Executive Summary
Summary | |
---|---|
Title | Insight Control Suite For Linux (ICE-LX) Cross Site Request Forgery (CSRF) , Remote Execution of Arbitrary Code, Denial of Service (DoS), and Other Vulnerabilities |
Informations | |||
---|---|---|---|
Name | HPSBMA02447 SSRT090062 | First vendor Publication | 2009-08-12 |
Vendor | HP | Last vendor Modification | 2009-08-12 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Potential security vulnerabilities have been identified with Insight Control Suite For Linux (ICE-LX). The vulnerabilities could be remotely exploited to allow Cross Site Request Forgery (CSRF) , Remote Execution of Arbitrary Code, Denial of Service (DoS) and other vulnerabilities. |
Original Source
Url : http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01820968 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
33 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
33 % | CWE-20 | Improper Input Validation |
17 % | CWE-352 | Cross-Site Request Forgery (CSRF) (CWE/SANS Top 25) |
17 % | CWE-200 | Information Exposure |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10198 | |||
Oval ID: | oval:org.mitre.oval:def:10198 | ||
Title: | The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1) BMPString or (2) UniversalString with an invalid encoded length. | ||
Description: | The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1) BMPString or (2) UniversalString with an invalid encoded length. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-0590 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11279 | |||
Oval ID: | oval:org.mitre.oval:def:11279 | ||
Title: | Error handling in the SSH protocol in (1) SSH Tectia Client and Server and Connector 4.0 through 4.4.11, 5.0 through 5.2.4, and 5.3 through 5.3.8; Client and Server and ConnectSecure 6.0 through 6.0.4; Server for Linux on IBM System z 6.0.4; Server for IBM z/OS 5.5.1 and earlier, 6.0.0, and 6.0.1; and Client 4.0-J through 4.3.3-J and 4.0-K through 4.3.10-K; and (2) OpenSSH 4.7p1 and possibly other versions, when using a block cipher algorithm in Cipher Block Chaining (CBC) mode, makes it easier for remote attackers to recover certain plaintext data from an arbitrary block of ciphertext in an SSH session via unknown vectors. | ||
Description: | Error handling in the SSH protocol in (1) SSH Tectia Client and Server and Connector 4.0 through 4.4.11, 5.0 through 5.2.4, and 5.3 through 5.3.8; Client and Server and ConnectSecure 6.0 through 6.0.4; Server for Linux on IBM System z 6.0.4; Server for IBM z/OS 5.5.1 and earlier, 6.0.0, and 6.0.1; and Client 4.0-J through 4.3.3-J and 4.0-K through 4.3.10-K; and (2) OpenSSH 4.7p1 and possibly other versions, when using a block cipher algorithm in Cipher Block Chaining (CBC) mode, makes it easier for remote attackers to recover certain plaintext data from an arbitrary block of ciphertext in an SSH session via unknown vectors. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-5161 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13751 | |||
Oval ID: | oval:org.mitre.oval:def:13751 | ||
Title: | DSA-1763-1 openssl -- programming error | ||
Description: | It was discovered that insufficient length validations in the ASN.1 handling of the OpenSSL crypto library may lead to denial of service when processing a manipulated certificate. For the old stable distribution, this problem has been fixed in version 0.9.8c-4etch5 of the openssl package and in version 0.9.7k-3.1etch3 of the openssl097 package. For the stable distribution, this problem has been fixed in version 0.9.8g-15+lenny1. For the unstable distribution, this problem has been fixed in version 0.9.8g-16. We recommend that you upgrade your openssl packages. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1763-1 CVE-2009-0590 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 4.0 | Product(s): | openssl |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13799 | |||
Oval ID: | oval:org.mitre.oval:def:13799 | ||
Title: | USN-750-1 -- openssl vulnerability | ||
Description: | It was discovered that OpenSSL did not properly validate the length of an encoded BMPString or UniversalString when printing ASN.1 strings. If a user or automated system were tricked into processing a crafted certificate, an attacker could cause a denial of service via application crash in applications linked against OpenSSL. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-750-1 CVE-2009-0590 | Version: | 5 |
Platform(s): | Ubuntu 7.10 Ubuntu 8.04 Ubuntu 6.06 Ubuntu 8.10 | Product(s): | openssl |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17462 | |||
Oval ID: | oval:org.mitre.oval:def:17462 | ||
Title: | USN-600-1 -- rsync vulnerability | ||
Description: | Sebastian Krahmer discovered that rsync could overflow when handling ACLs. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-600-1 CVE-2008-1720 | Version: | 7 |
Platform(s): | Ubuntu 7.04 Ubuntu 7.10 | Product(s): | rsync |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17856 | |||
Oval ID: | oval:org.mitre.oval:def:17856 | ||
Title: | USN-685-1 -- net-snmp vulnerabilities | ||
Description: | Wes Hardaker discovered that the SNMP service did not correctly validate HMAC authentication requests. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-685-1 CVE-2008-0960 CVE-2008-2292 CVE-2008-4309 | Version: | 7 |
Platform(s): | Ubuntu 6.06 Ubuntu 7.10 Ubuntu 8.04 Ubuntu 8.10 | Product(s): | net-snmp |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18444 | |||
Oval ID: | oval:org.mitre.oval:def:18444 | ||
Title: | DSA-1545-1 rsync | ||
Description: | Sebastian Krahmer discovered that an integer overflow in rsync's code for handling extended attributes may lead to arbitrary code execution. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1545-1 CVE-2008-1720 | Version: | 7 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | rsync |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:19948 | |||
Oval ID: | oval:org.mitre.oval:def:19948 | ||
Title: | DSA-1663-1 net-snmp - several vulnerabilities | ||
Description: | Several vulnerabilities have been discovered in NET SNMP, a suite of Simple Network Management Protocol applications. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1663-1 CVE-2008-0960 CVE-2008-2292 CVE-2008-4309 | Version: | 5 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | net-snmp |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22168 | |||
Oval ID: | oval:org.mitre.oval:def:22168 | ||
Title: | ELSA-2008:0971: net-snmp security update (Important) | ||
Description: | Integer overflow in the netsnmp_create_subtree_cache function in agent/snmp_agent.c in net-snmp 5.4 before 5.4.2.1, 5.3 before 5.3.2.3, and 5.2 before 5.2.5.1 allows remote attackers to cause a denial of service (crash) via a crafted SNMP GETBULK request, which triggers a heap-based buffer overflow, related to the number of responses or repeats. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2008:0971-01 CVE-2008-4309 | Version: | 6 |
Platform(s): | Oracle Linux 5 | Product(s): | net-snmp |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22951 | |||
Oval ID: | oval:org.mitre.oval:def:22951 | ||
Title: | ELSA-2009:1287: openssh security, bug fix, and enhancement update (Low) | ||
Description: | Error handling in the SSH protocol in (1) SSH Tectia Client and Server and Connector 4.0 through 4.4.11, 5.0 through 5.2.4, and 5.3 through 5.3.8; Client and Server and ConnectSecure 6.0 through 6.0.4; Server for Linux on IBM System z 6.0.4; Server for IBM z/OS 5.5.1 and earlier, 6.0.0, and 6.0.1; and Client 4.0-J through 4.3.3-J and 4.0-K through 4.3.10-K; and (2) OpenSSH 4.7p1 and possibly other versions, when using a block cipher algorithm in Cipher Block Chaining (CBC) mode, makes it easier for remote attackers to recover certain plaintext data from an arbitrary block of ciphertext in an SSH session via unknown vectors. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2009:1287-02 CVE-2008-5161 | Version: | 6 |
Platform(s): | Oracle Linux 5 | Product(s): | openssh |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:25196 | |||
Oval ID: | oval:org.mitre.oval:def:25196 | ||
Title: | Vulnerability in OpenSSL before 0.9.8k, allows remote attackers to cause a denial of service (invalid memory access and application crash) | ||
Description: | The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1) BMPString or (2) UniversalString with an invalid encoded length. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-0590 | Version: | 3 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | OpenSSL |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:29197 | |||
Oval ID: | oval:org.mitre.oval:def:29197 | ||
Title: | RHSA-2008:0971 -- net-snmp security update (Important) | ||
Description: | Updated net-snmp packages that fix a security issue are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The Simple Network Management Protocol (SNMP) is a protocol used for network management. A denial-of-service flaw was found in the way Net-SNMP processes SNMP GETBULK requests. A remote attacker who issued a specially-crafted request could cause the snmpd server to crash. (CVE-2008-4309) | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2008:0971 CESA-2008:0971-CentOS 5 CESA-2008:0971-CentOS 3 CVE-2008-4309 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 5 CentOS Linux 3 | Product(s): | net-snmp |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:29350 | |||
Oval ID: | oval:org.mitre.oval:def:29350 | ||
Title: | RHSA-2009:1287 -- openssh security, bug fix, and enhancement update (Low) | ||
Description: | Updated openssh packages that fix a security issue, a bug, and add enhancements are now available for Red Hat Enterprise Linux 5. This update has been rated as having low security impact by the Red Hat Security Response Team. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2009:1287 CESA-2009:1287-CentOS 5 CVE-2008-5161 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | openssh |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6171 | |||
Oval ID: | oval:org.mitre.oval:def:6171 | ||
Title: | Net-snmp GETBULK Request Processing Bug Lets Remote Users Deny Service | ||
Description: | Integer overflow in the netsnmp_create_subtree_cache function in agent/snmp_agent.c in net-snmp 5.4 before 5.4.2.1, 5.3 before 5.3.2.3, and 5.2 before 5.2.5.1 allows remote attackers to cause a denial of service (crash) via a crafted SNMP GETBULK request, which triggers a heap-based buffer overflow, related to the number of responses or repeats. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-4309 | Version: | 3 |
Platform(s): | VMWare ESX Server 3 VMWare ESX Server 3.5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6353 | |||
Oval ID: | oval:org.mitre.oval:def:6353 | ||
Title: | Security Vulnerability in the SNMP daemon (snmpd(1M)) May Lead to a Denial of Service (DoS) Condition | ||
Description: | Integer overflow in the netsnmp_create_subtree_cache function in agent/snmp_agent.c in net-snmp 5.4 before 5.4.2.1, 5.3 before 5.3.2.3, and 5.2 before 5.2.5.1 allows remote attackers to cause a denial of service (crash) via a crafted SNMP GETBULK request, which triggers a heap-based buffer overflow, related to the number of responses or repeats. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-4309 | Version: | 1 |
Platform(s): | Sun Solaris 10 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6996 | |||
Oval ID: | oval:org.mitre.oval:def:6996 | ||
Title: | OpenSSL Multiple Vulnerabilities | ||
Description: | The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1) BMPString or (2) UniversalString with an invalid encoded length. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-0590 | Version: | 5 |
Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:7025 | |||
Oval ID: | oval:org.mitre.oval:def:7025 | ||
Title: | DSA-1663 net-snmp -- several vulnerabilities | ||
Description: | Several vulnerabilities have been discovered in NET SNMP, a suite of Simple Network Management Protocol applications. The Common Vulnerabilities and Exposures project identifies the following problems: Wes Hardaker reported that the SNMPv3 HMAC verification relies on the client to specify the HMAC length, which allows spoofing of authenticated SNMPv3 packets. John Kortink reported a buffer overflow in the __snprint_value function in snmp_get causing a denial of service and potentially allowing the execution of arbitrary code via a large OCTETSTRING in an attribute value pair (AVP). It was reported that an integer overflow in the netsnmp_create_subtree_cache function in agent/snmp_agent.c allows remote attackers to cause a denial of service attack via a crafted SNMP GETBULK request. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1663 CVE-2008-0960 CVE-2008-2292 CVE-2008-4309 | Version: | 3 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | net-snmp |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:8038 | |||
Oval ID: | oval:org.mitre.oval:def:8038 | ||
Title: | DSA-1763 openssl -- programming error | ||
Description: | It was discovered that insufficient length validations in the ASN.1 handling of the OpenSSL crypto library may lead to denial of service when processing a manipulated certificate. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1763 CVE-2009-0590 | Version: | 3 |
Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 4.0 | Product(s): | openssl |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9860 | |||
Oval ID: | oval:org.mitre.oval:def:9860 | ||
Title: | Integer overflow in the netsnmp_create_subtree_cache function in agent/snmp_agent.c in net-snmp 5.4 before 5.4.2.1, 5.3 before 5.3.2.3, and 5.2 before 5.2.5.1 allows remote attackers to cause a denial of service (crash) via a crafted SNMP GETBULK request, which triggers a heap-based buffer overflow, related to the number of responses or repeats. | ||
Description: | Integer overflow in the netsnmp_create_subtree_cache function in agent/snmp_agent.c in net-snmp 5.4 before 5.4.2.1, 5.3 before 5.3.2.3, and 5.2 before 5.2.5.1 allows remote attackers to cause a denial of service (crash) via a crafted SNMP GETBULK request, which triggers a heap-based buffer overflow, related to the number of responses or repeats. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-4309 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-06-21 | Name : PHP version smaller than 5.2.9 File : nvt/nopsec_php_5_2_9.nasl |
2012-04-16 | Name : VMSA-2010-0009: ESXi utilities and ESX Service Console third party updates File : nvt/gb_VMSA-2010-0009.nasl |
2011-08-09 | Name : CentOS Update for openssl CESA-2009:1335 centos5 i386 File : nvt/gb_CESA-2009_1335_openssl_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for openssh CESA-2009:1287 centos5 i386 File : nvt/gb_CESA-2009_1287_openssh_centos5_i386.nasl |
2010-05-12 | Name : Mac OS X Security Update 2009-005 File : nvt/macosx_secupd_2009-005.nasl |
2010-05-12 | Name : Mac OS X 10.5.7 Update / Mac OS X Security Update 2009-002 File : nvt/macosx_upd_10_5_7_secupd_2009-002.nasl |
2010-05-12 | Name : Mac OS X 10.6.2 Update / Mac OS X Security Update 2009-006 File : nvt/macosx_upd_10_6_2_secupd_2009-006.nasl |
2010-03-31 | Name : CentOS Update for openssl CESA-2010:0163 centos3 i386 File : nvt/gb_CESA-2010_0163_openssl_centos3_i386.nasl |
2010-03-31 | Name : CentOS Update for openssl CESA-2010:0163 centos4 i386 File : nvt/gb_CESA-2010_0163_openssl_centos4_i386.nasl |
2010-03-31 | Name : RedHat Update for openssl RHSA-2010:0163-01 File : nvt/gb_RHSA-2010_0163-01_openssl.nasl |
2010-01-07 | Name : Gentoo Security Advisory GLSA 201001-03 (php) File : nvt/glsa_201001_03.nasl |
2009-11-17 | Name : Mac OS X Version File : nvt/macosx_version.nasl |
2009-10-13 | Name : SLES10: Security update for compat-openssl097g File : nvt/sles10_compat-openssl0.nasl |
2009-10-13 | Name : SLES10: Security update for PHP5 File : nvt/sles10_apache2-mod_php3.nasl |
2009-10-13 | Name : SLES10: Security update for net-snmp File : nvt/sles10_net-snmp.nasl |
2009-10-13 | Name : SLES10: Security update for OpenSSL File : nvt/sles10_openssl1.nasl |
2009-10-13 | Name : Solaris Update for sshd 141742-04 File : nvt/gb_solaris_141742_04.nasl |
2009-10-13 | Name : Solaris Update for sshd 140119-11 File : nvt/gb_solaris_140119_11.nasl |
2009-10-11 | Name : SLES11: Security update for PHP5 File : nvt/sles11_apache2-mod_php0.nasl |
2009-10-11 | Name : SLES11: Security update for OpenSSL File : nvt/sles11_libopenssl0_9_8.nasl |
2009-10-10 | Name : SLES9: Security update for OpenSSL File : nvt/sles9p5048397.nasl |
2009-10-10 | Name : SLES9: Security update for net-snmp File : nvt/sles9p5041460.nasl |
2009-09-23 | Name : Solaris Update for sshd 141742-02 File : nvt/gb_solaris_141742_02.nasl |
2009-09-23 | Name : Solaris Update for sshd 140119-09 File : nvt/gb_solaris_140119_09.nasl |
2009-09-23 | Name : Solaris Update for sshd 140119-07 File : nvt/gb_solaris_140119_07.nasl |
2009-09-21 | Name : CentOS Security Advisory CESA-2009:1287 (openssh) File : nvt/ovcesa2009_1287.nasl |
2009-09-21 | Name : CentOS Security Advisory CESA-2009:1335 (openssl) File : nvt/ovcesa2009_1335.nasl |
2009-09-09 | Name : RedHat Security Advisory RHSA-2009:1335 File : nvt/RHSA_2009_1335.nasl |
2009-09-09 | Name : RedHat Security Advisory RHSA-2009:1287 File : nvt/RHSA_2009_1287.nasl |
2009-07-29 | Name : Mandrake Security Advisory MDVSA-2009:156 (net-snmp) File : nvt/mdksa_2009_156.nasl |
2009-07-17 | Name : HP-UX Update for OpenSSL HPSBUX02435 File : nvt/gb_hp_ux_HPSBUX02435.nasl |
2009-07-06 | Name : SuSE Security Summary SUSE-SR:2009:012 File : nvt/suse_sr_2009_012.nasl |
2009-05-20 | Name : SuSE Security Summary SUSE-SR:2009:010 File : nvt/suse_sr_2009_010.nasl |
2009-05-11 | Name : FreeBSD Ports: FreeBSD File : nvt/freebsd_FreeBSD.nasl |
2009-04-28 | Name : FreeBSD Security Advisory (FreeBSD-SA-09:08.openssl.asc) File : nvt/freebsdsa_openssl7.nasl |
2009-04-23 | Name : Denial Of Service Vulnerability in PHP April-09 File : nvt/gb_php_dos_vuln_apr09.nasl |
2009-04-23 | Name : OpenSSH CBC Mode Information Disclosure Vulnerability File : nvt/openssh_32319_remote.nasl |
2009-04-15 | Name : Debian Security Advisory DSA 1763-1 (openssl) File : nvt/deb_1763_1.nasl |
2009-04-15 | Name : Gentoo Security Advisory GLSA 200904-08 (openssl) File : nvt/glsa_200904_08.nasl |
2009-04-09 | Name : Mandriva Update for net-snmp MDVSA-2008:225 (net-snmp) File : nvt/gb_mandriva_MDVSA_2008_225.nasl |
2009-04-09 | Name : Mandriva Update for rsync MDVSA-2008:084 (rsync) File : nvt/gb_mandriva_MDVSA_2008_084.nasl |
2009-04-06 | Name : Ubuntu USN-750-1 (openssl) File : nvt/ubuntu_750_1.nasl |
2009-04-06 | Name : Ubuntu USN-749-1 (libsndfile) File : nvt/ubuntu_749_1.nasl |
2009-04-06 | Name : Mandrake Security Advisory MDVSA-2009:087 (openssl) File : nvt/mdksa_2009_087.nasl |
2009-04-02 | Name : OpenSSL Multiple Vulnerabilities (Linux) File : nvt/gb_openssl_mult_vuln_lin.nasl |
2009-04-02 | Name : OpenSSL Multiple Vulnerabilities (Win) File : nvt/gb_openssl_mult_vuln_win.nasl |
2009-03-23 | Name : Ubuntu Update for rsync vulnerability USN-600-1 File : nvt/gb_ubuntu_USN_600_1.nasl |
2009-03-23 | Name : Ubuntu Update for net-snmp vulnerabilities USN-685-1 File : nvt/gb_ubuntu_USN_685_1.nasl |
2009-03-06 | Name : RedHat Update for net-snmp RHSA-2008:0971-01 File : nvt/gb_RHSA-2008_0971-01_net-snmp.nasl |
2009-02-27 | Name : CentOS Update for net-snmp CESA-2008:0971 centos3 x86_64 File : nvt/gb_CESA-2008_0971_net-snmp_centos3_x86_64.nasl |
2009-02-27 | Name : CentOS Update for net-snmp CESA-2008:0971 centos3 i386 File : nvt/gb_CESA-2008_0971_net-snmp_centos3_i386.nasl |
2009-02-18 | Name : Fedora Core 10 FEDORA-2009-1769 (net-snmp) File : nvt/fcore_2009_1769.nasl |
2009-02-17 | Name : Fedora Update for rsync FEDORA-2008-3060 File : nvt/gb_fedora_2008_3060_rsync_fc7.nasl |
2009-02-17 | Name : Fedora Update for net-snmp FEDORA-2008-9362 File : nvt/gb_fedora_2008_9362_net-snmp_fc8.nasl |
2009-02-17 | Name : Fedora Update for net-snmp FEDORA-2008-9367 File : nvt/gb_fedora_2008_9367_net-snmp_fc9.nasl |
2009-02-17 | Name : Fedora Update for rsync FEDORA-2008-3047 File : nvt/gb_fedora_2008_3047_rsync_fc8.nasl |
2009-02-16 | Name : Fedora Update for net-snmp FEDORA-2008-10451 File : nvt/gb_fedora_2008_10451_net-snmp_fc10.nasl |
2009-02-02 | Name : SuSE Security Summary SUSE-SR:2009:003 File : nvt/suse_sr_2009_003.nasl |
2009-01-26 | Name : Gentoo Security Advisory GLSA 200901-15 (net-snmp) File : nvt/glsa_200901_15.nasl |
2008-12-02 | Name : OpenSSH CBC Mode Information Disclosure Vulnerability File : nvt/secpod_openssh_information_disclosure_vuln_900179.nasl |
2008-11-19 | Name : FreeBSD Ports: net-snmp File : nvt/freebsd_net-snmp2.nasl |
2008-11-19 | Name : Debian Security Advisory DSA 1663-1 (net-snmp) File : nvt/deb_1663_1.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200804-16 (rsync) File : nvt/glsa_200804_16.nasl |
2008-04-21 | Name : Debian Security Advisory DSA 1545-1 (rsync) File : nvt/deb_1545_1.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2009-098-01 openssl File : nvt/esoft_slk_ssa_2009_098_01.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2008-320-02 net-snmp File : nvt/esoft_slk_ssa_2008_320_02.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
62881 | SSH Tectia Audit Player ASN1_STRING_print_ex() Function BMPString / Universal... |
57134 | HP Insight Control Suite For Linux Unspecified CSRF |
53440 | PHP php_zip.c php_zip_make_relative_path Function ZIP File Handling DoS |
52864 | OpenSSL ASN1_STRING_print_ex() Function BMPString / UniversalString Handling DoS |
50036 | OpenSSH CBC Mode Chosen Ciphertext 32-bit Chunk Plaintext Context Disclosure |
50035 | SSH Tectia Multiple Products CBC Mode Chosen Ciphertext 32-bit Chunk Plaintex... |
49524 | Net-SNMP getbulk Code Response / Repeat Saturation Remote DoS |
44368 | rsync Extended Attribute (xattr) Support Unspecified Overflow |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2009-02-05 | IAVM : 2009-B-0006 - Multiple Vulnerabilities in VMware Severity : Category I - VMSKEY : V0018295 |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2016-03-08 | Name : The remote VMware ESX host is missing a security-related patch. File : vmware_VMSA-2010-0019_remote.nasl - Type : ACT_GATHER_INFO |
2016-03-08 | Name : The remote VMware ESX / ESXi host is missing a security-related patch. File : vmware_VMSA-2010-0009_remote.nasl - Type : ACT_GATHER_INFO |
2016-03-08 | Name : The remote VMware ESX host is missing a security-related patch. File : vmware_VMSA-2010-0004_remote.nasl - Type : ACT_GATHER_INFO |
2014-10-10 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL14609.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_compat-openssl097g-110721.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_compat-openssl097g-110721.nasl - Type : ACT_GATHER_INFO |
2014-05-12 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201405-06.nasl - Type : ACT_GATHER_INFO |
2014-04-16 | Name : The remote AIX host is running a vulnerable version of OpenSSH. File : aix_openssh_advisory.nasl - Type : ACT_GATHER_INFO |
2013-10-28 | Name : The SSH server is configured to use Cipher Block Chaining. File : ssh_cbc_supported_ciphers.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0971.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0163.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1335.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100325_openssl_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090902_openssl_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090902_openssh_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20081103_net_snmp_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2012-01-04 | Name : The remote server is affected by multiple vulnerabilities. File : openssl_0_9_8k.nasl - Type : ACT_GATHER_INFO |
2011-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_compat-openssl097g-7645.nasl - Type : ACT_GATHER_INFO |
2011-09-27 | Name : The SSH service running on the remote host has an information disclosure vuln... File : openssh_plaintext_recovery.nasl - Type : ACT_GATHER_INFO |
2011-08-29 | Name : The SSH service running on the remote host has an information disclosure vuln... File : sunssh_plaintext_recovery.nasl - Type : ACT_GATHER_INFO |
2011-07-28 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_compat-openssl097g-7644.nasl - Type : ACT_GATHER_INFO |
2011-07-28 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_compat-openssl097g-110721.nasl - Type : ACT_GATHER_INFO |
2010-12-17 | Name : The remote network device is affected by multiple remote vulnerabilities. File : airport_firmware_7_5_2.nasl - Type : ACT_GATHER_INFO |
2010-12-08 | Name : The remote VMware ESX host is missing one or more security-related patches. File : vmware_VMSA-2010-0019.nasl - Type : ACT_GATHER_INFO |
2010-06-01 | Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2010-0009.nasl - Type : ACT_GATHER_INFO |
2010-05-11 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0163.nasl - Type : ACT_GATHER_INFO |
2010-03-26 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0163.nasl - Type : ACT_GATHER_INFO |
2010-03-05 | Name : The remote VMware ESX host is missing one or more security-related patches. File : vmware_VMSA-2010-0004.nasl - Type : ACT_GATHER_INFO |
2010-02-25 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201001-03.nasl - Type : ACT_GATHER_INFO |
2010-02-17 | Name : The remote VMware ESX host is missing a security-related patch. File : vmware_VMSA-2010-0003.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1287.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1335.nasl - Type : ACT_GATHER_INFO |
2009-11-09 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2009-006.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_compat-openssl097g-6170.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12397.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12298.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_apache2-mod_php5-090618.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_openssl-6179.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_compat-openssl097g-090416.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libopenssl-devel-090415.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_apache2-mod_php5-6311.nasl - Type : ACT_GATHER_INFO |
2009-09-11 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2009-005.nasl - Type : ACT_GATHER_INFO |
2009-09-02 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1287.nasl - Type : ACT_GATHER_INFO |
2009-07-27 | Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2009-0001.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_libopenssl-devel-090415.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_compat-openssl097g-090416.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_libopenssl-devel-090415.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_libsnmp15-081121.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_compat-openssl097g-090416.nasl - Type : ACT_GATHER_INFO |
2009-05-13 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_10_5_7.nasl - Type : ACT_GATHER_INFO |
2009-05-13 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2009-002.nasl - Type : ACT_GATHER_INFO |
2009-05-08 | Name : The remote host is missing a security update File : freebsd_pkg_fbc8413f2f7a11de9a3f001b77d09812.nasl - Type : ACT_GATHER_INFO |
2009-04-30 | Name : The remote openSUSE host is missing a security update. File : suse_libopenssl-devel-6173.nasl - Type : ACT_GATHER_INFO |
2009-04-30 | Name : The remote openSUSE host is missing a security update. File : suse_compat-openssl097g-6175.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Fedora host is missing a security update. File : fedora_2009-1769.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing a security update. File : mandriva_MDVSA-2008-084.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-685-1.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Fedora host is missing a security update. File : fedora_2008-10451.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-750-1.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0971.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-087.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-225.nasl - Type : ACT_GATHER_INFO |
2009-04-08 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2009-098-01.nasl - Type : ACT_GATHER_INFO |
2009-04-07 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1763.nasl - Type : ACT_GATHER_INFO |
2009-04-07 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200904-08.nasl - Type : ACT_GATHER_INFO |
2009-02-27 | Name : The remote web server uses a version of PHP that is affected by multiple flaws. File : php_5_2_9.nasl - Type : ACT_GATHER_INFO |
2009-01-26 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_net-snmp-5807.nasl - Type : ACT_GATHER_INFO |
2009-01-22 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200901-15.nasl - Type : ACT_GATHER_INFO |
2008-12-03 | Name : The remote openSUSE host is missing a security update. File : suse_libsnmp15-5808.nasl - Type : ACT_GATHER_INFO |
2008-11-17 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2008-320-02.nasl - Type : ACT_GATHER_INFO |
2008-11-14 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_daf045d7b21111dda987000c29ca8953.nasl - Type : ACT_GATHER_INFO |
2008-11-09 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1663.nasl - Type : ACT_GATHER_INFO |
2008-11-06 | Name : The remote Fedora host is missing a security update. File : fedora_2008-9367.nasl - Type : ACT_GATHER_INFO |
2008-11-06 | Name : The remote Fedora host is missing a security update. File : fedora_2008-9362.nasl - Type : ACT_GATHER_INFO |
2008-11-04 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0971.nasl - Type : ACT_GATHER_INFO |
2008-05-01 | Name : The remote openSUSE host is missing a security update. File : suse_rsync-5207.nasl - Type : ACT_GATHER_INFO |
2008-04-22 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200804-16.nasl - Type : ACT_GATHER_INFO |
2008-04-18 | Name : The remote Fedora host is missing a security update. File : fedora_2008-3060.nasl - Type : ACT_GATHER_INFO |
2008-04-18 | Name : The remote Fedora host is missing a security update. File : fedora_2008-3047.nasl - Type : ACT_GATHER_INFO |
2008-04-17 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-600-1.nasl - Type : ACT_GATHER_INFO |
2008-04-17 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1545.nasl - Type : ACT_GATHER_INFO |
2007-06-04 | Name : The remote host is missing Sun Security Patch number 120273-42 File : solaris10_x86_120273.nasl - Type : ACT_GATHER_INFO |
2007-05-20 | Name : The remote host is missing Sun Security Patch number 120272-40 File : solaris10_120272.nasl - Type : ACT_GATHER_INFO |
2007-03-18 | Name : The remote host is missing Sun Security Patch number 122300-61 File : solaris9_122300.nasl - Type : ACT_GATHER_INFO |
2007-03-18 | Name : The remote host is missing Sun Security Patch number 122301-61 File : solaris9_x86_122301.nasl - Type : ACT_GATHER_INFO |