10 - TA08-260A

Executive Summary

This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.

Summary
Title	Apple Updates for Multiple Vulnerabilities

Informations
Name	TA08-260A	First vendor Publication	2008-09-16
Vendor	US-CERT	Last vendor Modification	2008-09-16
Severity (Vendor)	N/A	Revision	N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score	10	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Apple has released Security Update 2008-006 and Mac OS X version 10.5.5 to correct multiple vulnerabilities affecting Apple Mac OS X and Mac OS X Server. Attackers could exploit these vulnerabilities to execute arbitrary code, gain access to sensitive information, or cause a denial of service.

I. Description

Apple Security Update 2008-006 and Apple Mac OS X version 10.5.5 address a number of vulnerabilities affecting Apple Mac OS X and Mac OS X Server versions prior to and including 10.4.11 and 10.5.4. The update also addresses vulnerabilities in other vendors' products that ship with Apple Mac OS X or Mac OS X Server.

II. Impact

The impacts of these vulnerabilities vary. Potential consequences include arbitrary code execution, sensitive information disclosure, denial of service, privilege escalation, or DNS cache poisoning.

III. Solution

Upgrade

Install Apple Security Update 2008-006 or Apple Mac OS X version 10.5.5.
These and other updates are available via Software Update or via Apple Downloads.

Original Source

Url : http://www.us-cert.gov/cas/techalerts/TA08-260A.html

CWE : Common Weakness Enumeration

%	Id	Name
23 %	CWE-399	Resource Management Errors
19 %	CWE-264	Permissions, Privileges, and Access Controls
16 %	CWE-119	Failure to Constrain Operations within the Bounds of a Memory Buffer
13 %	CWE-189	Numeric Errors (CWE/SANS Top 25)
6 %	CWE-287	Improper Authentication
6 %	CWE-255	Credentials Management
6 %	CWE-200	Information Exposure
3 %	CWE-331	Insufficient Entropy
3 %	CWE-79	Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)
3 %	CWE-20	Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10326

Oval ID:	oval:org.mitre.oval:def:10326
Title:	libpng 1.0.6 through 1.0.32, 1.2.0 through 1.2.26, and 1.4.0beta01 through 1.4.0beta19 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PNG file with zero length "unknown" chunks, which trigger an access of uninitialized memory.
Description:	libpng 1.0.6 through 1.0.32, 1.2.0 through 1.2.26, and 1.4.0beta01 through 1.4.0beta19 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PNG file with zero length "unknown" chunks, which trigger an access of uninitialized memory.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2008-1382	Version:	5
Platform(s):	Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section libpng10-devel is earlier than 0:1.0.16-3.el4_7.3 AND libpng-devel is earlier than 2:1.2.7-3.el4_7.2 AND libpng is earlier than 2:1.2.7-3.el4_7.2 AND libpng10 is earlier than 0:1.0.16-3.el4_7.3 OR OS Section: RHEL5, CentOS5, Oracle Linux 5 RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section libpng-devel is earlier than 2:1.2.10-7.1.el5_3.2 AND libpng is earlier than 2:1.2.10-7.1.el5_3.2

Definition Id: oval:org.mitre.oval:def:11489

Oval ID:	oval:org.mitre.oval:def:11489
Title:	Multiple buffer underflows in the (1) LZWDecode, (2) LZWDecodeCompat, and (3) LZWDecodeVector functions in tif_lzw.c in the LZW decoder in LibTIFF 3.8.2 and earlier allow context-dependent attackers to execute arbitrary code via a crafted TIFF file, related to improper handling of the CODE_CLEAR code.
Description:	Multiple buffer underflows in the (1) LZWDecode, (2) LZWDecodeCompat, and (3) LZWDecodeVector functions in tif_lzw.c in the LZW decoder in LibTIFF 3.8.2 and earlier allow context-dependent attackers to execute arbitrary code via a crafted TIFF file, related to improper handling of the CODE_CLEAR code.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2008-2327	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section libtiff is earlier than 0:3.5.7-31.el3 AND libtiff-devel is earlier than 0:3.5.7-31.el3 OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section libtiff is earlier than 0:3.6.1-12.el4_7.2 AND libtiff-devel is earlier than 0:3.6.1-12.el4_7.2 OR OS Section: RHEL5, CentOS5, Oracle Linux 5 RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section libtiff is earlier than 0:3.8.2-7.el5_2.2 AND libtiff-devel is earlier than 0:3.8.2-7.el5_2.2

Definition Id: oval:org.mitre.oval:def:12117

Oval ID:	oval:org.mitre.oval:def:12117
Title:	HP-UX Running BIND, Remote DNS Cache Poisoning
Description:	The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability" or "the Kaminsky bug."
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2008-1447	Version:	12
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
Criteria meets HP Security Bulletin HPSBUX02351 HP Release B.11.23 AND filesets tests InternetSrvcs.INETSVCS-INETD is installed AND InternetSrvcs.INETSVCS-RUN is installed AND InternetSrvcs.INETSVCS2-RUN is installed AND NOT Patch PHNE_37865 is installed OR Criteria meets HP Security Bulletin HPSBUX02351 HP Release B.11.11 AND BINDv920.INETSVCS-BIND version is less than B.11.11.01.015 OR Criteria meets HP Security Bulletin HPSBUX02351 HP Release B.11.23 AND filesets tests BindUpgrade.BIND-UPGRADE version is less than C.9.3.2.7.0 AND BindUpgrade.BIND2-UPGRADE version is less than C.9.3.2.7.0 OR Criteria meets HP Security Bulletin HPSBUX02351 HP Release B.11.11 AND InternetSrvcs.INETSVCS-RUN version is less than C.9.3.2.7.0 OR Criteria meets HP Security Bulletin HPSBUX02351 HP-UX B.11.31 AND filesets tests NameService.BIND-AUX version is less than C.9.3.2.7.0 AND NameService.BIND-RUN version is less than C.9.3.2.7.0

Definition Id: oval:org.mitre.oval:def:15851

Oval ID:	oval:org.mitre.oval:def:15851
Title:	Integer overflow in Apple QuickTime before 7.5.5 on Windows via a crafted PICT image, which triggers heap corruption
Description:	Integer overflow in Apple QuickTime before 7.5.5 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image, which triggers heap corruption.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2008-3614	Version:	6
Platform(s):	Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7	Product(s):	Apple QuickTime
Definition Synopsis:
Apple QuickTime is installed AND QuickTimePlayer.exe version is less than 7.5.5 (7.55.90.70)

Definition Id: oval:org.mitre.oval:def:17406

Oval ID:	oval:org.mitre.oval:def:17406
Title:	USN-597-1 -- openssh vulnerability
Description:	Timo Juhani Lindfors discovered that the OpenSSH client, when port forwarding was requested, would listen on any available address family.
Family:	unix	Class:	patch
Reference(s):	USN-597-1 CVE-2008-1483	Version:	5
Platform(s):	Ubuntu 6.06 Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10	Product(s):	openssh
Definition Synopsis:
Release section Ubuntu 6.06 is installed AND openssh-client DPKG is earlier than 1:4.2p1-7ubuntu3.3 AND Release section Ubuntu 6.10 is installed AND openssh-client DPKG is earlier than 1:4.3p2-5ubuntu1.2 AND Release section Ubuntu 7.04 is installed AND openssh-client DPKG is earlier than 1:4.3p2-8ubuntu1.2 AND Release section Ubuntu 7.10 is installed AND openssh-client DPKG is earlier than 1:4.6p1-5ubuntu0.2

Definition Id: oval:org.mitre.oval:def:17512

Oval ID:	oval:org.mitre.oval:def:17512
Title:	USN-627-1 -- dnsmasq vulnerability
Description:	Dan Kaminsky discovered weaknesses in the DNS protocol as implemented by Dnsmasq.
Family:	unix	Class:	patch
Reference(s):	USN-627-1 CVE-2008-1447	Version:	7
Platform(s):	Ubuntu 8.04	Product(s):	dnsmasq
Definition Synopsis:
Ubuntu 8.04 is installed AND dnsmasq-base DPKG is earlier than 2.41-2ubuntu2.1

Definition Id: oval:org.mitre.oval:def:17734

Oval ID:	oval:org.mitre.oval:def:17734
Title:	USN-622-1 -- bind9 vulnerability
Description:	Dan Kaminsky discovered weaknesses in the DNS protocol as implemented by Bind.
Family:	unix	Class:	patch
Reference(s):	USN-622-1 CVE-2008-1447	Version:	5
Platform(s):	Ubuntu 6.06 Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04	Product(s):	bind9
Definition Synopsis:
Release section Ubuntu 6.06 is installed AND libdns21 DPKG is earlier than 1:9.3.2-2ubuntu1.5 AND Release section Ubuntu 7.04 is installed AND libdns22 DPKG is earlier than 1:9.3.4-2ubuntu2.3 AND Release section Ubuntu 7.10 is installed AND libdns32 DPKG is earlier than 1:9.4.1-P1-3ubuntu2 AND Release section Ubuntu 8.04 is installed AND libdns35 DPKG is earlier than 1:9.4.2-10ubuntu0.1

Definition Id: oval:org.mitre.oval:def:17803

Oval ID:	oval:org.mitre.oval:def:17803
Title:	USN-639-1 -- tiff vulnerability
Description:	Drew Yao discovered that the TIFF library did not correctly validate LZW compressed TIFF images.
Family:	unix	Class:	patch
Reference(s):	USN-639-1 CVE-2008-2327	Version:	7
Platform(s):	Ubuntu 6.06 Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04	Product(s):	tiff
Definition Synopsis:
Release section Ubuntu 6.06 is installed AND libtiff4 DPKG is earlier than 3.7.4-1ubuntu3.3 AND Release section Ubuntu 7.04 is installed AND libtiff4 DPKG is earlier than 3.8.2-6ubuntu1 AND Release section Ubuntu 7.10 is installed AND libtiff4 DPKG is earlier than 3.8.2-7ubuntu2.1 AND Release section Ubuntu 8.04 is installed AND libtiff4 DPKG is earlier than 3.8.2-7ubuntu3.1

Definition Id: oval:org.mitre.oval:def:18179

Oval ID:	oval:org.mitre.oval:def:18179
Title:	DSA-1632-1 tiff - arbitrary code execution
Description:	Drew Yao discovered that libTIFF, a library for handling the Tagged Image File Format, is vulnerable to a programming error allowing malformed tiff files to lead to a crash or execution of arbitrary code.
Family:	unix	Class:	patch
Reference(s):	DSA-1632-1 CVE-2008-2327	Version:	7
Platform(s):	Debian GNU/Linux 4.0	Product(s):	tiff
Definition Synopsis:
Debian GNU/Linux 4.0 is installed. AND tiff DPKG is earlier than 3.8.2-7+etch1

Definition Id: oval:org.mitre.oval:def:18704

Oval ID:	oval:org.mitre.oval:def:18704
Title:	DSA-1623-1 dnsmasq - cache poisoning
Description:	Dan Kaminsky discovered that properties inherent to the DNS protocol lead to practical DNS cache poisoning attacks. Among other things, successful attacks can lead to misdirected web traffic and email rerouting.
Family:	unix	Class:	patch
Reference(s):	DSA-1623-1 CVE-2008-1447	Version:	7
Platform(s):	Debian GNU/Linux 4.0	Product(s):	dnsmasq
Definition Synopsis:
Debian GNU/Linux 4.0 is installed. AND dnsmasq DPKG is earlier than 2.35-1+etch4

Definition Id: oval:org.mitre.oval:def:18708

Oval ID:	oval:org.mitre.oval:def:18708
Title:	DSA-1549-1 clamav
Description:	Several remote vulnerabilities have been discovered in the Clam anti-virus toolkit.
Family:	unix	Class:	patch
Reference(s):	DSA-1549-1 CVE-2008-0314 CVE-2008-1100 CVE-2008-1833	Version:	7
Platform(s):	Debian GNU/Linux 4.0	Product(s):	clamav
Definition Synopsis:
Debian GNU/Linux 4.0 is installed. AND clamav DPKG is earlier than 0.90.1dfsg-3etch11

Definition Id: oval:org.mitre.oval:def:18724

Oval ID:	oval:org.mitre.oval:def:18724
Title:	DSA-1617-1 refpolicy - incompatible policy
Description:	In DSA-1603-1, Debian released an update to the BIND 9 domain name server, which introduced UDP source port randomization to mitigate the threat of DNS cache poisoning attacks (identified by the Common Vulnerabilities and Exposures project as <a href="http://security-tracker.debian.org/tracker/CVE-2008-1447">CVE-2008-1447</a>). The fix, while correct, was incompatible with the version of SELinux Reference Policy shipped with Debian Etch, which did not permit a process running in the named_t domain to bind sockets to UDP ports other than the standard 'domain' port (53). The incompatibility affects both the 'targeted' and 'strict' policy packages supplied by this version of refpolicy.
Family:	unix	Class:	patch
Reference(s):	DSA-1617-1 CVE-2008-1447	Version:	7
Platform(s):	Debian GNU/Linux 4.0	Product(s):	refpolicy
Definition Synopsis:
Debian GNU/Linux 4.0 is installed. AND refpolicy DPKG is earlier than 0.0.20061018-5.1+etch1

Definition Id: oval:org.mitre.oval:def:19900

Oval ID:	oval:org.mitre.oval:def:19900
Title:	DSA-1603-1 bind9 - cache poisoning
Description:	Dan Kaminsky discovered that properties inherent to the DNS protocol lead to practical DNS cache poisoning attacks. Among other things, successful attacks can lead to misdirected web traffic and email rerouting.
Family:	unix	Class:	patch
Reference(s):	DSA-1603-1 CVE-2008-1447	Version:	5
Platform(s):	Debian GNU/Linux 4.0	Product(s):	bind9
Definition Synopsis:
Debian GNU/Linux 4.0 is installed. AND bind9 DPKG is earlier than 1:9.3.4-2etch3

Definition Id: oval:org.mitre.oval:def:20201

Oval ID:	oval:org.mitre.oval:def:20201
Title:	DSA-1612-1 ruby1.8 - several vulnerabilities
Description:	Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may lead to denial of service or the execution of arbitrary code.
Family:	unix	Class:	patch
Reference(s):	DSA-1612-1 CVE-2008-2662 CVE-2008-2663 CVE-2008-2664 CVE-2008-2725 CVE-2008-2726 CVE-2008-2376	Version:	5
Platform(s):	Debian GNU/Linux 4.0	Product(s):	ruby1.8
Definition Synopsis:
Debian GNU/Linux 4.0 is installed. AND ruby1.8 DPKG is earlier than 0:1.8.5-4etch2

Definition Id: oval:org.mitre.oval:def:20314

Oval ID:	oval:org.mitre.oval:def:20314
Title:	DSA-1618-1 ruby1.9 - several vulnerabilities
Description:	Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may lead to denial of service or the execution of arbitrary code.
Family:	unix	Class:	patch
Reference(s):	DSA-1618-1 CVE-2008-2662 CVE-2008-2663 CVE-2008-2664 CVE-2008-2725 CVE-2008-2726 CVE-2008-2376	Version:	5
Platform(s):	Debian GNU/Linux 4.0	Product(s):	ruby1.9
Definition Synopsis:
Debian GNU/Linux 4.0 is installed. AND ruby1.9 DPKG is earlier than 0:1.9.0+20060609-1etch2

Definition Id: oval:org.mitre.oval:def:20342

Oval ID:	oval:org.mitre.oval:def:20342
Title:	DSA-1616-2 clamav - denial of service
Description:	Damian Put discovered a vulnerability in the ClamAV anti-virus toolkit's parsing of Petite-packed Win32 executables. The weakness leads to an invalid memory access, and could enable an attacker to crash clamav by supplying a maliciously crafted Petite-compressed binary for scanning. In some configurations, such as when clamav is used in combination with mail servers, this could cause a system to <q>fail open</q>, facilitating a follow-on viral attack.
Family:	unix	Class:	patch
Reference(s):	DSA-1616-2 CVE-2008-2713 CVE-2008-3215	Version:	5
Platform(s):	Debian GNU/Linux 4.0	Product(s):	clamav
Definition Synopsis:
Debian GNU/Linux 4.0 is installed. AND clamav DPKG is earlier than 0:0.90.1dfsg-3.1etch14

Definition Id: oval:org.mitre.oval:def:21762

Oval ID:	oval:org.mitre.oval:def:21762
Title:	ELSA-2008:0561: ruby security update (Moderate)
Description:	Integer overflow in the (1) rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2; and (2) the rb_ary_replace function in 1.6.x allows context-dependent attackers to trigger memory corruption, aka the "beg + rlen" issue. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.
Family:	unix	Class:	patch
Reference(s):	ELSA-2008:0561-01 CVE-2008-2662 CVE-2008-2663 CVE-2008-2664 CVE-2008-2725 CVE-2008-2726 CVE-2008-2376	Version:	29
Platform(s):	Oracle Linux 5	Product(s):	ruby
Definition Synopsis:
Oracle Linux 5.x rpm test ruby-docs is earlier than 0:1.8.5-5.el5_2.3 AND ruby-ri is earlier than 0:1.8.5-5.el5_2.3 AND ruby-mode is earlier than 0:1.8.5-5.el5_2.3 AND ruby-libs is earlier than 0:1.8.5-5.el5_2.3 AND ruby-tcltk is earlier than 0:1.8.5-5.el5_2.3 AND ruby-irb is earlier than 0:1.8.5-5.el5_2.3 AND ruby-rdoc is earlier than 0:1.8.5-5.el5_2.3 AND ruby is earlier than 0:1.8.5-5.el5_2.3 AND ruby-devel is earlier than 0:1.8.5-5.el5_2.3

Definition Id: oval:org.mitre.oval:def:21970

Oval ID:	oval:org.mitre.oval:def:21970
Title:	ELSA-2008:0533: bind security update (Important)
Description:	The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability" or "the Kaminsky bug."
Family:	unix	Class:	patch
Reference(s):	ELSA-2008:0533-02 CVE-2008-1447	Version:	6
Platform(s):	Oracle Linux 5	Product(s):	bind selinux-policy-targeted selinux-policy
Definition Synopsis:
Oracle Linux 5.x rpm test selinux-policy-devel is earlier than 0:2.4.6-137.1.el5_2 AND selinux-policy-mls is earlier than 0:2.4.6-137.1.el5_2 AND selinux-policy-targeted is earlier than 0:2.4.6-137.1.el5_2 AND selinux-policy-strict is earlier than 0:2.4.6-137.1.el5_2 AND selinux-policy is earlier than 0:2.4.6-137.1.el5_2 AND bind-libbind-devel is earlier than 30:9.3.4-6.0.2.P1.el5_2 AND bind-utils is earlier than 30:9.3.4-6.0.2.P1.el5_2 AND bind-devel is earlier than 30:9.3.4-6.0.2.P1.el5_2 AND bind-chroot is earlier than 30:9.3.4-6.0.2.P1.el5_2 AND bind-sdb is earlier than 30:9.3.4-6.0.2.P1.el5_2 AND bind is earlier than 30:9.3.4-6.0.2.P1.el5_2 AND bind-libs is earlier than 30:9.3.4-6.0.2.P1.el5_2 AND caching-nameserver is earlier than 30:9.3.4-6.0.2.P1.el5_2

Definition Id: oval:org.mitre.oval:def:22177

Oval ID:	oval:org.mitre.oval:def:22177
Title:	ELSA-2008:0789: dnsmasq security update (Moderate)
Description:	The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability" or "the Kaminsky bug."
Family:	unix	Class:	patch
Reference(s):	ELSA-2008:0789-01 CVE-2008-1447	Version:	6
Platform(s):	Oracle Linux 5	Product(s):	dnsmasq
Definition Synopsis:
Oracle Linux 5.x AND dnsmasq is earlier than 0:2.45-1.el5_2.1

Definition Id: oval:org.mitre.oval:def:22496

Oval ID:	oval:org.mitre.oval:def:22496
Title:	ELSA-2008:0847: libtiff security and bug fix update (Important)
Description:	Multiple buffer underflows in the (1) LZWDecode, (2) LZWDecodeCompat, and (3) LZWDecodeVector functions in tif_lzw.c in the LZW decoder in LibTIFF 3.8.2 and earlier allow context-dependent attackers to execute arbitrary code via a crafted TIFF file, related to improper handling of the CODE_CLEAR code.
Family:	unix	Class:	patch
Reference(s):	ELSA-2008:0847-01 CVE-2008-2327	Version:	6
Platform(s):	Oracle Linux 5	Product(s):	libtiff
Definition Synopsis:
Oracle Linux 5.x rpm test libtiff is earlier than 0:3.8.2-7.el5_2.2 AND libtiff-devel is earlier than 0:3.8.2-7.el5_2.2

Definition Id: oval:org.mitre.oval:def:28787

Oval ID:	oval:org.mitre.oval:def:28787
Title:	RHSA-2008:0533 -- bind security update (Important)
Description:	Updated bind packages that help mitigate DNS spoofing attacks are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. We have updated the Enterprise Linux 5 packages in this advisory. The default and sample caching-nameserver configuration files have been updated so that they do not specify a fixed query-source port. Administrators wishing to take advantage of randomized UDP source ports should check their configuration file to ensure they have not specified fixed query-source ports. ISC BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols.
Family:	unix	Class:	patch
Reference(s):	RHSA-2008:0533 CESA-2008:0533-CentOS 5 CESA-2008:0533-CentOS 2 CESA-2008:0533-CentOS 3 CVE-2008-1447	Version:	3
Platform(s):	Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 5 CentOS Linux 2 CentOS Linux 3	Product(s):	bind selinux-policy-targeted selinux-policy
Definition Synopsis:
Red Hat Enterprise Linux 5 release section The operating system installed on the system is Red Hat Enterprise Linux 5 Packages match section bind-chroot is earlier than 30:9.3.4-6.0.2.P1.el5_2 AND bind-devel is earlier than 30:9.3.4-6.0.2.P1.el5_2 AND bind-libbind-devel is earlier than 30:9.3.4-6.0.2.P1.el5_2 AND caching-nameserver is earlier than 30:9.3.4-6.0.2.P1.el5_2 AND selinux-policy-devel is earlier than 0:2.4.6-137.1.el5_2 AND bind is earlier than 30:9.3.4-6.0.2.P1.el5_2 AND bind-libs is earlier than 30:9.3.4-6.0.2.P1.el5_2 AND bind-sdb is earlier than 30:9.3.4-6.0.2.P1.el5_2 AND bind-utils is earlier than 30:9.3.4-6.0.2.P1.el5_2 AND selinux-policy is earlier than 0:2.4.6-137.1.el5_2 AND selinux-policy-mls is earlier than 0:2.4.6-137.1.el5_2 AND selinux-policy-strict is earlier than 0:2.4.6-137.1.el5_2 AND selinux-policy-targeted is earlier than 0:2.4.6-137.1.el5_2 AND Red Hat Enterprise Linux 3 release section The operating system installed on the system is Red Hat Enterprise Linux 3 Packages match section bind is earlier than 30:9.2.4-22.el3 AND bind-chroot is earlier than 30:9.2.4-22.el3 AND bind-devel is earlier than 30:9.2.4-22.el3 AND bind-libs is earlier than 30:9.2.4-22.el3 AND bind-utils is earlier than 30:9.2.4-22.el3 AND Red Hat Enterprise Linux 4 release section The operating system installed on the system is Red Hat Enterprise Linux 4 Packages match section bind is earlier than 30:9.2.4-28.0.1.el4 AND bind-chroot is earlier than 30:9.2.4-28.0.1.el4 AND bind-devel is earlier than 30:9.2.4-28.0.1.el4 AND bind-libs is earlier than 30:9.2.4-28.0.1.el4 AND bind-utils is earlier than 30:9.2.4-28.0.1.el4 AND selinux-policy-targeted is earlier than 0:1.17.30-2.150.el4 AND selinux-policy-targeted-sources is earlier than 0:1.17.30-2.150.el4 AND CentOS Linux 5 release section The operating system installed on the system is CentOS Linux 5.x Packages match section bind is earlier than 30:9.3.4-6.0.1.P1.el5_2 AND bind-chroot is earlier than 30:9.3.4-6.0.1.P1.el5_2 AND bind-devel is earlier than 30:9.3.4-6.0.1.P1.el5_2 AND bind-libbind-devel is earlier than 30:9.3.4-6.0.1.P1.el5_2 AND bind-libs is earlier than 30:9.3.4-6.0.1.P1.el5_2 AND bind-sdb is earlier than 30:9.3.4-6.0.1.P1.el5_2 AND bind-utils is earlier than 30:9.3.4-6.0.1.P1.el5_2 AND caching-nameserver is earlier than 30:9.3.4-6.0.1.P1.el5_2 AND selinux-policy is earlier than 0:2.4.6-137.1.el5 AND selinux-policy-devel is earlier than 0:2.4.6-137.1.el5 AND selinux-policy-mls is earlier than 0:2.4.6-137.1.el5 AND selinux-policy-strict is earlier than 0:2.4.6-137.1.el5 AND selinux-policy-targeted is earlier than 0:2.4.6-137.1.el5

Definition Id: oval:org.mitre.oval:def:28973

Oval ID:	oval:org.mitre.oval:def:28973
Title:	RHSA-2008:0847 -- libtiff security and bug fix update (Important)
Description:	Updated libtiff packages that fix a security issue and a bug are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. Multiple uses of uninitialized values were discovered in libtiff's Lempel-Ziv-Welch (LZW) compression algorithm decoder. An attacker could create a carefully crafted LZW-encoded TIFF file that would cause an application linked with libtiff to crash or, possibly, execute arbitrary code. (CVE-2008-2327)
Family:	unix	Class:	patch
Reference(s):	RHSA-2008:0847 CESA-2008:0847-CentOS 5 CVE-2008-2327	Version:	3
Platform(s):	Red Hat Enterprise Linux 5 CentOS Linux 5	Product(s):	libtiff
Definition Synopsis:
Operation system section The operating system installed on the system is Red Hat Enterprise Linux 5 AND The operating system installed on the system is CentOS Linux 5.x Packages match section libtiff-devel is earlier than 0:3.8.2-7.el5_2.2 AND libtiff is earlier than 0:3.8.2-7.el5_2.2

Definition Id: oval:org.mitre.oval:def:29167

Oval ID:	oval:org.mitre.oval:def:29167
Title:	RHSA-2008:0789 -- dnsmasq security update (Moderate)
Description:	An updated dnsmasq package that implements UDP source-port randomization is now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Dnsmasq is lightweight DNS forwarder and DHCP server. It is designed to provide DNS and, optionally, DHCP, to a small network. The dnsmasq DNS resolver used a fixed source UDP port. This could have made DNS spoofing attacks easier. dnsmasq has been updated to use random UDP source ports, helping to make DNS spoofing attacks harder. (CVE-2008-1447) All dnsmasq users are advised to upgrade to this updated package, that upgrades dnsmasq to version 2.45, which resolves this issue.
Family:	unix	Class:	patch
Reference(s):	RHSA-2008:0789 CVE-2008-1447	Version:	3
Platform(s):	Red Hat Enterprise Linux 5	Product(s):	dnsmasq
Definition Synopsis:
The operating system installed on the system is Red Hat Enterprise Linux 5 AND dnsmasq is earlier than 0:2.45-1.el5_2.1

Definition Id: oval:org.mitre.oval:def:5514

Oval ID:	oval:org.mitre.oval:def:5514
Title:	LibTIFF Buffer Underflow in Decoding LZW Data Lets Remote Users Execute Arbitrary Code
Description:	Multiple buffer underflows in the (1) LZWDecode, (2) LZWDecodeCompat, and (3) LZWDecodeVector functions in tif_lzw.c in the LZW decoder in LibTIFF 3.8.2 and earlier allow context-dependent attackers to execute arbitrary code via a crafted TIFF file, related to improper handling of the CODE_CLEAR code.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2008-2327	Version:	3
Platform(s):	VMWare ESX Server 3 VMWare ESX Server 3.5	Product(s):
Definition Synopsis:
IF VMWare ESX Server 3.0.3 is installed AND Patch ESX303-200810503-SG is not installed OR VMWare ESX Server 3.0.2 is installed AND Patch ESX-1006968 is not installed OR VMware ESX Server 3.5.0 is installed AND Patch ESX350-200811405-SG is not installed

Definition Id: oval:org.mitre.oval:def:5725

Oval ID:	oval:org.mitre.oval:def:5725
Title:	DNS Insufficient Socket Entropy Vulnerability
Description:	The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability" or "the Kaminsky bug."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2008-1447	Version:	3
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003	Product(s):
Definition Synopsis:
Win 2K SP4 and vulnerable version of file Microsoft Windows 2000 SP4 or later is installed AND Check for vulnerable version of server or client file dnsapi.dll version is less than 5.0.2195.7280 AND Dns.exe version is less than 5.0.2195.7162 OR Win XP SP2 X86 and vulnerable version of client file Microsoft Windows XP (x86) SP2 is installed AND dnsapi.dll version is less than 5.1.2600.3394 OR Win XP SP3 X86 and vulnerable version of client file Microsoft Windows XP (x86) SP3 is installed AND dnsapi.dll version is less than 5.1.2600.5625 OR Win XP X64 SP1 and vulnerable version of client file Microsoft Windows XP Professional x64 Edition SP1 is installed AND dnsapi.dll version is less than 5.2.3790.3161 OR Win XP X64 and vulnerable version of client file Microsoft Windows XP x64 Edition SP2 is installed AND dnsapi.dll version is less than 5.2.3790.4318 OR Win 2k3 SP1 and vulnerable version of client or server file Win 2K3 SP1 (X86/ X64/IA64) Microsoft Windows Server 2003 SP1 (x86) is installed AND Microsoft Windows Server 2003 (x64) is installed AND Microsoft Windows Server 2003 SP1 for Itanium is installed AND Check for vulnerable version of client or server file dnsapi.dll version is less than 5.2.3790.3161 AND dns.exe version is less than 5.2.3790.3161 OR Win 2k3 SP2 and vulnerable version of client or server file Win 2K3 SP2 (X86/ X64/IA64) Microsoft Windows Server 2003 SP2 (x86) is installed AND Microsoft Windows Server 2003 SP2 (x64) is installed AND Microsoft Windows Server 2003 (ia64) SP2 is installed AND Check for vulnerable version of client or server file dnsapi.dll version is less than 5.2.3790.4318 AND dns.exe version is less than 5.2.3790.4318

Definition Id: oval:org.mitre.oval:def:5761

Oval ID:	oval:org.mitre.oval:def:5761
Title:	HP-UX Running BIND, Remote DNS Cache Poisoning
Description:	The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability" or "the Kaminsky bug."
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2008-1447	Version:	9
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
Criteria meets HP Security Bulletin HPSBUX02351 HP Release B.11.11 AND BindUpgrade.BIND-UPGRADE version is less than C.9.3.2.3.0 OR Criteria meets HP Security Bulletin HPSBUX02351 HP Release B.11.23 AND filesets tests InternetSrvcs.INETSVCS-INETD is installed AND InternetSrvcs.INETSVCS-RUN is installed AND InternetSrvcs.INETSVCS2-RUN is installed AND NOT Patch PHNE_37865 is installed OR Criteria meets HP Security Bulletin HPSBUX02351 HP Release B.11.23 AND filesets tests BindUpgrade.BIND-UPGRADE version is less than C.9.3.2.3.0 AND BindUpgrade.BIND2-UPGRADE version is less than C.9.3.2.3.0 OR Criteria meets HP Security Bulletin HPSBUX02351 HP Release B.11.11 AND BINDv920.INETSVCS-BIND version is less than B.11.11.01.011 OR Criteria meets HP Security Bulletin HPSBUX02351 HP-UX B.11.31 AND filesets tests NameService.BIND-AUX version is less than C.9.3.2.3.0 AND NameService.BIND-RUN version is less than C.9.3.2.3.0

Definition Id: oval:org.mitre.oval:def:5917

Oval ID:	oval:org.mitre.oval:def:5917
Title:	Security Vulnerability in the DNS Protocol May Lead to DNS Cache Poisoning
Description:	The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability" or "the Kaminsky bug."
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2008-1447	Version:	1
Platform(s):	Sun Solaris 8 Sun Solaris 9 Sun Solaris 10	Product(s):
Definition Synopsis:
Software Section Solaris 8 (SPARC) meets Sun Alert 239392 Solaris 8 (SPARC) is installed AND NOT Patch 109326-23 or later installed OR Solaris 9 (SPARC) meets Sun Alert 239392 Solaris 9 (SPARC) is installed AND NOT Patch 112837-15 or later installed OR Solaris 10 (SPARC) meets Sun Alert 239392 Solaris 10 (SPARC) is installed AND NOT Patch 119783-06 or later installed OR Solaris 8 (x86) meets Sun Alert 239392 Solaris 8 (x86) is installed AND NOT Patch 109327-23 or later installed OR Solaris 9 (x86) meets Sun Alert 239392 Solaris 9 (x86) is installed AND NOT Patch 114265-14 or later installed OR Solaris 10 (x86) meets Sun Alert 239392 Solaris 10 (x86) is installed AND NOT Patch 119784-06 or later installed AND in.named running

Definition Id: oval:org.mitre.oval:def:6085

Oval ID:	oval:org.mitre.oval:def:6085
Title:	Security Vulnerability in Solaris SSH May Allow Unauthorized Access to X11 Sessions
Description:	OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 (IPv4) and sniffing a cookie sent by Emacs.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2008-1483	Version:	1
Platform(s):	Sun Solaris 9 Sun Solaris 10	Product(s):
Definition Synopsis:
Software Section Solaris 9 (SPARC) meets Sun Alert 237444 Solaris 9 (SPARC) is installed AND NOT Patch 114356-14 or later installed AND X11Forwarding is enabled OR Solaris 9 (x86) meets Sun Alert 237444 Solaris 9 (x86) is installed AND NOT Patch 114357-13 or later installed AND X11Forwarding is enabled OR Solaris 10 (SPARC) meets Sun Alert 237444 Solaris 10 (SPARC) is installed AND NOT Patch 126133-03 or later installed AND NOT X11Forwarding is not enabled OR Solaris 10 (x86) meets Sun Alert 237444 Solaris 10 (x86) is installed AND NOT Patch 126134-03 or later installed AND NOT X11Forwarding is not enabled AND Configuration Section sshd running

Definition Id: oval:org.mitre.oval:def:6275

Oval ID:	oval:org.mitre.oval:def:6275
Title:	mimeTeX and mathTeX Buffer Overflow and Command Injection Issues
Description:	libpng 1.0.6 through 1.0.32, 1.2.0 through 1.2.26, and 1.4.0beta01 through 1.4.0beta19 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PNG file with zero length "unknown" chunks, which trigger an access of uninitialized memory.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2008-1382	Version:	1
Platform(s):	VMWare ESX Server 3 VMWare ESX Server 3.5	Product(s):
Definition Synopsis:
IF VMWare ESX Server 3.0.3 is installed AND Patch ESX303-200905401-SG is not installed OR VMWare ESX Server 3.0.2 is installed AND Patch ESX-1008420 is not installed OR VMware ESX Server 3.5.0 is installed AND Patch ESX350-200904401-BG is not installed

Definition Id: oval:org.mitre.oval:def:7531

Oval ID:	oval:org.mitre.oval:def:7531
Title:	DSA-1623 dnsmasq -- DNS cache poisoning
Description:	Dan Kaminsky discovered that properties inherent to the DNS protocol lead to practical DNS cache poisoning attacks. Among other things, successful attacks can lead to misdirected web traffic and email rerouting. This update changes Debian's dnsmasq packages to implement the recommended countermeasure: UDP query source port randomization. This change increases the size of the space from which an attacker has to guess values in a backwards-compatible fashion and makes successful attacks significantly more difficult. This update also switches the random number generator to Dan Bernstein's SURF.
Family:	unix	Class:	patch
Reference(s):	DSA-1623 CVE-2008-1447	Version:	3
Platform(s):	Debian GNU/Linux 4.0	Product(s):	dnsmasq
Definition Synopsis:
Debian GNU/Linux 4.0 is installed. Supported architectures section Installed architecture is s390 AND Installed architecture is amd64 AND Installed architecture is sparc AND Installed architecture is arm AND Installed architecture is i386 AND Installed architecture is ia64 AND Installed architecture is mips AND Installed architecture is powerpc AND Installed architecture is mipsel AND Installed architecture is hppa AND dnsmasq is earlier than 2.35-1+etch4

Definition Id: oval:org.mitre.oval:def:7619

Oval ID:	oval:org.mitre.oval:def:7619
Title:	DSA-1632 tiff -- buffer underflow
Description:	Drew Yao discovered that libTIFF, a library for handling the Tagged Image File Format, is vulnerable to a programming error allowing malformed tiff files to lead to a crash or execution of arbitrary code.
Family:	unix	Class:	patch
Reference(s):	DSA-1632 CVE-2008-2327	Version:	3
Platform(s):	Debian GNU/Linux 4.0	Product(s):	tiff
Definition Synopsis:
Debian GNU/Linux 4.0 is installed. Supported architectures section Installed architecture is s390 AND Installed architecture is amd64 AND Installed architecture is sparc AND Installed architecture is powerpc AND Installed architecture is i386 AND Installed architecture is mips AND Installed architecture is ia64 AND Installed architecture is alpha AND Installed architecture is mipsel AND Installed architecture is hppa Packages section libtiff4 is earlier than 3.8.2-7+etch1 AND libtiff-opengl is earlier than 3.8.2-7+etch1 AND libtiffxx0c2 is earlier than 3.8.2-7+etch1 AND libtiff-tools is earlier than 3.8.2-7+etch1 AND libtiff4-dev is earlier than 3.8.2-7+etch1

Definition Id: oval:org.mitre.oval:def:7660

Oval ID:	oval:org.mitre.oval:def:7660
Title:	DSA-1617 refpolicy -- incompatible policy
Description:	In DSA-1603-1, Debian released an update to the BIND 9 domain name server, which introduced UDP source port randomization to mitigate the threat of DNS cache poisoning attacks (identified by the Common Vulnerabilities and Exposures project as CVE-2008-1447). The fix, while correct, was incompatible with the version of SELinux Reference Policy shipped with Debian Etch, which did not permit a process running in the named_t domain to bind sockets to UDP ports other than the standard "domain" port (53). The incompatibility affects both the "targeted" and "strict" policy packages supplied by this version of refpolicy. This update to the refpolicy packages grants the ability to bind to arbitrary UDP ports to named_t processes. When installed, the updated packages will attempt to update the bind policy module on systems where it had been previously loaded and where the previous version of refpolicy was 0.0.20061018-5 or below. Because the Debian refpolicy packages are not yet designed with policy module upgradeability in mind, and because SELinux-enabled Debian systems often have some degree of site-specific policy customization, it is difficult to assure that the new bind policy can be successfully upgraded. To this end, the package upgrade will not abort if the bind policy update fails. The new policy module can be found at /usr/share/selinux/refpolicy-targeted/bind.pp after installation. Administrators wishing to use the bind service policy can reconcile any policy incompatibilities and install the upgrade manually thereafter. A more detailed discussion of the corrective procedure may be found on http://wiki.debian.org/SELinux/Issues/BindPortRandomization. For the stable distribution (etch), this problem has been fixed in version 0.0.20061018-5.1+etch1. The unstable distribution (sid) is not affected, as subsequent refpolicy releases have incorporated an analogous change. We recommend that you upgrade your refpolicy packages.
Family:	unix	Class:	patch
Reference(s):	DSA-1617 CVE-2008-1447	Version:	3
Platform(s):	Debian GNU/Linux 4.0	Product(s):	refpolicy
Definition Synopsis:
Debian GNU/Linux 4.0 is installed. AND Installed architecture is all Packages section selinux-policy-refpolicy-src is earlier than 0.0.20061018-5.1+etch1 AND selinux-policy-refpolicy-doc is earlier than 0.0.20061018-5.1+etch1 AND selinux-policy-refpolicy-strict is earlier than 0.0.20061018-5.1+etch1 AND selinux-policy-refpolicy-targeted is earlier than 0.0.20061018-5.1+etch1 AND selinux-policy-refpolicy-dev is earlier than 0.0.20061018-5.1+etch1

Definition Id: oval:org.mitre.oval:def:7781

Oval ID:	oval:org.mitre.oval:def:7781
Title:	DSA-1549 clamav -- buffer overflows
Description:	Several remote vulnerabilities have been discovered in the Clam anti-virus toolkit. The Common Vulnerabilities and Exposures project identifies the following problems: Damian Put discovered that a buffer overflow in the handler for PeSpin binaries may lead to the execution of arbitrary code. Alin Rad Pop discovered that a buffer overflow in the handler for Upack PE binaries may lead to the execution of arbitrary code. Damian Put and Thomas Pollet discovered that a buffer overflow in the handler for WWPack-compressed PE binaries may lead to the execution of arbitrary code.
Family:	unix	Class:	patch
Reference(s):	DSA-1549 CVE-2008-0314 CVE-2008-1100 CVE-2008-1833	Version:	3
Platform(s):	Debian GNU/Linux 4.0	Product(s):	clamav
Definition Synopsis:
Debian GNU/Linux 4.0 is installed. Architecture section Architecture independent section Installed architecture is all AND Packages section clamav-docs is earlier than 0.90.1dfsg-3etch11 AND clamav-testfiles is earlier than 0.90.1dfsg-3etch11 AND clamav-base is earlier than 0.90.1dfsg-3etch11 OR Architecture dependent section Supported architectures section Installed architecture is s390 AND Installed architecture is amd64 AND Installed architecture is arm AND Installed architecture is i386 AND Installed architecture is mips AND Installed architecture is ia64 AND Installed architecture is alpha AND Installed architecture is powerpc AND Installed architecture is mipsel AND Installed architecture is hppa AND Packages section libclamav-dev is earlier than 0.90.1dfsg-3etch11 AND clamav is earlier than 0.90.1dfsg-3etch11 AND clamav-dbg is earlier than 0.90.1dfsg-3etch11 AND libclamav2 is earlier than 0.90.1dfsg-3etch11 AND clamav-daemon is earlier than 0.90.1dfsg-3etch11 AND clamav-milter is earlier than 0.90.1dfsg-3etch11 AND clamav-freshclam is earlier than 0.90.1dfsg-3etch11

Definition Id: oval:org.mitre.oval:def:7871

Oval ID:	oval:org.mitre.oval:def:7871
Title:	DSA-1612 ruby1.8 -- several vulnerabilities
Description:	Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may lead to denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: Drew Yao discovered that multiple integer overflows in the string processing code may lead to denial of service and potentially the execution of arbitrary code. Drew Yao discovered that multiple integer overflows in the string processing code may lead to denial of service and potentially the execution of arbitrary code. Drew Yao discovered that a programming error in the string processing code may lead to denial of service and potentially the execution of arbitrary code. Drew Yao discovered that an integer overflow in the array handling code may lead to denial of service and potentially the execution of arbitrary code. Drew Yao discovered that an integer overflow in the array handling code may lead to denial of service and potentially the execution of arbitrary code. It was discovered that an integer overflow in the array handling code may lead to denial of service and potentially the execution of arbitrary
Family:	unix	Class:	patch
Reference(s):	DSA-1612 CVE-2008-2662 CVE-2008-2663 CVE-2008-2664 CVE-2008-2725 CVE-2008-2726 CVE-2008-2376	Version:	3
Platform(s):	Debian GNU/Linux 4.0	Product(s):	ruby1.8
Definition Synopsis:
Debian GNU/Linux 4.0 is installed. Architecture section Architecture independent section Installed architecture is all AND Packages section rdoc1.8 is earlier than 1.8.5-4etch2 AND ri1.8 is earlier than 1.8.5-4etch2 AND ruby1.8-elisp is earlier than 1.8.5-4etch2 AND ruby1.8-examples is earlier than 1.8.5-4etch2 AND irb1.8 is earlier than 1.8.5-4etch2 OR Architecture dependent section Supported architectures section Installed architecture is s390 AND Installed architecture is amd64 AND Installed architecture is sparc AND Installed architecture is arm AND Installed architecture is i386 AND Installed architecture is ia64 AND Installed architecture is mipsel AND Installed architecture is hppa AND Packages section ruby1.8 is earlier than 1.8.5-4etch2 AND libdbm-ruby1.8 is earlier than 1.8.5-4etch2 AND libopenssl-ruby1.8 is earlier than 1.8.5-4etch2 AND ruby1.8-dev is earlier than 1.8.5-4etch2 AND libreadline-ruby1.8 is earlier than 1.8.5-4etch2 AND libgdbm-ruby1.8 is earlier than 1.8.5-4etch2 AND libtcltk-ruby1.8 is earlier than 1.8.5-4etch2 AND libruby1.8-dbg is earlier than 1.8.5-4etch2 AND libruby1.8 is earlier than 1.8.5-4etch2

Definition Id: oval:org.mitre.oval:def:7922

Oval ID:	oval:org.mitre.oval:def:7922
Title:	DSA-1618 ruby1.9 -- several vulnerabilities
Description:	Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may lead to denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: Drew Yao discovered that multiple integer overflows in the string processing code may lead to denial of service and potentially the execution of arbitrary code. Drew Yao discovered that multiple integer overflows in the string processing code may lead to denial of service and potentially the execution of arbitrary code. Drew Yao discovered that a programming error in the string processing code may lead to denial of service and potentially the execution of arbitrary code. Drew Yao discovered that an integer overflow in the array handling code may lead to denial of service and potentially the execution of arbitrary code. Drew Yao discovered that an integer overflow in the array handling code may lead to denial of service and potentially the execution of arbitrary code. It was discovered that an integer overflow in the array handling code may lead to denial of service and potentially the execution of arbitrary code.
Family:	unix	Class:	patch
Reference(s):	DSA-1618 CVE-2008-2662 CVE-2008-2663 CVE-2008-2664 CVE-2008-2725 CVE-2008-2726 CVE-2008-2376	Version:	3
Platform(s):	Debian GNU/Linux 4.0	Product(s):	ruby1.9
Definition Synopsis:
Debian GNU/Linux 4.0 is installed. Architecture section Architecture independent section Installed architecture is all AND Packages section rdoc1.9 is earlier than 1.9.0+20060609-1etch2 AND ruby1.9-examples is earlier than 1.9.0+20060609-1etch2 AND ruby1.9-elisp is earlier than 1.9.0+20060609-1etch2 AND ri1.9 is earlier than 1.9.0+20060609-1etch2 AND irb1.9 is earlier than 1.9.0+20060609-1etch2 AND libreadline-ruby1.9 is earlier than 1.9.0+20060609-1etch2 AND libdbm-ruby1.9 is earlier than 1.9.0+20060609-1etch2 AND libopenssl-ruby1.9 is earlier than 1.9.0+20060609-1etch2 AND ruby1.9-dev is earlier than 1.9.0+20060609-1etch2 AND ruby1.9 is earlier than 1.9.0+20060609-1etch2 AND libruby1.9-dbg is earlier than 1.9.0+20060609-1etch2 AND libtcltk-ruby1.9 is earlier than 1.9.0+20060609-1etch2 AND libgdbm-ruby1.9 is earlier than 1.9.0+20060609-1etch2 AND libruby1.9 is earlier than 1.9.0+20060609-1etch2

Definition Id: oval:org.mitre.oval:def:8026

Oval ID:	oval:org.mitre.oval:def:8026
Title:	DSA-1616 clamav -- denial of service
Description:	Damian Put discovered a vulnerability in the ClamAV anti-virus toolkit's parsing of Petite-packed Win32 executables. The weakness leads to an invalid memory access, and could enable an attacker to crash clamav by supplying a maliciously crafted Petite-compressed binary for scanning. In some configurations, such as when clamav is used in combination with mail servers, this could cause a system to fail open, facilitating a follow-on viral attack. A previous version of this advisory referenced packages that were built incorrectly and omitted the intended correction. This issue was fixed in packages referenced by the -2 revision of the advisory. The Common Vulnerabilities and Exposures project identifies this weakness as CVE-2008-2713 and CVE-2008-3215.
Family:	unix	Class:	patch
Reference(s):	DSA-1616 CVE-2008-2713 CVE-2008-3215	Version:	3
Platform(s):	Debian GNU/Linux 4.0	Product(s):	clamav
Definition Synopsis:
Debian GNU/Linux 4.0 is installed. Architecture section Architecture independent section Installed architecture is all AND Packages section clamav-docs is earlier than 0.90.1dfsg-3.1+etch14 AND clamav-testfiles is earlier than 0.90.1dfsg-3.1+etch14 AND clamav-base is earlier than 0.90.1dfsg-3.1+etch14 AND libclamav-dev is earlier than 0.90.1dfsg-3.1+etch14 AND clamav is earlier than 0.90.1dfsg-3.1+etch14 AND clamav-dbg is earlier than 0.90.1dfsg-3.1+etch14 AND libclamav2 is earlier than 0.90.1dfsg-3.1+etch14 AND clamav-daemon is earlier than 0.90.1dfsg-3.1+etch14 AND clamav-milter is earlier than 0.90.1dfsg-3.1+etch14 AND clamav-freshclam is earlier than 0.90.1dfsg-3.1+etch14

Definition Id: oval:org.mitre.oval:def:8092

Oval ID:	oval:org.mitre.oval:def:8092
Title:	DSA-1603 bind9 -- DNS cache poisoning
Description:	Dan Kaminsky discovered that properties inherent to the DNS protocol lead to practical DNS cache poisoning attacks. Among other things, successful attacks can lead to misdirected web traffic and email rerouting. This update changes Debian's BIND 9 packages to implement the recommended countermeasure: UDP query source port randomization. This change increases the size of the space from which an attacker has to guess values in a backwards-compatible fashion and makes successful attacks significantly more difficult. Note that this security update changes BIND network behavior in a fundamental way, and the following steps are recommended to ensure a smooth upgrade. 1. Make sure that your network configuration is compatible with source port randomization. If you guard your resolver with a stateless packet filter, you may need to make sure that no non-DNS services listen on the 1024--65535 UDP port range and open it at the packet filter. For instance, packet filters based on etch's Linux 2.6.18 kernel only support stateless filtering of IPv6 packets, and therefore pose this additional difficulty. (If you use IPv4 with iptables and ESTABLISHED rules, networking changes are likely not required.) 2. Install the BIND 9 upgrade, using "apt-get update" followed by "apt-get install bind9". Verify that the named process has been restarted and answers recursive queries. (If all queries result in timeouts, this indicates that networking changes are necessary; see the first step.) 3. Verify that source port randomization is active. Check that the /var/log/daemon.log file does not contain messages of the following form right after the "listening on IPv6 interface" and "listening on IPv4 interface" messages logged by BIND upon startup. If these messages are present, you should remove the indicated lines from the configuration, or replace the port numbers contained within them with "" sign (e.g., replace "port 53" with "port "). For additional certainty, use tcpdump or some other network monitoring tool to check for varying UDP source ports. If there is a NAT device in front of your resolver, make sure that it does not defeat the effect of source port randomization. 4. If you cannot activate source port randomization, consider configuring BIND 9 to forward queries to a resolver which can, possibly over a VPN such as OpenVPN to create the necessary trusted network link. (Use BIND's forward-only mode in this case.) Other caching resolvers distributed by Debian (PowerDNS, MaraDNS, Unbound) already employ source port randomization, and no updated packages are needed. BIND 9.5 up to and including version 1:9.5.0.dfsg-4 only implements a weak form of source port randomization and needs to be updated as well. For information on BIND 8, see DSA-1604-1, and for the status of the libc stub resolver, see DSA-1605-1. The updated bind9 packages contain changes originally scheduled for the next stable point release, including the changed IP address of L.ROOT-SERVERS.NET (Debian bug #449148).
Family:	unix	Class:	patch
Reference(s):	DSA-1603 CVE-2008-1447	Version:	5
Platform(s):	Debian GNU/Linux 4.0	Product(s):	bind9
Definition Synopsis:
Debian GNU/Linux 4.0 is installed. Architecture section Architecture independent section Installed architecture is all AND bind9-doc is earlier than 1:9.3.4-2etch3 AND dnsutils is earlier than 1:9.3.4-2etch3 AND libbind-dev is earlier than 1:9.3.4-2etch3 AND libdns22 is earlier than 1:9.3.4-2etch3 AND libisccfg1 is earlier than 1:9.3.4-2etch3 AND libisccc0 is earlier than 1:9.3.4-2etch3 AND libisc11 is earlier than 1:9.3.4-2etch3 AND libbind9-0 is earlier than 1:9.3.4-2etch3 AND bind9-host is earlier than 1:9.3.4-2etch3 AND bind9 is earlier than 1:9.3.4-2etch3 AND liblwres9 is earlier than 1:9.3.4-2etch3 AND lwresd is earlier than 1:9.3.4-2etch3

Definition Id: oval:org.mitre.oval:def:9627

Oval ID:	oval:org.mitre.oval:def:9627
Title:	The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability" or "the Kaminsky bug."
Description:	The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability" or "the Kaminsky bug."
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2008-1447	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section bind-utils is earlier than 20:9.2.4-22.el3 AND bind-devel is earlier than 20:9.2.4-22.el3 AND bind-chroot is earlier than 20:9.2.4-22.el3 AND bind is earlier than 20:9.2.4-22.el3 AND bind-libs is earlier than 20:9.2.4-22.el3 OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section bind-utils is earlier than 20:9.2.4-28.0.1.el4 AND bind-devel is earlier than 20:9.2.4-28.0.1.el4 AND bind-chroot is earlier than 20:9.2.4-28.0.1.el4 AND selinux-policy-targeted is earlier than 0:1.17.30-2.150.el4 AND selinux-policy-targeted-sources is earlier than 0:1.17.30-2.150.el4 AND bind is earlier than 20:9.2.4-28.0.1.el4 AND bind-libs is earlier than 20:9.2.4-28.0.1.el4 OR OS Section: RHEL5, CentOS5, Oracle Linux 5 RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section bind-libbind-devel is earlier than 30:9.3.4-6.0.2.P1.el5_2 AND bind-devel is earlier than 30:9.3.4-6.0.2.P1.el5_2 AND bind-chroot is earlier than 30:9.3.4-6.0.2.P1.el5_2 AND selinux-policy-targeted is earlier than 0:2.4.6-137.1.el5_2 AND dnsmasq is earlier than 0:2.45-1.el5_2.1 AND bind-sdb is earlier than 30:9.3.4-6.0.2.P1.el5_2 AND bind is earlier than 30:9.3.4-6.0.2.P1.el5_2 AND bind-utils is earlier than 30:9.3.4-6.0.2.P1.el5_2 AND selinux-policy-devel is earlier than 0:2.4.6-137.1.el5_2 AND caching-nameserver is earlier than 30:9.3.4-6.0.2.P1.el5_2 AND selinux-policy is earlier than 0:2.4.6-137.1.el5_2 AND bind-libs is earlier than 30:9.3.4-6.0.2.P1.el5_2 AND selinux-policy-strict is earlier than 0:2.4.6-137.1.el5_2 AND selinux-policy-mls is earlier than 0:2.4.6-137.1.el5_2

Definition Id: oval:org.mitre.oval:def:9863

Oval ID:	oval:org.mitre.oval:def:9863
Title:	Integer overflow in the rb_ary_fill function in array.c in Ruby before revision 17756 allows context-dependent attackers to cause a denial of service (crash) or possibly have unspecified other impact via a call to the Array#fill method with a start (aka beg) argument greater than ARY_MAX_SIZE. NOTE: this issue exists because of an incomplete fix for other closely related integer overflows.
Description:	Integer overflow in the rb_ary_fill function in array.c in Ruby before revision 17756 allows context-dependent attackers to cause a denial of service (crash) or possibly have unspecified other impact via a call to the Array#fill method with a start (aka beg) argument greater than ARY_MAX_SIZE. NOTE: this issue exists because of an incomplete fix for other closely related integer overflows.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2008-2376	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section ruby-mode is earlier than 0:1.6.8-12.el3 AND ruby-docs is earlier than 0:1.6.8-12.el3 AND ruby-devel is earlier than 0:1.6.8-12.el3 AND ruby-tcltk is earlier than 0:1.6.8-12.el3 AND ruby is earlier than 0:1.6.8-12.el3 AND irb is earlier than 0:1.6.8-12.el3 AND ruby-libs is earlier than 0:1.6.8-12.el3 OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section ruby-mode is earlier than 0:1.8.1-7.el4_6.1 AND ruby-docs is earlier than 0:1.8.1-7.el4_6.1 AND ruby-devel is earlier than 0:1.8.1-7.el4_6.1 AND ruby-tcltk is earlier than 0:1.8.1-7.el4_6.1 AND ruby is earlier than 0:1.8.1-7.el4_6.1 AND irb is earlier than 0:1.8.1-7.el4_6.1 AND ruby-libs is earlier than 0:1.8.1-7.el4_6.1 OR OS Section: RHEL5, CentOS5, Oracle Linux 5 RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section ruby-ri is earlier than 0:1.8.5-5.el5_2.3 AND ruby-mode is earlier than 0:1.8.5-5.el5_2.3 AND ruby-docs is earlier than 0:1.8.5-5.el5_2.3 AND ruby-devel is earlier than 0:1.8.5-5.el5_2.3 AND ruby is earlier than 0:1.8.5-5.el5_2.3 AND ruby-libs is earlier than 0:1.8.5-5.el5_2.3 AND ruby-tcltk is earlier than 0:1.8.5-5.el5_2.3 AND ruby-irb is earlier than 0:1.8.5-5.el5_2.3 AND ruby-rdoc is earlier than 0:1.8.5-5.el5_2.3

CPE : Common Platform Enumeration

Type	Description	Count
Application	Apple Quicktime cpe:2.3:a:apple:quicktime:7.5:::::::* cpe:2.3:a:apple:quicktime:7.4.5:::::::* cpe:2.3:a:apple:quicktime:7.4.5:-:windows:::::* cpe:2.3:a:apple:quicktime:7.4.5:-:mac:::::* cpe:2.3:a:apple:quicktime:7.4.5::~~~windows~~::::: cpe:2.3:a:apple:quicktime:7.4.5:::::windows:: cpe:2.3:a:apple:quicktime:7.4.4:::::::* cpe:2.3:a:apple:quicktime:7.4.1:::::::* cpe:2.3:a:apple:quicktime:7.4.1:-:windows:::::* cpe:2.3:a:apple:quicktime:7.4.1:-:mac:::::* cpe:2.3:a:apple:quicktime:7.4.1::~~~windows~~::::: cpe:2.3:a:apple:quicktime:7.4.1:::::windows:: cpe:2.3:a:apple:quicktime:7.4.0:::::::* cpe:2.3:a:apple:quicktime:7.4.0:-:windows:::::* cpe:2.3:a:apple:quicktime:7.4.0:-:mac:::::* cpe:2.3:a:apple:quicktime:7.4.0::~~~windows~~::::: cpe:2.3:a:apple:quicktime:7.4.0:::::windows:: cpe:2.3:a:apple:quicktime:7.4:::::::* cpe:2.3:a:apple:quicktime:7.3.1.70:::::::* cpe:2.3:a:apple:quicktime:7.3.1:::::::* cpe:2.3:a:apple:quicktime:7.3.1:-:windows:::::* cpe:2.3:a:apple:quicktime:7.3.1:-:mac:::::* cpe:2.3:a:apple:quicktime:7.3.1::~~~windows~~::::: cpe:2.3:a:apple:quicktime:7.3.1:::::windows:: cpe:2.3:a:apple:quicktime:7.3.0:::::::* cpe:2.3:a:apple:quicktime:7.3.0:-:windows:::::* cpe:2.3:a:apple:quicktime:7.3.0:-:mac:::::* cpe:2.3:a:apple:quicktime:7.3.0::~~~windows~~::::: cpe:2.3:a:apple:quicktime:7.3.0:::::windows:: cpe:2.3:a:apple:quicktime:7.3:::::::* cpe:2.3:a:apple:quicktime:7.2.1:::::::* cpe:2.3:a:apple:quicktime:7.2.1:-:windows:::::* cpe:2.3:a:apple:quicktime:7.2.1:-:mac:::::* cpe:2.3:a:apple:quicktime:7.2.1::~~~windows~~::::: cpe:2.3:a:apple:quicktime:7.2.1:::::windows:: cpe:2.3:a:apple:quicktime:7.2.0:::::::* cpe:2.3:a:apple:quicktime:7.2.0:-:windows:::::* cpe:2.3:a:apple:quicktime:7.2.0:-:mac:::::* cpe:2.3:a:apple:quicktime:7.2.0::~~~windows~~::::: cpe:2.3:a:apple:quicktime:7.2.0:::::windows:: cpe:2.3:a:apple:quicktime:7.2:::::::* cpe:2.3:a:apple:quicktime:7.2::windows_sp_2::::: cpe:2.3:a:apple:quicktime:7.2::vista::::: cpe:2.3:a:apple:quicktime:7.2::windows_xp_sp2::::: cpe:2.3:a:apple:quicktime:7.2::windows_vista::::: cpe:2.3:a:apple:quicktime:7.2::windows_xp::::: cpe:2.3:a:apple:quicktime:7.2::_mac_os_x_v10.3.9::::: cpe:2.3:a:apple:quicktime:7.2::_mac_os_x_v10.4.9::::: cpe:2.3:a:apple:quicktime:7.2::mac_os_x_v10.3.9::::: cpe:2.3:a:apple:quicktime:7.2::_mac_os_x_v10.5::::: cpe:2.3:a:apple:quicktime:7.1.6:::::::* cpe:2.3:a:apple:quicktime:7.1.6:-:windows:::::* cpe:2.3:a:apple:quicktime:7.1.6::java::::: cpe:2.3:a:apple:quicktime:7.1.6:-:mac:::::* cpe:2.3:a:apple:quicktime:7.1.6::~~~java~~::::: cpe:2.3:a:apple:quicktime:7.1.6::~~~windows~~::::: cpe:2.3:a:apple:quicktime:7.1.6:::::java:: cpe:2.3:a:apple:quicktime:7.1.6:::::windows:: cpe:2.3:a:apple:quicktime:7.1.5:::::::* cpe:2.3:a:apple:quicktime:7.1.5:-:windows:::::* cpe:2.3:a:apple:quicktime:7.1.5:-:mac:::::* cpe:2.3:a:apple:quicktime:7.1.5::~~~windows~~::::: cpe:2.3:a:apple:quicktime:7.1.5:::::windows:: cpe:2.3:a:apple:quicktime:7.1.4:::::::* cpe:2.3:a:apple:quicktime:7.1.4:-:windows:::::* cpe:2.3:a:apple:quicktime:7.1.4:-:mac:::::* cpe:2.3:a:apple:quicktime:7.1.4::~~~windows~~::::: cpe:2.3:a:apple:quicktime:7.1.4:::::windows:: cpe:2.3:a:apple:quicktime:7.1.3:::::::* cpe:2.3:a:apple:quicktime:7.1.3:-:windows:::::* cpe:2.3:a:apple:quicktime:7.1.3:-:mac:::::* cpe:2.3:a:apple:quicktime:7.1.3::~~~windows~~::::: cpe:2.3:a:apple:quicktime:7.1.3:::::windows:: cpe:2.3:a:apple:quicktime:7.1.2:::::::* cpe:2.3:a:apple:quicktime:7.1.2:-:windows:::::* cpe:2.3:a:apple:quicktime:7.1.2:-:mac:::::* cpe:2.3:a:apple:quicktime:7.1.2::~~~windows~~::::: cpe:2.3:a:apple:quicktime:7.1.2:::::windows:: cpe:2.3:a:apple:quicktime:7.1.1:::::::* cpe:2.3:a:apple:quicktime:7.1.1:-:windows:::::* cpe:2.3:a:apple:quicktime:7.1.1:-:mac:::::* cpe:2.3:a:apple:quicktime:7.1.1::~~~windows~~::::: cpe:2.3:a:apple:quicktime:7.1.1:::::windows:: cpe:2.3:a:apple:quicktime:7.1.0:::::::* cpe:2.3:a:apple:quicktime:7.1.0:-:windows:::::* cpe:2.3:a:apple:quicktime:7.1.0:-:mac:::::* cpe:2.3:a:apple:quicktime:7.1.0::~~~windows~~::::: cpe:2.3:a:apple:quicktime:7.1.0:::::windows:: cpe:2.3:a:apple:quicktime:7.1:::::::* cpe:2.3:a:apple:quicktime:7.0.4:::::::* cpe:2.3:a:apple:quicktime:7.0.4:-:windows:::::* cpe:2.3:a:apple:quicktime:7.0.4:-:mac:::::* cpe:2.3:a:apple:quicktime:7.0.4::~~~windows~~::::: cpe:2.3:a:apple:quicktime:7.0.4:::::windows:: cpe:2.3:a:apple:quicktime:7.0.3:::::::* cpe:2.3:a:apple:quicktime:7.0.3:-:windows:::::* cpe:2.3:a:apple:quicktime:7.0.3:-:mac:::::* cpe:2.3:a:apple:quicktime:7.0.3::~~~windows~~::::: cpe:2.3:a:apple:quicktime:7.0.3:::::windows:: cpe:2.3:a:apple:quicktime:7.0.2:::::::* cpe:2.3:a:apple:quicktime:7.0.2:-:windows:::::* cpe:2.3:a:apple:quicktime:7.0.2::windows::::: cpe:2.3:a:apple:quicktime:7.0.2:-:mac:::::* cpe:2.3:a:apple:quicktime:7.0.2::~~~windows~~::::: cpe:2.3:a:apple:quicktime:7.0.2:::::windows:: cpe:2.3:a:apple:quicktime:7.0.1:::::::* cpe:2.3:a:apple:quicktime:7.0.1:-:windows:::::* cpe:2.3:a:apple:quicktime:7.0.1::windows::::: cpe:2.3:a:apple:quicktime:7.0.1:-:mac:::::* cpe:2.3:a:apple:quicktime:7.0.1::mac_os_x_10.3::::: cpe:2.3:a:apple:quicktime:7.0.1::mac_os_x_10.4::::: cpe:2.3:a:apple:quicktime:7.0.1::~~~windows~~::::: cpe:2.3:a:apple:quicktime:7.0.1:::::windows:: cpe:2.3:a:apple:quicktime:7.0.0:::::::* cpe:2.3:a:apple:quicktime:7.0.0:-:windows:::::* cpe:2.3:a:apple:quicktime:7.0.0:-:mac:::::* cpe:2.3:a:apple:quicktime:7.0.0::~~~windows~~::::: cpe:2.3:a:apple:quicktime:7.0.0:::::windows:: cpe:2.3:a:apple:quicktime:7.0:::::::* cpe:2.3:a:apple:quicktime:7.0::windows::::: cpe:2.3:a:apple:quicktime:7.0:-:windows:::::* cpe:2.3:a:apple:quicktime:7.0::~~~windows~~::::: cpe:2.3:a:apple:quicktime:7.0:::::windows:: cpe:2.3:a:apple:quicktime:6.5.2:::::::* cpe:2.3:a:apple:quicktime:6.5.2:-:windows:::::* cpe:2.3:a:apple:quicktime:6.5.2:-:mac:::::* cpe:2.3:a:apple:quicktime:6.5.2::mac_os_x_10.3::::: cpe:2.3:a:apple:quicktime:6.5.2::mac_os_x_10.2::::: cpe:2.3:a:apple:quicktime:6.5.2::~~~windows~~::::: cpe:2.3:a:apple:quicktime:6.5.2:::::windows:: cpe:2.3:a:apple:quicktime:6.5.1:::::::* cpe:2.3:a:apple:quicktime:6.5.1:-:windows:::::* cpe:2.3:a:apple:quicktime:6.5.1:-:mac:::::* cpe:2.3:a:apple:quicktime:6.5.1::~~~windows~~::::: cpe:2.3:a:apple:quicktime:6.5.1:::::windows:: cpe:2.3:a:apple:quicktime:6.5.0:::::::* cpe:2.3:a:apple:quicktime:6.5.0:-:windows:::::* cpe:2.3:a:apple:quicktime:6.5.0:-:mac:::::* cpe:2.3:a:apple:quicktime:6.5.0::~~~windows~~::::: cpe:2.3:a:apple:quicktime:6.5.0:::::windows:: cpe:2.3:a:apple:quicktime:6.5:::::::* cpe:2.3:a:apple:quicktime:6.4.0:::::::* cpe:2.3:a:apple:quicktime:6.4.0:-:windows:::::* cpe:2.3:a:apple:quicktime:6.4.0:-:mac:::::* cpe:2.3:a:apple:quicktime:6.4.0::~~~windows~~::::: cpe:2.3:a:apple:quicktime:6.4.0:::::windows:: cpe:2.3:a:apple:quicktime:6.3.0:::::::* cpe:2.3:a:apple:quicktime:6.3.0:-:windows:::::* cpe:2.3:a:apple:quicktime:6.3.0:-:mac:::::* cpe:2.3:a:apple:quicktime:6.3.0::~~~windows~~::::: cpe:2.3:a:apple:quicktime:6.3.0:::::windows:: cpe:2.3:a:apple:quicktime:6.2.0:::::::* cpe:2.3:a:apple:quicktime:6.2.0:-:windows:::::* cpe:2.3:a:apple:quicktime:6.2.0:-:mac:::::* cpe:2.3:a:apple:quicktime:6.2.0::~~~windows~~::::: cpe:2.3:a:apple:quicktime:6.2.0:::::windows:: cpe:2.3:a:apple:quicktime:6.1.1:::::::* cpe:2.3:a:apple:quicktime:6.1.1:-:windows:::::* cpe:2.3:a:apple:quicktime:6.1.1:-:mac:::::* cpe:2.3:a:apple:quicktime:6.1.1::~~~windows~~::::: cpe:2.3:a:apple:quicktime:6.1.1:::::windows:: cpe:2.3:a:apple:quicktime:6.1.0:::::::* cpe:2.3:a:apple:quicktime:6.1.0:-:windows:::::* cpe:2.3:a:apple:quicktime:6.1.0:-:mac:::::* cpe:2.3:a:apple:quicktime:6.1.0::~~~windows~~::::: cpe:2.3:a:apple:quicktime:6.1.0:::::windows:: cpe:2.3:a:apple:quicktime:6.1:::::::* cpe:2.3:a:apple:quicktime:6.0.2:::::::* cpe:2.3:a:apple:quicktime:6.0.2:-:windows:::::* cpe:2.3:a:apple:quicktime:6.0.2:-:mac:::::* cpe:2.3:a:apple:quicktime:6.0.2::~~~windows~~::::: cpe:2.3:a:apple:quicktime:6.0.2:::::windows:: cpe:2.3:a:apple:quicktime:6.0.1:::::::* cpe:2.3:a:apple:quicktime:6.0.1:-:windows:::::* cpe:2.3:a:apple:quicktime:6.0.1:-:mac:::::* cpe:2.3:a:apple:quicktime:6.0.1::~~~windows~~::::: cpe:2.3:a:apple:quicktime:6.0.1:::::windows:: cpe:2.3:a:apple:quicktime:6.0.0:::::::* cpe:2.3:a:apple:quicktime:6.0.0:-:windows:::::* cpe:2.3:a:apple:quicktime:6.0.0:-:mac:::::* cpe:2.3:a:apple:quicktime:6.0.0::~~~windows~~::::: cpe:2.3:a:apple:quicktime:6.0.0:::::windows:: cpe:2.3:a:apple:quicktime:6.0:::::::* cpe:2.3:a:apple:quicktime:6.0:-:windows:::::* cpe:2.3:a:apple:quicktime:6.0::~~~windows~~::::: cpe:2.3:a:apple:quicktime:6.0:::::windows:: cpe:2.3:a:apple:quicktime:5.0.2:::::::* cpe:2.3:a:apple:quicktime:5.0.2:-:windows:::::* cpe:2.3:a:apple:quicktime:5.0.2:-:mac:::::* cpe:2.3:a:apple:quicktime:5.0.2::~~~windows~~::::: cpe:2.3:a:apple:quicktime:5.0.2:::::windows:: cpe:2.3:a:apple:quicktime:5.0.1:::::::* cpe:2.3:a:apple:quicktime:5.0.1:-:windows:::::* cpe:2.3:a:apple:quicktime:5.0.1:-:mac:::::* cpe:2.3:a:apple:quicktime:5.0.1::~~~windows~~::::: cpe:2.3:a:apple:quicktime:5.0.1:::::windows:: cpe:2.3:a:apple:quicktime:5.0:::::::* cpe:2.3:a:apple:quicktime:4.1.2:::::::* cpe:2.3:a:apple:quicktime:4.1.2:-:windows:::::* cpe:2.3:a:apple:quicktime:4.1.2:::japanese:::: cpe:2.3:a:apple:quicktime:4.1.2:-:mac:::::* cpe:2.3:a:apple:quicktime:4.1.2::~~~windows~~:ja::::* cpe:2.3:a:apple:quicktime:4.1.2::~~~windows~~::::: cpe:2.3:a:apple:quicktime:4.1.2:::ja:::: cpe:2.3:a:apple:quicktime:4.1.2:::ja::windows::* cpe:2.3:a:apple:quicktime:4.1.2:::::windows:: cpe:2.3:a:apple:quicktime:3.0:::::::* cpe:2.3:a:apple:quicktime:::::::: cpe:2.3:a:apple:quicktime:-:::::::*	209
Application	Clam Anti-Virus Clamav cpe:2.3:a:clam_anti-virus:clamav:0.93:::::::* cpe:2.3:a:clam_anti-virus:clamav:0.92.1:::::::* cpe:2.3:a:clam_anti-virus:clamav:0.92:::::::* cpe:2.3:a:clam_anti-virus:clamav:0.92:p0:::::: cpe:2.3:a:clam_anti-virus:clamav:0.91rc2:::::::* cpe:2.3:a:clam_anti-virus:clamav:0.91rc1:::::::* cpe:2.3:a:clam_anti-virus:clamav:0.91.2:p0:::::: cpe:2.3:a:clam_anti-virus:clamav:0.91.2:::::::* cpe:2.3:a:clam_anti-virus:clamav:0.91.1:::::::* cpe:2.3:a:clam_anti-virus:clamav:0.91:::::::* cpe:2.3:a:clam_anti-virus:clamav:0.90rc1:::::::* cpe:2.3:a:clam_anti-virus:clamav:0.90.3:::::::* cpe:2.3:a:clam_anti-virus:clamav:0.90.3:p0:::::: cpe:2.3:a:clam_anti-virus:clamav:0.90.3:p1:::::: cpe:2.3:a:clam_anti-virus:clamav:0.90.2:::::::* cpe:2.3:a:clam_anti-virus:clamav:0.90.2:p0:::::: cpe:2.3:a:clam_anti-virus:clamav:0.90.1:::::::* cpe:2.3:a:clam_anti-virus:clamav:0.90.1:p0:::::: cpe:2.3:a:clam_anti-virus:clamav:0.90_rc3:::::::* cpe:2.3:a:clam_anti-virus:clamav:0.90_rc2:::::::* cpe:2.3:a:clam_anti-virus:clamav:0.90_rc1.1:::::::* cpe:2.3:a:clam_anti-virus:clamav:0.90:::::::* cpe:2.3:a:clam_anti-virus:clamav:0.88.7:::::::* cpe:2.3:a:clam_anti-virus:clamav:0.88.7:p1:::::: cpe:2.3:a:clam_anti-virus:clamav:0.88.7:p0:::::: cpe:2.3:a:clam_anti-virus:clamav:0.88.6:::::::* cpe:2.3:a:clam_anti-virus:clamav:0.88.5:::::::* cpe:2.3:a:clam_anti-virus:clamav:0.88.4:::::::* cpe:2.3:a:clam_anti-virus:clamav:0.88.3:::::::* cpe:2.3:a:clam_anti-virus:clamav:0.88.2:::::::* cpe:2.3:a:clam_anti-virus:clamav:0.88.1:::::::* cpe:2.3:a:clam_anti-virus:clamav:0.88:::::::* cpe:2.3:a:clam_anti-virus:clamav:0.87.1:::::::* cpe:2.3:a:clam_anti-virus:clamav:0.87:::::::* cpe:2.3:a:clam_anti-virus:clamav:0.86.2:::::::* cpe:2.3:a:clam_anti-virus:clamav:0.86.1:::::::* cpe:2.3:a:clam_anti-virus:clamav:0.86_rc1:::::::* cpe:2.3:a:clam_anti-virus:clamav:0.86:::::::* cpe:2.3:a:clam_anti-virus:clamav:0.86:rc1:::::: cpe:2.3:a:clam_anti-virus:clamav:0.85.1:::::::* cpe:2.3:a:clam_anti-virus:clamav:0.85:::::::* cpe:2.3:a:clam_anti-virus:clamav:0.84_rc2:::::::* cpe:2.3:a:clam_anti-virus:clamav:0.84_rc1:::::::* cpe:2.3:a:clam_anti-virus:clamav:0.84:::::::* cpe:2.3:a:clam_anti-virus:clamav:0.84:rc1:::::: cpe:2.3:a:clam_anti-virus:clamav:0.84:rc2:::::: cpe:2.3:a:clam_anti-virus:clamav:0.83:::::::* cpe:2.3:a:clam_anti-virus:clamav:0.82:::::::* cpe:2.3:a:clam_anti-virus:clamav:0.81_rc1:::::::* cpe:2.3:a:clam_anti-virus:clamav:0.81:::::::* cpe:2.3:a:clam_anti-virus:clamav:0.81:rc1:::::: cpe:2.3:a:clam_anti-virus:clamav:0.80_rc4:::::::* cpe:2.3:a:clam_anti-virus:clamav:0.80_rc3:::::::* cpe:2.3:a:clam_anti-virus:clamav:0.80_rc2:::::::* cpe:2.3:a:clam_anti-virus:clamav:0.80_rc1:::::::* cpe:2.3:a:clam_anti-virus:clamav:0.80:::::::* cpe:2.3:a:clam_anti-virus:clamav:0.80:rc:::::: cpe:2.3:a:clam_anti-virus:clamav:0.80:rc2:::::: cpe:2.3:a:clam_anti-virus:clamav:0.80:rc3:::::: cpe:2.3:a:clam_anti-virus:clamav:0.80:rc4:::::: cpe:2.3:a:clam_anti-virus:clamav:0.75.1:::::::* cpe:2.3:a:clam_anti-virus:clamav:0.75:::::::* cpe:2.3:a:clam_anti-virus:clamav:0.74:::::::* cpe:2.3:a:clam_anti-virus:clamav:0.73:::::::* cpe:2.3:a:clam_anti-virus:clamav:0.72:::::::* cpe:2.3:a:clam_anti-virus:clamav:0.71:::::::* cpe:2.3:a:clam_anti-virus:clamav:0.70:::::::* cpe:2.3:a:clam_anti-virus:clamav:0.68.1:::::::* cpe:2.3:a:clam_anti-virus:clamav:0.68:::::::* cpe:2.3:a:clam_anti-virus:clamav:0.67:::::::* cpe:2.3:a:clam_anti-virus:clamav:0.65:::::::* cpe:2.3:a:clam_anti-virus:clamav:0.60p:::::::* cpe:2.3:a:clam_anti-virus:clamav:0.60:::::::* cpe:2.3:a:clam_anti-virus:clamav:0.54:::::::* cpe:2.3:a:clam_anti-virus:clamav:0.53:::::::* cpe:2.3:a:clam_anti-virus:clamav:0.52:::::::* cpe:2.3:a:clam_anti-virus:clamav:0.51:::::::* cpe:2.3:a:clam_anti-virus:clamav:0.24:::::::* cpe:2.3:a:clam_anti-virus:clamav:0.23:::::::* cpe:2.3:a:clam_anti-virus:clamav:0.22:::::::* cpe:2.3:a:clam_anti-virus:clamav:0.21:::::::* cpe:2.3:a:clam_anti-virus:clamav:0.20:::::::* cpe:2.3:a:clam_anti-virus:clamav:0.15:::::::* cpe:2.3:a:clam_anti-virus:clamav:0.14:::::::* cpe:2.3:a:clam_anti-virus:clamav:0.14:pre:::::: cpe:2.3:a:clam_anti-virus:clamav:0.13:::::::* cpe:2.3:a:clam_anti-virus:clamav:0.12:::::::* cpe:2.3:a:clam_anti-virus:clamav:0.11:::::::* cpe:2.3:a:clam_anti-virus:clamav:0.10:::::::* cpe:2.3:a:clam_anti-virus:clamav:0.06:::::::* cpe:2.3:a:clam_anti-virus:clamav:0.05:::::::* cpe:2.3:a:clam_anti-virus:clamav:0.04:::::::* cpe:2.3:a:clam_anti-virus:clamav:0.03:::::::* cpe:2.3:a:clam_anti-virus:clamav:0.02:::::::* cpe:2.3:a:clam_anti-virus:clamav:0.01:::::::* cpe:2.3:a:clam_anti-virus:clamav:.:::::::*	96
Application	Isc Bind cpe:2.3:a:isc:bind:9.2.9::::-::: cpe:2.3:a:isc:bind:8::::-::: cpe:2.3:a:isc:bind:4::::-:::	3
Application	Libpng cpe:2.3:a:libpng:libpng:1.4:beta1:::::: cpe:2.3:a:libpng:libpng:1.4:beta16:::::: cpe:2.3:a:libpng:libpng:1.4:beta17:::::: cpe:2.3:a:libpng:libpng:1.4:beta6:::::: cpe:2.3:a:libpng:libpng:1.4:beta7:::::: cpe:2.3:a:libpng:libpng:1.4:beta10:::::: cpe:2.3:a:libpng:libpng:1.4:beta11:::::: cpe:2.3:a:libpng:libpng:1.4:beta18:::::: cpe:2.3:a:libpng:libpng:1.4:beta19:::::: cpe:2.3:a:libpng:libpng:1.4:beta8:::::: cpe:2.3:a:libpng:libpng:1.4:beta9:::::: cpe:2.3:a:libpng:libpng:1.4:beta12:::::: cpe:2.3:a:libpng:libpng:1.4:beta13:::::: cpe:2.3:a:libpng:libpng:1.4:beta2:::::: cpe:2.3:a:libpng:libpng:1.4:beta3:::::: cpe:2.3:a:libpng:libpng:1.4:beta14:::::: cpe:2.3:a:libpng:libpng:1.4:beta15:::::: cpe:2.3:a:libpng:libpng:1.4:beta4:::::: cpe:2.3:a:libpng:libpng:1.4:beta5:::::: cpe:2.3:a:libpng:libpng:1.2.9:beta10:::::: cpe:2.3:a:libpng:libpng:1.2.9:beta2:::::: cpe:2.3:a:libpng:libpng:1.2.9:rc1:::::: cpe:2.3:a:libpng:libpng:1.2.9:beta3:::::: cpe:2.3:a:libpng:libpng:1.2.9:beta4:::::: cpe:2.3:a:libpng:libpng:1.2.9:beta5:::::: cpe:2.3:a:libpng:libpng:1.2.9:beta6:::::: cpe:2.3:a:libpng:libpng:1.2.9:beta7:::::: cpe:2.3:a:libpng:libpng:1.2.9:beta1:::::: cpe:2.3:a:libpng:libpng:1.2.9:beta8:::::: cpe:2.3:a:libpng:libpng:1.2.9:beta9:::::: cpe:2.3:a:libpng:libpng:1.2.8:beta4:::::: cpe:2.3:a:libpng:libpng:1.2.8:beta5:::::: cpe:2.3:a:libpng:libpng:1.2.8:rc1:::::: cpe:2.3:a:libpng:libpng:1.2.8:rc2:::::: cpe:2.3:a:libpng:libpng:1.2.8:beta1:::::: cpe:2.3:a:libpng:libpng:1.2.8:rc3:::::: cpe:2.3:a:libpng:libpng:1.2.8:rc4:::::: cpe:2.3:a:libpng:libpng:1.2.8:beta2:::::: cpe:2.3:a:libpng:libpng:1.2.8:beta3:::::: cpe:2.3:a:libpng:libpng:1.2.8:rc5:::::: cpe:2.3:a:libpng:libpng:1.2.7:beta1:::::: cpe:2.3:a:libpng:libpng:1.2.7:beta2:::::: cpe:2.3:a:libpng:libpng:1.2.6:rc3:::::: cpe:2.3:a:libpng:libpng:1.2.6:rc4:::::: cpe:2.3:a:libpng:libpng:1.2.6:beta1:::::: cpe:2.3:a:libpng:libpng:1.2.6:rc5:::::: cpe:2.3:a:libpng:libpng:1.2.6:beta2:::::: cpe:2.3:a:libpng:libpng:1.2.6:beta3:::::: cpe:2.3:a:libpng:libpng:1.2.6:beta4:::::: cpe:2.3:a:libpng:libpng:1.2.6:rc1:::::: cpe:2.3:a:libpng:libpng:1.2.6:rc2:::::: cpe:2.3:a:libpng:libpng:1.2.5:rc1:::::: cpe:2.3:a:libpng:libpng:1.2.5:rc2:::::: cpe:2.3:a:libpng:libpng:1.2.5:rc3:::::: cpe:2.3:a:libpng:libpng:1.2.5:beta1:::::: cpe:2.3:a:libpng:libpng:1.2.5:beta2:::::: cpe:2.3:a:libpng:libpng:1.2.4:beta1:::::: cpe:2.3:a:libpng:libpng:1.2.4:beta2:::::: cpe:2.3:a:libpng:libpng:1.2.4:beta3:::::: cpe:2.3:a:libpng:libpng:1.2.4:rc1:::::: cpe:2.3:a:libpng:libpng:1.2.3:rc5:::::: cpe:2.3:a:libpng:libpng:1.2.3:rc6:::::: cpe:2.3:a:libpng:libpng:1.2.3:rc1:::::: cpe:2.3:a:libpng:libpng:1.2.3:rc2:::::: cpe:2.3:a:libpng:libpng:1.2.3:rc3:::::: cpe:2.3:a:libpng:libpng:1.2.3:rc4:::::: cpe:2.3:a:libpng:libpng:1.2.26:beta04:::::: cpe:2.3:a:libpng:libpng:1.2.26:beta05:::::: cpe:2.3:a:libpng:libpng:1.2.26:beta06:::::: cpe:2.3:a:libpng:libpng:1.2.26:rc01:::::: cpe:2.3:a:libpng:libpng:1.2.26:beta01:::::: cpe:2.3:a:libpng:libpng:1.2.26:beta02:::::: cpe:2.3:a:libpng:libpng:1.2.26:beta03:::::: cpe:2.3:a:libpng:libpng:1.2.25:beta03:::::: cpe:2.3:a:libpng:libpng:1.2.25:beta04:::::: cpe:2.3:a:libpng:libpng:1.2.25:rc01:::::: cpe:2.3:a:libpng:libpng:1.2.25:rc02:::::: cpe:2.3:a:libpng:libpng:1.2.25:beta05:::::: cpe:2.3:a:libpng:libpng:1.2.25:beta06:::::: cpe:2.3:a:libpng:libpng:1.2.25:beta01:::::: cpe:2.3:a:libpng:libpng:1.2.25:beta02:::::: cpe:2.3:a:libpng:libpng:1.2.24:beta03:::::: cpe:2.3:a:libpng:libpng:1.2.24:rc01:::::: cpe:2.3:a:libpng:libpng:1.2.24:beta01:::::: cpe:2.3:a:libpng:libpng:1.2.24:beta02:::::: cpe:2.3:a:libpng:libpng:1.2.23:beta05:::::: cpe:2.3:a:libpng:libpng:1.2.23:rc01:::::: cpe:2.3:a:libpng:libpng:1.2.23:beta01:::::: cpe:2.3:a:libpng:libpng:1.2.23:beta02:::::: cpe:2.3:a:libpng:libpng:1.2.23:beta03:::::: cpe:2.3:a:libpng:libpng:1.2.23:beta04:::::: cpe:2.3:a:libpng:libpng:1.2.22:beta3-1.2.21:::::: cpe:2.3:a:libpng:libpng:1.2.22:beta4:::::: cpe:2.3:a:libpng:libpng:1.2.22:beta4-1.2.21:::::: cpe:2.3:a:libpng:libpng:1.2.22:beta1:::::: cpe:2.3:a:libpng:libpng:1.2.22:beta2:::::: cpe:2.3:a:libpng:libpng:1.2.22:rc1:::::: cpe:2.3:a:libpng:libpng:1.2.22:rc1-1.2.21:::::: cpe:2.3:a:libpng:libpng:1.2.22:beta2-1.2.21:::::: cpe:2.3:a:libpng:libpng:1.2.22:beta3:::::: cpe:2.3:a:libpng:libpng:1.2.21:rc3:::::: cpe:2.3:a:libpng:libpng:1.2.20:beta01:::::: cpe:2.3:a:libpng:libpng:1.2.20:rc4:::::: cpe:2.3:a:libpng:libpng:1.2.20:rc5:::::: cpe:2.3:a:libpng:libpng:1.2.20:beta04:::::: cpe:2.3:a:libpng:libpng:1.2.20:rc1:::::: cpe:2.3:a:libpng:libpng:1.2.20:beta02:::::: cpe:2.3:a:libpng:libpng:1.2.20:beta03:::::: cpe:2.3:a:libpng:libpng:1.2.20:rc6:::::: cpe:2.3:a:libpng:libpng:1.2.20:rc2:::::: cpe:2.3:a:libpng:libpng:1.2.20:rc3:::::: cpe:2.3:a:libpng:libpng:1.2.2:rc1:::::: cpe:2.3:a:libpng:libpng:1.2.2:beta3:::::: cpe:2.3:a:libpng:libpng:1.2.2:beta4:::::: cpe:2.3:a:libpng:libpng:1.2.2:beta1:::::: cpe:2.3:a:libpng:libpng:1.2.2:beta2:::::: cpe:2.3:a:libpng:libpng:1.2.2:beta5:::::: cpe:2.3:a:libpng:libpng:1.2.2:beta6:::::: cpe:2.3:a:libpng:libpng:1.2.19:beta10:::::: cpe:2.3:a:libpng:libpng:1.2.19:beta11:::::: cpe:2.3:a:libpng:libpng:1.2.19:beta18:::::: cpe:2.3:a:libpng:libpng:1.2.19:beta19:::::: cpe:2.3:a:libpng:libpng:1.2.19:beta26:::::: cpe:2.3:a:libpng:libpng:1.2.19:beta27:::::: cpe:2.3:a:libpng:libpng:1.2.19:beta5:::::: cpe:2.3:a:libpng:libpng:1.2.19:beta6:::::: cpe:2.3:a:libpng:libpng:1.2.19:rc4:::::: cpe:2.3:a:libpng:libpng:1.2.19:rc5:::::: cpe:2.3:a:libpng:libpng:1.2.19:rc6:::::: cpe:2.3:a:libpng:libpng:1.2.19:beta14:::::: cpe:2.3:a:libpng:libpng:1.2.19:beta15:::::: cpe:2.3:a:libpng:libpng:1.2.19:beta22:::::: cpe:2.3:a:libpng:libpng:1.2.19:beta23:::::: cpe:2.3:a:libpng:libpng:1.2.19:beta3:::::: cpe:2.3:a:libpng:libpng:1.2.19:beta30:::::: cpe:2.3:a:libpng:libpng:1.2.19:beta9:::::: cpe:2.3:a:libpng:libpng:1.2.19:rc1:::::: cpe:2.3:a:libpng:libpng:1.2.19:beta12:::::: cpe:2.3:a:libpng:libpng:1.2.19:beta13:::::: cpe:2.3:a:libpng:libpng:1.2.19:beta2:::::: cpe:2.3:a:libpng:libpng:1.2.19:beta20:::::: cpe:2.3:a:libpng:libpng:1.2.19:beta21:::::: cpe:2.3:a:libpng:libpng:1.2.19:beta28:::::: cpe:2.3:a:libpng:libpng:1.2.19:beta29:::::: cpe:2.3:a:libpng:libpng:1.2.19:beta7:::::: cpe:2.3:a:libpng:libpng:1.2.19:beta8:::::: cpe:2.3:a:libpng:libpng:1.2.19:beta1:::::: cpe:2.3:a:libpng:libpng:1.2.19:beta16:::::: cpe:2.3:a:libpng:libpng:1.2.19:beta17:::::: cpe:2.3:a:libpng:libpng:1.2.19:beta24:::::: cpe:2.3:a:libpng:libpng:1.2.19:beta25:::::: cpe:2.3:a:libpng:libpng:1.2.19:beta31:::::: cpe:2.3:a:libpng:libpng:1.2.19:beta4:::::: cpe:2.3:a:libpng:libpng:1.2.19:rc2:::::: cpe:2.3:a:libpng:libpng:1.2.19:rc3:::::: cpe:2.3:a:libpng:libpng:1.2.17:beta1:::::: cpe:2.3:a:libpng:libpng:1.2.17:rc2:::::: cpe:2.3:a:libpng:libpng:1.2.17:rc3:::::: cpe:2.3:a:libpng:libpng:1.2.17:beta2:::::: cpe:2.3:a:libpng:libpng:1.2.17:rc1:::::: cpe:2.3:a:libpng:libpng:1.2.17:rc4:::::: cpe:2.3:a:libpng:libpng:1.2.16:rc1:::::: cpe:2.3:a:libpng:libpng:1.2.16:beta1:::::: cpe:2.3:a:libpng:libpng:1.2.16:beta2:::::: cpe:2.3:a:libpng:libpng:1.2.15:beta1:::::: cpe:2.3:a:libpng:libpng:1.2.15:beta5:::::: cpe:2.3:a:libpng:libpng:1.2.15:beta6:::::: cpe:2.3:a:libpng:libpng:1.2.15:beta2:::::: cpe:2.3:a:libpng:libpng:1.2.15:rc3:::::: cpe:2.3:a:libpng:libpng:1.2.15:rc4:::::: cpe:2.3:a:libpng:libpng:1.2.15:rc5:::::: cpe:2.3:a:libpng:libpng:1.2.15:rc1:::::: cpe:2.3:a:libpng:libpng:1.2.15:rc2:::::: cpe:2.3:a:libpng:libpng:1.2.15:beta3:::::: cpe:2.3:a:libpng:libpng:1.2.15:beta4:::::: cpe:2.3:a:libpng:libpng:1.2.14:beta1:::::: cpe:2.3:a:libpng:libpng:1.2.14:beta2:::::: cpe:2.3:a:libpng:libpng:1.2.14:rc1:::::: cpe:2.3:a:libpng:libpng:1.2.13:rc2:::::: cpe:2.3:a:libpng:libpng:1.2.13:rc1:::::: cpe:2.3:a:libpng:libpng:1.2.13:beta1:::::: cpe:2.3:a:libpng:libpng:1.2.11:beta2:::::: cpe:2.3:a:libpng:libpng:1.2.11:rc1:::::: cpe:2.3:a:libpng:libpng:1.2.11:beta3:::::: cpe:2.3:a:libpng:libpng:1.2.11:rc2:::::: cpe:2.3:a:libpng:libpng:1.2.11:rc3:::::: cpe:2.3:a:libpng:libpng:1.2.11:rc5:::::: cpe:2.3:a:libpng:libpng:1.2.11:beta1:::::: cpe:2.3:a:libpng:libpng:1.2.11:beta4:::::: cpe:2.3:a:libpng:libpng:1.2.10:beta4:::::: cpe:2.3:a:libpng:libpng:1.2.10:rc3:::::: cpe:2.3:a:libpng:libpng:1.2.10:beta7:::::: cpe:2.3:a:libpng:libpng:1.2.10:beta5:::::: cpe:2.3:a:libpng:libpng:1.2.10:beta3:::::: cpe:2.3:a:libpng:libpng:1.2.10:beta2:::::: cpe:2.3:a:libpng:libpng:1.2.10:beta1:::::: cpe:2.3:a:libpng:libpng:1.2.10:beta6:::::: cpe:2.3:a:libpng:libpng:1.2.10:rc1:::::: cpe:2.3:a:libpng:libpng:1.2.10:rc2:::::: cpe:2.3:a:libpng:libpng:1.2.1:beta1:::::: cpe:2.3:a:libpng:libpng:1.2.1:rc1:::::: cpe:2.3:a:libpng:libpng:1.2.1:rc2:::::: cpe:2.3:a:libpng:libpng:1.2.1:beta4:::::: cpe:2.3:a:libpng:libpng:1.2.1:beta3:::::: cpe:2.3:a:libpng:libpng:1.2.1:beta2:::::: cpe:2.3:a:libpng:libpng:1.2.0:beta4:::::: cpe:2.3:a:libpng:libpng:1.2.0:beta2:::::: cpe:2.3:a:libpng:libpng:1.2.0:beta5:::::: cpe:2.3:a:libpng:libpng:1.2.0:beta3:::::: cpe:2.3:a:libpng:libpng:1.2.0:rc1:::::: cpe:2.3:a:libpng:libpng:1.2.0:beta1:::::: cpe:2.3:a:libpng:libpng:1.0.9:beta2:::::: cpe:2.3:a:libpng:libpng:1.0.9:beta7:::::: cpe:2.3:a:libpng:libpng:1.0.9:beta5:::::: cpe:2.3:a:libpng:libpng:1.0.9:rc1:::::: cpe:2.3:a:libpng:libpng:1.0.9:beta4:::::: cpe:2.3:a:libpng:libpng:1.0.9:beta10:::::: cpe:2.3:a:libpng:libpng:1.0.9:beta8:::::: cpe:2.3:a:libpng:libpng:1.0.9:beta9:::::: cpe:2.3:a:libpng:libpng:1.0.9:beta3:::::: cpe:2.3:a:libpng:libpng:1.0.9:rc2:::::: cpe:2.3:a:libpng:libpng:1.0.9:beta1:::::: cpe:2.3:a:libpng:libpng:1.0.9:beta6:::::: cpe:2.3:a:libpng:libpng:1.0.8:beta2:::::: cpe:2.3:a:libpng:libpng:1.0.8:rc1:::::: cpe:2.3:a:libpng:libpng:1.0.8:beta3:::::: cpe:2.3:a:libpng:libpng:1.0.8:beta1:::::: cpe:2.3:a:libpng:libpng:1.0.8:beta4:::::: cpe:2.3:a:libpng:libpng:1.0.7:beta12:::::: cpe:2.3:a:libpng:libpng:1.0.7:beta14:::::: cpe:2.3:a:libpng:libpng:1.0.7:rc1:::::: cpe:2.3:a:libpng:libpng:1.0.7:beta11:::::: cpe:2.3:a:libpng:libpng:1.0.7:rc2:::::: cpe:2.3:a:libpng:libpng:1.0.7:beta13:::::: cpe:2.3:a:libpng:libpng:1.0.7:beta16:::::: cpe:2.3:a:libpng:libpng:1.0.7:beta15:::::: cpe:2.3:a:libpng:libpng:1.0.7:beta18:::::: cpe:2.3:a:libpng:libpng:1.0.7:beta17:::::: cpe:2.3:a:libpng:libpng:1.0.6:g:::::: cpe:2.3:a:libpng:libpng:1.0.6:h:::::: cpe:2.3:a:libpng:libpng:1.0.6:i:::::: cpe:2.3:a:libpng:libpng:1.0.6:j:::::: cpe:2.3:a:libpng:libpng:1.0.6:a:::::: cpe:2.3:a:libpng:libpng:1.0.6:d:::::: cpe:2.3:a:libpng:libpng:1.0.6:e:::::: cpe:2.3:a:libpng:libpng:1.0.6:f:::::: cpe:2.3:a:libpng:libpng:1.0.32:::::::* cpe:2.3:a:libpng:libpng:1.0.31:rc01:::::: cpe:2.3:a:libpng:libpng:1.0.31:::::::* cpe:2.3:a:libpng:libpng:1.0.30:::::::* cpe:2.3:a:libpng:libpng:1.0.30:rc1:::::: cpe:2.3:a:libpng:libpng:1.0.29:rc1:::::: cpe:2.3:a:libpng:libpng:1.0.29:rc3:::::: cpe:2.3:a:libpng:libpng:1.0.29:::::::* cpe:2.3:a:libpng:libpng:1.0.29:rc2:::::: cpe:2.3:a:libpng:libpng:1.0.29:beta1:::::: cpe:2.3:a:libpng:libpng:1.0.28:rc3:::::: cpe:2.3:a:libpng:libpng:1.0.28:rc4:::::: cpe:2.3:a:libpng:libpng:1.0.28:rc5:::::: cpe:2.3:a:libpng:libpng:1.0.28:rc6:::::: cpe:2.3:a:libpng:libpng:1.0.28:rc2:::::: cpe:2.3:a:libpng:libpng:1.0.28:::::::* cpe:2.3:a:libpng:libpng:1.0.27:rc5:::::: cpe:2.3:a:libpng:libpng:1.0.27:rc3:::::: cpe:2.3:a:libpng:libpng:1.0.27:rc4:::::: cpe:2.3:a:libpng:libpng:1.0.27:rc2:::::: cpe:2.3:a:libpng:libpng:1.0.27:::::::* cpe:2.3:a:libpng:libpng:1.0.27:rc1:::::: cpe:2.3:a:libpng:libpng:1.0.27:rc6:::::: cpe:2.3:a:libpng:libpng:1.0.26:::::::* cpe:2.3:a:libpng:libpng:1.0.25:rc2:::::: cpe:2.3:a:libpng:libpng:1.0.25:rc1:::::: cpe:2.3:a:libpng:libpng:1.0.25:::::::* cpe:2.3:a:libpng:libpng:1.0.24:rc1:::::: cpe:2.3:a:libpng:libpng:1.0.24:::::::* cpe:2.3:a:libpng:libpng:1.0.23:rc5:::::: cpe:2.3:a:libpng:libpng:1.0.23:::::::* cpe:2.3:a:libpng:libpng:1.0.23:rc4:::::: cpe:2.3:a:libpng:libpng:1.0.23:rc3:::::: cpe:2.3:a:libpng:libpng:1.0.23:rc2:::::: cpe:2.3:a:libpng:libpng:1.0.23:rc1:::::: cpe:2.3:a:libpng:libpng:1.0.22:::::::* cpe:2.3:a:libpng:libpng:1.0.22:rc1:::::: cpe:2.3:a:libpng:libpng:1.0.21:rc2:::::: cpe:2.3:a:libpng:libpng:1.0.21:::::::* cpe:2.3:a:libpng:libpng:1.0.21:rc1:::::: cpe:2.3:a:libpng:libpng:1.0.20:::::::* cpe:2.3:a:libpng:libpng:1.0.19:::::::* cpe:2.3:a:libpng:libpng:1.0.19:rc1:::::: cpe:2.3:a:libpng:libpng:1.0.19:rc5:::::: cpe:2.3:a:libpng:libpng:1.0.19:rc2:::::: cpe:2.3:a:libpng:libpng:1.0.19:rc3:::::: cpe:2.3:a:libpng:libpng:1.0.18:::::::* cpe:2.3:a:libpng:libpng:1.0.17:::::::* cpe:2.3:a:libpng:libpng:1.0.16:::::::* cpe:2.3:a:libpng:libpng:1.0.15:rc1:::::: cpe:2.3:a:libpng:libpng:1.0.15:rc2:::::: cpe:2.3:a:libpng:libpng:1.0.15:rc3:::::: cpe:2.3:a:libpng:libpng:1.0.15:::::::* cpe:2.3:a:libpng:libpng:1.0.14:::::::* cpe:2.3:a:libpng:libpng:1.0.13:::::::* cpe:2.3:a:libpng:libpng:1.0.12:rc1:::::: cpe:2.3:a:libpng:libpng:1.0.12:beta1:::::: cpe:2.3:a:libpng:libpng:1.0.12:::::::* cpe:2.3:a:libpng:libpng:1.0.11:beta1:::::: cpe:2.3:a:libpng:libpng:1.0.11:beta3:::::: cpe:2.3:a:libpng:libpng:1.0.11:rc1:::::: cpe:2.3:a:libpng:libpng:1.0.11:beta2:::::: cpe:2.3:a:libpng:libpng:1.0.10:beta1:::::: cpe:2.3:a:libpng:libpng:1.0.10:rc1::::::	310
Application	Libtiff cpe:2.3:a:libtiff:libtiff:3.8.2:::::::* cpe:2.3:a:libtiff:libtiff:3.8.1:::::::* cpe:2.3:a:libtiff:libtiff:3.8.0:::::::* cpe:2.3:a:libtiff:libtiff:3.7.4:::::::* cpe:2.3:a:libtiff:libtiff:3.7.3:::::::* cpe:2.3:a:libtiff:libtiff:3.7.2:::::::* cpe:2.3:a:libtiff:libtiff:3.7.1:::::::* cpe:2.3:a:libtiff:libtiff:3.7.0:beta2:::::: cpe:2.3:a:libtiff:libtiff:3.7.0:::::::* cpe:2.3:a:libtiff:libtiff:3.7.0:beta:::::: cpe:2.3:a:libtiff:libtiff:3.7.0:alpha:::::: cpe:2.3:a:libtiff:libtiff:3.6.1:::::::* cpe:2.3:a:libtiff:libtiff:3.6.0:::::::* cpe:2.3:a:libtiff:libtiff:3.6.0:beta:::::: cpe:2.3:a:libtiff:libtiff:3.6.0:beta2:::::: cpe:2.3:a:libtiff:libtiff:3.5.7:::::::* cpe:2.3:a:libtiff:libtiff:3.5.7:alpha3:::::: cpe:2.3:a:libtiff:libtiff:3.5.7:alpha2:::::: cpe:2.3:a:libtiff:libtiff:3.5.7:alpha4:::::: cpe:2.3:a:libtiff:libtiff:3.5.7:beta:::::: cpe:2.3:a:libtiff:libtiff:3.5.7:alpha:::::: cpe:2.3:a:libtiff:libtiff:3.5.6:::::::* cpe:2.3:a:libtiff:libtiff:3.5.6:beta:::::: cpe:2.3:a:libtiff:libtiff:3.5.5:::::::* cpe:2.3:a:libtiff:libtiff:3.5.4:::::::* cpe:2.3:a:libtiff:libtiff:3.5.3:::::::* cpe:2.3:a:libtiff:libtiff:3.5.2:::::::* cpe:2.3:a:libtiff:libtiff:3.5.1:::::::* cpe:2.3:a:libtiff:libtiff:3.4:::::::* cpe:2.3:a:libtiff:libtiff:3.4:beta36:::::: cpe:2.3:a:libtiff:libtiff:3.4:beta34:::::: cpe:2.3:a:libtiff:libtiff:3.4:beta24:::::: cpe:2.3:a:libtiff:libtiff:3.4:beta31:::::: cpe:2.3:a:libtiff:libtiff:3.4:beta37:::::: cpe:2.3:a:libtiff:libtiff:3.4:beta29:::::: cpe:2.3:a:libtiff:libtiff:3.4:beta18:::::: cpe:2.3:a:libtiff:libtiff:3.4:beta28:::::: cpe:2.3:a:libtiff:libtiff:3.4:beta35:::::: cpe:2.3:a:libtiff:libtiff:3.4:beta32:::::: cpe:2.3:a:libtiff:libtiff:::::::: cpe:2.3:a:libtiff:libtiff:-:::::::*	41
Application	Openbsd Openssh cpe:2.3:a:openbsd:openssh:4.8:-:::::: cpe:2.3:a:openbsd:openssh:4.7:-:::::: cpe:2.3:a:openbsd:openssh:4.6:-:::::: cpe:2.3:a:openbsd:openssh:4.5:-:::::: cpe:2.3:a:openbsd:openssh:4.4:-:::::: cpe:2.3:a:openbsd:openssh:3.7.1:p2:::::: cpe:2.3:a:openbsd:openssh:3.6.1:p2::::::	7
Application	Ruby-Lang Ruby cpe:2.3:a:ruby-lang:ruby:1.8.6.230:::::::*	1
Os	Apple Mac Os X cpe:2.3:o:apple:mac_os_x:10.5.4:::::::* cpe:2.3:o:apple:mac_os_x:10.5.3:::::::* cpe:2.3:o:apple:mac_os_x:10.5.2:::::::* cpe:2.3:o:apple:mac_os_x:10.5.1:::::::* cpe:2.3:o:apple:mac_os_x:10.5:::::::* cpe:2.3:o:apple:mac_os_x:10.4.11:::::::*	6
Os	Apple Mac Os X Server cpe:2.3:o:apple:mac_os_x_server:10.5.4:::::::* cpe:2.3:o:apple:mac_os_x_server:10.5.3:::::::* cpe:2.3:o:apple:mac_os_x_server:10.5.2:::::::* cpe:2.3:o:apple:mac_os_x_server:10.5.1:::::::* cpe:2.3:o:apple:mac_os_x_server:10.5:::::::* cpe:2.3:o:apple:mac_os_x_server:10.4.11:::::::*	6

ExploitDB Exploits

id	Description
2008-07-25	BIND 9.x Remote DNS Cache Poisoning Flaw Exploit (c)
2008-07-24	BIND 9.x Remote DNS Cache Poisoning Flaw Exploit (py)
2008-07-23	BIND 9.4.1-9.4.2 Remote DNS Cache Poisoning Flaw Exploit (meta)

OpenVAS Exploits

Date	Description
2012-10-03	Name : Gentoo Security Advisory GLSA 201209-25 (vmware-server vmware-player vmware-w... File : nvt/glsa_201209_25.nasl
2011-08-09	Name : CentOS Update for libpng CESA-2009:0333-01 centos2 i386 File : nvt/gb_CESA-2009_0333-01_libpng_centos2_i386.nasl
2011-08-09	Name : CentOS Update for libpng10 CESA-2009:0333 centos4 i386 File : nvt/gb_CESA-2009_0333_libpng10_centos4_i386.nasl
2010-05-12	Name : Mac OS X Security Update 2008-005 File : nvt/macosx_secupd_2008-005.nasl
2010-05-12	Name : Mac OS X 10.5.5 Update / Security Update 2008-006 File : nvt/macosx_upd_10_5_5_secupd_2008-006.nasl
2010-05-12	Name : Mac OS X 10.5.7 Update / Mac OS X Security Update 2009-002 File : nvt/macosx_upd_10_5_7_secupd_2009-002.nasl
2010-04-19	Name : OpenSSH X Connections Session Hijacking Vulnerability File : nvt/gb_openssh_28444.nasl
2010-02-03	Name : Solaris Update for Kernel 122300-48 File : nvt/gb_solaris_122300_48.nasl
2010-02-03	Name : Solaris Update for Kernel 122301-48 File : nvt/gb_solaris_122301_48.nasl
2009-12-10	Name : Mandriva Security Advisory MDVSA-2009:169-1 (libtiff) File : nvt/mdksa_2009_169_1.nasl
2009-11-17	Name : Mac OS X Version File : nvt/macosx_version.nasl
2009-10-13	Name : Solaris Update for /usr/bin/ssh 114356-19 File : nvt/gb_solaris_114356_19.nasl
2009-10-13	Name : Solaris Update for /usr/bin/ssh 114357-18 File : nvt/gb_solaris_114357_18.nasl
2009-10-13	Name : Solaris Update for GNOME 2.6.0 119900-09 File : nvt/gb_solaris_119900_09.nasl
2009-10-13	Name : Solaris Update for Gnome libtiff - library for reading and writing TIFF 11990... File : nvt/gb_solaris_119901_08.nasl
2009-10-13	Name : Solaris Update for Kernel 122300-44 File : nvt/gb_solaris_122300_44.nasl
2009-10-13	Name : Solaris Update for Kernel 122301-44 File : nvt/gb_solaris_122301_44.nasl
2009-10-13	Name : SLES10: Security update for bind File : nvt/sles10_bind0.nasl
2009-10-13	Name : SLES10: Security update for clamav File : nvt/sles10_clamav0.nasl
2009-10-13	Name : SLES10: Security update for clamav File : nvt/sles10_clamav2.nasl
2009-10-13	Name : SLES10: Security update for libpng File : nvt/sles10_libpng3.nasl
2009-10-13	Name : SLES10: Security update for libtiff File : nvt/sles10_libtiff0.nasl
2009-10-13	Name : SLES10: Security update for OpenSSH File : nvt/sles10_openssh0.nasl
2009-10-10	Name : SLES9: Security update for OpenSSH File : nvt/sles9p5023096.nasl
2009-10-10	Name : SLES9: Security update for libpng File : nvt/sles9p5023140.nasl
2009-10-10	Name : SLES9: Security update for clamav File : nvt/sles9p5023300.nasl
2009-10-10	Name : SLES9: Security update for clamav File : nvt/sles9p5029200.nasl
2009-10-10	Name : SLES9: Security update for bind File : nvt/sles9p5030189.nasl
2009-10-10	Name : SLES9: Security update for clamav File : nvt/sles9p5030240.nasl
2009-10-10	Name : SLES9: Security update for libtiff File : nvt/sles9p5034140.nasl
2009-09-23	Name : Solaris Update for Kernel 122301-42 File : nvt/gb_solaris_122301_42.nasl
2009-08-17	Name : Mandrake Security Advisory MDVSA-2009:169 (libtiff) File : nvt/mdksa_2009_169.nasl
2009-07-29	Name : Mandrake Security Advisory MDVSA-2009:150 (libtiff) File : nvt/mdksa_2009_150.nasl
2009-07-29	Name : Ubuntu USN-799-1 (dbus) File : nvt/ubuntu_799_1.nasl
2009-07-29	Name : Ubuntu USN-801-1 (tiff) File : nvt/ubuntu_801_1.nasl
2009-07-29	Name : Ubuntu USN-802-1 (apache2) File : nvt/ubuntu_802_1.nasl
2009-07-06	Name : Fedora Core 9 FEDORA-2009-7335 (libtiff) File : nvt/fcore_2009_7335.nasl
2009-06-23	Name : Fedora Core 9 FEDORA-2009-6603 (libpng) File : nvt/fcore_2009_6603.nasl
2009-06-03	Name : Solaris Update for /usr/bin/ssh 114356-18 File : nvt/gb_solaris_114356_18.nasl
2009-06-03	Name : Solaris Update for /usr/bin/ssh 114357-17 File : nvt/gb_solaris_114357_17.nasl
2009-06-03	Name : Solaris Update for Kernel 122300-40 File : nvt/gb_solaris_122300_40.nasl
2009-06-03	Name : Solaris Update for Kernel 122301-40 File : nvt/gb_solaris_122301_40.nasl
2009-06-03	Name : Solaris Update for kernel 137137-09 File : nvt/gb_solaris_137137_09.nasl
2009-06-03	Name : Solaris Update for kernel 137138-09 File : nvt/gb_solaris_137138_09.nasl
2009-05-05	Name : HP-UX Update for HP-UX Secure Shell HPSBUX02337 File : nvt/gb_hp_ux_HPSBUX02337.nasl
2009-05-05	Name : HP-UX Update for BIND HPSBUX02351 File : nvt/gb_hp_ux_HPSBUX02351.nasl
2009-04-28	Name : CentOS Security Advisory CESA-2009:0333 (libpng) File : nvt/ovcesa2009_0333.nasl
2009-04-09	Name : Mandriva Update for openssh MDVSA-2008:078 (openssh) File : nvt/gb_mandriva_MDVSA_2008_078.nasl
2009-04-09	Name : Mandriva Update for clamav MDVSA-2008:088 (clamav) File : nvt/gb_mandriva_MDVSA_2008_088.nasl
2009-04-09	Name : Mandriva Update for openssh MDVSA-2008:098 (openssh) File : nvt/gb_mandriva_MDVSA_2008_098.nasl
2009-04-09	Name : Mandriva Update for clamav MDVSA-2008:122 (clamav) File : nvt/gb_mandriva_MDVSA_2008_122.nasl
2009-04-09	Name : Mandriva Update for bind MDVSA-2008:139 (bind) File : nvt/gb_mandriva_MDVSA_2008_139.nasl
2009-04-09	Name : Mandriva Update for ruby MDVSA-2008:140 (ruby) File : nvt/gb_mandriva_MDVSA_2008_140.nasl
2009-04-09	Name : Mandriva Update for ruby MDVSA-2008:141 (ruby) File : nvt/gb_mandriva_MDVSA_2008_141.nasl
2009-04-09	Name : Mandriva Update for libpng MDVSA-2008:156 (libpng) File : nvt/gb_mandriva_MDVSA_2008_156.nasl
2009-04-09	Name : Mandriva Update for clamav MDVSA-2008:166 (clamav) File : nvt/gb_mandriva_MDVSA_2008_166.nasl
2009-04-09	Name : Mandriva Update for libtiff MDVSA-2008:184 (libtiff) File : nvt/gb_mandriva_MDVSA_2008_184.nasl
2009-03-31	Name : Debian Security Advisory DSA 1750-1 (libpng) File : nvt/deb_1750_1.nasl
2009-03-23	Name : Ubuntu Update for openssh vulnerability USN-597-1 File : nvt/gb_ubuntu_USN_597_1.nasl
2009-03-23	Name : Ubuntu Update for bind9 vulnerability USN-622-1 File : nvt/gb_ubuntu_USN_622_1.nasl
2009-03-23	Name : Ubuntu Update for dnsmasq vulnerability USN-627-1 File : nvt/gb_ubuntu_USN_627_1.nasl
2009-03-23	Name : Ubuntu Update for tiff vulnerability USN-639-1 File : nvt/gb_ubuntu_USN_639_1.nasl
2009-03-23	Name : Ubuntu Update for openssh vulnerabilities USN-649-1 File : nvt/gb_ubuntu_USN_649_1.nasl
2009-03-23	Name : Ubuntu Update for ruby1.8 vulnerabilities USN-651-1 File : nvt/gb_ubuntu_USN_651_1.nasl
2009-03-13	Name : Fedora Core 9 FEDORA-2009-2045 (libpng10) File : nvt/fcore_2009_2045.nasl
2009-03-13	Name : CentOS Security Advisory CESA-2009:0333-01 (libpng) File : nvt/ovcesa2009_0333_01.nasl
2009-03-07	Name : RedHat Security Advisory RHSA-2009:0333 File : nvt/RHSA_2009_0333.nasl
2009-03-07	Name : Ubuntu USN-730-1 (libpng) File : nvt/ubuntu_730_1.nasl
2009-03-06	Name : RedHat Update for bind RHSA-2008:0533-01 File : nvt/gb_RHSA-2008_0533-01_bind.nasl
2009-03-06	Name : RedHat Update for ruby RHSA-2008:0561-01 File : nvt/gb_RHSA-2008_0561-01_ruby.nasl
2009-03-06	Name : RedHat Update for ruby RHSA-2008:0562-01 File : nvt/gb_RHSA-2008_0562-01_ruby.nasl
2009-03-06	Name : RedHat Update for dnsmasq RHSA-2008:0789-01 File : nvt/gb_RHSA-2008_0789-01_dnsmasq.nasl
2009-03-06	Name : RedHat Update for libtiff RHSA-2008:0847-01 File : nvt/gb_RHSA-2008_0847-01_libtiff.nasl
2009-03-06	Name : RedHat Update for libtiff RHSA-2008:0848-01 File : nvt/gb_RHSA-2008_0848-01_libtiff.nasl
2009-03-06	Name : RedHat Update for libtiff RHSA-2008:0863-01 File : nvt/gb_RHSA-2008_0863-01_libtiff.nasl
2009-03-02	Name : Fedora Core 9 FEDORA-2009-2128 (libpng) File : nvt/fcore_2009_2128.nasl
2009-02-27	Name : CentOS Update for bind CESA-2008:0533-03 centos2 i386 File : nvt/gb_CESA-2008_0533-03_bind_centos2_i386.nasl
2009-02-27	Name : CentOS Update for bind CESA-2008:0533 centos3 i386 File : nvt/gb_CESA-2008_0533_bind_centos3_i386.nasl
2009-02-27	Name : CentOS Update for bind CESA-2008:0533 centos3 x86_64 File : nvt/gb_CESA-2008_0533_bind_centos3_x86_64.nasl
2009-02-27	Name : CentOS Update for bind CESA-2008:0533 centos4 i386 File : nvt/gb_CESA-2008_0533_bind_centos4_i386.nasl
2009-02-27	Name : CentOS Update for bind CESA-2008:0533 centos4 x86_64 File : nvt/gb_CESA-2008_0533_bind_centos4_x86_64.nasl
2009-02-27	Name : CentOS Update for ruby CESA-2008:0562-01 centos2 i386 File : nvt/gb_CESA-2008_0562-01_ruby_centos2_i386.nasl
2009-02-27	Name : CentOS Update for irb CESA-2008:0562 centos3 i386 File : nvt/gb_CESA-2008_0562_irb_centos3_i386.nasl
2009-02-27	Name : CentOS Update for irb CESA-2008:0562 centos3 x86_64 File : nvt/gb_CESA-2008_0562_irb_centos3_x86_64.nasl
2009-02-27	Name : CentOS Update for libtiff CESA-2008:0863-01 centos2 i386 File : nvt/gb_CESA-2008_0863-01_libtiff_centos2_i386.nasl
2009-02-27	Name : CentOS Update for libtiff CESA-2008:0863 centos3 i386 File : nvt/gb_CESA-2008_0863_libtiff_centos3_i386.nasl
2009-02-27	Name : CentOS Update for libtiff CESA-2008:0863 centos3 x86_64 File : nvt/gb_CESA-2008_0863_libtiff_centos3_x86_64.nasl
2009-02-18	Name : Fedora Core 9 FEDORA-2009-1069 (dnsmasq) File : nvt/fcore_2009_1069.nasl
2009-02-17	Name : Fedora Update for clamav FEDORA-2008-3358 File : nvt/gb_fedora_2008_3358_clamav_fc7.nasl
2009-02-17	Name : Fedora Update for clamav FEDORA-2008-3420 File : nvt/gb_fedora_2008_3420_clamav_fc8.nasl
2009-02-17	Name : Fedora Update for libpng10 FEDORA-2008-3683 File : nvt/gb_fedora_2008_3683_libpng10_fc9.nasl
2009-02-17	Name : Fedora Update for clamav FEDORA-2008-3900 File : nvt/gb_fedora_2008_3900_clamav_fc9.nasl
2009-02-17	Name : Fedora Update for libpng10 FEDORA-2008-3937 File : nvt/gb_fedora_2008_3937_libpng10_fc8.nasl
2009-02-17	Name : Fedora Update for libpng10 FEDORA-2008-3979 File : nvt/gb_fedora_2008_3979_libpng10_fc7.nasl
2009-02-17	Name : Fedora Update for libpng FEDORA-2008-4847 File : nvt/gb_fedora_2008_4847_libpng_fc8.nasl
2009-02-17	Name : Fedora Update for libpng FEDORA-2008-4910 File : nvt/gb_fedora_2008_4910_libpng_fc9.nasl
2009-02-17	Name : Fedora Update for libpng FEDORA-2008-4947 File : nvt/gb_fedora_2008_4947_libpng_fc7.nasl
2009-02-17	Name : Fedora Update for clamav FEDORA-2008-5476 File : nvt/gb_fedora_2008_5476_clamav_fc9.nasl
2009-02-17	Name : Fedora Update for ruby FEDORA-2008-6033 File : nvt/gb_fedora_2008_6033_ruby_fc9.nasl
2009-02-17	Name : Fedora Update for ruby FEDORA-2008-6094 File : nvt/gb_fedora_2008_6094_ruby_fc8.nasl
2009-02-17	Name : Fedora Update for bind FEDORA-2008-6256 File : nvt/gb_fedora_2008_6256_bind_fc9.nasl
2009-02-17	Name : Fedora Update for bind FEDORA-2008-6281 File : nvt/gb_fedora_2008_6281_bind_fc8.nasl
2009-02-17	Name : Fedora Update for clamav FEDORA-2008-6338 File : nvt/gb_fedora_2008_6338_clamav_fc9.nasl
2009-02-17	Name : Fedora Update for clamav FEDORA-2008-6422 File : nvt/gb_fedora_2008_6422_clamav_fc8.nasl
2009-02-17	Name : Fedora Update for libtiff FEDORA-2008-7370 File : nvt/gb_fedora_2008_7370_libtiff_fc9.nasl
2009-02-17	Name : Fedora Update for libtiff FEDORA-2008-7388 File : nvt/gb_fedora_2008_7388_libtiff_fc8.nasl
2009-02-17	Name : Fedora Update for ruby FEDORA-2008-8736 File : nvt/gb_fedora_2008_8736_ruby_fc8.nasl
2009-02-17	Name : Fedora Update for ruby FEDORA-2008-8738 File : nvt/gb_fedora_2008_8738_ruby_fc9.nasl
2009-02-17	Name : Fedora Update for libpng10 FEDORA-2008-9379 File : nvt/gb_fedora_2008_9379_libpng10_fc9.nasl
2009-02-17	Name : Fedora Update for libpng10 FEDORA-2008-9393 File : nvt/gb_fedora_2008_9393_libpng10_fc8.nasl
2009-02-17	Name : Fedora Update for clamav FEDORA-2008-9644 File : nvt/gb_fedora_2008_9644_clamav_fc9.nasl
2009-02-17	Name : Fedora Update for clamav FEDORA-2008-9651 File : nvt/gb_fedora_2008_9651_clamav_fc8.nasl
2009-01-23	Name : SuSE Update for clamav SUSE-SA:2008:024 File : nvt/gb_suse_2008_024.nasl
2009-01-23	Name : SuSE Update for bind SUSE-SA:2008:033 File : nvt/gb_suse_2008_033.nasl
2009-01-23	Name : SuSE Update for openwsman SUSE-SA:2008:041 File : nvt/gb_suse_2008_041.nasl
2009-01-20	Name : Fedora Core 9 FEDORA-2009-0350 (bind) File : nvt/fcore_2009_0350.nasl
2009-01-13	Name : Gentoo Security Advisory GLSA 200901-03 (pdnsd) File : nvt/glsa_200901_03.nasl
2008-12-23	Name : Gentoo Security Advisory GLSA 200812-15 (povray) File : nvt/glsa_200812_15.nasl
2008-12-23	Name : Gentoo Security Advisory GLSA 200812-17 (ruby) File : nvt/glsa_200812_17.nasl
2008-09-25	Name : Apple QuickTime Movie/PICT/QTVR Multiple Remote Vulnerabilities File : nvt/secpod_apple_quicktime_mult_vuln_900121.nasl
2008-09-24	Name : Gentoo Security Advisory GLSA 200804-03 (openssh) File : nvt/glsa_200804_03.nasl
2008-09-24	Name : Gentoo Security Advisory GLSA 200804-15 (libpng) File : nvt/glsa_200804_15.nasl
2008-09-24	Name : Gentoo Security Advisory GLSA 200805-10 (pngcrush) File : nvt/glsa_200805_10.nasl
2008-09-24	Name : Gentoo Security Advisory GLSA 200805-19 (clamav) File : nvt/glsa_200805_19.nasl
2008-09-24	Name : Gentoo Security Advisory GLSA 200807-08 (bind) File : nvt/glsa_200807_08.nasl
2008-09-24	Name : Gentoo Security Advisory GLSA 200808-07 (clamav) File : nvt/glsa_200808_07.nasl
2008-09-24	Name : Gentoo Security Advisory GLSA 200809-02 (dnsmasq) File : nvt/glsa_200809_02.nasl
2008-09-24	Name : Gentoo Security Advisory GLSA 200809-07 (tiff) File : nvt/glsa_200809_07.nasl
2008-09-17	Name : Debian Security Advisory DSA 1632-1 (tiff) File : nvt/deb_1632_1.nasl
2008-09-04	Name : FreeBSD Ports: clamav File : nvt/freebsd_clamav14.nasl
2008-09-04	Name : FreeBSD Ports: png File : nvt/freebsd_png2.nasl
2008-09-04	Name : FreeBSD Ports: ruby, ruby+pthreads, ruby+pthreads+oniguruma, ruby+oniguruma File : nvt/freebsd_ruby9.nasl
2008-09-04	Name : FreeBSD Security Advisory (FreeBSD-SA-08:06.bind.asc) File : nvt/freebsdsa_bind5.nasl
2008-09-04	Name : FreeBSD Security Advisory (FreeBSD-SA-08:05.openssh.asc) File : nvt/freebsdsa_openssh4.nasl
2008-09-03	Name : libpng vulnerability File : nvt/libpng_CB-A08-0064.nasl
2008-08-22	Name : Vulnerabilities in DNS Could Allow Spoofing (953230) File : nvt/secpod_ms08-037_900005.nasl
2008-08-15	Name : Debian Security Advisory DSA 1612-1 (ruby1.8) File : nvt/deb_1612_1.nasl
2008-08-15	Name : Debian Security Advisory DSA 1616-1 (clamav) File : nvt/deb_1616_1.nasl
2008-08-15	Name : Debian Security Advisory DSA 1616-2 (clamav) File : nvt/deb_1616_2.nasl
2008-08-15	Name : Debian Security Advisory DSA 1617-1 (refpolicy) File : nvt/deb_1617_1.nasl
2008-08-15	Name : Debian Security Advisory DSA 1618-1 (ruby1.9) File : nvt/deb_1618_1.nasl
2008-08-15	Name : Debian Security Advisory DSA 1619-1 (python-dns) File : nvt/deb_1619_1.nasl
2008-08-15	Name : Debian Security Advisory DSA 1623-1 (dnsmasq) File : nvt/deb_1623_1.nasl
2008-07-15	Name : Debian Security Advisory DSA 1603-1 (bind9) File : nvt/deb_1603_1.nasl
2008-05-27	Name : Debian Security Advisory DSA 1576-1 (openssh) File : nvt/deb_1576_1.nasl
2008-04-21	Name : Debian Security Advisory DSA 1549-1 (clamav) File : nvt/deb_1549_1.nasl
2008-02-29	Name : ClamAV < 0.93.1 vulnerability File : nvt/clamav-CB-A08-0001.nasl
0000-00-00	Name : Slackware Advisory SSA:2008-095-01 openssh File : nvt/esoft_slk_ssa_2008_095_01.nasl
0000-00-00	Name : Slackware Advisory SSA:2008-119-01 libpng File : nvt/esoft_slk_ssa_2008_119_01.nasl
0000-00-00	Name : Slackware Advisory SSA:2008-191-02 bind File : nvt/esoft_slk_ssa_2008_191_02.nasl
0000-00-00	Name : Slackware Advisory SSA:2008-205-01 dnsmasq File : nvt/esoft_slk_ssa_2008_205_01.nasl
0000-00-00	Name : Slackware Advisory SSA:2008-334-01 ruby File : nvt/esoft_slk_ssa_2008_334_01.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
53917	HP Multiple Products DNS Query ID Field Prediction Cache Poisoning
53530	Check Point DNS Query ID Field Prediction Cache Poisoning
48256	Ingate Firewall/SIParator DNS Query ID Field Prediction Cache Poisoning
48244	pdnsd DNS Query ID Field Prediction Cache Poisoning
48236	Apple Mac OS X File Sharing Home Directory Permission Weakness
48235	Apple Mac OS X Remote Management and Screen Sharing VNC Viewer Password Lengt...
48195	Apple Mac OS X ImageIO JPEG ICC Profile Handling Memory Corruption
48194	Apple Mac OS X Finder Remote Disk Search Unspecified DoS
48193	Apple Mac OS X Kernel vnode Recycling Cached Credential File Permission Bypass
48192	Apple Mac OS X Login Window Blank Password Race Condition Arbitrary Account A...
48191	Apple Mac OS X Login Window Password Modification Weakness
48190	Apple Mac OS X Wiki Server mailing-list Archive Unspecified XSS
48189	Apple Mac OS X VideoConference H.264 Encoded Media Memory Corruption
48188	Apple Mac OS X Time Machine Backup Log File Permission Weakness Local Informa...
48187	Apple Mac OS X SearchKit API Unspecified Functions Multiple Overflows
48186	Apple Mac OS X DNS Query ID Field Prediction Cache Poisoning
48185	Apple Mac OS X Apple Type Services (ATS) Postscript Font Name Handling Overflow A buffer overflow exists in Mac OS X. Apple Type Services (ATS) fails to validate Postscript font names resulting in a heap overflow. With a specially crafted file, a context-dependent attacker can cause arbitrary code execution resulting in a loss of integrity.
48184	Apple Mac OS X Network Preferences Cleartext PPP Password Local Disclosure
48183	Apple Mac OS X Directory Services Active Directory Login Window User Enumeration
48182	Apple Mac OS X Directory Services slapconfig Server Password Local Disclosure
48181	Apple Mac OS X Finder Get Info Window Permission Weakness Local Privilege Esc...
48180	Apple Mac OS X ImageIO TIFF Handling Memory Corruption
48034	Apple QuickTime on Windows PICT Image Handling Overflow
47927	Nortel Business Communications Manager DNS Query ID Field Prediction Cache Po...
47926	Astaro Security Gateway DNS Query ID Field Prediction Cache Poisoning
47916	Citrix Access Gateway DNS Query ID Field Prediction Cache Poisoning
47795	LibTIFF LZW Decoder libtiff/tif_lzw.c Multiple Function TIFF Decoder Underflow
47660	VitalQIP DNS Query ID Field Prediction Cache Poisoning
47588	Yamaha RT Series Routers DNS Query ID Field Prediction Cache Poisoning
47546	Astaro Security Gateway DNS Proxy DNS Query ID Field Prediction Cache Poisoning
47510	Dnsmasq DNS Query ID Field Prediction Cache Poisoning
47233	Secure Computing Sidewinder / CyberGuard DNS Query ID Field Prediction Cache ...
47232	F5 Multiple Product DNS Query ID Field Prediction Cache Poisoning
47156	ClamAV libclamav/petite.c Crafted Petite File Remote DoS
46916	Juniper Networks Multiple Products DNS Query ID Field Prediction Cache Poisoning
46837	Solaris named(1M) DNS Query ID Field Prediction Cache Poisoning Solaris contains a flaw that may allow a malicious user to insert invalid records into a recursive DNS server cache. The issue is triggered by a flaw in the DNS protocol, which does not require sufficient randomness in selecting Query ID and UDP source port for queries to authoritative servers. It is possible that the flaw may allow an attacker to spoof a DNS response to a legitimate query resulting in a loss of integrity.
46836	Nominum CNS / Vantio DNS Query ID Field Prediction Cache Poisoning
46786	Cisco Multiple Products DNS Query ID Field Prediction Cache Poisoning Multiple Cisco products contain a flaw that may allow a malicious user to insert invalid records into a recursive DNS server cache. The issue is triggered by a flaw in the DNS protocol, which does not require sufficient randomness in selecting Query ID and UDP source port for queries to authoritative servers. It is possible that the flaw may allow an attacker to spoof a DNS response to a legitimate query resulting in a loss of integrity.
46777	Microsoft Windows DNS Socket Entropy Weakness Cache Poisoning Windows contains a flaw that may allow a malicious user to insert invalid records into a recursive DNS server cache. The issue is triggered by a flaw in the DNS protocol, which does not require sufficient randomness in selecting Query ID and UDP source port for queries to authoritative servers. It is possible that the flaw may allow an attacker to spoof a DNS response to a legitimate query resulting in a loss of integrity.
46776	ISC BIND DNS Query ID Field Prediction Cache Poisoning BIND contains a flaw that may allow a malicious user to insert invalid records into a recursive DNS server cache. The issue is triggered by a flaw in the DNS protocol, which does not require sufficient randomness in selecting Query ID and UDP source port for queries to authoritative servers. It is possible that the flaw may allow an attacker to spoof a DNS response to a legitimate query resulting in a loss of integrity.
46691	Ruby rb_ary_fill() Function Overflow
46241	ClamAV libclamav/petite.c Crafted Packed Executable DoS
44524	ClamAV libclamunrar Crafted RAR File Handling Remote DoS
44523	ClamAV libclamav message.c rfc2231 Function Crafted Message Remote DoS
44522	ClamAV Crafted RAR File Handling Remote Security Bypass
44521	ClamAV libclamav Crafted WWPack Compressed PE File Remote Overflow
44520	ClamAV ARJ Archive Handling Unspecified Resource Consumption DoS
44519	ClamAV libclamav spin.c Crafted PeSpin Packed PE Binary Handling Overflow
44370	ClamAV libclamav/pe.c cli_scanpe Function Crafted Upack PE File Handling Remo...
44364	libpng Zero-length Unknown Chunk Processing Uninitialized Memory Access
43911	OpenSSH ~/.ssh/rc ForceCommand Bypass Arbitrary Command Execution
43745	OpenSSH X11 Forwarding Local Session Hijacking

Information Assurance Vulnerability Management (IAVM)

Date	Description
2008-11-06	IAVM : 2008-B-0078 - Multiple Vulnerabilities in VMware Severity : Category I - VMSKEY : V0017874
2008-07-17	IAVM : 2008-A-0045 - DNS Protocol Cache Poisoning Vulnerability Severity : Category I - VMSKEY : V0016170

Snort® IPS/IDS

Date	Description
2014-01-10	Microsoft Windows DNS server spoofing attempt RuleID : 16206 - Revision : 12 - Type : OS-WINDOWS
2014-01-10	excessive outbound NXDOMAIN replies - possible spoof of domain run by local D... RuleID : 13949 - Revision : 17 - Type : PROTOCOL-DNS
2014-01-10	large number of NXDOMAIN replies - possible DNS cache poisoning RuleID : 13948 - Revision : 13 - Type : PROTOCOL-DNS
2014-01-10	dns cache poisoning attempt RuleID : 13667 - Revision : 19 - Type : PROTOCOL-DNS

Nessus® Vulnerability Scanner

Date	Description
2017-12-14	Name : The remote openSUSE host is missing a security update. File : openSUSE-2017-1351.nasl - Type : ACT_GATHER_INFO
2017-12-08	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2017-3230-1.nasl - Type : ACT_GATHER_INFO
2017-04-21	Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2017-0066.nasl - Type : ACT_GATHER_INFO
2014-12-15	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201412-08.nasl - Type : ACT_GATHER_INFO
2014-11-26	Name : The remote OracleVM host is missing a security update. File : oraclevm_OVMSA-2009-0022.nasl - Type : ACT_GATHER_INFO
2014-11-26	Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2009-0027.nasl - Type : ACT_GATHER_INFO
2014-10-10	Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL8938.nasl - Type : ACT_GATHER_INFO
2014-04-16	Name : The remote AIX host is running a vulnerable version of OpenSSH. File : aix_ssh_advisory.nasl - Type : ACT_GATHER_INFO
2014-03-05	Name : The DNS server running on the remote host is vulnerable to DNS spoofing attacks. File : ms_dns_kb951746.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0533.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0561.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0562.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2008-0789.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0847.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0848.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0863.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-0333.nasl - Type : ACT_GATHER_INFO
2013-06-29	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2005-527.nasl - Type : ACT_GATHER_INFO
2013-06-29	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0848.nasl - Type : ACT_GATHER_INFO
2012-10-01	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201209-25.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080711_bind_on_SL_3_0_x.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080714_ruby_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080714_ruby_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing a security update. File : sl_20080811_dnsmasq_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080828_libtiff_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090304_libpng_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2011-10-04	Name : The remote SSH service is affected by a security bypass vulnerability. File : openssh_49.nasl - Type : ACT_GATHER_INFO
2011-08-29	Name : The SSH service running on the remote host has an information disclosure vuln... File : sunssh_plaintext_recovery.nasl - Type : ACT_GATHER_INFO
2011-05-28	Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2008-191-02.nasl - Type : ACT_GATHER_INFO
2010-09-01	Name : The remote device is missing a vendor-supplied security patch. File : cisco-sa-20080708-dnshttp.nasl - Type : ACT_GATHER_INFO
2010-09-01	Name : The remote device is missing a vendor-supplied security patch. File : cisco-sa-20080924-iosipshttp.nasl - Type : ACT_GATHER_INFO
2010-01-06	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0561.nasl - Type : ACT_GATHER_INFO
2010-01-06	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0847.nasl - Type : ACT_GATHER_INFO
2010-01-06	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-0333.nasl - Type : ACT_GATHER_INFO
2009-12-04	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-169.nasl - Type : ACT_GATHER_INFO
2009-09-24	Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12122.nasl - Type : ACT_GATHER_INFO
2009-09-24	Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12141.nasl - Type : ACT_GATHER_INFO
2009-09-24	Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12197.nasl - Type : ACT_GATHER_INFO
2009-09-24	Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12201.nasl - Type : ACT_GATHER_INFO
2009-09-24	Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12229.nasl - Type : ACT_GATHER_INFO
2009-07-27	Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2008-0014.nasl - Type : ACT_GATHER_INFO
2009-07-27	Name : The remote VMware ESX host is missing a security-related patch. File : vmware_VMSA-2008-0017.nasl - Type : ACT_GATHER_INFO
2009-07-27	Name : The remote VMware ESX host is missing a security-related patch. File : vmware_VMSA-2009-0007.nasl - Type : ACT_GATHER_INFO
2009-07-21	Name : The remote openSUSE host is missing a security update. File : suse_11_0_bind-080708.nasl - Type : ACT_GATHER_INFO
2009-07-21	Name : The remote openSUSE host is missing a security update. File : suse_11_0_clamav-080617.nasl - Type : ACT_GATHER_INFO
2009-07-21	Name : The remote openSUSE host is missing a security update. File : suse_11_0_clamav-080711.nasl - Type : ACT_GATHER_INFO
2009-07-21	Name : The remote openSUSE host is missing a security update. File : suse_11_0_dnsmasq-080813.nasl - Type : ACT_GATHER_INFO
2009-07-21	Name : The remote openSUSE host is missing a security update. File : suse_11_0_libpng-devel-080625.nasl - Type : ACT_GATHER_INFO
2009-07-21	Name : The remote openSUSE host is missing a security update. File : suse_11_0_libtiff-080820.nasl - Type : ACT_GATHER_INFO
2009-07-14	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-150.nasl - Type : ACT_GATHER_INFO
2009-05-13	Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_10_5_7.nasl - Type : ACT_GATHER_INFO
2009-04-23	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-078.nasl - Type : ACT_GATHER_INFO
2009-04-23	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-088.nasl - Type : ACT_GATHER_INFO
2009-04-23	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-098.nasl - Type : ACT_GATHER_INFO
2009-04-23	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-122.nasl - Type : ACT_GATHER_INFO
2009-04-23	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-139.nasl - Type : ACT_GATHER_INFO
2009-04-23	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-140.nasl - Type : ACT_GATHER_INFO
2009-04-23	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-141.nasl - Type : ACT_GATHER_INFO
2009-04-23	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-156.nasl - Type : ACT_GATHER_INFO
2009-04-23	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-166.nasl - Type : ACT_GATHER_INFO
2009-04-23	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-184.nasl - Type : ACT_GATHER_INFO
2009-04-23	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-649-1.nasl - Type : ACT_GATHER_INFO
2009-04-23	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-651-1.nasl - Type : ACT_GATHER_INFO
2009-04-23	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-730-1.nasl - Type : ACT_GATHER_INFO
2009-03-23	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1750.nasl - Type : ACT_GATHER_INFO
2009-03-05	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-0333.nasl - Type : ACT_GATHER_INFO
2009-02-17	Name : The remote Fedora host is missing a security update. File : fedora_2009-1069.nasl - Type : ACT_GATHER_INFO
2009-01-12	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200901-03.nasl - Type : ACT_GATHER_INFO
2008-12-17	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200812-17.nasl - Type : ACT_GATHER_INFO
2008-12-15	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200812-15.nasl - Type : ACT_GATHER_INFO
2008-12-01	Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2008-334-01.nasl - Type : ACT_GATHER_INFO
2008-11-14	Name : The remote host contains a web browser that is affected by several issues. File : macosx_Safari3_2.nasl - Type : ACT_GATHER_INFO
2008-11-14	Name : The remote host contains a web browser that is affected by several issues. File : safari_3_2.nasl - Type : ACT_GATHER_INFO
2008-10-10	Name : The remote Fedora host is missing a security update. File : fedora_2008-8738.nasl - Type : ACT_GATHER_INFO
2008-09-16	Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_10_5_5.nasl - Type : ACT_GATHER_INFO
2008-09-16	Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2008-006.nasl - Type : ACT_GATHER_INFO
2008-09-10	Name : The remote Fedora host is missing a security update. File : fedora_2008-7370.nasl - Type : ACT_GATHER_INFO
2008-09-10	Name : The remote Fedora host is missing a security update. File : fedora_2008-7388.nasl - Type : ACT_GATHER_INFO
2008-09-10	Name : The remote Windows host contains an application that is affected by multiple ... File : quicktime_755.nasl - Type : ACT_GATHER_INFO
2008-09-09	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200809-07.nasl - Type : ACT_GATHER_INFO
2008-09-05	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200809-02.nasl - Type : ACT_GATHER_INFO
2008-09-03	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_libtiff-5538.nasl - Type : ACT_GATHER_INFO
2008-09-03	Name : The remote openSUSE host is missing a security update. File : suse_libtiff-5540.nasl - Type : ACT_GATHER_INFO
2008-09-03	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-639-1.nasl - Type : ACT_GATHER_INFO
2008-08-30	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0863.nasl - Type : ACT_GATHER_INFO
2008-08-30	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0847.nasl - Type : ACT_GATHER_INFO
2008-08-30	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0848.nasl - Type : ACT_GATHER_INFO
2008-08-30	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0863.nasl - Type : ACT_GATHER_INFO
2008-08-27	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1632.nasl - Type : ACT_GATHER_INFO
2008-08-20	Name : The remote SSH service is affected by multiple vulnerabilities. File : attachmate_reflection_70_sp1.nasl - Type : ACT_GATHER_INFO
2008-08-17	Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_959d384d6b5911dd9d79001fc61c2a55.nasl - Type : ACT_GATHER_INFO
2008-08-15	Name : The remote openSUSE host is missing a security update. File : suse_dnsmasq-5512.nasl - Type : ACT_GATHER_INFO
2008-08-12	Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHNE_37865.nasl - Type : ACT_GATHER_INFO
2008-08-12	Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2008-0789.nasl - Type : ACT_GATHER_INFO
2008-08-10	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200808-07.nasl - Type : ACT_GATHER_INFO
2008-08-01	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1623.nasl - Type : ACT_GATHER_INFO
2008-08-01	Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2008-005.nasl - Type : ACT_GATHER_INFO
2008-07-28	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1617.nasl - Type : ACT_GATHER_INFO
2008-07-28	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1618.nasl - Type : ACT_GATHER_INFO
2008-07-28	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1619.nasl - Type : ACT_GATHER_INFO
2008-07-24	Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2008-205-01.nasl - Type : ACT_GATHER_INFO
2008-07-24	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1616.nasl - Type : ACT_GATHER_INFO
2008-07-23	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1612.nasl - Type : ACT_GATHER_INFO
2008-07-23	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-627-1.nasl - Type : ACT_GATHER_INFO
2008-07-18	Name : The remote Fedora host is missing a security update. File : fedora_2008-6338.nasl - Type : ACT_GATHER_INFO
2008-07-18	Name : The remote Fedora host is missing a security update. File : fedora_2008-6422.nasl - Type : ACT_GATHER_INFO
2008-07-15	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0562.nasl - Type : ACT_GATHER_INFO
2008-07-15	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200807-08.nasl - Type : ACT_GATHER_INFO
2008-07-15	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0561.nasl - Type : ACT_GATHER_INFO
2008-07-15	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0562.nasl - Type : ACT_GATHER_INFO
2008-07-15	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_bind-5409.nasl - Type : ACT_GATHER_INFO
2008-07-15	Name : The remote openSUSE host is missing a security update. File : suse_bind-5410.nasl - Type : ACT_GATHER_INFO
2008-07-15	Name : The remote openSUSE host is missing a security update. File : suse_clamav-5414.nasl - Type : ACT_GATHER_INFO
2008-07-15	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_clamav-5416.nasl - Type : ACT_GATHER_INFO
2008-07-10	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0533.nasl - Type : ACT_GATHER_INFO
2008-07-10	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1603.nasl - Type : ACT_GATHER_INFO
2008-07-10	Name : The remote Fedora host is missing a security update. File : fedora_2008-6256.nasl - Type : ACT_GATHER_INFO
2008-07-10	Name : The remote Fedora host is missing a security update. File : fedora_2008-6281.nasl - Type : ACT_GATHER_INFO
2008-07-10	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0533.nasl - Type : ACT_GATHER_INFO
2008-07-10	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-622-1.nasl - Type : ACT_GATHER_INFO
2008-07-09	Name : The remote name resolver (or the server it uses upstream) is affected by a DN... File : dns_non_random_source_ports.nasl - Type : ACT_GATHER_INFO
2008-07-08	Name : The remote Fedora host is missing a security update. File : fedora_2008-6033.nasl - Type : ACT_GATHER_INFO
2008-07-08	Name : The remote Fedora host is missing a security update. File : fedora_2008-6094.nasl - Type : ACT_GATHER_INFO
2008-07-08	Name : The remote host is vulnerable to DNS spoofing attacks. File : smb_nt_ms08-037.nasl - Type : ACT_GATHER_INFO
2008-07-02	Name : The remote openSUSE host is missing a security update. File : suse_clamav-5356.nasl - Type : ACT_GATHER_INFO
2008-07-02	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_clamav-5359.nasl - Type : ACT_GATHER_INFO
2008-06-24	Name : The remote Fedora host is missing a security update. File : fedora_2008-5476.nasl - Type : ACT_GATHER_INFO
2008-06-04	Name : The remote Fedora host is missing a security update. File : fedora_2008-4847.nasl - Type : ACT_GATHER_INFO
2008-06-04	Name : The remote Fedora host is missing a security update. File : fedora_2008-4910.nasl - Type : ACT_GATHER_INFO
2008-06-04	Name : The remote Fedora host is missing a security update. File : fedora_2008-4947.nasl - Type : ACT_GATHER_INFO
2008-05-29	Name : The remote Fedora host is missing a security update. File : fedora_2008-3683.nasl - Type : ACT_GATHER_INFO
2008-05-29	Name : The remote Fedora host is missing a security update. File : fedora_2008-3937.nasl - Type : ACT_GATHER_INFO
2008-05-29	Name : The remote Fedora host is missing a security update. File : fedora_2008-3979.nasl - Type : ACT_GATHER_INFO
2008-05-22	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200805-19.nasl - Type : ACT_GATHER_INFO
2008-05-19	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1576.nasl - Type : ACT_GATHER_INFO
2008-05-16	Name : The remote Fedora host is missing a security update. File : fedora_2008-3900.nasl - Type : ACT_GATHER_INFO
2008-05-13	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200805-10.nasl - Type : ACT_GATHER_INFO
2008-05-01	Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2008-119-01.nasl - Type : ACT_GATHER_INFO
2008-05-01	Name : The remote Fedora host is missing a security update. File : fedora_2008-3358.nasl - Type : ACT_GATHER_INFO
2008-05-01	Name : The remote Fedora host is missing a security update. File : fedora_2008-3420.nasl - Type : ACT_GATHER_INFO
2008-05-01	Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_57c705d612ae11ddbab70016179b2dd5.nasl - Type : ACT_GATHER_INFO
2008-04-25	Name : The remote openSUSE host is missing a security update. File : suse_clamav-5199.nasl - Type : ACT_GATHER_INFO
2008-04-25	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_clamav-5200.nasl - Type : ACT_GATHER_INFO
2008-04-25	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_libpng-5181.nasl - Type : ACT_GATHER_INFO
2008-04-22	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1549.nasl - Type : ACT_GATHER_INFO
2008-04-22	Name : The remote openSUSE host is missing a security update. File : suse_libpng-5180.nasl - Type : ACT_GATHER_INFO
2008-04-18	Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_589d80530b0311ddb4ef00e07dc4ec84.nasl - Type : ACT_GATHER_INFO
2008-04-17	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200804-15.nasl - Type : ACT_GATHER_INFO
2008-04-11	Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2008-095-01.nasl - Type : ACT_GATHER_INFO
2008-04-11	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200804-03.nasl - Type : ACT_GATHER_INFO
2008-04-11	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_openssh-5122.nasl - Type : ACT_GATHER_INFO
2008-04-11	Name : The remote openSUSE host is missing a security update. File : suse_openssh-5148.nasl - Type : ACT_GATHER_INFO
2008-04-11	Name : The remote openSUSE host is missing a security update. File : suse_openssh-5149.nasl - Type : ACT_GATHER_INFO
2008-04-04	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-597-1.nasl - Type : ACT_GATHER_INFO
2008-04-03	Name : The remote SSH service is prone to an X11 session hijacking vulnerability. File : openssh_50.nasl - Type : ACT_GATHER_INFO
2008-03-04	Name : The remote host is missing Sun Security Patch number 137080-11 File : solaris10_137080.nasl - Type : ACT_GATHER_INFO
2008-03-04	Name : The remote host is missing Sun Security Patch number 137081-11 File : solaris10_x86_137081.nasl - Type : ACT_GATHER_INFO
2007-10-17	Name : The remote host is missing Sun Security Patch number 114265-23 File : solaris9_x86_114265.nasl - Type : ACT_GATHER_INFO
2007-09-25	Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHNE_36973.nasl - Type : ACT_GATHER_INFO
2007-09-25	Name : The remote host is missing Sun Security Patch number 112837-24 File : solaris9_112837.nasl - Type : ACT_GATHER_INFO
2005-10-11	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-527.nasl - Type : ACT_GATHER_INFO
2004-07-12	Name : The remote host is missing Sun Security Patch number 109326-24 File : solaris8_109326.nasl - Type : ACT_GATHER_INFO
2004-07-12	Name : The remote host is missing Sun Security Patch number 109327-24 File : solaris8_x86_109327.nasl - Type : ACT_GATHER_INFO

Global Informations

Type	Count
CWE ID(s)	31
Oval ID(s)	39
CPE ID(s)	679
osvdb(s)	52
ExploitDB Exploit(s)	3
Openvas Exploit(s)	152
IAVM(s)	2
Snort® Rule(s)	4
Nessus® Exploit(s)	163

	Related
10	CVE-2008-3616
10	CVE-2008-1100
9.3	CVE-2008-3621
9.3	CVE-2008-3608
9.3	CVE-2008-2332
9.3	CVE-2008-2305
9	CVE-2008-3618
7.6	CVE-2008-3610
7.5	CVE-2008-2376
7.5	CVE-2008-1833
7.5	CVE-2008-1382
7.5	CVE-2008-0314
7.2	CVE-2008-3609
6.9	CVE-2008-1483
6.8	CVE-2008-3614
6.8	CVE-2008-2327
6.8	CVE-2008-1447
6.5	CVE-2008-1657
6.3	CVE-2008-3611
6.1	CVE-2008-3613
5	CVE-2008-3617
5	CVE-2008-3215
5	CVE-2008-2713
5	CVE-2008-2331
5	CVE-2008-1837
5	CVE-2008-1835
4.9	CVE-2008-2330
4.9	CVE-2008-2312
4.3	CVE-2008-3622
4.3	CVE-2008-1836
4.3	CVE-2008-1387
2.1	CVE-2008-3619
1.9	CVE-2008-2329
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 33 more Alert(s)