9.3 - RHSA-2014:1880

Executive Summary

Summary
Title	java-1.7.1-ibm security update

Informations
Name	RHSA-2014:1880	First vendor Publication	2014-11-20
Vendor	RedHat	Last vendor Modification	2014-11-20
Severity (Vendor)	Critical	Revision	01

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score	9.3	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

Updated java-1.7.1-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 6 and 7 Supplementary.

Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client Supplementary (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Supplementary (v. 7) - x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 7) - x86_64

3. Description:

IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.

This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2014-3065, CVE-2014-3566, CVE-2014-4288, CVE-2014-6456, CVE-2014-6457, CVE-2014-6458, CVE-2014-6476, CVE-2014-6492, CVE-2014-6493, CVE-2014-6502, CVE-2014-6503, CVE-2014-6506, CVE-2014-6511, CVE-2014-6512, CVE-2014-6515, CVE-2014-6527, CVE-2014-6531, CVE-2014-6532, CVE-2014-6558)

The CVE-2014-6512 issue was discovered by Florian Weimer of Red Hat Product Security.

Note: With this update, the IBM SDK now disables the SSL 3.0 protocol to address the CVE-2014-3566 issue (also known as POODLE). Refer to the IBM article linked to in the References section for additional details about this change and instructions on how to re-enable SSL 3.0 support if needed.

All users of java-1.7.1-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 7R1 SR2 release. All running instances of IBM Java must be restarted for the update to take effect.

4. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1071210 - CVE-2014-6512 OpenJDK: DatagramSocket connected socket missing source check (Libraries, 8039509) 1150155 - CVE-2014-6506 OpenJDK: insufficient permission checks when setting resource bundle on system logger (Libraries, 8041564) 1150651 - CVE-2014-6531 OpenJDK: insufficient ResourceBundle name check (Libraries, 8044274) 1150669 - CVE-2014-6502 OpenJDK: LogRecord use of incorrect CL when loading ResourceBundle (Libraries, 8042797) 1151046 - CVE-2014-6457 OpenJDK: Triple Handshake attack against TLS/SSL connections (JSSE, 8037066) 1151063 - CVE-2014-6558 OpenJDK: CipherInputStream incorrect exception handling (Security, 8037846) 1151517 - CVE-2014-6511 ICU: Layout Engine ContextualSubstitution missing boundary checks (JDK 2D, 8041540) 1152756 - CVE-2014-6532 Oracle JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment) 1152757 - CVE-2014-6503 Oracle JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment) 1152758 - CVE-2014-6456 Oracle JDK: unspecified vulnerability fixed in 7u71 and 8u25 (Deployment) 1152759 - CVE-2014-6492 Oracle JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment) 1152760 - CVE-2014-6493 Oracle JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment) 1152761 - CVE-2014-4288 Oracle JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment) 1152763 - CVE-2014-6458 Oracle JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment) 1152765 - CVE-2014-6476 Oracle JDK: unspecified vulnerability fixed in 7u71 and 8u25 (Deployment) 1152766 - CVE-2014-6515 Oracle JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment) 1152767 - CVE-2014-6527 Oracle JDK: unspecified vulnerability fixed in 7u71 and 8u25 (Deployment) 1152789 - CVE-2014-3566 SSL/TLS: Padding Oracle On Downgraded Legacy Encryption attack 1162554 - CVE-2014-3065 IBM JDK: privilege escalation via shared class cache

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2014-1880.html

CWE : Common Weakness Enumeration

%	Id	Name
50 %	CWE-310	Cryptographic Issues
50 %	CWE-94	Failure to Control Generation of Code ('Code Injection')

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:26179

Oval ID:	oval:org.mitre.oval:def:26179
Title:	ELSA-2014-1634 -- java-1.6.0-openjdk security and bug fix update
Description:	[1:1.6.0.33-1.13.5.0] - Update to IcedTea 1.13.5 - Remove upstreamed patches. - Regenerate add-final-location-rpaths patch against new release. - Change versioning to match java-1.7.0-openjdk so revisions work. - Use xz for tarballs to reduce file size. - No need to explicitly disable system LCMS any more (bug fixed upstream). - Add icedteasnapshot to setup lines so they work with pre-release tarballs. - Resolves: rhbz#1148901
Family:	unix	Class:	patch
Reference(s):	ELSA-2014-1634 CVE-2014-6457 CVE-2014-6502 CVE-2014-6504 CVE-2014-6506 CVE-2014-6511 CVE-2014-6512 CVE-2014-6517 CVE-2014-6519 CVE-2014-6531 CVE-2014-6558	Version:	6
Platform(s):	Oracle Linux 5 Oracle Linux 6 Oracle Linux 7	Product(s):	java-1.6.0-openjdk
Definition Synopsis:
Oracle Linux 5 release section Oracle Linux 5.x Packages match section java-1.6.0-openjdk is earlier than 1:1.6.0.33-1.13.5.0.0.1.el5_11 AND java-1.6.0-openjdk-demo is earlier than 1:1.6.0.33-1.13.5.0.0.1.el5_11 AND java-1.6.0-openjdk-devel is earlier than 1:1.6.0.33-1.13.5.0.0.1.el5_11 AND java-1.6.0-openjdk-javadoc is earlier than 1:1.6.0.33-1.13.5.0.0.1.el5_11 AND java-1.6.0-openjdk-src is earlier than 1:1.6.0.33-1.13.5.0.0.1.el5_11 AND Oracle Linux 6 release section Oracle Linux 6.x Packages match section java-1.6.0-openjdk is earlier than 1:1.6.0.33-1.13.5.0.el6_6 AND java-1.6.0-openjdk-demo is earlier than 1:1.6.0.33-1.13.5.0.el6_6 AND java-1.6.0-openjdk-devel is earlier than 1:1.6.0.33-1.13.5.0.el6_6 AND java-1.6.0-openjdk-javadoc is earlier than 1:1.6.0.33-1.13.5.0.el6_6 AND java-1.6.0-openjdk-src is earlier than 1:1.6.0.33-1.13.5.0.el6_6 AND Oracle Linux 7 release section Oracle Linux 7.x Packages match section java-1.6.0-openjdk is earlier than 1:1.6.0.33-1.13.5.0.el7_0 AND java-1.6.0-openjdk-demo is earlier than 1:1.6.0.33-1.13.5.0.el7_0 AND java-1.6.0-openjdk-devel is earlier than 1:1.6.0.33-1.13.5.0.el7_0 AND java-1.6.0-openjdk-javadoc is earlier than 1:1.6.0.33-1.13.5.0.el7_0 AND java-1.6.0-openjdk-src is earlier than 1:1.6.0.33-1.13.5.0.el7_0

Definition Id: oval:org.mitre.oval:def:26716

Oval ID:	oval:org.mitre.oval:def:26716
Title:	ELSA-2014-1620 -- java-1.7.0-openjdk security and bug fix update
Description:	[1:1.7.0.65-2.5.3.1.0.1.el7_0] - Update DISTRO_NAME in specfile [1:1.7.0.65-2.5.3.1] - Bump to 2.5.3 for latest security fixes. - Remove obsolete patches. - Add hsbootstrap option to pre-build HotSpot when required. - Resolves: rhbz#1148893
Family:	unix	Class:	patch
Reference(s):	ELSA-2014-1620 CVE-2014-6457 CVE-2014-6502 CVE-2014-6504 CVE-2014-6506 CVE-2014-6511 CVE-2014-6512 CVE-2014-6517 CVE-2014-6519 CVE-2014-6531 CVE-2014-6558	Version:	6
Platform(s):	Oracle Linux 6 Oracle Linux 7	Product(s):	java-1.7.0-openjdk
Definition Synopsis:
Oracle Linux 6 release section Oracle Linux 6.x Packages match section java-1.7.0-openjdk is earlier than 1:1.7.0.71-2.5.3.1.0.1.el6 AND java-1.7.0-openjdk-demo is earlier than 1:1.7.0.71-2.5.3.1.0.1.el6 AND java-1.7.0-openjdk-devel is earlier than 1:1.7.0.71-2.5.3.1.0.1.el6 AND java-1.7.0-openjdk-javadoc is earlier than 1:1.7.0.71-2.5.3.1.0.1.el6 AND java-1.7.0-openjdk-src is earlier than 1:1.7.0.71-2.5.3.1.0.1.el6 AND Oracle Linux 7 release section Oracle Linux 7.x Packages match section java-1.7.0-openjdk is earlier than 1:1.7.0.71-2.5.3.1.0.1.el7_0 AND java-1.7.0-openjdk-accessibility is earlier than 1:1.7.0.71-2.5.3.1.0.1.el7_0 AND java-1.7.0-openjdk-demo is earlier than 1:1.7.0.71-2.5.3.1.0.1.el7_0 AND java-1.7.0-openjdk-devel is earlier than 1:1.7.0.71-2.5.3.1.0.1.el7_0 AND java-1.7.0-openjdk-headless is earlier than 1:1.7.0.71-2.5.3.1.0.1.el7_0 AND java-1.7.0-openjdk-javadoc is earlier than 1:1.7.0.71-2.5.3.1.0.1.el7_0 AND java-1.7.0-openjdk-src is earlier than 1:1.7.0.71-2.5.3.1.0.1.el7_0

Definition Id: oval:org.mitre.oval:def:26796

Oval ID:	oval:org.mitre.oval:def:26796
Title:	ELSA-2014-1633 -- java-1.7.0-openjdk security and bug fix update
Description:	[1:1.7.0.71-2.5.3.1.0.1.el5_11] - Add oracle-enterprise.patch - Fix DISTRO_NAME to 'Enterprise Linux' [1:1.7.0.71-2.5.3.1] - Bump to 2.5.3 with security updates. - Remove obsolete patches which are now included upstream. - Disable LCMS via environment variables rather than maintaining a patch. - Resolves: rhbz#1148890
Family:	unix	Class:	patch
Reference(s):	ELSA-2014-1633 CVE-2014-6457 CVE-2014-6502 CVE-2014-6504 CVE-2014-6506 CVE-2014-6511 CVE-2014-6512 CVE-2014-6517 CVE-2014-6519 CVE-2014-6531 CVE-2014-6558	Version:	6
Platform(s):	Oracle Linux 5	Product(s):	java-1.7.0-openjdk
Definition Synopsis:
Oracle Linux 5.x Packages match section java-1.7.0-openjdk is earlier than 1:1.7.0.71-2.5.3.1.0.1.el5_11 AND java-1.7.0-openjdk-demo is earlier than 1:1.7.0.71-2.5.3.1.0.1.el5_11 AND java-1.7.0-openjdk-devel is earlier than 1:1.7.0.71-2.5.3.1.0.1.el5_11 AND java-1.7.0-openjdk-javadoc is earlier than 1:1.7.0.71-2.5.3.1.0.1.el5_11 AND java-1.7.0-openjdk-src is earlier than 1:1.7.0.71-2.5.3.1.0.1.el5_11

Definition Id: oval:org.mitre.oval:def:26915

Oval ID:	oval:org.mitre.oval:def:26915
Title:	RHSA-2014:1657: java-1.7.0-oracle security update (Critical)
Description:	Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2014-4288, CVE-2014-6456, CVE-2014-6457, CVE-2014-6458, CVE-2014-6476, CVE-2014-6492, CVE-2014-6493, CVE-2014-6502, CVE-2014-6503, CVE-2014-6504, CVE-2014-6506, CVE-2014-6511, CVE-2014-6512, CVE-2014-6515, CVE-2014-6517, CVE-2014-6519, CVE-2014-6527, CVE-2014-6531, CVE-2014-6532, CVE-2014-6558) The CVE-2014-6512 issue was discovered by Florian Weimer of Red Hat Product Security. All users of java-1.7.0-oracle are advised to upgrade to these updated packages, which provide Oracle Java 7 Update 72 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect.
Family:	unix	Class:	patch
Reference(s):	RHSA-2014:1657-00 CVE-2014-4288 CVE-2014-6456 CVE-2014-6457 CVE-2014-6458 CVE-2014-6476 CVE-2014-6492 CVE-2014-6493 CVE-2014-6502 CVE-2014-6503 CVE-2014-6504 CVE-2014-6506 CVE-2014-6511 CVE-2014-6512 CVE-2014-6515 CVE-2014-6517 CVE-2014-6519 CVE-2014-6527 CVE-2014-6531 CVE-2014-6532 CVE-2014-6558	Version:	5
Platform(s):	Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 7	Product(s):	java-1.7.0-oracle
Definition Synopsis:
Red Hat Enterprise Linux 5 release section The operating system installed on the system is Red Hat Enterprise Linux 5 Packages match section java-1.7.0-oracle is earlier than 1:1.7.0.72-1jpp.4.el5_11 AND java-1.7.0-oracle-devel is earlier than 1:1.7.0.72-1jpp.4.el5_11 AND java-1.7.0-oracle-javafx is earlier than 1:1.7.0.72-1jpp.4.el5_11 AND java-1.7.0-oracle-jdbc is earlier than 1:1.7.0.72-1jpp.4.el5_11 AND java-1.7.0-oracle-plugin is earlier than 1:1.7.0.72-1jpp.4.el5_11 AND java-1.7.0-oracle-src is earlier than 1:1.7.0.72-1jpp.4.el5_11 AND Red Hat Enterprise Linux 6 release section The operating system installed on the system is Red Hat Enterprise Linux 6 Packages match section java-1.7.0-oracle is earlier than 1:1.7.0.72-1jpp.2.el6 AND java-1.7.0-oracle-devel is earlier than 1:1.7.0.72-1jpp.2.el6 AND java-1.7.0-oracle-javafx is earlier than 1:1.7.0.72-1jpp.2.el6 AND java-1.7.0-oracle-jdbc is earlier than 1:1.7.0.72-1jpp.2.el6 AND java-1.7.0-oracle-plugin is earlier than 1:1.7.0.72-1jpp.2.el6 AND java-1.7.0-oracle-src is earlier than 1:1.7.0.72-1jpp.2.el6 AND Red Hat Enterprise Linux 7 release section The operating system installed on the system is Red Hat Enterprise Linux 7 Packages match section java-1.7.0-oracle is earlier than 1:1.7.0.72-1jpp.2.el7 AND java-1.7.0-oracle-devel is earlier than 1:1.7.0.72-1jpp.2.el7 AND java-1.7.0-oracle-javafx is earlier than 1:1.7.0.72-1jpp.2.el7 AND java-1.7.0-oracle-jdbc is earlier than 1:1.7.0.72-1jpp.2.el7 AND java-1.7.0-oracle-plugin is earlier than 1:1.7.0.72-1jpp.2.el7 AND java-1.7.0-oracle-src is earlier than 1:1.7.0.72-1jpp.2.el7

Definition Id: oval:org.mitre.oval:def:27014

Oval ID:	oval:org.mitre.oval:def:27014
Title:	RHSA-2014:1653: openssl security update (Moderate)
Description:	OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL), Transport Layer Security (TLS), and Datagram Transport Layer Security (DTLS) protocols, as well as a full-strength, general purpose cryptography library. This update adds support for the TLS Fallback Signaling Cipher Suite Value (TLS_FALLBACK_SCSV), which can be used to prevent protocol downgrade attacks against applications which re-connect using a lower SSL/TLS protocol version when the initial connection indicating the highest supported protocol version fails. This can prevent a forceful downgrade of the communication to SSL 3.0. The SSL 3.0 protocol was found to be vulnerable to the padding oracle attack when using block cipher suites in cipher block chaining (CBC) mode. This issue is identified as CVE-2014-3566, and also known under the alias POODLE. This SSL 3.0 protocol flaw will not be addressed in a future update; it is recommended that users configure their applications to require at least TLS protocol version 1.0 for secure communication. For additional information about this flaw, see the Knowledgebase article at https://access.redhat.com/articles/1232123 All OpenSSL users are advised to upgrade to these updated packages, which contain a backported patch to mitigate the CVE-2014-3566 issue. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted.
Family:	unix	Class:	patch
Reference(s):	RHSA-2014:1653-00 CESA-2014:1653 CVE-2014-3566	Version:	5
Platform(s):	Red Hat Enterprise Linux 5 CentOS Linux 5	Product(s):
Definition Synopsis:
Redhat 5 or Centos 5 release The operating system installed on the system is Red Hat Enterprise Linux 5 AND The operating system installed on the system is CentOS Linux 5.x Packages section openssl is earlier than 0:0.9.8e-31.el5_11 AND openssl-devel is earlier than 0:0.9.8e-31.el5_11 AND openssl-perl is earlier than 0:0.9.8e-31.el5_11

Definition Id: oval:org.mitre.oval:def:27057

Oval ID:	oval:org.mitre.oval:def:27057
Title:	ELSA-2014-1653 -- openssl security update
Description:	[0.9.8e-31] - add support for fallback SCSV to partially mitigate CVE-2014-3566 (padding attack on SSL3) [0.9.8e-30] - fix CVE-2014-0221 - recursion in DTLS code leading to DoS - fix CVE-2014-3505 - doublefree in DTLS packet processing - fix CVE-2014-3506 - avoid memory exhaustion in DTLS - fix CVE-2014-3508 - fix OID handling to avoid information leak - fix CVE-2014-3510 - fix DoS in anonymous (EC)DH handling in DTLS [0.9.8e-29] - fix for CVE-2014-0224 - SSL/TLS MITM vulnerability [0.9.8e-28] - replace expired GlobalSign Root CA certificate in ca-bundle.crt
Family:	unix	Class:	patch
Reference(s):	ELSA-2014-1653 CVE-2014-3566	Version:	5
Platform(s):	Oracle Linux 5	Product(s):	openssl openssl-devel openssl-perl
Definition Synopsis:
Oracle Linux 5.x Packages match section openssl is earlier than 0:0.9.8e-31.el5_11 AND openssl-devel is earlier than 0:0.9.8e-31.el5_11 AND openssl-perl is earlier than 0:0.9.8e-31.el5_11

Definition Id: oval:org.mitre.oval:def:27068

Oval ID:	oval:org.mitre.oval:def:27068
Title:	RHSA-2014:1658: java-1.6.0-sun security update (Important)
Description:	Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2014-4288, CVE-2014-6457, CVE-2014-6458, CVE-2014-6492, CVE-2014-6493, CVE-2014-6502, CVE-2014-6503, CVE-2014-6504, CVE-2014-6506, CVE-2014-6511, CVE-2014-6512, CVE-2014-6515, CVE-2014-6517, CVE-2014-6531, CVE-2014-6532, CVE-2014-6558) The CVE-2014-6512 issue was discovered by Florian Weimer of Red Hat Product Security. All users of java-1.6.0-sun are advised to upgrade to these updated packages, which provide Oracle Java 6 Update 85 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect.
Family:	unix	Class:	patch
Reference(s):	RHSA-2014:1658-00 CVE-2014-4288 CVE-2014-6457 CVE-2014-6458 CVE-2014-6492 CVE-2014-6493 CVE-2014-6502 CVE-2014-6503 CVE-2014-6504 CVE-2014-6506 CVE-2014-6511 CVE-2014-6512 CVE-2014-6515 CVE-2014-6517 CVE-2014-6531 CVE-2014-6532 CVE-2014-6558	Version:	5
Platform(s):	Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 7	Product(s):	java-1.6.0-sun
Definition Synopsis:
Red Hat Enterprise Linux 5 release section The operating system installed on the system is Red Hat Enterprise Linux 5 Packages match section java-1.6.0-sun is earlier than 1:1.6.0.85-1jpp.3.el5_11 AND java-1.6.0-sun-demo is earlier than 1:1.6.0.85-1jpp.3.el5_11 AND java-1.6.0-sun-devel is earlier than 1:1.6.0.85-1jpp.3.el5_11 AND java-1.6.0-sun-jdbc is earlier than 1:1.6.0.85-1jpp.3.el5_11 AND java-1.6.0-sun-plugin is earlier than 1:1.6.0.85-1jpp.3.el5_11 AND java-1.6.0-sun-src is earlier than 1:1.6.0.85-1jpp.3.el5_11 AND Red Hat Enterprise Linux 6 release section The operating system installed on the system is Red Hat Enterprise Linux 6 Packages match section java-1.6.0-sun is earlier than 1:1.6.0.85-1jpp.2.el6 AND java-1.6.0-sun-demo is earlier than 1:1.6.0.85-1jpp.2.el6 AND java-1.6.0-sun-devel is earlier than 1:1.6.0.85-1jpp.2.el6 AND java-1.6.0-sun-jdbc is earlier than 1:1.6.0.85-1jpp.2.el6 AND java-1.6.0-sun-plugin is earlier than 1:1.6.0.85-1jpp.2.el6 AND java-1.6.0-sun-src is earlier than 1:1.6.0.85-1jpp.2.el6 AND Red Hat Enterprise Linux 7 release section The operating system installed on the system is Red Hat Enterprise Linux 7 Packages match section java-1.6.0-sun is earlier than 1:1.6.0.85-1jpp.2.el7 AND java-1.6.0-sun-demo is earlier than 1:1.6.0.85-1jpp.2.el7 AND java-1.6.0-sun-devel is earlier than 1:1.6.0.85-1jpp.2.el7 AND java-1.6.0-sun-jdbc is earlier than 1:1.6.0.85-1jpp.2.el7 AND java-1.6.0-sun-plugin is earlier than 1:1.6.0.85-1jpp.2.el7 AND java-1.6.0-sun-src is earlier than 1:1.6.0.85-1jpp.2.el7

Definition Id: oval:org.mitre.oval:def:27104

Oval ID:	oval:org.mitre.oval:def:27104
Title:	AIX OpenSSL Patch to mitigate CVE-2014-3566
Description:	The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-3566	Version:	4
Platform(s):	IBM AIX 6.1 IBM AIX 7.1	Product(s):
Definition Synopsis:
platforms IBM AIX 6.1 is installed AND IBM AIX 7.1 is installed AND filesets File Version Exists openssl.base greater than or equal 1.0.1.500 AND openssl.base less than or equal 1.0.1.512 OR File Version Exists openssl.base greater than or equal 0.9.8.401 AND openssl.base less than or equal 0.9.8.2503 OR File Version Exists openssl.base greater than or equal 12.9.8.1100 AND openssl.base less than or equal 12.9.8.2503

Definition Id: oval:org.mitre.oval:def:27138

Oval ID:	oval:org.mitre.oval:def:27138
Title:	HP-UX Running OpenSSL, Remote Denial of Service (DoS), Unauthorized Access, Man-in-the-Middle (MitM) Attack
Description:	The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-3566	Version:	8
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
Criteria meets HP Security Bulletin HPSBUX03162 HP-UX B.11.11 AND filesets tests openssl.OPENSSL-CER version is less than A.00.09.08zc.001 AND openssl.OPENSSL-CONF version is less than A.00.09.08zc.001 AND openssl.OPENSSL-DOC version is less than A.00.09.08zc.001 AND openssl.OPENSSL-INC version is less than A.00.09.08zc.001 AND openssl.OPENSSL-LIB version is less than A.00.09.08zc.001 AND openssl.OPENSSL-MAN version is less than A.00.09.08zc.001 AND openssl.OPENSSL-MIS version is less than A.00.09.08zc.001 AND openssl.OPENSSL-PRNG version is less than A.00.09.08zc.001 AND openssl.OPENSSL-PVT version is less than A.00.09.08zc.001 AND openssl.OPENSSL-RUN version is less than A.00.09.08zc.001 AND openssl.OPENSSL-SRC version is less than A.00.09.08zc.001 OR Criteria meets HP Security Bulletin HPSBUX03162 HP-UX B.11.23 AND filesets tests openssl.OPENSSL-CER version is less than A.00.09.08zc.002 AND openssl.OPENSSL-CONF version is less than A.00.09.08zc.002 AND openssl.OPENSSL-DOC version is less than A.00.09.08zc.002 AND openssl.OPENSSL-INC version is less than A.00.09.08zc.002 AND openssl.OPENSSL-LIB version is less than A.00.09.08zc.002 AND openssl.OPENSSL-MAN version is less than A.00.09.08zc.002 AND openssl.OPENSSL-MIS version is less than A.00.09.08zc.002 AND openssl.OPENSSL-PRNG version is less than A.00.09.08zc.002 AND openssl.OPENSSL-PVT version is less than A.00.09.08zc.002 AND openssl.OPENSSL-RUN version is less than A.00.09.08zc.002 AND openssl.OPENSSL-SRC version is less than A.00.09.08zc.002 OR Criteria meets HP Security Bulletin HPSBUX03162 HP-UX B.11.31 AND filesets tests openssl.OPENSSL-CER version is less than A.00.09.08zc.003 AND openssl.OPENSSL-CONF version is less than A.00.09.08zc.003 AND openssl.OPENSSL-DOC version is less than A.00.09.08zc.003 AND openssl.OPENSSL-INC version is less than A.00.09.08zc.003 AND openssl.OPENSSL-LIB version is less than A.00.09.08zc.003 AND openssl.OPENSSL-MAN version is less than A.00.09.08zc.003 AND openssl.OPENSSL-MIS version is less than A.00.09.08zc.003 AND openssl.OPENSSL-PRNG version is less than A.00.09.08zc.003 AND openssl.OPENSSL-PVT version is less than A.00.09.08zc.003 AND openssl.OPENSSL-RUN version is less than A.00.09.08zc.003 AND openssl.OPENSSL-SRC version is less than A.00.09.08zc.003

Definition Id: oval:org.mitre.oval:def:27144

Oval ID:	oval:org.mitre.oval:def:27144
Title:	RHSA-2014:1633: java-1.7.0-openjdk security and bug fix update (Important)
Description:	The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Multiple flaws were discovered in the Libraries, 2D, and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-6506, CVE-2014-6531, CVE-2014-6502, CVE-2014-6511, CVE-2014-6504, CVE-2014-6519) It was discovered that the StAX XML parser in the JAXP component in OpenJDK performed expansion of external parameter entities even when external entity substitution was disabled. A remote attacker could use this flaw to perform XML eXternal Entity (XXE) attack against applications using the StAX parser to parse untrusted XML documents. (CVE-2014-6517) It was discovered that the DatagramSocket implementation in OpenJDK failed to perform source address checks for packets received on a connected socket. A remote attacker could use this flaw to have their packets processed as if they were received from the expected source. (CVE-2014-6512) It was discovered that the TLS/SSL implementation in the JSSE component in OpenJDK failed to properly verify the server identity during the renegotiation following session resumption, making it possible for malicious TLS/SSL servers to perform a Triple Handshake attack against clients using JSSE and client certificate authentication. (CVE-2014-6457) It was discovered that the CipherInputStream class implementation in OpenJDK did not properly handle certain exceptions. This could possibly allow an attacker to affect the integrity of an encrypted stream handled by this class. (CVE-2014-6558) The CVE-2014-6512 was discovered by Florian Weimer of Red Hat Product Security. This update also fixes the following bug: * The TLS/SSL implementation in OpenJDK previously failed to handle Diffie-Hellman (DH) keys with more than 1024 bits. This caused client applications using JSSE to fail to establish TLS/SSL connections to servers using larger DH keys during the connection handshake. This update adds support for DH keys with size up to 2048 bits. (BZ#1148309) All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
Family:	unix	Class:	patch
Reference(s):	RHSA-2014:1633-00 CESA-2014:1633 CVE-2014-6457 CVE-2014-6502 CVE-2014-6504 CVE-2014-6506 CVE-2014-6511 CVE-2014-6512 CVE-2014-6517 CVE-2014-6519 CVE-2014-6531 CVE-2014-6558	Version:	3
Platform(s):	Red Hat Enterprise Linux 5 CentOS Linux 5	Product(s):	java-1.7.0-openjdk
Definition Synopsis:
Redhat 5 or Centos 5 release The operating system installed on the system is Red Hat Enterprise Linux 5 AND The operating system installed on the system is CentOS Linux 5.x Packages section java-1.7.0-openjdk is earlier than 1:1.7.0.71-2.5.3.1.el5_11 AND java-1.7.0-openjdk-demo is earlier than 1:1.7.0.71-2.5.3.1.el5_11 AND java-1.7.0-openjdk-devel is earlier than 1:1.7.0.71-2.5.3.1.el5_11 AND java-1.7.0-openjdk-javadoc is earlier than 1:1.7.0.71-2.5.3.1.el5_11 AND java-1.7.0-openjdk-src is earlier than 1:1.7.0.71-2.5.3.1.el5_11

Definition Id: oval:org.mitre.oval:def:27150

Oval ID:	oval:org.mitre.oval:def:27150
Title:	RHSA-2014:1620: java-1.7.0-openjdk security and bug fix update (Important)
Description:	The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Multiple flaws were discovered in the Libraries, 2D, and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-6506, CVE-2014-6531, CVE-2014-6502, CVE-2014-6511, CVE-2014-6504, CVE-2014-6519) It was discovered that the StAX XML parser in the JAXP component in OpenJDK performed expansion of external parameter entities even when external entity substitution was disabled. A remote attacker could use this flaw to perform XML eXternal Entity (XXE) attack against applications using the StAX parser to parse untrusted XML documents. (CVE-2014-6517) It was discovered that the DatagramSocket implementation in OpenJDK failed to perform source address checks for packets received on a connected socket. A remote attacker could use this flaw to have their packets processed as if they were received from the expected source. (CVE-2014-6512) It was discovered that the TLS/SSL implementation in the JSSE component in OpenJDK failed to properly verify the server identity during the renegotiation following session resumption, making it possible for malicious TLS/SSL servers to perform a Triple Handshake attack against clients using JSSE and client certificate authentication. (CVE-2014-6457) It was discovered that the CipherInputStream class implementation in OpenJDK did not properly handle certain exceptions. This could possibly allow an attacker to affect the integrity of an encrypted stream handled by this class. (CVE-2014-6558) The CVE-2014-6512 was discovered by Florian Weimer of Red Hat Product Security. Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. This update also fixes the following bug: * The TLS/SSL implementation in OpenJDK previously failed to handle Diffie-Hellman (DH) keys with more than 1024 bits. This caused client applications using JSSE to fail to establish TLS/SSL connections to servers using larger DH keys during the connection handshake. This update adds support for DH keys with size up to 2048 bits. (BZ#1148309) All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
Family:	unix	Class:	patch
Reference(s):	RHSA-2014:1620-00 CESA-2014:1620 CVE-2014-6457 CVE-2014-6502 CVE-2014-6504 CVE-2014-6506 CVE-2014-6511 CVE-2014-6512 CVE-2014-6517 CVE-2014-6519 CVE-2014-6531 CVE-2014-6558	Version:	3
Platform(s):	Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 CentOS Linux 6 CentOS Linux 7	Product(s):	java-1.7.0-openjdk
Definition Synopsis:
Operation system section Redhat 7 or Centos 7 release The operating system installed on the system is Red Hat Enterprise Linux 7 AND The operating system installed on the system is CentOS Linux 7.x Packages section java-1.7.0-openjdk is earlier than 1:1.7.0.71-2.5.3.1.el7_0 AND java-1.7.0-openjdk-accessibility is earlier than 1:1.7.0.71-2.5.3.1.el7_0 AND java-1.7.0-openjdk-demo is earlier than 1:1.7.0.71-2.5.3.1.el7_0 AND java-1.7.0-openjdk-devel is earlier than 1:1.7.0.71-2.5.3.1.el7_0 AND java-1.7.0-openjdk-headless is earlier than 1:1.7.0.71-2.5.3.1.el7_0 AND java-1.7.0-openjdk-javadoc is earlier than 1:1.7.0.71-2.5.3.1.el7_0 AND java-1.7.0-openjdk-src is earlier than 1:1.7.0.71-2.5.3.1.el7_0 AND Operation system section The operating system installed on the system is Red Hat Enterprise Linux 6 Packages section java-1.7.0-openjdk is earlier than 1:1.7.0.71-2.5.3.1.el6 AND java-1.7.0-openjdk-demo is earlier than 1:1.7.0.71-2.5.3.1.el6 AND java-1.7.0-openjdk-devel is earlier than 1:1.7.0.71-2.5.3.1.el6 AND java-1.7.0-openjdk-javadoc is earlier than 1:1.7.0.71-2.5.3.1.el6 AND java-1.7.0-openjdk-src is earlier than 1:1.7.0.71-2.5.3.1.el6

Definition Id: oval:org.mitre.oval:def:27157

Oval ID:	oval:org.mitre.oval:def:27157
Title:	RHSA-2014:1634: java-1.6.0-openjdk security and bug fix update (Important)
Description:	The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. Multiple flaws were discovered in the Libraries, 2D, and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-6506, CVE-2014-6531, CVE-2014-6502, CVE-2014-6511, CVE-2014-6504, CVE-2014-6519) It was discovered that the StAX XML parser in the JAXP component in OpenJDK performed expansion of external parameter entities even when external entity substitution was disabled. A remote attacker could use this flaw to perform XML eXternal Entity (XXE) attack against applications using the StAX parser to parse untrusted XML documents. (CVE-2014-6517) It was discovered that the DatagramSocket implementation in OpenJDK failed to perform source address checks for packets received on a connected socket. A remote attacker could use this flaw to have their packets processed as if they were received from the expected source. (CVE-2014-6512) It was discovered that the TLS/SSL implementation in the JSSE component in OpenJDK failed to properly verify the server identity during the renegotiation following session resumption, making it possible for malicious TLS/SSL servers to perform a Triple Handshake attack against clients using JSSE and client certificate authentication. (CVE-2014-6457) It was discovered that the CipherInputStream class implementation in OpenJDK did not properly handle certain exceptions. This could possibly allow an attacker to affect the integrity of an encrypted stream handled by this class. (CVE-2014-6558) The CVE-2014-6512 was discovered by Florian Weimer of Red Hat Product Security. This update also fixes the following bug: * The TLS/SSL implementation in OpenJDK previously failed to handle Diffie-Hellman (DH) keys with more than 1024 bits. This caused client applications using JSSE to fail to establish TLS/SSL connections to servers using larger DH keys during the connection handshake. This update adds support for DH keys with size up to 2048 bits. (BZ#1148309) All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
Family:	unix	Class:	patch
Reference(s):	RHSA-2014:1634-00 CESA-2014:1634 CVE-2014-6457 CVE-2014-6502 CVE-2014-6504 CVE-2014-6506 CVE-2014-6511 CVE-2014-6512 CVE-2014-6517 CVE-2014-6519 CVE-2014-6531 CVE-2014-6558	Version:	3
Platform(s):	Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 5 CentOS Linux 5 CentOS Linux 6 CentOS Linux 7	Product(s):	java-1.6.0-openjdk
Definition Synopsis:
Operation system section Redhat 5 or Centos 5 release The operating system installed on the system is Red Hat Enterprise Linux 5 AND The operating system installed on the system is CentOS Linux 5.x Packages section java-1.6.0-openjdk is earlier than 1:1.6.0.33-1.13.5.0.el5_11 AND java-1.6.0-openjdk-demo is earlier than 1:1.6.0.33-1.13.5.0.el5_11 AND java-1.6.0-openjdk-devel is earlier than 1:1.6.0.33-1.13.5.0.el5_11 AND java-1.6.0-openjdk-javadoc is earlier than 1:1.6.0.33-1.13.5.0.el5_11 AND java-1.6.0-openjdk-src is earlier than 1:1.6.0.33-1.13.5.0.el5_11 AND Operation system section Redhat 7 or Centos 7 release The operating system installed on the system is Red Hat Enterprise Linux 7 AND The operating system installed on the system is CentOS Linux 7.x Packages section java-1.6.0-openjdk is earlier than 1:1.6.0.33-1.13.5.0.el7_0 AND java-1.6.0-openjdk-demo is earlier than 1:1.6.0.33-1.13.5.0.el7_0 AND java-1.6.0-openjdk-devel is earlier than 1:1.6.0.33-1.13.5.0.el7_0 AND java-1.6.0-openjdk-javadoc is earlier than 1:1.6.0.33-1.13.5.0.el7_0 AND java-1.6.0-openjdk-src is earlier than 1:1.6.0.33-1.13.5.0.el7_0 AND Operation system section The operating system installed on the system is Red Hat Enterprise Linux 6 Packages section java-1.6.0-openjdk is earlier than 1:1.6.0.33-1.13.5.0.el6_6 AND java-1.6.0-openjdk-demo is earlier than 1:1.6.0.33-1.13.5.0.el6_6 AND java-1.6.0-openjdk-devel is earlier than 1:1.6.0.33-1.13.5.0.el6_6 AND java-1.6.0-openjdk-javadoc is earlier than 1:1.6.0.33-1.13.5.0.el6_6 AND java-1.6.0-openjdk-src is earlier than 1:1.6.0.33-1.13.5.0.el6_6

Definition Id: oval:org.mitre.oval:def:27728

Oval ID:	oval:org.mitre.oval:def:27728
Title:	IBM SDK Java Technology Edition vulnerability
Description:	Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6476.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-6527	Version:	4
Platform(s):	IBM AIX 6.1 IBM AIX 7.1	Product(s):
Definition Synopsis:
platforms IBM AIX 6.1 is installed AND IBM AIX 7.1 is installed AND File Version Exists Java5.sdk less than 5.0.0.580 AND Java5_64.sdk less than 5.0.0.580 AND Java6.sdk less than 6.0.0.460 AND Java6_64.sdk less than 6.0.0.460 AND Java7.sdk less than 7.0.0.135 AND Java7_64.sdk less than 7.0.0.135 AND Java71.sdk less than 7.1.0.15 AND Java71_64.sdk less than 7.1.0.15

Definition Id: oval:org.mitre.oval:def:27911

Oval ID:	oval:org.mitre.oval:def:27911
Title:	IBM SDK Java Technology Edition vulnerability
Description:	Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-6458	Version:	4
Platform(s):	IBM AIX 6.1 IBM AIX 7.1	Product(s):
Definition Synopsis:
platforms IBM AIX 6.1 is installed AND IBM AIX 7.1 is installed AND File Version Exists Java5.sdk less than 5.0.0.580 AND Java5_64.sdk less than 5.0.0.580 AND Java6.sdk less than 6.0.0.460 AND Java6_64.sdk less than 6.0.0.460 AND Java7.sdk less than 7.0.0.135 AND Java7_64.sdk less than 7.0.0.135 AND Java71.sdk less than 7.1.0.15 AND Java71_64.sdk less than 7.1.0.15

Definition Id: oval:org.mitre.oval:def:27938

Oval ID:	oval:org.mitre.oval:def:27938
Title:	IBM SDK Java Technology Edition vulnerability
Description:	Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when running on Firefox, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-6492	Version:	4
Platform(s):	IBM AIX 6.1 IBM AIX 7.1	Product(s):
Definition Synopsis:
platforms IBM AIX 6.1 is installed AND IBM AIX 7.1 is installed AND File Version Exists Java5.sdk less than 5.0.0.580 AND Java5_64.sdk less than 5.0.0.580 AND Java6.sdk less than 6.0.0.460 AND Java6_64.sdk less than 6.0.0.460 AND Java7.sdk less than 7.0.0.135 AND Java7_64.sdk less than 7.0.0.135 AND Java71.sdk less than 7.1.0.15 AND Java71_64.sdk less than 7.1.0.15

Definition Id: oval:org.mitre.oval:def:27945

Oval ID:	oval:org.mitre.oval:def:27945
Title:	HP-UX running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description:	Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6493, CVE-2014-6503, and CVE-2014-6532.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-4288	Version:	8
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
platforms HP-UX B.11.23 AND HP-UX B.11.31 AND filesets test Jdk70.JDK70 version is less than 1.7.0.11.00 AND Jdk70.JDK70-COM version is less than 1.7.0.11.00 AND Jdk70.JDK70-IPF32 version is less than 1.7.0.11.00 AND Jdk70.JDK70-IPF64 version is less than 1.7.0.11.00 AND Jdk70.JDK70-DEMO version is less than 1.7.0.11.00 AND Jre70.JRE70 version is less than 1.7.0.11.00 AND Jre70.JRE70-COM version is less than 1.7.0.11.00 AND Jre70.JRE70-COM-DOC version is less than 1.7.0.11.00 AND Jre70.JRE70-IPF32 version is less than 1.7.0.11.00 AND Jre70.JRE70-IPF32-HS version is less than 1.7.0.11.00 AND Jre70.JRE70-IPF64 version is less than 1.7.0.11.00 AND Jre70.JRE70-IPF64-HS version is less than 1.7.0.11.00

Definition Id: oval:org.mitre.oval:def:27963

Oval ID:	oval:org.mitre.oval:def:27963
Title:	JRE and JDK Vulnerability on HPUX
Description:	Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality via unknown vectors related to Libraries.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-6531	Version:	4
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
Criteria meets HP Security Bulletin HPSBUX03219 HP-UX B.11.31 AND filesets tests Jdk80.JDK80-COM version is less than 1.8.0.01.00 AND Jdk80.JDK80-IPF32 version is less than 1.8.0.01.00 AND Jdk80.JDK80-IPF64 version is less than 1.8.0.01.00 AND Jdk80.JDK80-DEMO version is less than 1.8.0.01.00 AND Jre80.JRE80-COM version is less than 1.8.0.01.00 AND Jre80.JRE80-COM-DOC version is less than 1.8.0.01.00 AND Jre80.JRE800-IPF32 version is less than 1.8.0.01.00 AND Jre80.JRE800-IPF32-HS version is less than 1.8.0.01.00 AND Jre80.JRE80-IPF64 version is less than 1.8.0.01.00 AND Jre80.JRE80-IPF64-HS version is less than 1.8.0.01.00

Definition Id: oval:org.mitre.oval:def:28001

Oval ID:	oval:org.mitre.oval:def:28001
Title:	IBM SDK Java Technology Edition vulnerability
Description:	Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Libraries.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-6512	Version:	4
Platform(s):	IBM AIX 6.1 IBM AIX 7.1	Product(s):
Definition Synopsis:
platforms IBM AIX 6.1 is installed AND IBM AIX 7.1 is installed AND File Version Exists Java5.sdk less than 5.0.0.580 AND Java5_64.sdk less than 5.0.0.580 AND Java6.sdk less than 6.0.0.460 AND Java6_64.sdk less than 6.0.0.460 AND Java7.sdk less than 7.0.0.135 AND Java7_64.sdk less than 7.0.0.135 AND Java71.sdk less than 7.1.0.15 AND Java71_64.sdk less than 7.1.0.15

Definition Id: oval:org.mitre.oval:def:28025

Oval ID:	oval:org.mitre.oval:def:28025
Title:	IBM SDK Java Technology Edition vulnerability
Description:	Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6527.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-6476	Version:	4
Platform(s):	IBM AIX 6.1 IBM AIX 7.1	Product(s):
Definition Synopsis:
platforms IBM AIX 6.1 is installed AND IBM AIX 7.1 is installed AND File Version Exists Java5.sdk less than 5.0.0.580 AND Java5_64.sdk less than 5.0.0.580 AND Java6.sdk less than 6.0.0.460 AND Java6_64.sdk less than 6.0.0.460 AND Java7.sdk less than 7.0.0.135 AND Java7_64.sdk less than 7.0.0.135 AND Java71.sdk less than 7.1.0.15 AND Java71_64.sdk less than 7.1.0.15

Definition Id: oval:org.mitre.oval:def:28097

Oval ID:	oval:org.mitre.oval:def:28097
Title:	SUSE-SU-2014:1549-1 -- Security update for java-1_7_1-ibm (important)
Description:	java-1_7_1-ibm was updated to version 1.7.1_sr1.2 to fix 21 security issues. These security issues were fixed: - Unspecified vulnerability in Oracle Java (CVE-2014-3065). - The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue (CVE-2014-3566). - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT (CVE-2014-6513). - Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors (CVE-2014-6456). - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6532 (CVE-2014-6503). - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6503 (CVE-2014-6532). - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6493, CVE-2014-6503, and CVE-2014-6532 (CVE-2014-4288). - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6503, and CVE-2014-6532 (CVE-2014-6493). - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when running on Firefox, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment (CVE-2014-6492). - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment (CVE-2014-6458). - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when running on Internet Explorer, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment (CVE-2014-6466). - Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries (CVE-2014-6506). - Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6527 (CVE-2014-6476). - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment (CVE-2014-6515). - Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality via unknown vectors related to 2D (CVE-2014-6511). - Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality via unknown vectors related to Libraries (CVE-2014-6531). - Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Libraries (CVE-2014-6512). - Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3, and R28.3.3 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE (CVE-2014-6457). - Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6476 (CVE-2014-6527). - Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect integrity via unknown vectors related to Libraries (CVE-2014-6502). - Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and JRockit R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Security (CVE-2014-6558).
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2014:1549-1 CVE-2014-3065 CVE-2014-3566 CVE-2014-6513 CVE-2014-6456 CVE-2014-4288 CVE-2014-6493 CVE-2014-6532 CVE-2014-6503 CVE-2014-6492 CVE-2014-6458 CVE-2014-6466 CVE-2014-6506 CVE-2014-6527 CVE-2014-6476 CVE-2014-6515 CVE-2014-6511 CVE-2014-6531 CVE-2014-6512 CVE-2014-6457 CVE-2014-6502 CVE-2014-6558	Version:	3
Platform(s):	SUSE Linux Enterprise Server 12	Product(s):	java-1_7_1-ibm
Definition Synopsis:
SUSE Linux Enterprise Server 12 is installed Packages match section java-1_7_1-ibm-alsa is earlier than 0:1.7.1_sr2.0-4.1 AND java-1_7_1-ibm-plugin is earlier than 0:1.7.1_sr2.0-4.1

Definition Id: oval:org.mitre.oval:def:28154

Oval ID:	oval:org.mitre.oval:def:28154
Title:	IBM SDK Java Technology Edition vulnerability
Description:	The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-3566	Version:	4
Platform(s):	IBM AIX 6.1 IBM AIX 7.1	Product(s):
Definition Synopsis:
platforms IBM AIX 6.1 is installed AND IBM AIX 7.1 is installed AND File Version Exists Java5.sdk less than 5.0.0.580 AND Java5_64.sdk less than 5.0.0.580 AND Java6.sdk less than 6.0.0.460 AND Java6_64.sdk less than 6.0.0.460 AND Java7.sdk less than 7.0.0.135 AND Java7_64.sdk less than 7.0.0.135 AND Java71.sdk less than 7.1.0.15 AND Java71_64.sdk less than 7.1.0.15

Definition Id: oval:org.mitre.oval:def:28155

Oval ID:	oval:org.mitre.oval:def:28155
Title:	IBM SDK Java Technology Edition vulnerability
Description:	Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6532.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-6503	Version:	4
Platform(s):	IBM AIX 6.1 IBM AIX 7.1	Product(s):
Definition Synopsis:
platforms IBM AIX 6.1 is installed AND IBM AIX 7.1 is installed AND File Version Exists Java5.sdk less than 5.0.0.580 AND Java5_64.sdk less than 5.0.0.580 AND Java6.sdk less than 6.0.0.460 AND Java6_64.sdk less than 6.0.0.460 AND Java7.sdk less than 7.0.0.135 AND Java7_64.sdk less than 7.0.0.135 AND Java71.sdk less than 7.1.0.15 AND Java71_64.sdk less than 7.1.0.15

Definition Id: oval:org.mitre.oval:def:28214

Oval ID:	oval:org.mitre.oval:def:28214
Title:	IBM SDK Java Technology Edition vulnerability
Description:	Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and JRockit R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Security.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-6558	Version:	4
Platform(s):	IBM AIX 6.1 IBM AIX 7.1	Product(s):
Definition Synopsis:
platforms IBM AIX 6.1 is installed AND IBM AIX 7.1 is installed AND File Version Exists Java5.sdk less than 5.0.0.580 AND Java5_64.sdk less than 5.0.0.580 AND Java6.sdk less than 6.0.0.460 AND Java6_64.sdk less than 6.0.0.460 AND Java7.sdk less than 7.0.0.135 AND Java7_64.sdk less than 7.0.0.135 AND Java71.sdk less than 7.1.0.15 AND Java71_64.sdk less than 7.1.0.15

Definition Id: oval:org.mitre.oval:def:28228

Oval ID:	oval:org.mitre.oval:def:28228
Title:	IBM SDK Java Technology Edition vulnerability
Description:	Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect integrity via unknown vectors related to Libraries.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-6502	Version:	4
Platform(s):	IBM AIX 6.1 IBM AIX 7.1	Product(s):
Definition Synopsis:
platforms IBM AIX 6.1 is installed AND IBM AIX 7.1 is installed AND File Version Exists Java5.sdk less than 5.0.0.580 AND Java5_64.sdk less than 5.0.0.580 AND Java6.sdk less than 6.0.0.460 AND Java6_64.sdk less than 6.0.0.460 AND Java7.sdk less than 7.0.0.135 AND Java7_64.sdk less than 7.0.0.135 AND Java71.sdk less than 7.1.0.15 AND Java71_64.sdk less than 7.1.0.15

Definition Id: oval:org.mitre.oval:def:28230

Oval ID:	oval:org.mitre.oval:def:28230
Title:	SUSE-SU-2014:1447-1 -- Security update for openwsman (moderate)
Description:	This update adds a configuration option to disable SSLv2 and SSLv3 in openwsman. This is required to mitigate CVE-2014-3566. To use the new option, edit /etc/openwsman/openwsman.conf and add the following line to the [server] section: ssl_disabled_protocols = SSLv2 SSLv3 Security Issues: * CVE-2014-3566 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566>
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2014:1447-1 CVE-2014-3566	Version:	3
Platform(s):	SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Desktop 11	Product(s):	openwsman
Definition Synopsis:
Operation system section SUSE Linux Enterprise Server 11.x is installed AND SUSE Linux Enterprise Desktop 11.x is installed Packages match section libwsman1 is earlier than 0:2.2.3-0.8.1 AND openwsman-client is earlier than 0:2.2.3-0.8.1 AND openwsman-server is earlier than 0:2.2.3-0.8.1

Definition Id: oval:org.mitre.oval:def:28236

Oval ID:	oval:org.mitre.oval:def:28236
Title:	DSA-3077-1 -- openjdk-6 security update
Description:	Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, information disclosure or denial of service.
Family:	unix	Class:	patch
Reference(s):	DSA-3077-1 CVE-2014-6457 CVE-2014-6502 CVE-2014-6504 CVE-2014-6506 CVE-2014-6511 CVE-2014-6512 CVE-2014-6517 CVE-2014-6519 CVE-2014-6531 CVE-2014-6558	Version:	3
Platform(s):	Debian GNU/Linux 7.0 Debian GNU/kFreeBSD 7.0	Product(s):	openjdk-6
Definition Synopsis:
Debian 7 is installed GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed AND Debian GNU/kFreeBSD is installed AND openjdk-6 is earlier than 0:6b33-1.13.5-2~deb7u1

Definition Id: oval:org.mitre.oval:def:28273

Oval ID:	oval:org.mitre.oval:def:28273
Title:	SUSE-SU-2014:1524-1 -- Security update for openssl (moderate)
Description:	openssl was updated to fix four security issues. These security issues were fixed: - SRTP Memory Leak (CVE-2014-3513). - Session Ticket Memory Leak (CVE-2014-3567). - Fixed incomplete no-ssl3 build option (CVE-2014-3568). - Add support for TLS_FALLBACK_SCSV (CVE-2014-3566). NOTE: This update alone DOESN'T FIX the POODLE SSL protocol vulnerability. OpenSSL only adds downgrade detection support for client applications. See https://www.suse.com/support/kb/doc.php?id=7015773 for mitigations.
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2014:1524-1 CVE-2014-3513 CVE-2014-3567 CVE-2014-3568 CVE-2014-3566	Version:	3
Platform(s):	SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12	Product(s):	openssl
Definition Synopsis:
SUSE Linux Enterprise Server 12 release section SUSE Linux Enterprise Server 12 is installed AND openssl-doc is earlier than 0:1.0.1i-5.1 AND SUSE Linux Enterprise Desktop 12 release section SUSE Linux Enterprise Desktop 12 is installed Packages match section libopenssl1_0_0 is earlier than 0:1.0.1i-5.1 AND libopenssl1_0_0-debuginfo is earlier than 0:1.0.1i-5.1 AND openssl is earlier than 0:1.0.1i-5.1 AND openssl-debuginfo is earlier than 0:1.0.1i-5.1 AND openssl-debugsource is earlier than 0:1.0.1i-5.1

Definition Id: oval:org.mitre.oval:def:28284

Oval ID:	oval:org.mitre.oval:def:28284
Title:	IBM SDK Java Technology Edition vulnerability
Description:	Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality via unknown vectors related to 2D.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-6511	Version:	4
Platform(s):	IBM AIX 6.1 IBM AIX 7.1	Product(s):
Definition Synopsis:
platforms IBM AIX 6.1 is installed AND IBM AIX 7.1 is installed AND File Version Exists Java5.sdk less than 5.0.0.580 AND Java5_64.sdk less than 5.0.0.580 AND Java6.sdk less than 6.0.0.460 AND Java6_64.sdk less than 6.0.0.460 AND Java7.sdk less than 7.0.0.135 AND Java7_64.sdk less than 7.0.0.135 AND Java71.sdk less than 7.1.0.15 AND Java71_64.sdk less than 7.1.0.15

Definition Id: oval:org.mitre.oval:def:28322

Oval ID:	oval:org.mitre.oval:def:28322
Title:	SUSE-SU-2014:1526-1 -- Security update for IBM Java (important)
Description:	java-1_7_0-ibm has been updated to version 1.7.0_sr7.2 to fix 21 security issues.
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2014:1526-1 CVE-2014-3065 CVE-2014-3566 CVE-2014-6506 CVE-2014-6511 CVE-2014-6531 CVE-2014-6512 CVE-2014-6457 CVE-2014-6502 CVE-2014-6558 CVE-2014-6513 CVE-2014-6503 CVE-2014-4288 CVE-2014-6493 CVE-2014-6532 CVE-2014-6492 CVE-2014-6458 CVE-2014-6466 CVE-2014-6515 CVE-2014-6456 CVE-2014-6476 CVE-2014-6527	Version:	3
Platform(s):	SUSE Linux Enterprise Server 11	Product(s):	IBM Java
Definition Synopsis:
SUSE Linux Enterprise Server 11.x is installed Packages match section java-1_6_0-ibm is earlier than 0:1.6.0_sr16.2-0.3.1 AND java-1_6_0-ibm-fonts is earlier than 0:1.6.0_sr16.2-0.3.1 AND java-1_6_0-ibm-jdbc is earlier than 0:1.6.0_sr16.2-0.3.1 AND java-1_7_0-ibm is earlier than 0:1.7.0_sr8.0-0.5.1 AND java-1_7_0-ibm-jdbc is earlier than 0:1.7.0_sr8.0-0.5.1 AND java-1_6_0-ibm-plugin is earlier than 0:1.6.0_sr16.2-0.3.1 AND java-1_7_0-ibm-alsa is earlier than 0:1.7.0_sr8.0-0.5.1 AND java-1_7_0-ibm-plugin is earlier than 0:1.7.0_sr8.0-0.5.1 AND java-1_6_0-ibm-alsa is earlier than 0:1.6.0_sr16.2-0.3.1

Definition Id: oval:org.mitre.oval:def:28325

Oval ID:	oval:org.mitre.oval:def:28325
Title:	SUSE-SU-2014:1422-1 -- Security update for java-1_7_0-openjdk (important)
Description:	OpenJDK was updated to icedtea 2.5.3 (OpenJDK 7u71) fixing security issues and bugs. * Security: - S8015256: Better class accessibility - S8022783, CVE-2014-6504: Optimize C2 optimizations - S8035162: Service printing service - S8035781: Improve equality for annotations - S8036805: Correct linker method lookup. - S8036810: Correct linker field lookup - S8036936: Use local locales - S8037066, CVE-2014-6457: Secure transport layer - S8037846, CVE-2014-6558: Ensure streaming of input cipher streams - S8038364: Use certificate exceptions correctly - S8038899: Safer safepoints - S8038903: More native monitor monitoring - S8038908: Make Signature more robust - S8038913: Bolster XML support - S8039509, CVE-2014-6512: Wrap sockets more thoroughly - S8039533, CVE-2014-6517: Higher resolution resolvers - S8041540, CVE-2014-6511: Better use of pages in font processing - S8041529: Better parameterization of parameter lists - S8041545: Better validation of generated rasters - S8041564, CVE-2014-6506: Improved management of logger resources - S8041717, CVE-2014-6519: Issue with class file parser - S8042609, CVE-2014-6513: Limit splashiness of splash images - S8042797, CVE-2014-6502: Avoid strawberries in LogRecord - S8044274, CVE-2014-6531: Proper property processing
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2014:1422-1 CVE-2014-6504 CVE-2014-6457 CVE-2014-6558 CVE-2014-6512 CVE-2014-6517 CVE-2014-6511 CVE-2014-6506 CVE-2014-6519 CVE-2014-6513 CVE-2014-6502 CVE-2014-6531	Version:	3
Platform(s):	SUSE Linux Enterprise Desktop 12	Product(s):	java-1_7_0-openjdk
Definition Synopsis:
SUSE Linux Enterprise Desktop 12 is installed Packages match section java-1_7_0-openjdk is earlier than 0:1.7.0.71-6.2 AND java-1_7_0-openjdk-debuginfo is earlier than 0:1.7.0.71-6.2 AND java-1_7_0-openjdk-debugsource is earlier than 0:1.7.0.71-6.2 AND java-1_7_0-openjdk-headless is earlier than 0:1.7.0.71-6.2 AND java-1_7_0-openjdk-headless-debuginfo is earlier than 0:1.7.0.71-6.2

Definition Id: oval:org.mitre.oval:def:28342

Oval ID:	oval:org.mitre.oval:def:28342
Title:	DSA-3080-1 -- openjdk-7 security update
Description:	Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, information disclosure or denial of service.
Family:	unix	Class:	patch
Reference(s):	DSA-3080-1 CVE-2014-6457 CVE-2014-6502 CVE-2014-6504 CVE-2014-6506 CVE-2014-6511 CVE-2014-6512 CVE-2014-6517 CVE-2014-6519 CVE-2014-6531 CVE-2014-6558	Version:	3
Platform(s):	Debian GNU/Linux 7.0 Debian GNU/kFreeBSD 7.0	Product(s):	openjdk-7
Definition Synopsis:
Debian 7 is installed GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed AND Debian GNU/kFreeBSD is installed AND openjdk-7 is earlier than 0:7u71-2.5.3-2~deb7u1

Definition Id: oval:org.mitre.oval:def:28346

Oval ID:	oval:org.mitre.oval:def:28346
Title:	IBM SDK Java Technology Edition vulnerability
Description:	Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-6515	Version:	4
Platform(s):	IBM AIX 6.1 IBM AIX 7.1	Product(s):
Definition Synopsis:
platforms IBM AIX 6.1 is installed AND IBM AIX 7.1 is installed AND File Version Exists Java5.sdk less than 5.0.0.580 AND Java5_64.sdk less than 5.0.0.580 AND Java6.sdk less than 6.0.0.460 AND Java6_64.sdk less than 6.0.0.460 AND Java7.sdk less than 7.0.0.135 AND Java7_64.sdk less than 7.0.0.135 AND Java71.sdk less than 7.1.0.15 AND Java71_64.sdk less than 7.1.0.15

Definition Id: oval:org.mitre.oval:def:28350

Oval ID:	oval:org.mitre.oval:def:28350
Title:	IBM SDK Java Technology Edition vulnerability
Description:	Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality via unknown vectors related to Libraries.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-6531	Version:	4
Platform(s):	IBM AIX 6.1 IBM AIX 7.1	Product(s):
Definition Synopsis:
platforms IBM AIX 6.1 is installed AND IBM AIX 7.1 is installed AND File Version Exists Java5.sdk less than 5.0.0.580 AND Java5_64.sdk less than 5.0.0.580 AND Java6.sdk less than 6.0.0.460 AND Java6_64.sdk less than 6.0.0.460 AND Java7.sdk less than 7.0.0.135 AND Java7_64.sdk less than 7.0.0.135 AND Java71.sdk less than 7.1.0.15 AND Java71_64.sdk less than 7.1.0.15

Definition Id: oval:org.mitre.oval:def:28355

Oval ID:	oval:org.mitre.oval:def:28355
Title:	IBM SDK Java Technology Edition vulnerability
Description:	Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-6506	Version:	4
Platform(s):	IBM AIX 6.1 IBM AIX 7.1	Product(s):
Definition Synopsis:
platforms IBM AIX 6.1 is installed AND IBM AIX 7.1 is installed AND File Version Exists Java5.sdk less than 5.0.0.580 AND Java5_64.sdk less than 5.0.0.580 AND Java6.sdk less than 6.0.0.460 AND Java6_64.sdk less than 6.0.0.460 AND Java7.sdk less than 7.0.0.135 AND Java7_64.sdk less than 7.0.0.135 AND Java71.sdk less than 7.1.0.15 AND Java71_64.sdk less than 7.1.0.15

Definition Id: oval:org.mitre.oval:def:28367

Oval ID:	oval:org.mitre.oval:def:28367
Title:	IBM SDK Java Technology Edition vulnerability
Description:	Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6503, and CVE-2014-6532.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-6493	Version:	4
Platform(s):	IBM AIX 6.1 IBM AIX 7.1	Product(s):
Definition Synopsis:
platforms IBM AIX 6.1 is installed AND IBM AIX 7.1 is installed AND File Version Exists Java5.sdk less than 5.0.0.580 AND Java5_64.sdk less than 5.0.0.580 AND Java6.sdk less than 6.0.0.460 AND Java6_64.sdk less than 6.0.0.460 AND Java7.sdk less than 7.0.0.135 AND Java7_64.sdk less than 7.0.0.135 AND Java71.sdk less than 7.1.0.15 AND Java71_64.sdk less than 7.1.0.15

Definition Id: oval:org.mitre.oval:def:28371

Oval ID:	oval:org.mitre.oval:def:28371
Title:	IBM SDK Java Technology Edition vulnerability
Description:	Unspecified vulnerability in IBM Java Runtime Environment (JRE) 7 R1 before SR2 (7.1.2.0), 7 before SR8 (7.0.8.0), 6 R1 before SR8 FP2 (6.1.8.2), 6 before SR16 FP2 (6.0.16.2), and before SR16 FP8 (5.0.16.8) allows local users to execute arbitrary code via vectors related to the shared classes cache.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-3065	Version:	4
Platform(s):	IBM AIX 6.1 IBM AIX 7.1	Product(s):
Definition Synopsis:
platforms IBM AIX 6.1 is installed AND IBM AIX 7.1 is installed AND File Version Exists Java5.sdk less than 5.0.0.580 AND Java5_64.sdk less than 5.0.0.580 AND Java6.sdk less than 6.0.0.460 AND Java6_64.sdk less than 6.0.0.460 AND Java7.sdk less than 7.0.0.135 AND Java7_64.sdk less than 7.0.0.135 AND Java71.sdk less than 7.1.0.15 AND Java71_64.sdk less than 7.1.0.15

Definition Id: oval:org.mitre.oval:def:28398

Oval ID:	oval:org.mitre.oval:def:28398
Title:	Potential security vulnerabilities have been identified in the Java Runtime Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities.
Description:	The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-3566	Version:	4
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
platforms HP-UX B.11.23 AND HP-UX B.11.31 AND filesets test Jdk70.JDK70 version is less than 1.7.0.12.00 AND Jdk70.JDK70-COM version is less than 1.7.0.12.00 AND Jdk70.JDK70-IPF32 version is less than 1.7.0.12.00 AND Jdk70.JDK70-IPF64 version is less than 1.7.0.12.00 AND Jdk70.JDK70-DEMO version is less than 1.7.0.12.00 AND Jre70.JRE70 version is less than 1.7.0.12.00 AND Jre70.JRE70-COM version is less than 1.7.0.12.00 AND Jre70.JRE70-COM-DOC version is less than 1.7.0.12.00 AND Jre70.JRE70-IPF32 version is less than 1.7.0.12.00 AND Jre70.JRE70-IPF32-HS version is less than 1.7.0.12.00 AND Jre70.JRE70-IPF64 version is less than 1.7.0.12.00 AND Jre70.JRE70-IPF64-HS version is less than 1.7.0.12.00

Definition Id: oval:org.mitre.oval:def:28400

Oval ID:	oval:org.mitre.oval:def:28400
Title:	IBM SDK Java Technology Edition vulnerability
Description:	Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3, and R28.3.3 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-6457	Version:	4
Platform(s):	IBM AIX 6.1 IBM AIX 7.1	Product(s):
Definition Synopsis:
platforms IBM AIX 6.1 is installed AND IBM AIX 7.1 is installed AND File Version Exists Java5.sdk less than 5.0.0.580 AND Java5_64.sdk less than 5.0.0.580 AND Java6.sdk less than 6.0.0.460 AND Java6_64.sdk less than 6.0.0.460 AND Java7.sdk less than 7.0.0.135 AND Java7_64.sdk less than 7.0.0.135 AND Java71.sdk less than 7.1.0.15 AND Java71_64.sdk less than 7.1.0.15

Definition Id: oval:org.mitre.oval:def:28424

Oval ID:	oval:org.mitre.oval:def:28424
Title:	IBM SDK Java Technology Edition vulnerability
Description:	Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6503.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-6532	Version:	4
Platform(s):	IBM AIX 6.1 IBM AIX 7.1	Product(s):
Definition Synopsis:
platforms IBM AIX 6.1 is installed AND IBM AIX 7.1 is installed AND File Version Exists Java5.sdk less than 5.0.0.580 AND Java5_64.sdk less than 5.0.0.580 AND Java6.sdk less than 6.0.0.460 AND Java6_64.sdk less than 6.0.0.460 AND Java7.sdk less than 7.0.0.135 AND Java7_64.sdk less than 7.0.0.135 AND Java71.sdk less than 7.1.0.15 AND Java71_64.sdk less than 7.1.0.15

Definition Id: oval:org.mitre.oval:def:28431

Oval ID:	oval:org.mitre.oval:def:28431
Title:	IBM SDK Java Technology Edition vulnerability
Description:	Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6493, CVE-2014-6503, and CVE-2014-6532.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-4288	Version:	4
Platform(s):	IBM AIX 6.1 IBM AIX 7.1	Product(s):
Definition Synopsis:
platforms IBM AIX 6.1 is installed AND IBM AIX 7.1 is installed AND File Version Exists Java5.sdk less than 5.0.0.580 AND Java5_64.sdk less than 5.0.0.580 AND Java6.sdk less than 6.0.0.460 AND Java6_64.sdk less than 6.0.0.460 AND Java7.sdk less than 7.0.0.135 AND Java7_64.sdk less than 7.0.0.135 AND Java71.sdk less than 7.1.0.15 AND Java71_64.sdk less than 7.1.0.15

Definition Id: oval:org.mitre.oval:def:28481

Oval ID:	oval:org.mitre.oval:def:28481
Title:	SUSE-SU-2014:1512-1 -- Security update for compat-openssl098 (moderate)
Description:	compat-openssl098 was updated to fix three security issues. NOTE: this update alone DOESN'T FIX the POODLE SSL protocol vulnerability. OpenSSL only adds downgrade detection support for client applications. See https://www.suse.com/support/kb/doc.php?id=7015773 for mitigations. These security issues were fixed: - Session ticket memory leak (CVE-2014-3567). - Fixed build option no-ssl3 (CVE-2014-3568). - Added support for TLS_FALLBACK_SCSV (CVE-2014-3566).
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2014:1512-1 CVE-2014-3567 CVE-2014-3568 CVE-2014-3566	Version:	3
Platform(s):	SUSE Linux Enterprise Desktop 12	Product(s):	compat-openssl098
Definition Synopsis:
SUSE Linux Enterprise Desktop 12 is installed Packages match section compat-openssl098-debugsource is earlier than 0:0.9.8j-62.1 AND libopenssl0_9_8 is earlier than 0:0.9.8j-62.1 AND libopenssl0_9_8-debuginfo is earlier than 0:0.9.8j-62.1

Definition Id: oval:org.mitre.oval:def:28488

Oval ID:	oval:org.mitre.oval:def:28488
Title:	SUSE-SU-2014:1519-1 -- Security update for evolution-data-server (moderate)
Description:	evolution-data-server has been updated to disable support for SSLv3. This security issues has been fixed: * SSLv3 POODLE attack (CVE-2014-3566) Security Issues: * CVE-2014-3566 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566>
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2014:1519-1 CVE-2014-3566	Version:	3
Platform(s):	SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Desktop 11	Product(s):	evolution-data-server
Definition Synopsis:
Operation system section SUSE Linux Enterprise Server 11.x is installed AND SUSE Linux Enterprise Desktop 11.x is installed Packages match section evolution-data-server is earlier than 0:2.28.2-0.32.1 AND evolution-data-server-lang is earlier than 0:2.28.2-0.32.1 AND evolution-data-server-32bit is earlier than 0:2.28.2-0.32.1

Definition Id: oval:org.mitre.oval:def:28500

Oval ID:	oval:org.mitre.oval:def:28500
Title:	JRE and JDK Vulnerability on HPUX
Description:	The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-3566	Version:	4
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
Criteria meets HP Security Bulletin HPSBUX03219 HP-UX B.11.31 AND filesets tests Jdk80.JDK80-COM version is less than 1.8.0.01.00 AND Jdk80.JDK80-IPF32 version is less than 1.8.0.01.00 AND Jdk80.JDK80-IPF64 version is less than 1.8.0.01.00 AND Jdk80.JDK80-DEMO version is less than 1.8.0.01.00 AND Jre80.JRE80-COM version is less than 1.8.0.01.00 AND Jre80.JRE80-COM-DOC version is less than 1.8.0.01.00 AND Jre80.JRE800-IPF32 version is less than 1.8.0.01.00 AND Jre80.JRE800-IPF32-HS version is less than 1.8.0.01.00 AND Jre80.JRE80-IPF64 version is less than 1.8.0.01.00 AND Jre80.JRE80-IPF64-HS version is less than 1.8.0.01.00

Definition Id: oval:org.mitre.oval:def:28526

Oval ID:	oval:org.mitre.oval:def:28526
Title:	JRE and JDK Vulnerability on HPUX
Description:	Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-6458	Version:	4
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
Criteria meets HP Security Bulletin HPSBUX03219 HP-UX B.11.31 AND filesets tests Jdk80.JDK80-COM version is less than 1.8.0.01.00 AND Jdk80.JDK80-IPF32 version is less than 1.8.0.01.00 AND Jdk80.JDK80-IPF64 version is less than 1.8.0.01.00 AND Jdk80.JDK80-DEMO version is less than 1.8.0.01.00 AND Jre80.JRE80-COM version is less than 1.8.0.01.00 AND Jre80.JRE80-COM-DOC version is less than 1.8.0.01.00 AND Jre80.JRE800-IPF32 version is less than 1.8.0.01.00 AND Jre80.JRE800-IPF32-HS version is less than 1.8.0.01.00 AND Jre80.JRE80-IPF64 version is less than 1.8.0.01.00 AND Jre80.JRE80-IPF64-HS version is less than 1.8.0.01.00

Definition Id: oval:org.mitre.oval:def:28550

Oval ID:	oval:org.mitre.oval:def:28550
Title:	JRE and JDK Vulnerability on HPUX
Description:	Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Libraries.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-6512	Version:	4
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
Criteria meets HP Security Bulletin HPSBUX03219 HP-UX B.11.31 AND filesets tests Jdk80.JDK80-COM version is less than 1.8.0.01.00 AND Jdk80.JDK80-IPF32 version is less than 1.8.0.01.00 AND Jdk80.JDK80-IPF64 version is less than 1.8.0.01.00 AND Jdk80.JDK80-DEMO version is less than 1.8.0.01.00 AND Jre80.JRE80-COM version is less than 1.8.0.01.00 AND Jre80.JRE80-COM-DOC version is less than 1.8.0.01.00 AND Jre80.JRE800-IPF32 version is less than 1.8.0.01.00 AND Jre80.JRE800-IPF32-HS version is less than 1.8.0.01.00 AND Jre80.JRE80-IPF64 version is less than 1.8.0.01.00 AND Jre80.JRE80-IPF64-HS version is less than 1.8.0.01.00

Definition Id: oval:org.mitre.oval:def:28559

Oval ID:	oval:org.mitre.oval:def:28559
Title:	JRE and JDK Vulnerability on HPUX
Description:	Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect integrity via unknown vectors related to Libraries.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-6502	Version:	4
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
Criteria meets HP Security Bulletin HPSBUX03219 HP-UX B.11.31 AND filesets tests Jdk80.JDK80-COM version is less than 1.8.0.01.00 AND Jdk80.JDK80-IPF32 version is less than 1.8.0.01.00 AND Jdk80.JDK80-IPF64 version is less than 1.8.0.01.00 AND Jdk80.JDK80-DEMO version is less than 1.8.0.01.00 AND Jre80.JRE80-COM version is less than 1.8.0.01.00 AND Jre80.JRE80-COM-DOC version is less than 1.8.0.01.00 AND Jre80.JRE800-IPF32 version is less than 1.8.0.01.00 AND Jre80.JRE800-IPF32-HS version is less than 1.8.0.01.00 AND Jre80.JRE80-IPF64 version is less than 1.8.0.01.00 AND Jre80.JRE80-IPF64-HS version is less than 1.8.0.01.00

Definition Id: oval:org.mitre.oval:def:28566

Oval ID:	oval:org.mitre.oval:def:28566
Title:	JRE and JDK Vulnerability on HPUX
Description:	Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6527.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-6476	Version:	4
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
Criteria meets HP Security Bulletin HPSBUX03219 HP-UX B.11.31 AND filesets tests Jdk80.JDK80-COM version is less than 1.8.0.01.00 AND Jdk80.JDK80-IPF32 version is less than 1.8.0.01.00 AND Jdk80.JDK80-IPF64 version is less than 1.8.0.01.00 AND Jdk80.JDK80-DEMO version is less than 1.8.0.01.00 AND Jre80.JRE80-COM version is less than 1.8.0.01.00 AND Jre80.JRE80-COM-DOC version is less than 1.8.0.01.00 AND Jre80.JRE800-IPF32 version is less than 1.8.0.01.00 AND Jre80.JRE800-IPF32-HS version is less than 1.8.0.01.00 AND Jre80.JRE80-IPF64 version is less than 1.8.0.01.00 AND Jre80.JRE80-IPF64-HS version is less than 1.8.0.01.00

Definition Id: oval:org.mitre.oval:def:28595

Oval ID:	oval:org.mitre.oval:def:28595
Title:	Potential security vulnerabilities have been identified in the Java Runtime Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities.
Description:	The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-3566	Version:	4
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
platforms HP-UX B.11.11 AND HP-UX B.11.23 AND HP-UX B.11.31 AND filesets test Jdk60.JDK60 version is less than 1.6.0.25.00 AND Jdk60.JDK60-COM version is less than 1.6.0.25.00 AND Jdk60.JDK60-IPF32 version is less than 1.6.0.25.00 AND Jdk60.JDK60-IPF64 version is less than 1.6.0.25.00 AND Jdk60.JDK60-PNV2 version is less than 1.6.0.25.00 AND Jdk60.JDK60-PWV2 version is less than 1.6.0.25.00 AND Jdk60.JDK60-PA20 version is less than 1.6.0.25.00 AND Jdk60.JDK60-PA20W version is less than 1.6.0.25.00 AND Jre60.JRE60-PNV2 version is less than 1.6.0.25.00 AND Jre60.JRE60-PNV2-H version is less than 1.6.0.25.00 AND Jre60.JRE60-PWV2 version is less than 1.6.0.25.00 AND Jre60.JRE60-PWV2-H version is less than 1.6.0.25.00 AND Jre60.JRE60-COM version is less than 1.6.0.25.00 AND Jre60.JRE60-COM-DOC version is less than 1.6.0.25.00 AND Jre60.JRE60-PA20 version is less than 1.6.0.25.00 AND Jre60.JRE60-PA20-HS version is less than 1.6.0.25.00 AND Jre60.JRE60-PA20W version is less than 1.6.0.25.00 AND Jre60.JRE60-PA20W-HS version is less than 1.6.0.25.00 AND Jre60.JRE60-IPF32 version is less than 1.6.0.25.00 AND Jre60.JRE60-IPF32-HS version is less than 1.6.0.25.00 AND Jre60.JRE60-IPF64 version is less than 1.6.0.25.00 AND Jre60.JRE60-IPF64-HS version is less than 1.6.0.25.00

Definition Id: oval:org.mitre.oval:def:28619

Oval ID:	oval:org.mitre.oval:def:28619
Title:	JRE and JDK Vulnerability on HPUX
Description:	Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and JRockit R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Security.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-6558	Version:	4
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
Criteria meets HP Security Bulletin HPSBUX03219 HP-UX B.11.31 AND filesets tests Jdk80.JDK80-COM version is less than 1.8.0.01.00 AND Jdk80.JDK80-IPF32 version is less than 1.8.0.01.00 AND Jdk80.JDK80-IPF64 version is less than 1.8.0.01.00 AND Jdk80.JDK80-DEMO version is less than 1.8.0.01.00 AND Jre80.JRE80-COM version is less than 1.8.0.01.00 AND Jre80.JRE80-COM-DOC version is less than 1.8.0.01.00 AND Jre80.JRE800-IPF32 version is less than 1.8.0.01.00 AND Jre80.JRE800-IPF32-HS version is less than 1.8.0.01.00 AND Jre80.JRE80-IPF64 version is less than 1.8.0.01.00 AND Jre80.JRE80-IPF64-HS version is less than 1.8.0.01.00

Definition Id: oval:org.mitre.oval:def:28662

Oval ID:	oval:org.mitre.oval:def:28662
Title:	JRE and JDK Vulnerability on HPUX
Description:	Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality via unknown vectors related to 2D.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-6511	Version:	4
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
Criteria meets HP Security Bulletin HPSBUX03219 HP-UX B.11.31 AND filesets tests Jdk80.JDK80-COM version is less than 1.8.0.01.00 AND Jdk80.JDK80-IPF32 version is less than 1.8.0.01.00 AND Jdk80.JDK80-IPF64 version is less than 1.8.0.01.00 AND Jdk80.JDK80-DEMO version is less than 1.8.0.01.00 AND Jre80.JRE80-COM version is less than 1.8.0.01.00 AND Jre80.JRE80-COM-DOC version is less than 1.8.0.01.00 AND Jre80.JRE800-IPF32 version is less than 1.8.0.01.00 AND Jre80.JRE800-IPF32-HS version is less than 1.8.0.01.00 AND Jre80.JRE80-IPF64 version is less than 1.8.0.01.00 AND Jre80.JRE80-IPF64-HS version is less than 1.8.0.01.00

Definition Id: oval:org.mitre.oval:def:28678

Oval ID:	oval:org.mitre.oval:def:28678
Title:	SUSE-SU-2014:1558-1 -- Security update for pure-ftpd (moderate)
Description:	ure-ftpd was updated to fix one security issue and two non-security bugs: * SSLv2 and SSLv3 have been disabled to avoid the attack named POODLE (CVE-2014-3566, bnc#902229). * Added the disable_ascii option (bnc#828469). * Fixed wait on TLS handshake (bnc#856424). Security Issues: * CVE-2014-3566 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566>
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2014:1558-1 CVE-2014-3566	Version:	3
Platform(s):	SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Desktop 11	Product(s):	pure-ftpd
Definition Synopsis:
Operation system section SUSE Linux Enterprise Server 11.x is installed AND SUSE Linux Enterprise Desktop 11.x is installed AND pure-ftpd is earlier than 0:1.0.22-3.25.1

Definition Id: oval:org.mitre.oval:def:28697

Oval ID:	oval:org.mitre.oval:def:28697
Title:	JRE and JDK Vulnerability on HPUX
Description:	Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-6456	Version:	4
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
Criteria meets HP Security Bulletin HPSBUX03219 HP-UX B.11.31 AND filesets tests Jdk80.JDK80-COM version is less than 1.8.0.01.00 AND Jdk80.JDK80-IPF32 version is less than 1.8.0.01.00 AND Jdk80.JDK80-IPF64 version is less than 1.8.0.01.00 AND Jdk80.JDK80-DEMO version is less than 1.8.0.01.00 AND Jre80.JRE80-COM version is less than 1.8.0.01.00 AND Jre80.JRE80-COM-DOC version is less than 1.8.0.01.00 AND Jre80.JRE800-IPF32 version is less than 1.8.0.01.00 AND Jre80.JRE800-IPF32-HS version is less than 1.8.0.01.00 AND Jre80.JRE80-IPF64 version is less than 1.8.0.01.00 AND Jre80.JRE80-IPF64-HS version is less than 1.8.0.01.00

Definition Id: oval:org.mitre.oval:def:28740

Oval ID:	oval:org.mitre.oval:def:28740
Title:	JRE and JDK Vulnerability on HPUX
Description:	Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6503, and CVE-2014-6532.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-6493	Version:	4
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
Criteria meets HP Security Bulletin HPSBUX03219 HP-UX B.11.31 AND filesets tests Jdk80.JDK80-COM version is less than 1.8.0.01.00 AND Jdk80.JDK80-IPF32 version is less than 1.8.0.01.00 AND Jdk80.JDK80-IPF64 version is less than 1.8.0.01.00 AND Jdk80.JDK80-DEMO version is less than 1.8.0.01.00 AND Jre80.JRE80-COM version is less than 1.8.0.01.00 AND Jre80.JRE80-COM-DOC version is less than 1.8.0.01.00 AND Jre80.JRE800-IPF32 version is less than 1.8.0.01.00 AND Jre80.JRE800-IPF32-HS version is less than 1.8.0.01.00 AND Jre80.JRE80-IPF64 version is less than 1.8.0.01.00 AND Jre80.JRE80-IPF64-HS version is less than 1.8.0.01.00

Definition Id: oval:org.mitre.oval:def:28763

Oval ID:	oval:org.mitre.oval:def:28763
Title:	JRE and JDK Vulnerability on HPUX
Description:	Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-6515	Version:	4
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
Criteria meets HP Security Bulletin HPSBUX03219 HP-UX B.11.31 AND filesets tests Jdk80.JDK80-COM version is less than 1.8.0.01.00 AND Jdk80.JDK80-IPF32 version is less than 1.8.0.01.00 AND Jdk80.JDK80-IPF64 version is less than 1.8.0.01.00 AND Jdk80.JDK80-DEMO version is less than 1.8.0.01.00 AND Jre80.JRE80-COM version is less than 1.8.0.01.00 AND Jre80.JRE80-COM-DOC version is less than 1.8.0.01.00 AND Jre80.JRE800-IPF32 version is less than 1.8.0.01.00 AND Jre80.JRE800-IPF32-HS version is less than 1.8.0.01.00 AND Jre80.JRE80-IPF64 version is less than 1.8.0.01.00 AND Jre80.JRE80-IPF64-HS version is less than 1.8.0.01.00

Definition Id: oval:org.mitre.oval:def:28784

Oval ID:	oval:org.mitre.oval:def:28784
Title:	JRE and JDK Vulnerability on HPUX
Description:	Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6476.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-6527	Version:	4
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
Criteria meets HP Security Bulletin HPSBUX03219 HP-UX B.11.31 AND filesets tests Jdk80.JDK80-COM version is less than 1.8.0.01.00 AND Jdk80.JDK80-IPF32 version is less than 1.8.0.01.00 AND Jdk80.JDK80-IPF64 version is less than 1.8.0.01.00 AND Jdk80.JDK80-DEMO version is less than 1.8.0.01.00 AND Jre80.JRE80-COM version is less than 1.8.0.01.00 AND Jre80.JRE80-COM-DOC version is less than 1.8.0.01.00 AND Jre80.JRE800-IPF32 version is less than 1.8.0.01.00 AND Jre80.JRE800-IPF32-HS version is less than 1.8.0.01.00 AND Jre80.JRE80-IPF64 version is less than 1.8.0.01.00 AND Jre80.JRE80-IPF64-HS version is less than 1.8.0.01.00

Definition Id: oval:org.mitre.oval:def:28827

Oval ID:	oval:org.mitre.oval:def:28827
Title:	JRE and JDK Vulnerability on HPUX
Description:	Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6532.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-6503	Version:	4
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
Criteria meets HP Security Bulletin HPSBUX03219 HP-UX B.11.31 AND filesets tests Jdk80.JDK80-COM version is less than 1.8.0.01.00 AND Jdk80.JDK80-IPF32 version is less than 1.8.0.01.00 AND Jdk80.JDK80-IPF64 version is less than 1.8.0.01.00 AND Jdk80.JDK80-DEMO version is less than 1.8.0.01.00 AND Jre80.JRE80-COM version is less than 1.8.0.01.00 AND Jre80.JRE80-COM-DOC version is less than 1.8.0.01.00 AND Jre80.JRE800-IPF32 version is less than 1.8.0.01.00 AND Jre80.JRE800-IPF32-HS version is less than 1.8.0.01.00 AND Jre80.JRE80-IPF64 version is less than 1.8.0.01.00 AND Jre80.JRE80-IPF64-HS version is less than 1.8.0.01.00

Definition Id: oval:org.mitre.oval:def:28841

Oval ID:	oval:org.mitre.oval:def:28841
Title:	JRE and JDK Vulnerability on HPUX
Description:	Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3, and R28.3.3 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-6457	Version:	4
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
Criteria meets HP Security Bulletin HPSBUX03219 HP-UX B.11.31 AND filesets tests Jdk80.JDK80-COM version is less than 1.8.0.01.00 AND Jdk80.JDK80-IPF32 version is less than 1.8.0.01.00 AND Jdk80.JDK80-IPF64 version is less than 1.8.0.01.00 AND Jdk80.JDK80-DEMO version is less than 1.8.0.01.00 AND Jre80.JRE80-COM version is less than 1.8.0.01.00 AND Jre80.JRE80-COM-DOC version is less than 1.8.0.01.00 AND Jre80.JRE800-IPF32 version is less than 1.8.0.01.00 AND Jre80.JRE800-IPF32-HS version is less than 1.8.0.01.00 AND Jre80.JRE80-IPF64 version is less than 1.8.0.01.00 AND Jre80.JRE80-IPF64-HS version is less than 1.8.0.01.00

Definition Id: oval:org.mitre.oval:def:28914

Oval ID:	oval:org.mitre.oval:def:28914
Title:	JRE and JDK Vulnerability on HPUX
Description:	Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6493, CVE-2014-6503, and CVE-2014-6532.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-4288	Version:	4
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
Criteria meets HP Security Bulletin HPSBUX03219 HP-UX B.11.31 AND filesets tests Jdk80.JDK80-COM version is less than 1.8.0.01.00 AND Jdk80.JDK80-IPF32 version is less than 1.8.0.01.00 AND Jdk80.JDK80-IPF64 version is less than 1.8.0.01.00 AND Jdk80.JDK80-DEMO version is less than 1.8.0.01.00 AND Jre80.JRE80-COM version is less than 1.8.0.01.00 AND Jre80.JRE80-COM-DOC version is less than 1.8.0.01.00 AND Jre80.JRE800-IPF32 version is less than 1.8.0.01.00 AND Jre80.JRE800-IPF32-HS version is less than 1.8.0.01.00 AND Jre80.JRE80-IPF64 version is less than 1.8.0.01.00 AND Jre80.JRE80-IPF64-HS version is less than 1.8.0.01.00

Definition Id: oval:org.mitre.oval:def:28940

Oval ID:	oval:org.mitre.oval:def:28940
Title:	JRE and JDK Vulnerability on HPUX
Description:	Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6503.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-6532	Version:	4
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
Criteria meets HP Security Bulletin HPSBUX03219 HP-UX B.11.31 AND filesets tests Jdk80.JDK80-COM version is less than 1.8.0.01.00 AND Jdk80.JDK80-IPF32 version is less than 1.8.0.01.00 AND Jdk80.JDK80-IPF64 version is less than 1.8.0.01.00 AND Jdk80.JDK80-DEMO version is less than 1.8.0.01.00 AND Jre80.JRE80-COM version is less than 1.8.0.01.00 AND Jre80.JRE80-COM-DOC version is less than 1.8.0.01.00 AND Jre80.JRE800-IPF32 version is less than 1.8.0.01.00 AND Jre80.JRE800-IPF32-HS version is less than 1.8.0.01.00 AND Jre80.JRE80-IPF64 version is less than 1.8.0.01.00 AND Jre80.JRE80-IPF64-HS version is less than 1.8.0.01.00

Definition Id: oval:org.mitre.oval:def:28961

Oval ID:	oval:org.mitre.oval:def:28961
Title:	JRE and JDK Vulnerability on HPUX
Description:	Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-6506	Version:	4
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
Criteria meets HP Security Bulletin HPSBUX03219 HP-UX B.11.31 AND filesets tests Jdk80.JDK80-COM version is less than 1.8.0.01.00 AND Jdk80.JDK80-IPF32 version is less than 1.8.0.01.00 AND Jdk80.JDK80-IPF64 version is less than 1.8.0.01.00 AND Jdk80.JDK80-DEMO version is less than 1.8.0.01.00 AND Jre80.JRE80-COM version is less than 1.8.0.01.00 AND Jre80.JRE80-COM-DOC version is less than 1.8.0.01.00 AND Jre80.JRE800-IPF32 version is less than 1.8.0.01.00 AND Jre80.JRE800-IPF32-HS version is less than 1.8.0.01.00 AND Jre80.JRE80-IPF64 version is less than 1.8.0.01.00 AND Jre80.JRE80-IPF64-HS version is less than 1.8.0.01.00

Definition Id: oval:org.mitre.oval:def:29011

Oval ID:	oval:org.mitre.oval:def:29011
Title:	JRE and JDK Vulnerability on HPUX
Description:	Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when running on Firefox, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-6492	Version:	4
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
Criteria meets HP Security Bulletin HPSBUX03219 HP-UX B.11.31 AND filesets tests Jdk80.JDK80-COM version is less than 1.8.0.01.00 AND Jdk80.JDK80-IPF32 version is less than 1.8.0.01.00 AND Jdk80.JDK80-IPF64 version is less than 1.8.0.01.00 AND Jdk80.JDK80-DEMO version is less than 1.8.0.01.00 AND Jre80.JRE80-COM version is less than 1.8.0.01.00 AND Jre80.JRE80-COM-DOC version is less than 1.8.0.01.00 AND Jre80.JRE800-IPF32 version is less than 1.8.0.01.00 AND Jre80.JRE800-IPF32-HS version is less than 1.8.0.01.00 AND Jre80.JRE80-IPF64 version is less than 1.8.0.01.00 AND Jre80.JRE80-IPF64-HS version is less than 1.8.0.01.00

Definition Id: oval:org.mitre.oval:def:29152

Oval ID:	oval:org.mitre.oval:def:29152
Title:	Vulnerability in SSLv3 affects ftpd, sendmaild, imapd, and popd on AIX
Description:	The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-3566	Version:	5
Platform(s):	IBM AIX 6.1 IBM AIX 7.1	Product(s):
Definition Synopsis:
platforms IBM AIX 6.1 is installed AND IBM AIX 7.1 is installed AND filesets File Version Exists bos.net.tcp.server greater than or equal 6.1.0.0 AND bos.net.tcp.server less than or equal 6.1.8.18 OR File Version Exists bos.net.tcp.server greater than or equal 6.1.0.0 AND bos.net.tcp.server less than or equal 6.1.9.45 OR File Version Exists bos.net.tcp.server greater than or equal 7.1.0.0 AND bos.net.tcp.server less than or equal 7.1.2.18 OR File Version Exists bos.net.tcp.server greater than or equal 7.1.0.0 AND bos.net.tcp.server less than or equal 7.1.3.45 OR File Version Exists bos.net.tcp.client greater than or equal 6.1.0.0 AND bos.net.tcp.client less than or equal 6.1.8.19 OR File Version Exists bos.net.tcp.client greater than or equal 6.1.0.0 AND bos.net.tcp.client less than or equal 6.1.9.48 OR File Version Exists bos.net.tcp.client greater than or equal 7.1.0.0 AND bos.net.tcp.client less than or equal 7.1.2.18 OR File Version Exists bos.net.tcp.client greater than or equal 7.1.0.0 AND bos.net.tcp.client less than or equal 7.1.3.48

Definition Id: oval:org.mitre.oval:def:29233

Oval ID:	oval:org.mitre.oval:def:29233
Title:	SUSE-SU-2015:0108-1 -- Security update for evolution-data-server (moderate)
Description:	evolution-data-server was updated to disable support for SSLv3. This security issues was fixed: - SSLv3 POODLE attack (CVE-2014-3566)
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2015:0108-1 CVE-2014-3566	Version:	3
Platform(s):	SUSE Linux Enterprise Desktop 12	Product(s):	evolution-data-server
Definition Synopsis:
SUSE Linux Enterprise Desktop 12 is installed Packages match section evolution-data-server is earlier than 0:3.10.4-5.11 AND evolution-data-server-debuginfo is earlier than 0:3.10.4-5.11 AND evolution-data-server-debugsource is earlier than 0:3.10.4-5.11 AND libcamel-1_2-45 is earlier than 0:3.10.4-5.11 AND libcamel-1_2-45-32bit is earlier than 0:3.10.4-5.11 AND libcamel-1_2-45-debuginfo is earlier than 0:3.10.4-5.11 AND libcamel-1_2-45-debuginfo-32bit is earlier than 0:3.10.4-5.11 AND libebackend-1_2-7 is earlier than 0:3.10.4-5.11 AND libebackend-1_2-7-32bit is earlier than 0:3.10.4-5.11 AND libebackend-1_2-7-debuginfo is earlier than 0:3.10.4-5.11 AND libebackend-1_2-7-debuginfo-32bit is earlier than 0:3.10.4-5.11 AND libebook-1_2-14 is earlier than 0:3.10.4-5.11 AND libebook-1_2-14-32bit is earlier than 0:3.10.4-5.11 AND libebook-1_2-14-debuginfo is earlier than 0:3.10.4-5.11 AND libebook-1_2-14-debuginfo-32bit is earlier than 0:3.10.4-5.11 AND libebook-contacts-1_2-0 is earlier than 0:3.10.4-5.11 AND libebook-contacts-1_2-0-32bit is earlier than 0:3.10.4-5.11 AND libebook-contacts-1_2-0-debuginfo is earlier than 0:3.10.4-5.11 AND libebook-contacts-1_2-0-debuginfo-32bit is earlier than 0:3.10.4-5.11 AND libecal-1_2-16 is earlier than 0:3.10.4-5.11 AND libecal-1_2-16-32bit is earlier than 0:3.10.4-5.11 AND libecal-1_2-16-debuginfo is earlier than 0:3.10.4-5.11 AND libecal-1_2-16-debuginfo-32bit is earlier than 0:3.10.4-5.11 AND libedata-book-1_2-20 is earlier than 0:3.10.4-5.11 AND libedata-book-1_2-20-32bit is earlier than 0:3.10.4-5.11 AND libedata-book-1_2-20-debuginfo is earlier than 0:3.10.4-5.11 AND libedata-book-1_2-20-debuginfo-32bit is earlier than 0:3.10.4-5.11 AND libedata-cal-1_2-23 is earlier than 0:3.10.4-5.11 AND libedata-cal-1_2-23-32bit is earlier than 0:3.10.4-5.11 AND libedata-cal-1_2-23-debuginfo is earlier than 0:3.10.4-5.11 AND libedata-cal-1_2-23-debuginfo-32bit is earlier than 0:3.10.4-5.11 AND libedataserver-1_2-18 is earlier than 0:3.10.4-5.11 AND libedataserver-1_2-18-32bit is earlier than 0:3.10.4-5.11 AND libedataserver-1_2-18-debuginfo is earlier than 0:3.10.4-5.11 AND libedataserver-1_2-18-debuginfo-32bit is earlier than 0:3.10.4-5.11 AND evolution-data-server-lang is earlier than 0:3.10.4-5.11

CPE : Common Platform Enumeration

Type	Description	Count
Application	Apple Mac Os X cpe:2.3:a:apple:mac_os_x:10.5.6:::::::* cpe:2.3:a:apple:mac_os_x::::::::	2
Application	Ibm Java cpe:2.3:a:ibm:java:7.0.5.0:::::::* cpe:2.3:a:ibm:java:7.0.4.2:::::::* cpe:2.3:a:ibm:java:7.0.4.1:::::::* cpe:2.3:a:ibm:java:7.0.4.0:::::::* cpe:2.3:a:ibm:java:7.0.3.0:::::::* cpe:2.3:a:ibm:java:7.0.2.0:::::::* cpe:2.3:a:ibm:java:7.0.1.0:::::::* cpe:2.3:a:ibm:java:7.0.0.0:::::::* cpe:2.3:a:ibm:java:6.0.9.2:::::::* cpe:2.3:a:ibm:java:6.0.9.1:::::::* cpe:2.3:a:ibm:java:6.0.9.0:::::::* cpe:2.3:a:ibm:java:6.0.8.1:::::::* cpe:2.3:a:ibm:java:6.0.8.0:::::::* cpe:2.3:a:ibm:java:6.0.7.0:::::::* cpe:2.3:a:ibm:java:6.0.6.0:::::::* cpe:2.3:a:ibm:java:6.0.5.0:::::::* cpe:2.3:a:ibm:java:6.0.4.0:::::::* cpe:2.3:a:ibm:java:6.0.3.0:::::::* cpe:2.3:a:ibm:java:6.0.2.0:::::::* cpe:2.3:a:ibm:java:6.0.14.0:::::::* cpe:2.3:a:ibm:java:6.0.13.2:::::::* cpe:2.3:a:ibm:java:6.0.13.1:::::::* cpe:2.3:a:ibm:java:6.0.13.0:::::::* cpe:2.3:a:ibm:java:6.0.12.0:::::::* cpe:2.3:a:ibm:java:6.0.11.0:::::::* cpe:2.3:a:ibm:java:6.0.10.1:::::::* cpe:2.3:a:ibm:java:6.0.10.0:::::::* cpe:2.3:a:ibm:java:6.0.1.0:::::::* cpe:2.3:a:ibm:java:6.0.0.0:::::::* cpe:2.3:a:ibm:java:5.0.16.3:::::::* cpe:2.3:a:ibm:java:5.0.16.2:::::::* cpe:2.3:a:ibm:java:5.0.16.1:::::::* cpe:2.3:a:ibm:java:5.0.16.0:::::::* cpe:2.3:a:ibm:java:5.0.15.0:::::::* cpe:2.3:a:ibm:java:5.0.14.0:::::::* cpe:2.3:a:ibm:java:5.0.13.0:::::::* cpe:2.3:a:ibm:java:5.0.12.5:::::::* cpe:2.3:a:ibm:java:5.0.12.4:::::::* cpe:2.3:a:ibm:java:5.0.12.3:::::::* cpe:2.3:a:ibm:java:5.0.12.2:::::::* cpe:2.3:a:ibm:java:5.0.12.1:::::::* cpe:2.3:a:ibm:java:5.0.12.0:::::::* cpe:2.3:a:ibm:java:5.0.11.2:::::::* cpe:2.3:a:ibm:java:5.0.11.1:::::::* cpe:2.3:a:ibm:java:5.0.11.0:::::::* cpe:2.3:a:ibm:java:5.0.0.0:::::::*	46
Application	Ibm Vios cpe:2.3:a:ibm:vios:2.2.3.4:::::::* cpe:2.3:a:ibm:vios:2.2.3.3:::::::* cpe:2.3:a:ibm:vios:2.2.3.2:::::::* cpe:2.3:a:ibm:vios:2.2.3.1:::::::* cpe:2.3:a:ibm:vios:2.2.3.0:::::::* cpe:2.3:a:ibm:vios:2.2.2.5:::::::* cpe:2.3:a:ibm:vios:2.2.2.4:::::::* cpe:2.3:a:ibm:vios:2.2.2.3:::::::* cpe:2.3:a:ibm:vios:2.2.2.2:::::::* cpe:2.3:a:ibm:vios:2.2.2.1:::::::* cpe:2.3:a:ibm:vios:2.2.2.0:::::::* cpe:2.3:a:ibm:vios:2.2.1.9:::::::* cpe:2.3:a:ibm:vios:2.2.1.8:::::::* cpe:2.3:a:ibm:vios:2.2.1.7:::::::* cpe:2.3:a:ibm:vios:2.2.1.6:::::::* cpe:2.3:a:ibm:vios:2.2.1.5:::::::* cpe:2.3:a:ibm:vios:2.2.1.4:::::::* cpe:2.3:a:ibm:vios:2.2.1.3:::::::* cpe:2.3:a:ibm:vios:2.2.1.1:::::::* cpe:2.3:a:ibm:vios:2.2.1.0:::::::* cpe:2.3:a:ibm:vios:2.2.0.13:::::::* cpe:2.3:a:ibm:vios:2.2.0.12:::::::* cpe:2.3:a:ibm:vios:2.2.0.11:::::::* cpe:2.3:a:ibm:vios:2.2.0.10:::::::*	24
Application	Mozilla Firefox cpe:2.3:a:mozilla:firefox:-:::::::*	1
Application	Novell Suse Linux Enterprise Software Development Kit cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:12.0:::::::* cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:11.0:sp3::::::	2
Application	Openssl cpe:2.3:a:openssl:openssl:1.0.1i:::::::* cpe:2.3:a:openssl:openssl:1.0.1h:::::::* cpe:2.3:a:openssl:openssl:1.0.1g:::::::* cpe:2.3:a:openssl:openssl:1.0.1f:::::::* cpe:2.3:a:openssl:openssl:1.0.1e:::::::* cpe:2.3:a:openssl:openssl:1.0.1d:::::::* cpe:2.3:a:openssl:openssl:1.0.1c:::::::* cpe:2.3:a:openssl:openssl:1.0.1b:::::::* cpe:2.3:a:openssl:openssl:1.0.1a:::::::* cpe:2.3:a:openssl:openssl:1.0.1:-:::::: cpe:2.3:a:openssl:openssl:1.0.1:beta1:::::: cpe:2.3:a:openssl:openssl:1.0.1:beta3:::::: cpe:2.3:a:openssl:openssl:1.0.1:beta2:::::: cpe:2.3:a:openssl:openssl:1.0.0n:::::::* cpe:2.3:a:openssl:openssl:1.0.0m:::::::* cpe:2.3:a:openssl:openssl:1.0.0l:::::::* cpe:2.3:a:openssl:openssl:1.0.0k:::::::* cpe:2.3:a:openssl:openssl:1.0.0j:::::::* cpe:2.3:a:openssl:openssl:1.0.0i:::::::* cpe:2.3:a:openssl:openssl:1.0.0h:::::::* cpe:2.3:a:openssl:openssl:1.0.0g:::::::* cpe:2.3:a:openssl:openssl:1.0.0f:::::::* cpe:2.3:a:openssl:openssl:1.0.0e:::::::* cpe:2.3:a:openssl:openssl:1.0.0d:::::::* cpe:2.3:a:openssl:openssl:1.0.0c:::::::* cpe:2.3:a:openssl:openssl:1.0.0b:::::::* cpe:2.3:a:openssl:openssl:1.0.0a:::::::* cpe:2.3:a:openssl:openssl:1.0.0:beta3:::::: cpe:2.3:a:openssl:openssl:1.0.0:beta2:::::: cpe:2.3:a:openssl:openssl:1.0.0:beta5:::::: cpe:2.3:a:openssl:openssl:1.0.0:beta4:::::: cpe:2.3:a:openssl:openssl:1.0.0:beta1:::::: cpe:2.3:a:openssl:openssl:1.0.0:-:::::: cpe:2.3:a:openssl:openssl:0.9.8zb:::::::* cpe:2.3:a:openssl:openssl:0.9.8za:::::::* cpe:2.3:a:openssl:openssl:0.9.8z:::::::* cpe:2.3:a:openssl:openssl:0.9.8y:::::::* cpe:2.3:a:openssl:openssl:0.9.8x:::::::* cpe:2.3:a:openssl:openssl:0.9.8w:::::::* cpe:2.3:a:openssl:openssl:0.9.8v:::::::* cpe:2.3:a:openssl:openssl:0.9.8u:::::::* cpe:2.3:a:openssl:openssl:0.9.8t:::::::* cpe:2.3:a:openssl:openssl:0.9.8s:::::::* cpe:2.3:a:openssl:openssl:0.9.8r:::::::* cpe:2.3:a:openssl:openssl:0.9.8q:::::::* cpe:2.3:a:openssl:openssl:0.9.8p:::::::* cpe:2.3:a:openssl:openssl:0.9.8o:::::::* cpe:2.3:a:openssl:openssl:0.9.8n:::::::* cpe:2.3:a:openssl:openssl:0.9.8m:-:::::: cpe:2.3:a:openssl:openssl:0.9.8m:beta1:::::: cpe:2.3:a:openssl:openssl:0.9.8l:::::::* cpe:2.3:a:openssl:openssl:0.9.8k:::::::* cpe:2.3:a:openssl:openssl:0.9.8j:::::::* cpe:2.3:a:openssl:openssl:0.9.8i:::::::* cpe:2.3:a:openssl:openssl:0.9.8h:::::::* cpe:2.3:a:openssl:openssl:0.9.8g:::::::* cpe:2.3:a:openssl:openssl:0.9.8f:::::::* cpe:2.3:a:openssl:openssl:0.9.8e:::::::* cpe:2.3:a:openssl:openssl:0.9.8d:::::::* cpe:2.3:a:openssl:openssl:0.9.8c:::::::* cpe:2.3:a:openssl:openssl:0.9.8b:::::::* cpe:2.3:a:openssl:openssl:0.9.8a:::::::* cpe:2.3:a:openssl:openssl:0.9.8:-::::::	63
Application	Oracle Database cpe:2.3:a:oracle:database:12.1.0.2:::::::* cpe:2.3:a:oracle:database:11.2.0.4:::::::*	2
Application	Oracle Jdk cpe:2.3:a:oracle:jdk:1.8.0:update20:::::: cpe:2.3:a:oracle:jdk:1.7.0:update60:::::: cpe:2.3:a:oracle:jdk:1.7.0:update67:::::: cpe:2.3:a:oracle:jdk:1.6.0:update81:::::: cpe:2.3:a:oracle:jdk:1.5.0:update_71::::::	5
Application	Oracle Jre cpe:2.3:a:oracle:jre:1.8.0:update_20:::::: cpe:2.3:a:oracle:jre:1.7.0:update_67:::::: cpe:2.3:a:oracle:jre:1.7.0:update60:::::: cpe:2.3:a:oracle:jre:1.6.0:update_81:::::: cpe:2.3:a:oracle:jre:1.5.0:update_71::::::	5
Application	Oracle Jrockit cpe:2.3:a:oracle:jrockit:r28.3.3:::::::* cpe:2.3:a:oracle:jrockit:r27.8.3:::::::*	2
Os	Apple Mac Os X cpe:2.3:o:apple:mac_os_x:10.9.5:::::::* cpe:2.3:o:apple:mac_os_x:10.9.4:::::::* cpe:2.3:o:apple:mac_os_x:10.9.3:::::::* cpe:2.3:o:apple:mac_os_x:10.9.2:::::::* cpe:2.3:o:apple:mac_os_x:10.9.1:::::::* cpe:2.3:o:apple:mac_os_x:10.9:::::::* cpe:2.3:o:apple:mac_os_x:10.8.5:::::::* cpe:2.3:o:apple:mac_os_x:10.8.5:supplemental_update:::::: cpe:2.3:o:apple:mac_os_x:10.8.4:::::::* cpe:2.3:o:apple:mac_os_x:10.8.3:::::::* cpe:2.3:o:apple:mac_os_x:10.8.2:::::::* cpe:2.3:o:apple:mac_os_x:10.8.1:::::::* cpe:2.3:o:apple:mac_os_x:10.8.0:::::::* cpe:2.3:o:apple:mac_os_x:10.7.5:::::::* cpe:2.3:o:apple:mac_os_x:10.7.4:::::::* cpe:2.3:o:apple:mac_os_x:10.7.3:::::::* cpe:2.3:o:apple:mac_os_x:10.7.2:::::::* cpe:2.3:o:apple:mac_os_x:10.7.1:::::::* cpe:2.3:o:apple:mac_os_x:10.7.0:::::::* cpe:2.3:o:apple:mac_os_x:10.6.9:::::::* cpe:2.3:o:apple:mac_os_x:10.6.8:::::::* cpe:2.3:o:apple:mac_os_x:10.6.7:::::::* cpe:2.3:o:apple:mac_os_x:10.6.6:::::::* cpe:2.3:o:apple:mac_os_x:10.6.5:::::::* cpe:2.3:o:apple:mac_os_x:10.6.4:::::::* cpe:2.3:o:apple:mac_os_x:10.6.3:::::::* cpe:2.3:o:apple:mac_os_x:10.6.2:::::::* cpe:2.3:o:apple:mac_os_x:10.6.1:::::::* cpe:2.3:o:apple:mac_os_x:10.6.1::server::::: cpe:2.3:o:apple:mac_os_x:10.6.0:::::::* cpe:2.3:o:apple:mac_os_x:10.6:::::::* cpe:2.3:o:apple:mac_os_x:10.6:server:::::: cpe:2.3:o:apple:mac_os_x:10.5.8:::::::* cpe:2.3:o:apple:mac_os_x:10.5.8::server::::: cpe:2.3:o:apple:mac_os_x:10.5.7:::::::* cpe:2.3:o:apple:mac_os_x:10.5.6:::::::* cpe:2.3:o:apple:mac_os_x:10.5.5:::::::* cpe:2.3:o:apple:mac_os_x:10.5.4:::::::* cpe:2.3:o:apple:mac_os_x:10.5.3:::::::* cpe:2.3:o:apple:mac_os_x:10.5.2:::::::* cpe:2.3:o:apple:mac_os_x:10.5.2:2008-002:::::: cpe:2.3:o:apple:mac_os_x:10.5.1:::::::* cpe:2.3:o:apple:mac_os_x:10.5.0:::::::* cpe:2.3:o:apple:mac_os_x:10.5:::::::* cpe:2.3:o:apple:mac_os_x:10.4.9:::::::* cpe:2.3:o:apple:mac_os_x:10.4.8:::::::* cpe:2.3:o:apple:mac_os_x:10.4.8::macbook::::: cpe:2.3:o:apple:mac_os_x:10.4.8::mac_mini::::: cpe:2.3:o:apple:mac_os_x:10.4.8::macbook_pro::::: cpe:2.3:o:apple:mac_os_x:10.4.7:::::::* cpe:2.3:o:apple:mac_os_x:10.4.6:::::::* cpe:2.3:o:apple:mac_os_x:10.4.5:::::::* cpe:2.3:o:apple:mac_os_x:10.4.4:::::::* cpe:2.3:o:apple:mac_os_x:10.4.3:::::::* cpe:2.3:o:apple:mac_os_x:10.4.2:::::::* cpe:2.3:o:apple:mac_os_x:10.4.11:::::::* cpe:2.3:o:apple:mac_os_x:10.4.10:::::::* cpe:2.3:o:apple:mac_os_x:10.4.1:::::::* cpe:2.3:o:apple:mac_os_x:10.4.0:::::::* cpe:2.3:o:apple:mac_os_x:10.4.:::::::* cpe:2.3:o:apple:mac_os_x:10.4:::::::* cpe:2.3:o:apple:mac_os_x:10.3.9:::::::* cpe:2.3:o:apple:mac_os_x:10.3.8:::::::* cpe:2.3:o:apple:mac_os_x:10.3.7:::::::* cpe:2.3:o:apple:mac_os_x:10.3.6:::::::* cpe:2.3:o:apple:mac_os_x:10.3.5:::::::* cpe:2.3:o:apple:mac_os_x:10.3.4:::::::* cpe:2.3:o:apple:mac_os_x:10.3.3:::::::* cpe:2.3:o:apple:mac_os_x:10.3.2:::::::* cpe:2.3:o:apple:mac_os_x:10.3.1:::::::* cpe:2.3:o:apple:mac_os_x:10.3.0:::::::* cpe:2.3:o:apple:mac_os_x:10.3:::::::* cpe:2.3:o:apple:mac_os_x:10.2.8:::::::* cpe:2.3:o:apple:mac_os_x:10.2.7:::::::* cpe:2.3:o:apple:mac_os_x:10.2.6:::::::* cpe:2.3:o:apple:mac_os_x:10.2.5:::::::* cpe:2.3:o:apple:mac_os_x:10.2.4:::::::* cpe:2.3:o:apple:mac_os_x:10.2.3:::::::* cpe:2.3:o:apple:mac_os_x:10.2.2:::::::* cpe:2.3:o:apple:mac_os_x:10.2.1:::::::* cpe:2.3:o:apple:mac_os_x:10.2.0:::::::* cpe:2.3:o:apple:mac_os_x:10.2:::::::* cpe:2.3:o:apple:mac_os_x:10.10.1:::::::* cpe:2.3:o:apple:mac_os_x:10.10.0:::::::* cpe:2.3:o:apple:mac_os_x:10.1.5:::::::* cpe:2.3:o:apple:mac_os_x:10.1.4:::::::* cpe:2.3:o:apple:mac_os_x:10.1.3:::::::* cpe:2.3:o:apple:mac_os_x:10.1.2:::::::* cpe:2.3:o:apple:mac_os_x:10.1.1:::::::* cpe:2.3:o:apple:mac_os_x:10.1.0:::::::* cpe:2.3:o:apple:mac_os_x:10.1:::::::* cpe:2.3:o:apple:mac_os_x:10.0.4:::::::* cpe:2.3:o:apple:mac_os_x:10.0.3:::::::* cpe:2.3:o:apple:mac_os_x:10.0.2:::::::* cpe:2.3:o:apple:mac_os_x:10.0.1:::::::* cpe:2.3:o:apple:mac_os_x:10.0.0:::::::* cpe:2.3:o:apple:mac_os_x:10.0:::::::* cpe:2.3:o:apple:mac_os_x:::::::: cpe:2.3:o:apple:mac_os_x:-:::::::*	99
Os	Debian Debian Linux cpe:2.3:o:debian:debian_linux:8.0:::::::* cpe:2.3:o:debian:debian_linux:7.0:::::::*	2
Os	Fedoraproject Fedora cpe:2.3:o:fedoraproject:fedora:21:::::::* cpe:2.3:o:fedoraproject:fedora:20:::::::* cpe:2.3:o:fedoraproject:fedora:19:::::::*	3
Os	Ibm Aix cpe:2.3:o:ibm:aix:7.1:::::::* cpe:2.3:o:ibm:aix:6.1:::::::* cpe:2.3:o:ibm:aix:5.3:::::::*	3
Os	Mageia cpe:2.3:o:mageia:mageia:4.0:::::::* cpe:2.3:o:mageia:mageia:3.0:::::::*	2
Os	Netbsd cpe:2.3:o:netbsd:netbsd:6.1.5:::::::* cpe:2.3:o:netbsd:netbsd:6.1.4:::::::* cpe:2.3:o:netbsd:netbsd:6.1.3:::::::* cpe:2.3:o:netbsd:netbsd:6.1.2:::::::* cpe:2.3:o:netbsd:netbsd:6.1.1:::::::* cpe:2.3:o:netbsd:netbsd:6.1:::::::* cpe:2.3:o:netbsd:netbsd:6.0.6:::::::* cpe:2.3:o:netbsd:netbsd:6.0.5:::::::* cpe:2.3:o:netbsd:netbsd:6.0.4:::::::* cpe:2.3:o:netbsd:netbsd:6.0.3:::::::* cpe:2.3:o:netbsd:netbsd:6.0.2:::::::* cpe:2.3:o:netbsd:netbsd:6.0.1:::::::* cpe:2.3:o:netbsd:netbsd:6.0:::::::* cpe:2.3:o:netbsd:netbsd:6.0:beta:::::: cpe:2.3:o:netbsd:netbsd:5.2.2:::::::* cpe:2.3:o:netbsd:netbsd:5.2.1:::::::* cpe:2.3:o:netbsd:netbsd:5.2:::::::* cpe:2.3:o:netbsd:netbsd:5.1.4:::::::* cpe:2.3:o:netbsd:netbsd:5.1.3:::::::* cpe:2.3:o:netbsd:netbsd:5.1.2:::::::* cpe:2.3:o:netbsd:netbsd:5.1.1:::::::* cpe:2.3:o:netbsd:netbsd:5.1:::::::*	22
Os	Novell Suse Linux Enterprise Desktop cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:-:::::: cpe:2.3:o:novell:suse_linux_enterprise_desktop:11.0:::::::* cpe:2.3:o:novell:suse_linux_enterprise_desktop:10.0:::::::* cpe:2.3:o:novell:suse_linux_enterprise_desktop:9.0:::::::*	4
Os	Novell Suse Linux Enterprise Server cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:-:::::: cpe:2.3:o:novell:suse_linux_enterprise_server:11.0:sp3::::vmware::*	2
Os	Opensuse cpe:2.3:o:opensuse:opensuse:13.1:::::::* cpe:2.3:o:opensuse:opensuse:12.3:::::::*	2
Os	Opensuse Suse Linux Enterprise Server cpe:2.3:o:opensuse:suse_linux_enterprise_server:11.0:sp3::::::	1
Os	Redhat Enterprise Linux cpe:2.3:o:redhat:enterprise_linux:5:::::::*	1
Os	Redhat Enterprise Linux Desktop cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::* cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*	2
Os	Redhat Enterprise Linux Desktop Supplementary cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:6.0:::::::* cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:5.0:::::::*	2
Os	Redhat Enterprise Linux Server cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::* cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*	2
Os	Redhat Enterprise Linux Server Supplementary cpe:2.3:o:redhat:enterprise_linux_server_supplementary:7.0:::::::* cpe:2.3:o:redhat:enterprise_linux_server_supplementary:6.0:::::::* cpe:2.3:o:redhat:enterprise_linux_server_supplementary:5.0:::::::*	3
Os	Redhat Enterprise Linux Workstation cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::* cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*	2
Os	Redhat Enterprise Linux Workstation Supplementary cpe:2.3:o:redhat:enterprise_linux_workstation_supplementary:7.0:::::::* cpe:2.3:o:redhat:enterprise_linux_workstation_supplementary:6.0:::::::*	2

OpenVAS Exploits

Date	Description
2014-10-16	Name : POODLE SSLv3 Protocol CBC ciphers Information Disclosure Vulnerability File : nvt/gb_poodel_sslv3_info_disc_vuln.nasl

Information Assurance Vulnerability Management (IAVM)

Date	Description
2015-07-16	IAVM : 2015-A-0154 - Multiple Vulnerabilities in Oracle Fusion Middleware Severity : Category I - VMSKEY : V0061081
2015-02-05	IAVM : 2015-B-0014 - Multiple Vulnerabilities in VMware ESXi 5.5 Severity : Category I - VMSKEY : V0058513
2015-02-05	IAVM : 2015-B-0013 - Multiple Vulnerabilities in VMware ESXi 5.1 Severity : Category I - VMSKEY : V0058515
2015-02-05	IAVM : 2015-B-0012 - Multiple Vulnerabilities in VMware ESXi 5.0 Severity : Category I - VMSKEY : V0058517

Snort® IPS/IDS

Date	Description
2014-12-18	SSLv3 CBC client connection attempt RuleID : 32566 - Revision : 2 - Type : POLICY-OTHER
2014-11-19	SSLv3 POODLE CBC padding brute force attempt RuleID : 32205 - Revision : 5 - Type : SERVER-OTHER
2014-11-19	SSLv3 POODLE CBC padding brute force attempt RuleID : 32204 - Revision : 5 - Type : SERVER-OTHER

Nessus® Vulnerability Scanner

Date	Description
2017-12-07	Name : The remote host is potentially affected by an SSL/TLS vulnerability. File : check_point_gaia_sk103683.nasl - Type : ACT_GATHER_INFO
2017-07-20	Name : The remote database server is affected by multiple vulnerabilities. File : oracle_rdbms_cpu_jul_2017.nasl - Type : ACT_GATHER_INFO
2017-04-12	Name : The remote openSUSE host is missing a security update. File : openSUSE-2017-459.nasl - Type : ACT_GATHER_INFO
2017-01-10	Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_03532a19d68e11e6917114dae9d210b8.nasl - Type : ACT_GATHER_INFO
2016-11-23	Name : The remote openSUSE host is missing a security update. File : openSUSE-2016-1339.nasl - Type : ACT_GATHER_INFO
2016-09-28	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-2396-1.nasl - Type : ACT_GATHER_INFO
2016-09-19	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-2329-1.nasl - Type : ACT_GATHER_INFO
2016-09-13	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-2285-1.nasl - Type : ACT_GATHER_INFO
2016-06-27	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201606-11.nasl - Type : ACT_GATHER_INFO
2016-06-17	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-1457-1.nasl - Type : ACT_GATHER_INFO
2016-05-13	Name : A web application running on the remote host is affected by multiple vulnerab... File : solarwinds_srm_profiler_6_2_3.nasl - Type : ACT_GATHER_INFO
2016-04-14	Name : The application installed on the remote host is affected by an information di... File : ibm_domino_swg21693142.nasl - Type : ACT_GATHER_INFO
2016-03-04	Name : The remote openSUSE host is missing a security update. File : openSUSE-2016-294.nasl - Type : ACT_GATHER_INFO
2016-02-25	Name : The remote Debian host is missing a security-related update. File : debian_DSA-3489.nasl - Type : ACT_GATHER_INFO
2016-01-25	Name : The remote Debian host is missing a security update. File : debian_DLA-400.nasl - Type : ACT_GATHER_INFO
2015-12-11	Name : The remote multi-function device is affected by multiple vulnerabilities. File : xerox_xrx15ad_colorqube.nasl - Type : ACT_GATHER_INFO
2015-12-11	Name : The remote multi-function device is affected by multiple vulnerabilities. File : xerox_xrx15aj.nasl - Type : ACT_GATHER_INFO
2015-12-11	Name : The remote multi-function device is affected by multiple vulnerabilities. File : xerox_xrx15am.nasl - Type : ACT_GATHER_INFO
2015-11-20	Name : The remote host is running a remote management application that is affected b... File : solarwinds_dameware_mini_remote_control_v12_0_hotfix_2.nasl - Type : ACT_GATHER_INFO
2015-10-16	Name : The remote Fedora host is missing a security update. File : fedora_2015-9090.nasl - Type : ACT_GATHER_INFO
2015-10-16	Name : The remote Fedora host is missing a security update. File : fedora_2015-9110.nasl - Type : ACT_GATHER_INFO
2015-10-02	Name : The remote Mac OS X host has an application installed that is affected by mul... File : macosx_xcode_7_0.nasl - Type : ACT_GATHER_INFO
2015-08-03	Name : The remote web server is affected by multiple vulnerabilities. File : hpsmh_7_4_1.nasl - Type : ACT_GATHER_INFO
2015-07-27	Name : The remote Debian host is missing a security update. File : debian_DLA-282.nasl - Type : ACT_GATHER_INFO
2015-07-14	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201507-14.nasl - Type : ACT_GATHER_INFO
2015-06-19	Name : The remote AIX host is missing a security patch. File : aix_IV69768.nasl - Type : ACT_GATHER_INFO
2015-06-19	Name : The remote AIX host is missing a security patch. File : aix_IV73316.nasl - Type : ACT_GATHER_INFO
2015-06-19	Name : The remote AIX host is missing a security patch. File : aix_IV73319.nasl - Type : ACT_GATHER_INFO
2015-06-19	Name : The remote AIX host is missing a security patch. File : aix_IV73324.nasl - Type : ACT_GATHER_INFO
2015-06-19	Name : The remote AIX host is missing a security patch. File : aix_IV73416.nasl - Type : ACT_GATHER_INFO
2015-06-19	Name : The remote AIX host is missing a security patch. File : aix_IV73417.nasl - Type : ACT_GATHER_INFO
2015-06-19	Name : The remote AIX host is missing a security patch. File : aix_IV73418.nasl - Type : ACT_GATHER_INFO
2015-06-19	Name : The remote AIX host is missing a security patch. File : aix_IV73419.nasl - Type : ACT_GATHER_INFO
2015-06-19	Name : The remote AIX host is missing a security patch. File : aix_IV73973.nasl - Type : ACT_GATHER_INFO
2015-06-19	Name : The remote AIX host is missing a security patch. File : aix_IV73974.nasl - Type : ACT_GATHER_INFO
2015-06-19	Name : The remote AIX host is missing a security patch. File : aix_IV73975.nasl - Type : ACT_GATHER_INFO
2015-06-19	Name : The remote AIX host is missing a security patch. File : aix_IV73976.nasl - Type : ACT_GATHER_INFO
2015-06-12	Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2015-0068.nasl - Type : ACT_GATHER_INFO
2015-05-26	Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_384fc0b2014411e58fda002590263bf5.nasl - Type : ACT_GATHER_INFO
2015-05-20	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2014-1387-1.nasl - Type : ACT_GATHER_INFO
2015-05-20	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2014-1422-1.nasl - Type : ACT_GATHER_INFO
2015-05-20	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2014-1512-1.nasl - Type : ACT_GATHER_INFO
2015-05-20	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2014-1524-1.nasl - Type : ACT_GATHER_INFO
2015-05-20	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2015-0503-1.nasl - Type : ACT_GATHER_INFO
2015-05-11	Name : The remote Debian host is missing a security-related update. File : debian_DSA-3253.nasl - Type : ACT_GATHER_INFO
2015-05-01	Name : The remote host has a virtualization management application installed that is... File : vmware_vcenter_vmsa-2015-0003.nasl - Type : ACT_GATHER_INFO
2015-04-28	Name : The remote host is missing a security update for OS X Server. File : macosx_server_4_1.nasl - Type : ACT_GATHER_INFO
2015-04-20	Name : The remote web server is affected by multiple vulnerabilities. File : glassfish_cpu_apr_2015.nasl - Type : ACT_GATHER_INFO
2015-04-20	Name : The remote Windows host has an application installed that is affected by mult... File : vmware_vcenter_chargeback_manager_vmsa_2015_0003.nasl - Type : ACT_GATHER_INFO
2015-04-13	Name : The remote Windows host has an application installed that is affected by mult... File : vmware_horizon_view_VMSA-2015-0003.nasl - Type : ACT_GATHER_INFO
2015-04-13	Name : The remote host has a device management application installed that is affecte... File : vmware_workspace_portal_vmsa2015-0003.nasl - Type : ACT_GATHER_INFO
2015-04-10	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2015-198.nasl - Type : ACT_GATHER_INFO
2015-04-10	Name : The remote Linux host has a virtualization application installed that is miss... File : vcenter_operations_manager_vmsa_2015-0003-linux.nasl - Type : ACT_GATHER_INFO
2015-04-10	Name : The remote host has a virtualization application installed that is missing a ... File : vcenter_operations_manager_vmsa_2015-0003-vapp.nasl - Type : ACT_GATHER_INFO
2015-04-10	Name : The remote Windows host has a virtualization application installed that is mi... File : vcenter_operations_manager_vmsa_2015-0003-win.nasl - Type : ACT_GATHER_INFO
2015-03-30	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2015-062.nasl - Type : ACT_GATHER_INFO
2015-03-26	Name : The remote Debian host is missing a security update. File : debian_DLA-157.nasl - Type : ACT_GATHER_INFO
2015-03-26	Name : The remote Debian host is missing a security update. File : debian_DLA-81.nasl - Type : ACT_GATHER_INFO
2015-03-26	Name : The remote Debian host is missing a security update. File : debian_DLA-96.nasl - Type : ACT_GATHER_INFO
2015-03-20	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-0698.nasl - Type : ACT_GATHER_INFO
2015-03-17	Name : The remote application server is affected by multiple vulnerabilities. File : websphere_7_0_0_37.nasl - Type : ACT_GATHER_INFO
2015-03-12	Name : The remote host has software installed that is affected by multiple vulnerabi... File : ibm_rational_clearquest_8_0_1_6.nasl - Type : ACT_GATHER_INFO
2015-03-05	Name : The remote Apache Tomcat server is affected by multiple vulnerabilities. File : tomcat_6_0_43.nasl - Type : ACT_GATHER_INFO
2015-03-05	Name : The remote Apache Tomcat server is affected by multiple vulnerabilities. File : tomcat_7_0_57.nasl - Type : ACT_GATHER_INFO
2015-03-05	Name : The remote Apache Tomcat server is affected by multiple vulnerabilities. File : tomcat_8_0_15.nasl - Type : ACT_GATHER_INFO
2015-02-25	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-0264.nasl - Type : ACT_GATHER_INFO
2015-02-24	Name : The remote AIX host has a version of Java SDK installed that is affected by m... File : aix_java_feb2015_advisory.nasl - Type : ACT_GATHER_INFO
2015-02-20	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_7_0-openjdk-150206.nasl - Type : ACT_GATHER_INFO
2015-02-18	Name : The remote application server is affected by multiple vulnerabilities. File : websphere_8_0_0_10.nasl - Type : ACT_GATHER_INFO
2015-02-16	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201502-12.nasl - Type : ACT_GATHER_INFO
2015-02-13	Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2015-480.nasl - Type : ACT_GATHER_INFO
2015-02-09	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2015-033.nasl - Type : ACT_GATHER_INFO
2015-02-03	Name : The remote openSUSE host is missing a security update. File : openSUSE-2015-91.nasl - Type : ACT_GATHER_INFO
2015-02-03	Name : The remote host has a virtualization management application installed that is... File : vmware_vcenter_vmsa-2015-0001.nasl - Type : ACT_GATHER_INFO
2015-02-02	Name : The remote Debian host is missing a security-related update. File : debian_DSA-3147.nasl - Type : ACT_GATHER_INFO
2015-01-30	Name : The remote Debian host is missing a security-related update. File : debian_DSA-3144.nasl - Type : ACT_GATHER_INFO
2015-01-29	Name : The remote host is missing a Mac OS X update that fixes multiple vulnerabilit... File : macosx_10_10_2.nasl - Type : ACT_GATHER_INFO
2015-01-29	Name : The remote host is missing a Mac OS X update that fixes multiple security iss... File : macosx_SecUpd2015-001.nasl - Type : ACT_GATHER_INFO
2015-01-29	Name : The remote VMware ESXi host is missing one or more security-related patches. File : vmware_VMSA-2015-0001.nasl - Type : ACT_GATHER_INFO
2015-01-29	Name : The remote VMware ESXi 5.5 host is affected by multiple vulnerabilities. File : vmware_esxi_5_5_build_2352327_remote.nasl - Type : ACT_GATHER_INFO
2015-01-28	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2486-1.nasl - Type : ACT_GATHER_INFO
2015-01-28	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2487-1.nasl - Type : ACT_GATHER_INFO
2015-01-27	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2015-0085.nasl - Type : ACT_GATHER_INFO
2015-01-27	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2015-0085.nasl - Type : ACT_GATHER_INFO
2015-01-27	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-0085.nasl - Type : ACT_GATHER_INFO
2015-01-27	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-0086.nasl - Type : ACT_GATHER_INFO
2015-01-27	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20150126_java_1_6_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2015-01-23	Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2015-471.nasl - Type : ACT_GATHER_INFO
2015-01-23	Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2015-472.nasl - Type : ACT_GATHER_INFO
2015-01-23	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-0079.nasl - Type : ACT_GATHER_INFO
2015-01-23	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-0080.nasl - Type : ACT_GATHER_INFO
2015-01-22	Name : The remote caching server is affected by multiple vulnerabilities. File : apache_traffic_server_511.nasl - Type : ACT_GATHER_INFO
2015-01-22	Name : The remote Windows host contains a programming platform that is affected by m... File : oracle_java_cpu_jan_2015.nasl - Type : ACT_GATHER_INFO
2015-01-22	Name : The remote Unix host contains a programming platform that is affected by mult... File : oracle_java_cpu_jan_2015_unix.nasl - Type : ACT_GATHER_INFO
2015-01-22	Name : The remote host has a version of Oracle Secure Global Desktop that is affecte... File : oracle_secure_global_desktop_jan_2015_cpu.nasl - Type : ACT_GATHER_INFO
2015-01-22	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2015-0067.nasl - Type : ACT_GATHER_INFO
2015-01-22	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2015-0068.nasl - Type : ACT_GATHER_INFO
2015-01-22	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2015-0069.nasl - Type : ACT_GATHER_INFO
2015-01-22	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20150121_java_1_7_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2015-01-22	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20150121_java_1_7_0_openjdk_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2015-01-22	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20150121_java_1_8_0_openjdk_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2015-01-21	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2015-0067.nasl - Type : ACT_GATHER_INFO
2015-01-21	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2015-0068.nasl - Type : ACT_GATHER_INFO
2015-01-21	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2015-0069.nasl - Type : ACT_GATHER_INFO
2015-01-21	Name : A clustered file system on the remote host is affected by multiple vulnerabil... File : ibm_gpfs_isg3T1021546_windows.nasl - Type : ACT_GATHER_INFO
2015-01-21	Name : The remote Windows host contains a programming platform that is affected by m... File : oracle_jrockit_cpu_jan_2015.nasl - Type : ACT_GATHER_INFO
2015-01-21	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-0067.nasl - Type : ACT_GATHER_INFO
2015-01-21	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-0068.nasl - Type : ACT_GATHER_INFO
2015-01-21	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-0069.nasl - Type : ACT_GATHER_INFO
2015-01-19	Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_openssl_20141104.nasl - Type : ACT_GATHER_INFO
2015-01-07	Name : The remote application server is affected by multiple vulnerabilities. File : websphere_8_5_5_4.nasl - Type : ACT_GATHER_INFO
2015-01-06	Name : The remote Fedora host is missing one or more security updates. File : fedora_2014-14237.nasl - Type : ACT_GATHER_INFO
2015-01-06	Name : The remote SuSE 11 host is missing a security update. File : suse_11_suseRegister-141121.nasl - Type : ACT_GATHER_INFO
2015-01-02	Name : The remote Fedora host is missing a security update. File : fedora_2014-17576.nasl - Type : ACT_GATHER_INFO
2015-01-02	Name : The remote Fedora host is missing a security update. File : fedora_2014-17587.nasl - Type : ACT_GATHER_INFO
2014-12-16	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2014-252.nasl - Type : ACT_GATHER_INFO
2014-12-15	Name : The remote Fedora host is missing one or more security updates. File : fedora_2014-15379.nasl - Type : ACT_GATHER_INFO
2014-12-15	Name : The remote Fedora host is missing one or more security updates. File : fedora_2014-15390.nasl - Type : ACT_GATHER_INFO
2014-12-15	Name : The remote Fedora host is missing one or more security updates. File : fedora_2014-15411.nasl - Type : ACT_GATHER_INFO
2014-12-05	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_compat-openssl097g-141202.nasl - Type : ACT_GATHER_INFO
2014-12-05	Name : The remote SuSE 11 host is missing a security update. File : suse_11_pure-ftpd-141120.nasl - Type : ACT_GATHER_INFO
2014-12-04	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-1948.nasl - Type : ACT_GATHER_INFO
2014-12-04	Name : A web application installed on the remote host is affected by an information ... File : hp_sitescope_hpsbmu03184.nasl - Type : ACT_GATHER_INFO
2014-12-04	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20141202_nss__nss_util__and_nss_softokn_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2014-12-04	Name : The remote web server contains an application that is affected by multiple vu... File : splunk_5011.nasl - Type : ACT_GATHER_INFO
2014-12-04	Name : The remote web server contains an application that is affected by multiple vu... File : splunk_607.nasl - Type : ACT_GATHER_INFO
2014-12-03	Name : The remote device is missing a vendor-supplied security update. File : cisco-sa-20141015-poodle-wlc.nasl - Type : ACT_GATHER_INFO
2014-12-03	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-1948.nasl - Type : ACT_GATHER_INFO
2014-12-03	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1948.nasl - Type : ACT_GATHER_INFO
2014-12-01	Name : The remote Debian host is missing a security-related update. File : debian_DSA-3080.nasl - Type : ACT_GATHER_INFO
2014-12-01	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-ibm-141119.nasl - Type : ACT_GATHER_INFO
2014-12-01	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_7_0-ibm-141121.nasl - Type : ACT_GATHER_INFO
2014-11-28	Name : The remote AIX host has a version of Java SDK installed that is affected by m... File : aix_java_oct2014_advisory.nasl - Type : ACT_GATHER_INFO
2014-11-28	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_evolution-data-server-141114.nasl - Type : ACT_GATHER_INFO
2014-11-27	Name : The remote Debian host is missing a security-related update. File : debian_DSA-3077.nasl - Type : ACT_GATHER_INFO
2014-11-26	Name : The remote printer service is potentially affected by an information disclosu... File : cups_2_0_1.nasl - Type : ACT_GATHER_INFO
2014-11-26	Name : The remote OracleVM host is missing a security update. File : oraclevm_OVMSA-2014-0032.nasl - Type : ACT_GATHER_INFO
2014-11-26	Name : The remote OracleVM host is missing a security update. File : oraclevm_OVMSA-2014-0037.nasl - Type : ACT_GATHER_INFO
2014-11-26	Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2014-0038.nasl - Type : ACT_GATHER_INFO
2014-11-26	Name : The remote OracleVM host is missing a security update. File : oraclevm_OVMSA-2014-0039.nasl - Type : ACT_GATHER_INFO
2014-11-26	Name : The remote OracleVM host is missing a security update. File : oraclevm_OVMSA-2014-0040.nasl - Type : ACT_GATHER_INFO
2014-11-26	Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2014-0041.nasl - Type : ACT_GATHER_INFO
2014-11-24	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201411-10.nasl - Type : ACT_GATHER_INFO
2014-11-24	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2014-218.nasl - Type : ACT_GATHER_INFO
2014-11-21	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1880.nasl - Type : ACT_GATHER_INFO
2014-11-21	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1881.nasl - Type : ACT_GATHER_INFO
2014-11-21	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1882.nasl - Type : ACT_GATHER_INFO
2014-11-20	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1876.nasl - Type : ACT_GATHER_INFO
2014-11-20	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1877.nasl - Type : ACT_GATHER_INFO
2014-11-19	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libwsman-devel-141021.nasl - Type : ACT_GATHER_INFO
2014-11-17	Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-671.nasl - Type : ACT_GATHER_INFO
2014-11-13	Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-647.nasl - Type : ACT_GATHER_INFO
2014-11-12	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-1636.nasl - Type : ACT_GATHER_INFO
2014-11-12	Name : The remote device is affected by a man-in-the-middle (MitM) information discl... File : cisco-sa-20141015-poodle-cucm.nasl - Type : ACT_GATHER_INFO
2014-11-12	Name : The remote Fedora host is missing a security update. File : fedora_2014-13777.nasl - Type : ACT_GATHER_INFO
2014-11-12	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_7_0-openjdk-141024.nasl - Type : ACT_GATHER_INFO
2014-11-11	Name : The remote Fedora host is missing one or more security updates. File : fedora_2014-13647.nasl - Type : ACT_GATHER_INFO
2014-11-11	Name : The remote Fedora host is missing one or more security updates. File : fedora_2014-14217.nasl - Type : ACT_GATHER_INFO
2014-11-11	Name : The remote Fedora host is missing one or more security updates. File : fedora_2014-14234.nasl - Type : ACT_GATHER_INFO
2014-11-11	Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-640.nasl - Type : ACT_GATHER_INFO
2014-11-08	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1657.nasl - Type : ACT_GATHER_INFO
2014-11-08	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1658.nasl - Type : ACT_GATHER_INFO
2014-11-08	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1692.nasl - Type : ACT_GATHER_INFO
2014-11-07	Name : The remote Fedora host is missing a security update. File : fedora_2014-13764.nasl - Type : ACT_GATHER_INFO
2014-11-07	Name : The remote Fedora host is missing one or more security updates. File : fedora_2014-13781.nasl - Type : ACT_GATHER_INFO
2014-11-07	Name : The remote Fedora host is missing a security update. File : fedora_2014-13794.nasl - Type : ACT_GATHER_INFO
2014-11-06	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libopenssl-devel-141024.nasl - Type : ACT_GATHER_INFO
2014-11-05	Name : The remote device is affected by multiple vulnerabilities. File : appletv_7_0_1.nasl - Type : ACT_GATHER_INFO
2014-11-04	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20141015_java_1_8_0_openjdk_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2014-11-03	Name : The remote Fedora host is missing a security update. File : fedora_2014-12951.nasl - Type : ACT_GATHER_INFO
2014-11-03	Name : The remote Fedora host is missing a security update. File : fedora_2014-13399.nasl - Type : ACT_GATHER_INFO
2014-11-03	Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_0dad911460cc11e49e840022156e8794.nasl - Type : ACT_GATHER_INFO
2014-10-31	Name : The remote AIX host has a version of OpenSSL installed that is affected by mu... File : aix_openssl_advisory11.nasl - Type : ACT_GATHER_INFO
2014-10-30	Name : The remote device is affected by a man-in-the-middle (MitM) information discl... File : cisco-sa-20141015-poodle-asa.nasl - Type : ACT_GATHER_INFO
2014-10-30	Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-605.nasl - Type : ACT_GATHER_INFO
2014-10-27	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2014-209.nasl - Type : ACT_GATHER_INFO
2014-10-24	Name : The remote host is affected by an information disclosure vulnerability. File : cisco_anyconnect_3_1_5187.nasl - Type : ACT_GATHER_INFO
2014-10-24	Name : The remote host is affected by an information disclosure vulnerability. File : macosx_cisco_anyconnect_3_1_5187.nasl - Type : ACT_GATHER_INFO
2014-10-24	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2014-203.nasl - Type : ACT_GATHER_INFO
2014-10-24	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2388-2.nasl - Type : ACT_GATHER_INFO
2014-10-23	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-1636.nasl - Type : ACT_GATHER_INFO
2014-10-23	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20141015_java_1_6_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2014-10-23	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20141015_java_1_7_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2014-10-23	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20141015_java_1_7_0_openjdk_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2014-10-23	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2388-1.nasl - Type : ACT_GATHER_INFO
2014-10-22	Name : A telephony application running on the remote host is affected by an informat... File : asterisk_ast_2014_011.nasl - Type : ACT_GATHER_INFO
2014-10-22	Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_76c7a0f5592811e4adc7001999f8d30b.nasl - Type : ACT_GATHER_INFO
2014-10-21	Name : The remote host is missing a security update for OS X Server. File : macosx_server_2_2_5.nasl - Type : ACT_GATHER_INFO
2014-10-21	Name : The remote host is missing a security update for OS X Server. File : macosx_server_3_2_2.nasl - Type : ACT_GATHER_INFO
2014-10-21	Name : The remote host is missing a security update for OS X Server. File : macosx_server_4_0.nasl - Type : ACT_GATHER_INFO
2014-10-20	Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2014-429.nasl - Type : ACT_GATHER_INFO
2014-10-20	Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2014-430.nasl - Type : ACT_GATHER_INFO
2014-10-20	Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2014-431.nasl - Type : ACT_GATHER_INFO
2014-10-20	Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2014-432.nasl - Type : ACT_GATHER_INFO
2014-10-20	Name : The remote Fedora host is missing a security update. File : fedora_2014-13069.nasl - Type : ACT_GATHER_INFO
2014-10-20	Name : The remote Fedora host is missing a security update. File : fedora_2014-13012.nasl - Type : ACT_GATHER_INFO
2014-10-20	Name : The remote Windows host contains a program that is affected by multiple vulne... File : stunnel_5_06.nasl - Type : ACT_GATHER_INFO
2014-10-17	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-1652.nasl - Type : ACT_GATHER_INFO
2014-10-17	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-1653.nasl - Type : ACT_GATHER_INFO
2014-10-17	Name : The remote Debian host is missing a security-related update. File : debian_DSA-3053.nasl - Type : ACT_GATHER_INFO
2014-10-17	Name : The remote host is missing a Mac OS X update that fixes multiple vulnerabilit... File : macosx_10_10.nasl - Type : ACT_GATHER_INFO
2014-10-17	Name : The remote host is missing a Mac OS X update that fixes multiple security iss... File : macosx_SecUpd2014-005.nasl - Type : ACT_GATHER_INFO
2014-10-17	Name : The remote service is affected by multiple vulnerabilities. File : openssl_0_9_8zc.nasl - Type : ACT_GATHER_INFO
2014-10-17	Name : The remote service is affected by multiple vulnerabilities. File : openssl_1_0_0o.nasl - Type : ACT_GATHER_INFO
2014-10-17	Name : The remote service is affected by multiple vulnerabilities. File : openssl_1_0_1j.nasl - Type : ACT_GATHER_INFO
2014-10-17	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-1652.nasl - Type : ACT_GATHER_INFO
2014-10-17	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-1653.nasl - Type : ACT_GATHER_INFO
2014-10-17	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1652.nasl - Type : ACT_GATHER_INFO
2014-10-17	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1653.nasl - Type : ACT_GATHER_INFO
2014-10-17	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20141016_openssl_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2014-10-17	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20141016_openssl_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2014-10-17	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2386-1.nasl - Type : ACT_GATHER_INFO
2014-10-16	Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2014-288-01.nasl - Type : ACT_GATHER_INFO
2014-10-16	Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2014-426.nasl - Type : ACT_GATHER_INFO
2014-10-16	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-1620.nasl - Type : ACT_GATHER_INFO
2014-10-16	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-1633.nasl - Type : ACT_GATHER_INFO
2014-10-16	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-1634.nasl - Type : ACT_GATHER_INFO
2014-10-16	Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_03175e62549411e49cc1bc5ff4fb5e7b.nasl - Type : ACT_GATHER_INFO
2014-10-16	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-1620.nasl - Type : ACT_GATHER_INFO
2014-10-16	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-1633.nasl - Type : ACT_GATHER_INFO
2014-10-15	Name : The remote Windows host contains a programming platform that is affected by m... File : oracle_java_cpu_oct_2014.nasl - Type : ACT_GATHER_INFO
2014-10-15	Name : The remote Unix host contains a programming platform that is affected by mult... File : oracle_java_cpu_oct_2014_unix.nasl - Type : ACT_GATHER_INFO
2014-10-15	Name : The remote Windows host contains a programming platform that is affected by m... File : oracle_jrockit_cpu_oct_2014.nasl - Type : ACT_GATHER_INFO
2014-10-15	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-1634.nasl - Type : ACT_GATHER_INFO
2014-10-15	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1620.nasl - Type : ACT_GATHER_INFO
2014-10-15	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1633.nasl - Type : ACT_GATHER_INFO
2014-10-15	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1634.nasl - Type : ACT_GATHER_INFO
2014-10-15	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1636.nasl - Type : ACT_GATHER_INFO
2014-10-15	Name : The remote host is affected by a remote information disclosure vulnerability. File : smb_kb3009008.nasl - Type : ACT_GATHER_INFO
2014-10-15	Name : It is possible to obtain sensitive information from the remote host with SSL/... File : ssl_poodle.nasl - Type : ACT_GATHER_INFO
2014-09-23	Name : The remote host has software installed that is affected by multiple vulnerabi... File : ibm_domino_9_0_1_fp2.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2016-02-19 21:28:53	Multiple Updates
2016-02-17 21:30:33	Multiple Updates
2016-02-12 09:29:01	Multiple Updates
2014-12-02 09:30:03	Multiple Updates
2014-11-22 13:24:08	Multiple Updates
2014-11-20 21:22:09	First insertion

Global Informations

Type	Count
CWE ID(s)	2
Oval ID(s)	63
CPE ID(s)	306
Openvas Exploit(s)	1
IAVM(s)	4
Snort® Rule(s)	3
Nessus® Exploit(s)	231

	Related
9.3	CVE-2014-6532
9.3	CVE-2014-6503
9.3	CVE-2014-6456
7.6	CVE-2014-6493
7.6	CVE-2014-6492
7.6	CVE-2014-4288
6.9	CVE-2014-6458
6.9	CVE-2014-3065
6.8	CVE-2014-6506
5	CVE-2014-6515
5	CVE-2014-6511
5	CVE-2014-6476
4.3	CVE-2014-6531
4.3	CVE-2014-6512
4	CVE-2014-6457
3.4	CVE-2014-3566
2.6	CVE-2014-6558
2.6	CVE-2014-6527
2.6	CVE-2014-6502
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 19 more Alert(s)

9.3 - RHSA-2014:1880

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

OVAL Definitions

CPE : Common Platform Enumeration

OpenVAS Exploits

Information Assurance Vulnerability Management (IAVM)

Snort® IPS/IDS

Nessus® Vulnerability Scanner

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU