execution attempt RuleID : 20622 - Revision : 18 - Type : FILE-JAVA |
| 2014-01-10 | SSL CBC encryption mode weakness brute force attempt RuleID : 20212 - Revision : 11 - Type : SERVER-OTHER |
| 2014-01-10 | Java floating point number denial of service - via POST RuleID : 18471 - Revision : 8 - Type : SERVER-WEBAPP |
| 2014-01-10 | Java floating point number denial of service - via URI RuleID : 18470 - Revision : 9 - Type : SERVER-WEBAPP |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2018-09-27 | Name : The remote Debian host is missing a security update. File : debian_DLA-1518.nasl - Type : ACT_GATHER_INFO |
| 2018-04-03 | Name : The remote web server may allow remote code execution. File : iis_7_pci.nasl - Type : ACT_GATHER_INFO |
| 2018-03-09 | Name : The remote web server is affected by multiple vulnerabilities. File : nginx_0_7_64.nasl - Type : ACT_GATHER_INFO |
| 2017-11-17 | Name : The remote host is affected by a MITM vulnerability. File : fortios_FG-IR-17-137.nasl - Type : ACT_GATHER_INFO |
| 2017-04-12 | Name : An application installed on the remote macOS or Mac OS X host is affected by ... File : macosx_ms17-04-4019460_mono.nasl - Type : ACT_GATHER_INFO |
| 2017-04-12 | Name : The remote Windows host is affected by an information disclosure vulnerability. File : smb_nt_ms17_apr_4015383.nasl - Type : ACT_GATHER_INFO |
| 2017-04-12 | Name : The remote Windows host is affected by multiple vulnerabilities. File : smb_nt_ms17_apr_4015549.nasl - Type : ACT_GATHER_INFO |
| 2017-04-12 | Name : The remote Windows host is affected by multiple vulnerabilities. File : smb_nt_ms17_apr_4015550.nasl - Type : ACT_GATHER_INFO |
| 2017-04-11 | Name : The remote Windows host is affected by multiple vulnerabilities. File : smb_nt_ms17-apr_4015551.nasl - Type : ACT_GATHER_INFO |
| 2017-04-11 | Name : The remote Windows host is affected by multiple vulnerabilities. File : smb_nt_ms17_apr_4015217.nasl - Type : ACT_GATHER_INFO |
| 2017-04-11 | Name : The remote Windows host is affected by multiple vulnerabilities. File : smb_nt_ms17_apr_4015219.nasl - Type : ACT_GATHER_INFO |
| 2017-04-11 | Name : The remote Windows host is affected by multiple vulnerabilities. File : smb_nt_ms17_apr_4015221.nasl - Type : ACT_GATHER_INFO |
| 2017-04-11 | Name : The remote Windows host is affected by multiple vulnerabilities. File : smb_nt_ms17_apr_4015583.nasl - Type : ACT_GATHER_INFO |
| 2017-04-11 | Name : A web application framework running on the remote host is affected by an info... File : smb_nt_ms17_apr_4017094.nasl - Type : ACT_GATHER_INFO |
| 2016-11-21 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL93600123.nasl - Type : ACT_GATHER_INFO |
| 2016-06-23 | Name : The remote device is affected by multiple vulnerabilities. File : juniper_space_jsa10698.nasl - Type : ACT_GATHER_INFO |
| 2016-06-10 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL48802597.nasl - Type : ACT_GATHER_INFO |
| 2016-06-06 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201606-03.nasl - Type : ACT_GATHER_INFO |
| 2016-05-24 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL59503294.nasl - Type : ACT_GATHER_INFO |
| 2016-03-08 | Name : The remote VMware ESX host is missing a security-related patch. File : vmware_VMSA-2010-0015_remote.nasl - Type : ACT_GATHER_INFO |
| 2016-03-08 | Name : The remote VMware ESX host is missing a security-related patch. File : vmware_VMSA-2010-0019_remote.nasl - Type : ACT_GATHER_INFO |
| 2016-03-04 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2016-294.nasl - Type : ACT_GATHER_INFO |
| 2016-03-04 | Name : The remote VMware ESX / ESXi host is missing a security-related patch. File : vmware_VMSA-2011-0003_remote.nasl - Type : ACT_GATHER_INFO |
| 2016-03-04 | Name : The remote VMware ESX / ESXi host is missing a security-related patch. File : vmware_VMSA-2011-0013_remote.nasl - Type : ACT_GATHER_INFO |
| 2016-03-04 | Name : The remote VMware ESX / ESXi host is missing a security-related patch. File : vmware_esx_VMSA-2013-0003_remote.nasl - Type : ACT_GATHER_INFO |
| 2016-03-04 | Name : The remote VMware ESX / ESXi host is missing a security-related patch. File : vmware_esx_VMSA-2013-0009_remote.nasl - Type : ACT_GATHER_INFO |
| 2016-03-04 | Name : The remote VMware ESX / ESXi host is missing a security-related patch. File : vmware_esx_VMSA-2013-0012_remote.nasl - Type : ACT_GATHER_INFO |
| 2016-03-03 | Name : The remote VMware ESXi / ESX host is missing a security-related patch. File : vmware_VMSA-2012-0005_remote.nasl - Type : ACT_GATHER_INFO |
| 2016-02-12 | Name : A telephony application running on the remote host is affected by multiple vu... File : asterisk_ast_2016_003.nasl - Type : ACT_GATHER_INFO |
| 2016-02-05 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_559f3d1bcb1d11e580a4001999f8d30b.nasl - Type : ACT_GATHER_INFO |
| 2016-01-25 | Name : The remote Debian host is missing a security update. File : debian_DLA-400.nasl - Type : ACT_GATHER_INFO |
| 2015-09-23 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2015-602.nasl - Type : ACT_GATHER_INFO |
| 2015-09-14 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL16872.nasl - Type : ACT_GATHER_INFO |
| 2015-05-20 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2012-1489-1.nasl - Type : ACT_GATHER_INFO |
| 2015-05-20 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2012-1489-2.nasl - Type : ACT_GATHER_INFO |
| 2015-05-20 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2012-1490-1.nasl - Type : ACT_GATHER_INFO |
| 2015-05-20 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2013-1256-1.nasl - Type : ACT_GATHER_INFO |
| 2015-05-20 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2013-1669-1.nasl - Type : ACT_GATHER_INFO |
| 2015-05-20 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2014-0732-1.nasl - Type : ACT_GATHER_INFO |
| 2015-05-15 | Name : The remote Debian host is missing a security update. File : debian_DLA-219.nasl - Type : ACT_GATHER_INFO |
| 2015-05-11 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-3253.nasl - Type : ACT_GATHER_INFO |
| 2015-03-30 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2015-071.nasl - Type : ACT_GATHER_INFO |
| 2015-03-30 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2015-107.nasl - Type : ACT_GATHER_INFO |
| 2015-03-26 | Name : The remote Debian host is missing a security update. File : debian_DLA-154.nasl - Type : ACT_GATHER_INFO |
| 2015-03-17 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-3187.nasl - Type : ACT_GATHER_INFO |
| 2015-03-11 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-2522-3.nasl - Type : ACT_GATHER_INFO |
| 2015-03-09 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-2522-2.nasl - Type : ACT_GATHER_INFO |
| 2015-03-06 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2522-1.nasl - Type : ACT_GATHER_INFO |
| 2015-02-16 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201502-12.nasl - Type : ACT_GATHER_INFO |
| 2015-01-27 | Name : The remote web server is affected by an information disclosure vulnerability. File : oracle_http_server_cpu_jan_2015_ldap.nasl - Type : ACT_GATHER_INFO |
| 2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_fetchmail_20121016.nasl - Type : ACT_GATHER_INFO |
| 2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_gnutls_20130924.nasl - Type : ACT_GATHER_INFO |
| 2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_nss_20140809.nasl - Type : ACT_GATHER_INFO |
| 2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_openssl_20130716.nasl - Type : ACT_GATHER_INFO |
| 2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_python_20130410.nasl - Type : ACT_GATHER_INFO |
| 2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_tomcat_20140522.nasl - Type : ACT_GATHER_INFO |
| 2015-01-13 | Name : The remote host has a library installed that is affected by an information di... File : tivoli_directory_svr_swg21638270.nasl - Type : ACT_GATHER_INFO |
| 2014-12-29 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201412-46.nasl - Type : ACT_GATHER_INFO |
| 2014-12-22 | Name : The remote device is affected by multiple vulnerabilities. File : juniper_space_jsa10627.nasl - Type : ACT_GATHER_INFO |
| 2014-12-22 | Name : The remote device is affected by multiple vulnerabilities. File : juniper_space_jsa10659.nasl - Type : ACT_GATHER_INFO |
| 2014-12-16 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-772.nasl - Type : ACT_GATHER_INFO |
| 2014-12-16 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-773.nasl - Type : ACT_GATHER_INFO |
| 2014-12-12 | Name : The remote VMware ESXi 5.1 host is affected by multiple vulnerabilities. File : vmware_esxi_5_1_build_2323236_remote.nasl - Type : ACT_GATHER_INFO |
| 2014-12-05 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_compat-openssl097g-141202.nasl - Type : ACT_GATHER_INFO |
| 2014-11-26 | Name : The remote OracleVM host is missing a security update. File : oraclevm_OVMSA-2014-0007.nasl - Type : ACT_GATHER_INFO |
| 2014-11-26 | Name : The remote OracleVM host is missing a security update. File : oraclevm_OVMSA-2014-0008.nasl - Type : ACT_GATHER_INFO |
| 2014-11-12 | Name : The remote Fedora host is missing a security update. File : fedora_2014-13777.nasl - Type : ACT_GATHER_INFO |
| 2014-11-11 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1818.nasl - Type : ACT_GATHER_INFO |
| 2014-11-11 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1821.nasl - Type : ACT_GATHER_INFO |
| 2014-11-11 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1822.nasl - Type : ACT_GATHER_INFO |
| 2014-11-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-1080.nasl - Type : ACT_GATHER_INFO |
| 2014-11-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-1332.nasl - Type : ACT_GATHER_INFO |
| 2014-11-08 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2013-0636.nasl - Type : ACT_GATHER_INFO |
| 2014-11-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-1455.nasl - Type : ACT_GATHER_INFO |
| 2014-11-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-1456.nasl - Type : ACT_GATHER_INFO |
| 2014-11-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-1793.nasl - Type : ACT_GATHER_INFO |
| 2014-11-08 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2014-0041.nasl - Type : ACT_GATHER_INFO |
| 2014-11-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0413.nasl - Type : ACT_GATHER_INFO |
| 2014-11-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0414.nasl - Type : ACT_GATHER_INFO |
| 2014-11-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0416.nasl - Type : ACT_GATHER_INFO |
| 2014-11-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0982.nasl - Type : ACT_GATHER_INFO |
| 2014-11-07 | Name : The remote Fedora host is missing a security update. File : fedora_2014-13764.nasl - Type : ACT_GATHER_INFO |
| 2014-11-06 | Name : The remote host has a version of Java installed that is affected by multiple ... File : macosx_java_2014-001.nasl - Type : ACT_GATHER_INFO |
| 2014-11-03 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2014-436.nasl - Type : ACT_GATHER_INFO |
| 2014-10-10 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL10737.nasl - Type : ACT_GATHER_INFO |
| 2014-10-10 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL14190.nasl - Type : ACT_GATHER_INFO |
| 2014-10-10 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL15630.nasl - Type : ACT_GATHER_INFO |
| 2014-10-10 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL15637.nasl - Type : ACT_GATHER_INFO |
| 2014-10-02 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2014-193.nasl - Type : ACT_GATHER_INFO |
| 2014-10-01 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-1319.nasl - Type : ACT_GATHER_INFO |
| 2014-09-30 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-1319.nasl - Type : ACT_GATHER_INFO |
| 2014-09-30 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20140929_xerces_j2_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
| 2014-09-30 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1319.nasl - Type : ACT_GATHER_INFO |
| 2014-09-26 | Name : The remote Fedora host is missing a security update. File : fedora_2014-10626.nasl - Type : ACT_GATHER_INFO |
| 2014-09-26 | Name : The remote Fedora host is missing a security update. File : fedora_2014-10649.nasl - Type : ACT_GATHER_INFO |
| 2014-09-23 | Name : The remote host has software installed that is affected by multiple vulnerabi... File : domino_9_0_1_fp2.nasl - Type : ACT_GATHER_INFO |
| 2014-09-23 | Name : The remote Fedora host is missing a security update. File : fedora_2014-10617.nasl - Type : ACT_GATHER_INFO |
| 2014-09-23 | Name : The remote host has software installed that is affected by multiple vulnerabi... File : ibm_domino_9_0_1_fp2.nasl - Type : ACT_GATHER_INFO |
| 2014-09-23 | Name : The remote host has software installed that is affected by multiple vulnerabi... File : ibm_notes_9_0_1_fp2.nasl - Type : ACT_GATHER_INFO |
| 2014-09-17 | Name : The remote host has an update manager installed that is affected by multiple ... File : vmware_vcenter_update_mgr_vmsa-2014-0008.nasl - Type : ACT_GATHER_INFO |
| 2014-09-17 | Name : The remote host has a virtualization management application installed that is... File : vmware_vcenter_vmsa-2014-0008.nasl - Type : ACT_GATHER_INFO |
| 2014-08-22 | Name : The remote host is affected by multiple vulnerabilities. File : juniper_nsm_jsa10642.nasl - Type : ACT_GATHER_INFO |
| 2014-08-11 | Name : The remote backup service is affected by multiple vulnerabilities. File : ibm_tsm_server_5_5_x.nasl - Type : ACT_GATHER_INFO |
| 2014-08-11 | Name : The remote backup service is affected by multiple vulnerabilities. File : ibm_tsm_server_6_1_x.nasl - Type : ACT_GATHER_INFO |
| 2014-08-11 | Name : The remote backup service is affected by multiple vulnerabilities. File : ibm_tsm_server_6_2_6_0.nasl - Type : ACT_GATHER_INFO |
| 2014-08-11 | Name : The remote backup service is affected by an information disclosure vulnerabil... File : ibm_tsm_server_6_3_4_200.nasl - Type : ACT_GATHER_INFO |
| 2014-08-04 | Name : The remote application server is affected by multiple vulnerabilities. File : websphere_8_0_0_9.nasl - Type : ACT_GATHER_INFO |
| 2014-08-01 | Name : The remote application server is affected by multiple vulnerabilities. File : websphere_7_0_0_33.nasl - Type : ACT_GATHER_INFO |
| 2014-07-30 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0675.nasl - Type : ACT_GATHER_INFO |
| 2014-07-30 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0685.nasl - Type : ACT_GATHER_INFO |
| 2014-07-30 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0705.nasl - Type : ACT_GATHER_INFO |
| 2014-07-28 | Name : The remote AIX host has a version of Java SDK installed that is potentially a... File : aix_java_apr2014_advisory.nasl - Type : ACT_GATHER_INFO |
| 2014-07-24 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-0675.nasl - Type : ACT_GATHER_INFO |
| 2014-07-24 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-0685.nasl - Type : ACT_GATHER_INFO |
| 2014-07-22 | Name : The remote Windows host contains a programming platform that is affected by m... File : oracle_jrockit_cpu_apr_2012.nasl - Type : ACT_GATHER_INFO |
| 2014-07-18 | Name : The remote Windows host contains a programming platform that is potentially a... File : oracle_jrockit_cpu_oct_2012.nasl - Type : ACT_GATHER_INFO |
| 2014-07-14 | Name : The remote mail server is affected by an information disclosure vulnerability. File : ipswitch_imail_12_3.nasl - Type : ACT_GATHER_INFO |
| 2014-06-30 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201406-32.nasl - Type : ACT_GATHER_INFO |
| 2014-06-18 | Name : The remote database server is affected by multiple vulnerabilities. File : db2_101fp3a.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2011-100.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-136.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-302.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-368.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-512.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-513.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-592.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-601.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-696.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-749.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-754.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-755.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-76.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-797.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-1022.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-1023.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-1024.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-131.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-153.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-154.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-164.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-165.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-198.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-230.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-402.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-410.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-426.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-439.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-622.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-733.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-847.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-903.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-904.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-961.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-993.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-994.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-995.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-2.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-37.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-59.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_compat-openssl097g-110721.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_gnutls-101025.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_gnutls-101206.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_icedtea-web-110627.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_java-1_6_0-openjdk-100820.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_java-1_6_0-openjdk-101103.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_java-1_6_0-openjdk-101202.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_java-1_6_0-openjdk-110118.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_java-1_6_0-openjdk-110204.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_java-1_6_0-openjdk-110228.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_java-1_6_0-openjdk-111025.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_java-1_6_0-sun-101019.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_java-1_6_0-sun-110217.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_java-1_6_0-sun-110608.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_java-1_6_0-sun-111024.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_nss-201112-111220.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_opera-110906.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_compat-openssl097g-110721.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_curl-120124.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_icedtea-web-110627.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_java-1_6_0-openjdk-111025.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_java-1_6_0-openjdk-120222.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_java-1_6_0-sun-110314.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_java-1_6_0-sun-110608.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_java-1_6_0-sun-111024.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_nss-201112-111220.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_opera-110906.nasl - Type : ACT_GATHER_INFO |
| 2014-06-10 | Name : The remote Fedora host is missing a security update. File : fedora_2014-6717.nasl - Type : ACT_GATHER_INFO |
| 2014-06-10 | Name : The remote Fedora host is missing a security update. File : fedora_2014-6859.nasl - Type : ACT_GATHER_INFO |
| 2014-06-10 | Name : The remote Fedora host is missing a security update. File : fedora_2014-6870.nasl - Type : ACT_GATHER_INFO |
| 2014-06-06 | Name : The version of IBM Tivoli Directory Server is affected by a frame injection v... File : tivoli_directory_svr_63025.nasl - Type : ACT_GATHER_INFO |
| 2014-06-03 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-ibm-140514.nasl - Type : ACT_GATHER_INFO |
| 2014-06-01 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_7_0-ibm-140515.nasl - Type : ACT_GATHER_INFO |
| 2014-05-29 | Name : The remote Fedora host is missing a security update. File : fedora_2014-6631.nasl - Type : ACT_GATHER_INFO |
| 2014-05-29 | Name : The remote application server may be affected by multiple vulnerabilities. File : websphere_8_5_5_2.nasl - Type : ACT_GATHER_INFO |
| 2014-05-19 | Name : The remote Windows host has a service installed that is affected by multiple ... File : websphere_mq_7503.nasl - Type : ACT_GATHER_INFO |
| 2014-05-19 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2014-100.nasl - Type : ACT_GATHER_INFO |
| 2014-05-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0508.nasl - Type : ACT_GATHER_INFO |
| 2014-05-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0509.nasl - Type : ACT_GATHER_INFO |
| 2014-05-14 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0486.nasl - Type : ACT_GATHER_INFO |
| 2014-05-14 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_7_0-openjdk-140508.nasl - Type : ACT_GATHER_INFO |
| 2014-05-12 | Name : The remote server is affected by multiple vulnerabilities. File : domino_9_0_1_fp1.nasl - Type : ACT_GATHER_INFO |
| 2014-05-12 | Name : The remote host has software installed that is affected by multiple vulnerabi... File : lotus_domino_9_0_1_fp1.nasl - Type : ACT_GATHER_INFO |
| 2014-05-12 | Name : The remote host has software installed that is affected by multiple vulnerabi... File : lotus_notes_9_0_1_fp1.nasl - Type : ACT_GATHER_INFO |
| 2014-05-06 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2923.nasl - Type : ACT_GATHER_INFO |
| 2014-05-02 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2191-1.nasl - Type : ACT_GATHER_INFO |
| 2014-05-01 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2187-1.nasl - Type : ACT_GATHER_INFO |
| 2014-04-25 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2912.nasl - Type : ACT_GATHER_INFO |
| 2014-04-23 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2014-326.nasl - Type : ACT_GATHER_INFO |
| 2014-04-23 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2014-327.nasl - Type : ACT_GATHER_INFO |
| 2014-04-18 | Name : The remote Windows host contains a programming platform that is potentially a... File : oracle_jrockit_cpu_apr_2014.nasl - Type : ACT_GATHER_INFO |
| 2014-04-18 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-0407.nasl - Type : ACT_GATHER_INFO |
| 2014-04-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0412.nasl - Type : ACT_GATHER_INFO |
| 2014-04-17 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-0406.nasl - Type : ACT_GATHER_INFO |
| 2014-04-17 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-0407.nasl - Type : ACT_GATHER_INFO |
| 2014-04-17 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-0408.nasl - Type : ACT_GATHER_INFO |
| 2014-04-17 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-0406.nasl - Type : ACT_GATHER_INFO |
| 2014-04-17 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-0408.nasl - Type : ACT_GATHER_INFO |
| 2014-04-17 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0406.nasl - Type : ACT_GATHER_INFO |
| 2014-04-17 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0407.nasl - Type : ACT_GATHER_INFO |
| 2014-04-17 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0408.nasl - Type : ACT_GATHER_INFO |
| 2014-04-17 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20140416_java_1_6_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2014-04-17 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20140416_java_1_7_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2014-04-17 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20140416_java_1_7_0_openjdk_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
| 2014-04-16 | Name : The remote AIX host is running a vulnerable version of OpenSSL. File : aix_openssl_advisory5.nasl - Type : ACT_GATHER_INFO |
| 2014-04-16 | Name : The remote AIX host is running a vulnerable version of OpenSSL. File : aix_ssl_advisory.nasl - Type : ACT_GATHER_INFO |
| 2014-04-16 | Name : The remote Windows host contains a programming platform that is potentially a... File : oracle_java_cpu_apr_2014.nasl - Type : ACT_GATHER_INFO |
| 2014-04-16 | Name : The remote Unix host contains a programming platform that is potentially affe... File : oracle_java_cpu_apr_2014_unix.nasl - Type : ACT_GATHER_INFO |
| 2014-04-03 | Name : The remote Fedora host is missing a security update. File : fedora_2014-4564.nasl - Type : ACT_GATHER_INFO |
| 2014-03-12 | Name : The remote device is affected by multiple vulnerabilities. File : appletv_6_1.nasl - Type : ACT_GATHER_INFO |
| 2014-02-25 | Name : The remote host is missing a Mac OS X update that fixes a certificate validat... File : macosx_10_9_2.nasl - Type : ACT_GATHER_INFO |
| 2014-02-25 | Name : The remote host is missing a Mac OS X update that fixes multiple security vul... File : macosx_SecUpd2014-001.nasl - Type : ACT_GATHER_INFO |
| 2014-02-25 | Name : The remote Apache Tomcat server is affected by multiple vulnerabilities. File : tomcat_6_0_39.nasl - Type : ACT_GATHER_INFO |
| 2014-02-20 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2014-042.nasl - Type : ACT_GATHER_INFO |
| 2014-02-18 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2014-035.nasl - Type : ACT_GATHER_INFO |
| 2014-02-12 | Name : The remote Fedora host is missing a security update. File : fedora_2014-1766.nasl - Type : ACT_GATHER_INFO |
| 2014-02-12 | Name : The remote Fedora host is missing a security update. File : fedora_2014-1770.nasl - Type : ACT_GATHER_INFO |
| 2014-02-12 | Name : The remote Fedora host is missing a security update. File : fedora_2014-1803.nasl - Type : ACT_GATHER_INFO |
| 2014-02-07 | Name : The remote Fedora host is missing a security update. File : fedora_2014-1754.nasl - Type : ACT_GATHER_INFO |
| 2014-02-07 | Name : The remote Fedora host is missing a security update. File : fedora_2014-1778.nasl - Type : ACT_GATHER_INFO |
| 2014-02-07 | Name : The remote mail server is affected by an information disclosure vulnerability. File : kerio_connect_810.nasl - Type : ACT_GATHER_INFO |
| 2014-01-27 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201401-30.nasl - Type : ACT_GATHER_INFO |
| 2014-01-24 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2089-1.nasl - Type : ACT_GATHER_INFO |
| 2014-01-20 | Name : The remote VMware ESXi 5.1 host is affected by multiple vulnerabilities. File : vmware_esxi_5_1_build_1483097_remote.nasl - Type : ACT_GATHER_INFO |
| 2014-01-20 | Name : The remote application server is potentially affected by multiple vulnerabili... File : websphere_7_0_0_31.nasl - Type : ACT_GATHER_INFO |
| 2014-01-20 | Name : The remote application server may be affected by multiple vulnerabilities. File : websphere_8_0_0_8.nasl - Type : ACT_GATHER_INFO |
| 2014-01-12 | Name : The remote Fedora host is missing a security update. File : fedora_2013-23722.nasl - Type : ACT_GATHER_INFO |
| 2014-01-08 | Name : The remote server is affected by multiple vulnerabilities. File : domino_9_0_1.nasl - Type : ACT_GATHER_INFO |
| 2014-01-08 | Name : The remote host has software installed that is affected by multiple vulnerabi... File : lotus_domino_9_0_1.nasl - Type : ACT_GATHER_INFO |
| 2014-01-03 | Name : The remote Fedora host is missing a security update. File : fedora_2013-23291.nasl - Type : ACT_GATHER_INFO |
| 2013-12-24 | Name : The remote Fedora host is missing a security update. File : fedora_2013-23749.nasl - Type : ACT_GATHER_INFO |
| 2013-12-23 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2013-267.nasl - Type : ACT_GATHER_INFO |
| 2013-12-20 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2060-1.nasl - Type : ACT_GATHER_INFO |
| 2013-12-18 | Name : The remote database server is affected by multiple vulnerabilities. File : db2_97fp9.nasl - Type : ACT_GATHER_INFO |
| 2013-12-18 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2013-23519.nasl - Type : ACT_GATHER_INFO |
| 2013-12-17 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2013-350-02.nasl - Type : ACT_GATHER_INFO |
| 2013-12-16 | Name : The remote Fedora host is missing a security update. File : fedora_2013-23295.nasl - Type : ACT_GATHER_INFO |
| 2013-12-16 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_dd116b1964b311e3868f0025905a4771.nasl - Type : ACT_GATHER_INFO |
| 2013-12-12 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2013-23127.nasl - Type : ACT_GATHER_INFO |
| 2013-12-12 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-2052-1.nasl - Type : ACT_GATHER_INFO |
| 2013-12-12 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-2053-1.nasl - Type : ACT_GATHER_INFO |
| 2013-12-11 | Name : The remote Mac OS X host contains a web browser that is potentially affected ... File : macosx_firefox_24_2_esr.nasl - Type : ACT_GATHER_INFO |
| 2013-12-11 | Name : The remote Mac OS X host contains a web browser that is potentially affected ... File : macosx_firefox_26.nasl - Type : ACT_GATHER_INFO |
| 2013-12-11 | Name : The remote Mac OS X host contains a mail client that is potentially affected ... File : macosx_thunderbird_24_2.nasl - Type : ACT_GATHER_INFO |
| 2013-12-11 | Name : The remote Windows host contains a web browser that is potentially affected b... File : mozilla_firefox_24_2_esr.nasl - Type : ACT_GATHER_INFO |
| 2013-12-11 | Name : The remote Windows host contains a web browser that is potentially affected b... File : mozilla_firefox_26.nasl - Type : ACT_GATHER_INFO |
| 2013-12-11 | Name : The remote Windows host contains a mail client that is potentially affected b... File : mozilla_thunderbird_24_2.nasl - Type : ACT_GATHER_INFO |
| 2013-12-11 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-1804.nasl - Type : ACT_GATHER_INFO |
| 2013-12-11 | Name : The remote Windows host contains a web browser that is potentially affected b... File : seamonkey_223.nasl - Type : ACT_GATHER_INFO |
| 2013-12-11 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20131210_libjpeg_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2013-12-11 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20131210_libjpeg_turbo_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
| 2013-12-10 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-1803.nasl - Type : ACT_GATHER_INFO |
| 2013-12-10 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-1804.nasl - Type : ACT_GATHER_INFO |
| 2013-12-10 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-1803.nasl - Type : ACT_GATHER_INFO |
| 2013-12-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-1803.nasl - Type : ACT_GATHER_INFO |
| 2013-12-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-1804.nasl - Type : ACT_GATHER_INFO |
| 2013-12-03 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201312-03.nasl - Type : ACT_GATHER_INFO |
| 2013-12-03 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-openjdk-131129.nasl - Type : ACT_GATHER_INFO |
| 2013-11-22 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-273.nasl - Type : ACT_GATHER_INFO |
| 2013-11-22 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2033-1.nasl - Type : ACT_GATHER_INFO |
| 2013-11-21 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2799.nasl - Type : ACT_GATHER_INFO |
| 2013-11-21 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201311-13.nasl - Type : ACT_GATHER_INFO |
| 2013-11-21 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_7_0-ibm-131119.nasl - Type : ACT_GATHER_INFO |
| 2013-11-20 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-267.nasl - Type : ACT_GATHER_INFO |
| 2013-11-19 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-ibm-131114.nasl - Type : ACT_GATHER_INFO |
| 2013-11-14 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2013-235.nasl - Type : ACT_GATHER_INFO |
| 2013-11-14 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2013-246.nasl - Type : ACT_GATHER_INFO |
| 2013-11-14 | Name : The remote host contains a web browser that is affected by multiple vulnerabi... File : google_chrome_31_0_1650_48.nasl - Type : ACT_GATHER_INFO |
| 2013-11-14 | Name : The remote Mac OS X host contains a web browser that is affected by multiple ... File : macosx_google_chrome_31_0_1650_48.nasl - Type : ACT_GATHER_INFO |
| 2013-11-13 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_3bfc70164bcc11e3b0cf00262d5ed8ee.nasl - Type : ACT_GATHER_INFO |
| 2013-11-13 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_7_0-openjdk-131104.nasl - Type : ACT_GATHER_INFO |
| 2013-11-13 | Name : The remote VMware ESXi 5.0 host is affected by multiple security vulnerabilit... File : vmware_esxi_5_0_build_1311177_remote.nasl - Type : ACT_GATHER_INFO |
| 2013-11-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-1507.nasl - Type : ACT_GATHER_INFO |
| 2013-11-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-1508.nasl - Type : ACT_GATHER_INFO |
| 2013-11-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-1509.nasl - Type : ACT_GATHER_INFO |
| 2013-11-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-1505.nasl - Type : ACT_GATHER_INFO |
| 2013-11-06 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-1505.nasl - Type : ACT_GATHER_INFO |
| 2013-11-06 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-1505.nasl - Type : ACT_GATHER_INFO |
| 2013-11-06 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20131105_java_1_6_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2013-11-04 | Name : The remote server is affected by multiple vulnerabilities. File : domino_8_5_3fp5.nasl - Type : ACT_GATHER_INFO |
| 2013-11-04 | Name : The remote host has software installed that is affected by multiple vulnerabi... File : lotus_domino_8_5_3_fp5.nasl - Type : ACT_GATHER_INFO |
| 2013-11-04 | Name : The remote host has software installed that is affected by multiple vulnerabi... File : lotus_notes_8_5_3_fp5.nasl - Type : ACT_GATHER_INFO |
| 2013-10-25 | Name : The remote host has a virtualization management application installed that is... File : vmware_vcenter_vmsa-2013-0012.nasl - Type : ACT_GATHER_INFO |
| 2013-10-24 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-1451.nasl - Type : ACT_GATHER_INFO |
| 2013-10-24 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20131022_java_1_7_0_openjdk_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
| 2013-10-23 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-1447.nasl - Type : ACT_GATHER_INFO |
| 2013-10-23 | Name : The remote host is missing a Mac OS X update that fixes multiple security vul... File : macosx_10_9.nasl - Type : ACT_GATHER_INFO |
| 2013-10-23 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-1451.nasl - Type : ACT_GATHER_INFO |
| 2013-10-23 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-1451.nasl - Type : ACT_GATHER_INFO |
| 2013-10-22 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-1447.nasl - Type : ACT_GATHER_INFO |
| 2013-10-22 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-1447.nasl - Type : ACT_GATHER_INFO |
| 2013-10-22 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20131021_java_1_7_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2013-10-18 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201310-10.nasl - Type : ACT_GATHER_INFO |
| 2013-10-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-1440.nasl - Type : ACT_GATHER_INFO |
| 2013-10-17 | Name : The remote Windows host contains a programming platform that is potentially a... File : oracle_java_cpu_oct_2013.nasl - Type : ACT_GATHER_INFO |
| 2013-10-17 | Name : The remote Unix host contains a programming platform that is potentially affe... File : oracle_java_cpu_oct_2013_unix.nasl - Type : ACT_GATHER_INFO |
| 2013-10-16 | Name : The remote host has a version of Java that is affected by multiple vulnerabil... File : macosx_java_10_6_update17.nasl - Type : ACT_GATHER_INFO |
| 2013-10-16 | Name : The remote host has a version of Java that is affected by multiple vulnerabil... File : macosx_java_2013-005.nasl - Type : ACT_GATHER_INFO |
| 2013-10-16 | Name : The remote database server is affected by multiple vulnerabilities. File : oracle_rdbms_cpu_oct_2013.nasl - Type : ACT_GATHER_INFO |
| 2013-10-06 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2768.nasl - Type : ACT_GATHER_INFO |
| 2013-10-04 | Name : The remote Fedora host is missing a security update. File : fedora_2013-17016.nasl - Type : ACT_GATHER_INFO |
| 2013-10-03 | Name : The remote SuSE 11 host is missing a security update. File : suse_11_icedtea-web-130924.nasl - Type : ACT_GATHER_INFO |
| 2013-09-25 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201309-15.nasl - Type : ACT_GATHER_INFO |
| 2013-09-23 | Name : The remote Fedora host is missing a security update. File : fedora_2013-16971.nasl - Type : ACT_GATHER_INFO |
| 2013-09-21 | Name : The remote Fedora host is missing a security update. File : fedora_2013-17026.nasl - Type : ACT_GATHER_INFO |
| 2013-09-20 | Name : The remote application server may be affected by multiple vulnerabilities. File : websphere_6_1_0_47.nasl - Type : ACT_GATHER_INFO |
| 2013-09-19 | Name : The remote device is missing a vendor-supplied security patch. File : junos_pulse_jsa10591.nasl - Type : ACT_GATHER_INFO |
| 2013-09-13 | Name : The remote host is affected by multiple vulnerabilities. File : juniper_nsm_psn_2012_08_689.nasl - Type : ACT_GATHER_INFO |
| 2013-09-13 | Name : The remote host is missing a Mac OS X update that fixes several security issues. File : macosx_10_8_5.nasl - Type : ACT_GATHER_INFO |
| 2013-09-13 | Name : The remote host is missing a Mac OS X update that fixes several security issues. File : macosx_SecUpd2013-004.nasl - Type : ACT_GATHER_INFO |
| 2013-09-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2011-10.nasl - Type : ACT_GATHER_INFO |
| 2013-09-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2012-119.nasl - Type : ACT_GATHER_INFO |
| 2013-09-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2012-136.nasl - Type : ACT_GATHER_INFO |
| 2013-09-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2012-137.nasl - Type : ACT_GATHER_INFO |
| 2013-09-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2012-43.nasl - Type : ACT_GATHER_INFO |
| 2013-09-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2012-88.nasl - Type : ACT_GATHER_INFO |
| 2013-09-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2013-155.nasl - Type : ACT_GATHER_INFO |
| 2013-09-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2013-156.nasl - Type : ACT_GATHER_INFO |
| 2013-09-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2013-162.nasl - Type : ACT_GATHER_INFO |
| 2013-09-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2013-163.nasl - Type : ACT_GATHER_INFO |
| 2013-09-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2013-167.nasl - Type : ACT_GATHER_INFO |
| 2013-09-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2013-168.nasl - Type : ACT_GATHER_INFO |
| 2013-09-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2013-171.nasl - Type : ACT_GATHER_INFO |
| 2013-09-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2013-183.nasl - Type : ACT_GATHER_INFO |
| 2013-09-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2013-185.nasl - Type : ACT_GATHER_INFO |
| 2013-09-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2013-204.nasl - Type : ACT_GATHER_INFO |
| 2013-09-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2013-207.nasl - Type : ACT_GATHER_INFO |
| 2013-08-23 | Name : The remote application server may be affected by multiple vulnerabilities. File : websphere_8_0_0_7.nasl - Type : ACT_GATHER_INFO |
| 2013-08-12 | Name : The remote Windows host contains a programming platform that is potentially a... File : oracle_jrockit_cpu_jul_2013.nasl - Type : ACT_GATHER_INFO |
| 2013-08-05 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2013-13479.nasl - Type : ACT_GATHER_INFO |
| 2013-08-02 | Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2013-0009.nasl - Type : ACT_GATHER_INFO |
| 2013-07-28 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2727.nasl - Type : ACT_GATHER_INFO |
| 2013-07-28 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2013-13523.nasl - Type : ACT_GATHER_INFO |
| 2013-07-28 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_4_2-ibm-130723.nasl - Type : ACT_GATHER_INFO |
| 2013-07-26 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-ibm-130723.nasl - Type : ACT_GATHER_INFO |
| 2013-07-26 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_7_0-ibm-130723.nasl - Type : ACT_GATHER_INFO |
| 2013-07-26 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_7_0-openjdk-130719.nasl - Type : ACT_GATHER_INFO |
| 2013-07-24 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-openjdk-130718.nasl - Type : ACT_GATHER_INFO |
| 2013-07-24 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1908-1.nasl - Type : ACT_GATHER_INFO |
| 2013-07-23 | Name : The remote web server is affected by multiple vulnerabilities. File : hpsmh_7_2_1_0.nasl - Type : ACT_GATHER_INFO |
| 2013-07-23 | Name : The remote application server may be affected by multiple vulnerabilities. File : websphere_8_5_5.nasl - Type : ACT_GATHER_INFO |
| 2013-07-19 | Name : The remote application server is potentially affected by multiple vulnerabili... File : websphere_7_0_0_29.nasl - Type : ACT_GATHER_INFO |
| 2013-07-18 | Name : The remote SuSE 11 host is missing a security update. File : suse_11_icedtea-web-130702.nasl - Type : ACT_GATHER_INFO |
| 2013-07-17 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-1081.nasl - Type : ACT_GATHER_INFO |
| 2013-07-17 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1907-1.nasl - Type : ACT_GATHER_INFO |
| 2013-07-17 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1907-2.nasl - Type : ACT_GATHER_INFO |
| 2013-07-16 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2722.nasl - Type : ACT_GATHER_INFO |
| 2013-07-16 | Name : The remote device is missing a vendor-supplied security patch. File : juniper_jsa10575.nasl - Type : ACT_GATHER_INFO |
| 2013-07-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-1059.nasl - Type : ACT_GATHER_INFO |
| 2013-07-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-1060.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1579.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1580.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0162.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0163.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2010-0164.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0165.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0166.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0167.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0333.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0339.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0768.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-0176.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-0214.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-0281.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-0335.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-0336.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-0856.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-0857.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-1380.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-0135.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-0322.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-0729.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-0730.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-1009.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-1088.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2012-1089.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-1132.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-1221.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-1222.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-1223.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-1384.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-1385.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-1386.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-1434.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-0245.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-0246.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-0247.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-0273.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-0274.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-0275.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-0587.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-0602.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-0603.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-0604.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-0605.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-0751.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-0752.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-0770.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-0957.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-0958.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-1014.nasl - Type : ACT_GATHER_INFO |
| 2013-07-10 | Name : The remote host has a library installed that is affected by an information di... File : ibm_gskit_swg21638270.nasl - Type : ACT_GATHER_INFO |
| 2013-07-05 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-1014.nasl - Type : ACT_GATHER_INFO |
| 2013-07-05 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-1014.nasl - Type : ACT_GATHER_INFO |
| 2013-07-05 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130703_java_1_6_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2013-06-29 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1579.nasl - Type : ACT_GATHER_INFO |
| 2013-06-29 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1580.nasl - Type : ACT_GATHER_INFO |
| 2013-06-29 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-1132.nasl - Type : ACT_GATHER_INFO |
| 2013-06-28 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-183.nasl - Type : ACT_GATHER_INFO |
| 2013-06-24 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2013-0833.nasl - Type : ACT_GATHER_INFO |
| 2013-06-21 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-0957.nasl - Type : ACT_GATHER_INFO |
| 2013-06-21 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-0958.nasl - Type : ACT_GATHER_INFO |
| 2013-06-21 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0963.nasl - Type : ACT_GATHER_INFO |
| 2013-06-21 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130620_java_1_7_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2013-06-21 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130620_java_1_7_0_openjdk_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
| 2013-06-20 | Name : The remote Unix host contains a programming platform that is potentially affe... File : oracle_java_cpu_jun_2013_unix.nasl - Type : ACT_GATHER_INFO |
| 2013-06-20 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0957.nasl - Type : ACT_GATHER_INFO |
| 2013-06-20 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0958.nasl - Type : ACT_GATHER_INFO |
| 2013-06-19 | Name : The remote host has a version of Java that is affected by multiple vulnerabil... File : macosx_java_10_6_update16.nasl - Type : ACT_GATHER_INFO |
| 2013-06-19 | Name : The remote host has a version of Java that is affected by multiple vulnerabil... File : macosx_java_2013-004.nasl - Type : ACT_GATHER_INFO |
| 2013-06-19 | Name : The remote Windows host contains a programming platform that is potentially a... File : oracle_java_cpu_jun_2013.nasl - Type : ACT_GATHER_INFO |
| 2013-06-17 | Name : The remote host has an update manager installed that is affected by multiple ... File : vmware_vcenter_update_mgr_vmsa-2012-0013.nasl - Type : ACT_GATHER_INFO |
| 2013-06-11 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_4_2-ibm-130529.nasl - Type : ACT_GATHER_INFO |
| 2013-06-11 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_7_0-ibm-130529.nasl - Type : ACT_GATHER_INFO |
| 2013-06-06 | Name : The remote web server contains an application that is affected by multiple vu... File : splunk_503.nasl - Type : ACT_GATHER_INFO |
| 2013-06-05 | Name : The remote host has a virtualization management application installed that is... File : vmware_vcenter_vmsa-2012-0013.nasl - Type : ACT_GATHER_INFO |
| 2013-06-02 | Name : The remote SuSE 11 host is missing a security update. File : suse_11_icedtea-web-130517.nasl - Type : ACT_GATHER_INFO |
| 2013-05-28 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-ibm-130517.nasl - Type : ACT_GATHER_INFO |
| 2013-05-23 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0855.nasl - Type : ACT_GATHER_INFO |
| 2013-05-22 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-openjdk-130512.nasl - Type : ACT_GATHER_INFO |
| 2013-05-15 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0822.nasl - Type : ACT_GATHER_INFO |
| 2013-05-15 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0823.nasl - Type : ACT_GATHER_INFO |
| 2013-05-10 | Name : The remote application server may be affected by multiple vulnerabilities. File : websphere_8_0_0_6.nasl - Type : ACT_GATHER_INFO |
| 2013-05-10 | Name : The remote application server may be affected by multiple vulnerabilities. File : websphere_8_5_0_2.nasl - Type : ACT_GATHER_INFO |
| 2013-05-08 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1819-1.nasl - Type : ACT_GATHER_INFO |
| 2013-05-07 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-161.nasl - Type : ACT_GATHER_INFO |
| 2013-04-30 | Name : The remote host is affected by multiple vulnerabilities. File : ibm_tem_8_2_1372.nasl - Type : ACT_GATHER_INFO |
| 2013-04-26 | Name : The remote Fedora host is missing a security update. File : fedora_2013-6368.nasl - Type : ACT_GATHER_INFO |
| 2013-04-26 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130424_java_1_6_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2013-04-25 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-0770.nasl - Type : ACT_GATHER_INFO |
| 2013-04-25 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0770.nasl - Type : ACT_GATHER_INFO |
| 2013-04-24 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_4_2-ibm-130415.nasl - Type : ACT_GATHER_INFO |
| 2013-04-24 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-ibm-130416.nasl - Type : ACT_GATHER_INFO |
| 2013-04-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_4_2-ibm-8543.nasl - Type : ACT_GATHER_INFO |
| 2013-04-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_5_0-ibm-8542.nasl - Type : ACT_GATHER_INFO |
| 2013-04-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_6_0-ibm-8544.nasl - Type : ACT_GATHER_INFO |
| 2013-04-24 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1806-1.nasl - Type : ACT_GATHER_INFO |
| 2013-04-20 | Name : The remote Fedora host is missing a security update. File : fedora_2013-5922.nasl - Type : ACT_GATHER_INFO |
| 2013-04-20 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-037.nasl - Type : ACT_GATHER_INFO |
| 2013-04-20 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-050.nasl - Type : ACT_GATHER_INFO |
| 2013-04-20 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-052.nasl - Type : ACT_GATHER_INFO |
| 2013-04-20 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-095.nasl - Type : ACT_GATHER_INFO |
| 2013-04-19 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-0751.nasl - Type : ACT_GATHER_INFO |
| 2013-04-19 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0757.nasl - Type : ACT_GATHER_INFO |
| 2013-04-19 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0758.nasl - Type : ACT_GATHER_INFO |
| 2013-04-19 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_7_0-ibm-130415.nasl - Type : ACT_GATHER_INFO |
| 2013-04-18 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-0752.nasl - Type : ACT_GATHER_INFO |
| 2013-04-18 | Name : The remote Fedora host is missing a security update. File : fedora_2013-5958.nasl - Type : ACT_GATHER_INFO |
| 2013-04-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0751.nasl - Type : ACT_GATHER_INFO |
| 2013-04-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0752.nasl - Type : ACT_GATHER_INFO |
| 2013-04-18 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130417_java_1_7_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2013-04-18 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130417_java_1_7_0_openjdk_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
| 2013-04-17 | Name : The remote host has a version of Java that is affected by multiple vulnerabil... File : macosx_java_10_6_update15.nasl - Type : ACT_GATHER_INFO |
| 2013-04-17 | Name : The remote host has a version of Java that is affected by multiple vulnerabil... File : macosx_java_2013-003.nasl - Type : ACT_GATHER_INFO |
| 2013-04-17 | Name : The remote Windows host contains a programming platform that is potentially a... File : oracle_java_cpu_apr_2013.nasl - Type : ACT_GATHER_INFO |
| 2013-04-17 | Name : The remote Unix host contains a programming platform that is potentially affe... File : oracle_java_cpu_apr_2013_unix.nasl - Type : ACT_GATHER_INFO |
| 2013-04-08 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_69bfc8529bd011e2a7be8c705af55518.nasl - Type : ACT_GATHER_INFO |
| 2013-04-03 | Name : The remote Fedora host is missing a security update. File : fedora_2013-4403.nasl - Type : ACT_GATHER_INFO |
| 2013-03-28 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libopenssl-devel-130325.nasl - Type : ACT_GATHER_INFO |
| 2013-03-28 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_openssl-8517.nasl - Type : ACT_GATHER_INFO |
| 2013-03-26 | Name : The remote Windows host contains a program that is affected by multiple vulne... File : stunnel_4_55.nasl - Type : ACT_GATHER_INFO |
| 2013-03-26 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1732-3.nasl - Type : ACT_GATHER_INFO |
| 2013-03-17 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-ibm-130312.nasl - Type : ACT_GATHER_INFO |
| 2013-03-17 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_5_0-ibm-8483.nasl - Type : ACT_GATHER_INFO |
| 2013-03-15 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_6_0-ibm-8495.nasl - Type : ACT_GATHER_INFO |
| 2013-03-14 | Name : The remote Fedora host is missing a security update. File : fedora_2013-3468.nasl - Type : ACT_GATHER_INFO |
| 2013-03-14 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_4_2-ibm-130306.nasl - Type : ACT_GATHER_INFO |
| 2013-03-14 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_4_2-ibm-8481.nasl - Type : ACT_GATHER_INFO |
| 2013-03-13 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-openjdk-130307.nasl - Type : ACT_GATHER_INFO |
| 2013-03-13 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_7_0-ibm-130306.nasl - Type : ACT_GATHER_INFO |
| 2013-03-12 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0624.nasl - Type : ACT_GATHER_INFO |
| 2013-03-12 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0625.nasl - Type : ACT_GATHER_INFO |
| 2013-03-12 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0626.nasl - Type : ACT_GATHER_INFO |
| 2013-03-10 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-0602.nasl - Type : ACT_GATHER_INFO |
| 2013-03-10 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-0605.nasl - Type : ACT_GATHER_INFO |
| 2013-03-09 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1079-2.nasl - Type : ACT_GATHER_INFO |
| 2013-03-09 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1079-3.nasl - Type : ACT_GATHER_INFO |
| 2013-03-08 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-0603.nasl - Type : ACT_GATHER_INFO |
| 2013-03-08 | Name : The remote Fedora host is missing a security update. File : fedora_2013-2793.nasl - Type : ACT_GATHER_INFO |
| 2013-03-08 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130306_java_1_6_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2013-03-08 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130306_java_1_6_0_openjdk_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
| 2013-03-08 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130306_java_1_7_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2013-03-08 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130306_java_1_7_0_openjdk_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
| 2013-03-08 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1755-2.nasl - Type : ACT_GATHER_INFO |
| 2013-03-07 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-0587.nasl - Type : ACT_GATHER_INFO |
| 2013-03-07 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-0604.nasl - Type : ACT_GATHER_INFO |
| 2013-03-07 | Name : The remote Fedora host is missing a security update. File : fedora_2013-3467.nasl - Type : ACT_GATHER_INFO |
| 2013-03-07 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0600.nasl - Type : ACT_GATHER_INFO |
| 2013-03-07 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0601.nasl - Type : ACT_GATHER_INFO |
| 2013-03-07 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0602.nasl - Type : ACT_GATHER_INFO |
| 2013-03-07 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0603.nasl - Type : ACT_GATHER_INFO |
| 2013-03-07 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0604.nasl - Type : ACT_GATHER_INFO |
| 2013-03-07 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0605.nasl - Type : ACT_GATHER_INFO |
| 2013-03-06 | Name : The remote host contains a runtime environment that can allow code execution. File : oracle_java5_update41.nasl - Type : ACT_GATHER_INFO |
| 2013-03-06 | Name : The remote host contains a runtime environment that can allow code execution. File : oracle_java5_update41_unix.nasl - Type : ACT_GATHER_INFO |
| 2013-03-06 | Name : The remote host contains a runtime environment that can allow code execution. File : oracle_java6_update43.nasl - Type : ACT_GATHER_INFO |
| 2013-03-06 | Name : The remote host contains a runtime environment that can allow code execution. File : oracle_java6_update43_unix.nasl - Type : ACT_GATHER_INFO |
| 2013-03-06 | Name : The remote host contains a runtime environment that can allow code execution. File : oracle_java7_update17.nasl - Type : ACT_GATHER_INFO |
| 2013-03-06 | Name : The remote host contains a runtime environment that can allow code execution. File : oracle_java7_update17_unix.nasl - Type : ACT_GATHER_INFO |
| 2013-03-06 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1755-1.nasl - Type : ACT_GATHER_INFO |
| 2013-03-05 | Name : The remote host has a version of Java that is affected by multiple vulnerabil... File : macosx_java_10_6_update14.nasl - Type : ACT_GATHER_INFO |
| 2013-03-05 | Name : The remote host has a version of Java that is affected by multiple vulnerabil... File : macosx_java_2013-002.nasl - Type : ACT_GATHER_INFO |
| 2013-03-05 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0587.nasl - Type : ACT_GATHER_INFO |
| 2013-03-05 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130304_openssl_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2013-03-04 | Name : The remote Fedora host is missing a security update. File : fedora_2013-2834.nasl - Type : ACT_GATHER_INFO |
| 2013-03-01 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1732-2.nasl - Type : ACT_GATHER_INFO |
| 2013-02-27 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-0274.nasl - Type : ACT_GATHER_INFO |
| 2013-02-24 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-014.nasl - Type : ACT_GATHER_INFO |
| 2013-02-24 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-openjdk-130221.nasl - Type : ACT_GATHER_INFO |
| 2013-02-22 | Name : The remote host contains a runtime environment that contains methods that can... File : oracle_java6_update35_unix.nasl - Type : ACT_GATHER_INFO |
| 2013-02-22 | Name : The remote Unix host contains a programming platform that is affected by mult... File : oracle_java7_update6_unix.nasl - Type : ACT_GATHER_INFO |
| 2013-02-22 | Name : The remote Unix host contains a programming platform that is affected by mult... File : oracle_java_cpu_feb_2011_unix.nasl - Type : ACT_GATHER_INFO |
| 2013-02-22 | Name : The remote Unix host contains a programming platform that is affected by mult... File : oracle_java_cpu_feb_2012_unix.nasl - Type : ACT_GATHER_INFO |
| 2013-02-22 | Name : The remote Unix host contains a programming platform that is potentially affe... File : oracle_java_cpu_feb_2013_1_unix.nasl - Type : ACT_GATHER_INFO |
| 2013-02-22 | Name : The remote Unix host contains a programming platform that is potentially affe... File : oracle_java_cpu_feb_2013_unix.nasl - Type : ACT_GATHER_INFO |
| 2013-02-22 | Name : The remote Unix host contains a programming platform that is affected by mult... File : oracle_java_cpu_jun_2011_unix.nasl - Type : ACT_GATHER_INFO |
| 2013-02-22 | Name : The remote Unix host contains a programming platform that is affected by mult... File : oracle_java_cpu_jun_2012_unix.nasl - Type : ACT_GATHER_INFO |
| 2013-02-22 | Name : The remote Unix host contains a runtime environment that is affected by multi... File : oracle_java_cpu_mar_2010_unix.nasl - Type : ACT_GATHER_INFO |
| 2013-02-22 | Name : The remote Unix host contains a programming platform that is affected by mult... File : oracle_java_cpu_oct_2010_unix.nasl - Type : ACT_GATHER_INFO |
| 2013-02-22 | Name : The remote Unix host contains a programming platform that is affected by mult... File : oracle_java_cpu_oct_2011_unix.nasl - Type : ACT_GATHER_INFO |
| 2013-02-22 | Name : The remote Unix host contains a programming platform that is affected by mult... File : oracle_java_cpu_oct_2012_unix.nasl - Type : ACT_GATHER_INFO |
| 2013-02-22 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1732-1.nasl - Type : ACT_GATHER_INFO |
| 2013-02-22 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1735-1.nasl - Type : ACT_GATHER_INFO |
| 2013-02-21 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-0273.nasl - Type : ACT_GATHER_INFO |
| 2013-02-21 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-0275.nasl - Type : ACT_GATHER_INFO |
| 2013-02-21 | Name : The remote Windows host contains a programming platform that is potentially a... File : oracle_java_cpu_feb_2013_1.nasl - Type : ACT_GATHER_INFO |
| 2013-02-21 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0273.nasl - Type : ACT_GATHER_INFO |
| 2013-02-21 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0274.nasl - Type : ACT_GATHER_INFO |
| 2013-02-21 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0275.nasl - Type : ACT_GATHER_INFO |
| 2013-02-21 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0531.nasl - Type : ACT_GATHER_INFO |
| 2013-02-21 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0532.nasl - Type : ACT_GATHER_INFO |
| 2013-02-21 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-openjdk-130212.nasl - Type : ACT_GATHER_INFO |
| 2013-02-20 | Name : The remote host has a version of Java that is affected by multiple vulnerabil... File : macosx_java_10_6_update13.nasl - Type : ACT_GATHER_INFO |
| 2013-02-20 | Name : The remote host has a version of Java that is affected by multiple vulnerabil... File : macosx_java_2013-001.nasl - Type : ACT_GATHER_INFO |
| 2013-02-18 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2626.nasl - Type : ACT_GATHER_INFO |
| 2013-02-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1724-1.nasl - Type : ACT_GATHER_INFO |
| 2013-02-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2621.nasl - Type : ACT_GATHER_INFO |
| 2013-02-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2622.nasl - Type : ACT_GATHER_INFO |
| 2013-02-13 | Name : The remote service may be affected by an information disclosure vulnerability. File : openssl_1_0_1e.nasl - Type : ACT_GATHER_INFO |
| 2013-02-13 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130205_jdk_1_6_0_on_SL_5_0.nasl - Type : ACT_GATHER_INFO |
| 2013-02-12 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-010.nasl - Type : ACT_GATHER_INFO |
| 2013-02-11 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2013-040-01.nasl - Type : ACT_GATHER_INFO |
| 2013-02-11 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-0245.nasl - Type : ACT_GATHER_INFO |
| 2013-02-11 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-0247.nasl - Type : ACT_GATHER_INFO |
| 2013-02-11 | Name : The remote Fedora host is missing a security update. File : fedora_2013-2188.nasl - Type : ACT_GATHER_INFO |
| 2013-02-11 | Name : The remote Fedora host is missing a security update. File : fedora_2013-2197.nasl - Type : ACT_GATHER_INFO |
| 2013-02-11 | Name : The remote Fedora host is missing a security update. File : fedora_2013-2205.nasl - Type : ACT_GATHER_INFO |
| 2013-02-11 | Name : The remote Fedora host is missing a security update. File : fedora_2013-2209.nasl - Type : ACT_GATHER_INFO |
| 2013-02-10 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-0246.nasl - Type : ACT_GATHER_INFO |
| 2013-02-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0245.nasl - Type : ACT_GATHER_INFO |
| 2013-02-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0246.nasl - Type : ACT_GATHER_INFO |
| 2013-02-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0247.nasl - Type : ACT_GATHER_INFO |
| 2013-02-10 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130208_java_1_6_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2013-02-10 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130208_java_1_6_0_openjdk_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
| 2013-02-10 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130208_java_1_7_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2013-02-09 | Name : The remote host may be affected by multiple vulnerabilities. File : openssl_0_9_8y.nasl - Type : ACT_GATHER_INFO |
| 2013-02-09 | Name : The remote host may be affected by multiple vulnerabilities. File : openssl_1_0_0k.nasl - Type : ACT_GATHER_INFO |
| 2013-02-09 | Name : The remote host may be affected by multiple vulnerabilities. File : openssl_1_0_1d.nasl - Type : ACT_GATHER_INFO |
| 2013-02-07 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_00b0d8cd709711e298d9003067c2616f.nasl - Type : ACT_GATHER_INFO |
| 2013-02-06 | Name : The remote Fedora host is missing a security update. File : fedora_2013-1898.nasl - Type : ACT_GATHER_INFO |
| 2013-02-05 | Name : The remote host has a version of Java that is affected by multiple vulnerabil... File : macosx_java_10_6_update12.nasl - Type : ACT_GATHER_INFO |
| 2013-02-05 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0236.nasl - Type : ACT_GATHER_INFO |
| 2013-02-05 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0237.nasl - Type : ACT_GATHER_INFO |
| 2013-02-04 | Name : The remote Windows host contains a programming platform that is potentially a... File : oracle_java_cpu_feb_2013.nasl - Type : ACT_GATHER_INFO |
| 2013-01-25 | Name : The remote SuSE 11 host is missing a security update. File : suse_11_icedtea-web-120802.nasl - Type : ACT_GATHER_INFO |
| 2013-01-25 | Name : The remote SuSE 11 host is missing a security update. File : suse_11_icedtea-web-121113.nasl - Type : ACT_GATHER_INFO |
| 2013-01-25 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_4_2-ibm-120529.nasl - Type : ACT_GATHER_INFO |
| 2013-01-25 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_4_2-ibm-120907.nasl - Type : ACT_GATHER_INFO |
| 2013-01-25 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_4_2-ibm-121113.nasl - Type : ACT_GATHER_INFO |
| 2013-01-25 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-ibm-120427.nasl - Type : ACT_GATHER_INFO |
| 2013-01-25 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-ibm-120907.nasl - Type : ACT_GATHER_INFO |
| 2013-01-25 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-ibm-121126.nasl - Type : ACT_GATHER_INFO |
| 2013-01-25 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-openjdk-120615.nasl - Type : ACT_GATHER_INFO |
| 2013-01-25 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-openjdk-120905.nasl - Type : ACT_GATHER_INFO |
| 2013-01-25 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-openjdk-121023.nasl - Type : ACT_GATHER_INFO |
| 2013-01-25 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_7_0-ibm-120919.nasl - Type : ACT_GATHER_INFO |
| 2013-01-25 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_7_0-ibm-121113.nasl - Type : ACT_GATHER_INFO |
| 2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0880.nasl - Type : ACT_GATHER_INFO |
| 2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0702.nasl - Type : ACT_GATHER_INFO |
| 2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-1243.nasl - Type : ACT_GATHER_INFO |
| 2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-1485.nasl - Type : ACT_GATHER_INFO |
| 2013-01-17 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_d5e0317e5e4511e2a113c48508086173.nasl - Type : ACT_GATHER_INFO |
| 2013-01-08 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201301-01.nasl - Type : ACT_GATHER_INFO |
| 2012-11-29 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_6_0-ibm-8383.nasl - Type : ACT_GATHER_INFO |
| 2012-11-19 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_4_2-ibm-8366.nasl - Type : ACT_GATHER_INFO |
| 2012-11-19 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_5_0-ibm-8362.nasl - Type : ACT_GATHER_INFO |
| 2012-11-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-1465.nasl - Type : ACT_GATHER_INFO |
| 2012-11-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-1466.nasl - Type : ACT_GATHER_INFO |
| 2012-11-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-1467.nasl - Type : ACT_GATHER_INFO |
| 2012-11-12 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-1434.nasl - Type : ACT_GATHER_INFO |
| 2012-11-12 | Name : The remote Fedora host is missing a security update. File : fedora_2012-17745.nasl - Type : ACT_GATHER_INFO |
| 2012-11-12 | Name : The remote Fedora host is missing a security update. File : fedora_2012-17762.nasl - Type : ACT_GATHER_INFO |
| 2012-11-12 | Name : The remote Fedora host is missing a security update. File : fedora_2012-17827.nasl - Type : ACT_GATHER_INFO |
| 2012-11-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-1434.nasl - Type : ACT_GATHER_INFO |
| 2012-11-08 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20121107_icedtea_web_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
| 2012-11-08 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1625-1.nasl - Type : ACT_GATHER_INFO |
| 2012-11-02 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2012-169.nasl - Type : ACT_GATHER_INFO |
| 2012-10-31 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20121018_java_1_6_0_sun_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2012-10-26 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1619-1.nasl - Type : ACT_GATHER_INFO |
| 2012-10-22 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20121017_java_1_7_0_openjdk_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
| 2012-10-19 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-1385.nasl - Type : ACT_GATHER_INFO |
| 2012-10-19 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-1391.nasl - Type : ACT_GATHER_INFO |
| 2012-10-19 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-1392.nasl - Type : ACT_GATHER_INFO |
| 2012-10-18 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-1384.nasl - Type : ACT_GATHER_INFO |
| 2012-10-18 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-1386.nasl - Type : ACT_GATHER_INFO |
| 2012-10-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-1384.nasl - Type : ACT_GATHER_INFO |
| 2012-10-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-1385.nasl - Type : ACT_GATHER_INFO |
| 2012-10-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-1386.nasl - Type : ACT_GATHER_INFO |
| 2012-10-18 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20121017_java_1_6_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2012-10-18 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20121017_java_1_6_0_openjdk_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
| 2012-10-17 | Name : The remote host has a version of Java that is affected by multiple vulnerabil... File : macosx_java_10_6_update11.nasl - Type : ACT_GATHER_INFO |
| 2012-10-17 | Name : The remote host has a version of Java that is affected by multiple vulnerabil... File : macosx_java_2012-006.nasl - Type : ACT_GATHER_INFO |
| 2012-10-17 | Name : The remote Windows host contains a programming platform that is affected by m... File : oracle_java_cpu_oct_2012.nasl - Type : ACT_GATHER_INFO |
| 2012-10-06 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2012-150.nasl - Type : ACT_GATHER_INFO |
| 2012-09-26 | Name : The remote Fedora host is missing a security update. File : fedora_2012-14370.nasl - Type : ACT_GATHER_INFO |
| 2012-09-24 | Name : The remote Fedora host is missing a security update. File : fedora_2012-14316.nasl - Type : ACT_GATHER_INFO |
| 2012-09-20 | Name : The remote host is missing a Mac OS X update that fixes multiple security vul... File : macosx_10_7_5.nasl - Type : ACT_GATHER_INFO |
| 2012-09-20 | Name : The remote host is missing a Mac OS X update that fixes multiple security vul... File : macosx_SecUpd2012-004.nasl - Type : ACT_GATHER_INFO |
| 2012-09-19 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-1289.nasl - Type : ACT_GATHER_INFO |
| 2012-09-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-1245.nasl - Type : ACT_GATHER_INFO |
| 2012-09-07 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-1238.nasl - Type : ACT_GATHER_INFO |
| 2012-09-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-1223.nasl - Type : ACT_GATHER_INFO |
| 2012-09-06 | Name : The remote host has a version of Java that contains methods that can aid in f... File : macosx_java_10_6_update10.nasl - Type : ACT_GATHER_INFO |
| 2012-09-06 | Name : The remote host has a version of Java that contains methods that can aid in f... File : macosx_java_2012-005.nasl - Type : ACT_GATHER_INFO |
| 2012-09-06 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2012-097.nasl - Type : ACT_GATHER_INFO |
| 2012-09-06 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2012-122.nasl - Type : ACT_GATHER_INFO |
| 2012-09-06 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2012-149.nasl - Type : ACT_GATHER_INFO |
| 2012-09-05 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120903_java_1_6_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2012-09-05 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120903_java_1_6_0_openjdk_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
| 2012-09-05 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120903_java_1_7_0_openjdk_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
| 2012-09-04 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-1221.nasl - Type : ACT_GATHER_INFO |
| 2012-09-04 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-1222.nasl - Type : ACT_GATHER_INFO |
| 2012-09-04 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-1221.nasl - Type : ACT_GATHER_INFO |
| 2012-09-04 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-1222.nasl - Type : ACT_GATHER_INFO |
| 2012-09-04 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-1223.nasl - Type : ACT_GATHER_INFO |
| 2012-09-04 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-1225.nasl - Type : ACT_GATHER_INFO |
| 2012-09-04 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1553-1.nasl - Type : ACT_GATHER_INFO |
| 2012-08-31 | Name : The remote host contains a runtime environment that contains methods that can... File : oracle_java6_update35.nasl - Type : ACT_GATHER_INFO |
| 2012-08-30 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_18ce9a90f26911e1be53080027ef73ec.nasl - Type : ACT_GATHER_INFO |
| 2012-08-30 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1505-2.nasl - Type : ACT_GATHER_INFO |
| 2012-08-27 | Name : The remote Windows host contains a programming platform that is affected by m... File : oracle_java7_update6.nasl - Type : ACT_GATHER_INFO |
| 2012-08-14 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_55b498e2e56c11e1bbd5001c25e46b1d.nasl - Type : ACT_GATHER_INFO |
| 2012-08-03 | Name : The remote host has an application installed that is affected by multiple vul... File : macosx_xcode_4_4.nasl - Type : ACT_GATHER_INFO |
| 2012-08-03 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120731_icedtea_web_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-1132.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20091111_httpd_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100325_gnutls_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100325_nss_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20100325_openssl097a_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100325_openssl_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100325_openssl_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100331_java_1_6_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100331_java__jdk_1_6_0__on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20101013_java_1_6_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20101014_java__jdk_1_6_0__on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20101110_java_1_6_0_openjdk_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110125_java_1_6_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110210_java_1_6_0_openjdk_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110217_java_1_6_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110217_java__jdk_1_6_0__on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110309_tomcat5_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110309_tomcat6_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110608_java_1_6_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110608_java_1_6_0_openjdk_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110621_java__jdk_1_6_0__on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20111018_java_1_6_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20111019_java_1_6_0_sun_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120214_java_1_6_0_openjdk_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120216_java_1_6_0_sun_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120221_java_1_6_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120613_java_1_6_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120613_java_1_6_0_openjdk_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120613_java_1_6_0_sun_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1521-1.nasl - Type : ACT_GATHER_INFO |
| 2012-07-18 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-1088.nasl - Type : ACT_GATHER_INFO |
| 2012-07-18 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2012-1089.nasl - Type : ACT_GATHER_INFO |
| 2012-07-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-1088.nasl - Type : ACT_GATHER_INFO |
| 2012-07-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-1089.nasl - Type : ACT_GATHER_INFO |
| 2012-07-13 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1505-1.nasl - Type : ACT_GATHER_INFO |
| 2012-07-11 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-1009.nasl - Type : ACT_GATHER_INFO |
| 2012-07-05 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2507.nasl - Type : ACT_GATHER_INFO |
| 2012-06-25 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201206-18.nasl - Type : ACT_GATHER_INFO |
| 2012-06-21 | Name : The remote database server is affected by multiple denial of service vulnerab... File : db2_9fp11.nasl - Type : ACT_GATHER_INFO |
| 2012-06-21 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201203-22.nasl - Type : ACT_GATHER_INFO |
| 2012-06-21 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2012-096.nasl - Type : ACT_GATHER_INFO |
| 2012-06-21 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-1009.nasl - Type : ACT_GATHER_INFO |
| 2012-06-21 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-1019.nasl - Type : ACT_GATHER_INFO |
| 2012-06-20 | Name : The remote Fedora host is missing a security update. File : fedora_2012-9135.nasl - Type : ACT_GATHER_INFO |
| 2012-06-19 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2012-095.nasl - Type : ACT_GATHER_INFO |
| 2012-06-18 | Name : The remote Fedora host is missing a security update. File : fedora_2012-9541.nasl - Type : ACT_GATHER_INFO |
| 2012-06-18 | Name : The remote Fedora host is missing a security update. File : fedora_2012-9545.nasl - Type : ACT_GATHER_INFO |
| 2012-06-18 | Name : The remote Fedora host is missing a security update. File : fedora_2012-9590.nasl - Type : ACT_GATHER_INFO |
| 2012-06-18 | Name : The remote Fedora host is missing a security update. File : fedora_2012-9593.nasl - Type : ACT_GATHER_INFO |
| 2012-06-15 | Name : The remote Windows host contains software that is affected by multiple vulner... File : hp_systems_insight_manager_700_multiple_vulns.nasl - Type : ACT_GATHER_INFO |
| 2012-06-14 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-0729.nasl - Type : ACT_GATHER_INFO |
| 2012-06-14 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-0730.nasl - Type : ACT_GATHER_INFO |
| 2012-06-14 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0729.nasl - Type : ACT_GATHER_INFO |
| 2012-06-14 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0730.nasl - Type : ACT_GATHER_INFO |
| 2012-06-14 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0734.nasl - Type : ACT_GATHER_INFO |
| 2012-06-14 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_4_2-ibm-8151.nasl - Type : ACT_GATHER_INFO |
| 2012-06-13 | Name : The remote host has a version of Java that is affected by multiple vulnerabil... File : macosx_java_10_6_update9.nasl - Type : ACT_GATHER_INFO |
| 2012-06-13 | Name : The remote host has a version of Java that is affected by multiple vulnerabil... File : macosx_java_10_7_2012-004.nasl - Type : ACT_GATHER_INFO |
| 2012-06-13 | Name : The remote Windows host contains a programming platform that is affected by m... File : oracle_java_cpu_jun_2012.nasl - Type : ACT_GATHER_INFO |
| 2012-05-17 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_4_2-ibm-7036.nasl - Type : ACT_GATHER_INFO |
| 2012-05-10 | Name : The remote host is missing a Mac OS X update that fixes several security issues. File : macosx_10_7_4.nasl - Type : ACT_GATHER_INFO |
| 2012-05-10 | Name : The remote host is missing a Mac OS X update that fixes multiple security vul... File : macosx_SecUpd2012-002.nasl - Type : ACT_GATHER_INFO |
| 2012-05-07 | Name : The remote Fedora host is missing a security update. File : fedora_2012-5785.nasl - Type : ACT_GATHER_INFO |
| 2012-05-07 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2012-5924.nasl - Type : ACT_GATHER_INFO |
| 2012-05-04 | Name : The remote Fedora host is missing a security update. File : fedora_2012-5916.nasl - Type : ACT_GATHER_INFO |
| 2012-05-02 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2012-5892.nasl - Type : ACT_GATHER_INFO |
| 2012-04-25 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0514.nasl - Type : ACT_GATHER_INFO |
| 2012-04-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0508.nasl - Type : ACT_GATHER_INFO |
| 2012-04-16 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2012-058.nasl - Type : ACT_GATHER_INFO |
| 2012-04-16 | Name : It may be possible to obtain sensitive information from the remote host with ... File : ssl3_tls1_iv_impl_info_disclosure.nasl - Type : ACT_GATHER_INFO |
| 2012-04-05 | Name : The remote host has a version of Java that is affected by multiple vulnerabil... File : macosx_java_10_6_update7.nasl - Type : ACT_GATHER_INFO |
| 2012-04-05 | Name : The remote host has a version of Java that is affected by multiple vulnerabil... File : macosx_java_10_7_2012-001.nasl - Type : ACT_GATHER_INFO |
| 2012-03-16 | Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2012-0005.nasl - Type : ACT_GATHER_INFO |
| 2012-03-09 | Name : The remote VMware ESX host is missing a security-related patch. File : vmware_VMSA-2012-0003.nasl - Type : ACT_GATHER_INFO |
| 2012-03-06 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201203-02.nasl - Type : ACT_GATHER_INFO |
| 2012-03-01 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1373-2.nasl - Type : ACT_GATHER_INFO |
| 2012-02-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2420.nasl - Type : ACT_GATHER_INFO |
| 2012-02-29 | Name : The remote Fedora host is missing a security update. File : fedora_2012-2595.nasl - Type : ACT_GATHER_INFO |
| 2012-02-29 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-ibm-120223.nasl - Type : ACT_GATHER_INFO |
| 2012-02-28 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-openjdk-120220.nasl - Type : ACT_GATHER_INFO |
| 2012-02-27 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1373-1.nasl - Type : ACT_GATHER_INFO |
| 2012-02-24 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_4_2-ibm-120105.nasl - Type : ACT_GATHER_INFO |
| 2012-02-22 | Name : The remote Fedora host is missing a security update. File : fedora_2012-1721.nasl - Type : ACT_GATHER_INFO |
| 2012-02-22 | Name : The remote web server is affected by a denial of service vulnerability. File : glassfish_cve-2011-5035.nasl - Type : ACT_GATHER_INFO |
| 2012-02-22 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0322.nasl - Type : ACT_GATHER_INFO |
| 2012-02-20 | Name : The remote Fedora host is missing a security update. File : fedora_2012-1711.nasl - Type : ACT_GATHER_INFO |
| 2012-02-20 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2012-021.nasl - Type : ACT_GATHER_INFO |
| 2012-02-17 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0139.nasl - Type : ACT_GATHER_INFO |
| 2012-02-16 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-0135.nasl - Type : ACT_GATHER_INFO |
| 2012-02-16 | Name : The remote Fedora host is missing a security update. File : fedora_2012-1690.nasl - Type : ACT_GATHER_INFO |
| 2012-02-15 | Name : The remote Windows host contains a programming platform that is affected by m... File : oracle_java_cpu_feb_2012.nasl - Type : ACT_GATHER_INFO |
| 2012-02-15 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0135.nasl - Type : ACT_GATHER_INFO |
| 2012-02-02 | Name : The remote host is missing a Mac OS X update that fixes several security vuln... File : macosx_10_7_3.nasl - Type : ACT_GATHER_INFO |
| 2012-02-02 | Name : The remote host is missing a Mac OS X update that fixes multiple security vul... File : macosx_SecUpd2012-001.nasl - Type : ACT_GATHER_INFO |
| 2012-01-31 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2398.nasl - Type : ACT_GATHER_INFO |
| 2012-01-25 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_4_2-ibm-7908.nasl - Type : ACT_GATHER_INFO |
| 2012-01-25 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1263-2.nasl - Type : ACT_GATHER_INFO |
| 2012-01-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_6_0-ibm-7926.nasl - Type : ACT_GATHER_INFO |
| 2012-01-23 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2011-17399.nasl - Type : ACT_GATHER_INFO |
| 2012-01-19 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0034.nasl - Type : ACT_GATHER_INFO |
| 2012-01-12 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2358.nasl - Type : ACT_GATHER_INFO |
| 2012-01-12 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2368.nasl - Type : ACT_GATHER_INFO |
| 2012-01-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0006.nasl - Type : ACT_GATHER_INFO |
| 2012-01-10 | Name : It may be possibe to obtain sensitive information from the remote Windows hos... File : smb_nt_ms12-006.nasl - Type : ACT_GATHER_INFO |
| 2011-12-23 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2011-17400.nasl - Type : ACT_GATHER_INFO |
| 2011-12-14 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_a4a809d825c811e1b53100215c6a37bb.nasl - Type : ACT_GATHER_INFO |
| 2011-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_compat-openssl097g-7645.nasl - Type : ACT_GATHER_INFO |
| 2011-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_4_2-ibm-7440.nasl - Type : ACT_GATHER_INFO |
| 2011-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_4_2-ibm-7698.nasl - Type : ACT_GATHER_INFO |
| 2011-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_5_0-ibm-7650.nasl - Type : ACT_GATHER_INFO |
| 2011-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_5_0-ibm-7862.nasl - Type : ACT_GATHER_INFO |
| 2011-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_6_0-ibm-7443.nasl - Type : ACT_GATHER_INFO |
| 2011-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_6_0-ibm-7627.nasl - Type : ACT_GATHER_INFO |
| 2011-12-07 | Name : The remote host contains a web browser that is affected by multiple vulnerabi... File : opera_1160.nasl - Type : ACT_GATHER_INFO |
| 2011-12-02 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2356.nasl - Type : ACT_GATHER_INFO |
| 2011-11-26 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-1478.nasl - Type : ACT_GATHER_INFO |
| 2011-11-23 | Name : The remote database server is affected by multiple denial of service vulnerab... File : db2_97fp5.nasl - Type : ACT_GATHER_INFO |
| 2011-11-17 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1263-1.nasl - Type : ACT_GATHER_INFO |
| 2011-11-14 | Name : The remote Fedora host is missing a security update. File : fedora_2011-15555.nasl - Type : ACT_GATHER_INFO |
| 2011-11-14 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-170.nasl - Type : ACT_GATHER_INFO |
| 2011-11-09 | Name : The remote host has a version of Java installed that is affected by multiple ... File : macosx_java_10_6_update6.nasl - Type : ACT_GATHER_INFO |
| 2011-11-09 | Name : The remote host has a version of Java installed that is affected by multiple ... File : macosx_java_10_7_update1.nasl - Type : ACT_GATHER_INFO |
| 2011-11-07 | Name : The remote Fedora host is missing a security update. File : fedora_2011-15020.nasl - Type : ACT_GATHER_INFO |
| 2011-11-07 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201111-02.nasl - Type : ACT_GATHER_INFO |
| 2011-10-28 | Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2011-0013.nasl - Type : ACT_GATHER_INFO |
| 2011-10-20 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2011-1380.nasl - Type : ACT_GATHER_INFO |
| 2011-10-20 | Name : The remote Windows host contains a programming platform that is affected by m... File : oracle_java_cpu_oct_2011.nasl - Type : ACT_GATHER_INFO |
| 2011-10-20 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-1384.nasl - Type : ACT_GATHER_INFO |
| 2011-10-19 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-1380.nasl - Type : ACT_GATHER_INFO |
| 2011-10-12 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201110-05.nasl - Type : ACT_GATHER_INFO |
| 2011-09-28 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2311.nasl - Type : ACT_GATHER_INFO |
| 2011-09-01 | Name : The remote host contains a web browser that is affected by multiple vulnerabi... File : opera_1151.nasl - Type : ACT_GATHER_INFO |
| 2011-08-30 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12819.nasl - Type : ACT_GATHER_INFO |
| 2011-08-30 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_4_2-ibm-110818.nasl - Type : ACT_GATHER_INFO |
| 2011-08-30 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_4_2-ibm-7697.nasl - Type : ACT_GATHER_INFO |
| 2011-08-16 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-126.nasl - Type : ACT_GATHER_INFO |
| 2011-08-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-1159.nasl - Type : ACT_GATHER_INFO |
| 2011-08-05 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12810.nasl - Type : ACT_GATHER_INFO |
| 2011-08-03 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_5_0-ibm-7649.nasl - Type : ACT_GATHER_INFO |
| 2011-07-28 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_compat-openssl097g-110721.nasl - Type : ACT_GATHER_INFO |
| 2011-07-28 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_compat-openssl097g-7644.nasl - Type : ACT_GATHER_INFO |
| 2011-07-25 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-1087.nasl - Type : ACT_GATHER_INFO |
| 2011-07-20 | Name : The remote database server is affected by multiple vulnerabilities. File : oracle_rdbms_cpu_jul_2011.nasl - Type : ACT_GATHER_INFO |
| 2011-07-19 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-ibm-110713.nasl - Type : ACT_GATHER_INFO |
| 2011-07-19 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_6_0-ibm-7626.nasl - Type : ACT_GATHER_INFO |
| 2011-07-15 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0938.nasl - Type : ACT_GATHER_INFO |
| 2011-06-29 | Name : The remote host has a version of Java that is affected by multiple vulnerabil... File : macosx_java_10_5_update10.nasl - Type : ACT_GATHER_INFO |
| 2011-06-29 | Name : The remote host has a version of Java that is affected by multiple vulnerabil... File : macosx_java_10_6_update5.nasl - Type : ACT_GATHER_INFO |
| 2011-06-20 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1154-1.nasl - Type : ACT_GATHER_INFO |
| 2011-06-16 | Name : The remote Fedora host is missing a security update. File : fedora_2011-8020.nasl - Type : ACT_GATHER_INFO |
| 2011-06-16 | Name : The remote Fedora host is missing a security update. File : fedora_2011-8028.nasl - Type : ACT_GATHER_INFO |
| 2011-06-15 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-sun-110609.nasl - Type : ACT_GATHER_INFO |
| 2011-06-14 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2011-0857.nasl - Type : ACT_GATHER_INFO |
| 2011-06-12 | Name : The remote Fedora host is missing a security update. File : fedora_2011-8003.nasl - Type : ACT_GATHER_INFO |
| 2011-06-09 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0856.nasl - Type : ACT_GATHER_INFO |
| 2011-06-09 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0857.nasl - Type : ACT_GATHER_INFO |
| 2011-06-09 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0860.nasl - Type : ACT_GATHER_INFO |
| 2011-06-08 | Name : The remote Windows host contains a programming platform that is affected by m... File : oracle_java_cpu_jun_2011.nasl - Type : ACT_GATHER_INFO |
| 2011-05-13 | Name : The remote database server is affected by multiple vulnerabilities. File : oracle_rdbms_cpu_apr_2011.nasl - Type : ACT_GATHER_INFO |
| 2011-05-13 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12706.nasl - Type : ACT_GATHER_INFO |
| 2011-05-13 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_4_2-ibm-110504.nasl - Type : ACT_GATHER_INFO |
| 2011-05-06 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0490.nasl - Type : ACT_GATHER_INFO |
| 2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_gnutls-101025.nasl - Type : ACT_GATHER_INFO |
| 2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_gnutls-101206.nasl - Type : ACT_GATHER_INFO |
| 2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_java-1_6_0-openjdk-101103.nasl - Type : ACT_GATHER_INFO |
| 2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_java-1_6_0-openjdk-101202.nasl - Type : ACT_GATHER_INFO |
| 2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_gnutls-101025.nasl - Type : ACT_GATHER_INFO |
| 2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_gnutls-101206.nasl - Type : ACT_GATHER_INFO |
| 2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_java-1_6_0-openjdk-101103.nasl - Type : ACT_GATHER_INFO |
| 2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_java-1_6_0-openjdk-101202.nasl - Type : ACT_GATHER_INFO |
| 2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_java-1_6_0-openjdk-110118.nasl - Type : ACT_GATHER_INFO |
| 2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_java-1_6_0-openjdk-110204.nasl - Type : ACT_GATHER_INFO |
| 2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_java-1_6_0-openjdk-110228.nasl - Type : ACT_GATHER_INFO |
| 2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_java-1_6_0-sun-110217.nasl - Type : ACT_GATHER_INFO |
| 2011-05-02 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12705.nasl - Type : ACT_GATHER_INFO |
| 2011-04-21 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2224.nasl - Type : ACT_GATHER_INFO |
| 2011-04-15 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2011-0176.nasl - Type : ACT_GATHER_INFO |
| 2011-04-15 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2011-0214.nasl - Type : ACT_GATHER_INFO |
| 2011-04-15 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2011-0281.nasl - Type : ACT_GATHER_INFO |
| 2011-04-15 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2011-0336.nasl - Type : ACT_GATHER_INFO |
| 2011-04-01 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12691.nasl - Type : ACT_GATHER_INFO |
| 2011-03-28 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-054.nasl - Type : ACT_GATHER_INFO |
| 2011-03-22 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-ibm-110307.nasl - Type : ACT_GATHER_INFO |
| 2011-03-22 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_6_0-ibm-7369.nasl - Type : ACT_GATHER_INFO |
| 2011-03-21 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_5_0-ibm-7350.nasl - Type : ACT_GATHER_INFO |
| 2011-03-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0364.nasl - Type : ACT_GATHER_INFO |
| 2011-03-17 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0357.nasl - Type : ACT_GATHER_INFO |
| 2011-03-17 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12683.nasl - Type : ACT_GATHER_INFO |
| 2011-03-17 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_MozillaFirefox-100407.nasl - Type : ACT_GATHER_INFO |
| 2011-03-17 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_mozilla-xulrunner190-100407.nasl - Type : ACT_GATHER_INFO |
| 2011-03-11 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12682.nasl - Type : ACT_GATHER_INFO |
| 2011-03-11 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_4_2-ibm-110223.nasl - Type : ACT_GATHER_INFO |
| 2011-03-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_4_2-ibm-7348.nasl - Type : ACT_GATHER_INFO |
| 2011-03-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0335.nasl - Type : ACT_GATHER_INFO |
| 2011-03-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0336.nasl - Type : ACT_GATHER_INFO |
| 2011-03-09 | Name : The remote host has a version of Java that is affected by multiple vulnerabil... File : macosx_java_10_5_update9.nasl - Type : ACT_GATHER_INFO |
| 2011-03-09 | Name : The remote host has a version of Java that is affected by multiple vulnerabil... File : macosx_java_10_6_update4.nasl - Type : ACT_GATHER_INFO |
| 2011-03-02 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1079-1.nasl - Type : ACT_GATHER_INFO |
| 2011-02-23 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0290.nasl - Type : ACT_GATHER_INFO |
| 2011-02-23 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0291.nasl - Type : ACT_GATHER_INFO |
| 2011-02-23 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0292.nasl - Type : ACT_GATHER_INFO |
| 2011-02-23 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-sun-110217.nasl - Type : ACT_GATHER_INFO |
| 2011-02-23 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_6_0-sun-7342.nasl - Type : ACT_GATHER_INFO |
| 2011-02-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0281.nasl - Type : ACT_GATHER_INFO |
| 2011-02-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0282.nasl - Type : ACT_GATHER_INFO |
| 2011-02-17 | Name : The remote Fedora host is missing a security update. File : fedora_2011-1631.nasl - Type : ACT_GATHER_INFO |
| 2011-02-17 | Name : The remote Fedora host is missing a security update. File : fedora_2011-1645.nasl - Type : ACT_GATHER_INFO |
| 2011-02-16 | Name : The remote Windows host contains a programming platform that is affected by m... File : oracle_java_cpu_feb_2011.nasl - Type : ACT_GATHER_INFO |
| 2011-02-15 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2161.nasl - Type : ACT_GATHER_INFO |
| 2011-02-14 | Name : The remote Fedora host is missing a security update. File : fedora_2011-1231.nasl - Type : ACT_GATHER_INFO |
| 2011-02-14 | Name : The remote Fedora host is missing a security update. File : fedora_2011-1263.nasl - Type : ACT_GATHER_INFO |
| 2011-02-14 | Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2011-0003.nasl - Type : ACT_GATHER_INFO |
| 2011-02-11 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0214.nasl - Type : ACT_GATHER_INFO |
| 2011-02-02 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1055-1.nasl - Type : ACT_GATHER_INFO |
| 2011-01-27 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_gnutls-7299.nasl - Type : ACT_GATHER_INFO |
| 2011-01-27 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_6_0-sun-7204.nasl - Type : ACT_GATHER_INFO |
| 2011-01-27 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1052-1.nasl - Type : ACT_GATHER_INFO |
| 2011-01-26 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0176.nasl - Type : ACT_GATHER_INFO |
| 2011-01-25 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-ibm-101220.nasl - Type : ACT_GATHER_INFO |
| 2011-01-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12669.nasl - Type : ACT_GATHER_INFO |
| 2011-01-21 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0169.nasl - Type : ACT_GATHER_INFO |
| 2011-01-21 | Name : The remote SuSE 11 host is missing a security update. File : suse_11_java-1_4_2-ibm-100510.nasl - Type : ACT_GATHER_INFO |
| 2011-01-21 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_4_2-ibm-101112.nasl - Type : ACT_GATHER_INFO |
| 2011-01-20 | Name : The remote Fedora host is missing a security update. File : fedora_2011-0500.nasl - Type : ACT_GATHER_INFO |
| 2011-01-20 | Name : The remote Fedora host is missing a security update. File : fedora_2011-0521.nasl - Type : ACT_GATHER_INFO |
| 2011-01-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0152.nasl - Type : ACT_GATHER_INFO |
| 2011-01-10 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2141.nasl - Type : ACT_GATHER_INFO |
| 2010-12-17 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12658.nasl - Type : ACT_GATHER_INFO |
| 2010-12-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0987.nasl - Type : ACT_GATHER_INFO |
| 2010-12-16 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_gnutls-101206.nasl - Type : ACT_GATHER_INFO |
| 2010-12-08 | Name : The remote VMware ESX host is missing one or more security-related patches. File : vmware_VMSA-2010-0019.nasl - Type : ACT_GATHER_INFO |
| 2010-12-02 | Name : The remote Fedora host is missing a security update. File : fedora_2010-18393.nasl - Type : ACT_GATHER_INFO |
| 2010-12-02 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0935.nasl - Type : ACT_GATHER_INFO |
| 2010-12-02 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_MozillaFirefox-100406.nasl - Type : ACT_GATHER_INFO |
| 2010-12-02 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-sun-100331.nasl - Type : ACT_GATHER_INFO |
| 2010-12-02 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-sun-101019.nasl - Type : ACT_GATHER_INFO |
| 2010-12-02 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libfreebl3-100406.nasl - Type : ACT_GATHER_INFO |
| 2010-12-02 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libopenssl-devel-100331.nasl - Type : ACT_GATHER_INFO |
| 2010-12-02 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_mozilla-xulrunner190-100406.nasl - Type : ACT_GATHER_INFO |
| 2010-12-02 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_5_0-ibm-7205.nasl - Type : ACT_GATHER_INFO |
| 2010-12-01 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12659.nasl - Type : ACT_GATHER_INFO |
| 2010-12-01 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1024-1.nasl - Type : ACT_GATHER_INFO |
| 2010-11-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0865.nasl - Type : ACT_GATHER_INFO |
| 2010-11-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0873.nasl - Type : ACT_GATHER_INFO |
| 2010-10-29 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1010-1.nasl - Type : ACT_GATHER_INFO |
| 2010-10-28 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0807.nasl - Type : ACT_GATHER_INFO |
| 2010-10-22 | Name : The remote Fedora host is missing a security update. File : fedora_2010-16240.nasl - Type : ACT_GATHER_INFO |
| 2010-10-22 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_java-1_6_0-sun-101019.nasl - Type : ACT_GATHER_INFO |
| 2010-10-22 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_java-1_6_0-sun-101019.nasl - Type : ACT_GATHER_INFO |
| 2010-10-21 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0786.nasl - Type : ACT_GATHER_INFO |
| 2010-10-20 | Name : The remote web server is affected by multiple vulnerabilities. File : apache_2_0_64.nasl - Type : ACT_GATHER_INFO |
| 2010-10-20 | Name : The remote web server is affected by multiple vulnerabilities File : apache_2_2_15.nasl - Type : ACT_GATHER_INFO |
| 2010-10-20 | Name : The remote Fedora host is missing a security update. File : fedora_2010-16294.nasl - Type : ACT_GATHER_INFO |
| 2010-10-20 | Name : The remote host has a version of Java that is affected by multiple vulnerabil... File : macosx_java_10_5_update8.nasl - Type : ACT_GATHER_INFO |
| 2010-10-20 | Name : The remote host has a version of Java that is affected by multiple vulnerabil... File : macosx_java_10_6_update3.nasl - Type : ACT_GATHER_INFO |
| 2010-10-18 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0768.nasl - Type : ACT_GATHER_INFO |
| 2010-10-18 | Name : The remote Fedora host is missing a security update. File : fedora_2010-16312.nasl - Type : ACT_GATHER_INFO |
| 2010-10-15 | Name : The remote Windows host contains a programming platform that is affected by m... File : oracle_java_cpu_oct_2010.nasl - Type : ACT_GATHER_INFO |
| 2010-10-15 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0770.nasl - Type : ACT_GATHER_INFO |
| 2010-10-14 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0768.nasl - Type : ACT_GATHER_INFO |
| 2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_MozillaFirefox-6979.nasl - Type : ACT_GATHER_INFO |
| 2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_compat-openssl097g-6657.nasl - Type : ACT_GATHER_INFO |
| 2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_5_0-ibm-7077.nasl - Type : ACT_GATHER_INFO |
| 2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_mozilla-nss-6978.nasl - Type : ACT_GATHER_INFO |
| 2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_mozilla-xulrunner190-6971.nasl - Type : ACT_GATHER_INFO |
| 2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_openssl-6655.nasl - Type : ACT_GATHER_INFO |
| 2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_openssl-6944.nasl - Type : ACT_GATHER_INFO |
| 2010-10-04 | Name : The remote VMware ESX host is missing one or more security-related patches. File : vmware_VMSA-2010-0015.nasl - Type : ACT_GATHER_INFO |
| 2010-09-22 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-990-1.nasl - Type : ACT_GATHER_INFO |
| 2010-09-22 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-990-2.nasl - Type : ACT_GATHER_INFO |
| 2010-09-17 | Name : The remote web server is affected by multiple vulnerabilities. File : hpsmh_6_2_0_12.nasl - Type : ACT_GATHER_INFO |
| 2010-09-07 | Name : The remote database server is affected by multiple vulnerabilities. File : db2_95fp6.nasl - Type : ACT_GATHER_INFO |
| 2010-08-27 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_java-1_6_0-openjdk-100824.nasl - Type : ACT_GATHER_INFO |
| 2010-08-27 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_java-1_6_0-openjdk-100820.nasl - Type : ACT_GATHER_INFO |
| 2010-08-17 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-971-1.nasl - Type : ACT_GATHER_INFO |
| 2010-08-11 | Name : It may be possible to execute arbitrary code on the remote Windows host using... File : smb_nt_ms10-049.nasl - Type : ACT_GATHER_INFO |
| 2010-07-26 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-927-6.nasl - Type : ACT_GATHER_INFO |
| 2010-07-07 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12623.nasl - Type : ACT_GATHER_INFO |
| 2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2009-12747.nasl - Type : ACT_GATHER_INFO |
| 2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-1127.nasl - Type : ACT_GATHER_INFO |
| 2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-3905.nasl - Type : ACT_GATHER_INFO |
| 2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-3929.nasl - Type : ACT_GATHER_INFO |
| 2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-3956.nasl - Type : ACT_GATHER_INFO |
| 2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-5357.nasl - Type : ACT_GATHER_INFO |
| 2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-5942.nasl - Type : ACT_GATHER_INFO |
| 2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-6025.nasl - Type : ACT_GATHER_INFO |
| 2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-6039.nasl - Type : ACT_GATHER_INFO |
| 2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-6131.nasl - Type : ACT_GATHER_INFO |
| 2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-6279.nasl - Type : ACT_GATHER_INFO |
| 2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-8742.nasl - Type : ACT_GATHER_INFO |
| 2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-9487.nasl - Type : ACT_GATHER_INFO |
| 2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-9518.nasl - Type : ACT_GATHER_INFO |
| 2010-06-30 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-927-4.nasl - Type : ACT_GATHER_INFO |
| 2010-06-14 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0339.nasl - Type : ACT_GATHER_INFO |
| 2010-06-11 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12621.nasl - Type : ACT_GATHER_INFO |
| 2010-06-07 | Name : The remote Windows host has an application installed that is affected by mult... File : openoffice_321.nasl - Type : ACT_GATHER_INFO |
| 2010-06-04 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201006-18.nasl - Type : ACT_GATHER_INFO |
| 2010-06-01 | Name : The remote database server is affected by multiple vulnerabilities. File : db2_97fp2.nasl - Type : ACT_GATHER_INFO |
| 2010-05-19 | Name : The remote web server has multiple vulnerabilities. File : hpsmh_6_1_0_102.nasl - Type : ACT_GATHER_INFO |
| 2010-05-19 | Name : The remote host has a version of Java that is affected by multiple vulnerabil... File : macosx_java_10_5_update7.nasl - Type : ACT_GATHER_INFO |
| 2010-05-19 | Name : The remote host has a version of Java that is affected by multiple vulnerabil... File : macosx_java_10_6_update2.nasl - Type : ACT_GATHER_INFO |
| 2010-05-11 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0155.nasl - Type : ACT_GATHER_INFO |
| 2010-05-11 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0162.nasl - Type : ACT_GATHER_INFO |
| 2010-05-11 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0163.nasl - Type : ACT_GATHER_INFO |
| 2010-05-11 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2010-0164.nasl - Type : ACT_GATHER_INFO |
| 2010-05-11 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0165.nasl - Type : ACT_GATHER_INFO |
| 2010-05-11 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0166.nasl - Type : ACT_GATHER_INFO |
| 2010-05-11 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0167.nasl - Type : ACT_GATHER_INFO |
| 2010-05-11 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0333.nasl - Type : ACT_GATHER_INFO |
| 2010-05-11 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0337.nasl - Type : ACT_GATHER_INFO |
| 2010-05-11 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2010-0338.nasl - Type : ACT_GATHER_INFO |
| 2010-05-11 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0339.nasl - Type : ACT_GATHER_INFO |
| 2010-04-30 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_java-1_6_0-openjdk-100428.nasl - Type : ACT_GATHER_INFO |
| 2010-04-30 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_java-1_6_0-openjdk-100428.nasl - Type : ACT_GATHER_INFO |
| 2010-04-30 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_java-1_6_0-openjdk-100412.nasl - Type : ACT_GATHER_INFO |
| 2010-04-29 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-084.nasl - Type : ACT_GATHER_INFO |
| 2010-04-28 | Name : The remote database server is affected by multiple issues. File : db2_9fp9.nasl - Type : ACT_GATHER_INFO |
| 2010-04-19 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-076.nasl - Type : ACT_GATHER_INFO |
| 2010-04-14 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-070.nasl - Type : ACT_GATHER_INFO |
| 2010-04-14 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_firefox35upgrade-100407.nasl - Type : ACT_GATHER_INFO |
| 2010-04-14 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_mozilla-xulrunner190-100407.nasl - Type : ACT_GATHER_INFO |
| 2010-04-14 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_MozillaFirefox-branding-openSUSE-100413.nasl - Type : ACT_GATHER_INFO |
| 2010-04-14 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_firefox35upgrade-100407.nasl - Type : ACT_GATHER_INFO |
| 2010-04-14 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_mozilla-xulrunner190-100407.nasl - Type : ACT_GATHER_INFO |
| 2010-04-14 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_MozillaFirefox-100412.nasl - Type : ACT_GATHER_INFO |
| 2010-04-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_libfreebl3-100407.nasl - Type : ACT_GATHER_INFO |
| 2010-04-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_libfreebl3-100407.nasl - Type : ACT_GATHER_INFO |
| 2010-04-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_MozillaThunderbird-100406.nasl - Type : ACT_GATHER_INFO |
| 2010-04-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_libfreebl3-100406.nasl - Type : ACT_GATHER_INFO |
| 2010-04-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_seamonkey-100406.nasl - Type : ACT_GATHER_INFO |
| 2010-04-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_MozillaFirefox-6970.nasl - Type : ACT_GATHER_INFO |
| 2010-04-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_mozilla-nspr-6977.nasl - Type : ACT_GATHER_INFO |
| 2010-04-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_mozilla-xulrunner190-6976.nasl - Type : ACT_GATHER_INFO |
| 2010-04-12 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-927-1.nasl - Type : ACT_GATHER_INFO |
| 2010-04-09 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0333.nasl - Type : ACT_GATHER_INFO |
| 2010-04-09 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-069.nasl - Type : ACT_GATHER_INFO |
| 2010-04-09 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_java-1_6_0-sun-100331.nasl - Type : ACT_GATHER_INFO |
| 2010-04-09 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_java-1_6_0-sun-100331.nasl - Type : ACT_GATHER_INFO |
| 2010-04-09 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_libopenssl-devel-100331.nasl - Type : ACT_GATHER_INFO |
| 2010-04-09 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_java-1_6_0-sun-100331.nasl - Type : ACT_GATHER_INFO |
| 2010-04-09 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_libopenssl-devel-100401.nasl - Type : ACT_GATHER_INFO |
| 2010-04-09 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-923-1.nasl - Type : ACT_GATHER_INFO |
| 2010-04-02 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12606.nasl - Type : ACT_GATHER_INFO |
| 2010-03-31 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_9ccfee393c3b11df9edc000f20797ede.nasl - Type : ACT_GATHER_INFO |
| 2010-03-31 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_359.nasl - Type : ACT_GATHER_INFO |
| 2010-03-31 | Name : The remote Windows host contains a mail client that is affected by multiple v... File : mozilla_thunderbird_304.nasl - Type : ACT_GATHER_INFO |
| 2010-03-31 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : seamonkey_204.nasl - Type : ACT_GATHER_INFO |
| 2010-03-31 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_openssl-6943.nasl - Type : ACT_GATHER_INFO |
| 2010-03-30 | Name : The remote Windows host contains a runtime environment that is affected by mu... File : oracle_java_cpu_mar_2010.nasl - Type : ACT_GATHER_INFO |
| 2010-03-29 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0162.nasl - Type : ACT_GATHER_INFO |
| 2010-03-29 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2010-0164.nasl - Type : ACT_GATHER_INFO |
| 2010-03-29 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0165.nasl - Type : ACT_GATHER_INFO |
| 2010-03-29 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0166.nasl - Type : ACT_GATHER_INFO |
| 2010-03-29 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0167.nasl - Type : ACT_GATHER_INFO |
| 2010-03-26 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0163.nasl - Type : ACT_GATHER_INFO |
| 2010-03-23 | Name : The remote Windows host contains a web browser that is affected by Multiple V... File : mozilla_firefox_362.nasl - Type : ACT_GATHER_INFO |
| 2010-03-11 | Name : The remote web server has multiple SSL-related vulnerabilities. File : openssl_0_9_8m.nasl - Type : ACT_GATHER_INFO |
| 2010-03-09 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2010-067-01.nasl - Type : ACT_GATHER_INFO |
| 2010-03-04 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0130.nasl - Type : ACT_GATHER_INFO |
| 2010-03-02 | Name : The remote host contains a web browser that is affected by multiple issues. File : opera_1050.nasl - Type : ACT_GATHER_INFO |
| 2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1934.nasl - Type : ACT_GATHER_INFO |
| 2010-01-20 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2010-001.nasl - Type : ACT_GATHER_INFO |
| 2009-12-28 | Name : The remote Fedora host is missing a security update. File : fedora_2009-13236.nasl - Type : ACT_GATHER_INFO |
| 2009-12-28 | Name : The remote Fedora host is missing a security update. File : fedora_2009-13250.nasl - Type : ACT_GATHER_INFO |
| 2009-12-27 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1694.nasl - Type : ACT_GATHER_INFO |
| 2009-12-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-337.nasl - Type : ACT_GATHER_INFO |
| 2009-12-18 | Name : The remote Fedora host is missing a security update. File : fedora_2009-12229.nasl - Type : ACT_GATHER_INFO |
| 2009-12-18 | Name : The remote Fedora host is missing a security update. File : fedora_2009-12305.nasl - Type : ACT_GATHER_INFO |
| 2009-12-18 | Name : The remote Fedora host is missing a security update. File : fedora_2009-12606.nasl - Type : ACT_GATHER_INFO |
| 2009-12-10 | Name : The remote Fedora host is missing a security update. File : fedora_2009-12604.nasl - Type : ACT_GATHER_INFO |
| 2009-12-10 | Name : The remote Fedora host is missing a security update. File : fedora_2009-12968.nasl - Type : ACT_GATHER_INFO |
| 2009-12-08 | Name : The remote Fedora host is missing a security update. File : fedora_2009-12750.nasl - Type : ACT_GATHER_INFO |
| 2009-12-08 | Name : The remote Fedora host is missing a security update. File : fedora_2009-12775.nasl - Type : ACT_GATHER_INFO |
| 2009-12-08 | Name : The remote Fedora host is missing a security update. File : fedora_2009-12782.nasl - Type : ACT_GATHER_INFO |
| 2009-12-08 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-323.nasl - Type : ACT_GATHER_INFO |
| 2009-12-02 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200912-01.nasl - Type : ACT_GATHER_INFO |
| 2009-11-24 | Name : The remote service allows insecure renegotiation of TLS / SSL connections. File : ssl_renegotiation.nasl - Type : ACT_GATHER_INFO |
| 2009-11-19 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_libopenssl-devel-091112.nasl - Type : ACT_GATHER_INFO |
| 2009-11-19 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_libopenssl-devel-091112.nasl - Type : ACT_GATHER_INFO |
| 2009-11-19 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_libopenssl-devel-091113.nasl - Type : ACT_GATHER_INFO |
| 2009-11-19 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-860-1.nasl - Type : ACT_GATHER_INFO |
| 2009-11-18 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12550.nasl - Type : ACT_GATHER_INFO |
| 2009-11-18 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_compat-openssl097g-091113.nasl - Type : ACT_GATHER_INFO |
| 2009-11-18 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_compat-openssl097g-091113.nasl - Type : ACT_GATHER_INFO |
| 2009-11-18 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_compat-openssl097g-091113.nasl - Type : ACT_GATHER_INFO |
| 2009-11-18 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_compat-openssl097g-6656.nasl - Type : ACT_GATHER_INFO |
| 2009-11-18 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_openssl-6654.nasl - Type : ACT_GATHER_INFO |
| 2009-11-17 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2009-320-01.nasl - Type : ACT_GATHER_INFO |
| 2009-11-17 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_compat-openssl097g-091113.nasl - Type : ACT_GATHER_INFO |
| 2009-11-17 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libopenssl-devel-091112.nasl - Type : ACT_GATHER_INFO |
| 2009-11-12 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1579.nasl - Type : ACT_GATHER_INFO |
| 2009-11-12 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1580.nasl - Type : ACT_GATHER_INFO |
| 2009-11-09 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-295.nasl - Type : ACT_GATHER_INFO |
| 2009-01-19 | Name : The remote host is missing Sun Security Patch number 128640-30 File : solaris10_128640.nasl - Type : ACT_GATHER_INFO |
| 2009-01-19 | Name : The remote host is missing Sun Security Patch number 128641-30 File : solaris10_x86_128641.nasl - Type : ACT_GATHER_INFO |
| 2009-01-19 | Name : The remote host is missing Sun Security Patch number 128640-30 File : solaris9_128640.nasl - Type : ACT_GATHER_INFO |
| 2009-01-19 | Name : The remote host is missing Sun Security Patch number 128641-30 File : solaris9_x86_128641.nasl - Type : ACT_GATHER_INFO |
| 2007-10-18 | Name : The remote host is missing Sun Security Patch number 124672-20 File : solaris8_124672.nasl - Type : ACT_GATHER_INFO |
| 2007-10-17 | Name : The remote host is missing Sun Security Patch number 124672-20 File : solaris10_124672.nasl - Type : ACT_GATHER_INFO |
| 2007-10-17 | Name : The remote host is missing Sun Security Patch number 124673-20 File : solaris10_x86_124673.nasl - Type : ACT_GATHER_INFO |
| 2007-10-17 | Name : The remote host is missing Sun Security Patch number 124672-20 File : solaris9_124672.nasl - Type : ACT_GATHER_INFO |
| 2007-10-17 | Name : The remote host is missing Sun Security Patch number 124673-20 File : solaris9_x86_124673.nasl - Type : ACT_GATHER_INFO |
| 2007-10-12 | Name : The remote host is missing Sun Security Patch number 125136-97 File : solaris10_125136.nasl - Type : ACT_GATHER_INFO |
| 2007-10-12 | Name : The remote host is missing Sun Security Patch number 125137-97 File : solaris10_125137.nasl - Type : ACT_GATHER_INFO |
| 2007-10-12 | Name : The remote host is missing Sun Security Patch number 125437-22 File : solaris10_125437.nasl - Type : ACT_GATHER_INFO |
| 2007-10-12 | Name : The remote host is missing Sun Security Patch number 125138-97 File : solaris10_x86_125138.nasl - Type : ACT_GATHER_INFO |
| 2007-10-12 | Name : The remote host is missing Sun Security Patch number 125139-97 File : solaris10_x86_125139.nasl - Type : ACT_GATHER_INFO |
| 2007-10-12 | Name : The remote host is missing Sun Security Patch number 125438-22 File : solaris10_x86_125438.nasl - Type : ACT_GATHER_INFO |
| 2007-10-12 | Name : The remote host is missing Sun Security Patch number 125136-97 File : solaris8_125136.nasl - Type : ACT_GATHER_INFO |
| 2007-10-12 | Name : The remote host is missing Sun Security Patch number 125137-97 File : solaris8_125137.nasl - Type : ACT_GATHER_INFO |
| 2007-10-12 | Name : The remote host is missing Sun Security Patch number 125437-22 File : solaris8_125437.nasl - Type : ACT_GATHER_INFO |
| 2007-10-12 | Name : The remote host is missing Sun Security Patch number 125138-97 File : solaris8_x86_125138.nasl - Type : ACT_GATHER_INFO |
| 2007-10-12 | Name : The remote host is missing Sun Security Patch number 125139-97 File : solaris8_x86_125139.nasl - Type : ACT_GATHER_INFO |
| 2007-10-12 | Name : The remote host is missing Sun Security Patch number 125136-97 File : solaris9_125136.nasl - Type : ACT_GATHER_INFO |
| 2007-10-12 | Name : The remote host is missing Sun Security Patch number 125137-97 File : solaris9_125137.nasl - Type : ACT_GATHER_INFO |
| 2007-10-12 | Name : The remote host is missing Sun Security Patch number 125437-22 File : solaris9_125437.nasl - Type : ACT_GATHER_INFO |
| 2007-10-12 | Name : The remote host is missing Sun Security Patch number 125138-97 File : solaris9_x86_125138.nasl - Type : ACT_GATHER_INFO |
| 2007-10-12 | Name : The remote host is missing Sun Security Patch number 125139-97 File : solaris9_x86_125139.nasl - Type : ACT_GATHER_INFO |
| 2007-10-12 | Name : The remote host is missing Sun Security Patch number 125438-22 File : solaris9_x86_125438.nasl - Type : ACT_GATHER_INFO |
| 2005-09-06 | Name : The remote host is missing Sun Security Patch number 118669-86 File : solaris10_x86_118669.nasl - Type : ACT_GATHER_INFO |
| 2005-09-06 | Name : The remote host is missing Sun Security Patch number 118669-86 File : solaris8_x86_118669.nasl - Type : ACT_GATHER_INFO |
| 2005-09-06 | Name : The remote host is missing Sun Security Patch number 118669-86 File : solaris9_x86_118669.nasl - Type : ACT_GATHER_INFO |
| 2005-08-18 | Name : The remote host is missing Sun Security Patch number 118666-86 File : solaris10_118666.nasl - Type : ACT_GATHER_INFO |
| 2005-08-18 | Name : The remote host is missing Sun Security Patch number 118667-86 File : solaris10_118667.nasl - Type : ACT_GATHER_INFO |
| 2005-08-18 | Name : The remote host is missing Sun Security Patch number 118668-86 File : solaris10_x86_118668.nasl - Type : ACT_GATHER_INFO |
| 2005-08-18 | Name : The remote host is missing Sun Security Patch number 118666-86 File : solaris8_118666.nasl - Type : ACT_GATHER_INFO |
| 2005-08-18 | Name : The remote host is missing Sun Security Patch number 118667-86 File : solaris8_118667.nasl - Type : ACT_GATHER_INFO |
| 2005-08-18 | Name : The remote host is missing Sun Security Patch number 118668-86 File : solaris8_x86_118668.nasl - Type : ACT_GATHER_INFO |
| 2005-08-18 | Name : The remote host is missing Sun Security Patch number 118666-86 File : solaris9_118666.nasl - Type : ACT_GATHER_INFO |
| 2005-08-18 | Name : The remote host is missing Sun Security Patch number 118667-86 File : solaris9_118667.nasl - Type : ACT_GATHER_INFO |
| 2005-08-18 | Name : The remote host is missing Sun Security Patch number 118668-86 File : solaris9_x86_118668.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2016-02-29 21:29:50 |
|
| 2016-02-24 09:28:57 |
|
| 2014-07-01 13:25:30 |
|
| 2014-06-29 17:24:29 |
|
