Executive Summary
Informations | |||
---|---|---|---|
Name | MDVSA-2009:346 | First vendor Publication | 2009-12-29 |
Vendor | Mandriva | Last vendor Modification | 2009-12-29 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Mandriva Linux 2008.0 was released with KDE version 3.5.7. This update upgrades KDE in Mandriva Linux 2008.0 to version 3.5.10, which brings many bugfixes, overall improvements and many security fixes. kdegraphics contains security fixes for CVE-2009-3603,3604,3605,3606,3608,3609,0146,0147,0165,0166,0799,0800,1179,1180,1181,1182,1183 kdelibs contains security fixes for CVE-2009-0689,1687,1690,1698,2702,1725,2537 Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. |
Original Source
Url : http://www.mandriva.com/security/advisories?name=MDVSA-2009:346 |
CAPEC : Common Attack Pattern Enumeration & Classification
Id | Name |
---|---|
CAPEC-8 | Buffer Overflow in an API Call |
CAPEC-9 | Buffer Overflow in Local Command-Line Utilities |
CAPEC-10 | Buffer Overflow via Environment Variables |
CAPEC-14 | Client-side Injection-induced Buffer Overflow |
CAPEC-24 | Filter Failure through Buffer Overflow |
CAPEC-42 | MIME Conversion |
CAPEC-44 | Overflow Binary Resource File |
CAPEC-45 | Buffer Overflow via Symbolic Links |
CAPEC-46 | Overflow Variables and Tags |
CAPEC-47 | Buffer Overflow via Parameter Expansion |
CAPEC-100 | Overflow Buffers |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
50 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:12913 | |||
Oval ID: | oval:org.mitre.oval:def:12913 | ||
Title: | DSA-1998-1 kdelibs -- buffer overflow | ||
Description: | Maksymilian Arciemowicz discovered a buffer overflow in the internal string routines of the KDE core libraries, which could lead to the execution of arbitrary code. For the stable distribution, this problem has been fixed in version 4:3.5.10.dfsg.1-0lenny4. For the unstable distribution, this problem has been fixed in version 4:3.5.10.dfsg.1-3. We recommend that you upgrade your kdelibs packages. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1998-1 CVE-2009-0689 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | kdelibs |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13490 | |||
Oval ID: | oval:org.mitre.oval:def:13490 | ||
Title: | USN-871-1 -- kdelibs vulnerability | ||
Description: | A buffer overflow was found in the KDE libraries when converting a string to a floating point number. If a user or application linked against kdelibs were tricked into processing crafted input, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. It was discovered that the KDE libraries could use KHTML to process an unknown MIME type. If a user or application linked against kdelibs were tricked into opening a crafted file, an attacker could potentially trigger XMLHTTPRequests to remote sites. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-871-1 CVE-2009-0689 | Version: | 5 |
Platform(s): | Ubuntu 8.04 Ubuntu 8.10 Ubuntu 9.10 Ubuntu 9.04 | Product(s): | kdelibs |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22669 | |||
Oval ID: | oval:org.mitre.oval:def:22669 | ||
Title: | ELSA-2009:1601: kdelibs security update (Critical) | ||
Description: | Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4, K-Meleon 1.5.3, SeaMonkey 1.1.8, and other products, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large precision value in the format argument to a printf function, which triggers incorrect memory allocation and a heap-based buffer overflow during conversion to a floating-point number. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2009:1601-01 CVE-2009-0689 | Version: | 6 |
Platform(s): | Oracle Linux 5 | Product(s): | kdelibs |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:23947 | |||
Oval ID: | oval:org.mitre.oval:def:23947 | ||
Title: | ELSA-2014:0311: php security update (Critical) | ||
Description: | Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4, K-Meleon 1.5.3, SeaMonkey 1.1.8, and other products, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large precision value in the format argument to a printf function, which triggers incorrect memory allocation and a heap-based buffer overflow during conversion to a floating-point number. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2014:0311-00 CVE-2006-7243 CVE-2009-0689 | Version: | 7 |
Platform(s): | Oracle Linux 5 | Product(s): | php |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:24079 | |||
Oval ID: | oval:org.mitre.oval:def:24079 | ||
Title: | RHSA-2014:0311: php security update (Critical) | ||
Description: | PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the way PHP parsed floating point numbers from their text representation. If a PHP application converted untrusted input strings to numbers, an attacker able to provide such input could cause the application to crash or, possibly, execute arbitrary code with the privileges of the application. (CVE-2009-0689) It was found that PHP did not properly handle file names with a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. (CVE-2006-7243) All php users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2014:0311-00 CESA-2014:0311 CVE-2006-7243 CVE-2009-0689 | Version: | 11 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | php |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:25660 | |||
Oval ID: | oval:org.mitre.oval:def:25660 | ||
Title: | SUSE-SU-2013:1828-1 -- Security update for ruby | ||
Description: | The following security issue has been fixed: * CVE-2013-4164: heap overflow in float point parsing | ||
Family: | unix | Class: | patch |
Reference(s): | SUSE-SU-2013:1828-1 CVE-2013-4164 CVE-2009-0689 | Version: | 3 |
Platform(s): | SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Desktop 11 | Product(s): | ruby |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:29365 | |||
Oval ID: | oval:org.mitre.oval:def:29365 | ||
Title: | RHSA-2009:1601 -- kdelibs security update (Critical) | ||
Description: | Updated kdelibs packages that fix one security issue are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. The kdelibs packages provide libraries for the K Desktop Environment (KDE). A buffer overflow flaw was found in the kdelibs string to floating point conversion routines. A web page containing malicious JavaScript could crash Konqueror or, potentially, execute arbitrary code with the privileges of the user running Konqueror. (CVE-2009-0689) | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2009:1601 CESA-2009:1601-CentOS 5 CVE-2009-0689 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 4 CentOS Linux 5 | Product(s): | kdelibs |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6528 | |||
Oval ID: | oval:org.mitre.oval:def:6528 | ||
Title: | Mozilla Firefox Floating Point Memory Allocation Vulnerability | ||
Description: | Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4, K-Meleon 1.5.3, SeaMonkey 1.1.8, and other products, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large precision value in the format argument to a printf function, which triggers incorrect memory allocation and a heap-based buffer overflow during conversion to a floating-point number. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-0689 | Version: | 10 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Mozilla Firefox |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:6826 | |||
Oval ID: | oval:org.mitre.oval:def:6826 | ||
Title: | DSA-1998 kdelibs -- buffer overflow | ||
Description: | Maksymilian Arciemowicz discovered a buffer overflow in the internal string routines of the KDE core libraries, which could lead to the execution of arbitrary code. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1998 CVE-2009-0689 | Version: | 7 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | kdelibs |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9541 | |||
Oval ID: | oval:org.mitre.oval:def:9541 | ||
Title: | Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4, K-Meleon 1.5.3, SeaMonkey 1.1.8, and other products, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large precision value in the format argument to a printf function, which triggers incorrect memory allocation and a heap-based buffer overflow during conversion to a floating-point number. | ||
Description: | Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4, K-Meleon 1.5.3, SeaMonkey 1.1.8, and other products, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large precision value in the format argument to a printf function, which triggers incorrect memory allocation and a heap-based buffer overflow during conversion to a floating-point number. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-0689 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9671 | |||
Oval ID: | oval:org.mitre.oval:def:9671 | ||
Title: | Integer overflow in the SplashBitmap::SplashBitmap function in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1 might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1188. | ||
Description: | Integer overflow in the SplashBitmap::SplashBitmap function in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1 might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1188. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-3603 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
ExploitDB Exploits
id | Description |
---|---|
2009-12-11 | Sunbird 0.9 Array Overrun (code execution) 0day |
2009-11-19 | Opera 10.01 Remote Array Overrun |
2009-11-19 | K-Meleon 1.5.3 Remote Array Overrun |
2009-11-19 | SeaMonkey 1.1.8 Remote Array Overrun |
2009-11-19 | KDE KDELibs 4.3.3 Remote Array Overrun |
OpenVAS Exploits
Date | Description |
---|---|
2011-11-18 | Name : Mandriva Update for poppler MDVSA-2011:175 (poppler) File : nvt/gb_mandriva_MDVSA_2011_175.nasl |
2011-08-09 | Name : CentOS Update for firefox CESA-2009:1530 centos4 i386 File : nvt/gb_CESA-2009_1530_firefox_centos4_i386.nasl |
2011-08-09 | Name : CentOS Update for poppler CESA-2009:1504 centos5 i386 File : nvt/gb_CESA-2009_1504_poppler_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for seamonkey CESA-2009:1531 centos3 i386 File : nvt/gb_CESA-2009_1531_seamonkey_centos3_i386.nasl |
2011-08-09 | Name : CentOS Update for thunderbird CESA-2010:0153 centos5 i386 File : nvt/gb_CESA-2010_0153_thunderbird_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for kdelibs CESA-2009:1601 centos5 i386 File : nvt/gb_CESA-2009_1601_kdelibs_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for seamonkey CESA-2009:1531 centos4 i386 File : nvt/gb_CESA-2009_1531_seamonkey_centos4_i386.nasl |
2011-08-09 | Name : CentOS Update for kdelibs CESA-2009:1601 centos4 i386 File : nvt/gb_CESA-2009_1601_kdelibs_centos4_i386.nasl |
2010-06-03 | Name : Debian Security Advisory DSA 2050-1 (kdegraphics) File : nvt/deb_2050_1.nasl |
2010-05-12 | Name : Mac OS X 10.6.3 Update / Mac OS X Security Update 2010-002 File : nvt/macosx_upd_10_6_3_secupd_2010-002.nasl |
2010-04-29 | Name : Fedora Update for seamonkey FEDORA-2010-7100 File : nvt/gb_fedora_2010_7100_seamonkey_fc11.nasl |
2010-04-21 | Name : Debian Security Advisory DSA 2028-1 (xpdf) File : nvt/deb_2028_1.nasl |
2010-03-30 | Name : FreeBSD Ports: seamonkey, linux-seamonkey File : nvt/freebsd_seamonkey.nasl |
2010-03-22 | Name : Ubuntu Update for thunderbird vulnerabilities USN-915-1 File : nvt/gb_ubuntu_USN_915_1.nasl |
2010-03-22 | Name : CentOS Update for thunderbird CESA-2010:0154 centos4 i386 File : nvt/gb_CESA-2010_0154_thunderbird_centos4_i386.nasl |
2010-03-22 | Name : RedHat Update for thunderbird RHSA-2010:0154-02 File : nvt/gb_RHSA-2010_0154-02_thunderbird.nasl |
2010-03-12 | Name : Mandriva Update for poppler MDVSA-2010:055 (poppler) File : nvt/gb_mandriva_MDVSA_2010_055.nasl |
2010-03-12 | Name : Mandriva Update for mandriva-release MDVA-2010:087 (mandriva-release) File : nvt/gb_mandriva_MDVA_2010_087.nasl |
2010-03-02 | Name : Fedora Update for pdfedit FEDORA-2010-1377 File : nvt/gb_fedora_2010_1377_pdfedit_fc12.nasl |
2010-03-02 | Name : Fedora Update for pdfedit FEDORA-2010-1842 File : nvt/gb_fedora_2010_1842_pdfedit_fc11.nasl |
2010-02-25 | Name : Debian Security Advisory DSA 1998-1 (kdelibs) File : nvt/deb_1998_1.nasl |
2010-01-29 | Name : Mandriva Update for kdelibs4 MDVSA-2010:027 (kdelibs4) File : nvt/gb_mandriva_MDVSA_2010_027.nasl |
2010-01-29 | Name : Mandriva Update for kdelibs4 MDVSA-2010:028 (kdelibs4) File : nvt/gb_mandriva_MDVSA_2010_028.nasl |
2009-12-14 | Name : Mandriva Security Advisory MDVSA-2009:330 (kdelibs) File : nvt/mdksa_2009_330.nasl |
2009-12-14 | Name : SLES11: Security update for kdelibs3 File : nvt/sles11_kdelibs3.nasl |
2009-12-10 | Name : FreeBSD Ports: opera File : nvt/freebsd_opera19.nasl |
2009-12-10 | Name : Mandriva Security Advisory MDVSA-2009:287-1 (xpdf) File : nvt/mdksa_2009_287_1.nasl |
2009-12-10 | Name : Mandriva Security Advisory MDVSA-2009:290-1 (firefox) File : nvt/mdksa_2009_290_1.nasl |
2009-12-03 | Name : RedHat Security Advisory RHSA-2009:1601 File : nvt/RHSA_2009_1601.nasl |
2009-11-23 | Name : Ubuntu USN-853-1 (xulrunner-1.9.1) File : nvt/ubuntu_853_1.nasl |
2009-11-23 | Name : Ubuntu USN-850-3 (poppler) File : nvt/ubuntu_850_3.nasl |
2009-11-11 | Name : RedHat Security Advisory RHSA-2009:1531 File : nvt/RHSA_2009_1531.nasl |
2009-11-11 | Name : SLES10: Security update for xpdf File : nvt/sles10_xpdf2.nasl |
2009-11-11 | Name : SLES10: Security update for Mozilla XULRunner File : nvt/sles10_mozilla-xulrunn0.nasl |
2009-11-11 | Name : SLES10: Security update for mozilla-nspr File : nvt/sles10_mozilla-nspr0.nasl |
2009-11-11 | Name : SLES10: Security update for Mozilla Firefox File : nvt/sles10_MozillaFirefox7.nasl |
2009-11-11 | Name : CentOS Security Advisory CESA-2009:1531 (seamonkey) File : nvt/ovcesa2009_1531.nasl |
2009-11-11 | Name : CentOS Security Advisory CESA-2009:1530 (firefox) File : nvt/ovcesa2009_1530.nasl |
2009-11-11 | Name : CentOS Security Advisory CESA-2009:1504 (poppler) File : nvt/ovcesa2009_1504.nasl |
2009-11-11 | Name : Debian Security Advisory DSA 1931-1 (nspr) File : nvt/deb_1931_1.nasl |
2009-11-11 | Name : SLES11: Security update for Mozilla Firefox File : nvt/sles11_MozillaFirefox7.nasl |
2009-11-11 | Name : Mandriva Security Advisory MDVSA-2009:290 (firefox) File : nvt/mdksa_2009_290.nasl |
2009-11-11 | Name : SLES11: Security update for Mozilla File : nvt/sles11_mozilla-nspr.nasl |
2009-11-11 | Name : SLES11: Security update for Mozilla XULRunner File : nvt/sles11_mozilla-xulrunn1.nasl |
2009-11-11 | Name : SuSE Security Advisory SUSE-SA:2009:052 (MozillaFirefox) File : nvt/suse_sa_2009_052.nasl |
2009-11-11 | Name : Fedora Core 10 FEDORA-2009-10823 (poppler) File : nvt/fcore_2009_10823.nasl |
2009-11-11 | Name : Fedora Core 11 FEDORA-2009-10845 (poppler) File : nvt/fcore_2009_10845.nasl |
2009-11-11 | Name : Fedora Core 11 FEDORA-2009-10878 (chmsee) File : nvt/fcore_2009_10878.nasl |
2009-11-11 | Name : Fedora Core 10 FEDORA-2009-10981 (blam) File : nvt/fcore_2009_10981.nasl |
2009-11-11 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox42.nasl |
2009-11-11 | Name : SuSE Security Summary SUSE-SR:2009:018 File : nvt/suse_sr_2009_018.nasl |
2009-11-11 | Name : RedHat Security Advisory RHSA-2009:1530 File : nvt/RHSA_2009_1530.nasl |
2009-11-02 | Name : Mozilla Firefox Multiple Vulnerabilities Nov-09 (Linux) File : nvt/gb_firefox_mult_vuln_nov09_lin.nasl |
2009-11-02 | Name : Mozilla Firefox Multiple Vulnerabilities Nov-09 (Win) File : nvt/gb_firefox_mult_vuln_nov09_win.nasl |
2009-10-27 | Name : Mandrake Security Advisory MDVSA-2009:287 (xpdf) File : nvt/mdksa_2009_287.nasl |
2009-10-27 | Name : Fedora Core 11 FEDORA-2009-10648 (xpdf) File : nvt/fcore_2009_10648.nasl |
2009-10-27 | Name : Fedora Core 10 FEDORA-2009-10694 (xpdf) File : nvt/fcore_2009_10694.nasl |
2009-10-27 | Name : Ubuntu USN-850-1 (poppler) File : nvt/ubuntu_850_1.nasl |
2009-10-27 | Name : FreeBSD Ports: xpdf File : nvt/freebsd_xpdf4.nasl |
2009-10-19 | Name : RedHat Security Advisory RHSA-2009:1504 File : nvt/RHSA_2009_1504.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2009-302-01 xpdf File : nvt/esoft_slk_ssa_2009_302_01.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2009-302-02 poppler File : nvt/esoft_slk_ssa_2009_302_02.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
63646 | J Programming Language libc dtoa Implementation Floating Point Parsing Memory... |
63641 | Matlab libc dtoa Implementation Floating Point Parsing Memory Corruption |
63639 | Apple Mac OS X libc dtoa Implementation Floating Point Parsing Memory Corruption |
62402 | K-Meleon libc dtoa Implementation Floating Point Parsing Memory Corruption |
61189 | Mozilla Sunbird libc dtoa Implementation Floating Point Parsing Memory Corrup... |
61188 | Flock Browser libc dtoa Implementation Floating Point Parsing Memory Corruption |
61187 | KDE kdelibs libc dtoa Implementation Floating Point Parsing Memory Corruption |
61186 | Opera libc dtoa Implementation Floating Point Parsing Memory Corruption |
61091 | Mozilla Multiple Products libc dtoa Implementation Floating Point Parsing Mem... |
59178 | Poppler SplashBitmap::SplashBitmap Function PDF Handling Overflow |
59177 | Xpdf SplashBitmap::SplashBitmap Function PDF Handling Overflow |
55603 | libc gdtoa/misc.c dtoa() Implementation printf Function Array Overflow |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Mozilla products floating point buffer overflow attempt RuleID : 21155 - Revision : 6 - Type : BROWSER-FIREFOX |
2014-01-10 | Mozilla products floating point buffer overflow attempt RuleID : 21154 - Revision : 6 - Type : BROWSER-FIREFOX |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2018-11-02 | Name : The remote Debian host is missing a security update. File : debian_DLA-1564.nasl - Type : ACT_GATHER_INFO |
2016-12-01 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-2958-1.nasl - Type : ACT_GATHER_INFO |
2016-03-08 | Name : The remote VMware ESX host is missing a security-related patch. File : vmware_VMSA-2010-0001_remote.nasl - Type : ACT_GATHER_INFO |
2016-03-04 | Name : The remote Fedora host is missing a security update. File : fedora_2015-6dec4e6d5f.nasl - Type : ACT_GATHER_INFO |
2016-01-28 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-0257-1.nasl - Type : ACT_GATHER_INFO |
2016-01-04 | Name : The remote Debian host is missing a security update. File : debian_DLA-376.nasl - Type : ACT_GATHER_INFO |
2016-01-04 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_4b3a7e70afce11e5b86414dae9d210b8.nasl - Type : ACT_GATHER_INFO |
2014-11-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0312.nasl - Type : ACT_GATHER_INFO |
2014-03-20 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20140318_php_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2014-03-19 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-0311.nasl - Type : ACT_GATHER_INFO |
2014-03-19 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-0311.nasl - Type : ACT_GATHER_INFO |
2014-03-19 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0311.nasl - Type : ACT_GATHER_INFO |
2013-12-05 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_ruby-131125.nasl - Type : ACT_GATHER_INFO |
2013-10-07 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201310-03.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1504.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1530.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1531.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1601.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2010-0154.nasl - Type : ACT_GATHER_INFO |
2013-06-29 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1601.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2010-0153.nasl - Type : ACT_GATHER_INFO |
2013-01-08 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201301-01.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20091015_poppler_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20091027_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20091027_seamonkey_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20091124_kdelibs_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20100317_thunderbird_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_MozillaFirefox-6609.nasl - Type : ACT_GATHER_INFO |
2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kdelibs3-6692.nasl - Type : ACT_GATHER_INFO |
2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_mozilla-nspr-6631.nasl - Type : ACT_GATHER_INFO |
2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_mozilla-xulrunner190-6617.nasl - Type : ACT_GATHER_INFO |
2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_xpdf-6560.nasl - Type : ACT_GATHER_INFO |
2010-07-30 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-294.nasl - Type : ACT_GATHER_INFO |
2010-07-30 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-027.nasl - Type : ACT_GATHER_INFO |
2010-07-30 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-028.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-1377.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-1805.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-1842.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-7100.nasl - Type : ACT_GATHER_INFO |
2010-05-25 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2050.nasl - Type : ACT_GATHER_INFO |
2010-05-20 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12616.nasl - Type : ACT_GATHER_INFO |
2010-05-20 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_seamonkey-100430.nasl - Type : ACT_GATHER_INFO |
2010-05-20 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_seamonkey-100430.nasl - Type : ACT_GATHER_INFO |
2010-05-11 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2010-0154.nasl - Type : ACT_GATHER_INFO |
2010-04-14 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-071.nasl - Type : ACT_GATHER_INFO |
2010-04-06 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2028.nasl - Type : ACT_GATHER_INFO |
2010-03-30 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_MozillaThunderbird-100324.nasl - Type : ACT_GATHER_INFO |
2010-03-30 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_MozillaThunderbird-100324.nasl - Type : ACT_GATHER_INFO |
2010-03-29 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2010-0153.nasl - Type : ACT_GATHER_INFO |
2010-03-29 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_10_6_3.nasl - Type : ACT_GATHER_INFO |
2010-03-29 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2010-002.nasl - Type : ACT_GATHER_INFO |
2010-03-22 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_56cfe192329f11dfabb2000f20797ede.nasl - Type : ACT_GATHER_INFO |
2010-03-19 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2010-0154.nasl - Type : ACT_GATHER_INFO |
2010-03-19 | Name : The remote Windows host contains a mail client that is affected by multiple v... File : mozilla_thunderbird_20024.nasl - Type : ACT_GATHER_INFO |
2010-03-19 | Name : A web browser on the remote host is affected by multiple vulnerabilities. File : seamonkey_1119.nasl - Type : ACT_GATHER_INFO |
2010-03-19 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-915-1.nasl - Type : ACT_GATHER_INFO |
2010-03-08 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-055.nasl - Type : ACT_GATHER_INFO |
2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1931.nasl - Type : ACT_GATHER_INFO |
2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1998.nasl - Type : ACT_GATHER_INFO |
2010-01-12 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_kdelibs4-100107.nasl - Type : ACT_GATHER_INFO |
2010-01-08 | Name : The remote VMware ESX host is missing a security-related patch. File : vmware_VMSA-2010-0001.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1504.nasl - Type : ACT_GATHER_INFO |
2009-12-30 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-346.nasl - Type : ACT_GATHER_INFO |
2009-12-22 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12563.nasl - Type : ACT_GATHER_INFO |
2009-12-11 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-871-1.nasl - Type : ACT_GATHER_INFO |
2009-12-08 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_kdelibs3-091202.nasl - Type : ACT_GATHER_INFO |
2009-12-08 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_kdelibs3-091202.nasl - Type : ACT_GATHER_INFO |
2009-12-08 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_kdelibs3-091204.nasl - Type : ACT_GATHER_INFO |
2009-12-08 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_kdelibs3-091202.nasl - Type : ACT_GATHER_INFO |
2009-12-08 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kdelibs3-6691.nasl - Type : ACT_GATHER_INFO |
2009-12-04 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-290.nasl - Type : ACT_GATHER_INFO |
2009-12-02 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_6431c4dbdeb411de90780030843d3802.nasl - Type : ACT_GATHER_INFO |
2009-11-30 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_opera-091125.nasl - Type : ACT_GATHER_INFO |
2009-11-30 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_opera-091125.nasl - Type : ACT_GATHER_INFO |
2009-11-30 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_opera-091125.nasl - Type : ACT_GATHER_INFO |
2009-11-25 | Name : The remote host contains a web browser that is affected by multiple issues. File : opera_1010.nasl - Type : ACT_GATHER_INFO |
2009-11-25 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1601.nasl - Type : ACT_GATHER_INFO |
2009-11-12 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-853-2.nasl - Type : ACT_GATHER_INFO |
2009-11-09 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_mozilla-nspr-091104.nasl - Type : ACT_GATHER_INFO |
2009-11-09 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_xpdf-091023.nasl - Type : ACT_GATHER_INFO |
2009-11-09 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_mozilla-nspr-091104.nasl - Type : ACT_GATHER_INFO |
2009-11-09 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_xpdf-091024.nasl - Type : ACT_GATHER_INFO |
2009-11-09 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_mozilla-nspr-091103.nasl - Type : ACT_GATHER_INFO |
2009-11-09 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_mozilla-nspr-6630.nasl - Type : ACT_GATHER_INFO |
2009-11-09 | Name : The remote openSUSE host is missing a security update. File : suse_xpdf-6558.nasl - Type : ACT_GATHER_INFO |
2009-11-06 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_xpdf-6556.nasl - Type : ACT_GATHER_INFO |
2009-11-05 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2009-10981.nasl - Type : ACT_GATHER_INFO |
2009-11-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_MozillaFirefox-091103.nasl - Type : ACT_GATHER_INFO |
2009-11-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_MozillaFirefox-091102.nasl - Type : ACT_GATHER_INFO |
2009-11-04 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_MozillaFirefox-091030.nasl - Type : ACT_GATHER_INFO |
2009-11-04 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_mozilla-xulrunner190-091030.nasl - Type : ACT_GATHER_INFO |
2009-11-04 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_MozillaFirefox-6606.nasl - Type : ACT_GATHER_INFO |
2009-11-04 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_mozilla-xulrunner190-6616.nasl - Type : ACT_GATHER_INFO |
2009-11-03 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-850-3.nasl - Type : ACT_GATHER_INFO |
2009-11-02 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-853-1.nasl - Type : ACT_GATHER_INFO |
2009-10-29 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2009-302-01.nasl - Type : ACT_GATHER_INFO |
2009-10-29 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2009-302-02.nasl - Type : ACT_GATHER_INFO |
2009-10-29 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1530.nasl - Type : ACT_GATHER_INFO |
2009-10-29 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1531.nasl - Type : ACT_GATHER_INFO |
2009-10-29 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2009-10878.nasl - Type : ACT_GATHER_INFO |
2009-10-29 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_c87aa2d2c3c411deab08000f20797ede.nasl - Type : ACT_GATHER_INFO |
2009-10-29 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_3015.nasl - Type : ACT_GATHER_INFO |
2009-10-29 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_354.nasl - Type : ACT_GATHER_INFO |
2009-10-28 | Name : The remote Fedora host is missing a security update. File : fedora_2009-10823.nasl - Type : ACT_GATHER_INFO |
2009-10-28 | Name : The remote Fedora host is missing a security update. File : fedora_2009-10845.nasl - Type : ACT_GATHER_INFO |
2009-10-28 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1530.nasl - Type : ACT_GATHER_INFO |
2009-10-28 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1531.nasl - Type : ACT_GATHER_INFO |
2009-10-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-287.nasl - Type : ACT_GATHER_INFO |
2009-10-22 | Name : The remote Fedora host is missing a security update. File : fedora_2009-10648.nasl - Type : ACT_GATHER_INFO |
2009-10-22 | Name : The remote Fedora host is missing a security update. File : fedora_2009-10694.nasl - Type : ACT_GATHER_INFO |
2009-10-22 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-850-1.nasl - Type : ACT_GATHER_INFO |
2009-10-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1504.nasl - Type : ACT_GATHER_INFO |
2009-10-01 | Name : The remote host contains a web browser that is affected by a buffer overflow ... File : google_chrome_3_0_195_24.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2016-04-26 22:30:20 |
|
2014-02-17 11:41:08 |
|