Executive Summary
This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
| Summary | |
|---|---|
| Title | - VMware vSphere product updates address security vulnerabilities |
| Informations | |||
|---|---|---|---|
| Name | VMSA-2014-0012 | First vendor Publication | 2014-12-04 |
| Vendor | VMware | Last vendor Modification | 2015-01-27 |
| Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 10 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| a. VMware vCSA cross-site scripting vulnerability VMware vCenter Server Appliance (vCSA) contains a vulnerability that may allow for Cross Site Scripting. Exploitation of this vulnerability in vCenter Server requires tricking a user to click on a malicious link or to open a malicious web page. VMware would like to thank Tanya Secker of Trustwave SpiderLabs for reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2014-3797 to this issue. b. vCenter Server certificate validation issue vCenter Server does not properly validate the presented certificate when establishing a connection to a CIM Server residing on an ESXi host. This may allow for a Man-in-the-middle attack against the CIM service. VMware would like to thank The Google Security Team for reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2014-8371 to this issue. c. Update to ESXi libxml2 package libxml2 is updated to address multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2013-2877 and CVE-2014-0191 to these issues. d. Update to ESXi Curl package Curl is updated to address multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2014-0015 and CVE-2014-0138 to these issues. e. Update to ESXi Python package Python is updated to address multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2013-1752 and CVE-2013-4238 to these issues. f. vCenter and Update Manager, Oracle JRE 1.6 Update 81 Oracle has documented the CVE identifiers that are addressed in JRE 1.6.0 update 81 in the Oracle Java SE Critical Patch Update Advisory of July 2014. The References section provides a link to this advisory. |
Original Source
| Url : http://www.vmware.com/security/advisories/VMSA-2014-0012.html |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 22 % | CWE-20 | Improper Input Validation |
| 14 % | CWE-310 | Cryptographic Issues |
| 14 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
| 11 % | CWE-264 | Permissions, Privileges, and Access Controls |
| 5 % | CWE-476 | NULL Pointer Dereference |
| 5 % | CWE-362 | Race Condition |
| 5 % | CWE-326 | Inadequate Encryption Strength |
| 5 % | CWE-287 | Improper Authentication |
| 5 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 5 % | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25) |
| 3 % | CWE-203 | Information Exposure Through Discrepancy |
| 3 % | CWE-125 | Out-of-bounds Read |
| 3 % | CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') (CWE/SANS Top 25) |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:16887 | |||
| Oval ID: | oval:org.mitre.oval:def:16887 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier; the Oracle JRockit component in Oracle Fusion Middleware R27.7.5 and earlier and R28.2.7 and earlier; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. NOTE: the previous information is from the June and July 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass verification of XML signatures via vectors related to a "Missing check for [a] valid DOMCanonicalizationMethod canonicalization algorithm." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-2461 | Version: | 8 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:18127 | |||
| Oval ID: | oval:org.mitre.oval:def:18127 | ||
| Title: | USN-1763-1 -- nss vulnerability | ||
| Description: | NSS could be made to expose sensitive information over the network. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1763-1 CVE-2013-1620 | Version: | 7 |
| Platform(s): | Ubuntu 12.10 Ubuntu 12.04 Ubuntu 11.10 Ubuntu 10.04 | Product(s): | nss |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:18320 | |||
| Oval ID: | oval:org.mitre.oval:def:18320 | ||
| Title: | USN-1904-2 -- libxml2 regression | ||
| Description: | USN-1904-1 introduced a regression in libxml2. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1904-2 CVE-2013-0339 CVE-2013-2877 | Version: | 7 |
| Platform(s): | Ubuntu 13.04 Ubuntu 12.10 Ubuntu 12.04 Ubuntu 10.04 | Product(s): | libxml2 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:18347 | |||
| Oval ID: | oval:org.mitre.oval:def:18347 | ||
| Title: | USN-1904-1 -- libxml2 vulnerabilities | ||
| Description: | Several security issues were fixed in libxml2. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1904-1 CVE-2013-0339 CVE-2013-2877 | Version: | 7 |
| Platform(s): | Ubuntu 13.04 Ubuntu 12.10 Ubuntu 12.04 Ubuntu 10.04 | Product(s): | libxml2 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:18405 | |||
| Oval ID: | oval:org.mitre.oval:def:18405 | ||
| Title: | USN-1983-1 -- python2.7 vulnerabilities | ||
| Description: | Several security issues were fixed in Python. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1983-1 CVE-2013-2099 CVE-2013-4238 | Version: | 5 |
| Platform(s): | Ubuntu 13.04 Ubuntu 12.10 Ubuntu 12.04 | Product(s): | python2.7 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:18739 | |||
| Oval ID: | oval:org.mitre.oval:def:18739 | ||
| Title: | USN-1984-1 -- python3.2 vulnerabilities | ||
| Description: | Several security issues were fixed in Python. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1984-1 CVE-2013-2099 CVE-2013-4238 | Version: | 5 |
| Platform(s): | Ubuntu 12.10 Ubuntu 12.04 | Product(s): | python3.2 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19140 | |||
| Oval ID: | oval:org.mitre.oval:def:19140 | ||
| Title: | DSA-2800-1 nss - buffer overflow | ||
| Description: | Andrew Tinits reported a potentially exploitable buffer overflow in the Mozilla Network Security Service library (nss). With a specially crafted request a remote attacker could cause a denial of service or possibly execute arbitrary code. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2800-1 CVE-2013-5605 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 6.0 Debian GNU/Linux 7 Debian GNU/kFreeBSD 6.0 Debian GNU/kFreeBSD 7 | Product(s): | nss |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19254 | |||
| Oval ID: | oval:org.mitre.oval:def:19254 | ||
| Title: | Mozilla Network Security Services (NSS) before 3.15.2 does not ensure that data structures are initialized before read operations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a decryption failure. | ||
| Description: | Mozilla Network Security Services (NSS) before 3.15.2 does not ensure that data structures are initialized before read operations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a decryption failure. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-1739 | Version: | 15 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19336 | |||
| Oval ID: | oval:org.mitre.oval:def:19336 | ||
| Title: | USN-1982-1 -- python2.6 vulnerability | ||
| Description: | Fraudulent security certificates could allow sensitive information to be exposed when accessing the Internet. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1982-1 CVE-2013-4238 | Version: | 5 |
| Platform(s): | Ubuntu 10.04 | Product(s): | python2.6 |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:19393 | |||
| Oval ID: | oval:org.mitre.oval:def:19393 | ||
| Title: | CERT_VerifyCert can SECSuccess for bad certificates | ||
| Description: | The CERT_VerifyCert function in lib/certhigh/certvfy.c in Mozilla Network Security Services (NSS) 3.15 before 3.15.3 provides an unexpected return value for an incompatible key-usage certificate when the CERTVerifyLog argument is valid, which might allow remote attackers to bypass intended access restrictions via a crafted certificate. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-5606 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19404 | |||
| Oval ID: | oval:org.mitre.oval:def:19404 | ||
| Title: | USN-1985-1 -- python3.3 vulnerabilities | ||
| Description: | Several security issues were fixed in Python. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1985-1 CVE-2013-2099 CVE-2013-4238 | Version: | 5 |
| Platform(s): | Ubuntu 13.04 Ubuntu 12.10 | Product(s): | python3.3 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19523 | |||
| Oval ID: | oval:org.mitre.oval:def:19523 | ||
| Title: | DSA-2790-1 nss - uninitialised memory read | ||
| Description: | A flaw was found in the way the Mozilla Network Security Service library (nss) read uninitialised data when there was a decryption failure. A remote attacker could use this flaw to cause a denial of service (application crash) for applications linked with the nss library. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2790-1 CVE-2013-1739 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 7 Debian GNU/kFreeBSD 7 | Product(s): | nss |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19530 | |||
| Oval ID: | oval:org.mitre.oval:def:19530 | ||
| Title: | Integer truncation in certificate parsing | ||
| Description: | Integer overflow in Mozilla Network Security Services (NSS) 3.15 before 3.15.3 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large size value. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-1741 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19582 | |||
| Oval ID: | oval:org.mitre.oval:def:19582 | ||
| Title: | HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier; the Oracle JRockit component in Oracle Fusion Middleware R27.7.5 and earlier and R28.2.7 and earlier; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. NOTE: the previous information is from the June and July 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass verification of XML signatures via vectors related to a "Missing check for [a] valid DOMCanonicalizationMethod canonicalization algorithm." | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-2461 | Version: | 11 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19731 | |||
| Oval ID: | oval:org.mitre.oval:def:19731 | ||
| Title: | Null Cipher buffer overflow | ||
| Description: | Mozilla Network Security Services (NSS) 3.14 before 3.14.5 and 3.15 before 3.15.3 allows remote attackers to cause a denial of service or possibly have unspecified other impact via invalid handshake packets. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-5605 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19770 | |||
| Oval ID: | oval:org.mitre.oval:def:19770 | ||
| Title: | USN-2030-1 -- nss vulnerabilities | ||
| Description: | Several security issues were fixed in NSS. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-2030-1 CVE-2013-1739 CVE-2013-1741 CVE-2013-5605 CVE-2013-5606 | Version: | 5 |
| Platform(s): | Ubuntu 13.10 Ubuntu 13.04 Ubuntu 12.10 Ubuntu 12.04 Ubuntu 10.04 | Product(s): | nss |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19833 | |||
| Oval ID: | oval:org.mitre.oval:def:19833 | ||
| Title: | USN-2028-1 -- libxml-security-java vulnerability | ||
| Description: | Apache XML Security for Java could be tricked into validating spoofed signatures. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-2028-1 CVE-2013-2172 | Version: | 5 |
| Platform(s): | Ubuntu 10.04 | Product(s): | libxml-security-java |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:20088 | |||
| Oval ID: | oval:org.mitre.oval:def:20088 | ||
| Title: | DSA-2779-1 libxml2 - denial of service | ||
| Description: | Aki Helin of OUSPG discovered many out-of-bounds read issues in libxml2, the GNOME project's XML parser library, which can lead to denial of service issues when handling XML documents that end abruptly. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2779-1 CVE-2013-2877 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 6.0 Debian GNU/Linux 7 Debian GNU/kFreeBSD 6.0 Debian GNU/kFreeBSD 7 | Product(s): | libxml2 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20626 | |||
| Oval ID: | oval:org.mitre.oval:def:20626 | ||
| Title: | RHSA-2013:1582: python security, bug fix, and enhancement update (Moderate) | ||
| Description: | The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2013:1582-02 CESA-2013:1582 CVE-2013-4238 | Version: | 4 |
| Platform(s): | Red Hat Enterprise Linux 6 CentOS Linux 6 | Product(s): | python |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21084 | |||
| Oval ID: | oval:org.mitre.oval:def:21084 | ||
| Title: | RHSA-2013:1135: nss and nspr security, bug fix, and enhancement update (Moderate) | ||
| Description: | The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2013:1135-00 CESA-2013:1135 CVE-2013-0791 CVE-2013-1620 | Version: | 31 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | nspr nss |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21177 | |||
| Oval ID: | oval:org.mitre.oval:def:21177 | ||
| Title: | RHSA-2013:1144: nss, nss-util, nss-softokn, and nspr security update (Moderate) | ||
| Description: | The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2013:1144-00 CESA-2013:1144 CVE-2013-0791 CVE-2013-1620 | Version: | 31 |
| Platform(s): | Red Hat Enterprise Linux 6 CentOS Linux 6 | Product(s): | nspr nss nss-softokn nss-util |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21330 | |||
| Oval ID: | oval:org.mitre.oval:def:21330 | ||
| Title: | DSA-2833-1 openssl - several | ||
| Description: | Multiple security issues have been fixed in OpenSSL: The TLS 1.2 support was susceptible to denial of service and retransmission of DTLS messages was fixed. In addition this update disables the insecure Dual_EC_DRBG algorithm (which was unused anyway, see<a href="http://marc.info/?l=openssl-announce&m=138747119822324&w=2">http://marc.info/?l=openssl-announce&m=138747119822324&w=2</a> for further information) and no longer uses the RdRand feature available on some Intel CPUs as a sole source of entropy unless explicitly requested. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2833-1 CVE-2013-6449 CVE-2013-6450 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 7 Debian GNU/kFreeBSD 7 | Product(s): | openssl |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21337 | |||
| Oval ID: | oval:org.mitre.oval:def:21337 | ||
| Title: | USN-2079-1 -- openssl vulnerabilities | ||
| Description: | Several security issues were fixed in OpenSSL. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-2079-1 CVE-2013-4353 CVE-2013-6449 CVE-2013-6450 | Version: | 5 |
| Platform(s): | Ubuntu 13.10 Ubuntu 13.04 Ubuntu 12.10 Ubuntu 12.04 | Product(s): | openssl |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22018 | |||
| Oval ID: | oval:org.mitre.oval:def:22018 | ||
| Title: | RHSA-2014:0015: openssl security update (Important) | ||
| Description: | The DTLS retransmission implementation in OpenSSL 1.0.0 before 1.0.0l and 1.0.1 before 1.0.1f does not properly maintain data structures for digest and encryption contexts, which might allow man-in-the-middle attackers to trigger the use of a different context and cause a denial of service (application crash) by interfering with packet delivery, related to ssl/d1_both.c and ssl/t1_enc.c. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2014:0015-00 CESA-2014:0015 CVE-2013-4353 CVE-2013-6449 CVE-2013-6450 | Version: | 44 |
| Platform(s): | Red Hat Enterprise Linux 6 CentOS Linux 6 | Product(s): | openssl |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22111 | |||
| Oval ID: | oval:org.mitre.oval:def:22111 | ||
| Title: | DSA-2856-1 libcommons-fileupload-java - CVE-2014-0050 | ||
| Description: | It was discovered that the Apache Commons FileUpload package for Java could enter an infinite loop while processing a multipart request with a crafted Content-Type, resulting in a denial-of-service condition. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2856-1 CVE-2014-0050 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 6.0 Debian GNU/Linux 7 Debian GNU/kFreeBSD 6.0 Debian GNU/kFreeBSD 7 | Product(s): | libcommons-fileupload-java |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22174 | |||
| Oval ID: | oval:org.mitre.oval:def:22174 | ||
| Title: | AIX OpenSSH Vulnerability | ||
| Description: | The ssl_get_algorithm2 function in ssl/s3_lib.c in OpenSSL before 1.0.2 obtains a certain version number from an incorrect data structure, which allows remote attackers to cause a denial of service (daemon crash) via crafted traffic from a TLS 1.2 client. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-6449 | Version: | 4 |
| Platform(s): | IBM AIX 5.3 IBM AIX 6.1 IBM AIX 7.1 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:22180 | |||
| Oval ID: | oval:org.mitre.oval:def:22180 | ||
| Title: | Unspecified vulnerability in the Network Layer component in Oracle Database Server 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | ||
| Description: | Unspecified vulnerability in the Network Layer component in Oracle Database Server 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, 11.2.0.3, and 12.1.0.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-3774 | Version: | 4 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Oracle Database Server |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:22209 | |||
| Oval ID: | oval:org.mitre.oval:def:22209 | ||
| Title: | USN-2097-1 -- curl vulnerability | ||
| Description: | libcurl could be made to expose sensitive information. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-2097-1 CVE-2014-0015 | Version: | 5 |
| Platform(s): | Ubuntu 13.10 Ubuntu 12.10 Ubuntu 12.04 Ubuntu 10.04 | Product(s): | curl |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22401 | |||
| Oval ID: | oval:org.mitre.oval:def:22401 | ||
| Title: | USN-2088-1 -- nss vulnerability | ||
| Description: | NSS could be made to expose sensitive information over the network. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-2088-1 CVE-2013-1740 | Version: | 5 |
| Platform(s): | Ubuntu 13.10 Ubuntu 12.10 Ubuntu 12.04 Ubuntu 10.04 | Product(s): | nss |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22411 | |||
| Oval ID: | oval:org.mitre.oval:def:22411 | ||
| Title: | Unspecified vulnerability in the XML Parser component in Oracle Database Server 11.2.0.2 and 11.2.0.3 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. | ||
| Description: | Unspecified vulnerability in the XML Parser component in Oracle Database Server 11.2.0.2, 11.2.0.3, and 12.1.0.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-3751 | Version: | 4 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Oracle Database Server |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22425 | |||
| Oval ID: | oval:org.mitre.oval:def:22425 | ||
| Title: | DSA-2849-1 curl - information disclosure | ||
| Description: | Paras Sethia discovered that libcurl, a client-side URL transfer library, would sometimes mix up multiple HTTP and HTTPS connections with NTLM authentication to the same server, sending requests for one user over the connection authenticated as a different user. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2849-1 CVE-2014-0015 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 6.0 Debian GNU/Linux 7 Debian GNU/kFreeBSD 6.0 Debian GNU/kFreeBSD 7 | Product(s): | curl |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22486 | |||
| Oval ID: | oval:org.mitre.oval:def:22486 | ||
| Title: | DSA-2858-1 iceweasel - several | ||
| Description: | Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees, too-verbose error messages and missing permission checks may lead to the execution of arbitrary code, the bypass of security checks or information disclosure. This update also addresses security issues in the bundled version of the NSS crypto library. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2858-1 CVE-2014-1477 CVE-2014-1479 CVE-2014-1481 CVE-2014-1482 CVE-2014-1486 CVE-2014-1487 CVE-2014-1490 CVE-2014-1491 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 7 Debian GNU/kFreeBSD 7 | Product(s): | iceweasel |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22518 | |||
| Oval ID: | oval:org.mitre.oval:def:22518 | ||
| Title: | AIX OpenSSH Vulnerability | ||
| Description: | The DTLS retransmission implementation in OpenSSL 1.0.0 before 1.0.0l and 1.0.1 before 1.0.1f does not properly maintain data structures for digest and encryption contexts, which might allow man-in-the-middle attackers to trigger the use of a different context and cause a denial of service (application crash) by interfering with packet delivery, related to ssl/d1_both.c and ssl/t1_enc.c. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-6450 | Version: | 4 |
| Platform(s): | IBM AIX 5.3 IBM AIX 6.1 IBM AIX 7.1 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:22788 | |||
| Oval ID: | oval:org.mitre.oval:def:22788 | ||
| Title: | ELSA-2013:1135: nss and nspr security, bug fix, and enhancement update (Moderate) | ||
| Description: | The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2013:1135-00 CVE-2013-0791 CVE-2013-1620 | Version: | 13 |
| Platform(s): | Oracle Linux 5 | Product(s): | nspr nss |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:23810 | |||
| Oval ID: | oval:org.mitre.oval:def:23810 | ||
| Title: | USN-2152-1 -- apache2 vulnerabilities | ||
| Description: | Apache HTTP server could be made to crash if it received specially crafted network traffic. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-2152-1 CVE-2013-6438 CVE-2014-0098 | Version: | 5 |
| Platform(s): | Ubuntu 13.10 Ubuntu 12.10 Ubuntu 12.04 Ubuntu 10.04 | Product(s): | apache2 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:23812 | |||
| Oval ID: | oval:org.mitre.oval:def:23812 | ||
| Title: | DEPRECATED: ELSA-2014:0376: openssl security update (Important) | ||
| Description: | OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. An information disclosure flaw was found in the way OpenSSL handled TLS and DTLS Heartbeat Extension packets. A malicious TLS or DTLS client or server could send a specially crafted TLS or DTLS Heartbeat packet to disclose a limited portion of memory per request from a connected client or server. Note that the disclosed portions of memory could potentially include sensitive information such as private keys. (CVE-2014-0160) Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges Neel Mehta of Google Security as the original reporter. All OpenSSL users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2014:0376-00 CVE-2014-0160 | Version: | 4 |
| Platform(s): | Oracle Linux 6 | Product(s): | openssl |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:23996 | |||
| Oval ID: | oval:org.mitre.oval:def:23996 | ||
| Title: | Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24 does not properly restrict public values in Diffie-Hellman key exchanges | ||
| Description: | Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does not properly restrict public values in Diffie-Hellman key exchanges, which makes it easier for remote attackers to bypass cryptographic protection mechanisms in ticket handling by leveraging use of a certain value. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2014-1491 | Version: | 12 |
| Platform(s): | Microsoft Windows 8 Microsoft Windows 7 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Firefox Mozilla Firefox ESR Mozilla SeaMonkey Mozilla Thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24046 | |||
| Oval ID: | oval:org.mitre.oval:def:24046 | ||
| Title: | DEPRECATED: ELSA-2014:0246: gnutls security update (Important) | ||
| Description: | The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security (TLS). It was discovered that GnuTLS did not correctly handle certain errors that could occur during the verification of an X.509 certificate, causing it to incorrectly report a successful verification. An attacker could use this flaw to create a specially crafted certificate that could be accepted by GnuTLS as valid for a site chosen by the attacker. (CVE-2014-0092) The CVE-2014-0092 issue was discovered by Nikos Mavrogiannopoulos of the Red Hat Security Technologies Team. Users of GnuTLS are advised to upgrade to these updated packages, which correct this issue. For the update to take effect, all applications linked to the GnuTLS library must be restarted. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2014:0246-01 CVE-2014-0096 | Version: | 6 |
| Platform(s): | Oracle Linux 6 | Product(s): | gnutls |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:24049 | |||
| Oval ID: | oval:org.mitre.oval:def:24049 | ||
| Title: | RHSA-2014:0626: openssl097a and openssl098e security update (Important) | ||
| Description: | OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server. (CVE-2014-0224) Note: In order to exploit this flaw, both the server and the client must be using a vulnerable version of OpenSSL; the server must be using OpenSSL version 1.0.1 and above, and the client must be using any version of OpenSSL. For more information about this flaw, refer to: https://access.redhat.com/site/articles/904433 Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter of this issue. All OpenSSL users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2014:0626-00 CESA-2014:0626 CVE-2014-0224 | Version: | 3 |
| Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 CentOS Linux 5 CentOS Linux 6 | Product(s): | openssl097a openssl098e |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24067 | |||
| Oval ID: | oval:org.mitre.oval:def:24067 | ||
| Title: | RHSA-2014:0370: httpd security update (Moderate) | ||
| Description: | The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service (segmentation fault and daemon crash) via a crafted cookie that is not properly handled during truncation. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2014:0370-00 CESA-2014:0370 CVE-2013-6438 CVE-2014-0098 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 6 CentOS Linux 6 | Product(s): | httpd |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24101 | |||
| Oval ID: | oval:org.mitre.oval:def:24101 | ||
| Title: | Apache HTTP vulnerability before 2.2.27 or before 2.4.8 in VisualSVN Server (CVE-2014-0098) | ||
| Description: | The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service (segmentation fault and daemon crash) via a crafted cookie that is not properly handled during truncation. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2014-0098 | Version: | 5 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | VisualSVN Server |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24119 | |||
| Oval ID: | oval:org.mitre.oval:def:24119 | ||
| Title: | ELSA-2013:1144: nss, nss-util, nss-softokn, and nspr security update (Moderate) | ||
| Description: | The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2013:1144-00 CVE-2013-0791 CVE-2013-1620 | Version: | 13 |
| Platform(s): | Oracle Linux 6 | Product(s): | nspr nss nss-softokn nss-util |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24135 | |||
| Oval ID: | oval:org.mitre.oval:def:24135 | ||
| Title: | AIX OpenSSL DTLS invalid fragment vulnerability | ||
| Description: | The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a long non-initial fragment. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2014-0195 | Version: | 4 |
| Platform(s): | IBM AIX 6.1 IBM AIX 7.1 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24168 | |||
| Oval ID: | oval:org.mitre.oval:def:24168 | ||
| Title: | Vulnerability in OpenSSL 1.0.0 before 1.0.0l and 1.0.1 before 1.0.1f, might allow man-in-the-middle attackers to trigger the use of a different context and cause a denial of service (application crash) | ||
| Description: | The DTLS retransmission implementation in OpenSSL 1.0.0 before 1.0.0l and 1.0.1 before 1.0.1f does not properly maintain data structures for digest and encryption contexts, which might allow man-in-the-middle attackers to trigger the use of a different context and cause a denial of service (application crash) by interfering with packet delivery, related to ssl/d1_both.c and ssl/t1_enc.c. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-6450 | Version: | 3 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | OpenSSL |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24182 | |||
| Oval ID: | oval:org.mitre.oval:def:24182 | ||
| Title: | ELSA-2014:0015: openssl security update (Important) | ||
| Description: | The DTLS retransmission implementation in OpenSSL 1.0.0 before 1.0.0l and 1.0.1 before 1.0.1f does not properly maintain data structures for digest and encryption contexts, which might allow man-in-the-middle attackers to trigger the use of a different context and cause a denial of service (application crash) by interfering with packet delivery, related to ssl/d1_both.c and ssl/t1_enc.c. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2014:0015-00 CVE-2013-4353 CVE-2013-6449 CVE-2013-6450 | Version: | 17 |
| Platform(s): | Oracle Linux 6 | Product(s): | openssl |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:24190 | |||
| Oval ID: | oval:org.mitre.oval:def:24190 | ||
| Title: | ELSA-2013:1582: python security, bug fix, and enhancement update (Moderate) | ||
| Description: | The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2013:1582-02 CVE-2013-4238 | Version: | 6 |
| Platform(s): | Oracle Linux 6 | Product(s): | python |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:24194 | |||
| Oval ID: | oval:org.mitre.oval:def:24194 | ||
| Title: | Race condition in libssl in Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors involving a resumption handshake that triggers incorrect replacement of a session ticket | ||
| Description: | Race condition in libssl in Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors involving a resumption handshake that triggers incorrect replacement of a session ticket. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2014-1490 | Version: | 12 |
| Platform(s): | Microsoft Windows 8 Microsoft Windows 7 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Firefox Mozilla Firefox ESR Mozilla SeaMonkey Mozilla Thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24241 | |||
| Oval ID: | oval:org.mitre.oval:def:24241 | ||
| Title: | The TLS and DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read | ||
| Description: | The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2014-0160 | Version: | 10 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 | Product(s): | OpenSSL |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24283 | |||
| Oval ID: | oval:org.mitre.oval:def:24283 | ||
| Title: | Apache HTTP vulnerability before 2.2.27 or before 2.4.8 in VisualSVN Server (CVE-2013-6438) | ||
| Description: | The dav_xml_get_cdata function in main/util.c in the mod_dav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote attackers to cause a denial of service (daemon crash) via a crafted DAV WRITE request. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-6438 | Version: | 5 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | VisualSVN Server |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24301 | |||
| Oval ID: | oval:org.mitre.oval:def:24301 | ||
| Title: | Vulnerability in OpenSSL 0.9.8 - 0.9.8za, 1.0.0 - 1.0.0m and 1.0.1 - 1.0.1h, allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) | ||
| Description: | The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a long non-initial fragment. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2014-0195 | Version: | 4 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | OpenSSL |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24324 | |||
| Oval ID: | oval:org.mitre.oval:def:24324 | ||
| Title: | ELSA-2014:0376: openssl security update (Important) | ||
| Description: | OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. An information disclosure flaw was found in the way OpenSSL handled TLS and DTLS Heartbeat Extension packets. A malicious TLS or DTLS client or server could send a specially crafted TLS or DTLS Heartbeat packet to disclose a limited portion of memory per request from a connected client or server. Note that the disclosed portions of memory could potentially include sensitive information such as private keys. (CVE-2014-0160) Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges Neel Mehta of Google Security as the original reporter. All OpenSSL users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2014:0376-00 CESA-2014:0160 CVE-2014-0160 | Version: | 9 |
| Platform(s): | Oracle Linux 6 CentOS Linux 6 | Product(s): | openssl |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24331 | |||
| Oval ID: | oval:org.mitre.oval:def:24331 | ||
| Title: | ELSA-2014:0369: httpd security update (Moderate) | ||
| Description: | The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. It was found that the mod_dav module did not correctly strip leading white space from certain elements in a parsed XML. In certain httpd configurations that use the mod_dav module (for example when using the mod_dav_svn module), a remote attacker could send a specially crafted DAV request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the "apache" user. (CVE-2013-6438) A buffer over-read flaw was found in the httpd mod_log_config module. In configurations where cookie logging is enabled (on Red Hat Enterprise Linux it is disabled by default), a remote attacker could use this flaw to crash the httpd child process via an HTTP request with a malformed cookie header. (CVE-2014-0098) All httpd users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon will be restarted automatically. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2014:0369-00 CVE-2013-6438 CVE-2014-0098 | Version: | 6 |
| Platform(s): | Oracle Linux 5 | Product(s): | httpd |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:24367 | |||
| Oval ID: | oval:org.mitre.oval:def:24367 | ||
| Title: | USN-2130-1 -- tomcat6, tomcat7 vulnerabilities | ||
| Description: | Several security issues were fixed in Tomcat. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-2130-1 CVE-2013-4286 CVE-2013-4322 CVE-2014-0033 CVE-2014-0050 | Version: | 5 |
| Platform(s): | Ubuntu 13.10 Ubuntu 12.10 Ubuntu 12.04 Ubuntu 10.04 | Product(s): | tomcat7 tomcat6 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24397 | |||
| Oval ID: | oval:org.mitre.oval:def:24397 | ||
| Title: | Vulnerability in OpenSSL through 1.0.1g, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) | ||
| Description: | Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-5298 | Version: | 3 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | OpenSSL |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24407 | |||
| Oval ID: | oval:org.mitre.oval:def:24407 | ||
| Title: | RHSA-2014:0513: libxml2 security update (Moderate) | ||
| Description: | The libxml2 library is a development toolbox providing the implementation of various XML standards. It was discovered that libxml2 loaded external parameter entities even when entity substitution was disabled. A remote attacker able to provide a specially crafted XML file to an application linked against libxml2 could use this flaw to conduct XML External Entity (XXE) attacks, possibly resulting in a denial of service or an information leak on the system. (CVE-2014-0191) An out-of-bounds read flaw was found in the way libxml2 detected the end of an XML file. A remote attacker could provide a specially crafted XML file that, when processed by an application linked against libxml2, could cause the application to crash. (CVE-2013-2877) The CVE-2014-0191 issue was discovered by Daniel P. Berrange of Red Hat. All libxml2 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The desktop must be restarted (log out, then log back in) for this update to take effect. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2014:0513-00 CESA-2014:0513 CVE-2013-2877 CVE-2014-0191 | Version: | 3 |
| Platform(s): | Red Hat Enterprise Linux 6 CentOS Linux 6 | Product(s): | libxml2 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24427 | |||
| Oval ID: | oval:org.mitre.oval:def:24427 | ||
| Title: | RHSA-2014:0827: tomcat security update (Moderate) | ||
| Description: | Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. It was discovered that Apache Tomcat did not limit the length of chunk sizes when using chunked transfer encoding. A remote attacker could use this flaw to perform a denial of service attack against Tomcat by streaming an unlimited quantity of data, leading to excessive consumption of server resources. (CVE-2014-0075) It was found that Apache Tomcat did not check for overflowing values when parsing request content length headers. A remote attacker could use this flaw to perform an HTTP request smuggling attack on a Tomcat server located behind a reverse proxy that processed the content length header correctly. (CVE-2014-0099) It was found that the org.apache.catalina.servlets.DefaultServlet implementation in Apache Tomcat allowed the definition of XML External Entities (XXEs) in provided XSLTs. A malicious application could use this to circumvent intended security restrictions to disclose sensitive information. (CVE-2014-0096) The CVE-2014-0075 issue was discovered by David Jorm of Red Hat Product Security. All Tomcat 7 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. Tomcat must be restarted for this update to take effect. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2014:0827-00 CVE-2014-0075 CVE-2014-0096 CVE-2014-0099 | Version: | 4 |
| Platform(s): | Red Hat Enterprise Linux 7 CentOS Linux 7 | Product(s): | tomcat |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24440 | |||
| Oval ID: | oval:org.mitre.oval:def:24440 | ||
| Title: | RHSA-2014:0889: java-1.7.0-openjdk security update (Critical) | ||
| Description: | The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. It was discovered that the Hotspot component in OpenJDK did not properly verify bytecode from the class files. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions. (CVE-2014-4216, CVE-2014-4219) A format string flaw was discovered in the Hotspot component event logger in OpenJDK. An untrusted Java application or applet could use this flaw to crash the Java Virtual Machine or, potentially, execute arbitrary code with the privileges of the Java Virtual Machine. (CVE-2014-2490) Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2014-4223, CVE-2014-4262, CVE-2014-2483) Multiple flaws were discovered in the JMX, Libraries, Security, and Serviceability components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-4209, CVE-2014-4218, CVE-2014-4221, CVE-2014-4252, CVE-2014-4266) It was discovered that the RSA algorithm in the Security component in OpenJDK did not sufficiently perform blinding while performing operations that were using private keys. An attacker able to measure timing differences of those operations could possibly leak information about the used keys. (CVE-2014-4244) The Diffie-Hellman (DH) key exchange algorithm implementation in the Security component in OpenJDK failed to validate public DH parameters properly. This could cause OpenJDK to accept and use weak parameters, allowing an attacker to recover the negotiated key. (CVE-2014-4263) The CVE-2014-4262 issue was discovered by Florian Weimer of Red Hat Product Security. Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2014:0889-00 CESA-2014:0889 CVE-2014-2483 CVE-2014-2490 CVE-2014-4209 CVE-2014-4216 CVE-2014-4218 CVE-2014-4219 CVE-2014-4221 CVE-2014-4223 CVE-2014-4244 CVE-2014-4252 CVE-2014-4262 CVE-2014-4263 CVE-2014-4266 | Version: | 3 |
| Platform(s): | Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 CentOS Linux 6 CentOS Linux 7 | Product(s): | java-1.7.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24448 | |||
| Oval ID: | oval:org.mitre.oval:def:24448 | ||
| Title: | USN-2232-1 -- openssl vulnerabilities | ||
| Description: | Several security issues were fixed in OpenSSL. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-2232-1 CVE-2014-0195 CVE-2014-0221 CVE-2014-0224 CVE-2014-3470 | Version: | 3 |
| Platform(s): | Ubuntu 14.04 Ubuntu 13.10 Ubuntu 12.04 Ubuntu 10.04 | Product(s): | openssl |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24484 | |||
| Oval ID: | oval:org.mitre.oval:def:24484 | ||
| Title: | USN-2159-1 -- nss vulnerability | ||
| Description: | NSS could be made to expose sensitive information over the network. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-2159-1 CVE-2014-1492 | Version: | 5 |
| Platform(s): | Ubuntu 13.10 Ubuntu 12.10 Ubuntu 12.04 Ubuntu 10.04 | Product(s): | nss |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24488 | |||
| Oval ID: | oval:org.mitre.oval:def:24488 | ||
| Title: | RHSA-2014:0429: tomcat6 security update (Moderate) | ||
| Description: | Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. It was found that when Tomcat processed a series of HTTP requests in which at least one request contained either multiple content-length headers, or one content-length header with a chunked transfer-encoding header, Tomcat would incorrectly handle the request. A remote attacker could use this flaw to poison a web cache, perform cross-site scripting (XSS) attacks, or obtain sensitive information from other requests. (CVE-2013-4286) It was discovered that the fix for CVE-2012-3544 did not properly resolve a denial of service flaw in the way Tomcat processed chunk extensions and trailing headers in chunked requests. A remote attacker could use this flaw to send an excessively long request that, when processed by Tomcat, could consume network bandwidth, CPU, and memory on the Tomcat server. Note that chunked transfer encoding is enabled by default. (CVE-2013-4322) A denial of service flaw was found in the way Apache Commons FileUpload handled small-sized buffers used by MultipartStream. A remote attacker could use this flaw to create a malformed Content-Type header for a multipart request, causing JBoss Web to enter an infinite loop when processing such an incoming request. (CVE-2014-0050) All Tomcat users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. Tomcat must be restarted for this update to take effect. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2014:0429-00 CESA-2014:0429 CVE-2013-4286 CVE-2013-4322 CVE-2014-0050 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 6 CentOS Linux 6 | Product(s): | tomcat6 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24499 | |||
| Oval ID: | oval:org.mitre.oval:def:24499 | ||
| Title: | RHSA-2014:0369: httpd security update (Moderate) | ||
| Description: | The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service (segmentation fault and daemon crash) via a crafted cookie that is not properly handled during truncation. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2014:0369-00 CESA-2014:0369 CVE-2013-6438 CVE-2014-0098 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | httpd |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24541 | |||
| Oval ID: | oval:org.mitre.oval:def:24541 | ||
| Title: | Incorrect IDNA domain name matching for wildcard certificates | ||
| Description: | The cert_TestHostName function in lib/certdb/certdb.c in the certificate-checking implementation in Mozilla Network Security Services (NSS) before 3.16 accepts a wildcard character that is embedded in an internationalized domain name's U-label, which might allow man-in-the-middle attackers to spoof SSL servers via a crafted certificate. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2014-1492 | Version: | 11 |
| Platform(s): | Microsoft Windows Server 2012 R2 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows 8 Microsoft Windows Server 2008 R2 Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP | Product(s): | Mozilla Firefox Mozilla SeaMonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24542 | |||
| Oval ID: | oval:org.mitre.oval:def:24542 | ||
| Title: | ELSA-2014:0370: httpd security update (Moderate) | ||
| Description: | The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. It was found that the mod_dav module did not correctly strip leading white space from certain elements in a parsed XML. In certain httpd configurations that use the mod_dav module (for example when using the mod_dav_svn module), a remote attacker could send a specially crafted DAV request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the "apache" user. (CVE-2013-6438) A buffer over-read flaw was found in the httpd mod_log_config module. In configurations where cookie logging is enabled (on Red Hat Enterprise Linux it is disabled by default), a remote attacker could use this flaw to crash the httpd child process via an HTTP request with a malformed cookie header. (CVE-2014-0098) All httpd users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon will be restarted automatically. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2014:0370-00 CVE-2013-6438 CVE-2014-0098 | Version: | 6 |
| Platform(s): | Oracle Linux 6 | Product(s): | httpd |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:24603 | |||
| Oval ID: | oval:org.mitre.oval:def:24603 | ||
| Title: | Vulnerability in OpenSSL 0.9.8 - 0.9.8za, 1.0.0 - 1.0.0m and 1.0.1 - 1.0.1h, allows remote attackers to cause a denial of service (recursion and client crash) | ||
| Description: | The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS handshake. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2014-0221 | Version: | 4 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | OpenSSL |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24614 | |||
| Oval ID: | oval:org.mitre.oval:def:24614 | ||
| Title: | DEPRECATED: RHSA-2014:0889: java-1.7.0-openjdk security update (Critical) | ||
| Description: | The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. It was discovered that the Hotspot component in OpenJDK did not properly verify bytecode from the class files. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions. (CVE-2014-4216, CVE-2014-4219) A format string flaw was discovered in the Hotspot component event logger in OpenJDK. An untrusted Java application or applet could use this flaw to crash the Java Virtual Machine or, potentially, execute arbitrary code with the privileges of the Java Virtual Machine. (CVE-2014-2490) Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2014-4223, CVE-2014-4262, CVE-2014-2483) Multiple flaws were discovered in the JMX, Libraries, Security, and Serviceability components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-4209, CVE-2014-4218, CVE-2014-4221, CVE-2014-4252, CVE-2014-4266) It was discovered that the RSA algorithm in the Security component in OpenJDK did not sufficiently perform blinding while performing operations that were using private keys. An attacker able to measure timing differences of those operations could possibly leak information about the used keys. (CVE-2014-4244) The Diffie-Hellman (DH) key exchange algorithm implementation in the Security component in OpenJDK failed to validate public DH parameters properly. This could cause OpenJDK to accept and use weak parameters, allowing an attacker to recover the negotiated key. (CVE-2014-4263) The CVE-2014-4262 issue was discovered by Florian Weimer of Red Hat Product Security. Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2014:0889-00 CESA-2014:0889 CVE-2014-2483 CVE-2014-2490 CVE-2014-4209 CVE-2014-4216 CVE-2014-4218 CVE-2014-4219 CVE-2014-4221 CVE-2014-4223 CVE-2014-4244 CVE-2014-4252 CVE-2014-4262 CVE-2014-4263 CVE-2014-4266 | Version: | 4 |
| Platform(s): | Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 CentOS Linux 6 CentOS Linux 7 | Product(s): | java-1.7.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24628 | |||
| Oval ID: | oval:org.mitre.oval:def:24628 | ||
| Title: | USN-2232-3 -- openssl regression | ||
| Description: | USN-2232-1 introduced a regression in OpenSSL. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-2232-3 CVE-2014-0224 CVE-2014-0195 CVE-2014-0221 CVE-2014-3470 | Version: | 3 |
| Platform(s): | Ubuntu 14.04 Ubuntu 13.10 Ubuntu 12.04 Ubuntu 10.04 | Product(s): | openssl |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24638 | |||
| Oval ID: | oval:org.mitre.oval:def:24638 | ||
| Title: | Race condition in the ssl3_read_bytes function in s3_pkt.c in | ||
| Description: | Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-5298 | Version: | 4 |
| Platform(s): | IBM AIX 6.1 IBM AIX 7.1 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24694 | |||
| Oval ID: | oval:org.mitre.oval:def:24694 | ||
| Title: | DSA-2980-1 -- openjdk-6 - security update | ||
| Description: | Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the executionof arbitrary code, breakouts of the Java sandbox, information disclosure or denial of service. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2980-1 CVE-2014-2490 CVE-2014-4209 CVE-2014-4216 CVE-2014-4218 CVE-2014-4219 CVE-2014-4244 CVE-2014-4252 CVE-2014-4262 CVE-2014-4263 CVE-2014-4266 CVE-2014-4268 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 7 Debian GNU/kFreeBSD 7 | Product(s): | openjdk-6 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24718 | |||
| Oval ID: | oval:org.mitre.oval:def:24718 | ||
| Title: | RHSA-2014:0376: openssl security update (Important) | ||
| Description: | OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. An information disclosure flaw was found in the way OpenSSL handled TLS and DTLS Heartbeat Extension packets. A malicious TLS or DTLS client or server could send a specially crafted TLS or DTLS Heartbeat packet to disclose a limited portion of memory per request from a connected client or server. Note that the disclosed portions of memory could potentially include sensitive information such as private keys. (CVE-2014-0160) Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges Neel Mehta of Google Security as the original reporter. All OpenSSL users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2014:0376-00 CVE-2014-0160 CESA-2014:0376 | Version: | 9 |
| Platform(s): | Red Hat Enterprise Linux 6 CentOS Linux 6 | Product(s): | openssl |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24729 | |||
| Oval ID: | oval:org.mitre.oval:def:24729 | ||
| Title: | Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect integrity (CVE-2014-4208) | ||
| Description: | Unspecified vulnerability in the Java SE component in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4220. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2014-4208 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment Java Development Kit |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24735 | |||
| Oval ID: | oval:org.mitre.oval:def:24735 | ||
| Title: | RHSA-2014:0474: struts security update (Important) | ||
| Description: | Apache Struts is a framework for building web applications with Java. It was found that the Struts 1 ActionForm object allowed access to the 'class' parameter, which is directly mapped to the getClass() method. A remote attacker could use this flaw to manipulate the ClassLoader used by an application server running Struts 1. This could lead to remote code execution under certain conditions. (CVE-2014-0114) All struts users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications using struts must be restarted for this update to take effect. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2014:0474-00 CESA-2014:0474 CVE-2014-0114 | Version: | 3 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | struts |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24737 | |||
| Oval ID: | oval:org.mitre.oval:def:24737 | ||
| Title: | USN-2192-1 -- openssl vulnerabilities | ||
| Description: | OpenSSL could be made to crash if it received specially crafted network traffic. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-2192-1 CVE-2010-5298 CVE-2014-0198 | Version: | 4 |
| Platform(s): | Ubuntu 14.04 Ubuntu 13.10 Ubuntu 12.10 Ubuntu 12.04 | Product(s): | openssl |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24762 | |||
| Oval ID: | oval:org.mitre.oval:def:24762 | ||
| Title: | USN-2214-1 -- libxml2 vulnerability | ||
| Description: | libxml2 could be made to consume resources if it processed a specially crafted file. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-2214-1 CVE-2014-0191 | Version: | 5 |
| Platform(s): | Ubuntu 14.04 Ubuntu 13.10 Ubuntu 12.10 Ubuntu 12.04 Ubuntu 10.04 | Product(s): | libxml2 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24771 | |||
| Oval ID: | oval:org.mitre.oval:def:24771 | ||
| Title: | AIX OpenSSL SSL/TLS Man In The Middle (MITM) vulnerability | ||
| Description: | OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2014-0224 | Version: | 4 |
| Platform(s): | IBM AIX 6.1 IBM AIX 7.1 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24772 | |||
| Oval ID: | oval:org.mitre.oval:def:24772 | ||
| Title: | RHSA-2014:0624: openssl security update (Important) | ||
| Description: | OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server. (CVE-2014-0224) Note: In order to exploit this flaw, both the server and the client must be using a vulnerable version of OpenSSL; the server must be using OpenSSL version 1.0.1 and above, and the client must be using any version of OpenSSL. For more information about this flaw, refer to: https://access.redhat.com/site/articles/904433 Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter of this issue. All OpenSSL users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2014:0624-00 CESA-2014:0624 CVE-2014-0224 | Version: | 3 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | openssl |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24780 | |||
| Oval ID: | oval:org.mitre.oval:def:24780 | ||
| Title: | AIX OpenSSL Anonymous ECDH denial of service | ||
| Description: | The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2014-3470 | Version: | 4 |
| Platform(s): | IBM AIX 6.1 IBM AIX 7.1 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24797 | |||
| Oval ID: | oval:org.mitre.oval:def:24797 | ||
| Title: | USN-2211-1 -- libxfont vulnerabilities | ||
| Description: | Several security issues were fixed in libXfont. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-2211-1 CVE-2014-0209 CVE-2014-0210 CVE-2014-0211 | Version: | 5 |
| Platform(s): | Ubuntu 14.04 Ubuntu 13.10 Ubuntu 12.10 Ubuntu 12.04 Ubuntu 10.04 | Product(s): | libxfont |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24802 | |||
| Oval ID: | oval:org.mitre.oval:def:24802 | ||
| Title: | RHSA-2014:0561: curl security and bug fix update (Moderate) | ||
| Description: | cURL provides the libcurl library and a command line tool for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. It was found that libcurl could incorrectly reuse existing connections for requests that should have used different or no authentication credentials, when using one of the following protocols: HTTP(S) with NTLM authentication, LDAP(S), SCP, or SFTP. If an application using the libcurl library connected to a remote server with certain authentication credentials, this flaw could cause other requests to use those same credentials. (CVE-2014-0015, CVE-2014-0138) Red Hat would like to thank the cURL project for reporting these issues. Upstream acknowledges Paras Sethia as the original reporter of CVE-2014-0015 and Yehezkel Horowitz for discovering the security impact of this issue, and Steve Holme as the original reporter of CVE-2014-0138. This update also fixes the following bugs: * Previously, the libcurl library was closing a network socket without first terminating the SSL connection using the socket. This resulted in a write after close and consequent leakage of memory dynamically allocated by the SSL library. An upstream patch has been applied on libcurl to fix this bug. As a result, the write after close no longer happens, and the SSL library no longer leaks memory. (BZ#1092479) * Previously, the libcurl library did not implement a non-blocking SSL handshake, which negatively affected performance of applications based on libcurl's multi API. To fix this bug, the non-blocking SSL handshake has been implemented by libcurl. With this update, libcurl's multi API immediately returns the control back to the application whenever it cannot read/write data from/to the underlying network socket. (BZ#1092480) * Previously, the curl package could not be rebuilt from sources due to an expired cookie in the upstream test-suite, which runs during the build. An upstream patch has been applied to postpone the expiration date of the cookie, which makes it possible to rebuild the package from sources again. (BZ#1092486) * Previously, the libcurl library attempted to authenticate using Kerberos whenever such an authentication method was offered by the server. This caused problems when the server offered multiple authentication methods and Kerberos was not the selected one. An upstream patch has been applied on libcurl to fix this bug. Now libcurl no longer uses Kerberos authentication if another authentication method is selected. (BZ#1096797) All curl users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running applications that use libcurl have to be restarted for this update to take effect. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2014:0561-00 CESA-2014:0561 CVE-2014-0015 CVE-2014-0138 | Version: | 3 |
| Platform(s): | Red Hat Enterprise Linux 6 CentOS Linux 6 | Product(s): | curl |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24806 | |||
| Oval ID: | oval:org.mitre.oval:def:24806 | ||
| Title: | Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability (CVE-2014-4262) | ||
| Description: | Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2014-4262 | Version: | 8 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment Java Development Kit |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24827 | |||
| Oval ID: | oval:org.mitre.oval:def:24827 | ||
| Title: | Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality (CVE-2014-4268) | ||
| Description: | Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality via unknown vectors related to Swing. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2014-4268 | Version: | 8 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment Java Development Kit |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24828 | |||
| Oval ID: | oval:org.mitre.oval:def:24828 | ||
| Title: | Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect integrity (CVE-2014-4218) | ||
| Description: | Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect integrity via unknown vectors related to Libraries. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2014-4218 | Version: | 8 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment Java Development Kit |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24833 | |||
| Oval ID: | oval:org.mitre.oval:def:24833 | ||
| Title: | DSA-2940-1 libstruts1.2-java - security update | ||
| Description: | The ActionForm object in Apache Struts 1.x through 1.3.10 allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via the class parameter, which is passed to the getClass method. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2940-1 CVE-2014-0114 | Version: | 3 |
| Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 Debian GNU/Linux 7.0 Debian GNU/kFreeBSD 7.0 | Product(s): | libstruts1.2-java |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24843 | |||
| Oval ID: | oval:org.mitre.oval:def:24843 | ||
| Title: | ELSA-2014:0429: tomcat6 security update (Moderate) | ||
| Description: | Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. It was found that when Tomcat processed a series of HTTP requests in which at least one request contained either multiple content-length headers, or one content-length header with a chunked transfer-encoding header, Tomcat would incorrectly handle the request. A remote attacker could use this flaw to poison a web cache, perform cross-site scripting (XSS) attacks, or obtain sensitive information from other requests. (CVE-2013-4286) It was discovered that the fix for CVE-2012-3544 did not properly resolve a denial of service flaw in the way Tomcat processed chunk extensions and trailing headers in chunked requests. A remote attacker could use this flaw to send an excessively long request that, when processed by Tomcat, could consume network bandwidth, CPU, and memory on the Tomcat server. Note that chunked transfer encoding is enabled by default. (CVE-2013-4322) A denial of service flaw was found in the way Apache Commons FileUpload handled small-sized buffers used by MultipartStream. A remote attacker could use this flaw to create a malformed Content-Type header for a multipart request, causing JBoss Web to enter an infinite loop when processing such an incoming request. (CVE-2014-0050) All Tomcat users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. Tomcat must be restarted for this update to take effect. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2014:0429-00 CVE-2013-4286 CVE-2013-4322 CVE-2014-0050 | Version: | 5 |
| Platform(s): | Oracle Linux 6 | Product(s): | tomcat6 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24865 | |||
| Oval ID: | oval:org.mitre.oval:def:24865 | ||
| Title: | Unspecified vulnerability in the Oracle VM VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.14 allows local users to affect confidentiality, integrity, and availability | ||
| Description: | Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.14 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core, a different vulnerability than CVE-2014-2487. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2014-4261 | Version: | 3 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | VirtualBox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24873 | |||
| Oval ID: | oval:org.mitre.oval:def:24873 | ||
| Title: | Unspecified vulnerability in Oracle Java SE 7u60 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries (CVE-2014-4223) | ||
| Description: | Unspecified vulnerability in Oracle Java SE 7u60 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-2483. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2014-4223 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment Java Development Kit |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24874 | |||
| Oval ID: | oval:org.mitre.oval:def:24874 | ||
| Title: | DSA-2927-1 libxfont - security update | ||
| Description: | Ilja van Sprundel of IOActive discovered several security issues in theX.Org libXfont library, which may allow a local, authenticated user to attempt to raise privileges; or a remote attacker who can control the font server to attempt to execute code with the privileges of the X server. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2927-1 CVE-2014-0209 CVE-2014-0210 CVE-2014-0211 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 6.0 Debian GNU/Linux 7 Debian GNU/kFreeBSD 6.0 Debian GNU/kFreeBSD 7 | Product(s): | libxfont |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24883 | |||
| Oval ID: | oval:org.mitre.oval:def:24883 | ||
| Title: | RHSA-2014:0865: tomcat6 security and bug fix update (Moderate) | ||
| Description: | Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. It was discovered that Apache Tomcat did not limit the length of chunk sizes when using chunked transfer encoding. A remote attacker could use this flaw to perform a denial of service attack against Tomcat by streaming an unlimited quantity of data, leading to excessive consumption of server resources. (CVE-2014-0075) It was found that Apache Tomcat did not check for overflowing values when parsing request content length headers. A remote attacker could use this flaw to perform an HTTP request smuggling attack on a Tomcat server located behind a reverse proxy that processed the content length header correctly. (CVE-2014-0099) It was found that the org.apache.catalina.servlets.DefaultServlet implementation in Apache Tomcat allowed the definition of XML External Entities (XXEs) in provided XSLTs. A malicious application could use this to circumvent intended security restrictions to disclose sensitive information. (CVE-2014-0096) The CVE-2014-0075 issue was discovered by David Jorm of Red Hat Product Security. This update also fixes the following bugs: * The patch that resolved the CVE-2014-0050 issue contained redundant code. This update removes the redundant code. (BZ#1094528) * The patch that resolved the CVE-2013-4322 issue contained an invalid check that triggered a java.io.EOFException while reading trailer headers for chunked requests. This update fixes the check and the aforementioned exception is no longer triggered in the described scenario. (BZ#1095602) All Tomcat 6 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. Tomcat must be restarted for this update to take effect. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2014:0865-00 CESA-2014:0865 CVE-2014-0075 CVE-2014-0096 CVE-2014-0099 | Version: | 3 |
| Platform(s): | Red Hat Enterprise Linux 6 CentOS Linux 6 | Product(s): | tomcat6 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24892 | |||
| Oval ID: | oval:org.mitre.oval:def:24892 | ||
| Title: | RHSA-2014:0625: openssl security update (Important) | ||
| Description: | OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server. (CVE-2014-0224) Note: In order to exploit this flaw, both the server and the client must be using a vulnerable version of OpenSSL; the server must be using OpenSSL version 1.0.1 and above, and the client must be using any version of OpenSSL. For more information about this flaw, refer to: https://access.redhat.com/site/articles/904433 A buffer overflow flaw was found in the way OpenSSL handled invalid DTLS packet fragments. A remote attacker could possibly use this flaw to execute arbitrary code on a DTLS client or server. (CVE-2014-0195) Multiple flaws were found in the way OpenSSL handled read and write buffers when the SSL_MODE_RELEASE_BUFFERS mode was enabled. A TLS/SSL client or server using OpenSSL could crash or unexpectedly drop connections when processing certain SSL traffic. (CVE-2010-5298, CVE-2014-0198) A denial of service flaw was found in the way OpenSSL handled certain DTLS ServerHello requests. A specially crafted DTLS handshake packet could cause a DTLS client using OpenSSL to crash. (CVE-2014-0221) A NULL pointer dereference flaw was found in the way OpenSSL performed anonymous Elliptic Curve Diffie Hellman (ECDH) key exchange. A specially crafted handshake packet could cause a TLS/SSL client that has the anonymous ECDH cipher suite enabled to crash. (CVE-2014-3470) Red Hat would like to thank the OpenSSL project for reporting these issues. Upstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter of CVE-2014-0224, Jüri Aedla as the original reporter of CVE-2014-0195, Imre Rad of Search-Lab as the original reporter of CVE-2014-0221, and Felix Gröbert and Ivan Fratrić of Google as the original reporters of CVE-2014-3470. All OpenSSL users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2014:0625-00 CESA-2014:0625 CVE-2010-5298 CVE-2014-0195 CVE-2014-0198 CVE-2014-0221 CVE-2014-0224 CVE-2014-3470 | Version: | 3 |
| Platform(s): | Red Hat Enterprise Linux 6 CentOS Linux 6 | Product(s): | openssl |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24907 | |||
| Oval ID: | oval:org.mitre.oval:def:24907 | ||
| Title: | DSA-2978-1 -- libxml2 - security update | ||
| Description: | Daniel P. Berrange discovered a denial of service vulnerability in libxml2 entity substitution. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2978-1 CVE-2014-0191 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 7 Debian GNU/kFreeBSD 7 | Product(s): | libxml2 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24927 | |||
| Oval ID: | oval:org.mitre.oval:def:24927 | ||
| Title: | Unspecified vulnerability in the Oracle VM VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.14 allows local users to affect confidentiality | ||
| Description: | Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.14, when running on Windows, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core, a different vulnerability than CVE-2014-4261. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2014-2487 | Version: | 3 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | VirtualBox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24939 | |||
| Oval ID: | oval:org.mitre.oval:def:24939 | ||
| Title: | ELSA-2014:0474: struts security update (Important) | ||
| Description: | Apache Struts is a framework for building web applications with Java. It was found that the Struts 1 ActionForm object allowed access to the 'class' parameter, which is directly mapped to the getClass() method. A remote attacker could use this flaw to manipulate the ClassLoader used by an application server running Struts 1. This could lead to remote code execution under certain conditions. (CVE-2014-0114) All struts users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications using struts must be restarted for this update to take effect. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2014:0474-00 CVE-2014-0114 | Version: | 4 |
| Platform(s): | Oracle Linux 5 | Product(s): | struts |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:24955 | |||
| Oval ID: | oval:org.mitre.oval:def:24955 | ||
| Title: | Vulnerability in OpenSSL 0.9.8 - 0.9.8za, 1.0.0 - 1.0.0m and 1.0.1 - 1.0.1h, allows remote attackers to cause a denial of service | ||
| Description: | OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2014-0224 | Version: | 7 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | OpenSSL |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24964 | |||
| Oval ID: | oval:org.mitre.oval:def:24964 | ||
| Title: | DEPRECATED: RHSA-2014:0890: java-1.7.0-openjdk security update (Important) | ||
| Description: | The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. It was discovered that the Hotspot component in OpenJDK did not properly verify bytecode from the class files. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions. (CVE-2014-4216, CVE-2014-4219) A format string flaw was discovered in the Hotspot component event logger in OpenJDK. An untrusted Java application or applet could use this flaw to crash the Java Virtual Machine or, potentially, execute arbitrary code with the privileges of the Java Virtual Machine. (CVE-2014-2490) Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2014-4223, CVE-2014-4262, CVE-2014-2483) Multiple flaws were discovered in the JMX, Libraries, Security, and Serviceability components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-4209, CVE-2014-4218, CVE-2014-4221, CVE-2014-4252, CVE-2014-4266) It was discovered that the RSA algorithm in the Security component in OpenJDK did not sufficiently perform blinding while performing operations that were using private keys. An attacker able to measure timing differences of those operations could possibly leak information about the used keys. (CVE-2014-4244) The Diffie-Hellman (DH) key exchange algorithm implementation in the Security component in OpenJDK failed to validate public DH parameters properly. This could cause OpenJDK to accept and use weak parameters, allowing an attacker to recover the negotiated key. (CVE-2014-4263) The CVE-2014-4262 issue was discovered by Florian Weimer of Red Hat Product Security. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2014:0890-00 CESA-2014:0890 CVE-2014-2483 CVE-2014-2490 CVE-2014-4209 CVE-2014-4216 CVE-2014-4218 CVE-2014-4219 CVE-2014-4221 CVE-2014-4223 CVE-2014-4244 CVE-2014-4252 CVE-2014-4262 CVE-2014-4263 CVE-2014-4266 | Version: | 4 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | java-1.7.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24977 | |||
| Oval ID: | oval:org.mitre.oval:def:24977 | ||
| Title: | AIX OpenSSL DTLS recursion flaw | ||
| Description: | The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS handshake. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2014-0221 | Version: | 4 |
| Platform(s): | IBM AIX 6.1 IBM AIX 7.1 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24979 | |||
| Oval ID: | oval:org.mitre.oval:def:24979 | ||
| Title: | Unspecified vulnerability in the Oracle VM VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.12 allows local users to affect integrity and availability | ||
| Description: | Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.12 allows local users to affect integrity and availability via unknown vectors related to Core. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2014-2477 | Version: | 4 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | VirtualBox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24985 | |||
| Oval ID: | oval:org.mitre.oval:def:24985 | ||
| Title: | Unspecified vulnerability in Oracle Java SE 7u60 and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries (CVE-2014-2483) | ||
| Description: | Unspecified vulnerability in the Java SE component in Oracle Java SE Java SE 7u60 and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-4223. NOTE: the previous information is from the July 2014 CPU. Oracle has not commented on another vendor's claim that the issue is related to improper restriction of the "use of privileged annotations." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2014-2483 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment Java Development Kit |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24987 | |||
| Oval ID: | oval:org.mitre.oval:def:24987 | ||
| Title: | Unspecified vulnerability in the Oracle VM VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.12 allows local users to affect confidentiality | ||
| Description: | Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.12 allows local users to affect confidentiality via unknown vectors related to Core. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2014-2488 | Version: | 3 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | VirtualBox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:25001 | |||
| Oval ID: | oval:org.mitre.oval:def:25001 | ||
| Title: | Vulnerability in OpenSSL before 1.0.2, obtains a certain version number from an incorrect data structure, which allows remote attackers to cause a denial of service (daemon crash) | ||
| Description: | The ssl_get_algorithm2 function in ssl/s3_lib.c in OpenSSL before 1.0.2 obtains a certain version number from an incorrect data structure, which allows remote attackers to cause a denial of service (daemon crash) via crafted traffic from a TLS 1.2 client. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-6449 | Version: | 3 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | OpenSSL |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:25006 | |||
| Oval ID: | oval:org.mitre.oval:def:25006 | ||
| Title: | Unspecified vulnerability in the Oracle VM VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.12 allows local users to affect integrity and availability | ||
| Description: | Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.12 allows local users to affect integrity and availability via unknown vectors related to Core. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2014-2486 | Version: | 3 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | VirtualBox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:25010 | |||
| Oval ID: | oval:org.mitre.oval:def:25010 | ||
| Title: | RHSA-2014:0680: openssl098e security update (Important) | ||
| Description: | OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server. (CVE-2014-0224) Note: In order to exploit this flaw, both the server and the client must be using a vulnerable version of OpenSSL; the server must be using OpenSSL version 1.0.1 and above, and the client must be using any version of OpenSSL. For more information about this flaw, refer to: https://access.redhat.com/site/articles/904433 Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter of this issue. All OpenSSL users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2014:0680-00 CVE-2014-0224 | Version: | 4 |
| Platform(s): | Red Hat Enterprise Linux 7 CentOS Linux 7 | Product(s): | openssl098e |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:25013 | |||
| Oval ID: | oval:org.mitre.oval:def:25013 | ||
| Title: | DEPRECATED: RHSA-2014:0865: tomcat6 security and bug fix update (Moderate) | ||
| Description: | Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. It was discovered that Apache Tomcat did not limit the length of chunk sizes when using chunked transfer encoding. A remote attacker could use this flaw to perform a denial of service attack against Tomcat by streaming an unlimited quantity of data, leading to excessive consumption of server resources. (CVE-2014-0075) It was found that Apache Tomcat did not check for overflowing values when parsing request content length headers. A remote attacker could use this flaw to perform an HTTP request smuggling attack on a Tomcat server located behind a reverse proxy that processed the content length header correctly. (CVE-2014-0099) It was found that the org.apache.catalina.servlets.DefaultServlet implementation in Apache Tomcat allowed the definition of XML External Entities (XXEs) in provided XSLTs. A malicious application could use this to circumvent intended security restrictions to disclose sensitive information. (CVE-2014-0096) The CVE-2014-0075 issue was discovered by David Jorm of Red Hat Product Security. This update also fixes the following bugs: * The patch that resolved the CVE-2014-0050 issue contained redundant code. This update removes the redundant code. (BZ#1094528) * The patch that resolved the CVE-2013-4322 issue contained an invalid check that triggered a java.io.EOFException while reading trailer headers for chunked requests. This update fixes the check and the aforementioned exception is no longer triggered in the described scenario. (BZ#1095602) All Tomcat 6 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. Tomcat must be restarted for this update to take effect. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2014:0865-00 CESA-2014:0865 CVE-2014-0075 CVE-2014-0096 CVE-2014-0099 | Version: | 4 |
| Platform(s): | Red Hat Enterprise Linux 6 CentOS Linux 6 | Product(s): | tomcat6 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:25014 | |||
| Oval ID: | oval:org.mitre.oval:def:25014 | ||
| Title: | RHSA-2014:0679: openssl security update (Important) | ||
| Description: | OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server. (CVE-2014-0224) Note: In order to exploit this flaw, both the server and the client must be using a vulnerable version of OpenSSL; the server must be using OpenSSL version 1.0.1 and above, and the client must be using any version of OpenSSL. For more information about this flaw, refer to: https://access.redhat.com/site/articles/904433 A buffer overflow flaw was found in the way OpenSSL handled invalid DTLS packet fragments. A remote attacker could possibly use this flaw to execute arbitrary code on a DTLS client or server. (CVE-2014-0195) Multiple flaws were found in the way OpenSSL handled read and write buffers when the SSL_MODE_RELEASE_BUFFERS mode was enabled. A TLS/SSL client or server using OpenSSL could crash or unexpectedly drop connections when processing certain SSL traffic. (CVE-2010-5298, CVE-2014-0198) A denial of service flaw was found in the way OpenSSL handled certain DTLS ServerHello requests. A specially crafted DTLS handshake packet could cause a DTLS client using OpenSSL to crash. (CVE-2014-0221) A NULL pointer dereference flaw was found in the way OpenSSL performed anonymous Elliptic Curve Diffie Hellman (ECDH) key exchange. A specially crafted handshake packet could cause a TLS/SSL client that has the anonymous ECDH cipher suite enabled to crash. (CVE-2014-3470) Red Hat would like to thank the OpenSSL project for reporting these issues. Upstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter of CVE-2014-0224, Jüri Aedla as the original reporter of CVE-2014-0195, Imre Rad of Search-Lab as the original reporter of CVE-2014-0221, and Felix Gröbert and Ivan Fratrić of Google as the original reporters of CVE-2014-3470. All OpenSSL users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2014:0679-00 CVE-2010-5298 CVE-2014-0195 CVE-2014-0198 CVE-2014-0221 CVE-2014-0224 CVE-2014-3470 | Version: | 4 |
| Platform(s): | Red Hat Enterprise Linux 7 CentOS Linux 7 | Product(s): | openssl |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:25035 | |||
| Oval ID: | oval:org.mitre.oval:def:25035 | ||
| Title: | AIX OpenSSL SSL_MODE_RELEASE_BUFFERS NULL pointer dereference | ||
| Description: | The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors that trigger an alert condition. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2014-0198 | Version: | 4 |
| Platform(s): | IBM AIX 6.1 IBM AIX 7.1 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:25039 | |||
| Oval ID: | oval:org.mitre.oval:def:25039 | ||
| Title: | Vulnerability in OpenSSL 0.9.8 - 0.9.8za, 1.0.0 - 1.0.0m and 1.0.1 - 1.0.1h, allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information | ||
| Description: | The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2014-3470 | Version: | 5 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | OpenSSL |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:25054 | |||
| Oval ID: | oval:org.mitre.oval:def:25054 | ||
| Title: | Unspecified vulnerability in the Oracle VM VirtualBox before 4.1.34, 4.2.26, and 4.3.12 allows local users to affect confidentiality, integrity, and availability | ||
| Description: | Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.12 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2014-2489 | Version: | 4 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | VirtualBox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:25058 | |||
| Oval ID: | oval:org.mitre.oval:def:25058 | ||
| Title: | Vulnerability in OpenSSL 1.x through 1.0.1g allows remote attackers to cause a denial of service | ||
| Description: | The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors that trigger an alert condition. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2014-0198 | Version: | 3 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | OpenSSL |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:25066 | |||
| Oval ID: | oval:org.mitre.oval:def:25066 | ||
| Title: | Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5, and JRockit R27.8.2 and R28.3.2, allows remote attackers to affect confidentiality and integrity (CVE-2014-4263) | ||
| Description: | Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5, and JRockit R27.8.2 and R28.3.2, allows remote attackers to affect confidentiality and integrity via unknown vectors related to "Diffie-Hellman key agreement." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2014-4263 | Version: | 8 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment Java Development Kit |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:25082 | |||
| Oval ID: | oval:org.mitre.oval:def:25082 | ||
| Title: | USN-2232-2 -- openssl regression | ||
| Description: | USN-2232-1 introduced a regression in OpenSSL. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-2232-2 CVE-2014-0224 CVE-2014-0195 CVE-2014-0221 CVE-2014-3470 | Version: | 3 |
| Platform(s): | Ubuntu 14.04 Ubuntu 13.10 Ubuntu 12.04 | Product(s): | openssl |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:25092 | |||
| Oval ID: | oval:org.mitre.oval:def:25092 | ||
| Title: | Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability (CVE-2014-4219) | ||
| Description: | Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2014-4219 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment Java Development Kit |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:25095 | |||
| Oval ID: | oval:org.mitre.oval:def:25095 | ||
| Title: | ELSA-2014:0624: openssl security update (Important) | ||
| Description: | OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server. (CVE-2014-0224) Note: In order to exploit this flaw, both the server and the client must be using a vulnerable version of OpenSSL; the server must be using OpenSSL version 1.0.1 and above, and the client must be using any version of OpenSSL. For more information about this flaw, refer to: https://access.redhat.com/site/articles/904433 Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter of this issue. All OpenSSL users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2014:0624-00 CVE-2014-0224 | Version: | 4 |
| Platform(s): | Oracle Linux 5 | Product(s): | openssl |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:25101 | |||
| Oval ID: | oval:org.mitre.oval:def:25101 | ||
| Title: | USN-2291-1 -- mysql-5.5 vulnerabilities | ||
| Description: | Several security issues were fixed in MySQL. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-2291-1 CVE-2014-2494 CVE-2014-4207 CVE-2014-4258 CVE-2014-4260 | Version: | 3 |
| Platform(s): | Ubuntu 14.04 Ubuntu 12.04 | Product(s): | mysql-5.5 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:25104 | |||
| Oval ID: | oval:org.mitre.oval:def:25104 | ||
| Title: | Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect integrity (CVE-2014-4220) | ||
| Description: | Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4208. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2014-4220 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment Java Development Kit |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:25106 | |||
| Oval ID: | oval:org.mitre.oval:def:25106 | ||
| Title: | ELSA-2014:0626: openssl097a and openssl098e security update (Important) | ||
| Description: | OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server. (CVE-2014-0224) Note: In order to exploit this flaw, both the server and the client must be using a vulnerable version of OpenSSL; the server must be using OpenSSL version 1.0.1 and above, and the client must be using any version of OpenSSL. For more information about this flaw, refer to: https://access.redhat.com/site/articles/904433 Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter of this issue. All OpenSSL users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2014:0626-00 CVE-2014-0224 | Version: | 4 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | openssl097a openssl098e |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:25136 | |||
| Oval ID: | oval:org.mitre.oval:def:25136 | ||
| Title: | Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality and integrity (CVE-2014-4209) | ||
| Description: | Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality and integrity via vectors related to JMX. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2014-4209 | Version: | 8 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment Java Development Kit |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:25149 | |||
| Oval ID: | oval:org.mitre.oval:def:25149 | ||
| Title: | Unspecified vulnerability in Oracle Java SE 8u5 allows remote attackers to affect confidentiality, integrity, and availability (CVE-2014-4247) | ||
| Description: | Unspecified vulnerability in Oracle Java SE 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to JavaFX. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2014-4247 | Version: | 5 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment Java Development Kit |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:25154 | |||
| Oval ID: | oval:org.mitre.oval:def:25154 | ||
| Title: | Unspecified vulnerability in Oracle Java SE 7u60 and SE 8u5 allows remote attackers to affect confidentiality, integrity, and availability | ||
| Description: | Unspecified vulnerability in the Java SE component in Oracle Java SE 7u60 and SE 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2014-2490 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment Java Development Kit |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:25160 | |||
| Oval ID: | oval:org.mitre.oval:def:25160 | ||
| Title: | Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability (CVE-2014-4216) | ||
| Description: | Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2014-4216 | Version: | 8 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment Java Development Kit |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:25171 | |||
| Oval ID: | oval:org.mitre.oval:def:25171 | ||
| Title: | ELSA-2014:0625: openssl security update (Important) | ||
| Description: | OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server. (CVE-2014-0224) Note: In order to exploit this flaw, both the server and the client must be using a vulnerable version of OpenSSL; the server must be using OpenSSL version 1.0.1 and above, and the client must be using any version of OpenSSL. For more information about this flaw, refer to: https://access.redhat.com/site/articles/904433 A buffer overflow flaw was found in the way OpenSSL handled invalid DTLS packet fragments. A remote attacker could possibly use this flaw to execute arbitrary code on a DTLS client or server. (CVE-2014-0195) Multiple flaws were found in the way OpenSSL handled read and write buffers when the SSL_MODE_RELEASE_BUFFERS mode was enabled. A TLS/SSL client or server using OpenSSL could crash or unexpectedly drop connections when processing certain SSL traffic. (CVE-2010-5298, CVE-2014-0198) A denial of service flaw was found in the way OpenSSL handled certain DTLS ServerHello requests. A specially crafted DTLS handshake packet could cause a DTLS client using OpenSSL to crash. (CVE-2014-0221) A NULL pointer dereference flaw was found in the way OpenSSL performed anonymous Elliptic Curve Diffie Hellman (ECDH) key exchange. A specially crafted handshake packet could cause a TLS/SSL client that has the anonymous ECDH cipher suite enabled to crash. (CVE-2014-3470) Red Hat would like to thank the OpenSSL project for reporting these issues. Upstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter of CVE-2014-0224, Juri Aedla as the original reporter of CVE-2014-0195, Imre Rad of Search-Lab as the original reporter of CVE-2014-0221, and Felix Grobert and Ivan Fratric of Google as the original reporters of CVE-2014-3470. All OpenSSL users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2014:0625-00 CVE-2010-5298 CVE-2014-0195 CVE-2014-0198 CVE-2014-0221 CVE-2014-0224 CVE-2014-3470 | Version: | 4 |
| Platform(s): | Oracle Linux 6 | Product(s): | openssl |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:25175 | |||
| Oval ID: | oval:org.mitre.oval:def:25175 | ||
| Title: | ELSA-2014:0561: curl security and bug fix update (Moderate) | ||
| Description: | cURL provides the libcurl library and a command line tool for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. It was found that libcurl could incorrectly reuse existing connections for requests that should have used different or no authentication credentials, when using one of the following protocols: HTTP(S) with NTLM authentication, LDAP(S), SCP, or SFTP. If an application using the libcurl library connected to a remote server with certain authentication credentials, this flaw could cause other requests to use those same credentials. (CVE-2014-0015, CVE-2014-0138) Red Hat would like to thank the cURL project for reporting these issues. Upstream acknowledges Paras Sethia as the original reporter of CVE-2014-0015 and Yehezkel Horowitz for discovering the security impact of this issue, and Steve Holme as the original reporter of CVE-2014-0138. This update also fixes the following bugs: * Previously, the libcurl library was closing a network socket without first terminating the SSL connection using the socket. This resulted in a write after close and consequent leakage of memory dynamically allocated by the SSL library. An upstream patch has been applied on libcurl to fix this bug. As a result, the write after close no longer happens, and the SSL library no longer leaks memory. (BZ#1092479) * Previously, the libcurl library did not implement a non-blocking SSL handshake, which negatively affected performance of applications based on libcurl's multi API. To fix this bug, the non-blocking SSL handshake has been implemented by libcurl. With this update, libcurl's multi API immediately returns the control back to the application whenever it cannot read/write data from/to the underlying network socket. (BZ#1092480) * Previously, the curl package could not be rebuilt from sources due to an expired cookie in the upstream test-suite, which runs during the build. An upstream patch has been applied to postpone the expiration date of the cookie, which makes it possible to rebuild the package from sources again. (BZ#1092486) * Previously, the libcurl library attempted to authenticate using Kerberos whenever such an authentication method was offered by the server. This caused problems when the server offered multiple authentication methods and Kerberos was not the selected one. An upstream patch has been applied on libcurl to fix this bug. Now libcurl no longer uses Kerberos authentication if another authentication method is selected. (BZ#1096797) All curl users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running applications that use libcurl have to be restarted for this update to take effect. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2014:0561-00 CVE-2014-0015 CVE-2014-0138 | Version: | 4 |
| Platform(s): | Oracle Linux 6 | Product(s): | curl |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:25192 | |||
| Oval ID: | oval:org.mitre.oval:def:25192 | ||
| Title: | ELSA-2014:0513: libxml2 security update (Moderate) | ||
| Description: | The libxml2 library is a development toolbox providing the implementation of various XML standards. It was discovered that libxml2 loaded external parameter entities even when entity substitution was disabled. A remote attacker able to provide a specially crafted XML file to an application linked against libxml2 could use this flaw to conduct XML External Entity (XXE) attacks, possibly resulting in a denial of service or an information leak on the system. (CVE-2014-0191) An out-of-bounds read flaw was found in the way libxml2 detected the end of an XML file. A remote attacker could provide a specially crafted XML file that, when processed by an application linked against libxml2, could cause the application to crash. (CVE-2013-2877) The CVE-2014-0191 issue was discovered by Daniel P. Berrange of Red Hat. All libxml2 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The desktop must be restarted (log out, then log back in) for this update to take effect. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2014:0513-00 CVE-2013-2877 CVE-2014-0191 | Version: | 4 |
| Platform(s): | Oracle Linux 6 | Product(s): | libxml2 |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:25202 | |||
| Oval ID: | oval:org.mitre.oval:def:25202 | ||
| Title: | Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect integrity (CVE-2014-4266) | ||
| Description: | Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect integrity via unknown vectors related to Serviceability. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2014-4266 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment Java Development Kit |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:25203 | |||
| Oval ID: | oval:org.mitre.oval:def:25203 | ||
| Title: | Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect integrity (CVE-2014-4265) | ||
| Description: | Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect integrity via unknown vectors related to Deployment. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2014-4265 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment Java Development Kit |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:25216 | |||
| Oval ID: | oval:org.mitre.oval:def:25216 | ||
| Title: | Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect availability (CVE-2014-4264) | ||
| Description: | Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect availability via unknown vectors related to Security. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2014-4264 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment Java Development Kit |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:25224 | |||
| Oval ID: | oval:org.mitre.oval:def:25224 | ||
| Title: | Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5, and JRockit R27.8.2 and JRockit R28.3.2, allows remote attackers to affect confidentiality and integrity (CVE-2014-4244) | ||
| Description: | Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5, and JRockit R27.8.2 and JRockit R28.3.2, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Security. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2014-4244 | Version: | 8 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment Java Development Kit |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:25235 | |||
| Oval ID: | oval:org.mitre.oval:def:25235 | ||
| Title: | Unspecified vulnerability in the Oracle VM VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.12 allows local users to affect confidentiality, integrity, and availability | ||
| Description: | Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.1.34, 4.2.26, and 4.3.12 allows local users to affect confidentiality, integrity, and availability via vectors related to Graphics driver (WDDM) for Windows guests. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2014-4228 | Version: | 4 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | VirtualBox |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:25249 | |||
| Oval ID: | oval:org.mitre.oval:def:25249 | ||
| Title: | RHSA-2014:0890: java-1.7.0-openjdk security update (Important) | ||
| Description: | The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. It was discovered that the Hotspot component in OpenJDK did not properly verify bytecode from the class files. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions. (CVE-2014-4216, CVE-2014-4219) A format string flaw was discovered in the Hotspot component event logger in OpenJDK. An untrusted Java application or applet could use this flaw to crash the Java Virtual Machine or, potentially, execute arbitrary code with the privileges of the Java Virtual Machine. (CVE-2014-2490) Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2014-4223, CVE-2014-4262, CVE-2014-2483) Multiple flaws were discovered in the JMX, Libraries, Security, and Serviceability components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-4209, CVE-2014-4218, CVE-2014-4221, CVE-2014-4252, CVE-2014-4266) It was discovered that the RSA algorithm in the Security component in OpenJDK did not sufficiently perform blinding while performing operations that were using private keys. An attacker able to measure timing differences of those operations could possibly leak information about the used keys. (CVE-2014-4244) The Diffie-Hellman (DH) key exchange algorithm implementation in the Security component in OpenJDK failed to validate public DH parameters properly. This could cause OpenJDK to accept and use weak parameters, allowing an attacker to recover the negotiated key. (CVE-2014-4263) The CVE-2014-4262 issue was discovered by Florian Weimer of Red Hat Product Security. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2014:0890-00 CESA-2014:0890 CVE-2014-2483 CVE-2014-2490 CVE-2014-4209 CVE-2014-4216 CVE-2014-4218 CVE-2014-4219 CVE-2014-4221 CVE-2014-4223 CVE-2014-4244 CVE-2014-4252 CVE-2014-4262 CVE-2014-4263 CVE-2014-4266 | Version: | 3 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | java-1.7.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:25250 | |||
| Oval ID: | oval:org.mitre.oval:def:25250 | ||
| Title: | Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability (CVE-2014-4227) | ||
| Description: | Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2014-4227 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment Java Development Kit |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:25273 | |||
| Oval ID: | oval:org.mitre.oval:def:25273 | ||
| Title: | Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality (CVE-2014-4252) | ||
| Description: | Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality via unknown vectors related to Security. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2014-4252 | Version: | 8 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment Java Development Kit |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:25281 | |||
| Oval ID: | oval:org.mitre.oval:def:25281 | ||
| Title: | Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect confidentiality (CVE-2014-4221) | ||
| Description: | Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect confidentiality via unknown vectors related to Libraries. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2014-4221 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment Java Development Kit |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:25291 | |||
| Oval ID: | oval:org.mitre.oval:def:25291 | ||
| Title: | SUSE-SU-2014:0759-1 -- Security update for OpenSSL | ||
| Description: | OpenSSL was updated to fix several vulnerabilities: * SSL/TLS MITM vulnerability. (CVE-2014-0224) * DTLS recursion flaw. (CVE-2014-0221) * Anonymous ECDH denial of service. (CVE-2014-3470) | ||
| Family: | unix | Class: | patch |
| Reference(s): | SUSE-SU-2014:0759-1 CVE-2014-0224 CVE-2014-0221 CVE-2014-3470 | Version: | 3 |
| Platform(s): | SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Desktop 11 | Product(s): | OpenSSL |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:25303 | |||
| Oval ID: | oval:org.mitre.oval:def:25303 | ||
| Title: | SUSE-SU-2014:0774-1 -- Security update for xorg-x11-libs | ||
| Description: | xorg-x11-libs was patched to fix the following security issues: * Integer overflow of allocations in font metadata file parsing. (CVE-2014-0209) * libxfont not validating length fields when parsing xfs protocol replies. (CVE-2014-0210) * Integer overflows causing miscalculating memory needs for xfs replies. (CVE-2014-0211) | ||
| Family: | unix | Class: | patch |
| Reference(s): | SUSE-SU-2014:0774-1 CVE-2014-0209 CVE-2014-0210 CVE-2014-0211 | Version: | 3 |
| Platform(s): | SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Desktop 11 | Product(s): | xorg-x11-libs |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:25312 | |||
| Oval ID: | oval:org.mitre.oval:def:25312 | ||
| Title: | RHSA-2014:0902: java-1.7.0-oracle security update (Critical) | ||
| Description: | Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2014-4219, CVE-2014-2490, CVE-2014-4216, CVE-2014-4223, CVE-2014-4262, CVE-2014-2483, CVE-2014-4209, CVE-2014-4218, CVE-2014-4252, CVE-2014-4266, CVE-2014-4221, CVE-2014-4244, CVE-2014-4263, CVE-2014-4227, CVE-2014-4265, CVE-2014-4220, CVE-2014-4208, CVE-2014-4264) The CVE-2014-4262 issue was discovered by Florian Weimer of Red Hat Product Security. Note: The way in which the Oracle Java SE packages are delivered has changed. They now reside in a separate channel/repository that requires action from the user to perform prior to getting updated packages. For information on subscribing to the new channel/repository please refer to: https://access.redhat.com/solutions/732883 All users of java-1.7.0-oracle are advised to upgrade to these updated packages, which provide Oracle Java 7 Update 65 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2014:0902-00 CVE-2014-2483 CVE-2014-2490 CVE-2014-4208 CVE-2014-4209 CVE-2014-4216 CVE-2014-4218 CVE-2014-4219 CVE-2014-4220 CVE-2014-4221 CVE-2014-4223 CVE-2014-4227 CVE-2014-4244 CVE-2014-4252 CVE-2014-4262 CVE-2014-4263 CVE-2014-4264 CVE-2014-4265 CVE-2014-4266 | Version: | 3 |
| Platform(s): | Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 5 | Product(s): | java-1.7.0-oracle |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:25350 | |||
| Oval ID: | oval:org.mitre.oval:def:25350 | ||
| Title: | SUSE-SU-2014:0171-1 -- Security update for curl | ||
| Description: | This update fixes the re-use of wrong HTTP NTLM connections in libcurl. (CVE-2014-0015) Security Issue reference: * CVE-2014-0015 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0015 > | ||
| Family: | unix | Class: | patch |
| Reference(s): | SUSE-SU-2014:0171-1 CVE-2014-0015 | Version: | 3 |
| Platform(s): | SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Desktop 11 | Product(s): | curl |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:25358 | |||
| Oval ID: | oval:org.mitre.oval:def:25358 | ||
| Title: | RHSA-2014:0907: java-1.6.0-openjdk security and bug fix update (Important) | ||
| Description: | The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. It was discovered that the Hotspot component in OpenJDK did not properly verify bytecode from the class files. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions. (CVE-2014-4216, CVE-2014-4219) A format string flaw was discovered in the Hotspot component event logger in OpenJDK. An untrusted Java application or applet could use this flaw to crash the Java Virtual Machine or, potentially, execute arbitrary code with the privileges of the Java Virtual Machine. (CVE-2014-2490) An improper permission check issue was discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2014-4262) Multiple flaws were discovered in the JMX, Libraries, Security, and Serviceability components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-4209, CVE-2014-4218, CVE-2014-4252, CVE-2014-4266) It was discovered that the RSA algorithm in the Security component in OpenJDK did not sufficiently perform blinding while performing operations that were using private keys. An attacker able to measure timing differences of those operations could possibly leak information about the used keys. (CVE-2014-4244) The Diffie-Hellman (DH) key exchange algorithm implementation in the Security component in OpenJDK failed to validate public DH parameters properly. This could cause OpenJDK to accept and use weak parameters, allowing an attacker to recover the negotiated key. (CVE-2014-4263) The CVE-2014-4262 issue was discovered by Florian Weimer of Red Hat Product Security. This update also fixes the following bug: * Prior to this update, an application accessing an unsynchronized HashMap could potentially enter an infinite loop and consume an excessive amount of CPU resources. This update resolves this issue. (BZ#1115580) All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2014:0907-00 CESA-2014:0907 CVE-2014-2490 CVE-2014-4209 CVE-2014-4216 CVE-2014-4218 CVE-2014-4219 CVE-2014-4244 CVE-2014-4252 CVE-2014-4262 CVE-2014-4263 CVE-2014-4266 | Version: | 3 |
| Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 CentOS Linux 5 CentOS Linux 6 CentOS Linux 7 | Product(s): | java-1.6.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:25377 | |||
| Oval ID: | oval:org.mitre.oval:def:25377 | ||
| Title: | SUSE-SU-2014:0175-1 -- Security update for curl | ||
| Description: | This update fixes the re-use of wrong HTTP NTLM connections in libcurl. (CVE-2014-0015) Security Issue reference: * CVE-2014-0015 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0015 > | ||
| Family: | unix | Class: | patch |
| Reference(s): | SUSE-SU-2014:0175-1 CVE-2014-0015 | Version: | 3 |
| Platform(s): | SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Desktop 11 | Product(s): | curl |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:25393 | |||
| Oval ID: | oval:org.mitre.oval:def:25393 | ||
| Title: | SUSE-SU-2014:0175-2 -- Security update for curl | ||
| Description: | This update fixes the re-use of wrong HTTP NTLM connections in libcurl. (CVE-2014-0015) Security Issue reference: * CVE-2014-0015 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0015 > | ||
| Family: | unix | Class: | patch |
| Reference(s): | SUSE-SU-2014:0175-2 CVE-2014-0015 | Version: | 3 |
| Platform(s): | SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Desktop 11 | Product(s): | curl |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:25428 | |||
| Oval ID: | oval:org.mitre.oval:def:25428 | ||
| Title: | RHSA-2014:0908: java-1.6.0-sun security update (Important) | ||
| Description: | Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch page, listed in the References section. (CVE-2014-4219, CVE-2014-4216, CVE-2014-4262, CVE-2014-4209, CVE-2014-4218, CVE-2014-4252, CVE-2014-4244, CVE-2014-4263, CVE-2014-4227, CVE-2014-4265) The CVE-2014-4262 issue was discovered by Florian Weimer of Red Hat Product Security. Note: The way in which the Oracle Java SE packages are delivered has changed. They now reside in a separate channel/repository that requires action from the user to perform prior to getting updated packages. For information on subscribing to the new channel/repository please refer to: https://access.redhat.com/solutions/732883 All users of java-1.6.0-sun are advised to upgrade to these updated packages, which provide Oracle Java 6 Update 81 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2014:0908-00 CVE-2014-4209 CVE-2014-4216 CVE-2014-4218 CVE-2014-4219 CVE-2014-4227 CVE-2014-4244 CVE-2014-4252 CVE-2014-4262 CVE-2014-4263 CVE-2014-4265 | Version: | 3 |
| Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 | Product(s): | java-1.6.0-sun |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:25431 | |||
| Oval ID: | oval:org.mitre.oval:def:25431 | ||
| Title: | SUSE-SU-2014:0150-1 -- Security update for libxml2 | ||
| Description: | This update fixes a DoS vulnerability in libxml2. CVE-2013-2877 has been assigned to this issue. Security Issue reference: * CVE-2013-2877 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2877 > | ||
| Family: | unix | Class: | patch |
| Reference(s): | SUSE-SU-2014:0150-1 CVE-2013-2877 | Version: | 3 |
| Platform(s): | SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Desktop 11 | Product(s): | libxml2 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:25435 | |||
| Oval ID: | oval:org.mitre.oval:def:25435 | ||
| Title: | SUSE-SU-2013:1618-1 -- Security update for Python | ||
| Description: | This python update fixes a certificate hostname issue. * bnc#834601: CVE-2013-4238: python: SSL module does not handle certificates that contain hostnames with NULL bytes Security Issue reference: * CVE-2013-4238 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4238 > | ||
| Family: | unix | Class: | patch |
| Reference(s): | SUSE-SU-2013:1618-1 CVE-2013-4238 | Version: | 3 |
| Platform(s): | SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Desktop 11 | Product(s): | Python |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:25457 | |||
| Oval ID: | oval:org.mitre.oval:def:25457 | ||
| Title: | SUSE-SU-2013:1627-1 -- Security update for libxml2 | ||
| Description: | libxml2 has been updated to fix the following security issue: * CVE-2013-0338: libxml2 allowed context-dependent attackers to cause a denial of service (CPU and memory consumption) via an XML file containing an entity declaration with long replacement text and many references to this entity, aka "internal entity expansion" with linear complexity. | ||
| Family: | unix | Class: | patch |
| Reference(s): | SUSE-SU-2013:1627-1 CVE-2013-0338 CVE-2013-0339 CVE-2012-5134 CVE-2012-2807 CVE-2011-3102 CVE-2012-0841 CVE-2011-3919 CVE-2013-2877 | Version: | 3 |
| Platform(s): | SUSE Linux Enterprise Server 10 | Product(s): | libxml2 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:25499 | |||
| Oval ID: | oval:org.mitre.oval:def:25499 | ||
| Title: | SUSE-SU-2014:0548-1 -- Security update for jakarta-commons-fileupload | ||
| Description: | This update fixes a security issue with jakarta-commons-fileupload: * bnc#862781: denial of service due to too-small buffer size used (CVE-2014-0050) Security Issue reference: * CVE-2014-0050 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0050 > | ||
| Family: | unix | Class: | patch |
| Reference(s): | SUSE-SU-2014:0548-1 CVE-2014-0050 | Version: | 3 |
| Platform(s): | SUSE Linux Enterprise Server 11 | Product(s): | jakarta-commons-fileupload |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:25501 | |||
| Oval ID: | oval:org.mitre.oval:def:25501 | ||
| Title: | SUSE-SU-2014:0665-1 -- Security update for Mozilla Firefox | ||
| Description: | This Mozilla Firefox and Mozilla NSS update fixes several security and non-security issues. Mozilla Firefox has been updated to 24.5.0esr which fixes the following issues: * MFSA 2014-34/CVE-2014-1518 Miscellaneous memory safety hazards * MFSA 2014-37/CVE-2014-1523 Out of bounds read while decoding JPG images * MFSA 2014-38/CVE-2014-1524 Buffer overflow when using non-XBL object as XBL * MFSA 2014-42/CVE-2014-1529 Privilege escalation through Web Notification API * MFSA 2014-43/CVE-2014-1530 Cross-site scripting (XSS) using history navigations * MFSA 2014-44/CVE-2014-1531 Use-after-free in imgLoader while resizing images * MFSA 2014-46/CVE-2014-1532 Use-after-free in nsHostResolver Mozilla NSS has been updated to 3.16 * required for Firefox 29 * CVE-2014-1492_ In a wildcard certificate, the wildcard character should not be embedded within the U-label of an internationalized domain name. See the last bullet point in RFC 6125, Section 7.2. * Update of root certificates. | ||
| Family: | unix | Class: | patch |
| Reference(s): | SUSE-SU-2014:0665-1 CVE-2014-1518 CVE-2014-1523 CVE-2014-1524 CVE-2014-1529 CVE-2014-1530 CVE-2014-1531 CVE-2014-1532 CVE-2014-1492 | Version: | 5 |
| Platform(s): | SUSE Linux Enterprise Server 11 | Product(s): | Mozilla Firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:25648 | |||
| Oval ID: | oval:org.mitre.oval:def:25648 | ||
| Title: | DSA-2987-1 -- openjdk-7 - security update | ||
| Description: | Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure or denial of service. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2987-1 CVE-2014-2483 CVE-2014-2490 CVE-2014-4209 CVE-2014-4216 CVE-2014-4218 CVE-2014-4219 CVE-2014-4221 CVE-2014-4223 CVE-2014-4244 CVE-2014-4252 CVE-2014-4262 CVE-2014-4263 CVE-2014-4264 CVE-2014-4266 CVE-2014-4268 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 7 Debian GNU/kFreeBSD 7 | Product(s): | openjdk-7 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:25782 | |||
| Oval ID: | oval:org.mitre.oval:def:25782 | ||
| Title: | SUSE-SU-2013:1254-1 -- Security update for java-1_7_0-openjdk | ||
| Description: | This update to icedtea-2.4.1 fixes various security issues. | ||
| Family: | unix | Class: | patch |
| Reference(s): | SUSE-SU-2013:1254-1 CVE-2013-2407 CVE-2013-2445 CVE-2013-2451 CVE-2013-2450 CVE-2013-2446 CVE-2013-2452 CVE-2013-1500 CVE-2013-2444 CVE-2013-2447 CVE-2013-2443 CVE-2013-2412 CVE-2013-2449 CVE-2013-2448 CVE-2013-2455 CVE-2013-2457 CVE-2013-2453 CVE-2013-2456 CVE-2013-2459 CVE-2013-2458 CVE-2013-2454 CVE-2013-2460 CVE-2013-2470 CVE-2013-2471 CVE-2013-2472 CVE-2013-2473 CVE-2013-1571 CVE-2013-2463 CVE-2013-2465 CVE-2013-2469 CVE-2013-2461 | Version: | 3 |
| Platform(s): | SUSE Linux Enterprise Desktop 11 | Product(s): | java-1_7_0-openjdk |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:25803 | |||
| Oval ID: | oval:org.mitre.oval:def:25803 | ||
| Title: | USN-2232-4 -- openssl vulnerabilities | ||
| Description: | USN-2232-1 introduced a regression in OpenSSL. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-2232-4 CVE-2014-0195 CVE-2014-0221 CVE-2014-0224 CVE-2014-3470 | Version: | 3 |
| Platform(s): | Ubuntu 10.04 | Product(s): | openssl |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:25952 | |||
| Oval ID: | oval:org.mitre.oval:def:25952 | ||
| Title: | SUSE-SU-2013:1238-1 -- Security update for java-1_6_0-openjdk | ||
| Description: | java-1_6_0-openjdk has been updated to Icedtea6-1.12.6 version. | ||
| Family: | unix | Class: | patch |
| Reference(s): | SUSE-SU-2013:1238-1 CVE-2013-2407 CVE-2013-2445 CVE-2013-2451 CVE-2013-2450 CVE-2013-2446 CVE-2013-2452 CVE-2013-1500 CVE-2013-2444 CVE-2013-2447 CVE-2013-2443 CVE-2013-2412 CVE-2013-2448 CVE-2013-2455 CVE-2013-2457 CVE-2013-2453 CVE-2013-2456 CVE-2013-2459 CVE-2013-2470 CVE-2013-2471 CVE-2013-2472 CVE-2013-2473 CVE-2013-1571 CVE-2013-2463 CVE-2013-2465 CVE-2013-2469 CVE-2013-2461 | Version: | 3 |
| Platform(s): | SUSE Linux Enterprise Desktop 11 | Product(s): | java-1_6_0-openjdk |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:25958 | |||
| Oval ID: | oval:org.mitre.oval:def:25958 | ||
| Title: | SUSE-SU-2014:0881-1 -- Security update for xorg-x11-libs | ||
| Description: | This is a SUSE Linux Enterprise Server 11 SP1 LTSS roll up update of xorg-x11-libs, fixing security issues and some bugs. | ||
| Family: | unix | Class: | patch |
| Reference(s): | SUSE-SU-2014:0881-1 CVE-2013-1984 CVE-2013-1985 CVE-2013-1986 CVE-2013-1988 CVE-2013-1990 CVE-2013-1991 CVE-2013-1992 CVE-2013-1995 CVE-2013-1996 CVE-2013-1998 CVE-2013-1999 CVE-2013-2000 CVE-2013-2001 CVE-2013-2003 CVE-2013-2063 CVE-2013-6462 CVE-2014-0209 CVE-2014-0210 CVE-2014-0211 | Version: | 3 |
| Platform(s): | SUSE Linux Enterprise Server 11 | Product(s): | xorg-x11-libs |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:25993 | |||
| Oval ID: | oval:org.mitre.oval:def:25993 | ||
| Title: | Critical Patch Update July 2014 | ||
| Description: | Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local users to affect availability via vectors related to CPU performance counters (CPC) drivers. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2014-4215 | Version: | 3 |
| Platform(s): | Sun Solaris 10 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:26063 | |||
| Oval ID: | oval:org.mitre.oval:def:26063 | ||
| Title: | USN-2302-1 -- tomcat6, tomcat7 vulnerabilities | ||
| Description: | Several security issues were fixed in Tomcat. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-2302-1 CVE-2014-0075 CVE-2014-0096 CVE-2014-0099 | Version: | 3 |
| Platform(s): | Ubuntu 14.04 Ubuntu 12.04 Ubuntu 10.04 | Product(s): | tomcat7 tomcat6 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:26067 | |||
| Oval ID: | oval:org.mitre.oval:def:26067 | ||
| Title: | USN-2319-3 -- openjdk-7 update | ||
| Description: | This update provides stability updates for OpenJDK 7. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-2319-3 CVE-2014-2483 CVE-2014-2490 CVE-2014-4216 CVE-2014-4219 CVE-2014-4223 CVE-2014-4262 CVE-2014-4209 CVE-2014-4244 CVE-2014-4263 CVE-2014-4218 CVE-2014-4266 CVE-2014-4264 CVE-2014-4221 CVE-2014-4252 CVE-2014-4268 | Version: | 3 |
| Platform(s): | Ubuntu 14.04 | Product(s): | openjdk-7 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:26099 | |||
| Oval ID: | oval:org.mitre.oval:def:26099 | ||
| Title: | DSA-2985-1 -- mysql-5.5 - security update | ||
| Description: | Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.38. Please see the MySQL 5.5 Release Notes and Oracle's Critical Patch Update advisory for further details. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2985-1 CVE-2014-2494 CVE-2014-4207 CVE-2014-4258 CVE-2014-4260 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 7 Debian GNU/kFreeBSD 7 | Product(s): | mysql-5.5 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:26123 | |||
| Oval ID: | oval:org.mitre.oval:def:26123 | ||
| Title: | AIX libxml2 vulnerability | ||
| Description: | The xmlParserHandlePEReference function in parser.c in libxml2 before 2.9.2, as used in Web Listener in Oracle HTTP Server in Oracle Fusion Middleware 11.1.1.7.0, 12.1.2.0, and 12.1.3.0 and other products, loads external parameter entities regardless of whether entity substitution or validation is enabled, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XML document. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2014-0191 | Version: | 6 |
| Platform(s): | IBM AIX 6.1 IBM AIX 7.1 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:26141 | |||
| Oval ID: | oval:org.mitre.oval:def:26141 | ||
| Title: | DSA-2994-1 -- nss - security update | ||
| Description: | Several vulnerabilities have been discovered in nss, the Mozilla Network Security Service library. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2994-1 CVE-2013-1741 CVE-2013-5606 CVE-2014-1491 CVE-2014-1492 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 7 Debian GNU/kFreeBSD 7 | Product(s): | nss |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:26168 | |||
| Oval ID: | oval:org.mitre.oval:def:26168 | ||
| Title: | RHSA-2014:1073: nss, nss-util, nss-softokn security, bug fix, and enhancement update (Low) | ||
| Description: | Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSLv3, TLS, and other security standards. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2014:1073-00 CESA-2014:1073 CVE-2014-1492 | Version: | 3 |
| Platform(s): | Red Hat Enterprise Linux 7 CentOS Linux 7 | Product(s): | nss nss-softokn nss-util |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:26182 | |||
| Oval ID: | oval:org.mitre.oval:def:26182 | ||
| Title: | SUSE-SU-2014:0961-1 -- Security update for openjdk | ||
| Description: | This Critical Patch Update contains 20 new security fixes for Oracle Java SE. | ||
| Family: | unix | Class: | patch |
| Reference(s): | SUSE-SU-2014:0961-1 CVE-2014-4227 CVE-2014-4219 CVE-2014-2490 CVE-2014-4216 CVE-2014-4247 CVE-2014-2483 CVE-2014-4223 CVE-2014-4262 CVE-2014-4209 CVE-2014-4265 CVE-2014-4220 CVE-2014-4218 CVE-2014-4252 CVE-2014-4266 CVE-2014-4268 CVE-2014-4264 CVE-2014-4221 CVE-2014-4244 CVE-2014-4263 CVE-2014-4208 | Version: | 3 |
| Platform(s): | SUSE Linux Enterprise Desktop 11 | Product(s): | openjdk |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:26183 | |||
| Oval ID: | oval:org.mitre.oval:def:26183 | ||
| Title: | RHSA-2014:1034: tomcat security update (Low) | ||
| Description: | Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. It was found that, in certain circumstances, it was possible for a malicious web application to replace the XML parsers used by Apache Tomcat to process XSLTs for the default servlet, JSP documents, tag library descriptors (TLDs), and tag plug-in configuration files. The injected XML parser(s) could then bypass the limits imposed on XML external entities and/or gain access to the XML files processed for other web applications deployed on the same Apache Tomcat instance. (CVE-2014-0119) All Tomcat users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. Tomcat must be restarted for this update to take effect. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2014:1034-00 CESA-2014:1034 CVE-2014-0119 | Version: | 3 |
| Platform(s): | Red Hat Enterprise Linux 7 CentOS Linux 7 | Product(s): | tomcat |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:26187 | |||
| Oval ID: | oval:org.mitre.oval:def:26187 | ||
| Title: | Critical Patch Update July 2014 | ||
| Description: | Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Common Agent Container (Cacao). | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2014-4239 | Version: | 3 |
| Platform(s): | Sun Solaris 10 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:26198 | |||
| Oval ID: | oval:org.mitre.oval:def:26198 | ||
| Title: | USN-2319-2 -- openjdk-7 regression | ||
| Description: | USN-2319-1 introduced a regression in OpenJDK 7. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-2319-2 CVE-2014-2483 CVE-2014-2490 CVE-2014-4216 CVE-2014-4219 CVE-2014-4223 CVE-2014-4262 CVE-2014-4209 CVE-2014-4244 CVE-2014-4263 CVE-2014-4218 CVE-2014-4266 CVE-2014-4264 CVE-2014-4221 CVE-2014-4252 CVE-2014-4268 | Version: | 3 |
| Platform(s): | Ubuntu 14.04 | Product(s): | openjdk-7 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:26289 | |||
| Oval ID: | oval:org.mitre.oval:def:26289 | ||
| Title: | Critical Patch Update July 2014 | ||
| Description: | Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11.1 allows local users to affect availability via unknown vectors related to sockfs. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2014-4224 | Version: | 3 |
| Platform(s): | Sun Solaris 10 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:26374 | |||
| Oval ID: | oval:org.mitre.oval:def:26374 | ||
| Title: | RHSA-2014:1038: tomcat6 security update (Low) | ||
| Description: | Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. It was found that several application-provided XML files, such as web.xml, content.xml, *.tld, *.tagx, and *.jspx, resolved external entities, permitting XML External Entity (XXE) attacks. An attacker able to deploy malicious applications to Tomcat could use this flaw to circumvent security restrictions set by the JSM, and gain access to sensitive information on the system. Note that this flaw only affected deployments in which Tomcat is running applications from untrusted sources, such as in a shared hosting environment. (CVE-2013-4590) It was found that, in certain circumstances, it was possible for a malicious web application to replace the XML parsers used by Apache Tomcat to process XSLTs for the default servlet, JSP documents, tag library descriptors (TLDs), and tag plug-in configuration files. The injected XML parser(s) could then bypass the limits imposed on XML external entities and/or gain access to the XML files processed for other web applications deployed on the same Apache Tomcat instance. (CVE-2014-0119) All Tomcat users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. Tomcat must be restarted for this update to take effect. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2014:1038-00 CESA-2014:1038 CVE-2013-4590 CVE-2014-0119 | Version: | 3 |
| Platform(s): | Red Hat Enterprise Linux 6 CentOS Linux 6 | Product(s): | tomcat6 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:26392 | |||
| Oval ID: | oval:org.mitre.oval:def:26392 | ||
| Title: | DEPRECATED: ELSA-2014-0474 -- struts security update (important) | ||
| Description: | [1.2.9-4jpp.7] - Resolves: rhbz#1092457 - CVE-2014-0114: Fixed ClassLoader manipulation vulnerability - Added dist tag to release | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2014-0474 CVE-2014-0114 | Version: | 4 |
| Platform(s): | Oracle Linux 5 | Product(s): | struts |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:26454 | |||
| Oval ID: | oval:org.mitre.oval:def:26454 | ||
| Title: | SUSE-SU-2014:1072-1 -- Security update for MySQL | ||
| Description: | This MySQL update provides the following:upgrade to version 5.5.39 | ||
| Family: | unix | Class: | patch |
| Reference(s): | SUSE-SU-2014:1072-1 CVE-2014-2484 CVE-2014-4258 CVE-2014-4260 CVE-2014-2494 CVE-2014-4238 CVE-2014-4207 CVE-2014-4233 CVE-2014-4240 CVE-2014-4214 CVE-2014-4243 | Version: | 3 |
| Platform(s): | SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Desktop 11 | Product(s): | MySQL |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:26472 | |||
| Oval ID: | oval:org.mitre.oval:def:26472 | ||
| Title: | DEPRECATED: ELSA-2014-0429 -- tomcat6 security update (Moderate) | ||
| Description: | Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. It was found that when Tomcat processed a series of HTTP requests in which at least one request contained either multiple content-length headers, or one content-length header with a chunked transfer-encoding header, Tomcat would incorrectly handle the request. A remote attacker could use this flaw to poison a web cache, perform cross-site scripting (XSS) attacks, or obtain sensitive information from other requests. (CVE-2013-4286) It was discovered that the fix for CVE-2012-3544 did not properly resolve a denial of service flaw in the way Tomcat processed chunk extensions and trailing headers in chunked requests. A remote attacker could use this flaw to send an excessively long request that, when processed by Tomcat, could consume network bandwidth, CPU, and memory on the Tomcat server. Note that chunked transfer encoding is enabled by default. (CVE-2013-4322) A denial of service flaw was found in the way Apache Commons FileUpload handled small-sized buffers used by MultipartStream. A remote attacker could use this flaw to create a malformed Content-Type header for a multipart request, causing JBoss Web to enter an infinite loop when processing such an incoming request. (CVE-2014-0050) All Tomcat users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. Tomcat must be restarted for this update to take effect. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2014-0429 CVE-2014-0050 CVE-2013-4322 CVE-2013-4286 CVE-2012-3544 | Version: | 4 |
| Platform(s): | Oracle Linux 6 | Product(s): | tomcat6 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:26498 | |||
| Oval ID: | oval:org.mitre.oval:def:26498 | ||
| Title: | SUSE-SU-2014:1080-1 -- Security update for apache2 | ||
| Description: | This apache2 update fixes the following security and non security issues: * mod_cgid denial of service (CVE-2014-0231, bnc#887768) * mod_status heap-based buffer overflow (CVE-2014-0226, bnc#887765) * mod_dav denial of service (CVE-2013-6438, bnc#869105) * log_cookie mod_log_config.c remote denial of service (CVE-2014-0098, bnc#869106) * Support ECDH in Apache2 (bnc#859916) Security Issues: * CVE-2014-0098 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0098> * CVE-2013-6438 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6438> * CVE-2014-0226 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0226> * CVE-2014-0231 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0231> | ||
| Family: | unix | Class: | patch |
| Reference(s): | SUSE-SU-2014:1080-1 CVE-2014-0231 CVE-2014-0226 CVE-2013-6438 CVE-2014-0098 | Version: | 3 |
| Platform(s): | SUSE Linux Enterprise Server 11 | Product(s): | apache2 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:26507 | |||
| Oval ID: | oval:org.mitre.oval:def:26507 | ||
| Title: | Allows remote attackers to cause a denial of service by streaming data. | ||
| Description: | Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-3544 | Version: | 3 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Apache Tomcat |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:26513 | |||
| Oval ID: | oval:org.mitre.oval:def:26513 | ||
| Title: | USN-2319-1 -- openjdk-7 vulnerabilities | ||
| Description: | Several security issues were fixed in OpenJDK 7. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-2319-1 CVE-2014-2483 CVE-2014-2490 CVE-2014-4216 CVE-2014-4219 CVE-2014-4223 CVE-2014-4262 CVE-2014-4209 CVE-2014-4244 CVE-2014-4263 CVE-2014-4218 CVE-2014-4266 CVE-2014-4264 CVE-2014-4221 CVE-2014-4252 CVE-2014-4268 | Version: | 3 |
| Platform(s): | Ubuntu 14.04 | Product(s): | openjdk-7 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:26557 | |||
| Oval ID: | oval:org.mitre.oval:def:26557 | ||
| Title: | SUSE-SU-2014:1055-1 -- Security update for IBM Java | ||
| Description: | java-1_6_0-ibm has been updated to fix several security issues. | ||
| Family: | unix | Class: | patch |
| Reference(s): | SUSE-SU-2014:1055-1 CVE-2014-4227 CVE-2014-4262 CVE-2014-4219 CVE-2014-4209 CVE-2014-4268 CVE-2014-4218 CVE-2014-4252 CVE-2014-4265 CVE-2014-4263 CVE-2014-4244 | Version: | 3 |
| Platform(s): | SUSE Linux Enterprise Server 11 | Product(s): | IBM Java |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:26666 | |||
| Oval ID: | oval:org.mitre.oval:def:26666 | ||
| Title: | DEPRECATED: ELSA-2014-0370 -- httpd security update (Moderate) | ||
| Description: | The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. It was found that the mod_dav module did not correctly strip leading white space from certain elements in a parsed XML. In certain httpd configurations that use the mod_dav module (for example when using the mod_dav_svn module), a remote attacker could send a specially crafted DAV request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the "apache" user. (CVE-2013-6438) A buffer over-read flaw was found in the httpd mod_log_config module. In configurations where cookie logging is enabled (on Red Hat Enterprise Linux it is disabled by default), a remote attacker could use this flaw to crash the httpd child process via an HTTP request with a malformed cookie header. (CVE-2014-0098) All httpd users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon will be restarted automatically. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2014-0370 CVE-2013-6438 CVE-2014-0098 | Version: | 4 |
| Platform(s): | Oracle Linux 6 | Product(s): | httpd |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:26705 | |||
| Oval ID: | oval:org.mitre.oval:def:26705 | ||
| Title: | SUSE-SU-2014:1037-1 -- Security update for IBM Java 1.7.0 | ||
| Description: | IBM Java 1.7.0 has been updated to fix 14 security issues. | ||
| Family: | unix | Class: | patch |
| Reference(s): | SUSE-SU-2014:1037-1 CVE-2014-4227 CVE-2014-4262 CVE-2014-4219 CVE-2014-4209 CVE-2014-4220 CVE-2014-4268 CVE-2014-4218 CVE-2014-4252 CVE-2014-4266 CVE-2014-4265 CVE-2014-4221 CVE-2014-4263 CVE-2014-4244 CVE-2014-4208 | Version: | 3 |
| Platform(s): | SUSE Linux Enterprise Server 11 | Product(s): | IBM Java 1.7.0 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:26734 | |||
| Oval ID: | oval:org.mitre.oval:def:26734 | ||
| Title: | Allows remote attackers to cause a denial of service (out-of-bounds read) via a document that ends abruptly | ||
| Description: | parser.c in libxml2 before 2.9.0, as used in Google Chrome before 28.0.1500.71 and other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a document that ends abruptly, related to the lack of certain checks for the XML_PARSER_EOF state. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-2877 | Version: | 3 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:26742 | |||
| Oval ID: | oval:org.mitre.oval:def:26742 | ||
| Title: | DEPRECATED: ELSA-2014-0376 -- openssl security update (Important) | ||
| Description: | OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. An information disclosure flaw was found in the way OpenSSL handled TLS and DTLS Heartbeat Extension packets. A malicious TLS or DTLS client or server could send a specially crafted TLS or DTLS Heartbeat packet to disclose a limited portion of memory per request from a connected client or server. Note that the disclosed portions of memory could potentially include sensitive information such as private keys. (CVE-2014-0160) Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges Neel Mehta of Google Security as the original reporter. All OpenSSL users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2014-0376 CVE-2014-0160 | Version: | 4 |
| Platform(s): | Oracle Linux 6 | Product(s): | openssl |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:26773 | |||
| Oval ID: | oval:org.mitre.oval:def:26773 | ||
| Title: | DEPRECATED: SUSE-SU-2014:1072-1 -- Security update for MySQL | ||
| Description: | This MySQL update provides the following:upgrade to version 5.5.39 | ||
| Family: | unix | Class: | patch |
| Reference(s): | SUSE-SU-2014:1072-1 CVE-2014-2484 CVE-2014-4258 CVE-2014-4260 CVE-2014-2494 CVE-2014-4238 CVE-2014-4207 CVE-2014-4233 CVE-2014-4240 CVE-2014-4214 CVE-2014-4243 | Version: | 4 |
| Platform(s): | SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Desktop 11 | Product(s): | MySQL |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:26803 | |||
| Oval ID: | oval:org.mitre.oval:def:26803 | ||
| Title: | DEPRECATED: ELSA-2014-0369 -- httpd security update (Moderate) | ||
| Description: | The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. It was found that the mod_dav module did not correctly strip leading white space from certain elements in a parsed XML. In certain httpd configurations that use the mod_dav module (for example when using the mod_dav_svn module), a remote attacker could send a specially crafted DAV request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the "apache" user. (CVE-2013-6438) A buffer over-read flaw was found in the httpd mod_log_config module. In configurations where cookie logging is enabled (on Red Hat Enterprise Linux it is disabled by default), a remote attacker could use this flaw to crash the httpd child process via an HTTP request with a malformed cookie header. (CVE-2014-0098) All httpd users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon will be restarted automatically. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2014-0369 CVE-2014-0098 CVE-2013-6438 | Version: | 4 |
| Platform(s): | Oracle Linux 5 | Product(s): | httpd |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:26845 | |||
| Oval ID: | oval:org.mitre.oval:def:26845 | ||
| Title: | SUSE-SU-2014:1081-1 -- Security update for apache2 | ||
| Description: | This apache2 update fixes the following security and non-security issues: * mod_cgid denial of service (CVE-2014-0231, bnc#887768) * mod_status heap-based buffer overflow (CVE-2014-0226, bnc#887765) * mod_dav denial of service (CVE-2013-6438, bnc#869105) * log_cookie mod_log_config.c remote denial of service (CVE-2014-0098, bnc#869106) * Support ECDH in Apache2 (bnc#859916) * apache fails to start with SSL on Xen kernel at boot time (bnc#852401) Security Issues: * CVE-2014-0098 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0098> * CVE-2013-6438 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6438> * CVE-2014-0226 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0226> * CVE-2014-0231 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0231> | ||
| Family: | unix | Class: | patch |
| Reference(s): | SUSE-SU-2014:1081-1 CVE-2014-0231 CVE-2014-0226 CVE-2013-6438 CVE-2014-0098 | Version: | 3 |
| Platform(s): | SUSE Linux Enterprise Server 11 | Product(s): | apache2 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:26866 | |||
| Oval ID: | oval:org.mitre.oval:def:26866 | ||
| Title: | DEPRECATED: SUSE-SU-2014:1037-1 -- Security update for IBM Java 1.7.0 | ||
| Description: | IBM Java 1.7.0 has been updated to fix 14 security issues. | ||
| Family: | unix | Class: | patch |
| Reference(s): | SUSE-SU-2014:1037-1 CVE-2014-4227 CVE-2014-4262 CVE-2014-4219 CVE-2014-4209 CVE-2014-4220 CVE-2014-4268 CVE-2014-4218 CVE-2014-4252 CVE-2014-4266 CVE-2014-4265 CVE-2014-4221 CVE-2014-4263 CVE-2014-4244 CVE-2014-4208 | Version: | 4 |
| Platform(s): | SUSE Linux Enterprise Server 11 | Product(s): | IBM Java 1.7.0 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:26967 | |||
| Oval ID: | oval:org.mitre.oval:def:26967 | ||
| Title: | DEPRECATED: SUSE-SU-2014:1055-1 -- Security update for IBM Java | ||
| Description: | java-1_6_0-ibm has been updated to fix several security issues. | ||
| Family: | unix | Class: | patch |
| Reference(s): | SUSE-SU-2014:1055-1 CVE-2014-4227 CVE-2014-4262 CVE-2014-4219 CVE-2014-4209 CVE-2014-4268 CVE-2014-4218 CVE-2014-4252 CVE-2014-4265 CVE-2014-4263 CVE-2014-4244 | Version: | 4 |
| Platform(s): | SUSE Linux Enterprise Server 11 | Product(s): | IBM Java |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:26995 | |||
| Oval ID: | oval:org.mitre.oval:def:26995 | ||
| Title: | ELSA-2014-0890 -- java-1.7.0-openjdk security update (important) | ||
| Description: | [1.7.0.65-2.5.1.2.0.1.el5_10] - Add oracle-enterprise.patch - Fix DISTRO_NAME to 'Enterprise Linux' [1.7.0.65-2.5.1.2] - added and applied fix for samrtcard io patch405, pr1864_smartcardIO.patch - Resolves: rhbz#1115872 [1.7.0.65-2.5.1.1.el5] - updated to security patched icedtea7-forest 2.5.1 - Resolves: rhbz#1115872 [1.7.0.60-2.5.0.1.el5] - update to icedtea7-forest 2.5.0 (rh1114937) - Resolves: rhbz#1115872 | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2014-0890 CVE-2014-2483 CVE-2014-2490 CVE-2014-4209 CVE-2014-4216 CVE-2014-4218 CVE-2014-4219 CVE-2014-4221 CVE-2014-4223 CVE-2014-4244 CVE-2014-4252 CVE-2014-4262 CVE-2014-4263 CVE-2014-4266 | Version: | 5 |
| Platform(s): | Oracle Linux 5 | Product(s): | java-1.7.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:27080 | |||
| Oval ID: | oval:org.mitre.oval:def:27080 | ||
| Title: | ELSA-2014-0680 -- openssl098e security update (important) | ||
| Description: | [0.9.8e-29.2] - fix for CVE-2014-0224 - SSL/TLS MITM vulnerability | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2014-0680 CVE-2014-0224 | Version: | 3 |
| Platform(s): | Oracle Linux 7 | Product(s): | openssl098e |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:27106 | |||
| Oval ID: | oval:org.mitre.oval:def:27106 | ||
| Title: | DEPRECATED: ELSA-2014-0624 -- openssl security update (important) | ||
| Description: | [0.9.8e-27.3] - fix for CVE-2014-0224 - SSL/TLS MITM vulnerability [0.9.8e-27.1] - replace expired GlobalSign Root CA certificate in ca-bundle.crt | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2014-0624 CVE-2014-0224 | Version: | 4 |
| Platform(s): | Oracle Linux 5 | Product(s): | openssl |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:27123 | |||
| Oval ID: | oval:org.mitre.oval:def:27123 | ||
| Title: | ELSA-2014-0679 -- openssl security update (important) | ||
| Description: | [1.0.1e-34.3] - fix CVE-2010-5298 - possible use of memory after free - fix CVE-2014-0195 - buffer overflow via invalid DTLS fragment - fix CVE-2014-0198 - possible NULL pointer dereference - fix CVE-2014-0221 - DoS from invalid DTLS handshake packet - fix CVE-2014-0224 - SSL/TLS MITM vulnerability - fix CVE-2014-3470 - client-side DoS when using anonymous ECDH | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2014-0679 CVE-2010-5298 CVE-2014-0195 CVE-2014-0198 CVE-2014-0221 CVE-2014-0224 CVE-2014-3470 | Version: | 5 |
| Platform(s): | Oracle Linux 7 | Product(s): | openssl |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:27130 | |||
| Oval ID: | oval:org.mitre.oval:def:27130 | ||
| Title: | DEPRECATED: ELSA-2014-0626 -- openssl097a and openssl098e security update (important) | ||
| Description: | [0.9.8e-18.0.1.el6_5.2] - Updated the description [0.9.8e-18.2] - fix for CVE-2014-0224 - SSL/TLS MITM vulnerability [0.9.8e-18] - fix for CVE-2012-2110 - memory corruption in asn1_d2i_read_bio() (#814185) | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2014-0626 CVE-2014-0224 | Version: | 4 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | openssl097a openssl098e |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:27151 | |||
| Oval ID: | oval:org.mitre.oval:def:27151 | ||
| Title: | DEPRECATED: ELSA-2014-0625 -- openssl security update (important) | ||
| Description: | [1.0.1e-16.14] - fix CVE-2010-5298 - possible use of memory after free - fix CVE-2014-0195 - buffer overflow via invalid DTLS fragment - fix CVE-2014-0198 - possible NULL pointer dereference - fix CVE-2014-0221 - DoS from invalid DTLS handshake packet - fix CVE-2014-0224 - SSL/TLS MITM vulnerability - fix CVE-2014-3470 - client-side DoS when using anonymous ECDH | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2014-0625 CVE-2010-5298 CVE-2014-0195 CVE-2014-0198 CVE-2014-0221 CVE-2014-0224 CVE-2014-3470 | Version: | 4 |
| Platform(s): | Oracle Linux 6 | Product(s): | openssl |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:27179 | |||
| Oval ID: | oval:org.mitre.oval:def:27179 | ||
| Title: | ELSA-2014-1034 -- tomcat security update (low) | ||
| Description: | [0:7.0.42-8] - Resolves: CVE-2013-4590 - Resolves: CVE-2014-0119 | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2014-1034 CVE-2014-0119 | Version: | 3 |
| Platform(s): | Oracle Linux 7 | Product(s): | tomcat |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:27225 | |||
| Oval ID: | oval:org.mitre.oval:def:27225 | ||
| Title: | DEPRECATED: ELSA-2013-1582 -- python security, bug fix, and enhancement update (moderate) | ||
| Description: | [2.6.6-51] - Fixed memory leak in _ssl._get_peer_alt_names Resolves: rhbz#1002983 | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2013-1582 CVE-2013-4238 | Version: | 4 |
| Platform(s): | Oracle Linux 6 | Product(s): | python |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:27244 | |||
| Oval ID: | oval:org.mitre.oval:def:27244 | ||
| Title: | DEPRECATED: ELSA-2014-0561 -- curl security and bug fix update (moderate) | ||
| Description: | [7.19.7-37.el6_5.3] - fix re-use of wrong HTTP NTLM connection (CVE-2014-0015) - fix connection re-use when using different log-in credentials (CVE-2014-0138) [7.19.7-37.el6_5.2] - fix authentication failure when server offers multiple auth options (#1096797) [7.19.7-37.el6_5.1] - refresh expired cookie in test172 from upstream test-suite (#1092486) - fix a memory leak caused by write after close (#1092479) - nss: implement non-blocking SSL handshake (#1092480) | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2014-0561 CVE-2014-0015 CVE-2014-0138 | Version: | 4 |
| Platform(s): | Oracle Linux 6 | Product(s): | curl |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:27269 | |||
| Oval ID: | oval:org.mitre.oval:def:27269 | ||
| Title: | DEPRECATED: ELSA-2013-1144 -- nss, nss-util, nss-softokn, and nspr security update (moderate) | ||
| Description: | It was discovered that NSS leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. (CVE-2013-1620) An out-of-bounds memory read flaw was found in the way NSS decoded certain certificates. If an application using NSS decoded a malformed certificate, it could cause the application to crash. (CVE-2013-0791) | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2013-1144 CVE-2013-0791 CVE-2013-1620 | Version: | 4 |
| Platform(s): | Oracle Linux 6 | Product(s): | nspr nss nss-softokn nss-util |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:27273 | |||
| Oval ID: | oval:org.mitre.oval:def:27273 | ||
| Title: | DEPRECATED: ELSA-2014-0015 -- openssl security update (important) | ||
| Description: | [1.0.1e-16.4] - fix CVE-2013-4353 - Invalid TLS handshake crash [1.0.1e-16.3] - fix CVE-2013-6450 - possible MiTM attack on DTLS1 [1.0.1e-16.2] - fix CVE-2013-6449 - crash when version in SSL structure is incorrect | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2014-0015 CVE-2013-4353 CVE-2013-6449 CVE-2013-6450 | Version: | 4 |
| Platform(s): | Oracle Linux 6 | Product(s): | openssl |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:27293 | |||
| Oval ID: | oval:org.mitre.oval:def:27293 | ||
| Title: | ELSA-2014-0865 -- tomcat6 security and bug fix update (moderate) | ||
| Description: | [0:6.0.24-72] - Related: CVE-2014-0075 - rebuild to generate javadoc - correctly. previous build generated 0-length javadoc [0:6.0.24-69] - Related: CVE-2014-0075 incomplete [0:6.0.24-68] - Related: CVE-2013-4322. arches needs to be specified - as in arches noarch, so docs/webapps will produce - full files. building for ppc will generate empty - javadoc. [0:6.0.24-67] - Related: CVE-2014-0050 - Related: CVE-2013-4322 [0:6.0.24-66] - Resolves: CVE-2014-0099 - Resolves: CVE-2014-0096 - Resolves: CVE-2014-0075 [0:6.0.24-65] - Related: CVE-2014-0050 copy paste error | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2014-0865 CVE-2014-0075 CVE-2014-0096 CVE-2014-0099 | Version: | 3 |
| Platform(s): | Oracle Linux 6 | Product(s): | tomcat6 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:27354 | |||
| Oval ID: | oval:org.mitre.oval:def:27354 | ||
| Title: | DEPRECATED: ELSA-2014-0513 -- libxml2 security update (moderate) | ||
| Description: | [2.7.6-14.0.1.el6_5.1] - Update doc/redhat.gif in tarball - Add libxml2-oracle-enterprise.patch and update logos in tarball [2-2.7.6-14.el6_5.1] - Improve handling of xmlStopParser(CVE-2013-2877) - Do not fetch external parameter entities (CVE-2014-0191) | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2014-0513 CVE-2013-2877 CVE-2014-0191 | Version: | 4 |
| Platform(s): | Oracle Linux 6 | Product(s): | libxml2 |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:27513 | |||
| Oval ID: | oval:org.mitre.oval:def:27513 | ||
| Title: | DEPRECATED: ELSA-2013-1135 -- nss and nspr security, bug fix, and enhancement update (moderate) | ||
| Description: | nspr [4.9.2-4] - Resolves: rhbz#924741 - Rebase to nspr-4.9.5 nss [3.14.3-6] - Resolves: rhbz#986969 - nssutil_ReadSecmodDB() leaks memory [3.14.3-5] - Define -DNO_FORK_CHECK when compiling softoken for ABI compatibility - Remove the unused and obsolete nss-nochktest.patch - Resolves: rhbz#949845 - [RFE][RHEL5] Rebase to nss-3.14.3 to fix the lucky-13 issue [3.14.3-4] - Fix rpmdiff test reported failures and remove other unwanted changes - Resolves: rhbz#949845 - [RFE][RHEL5] Rebase to nss-3.14.3 to fix the lucky-13 issue [3.14.3-3] - Update to NSS_3_14_3_RTM - Rework the rebase to preserve needed idiosynchracies - Ensure we install frebl/softoken from the extra build tree - Don't include freebl static library or its private headers - Add patch to deal with system sqlite not being recent enough - Don't install nss-sysinit nor sharedb - Resolves: rhbz#949845 - [RFE][RHEL5] Rebase to nss-3.14.3 to fix the lucky-13 issue [3.14.3-2] - Restore the freebl-softoken source tar ball updated to 3.14.3 - Renumbering of some sources for clarity - Resolves: rhbz#918870 - [RFE][RHEL5] Rebase to nss-3.14.3 to fix the lucky-13 issue [3.14.3-1] - Update to NSS_3_14_3_RTM - Resolves: rhbz#918870 - [RFE][RHEL5] Rebase to nss-3.14.3 to fix the lucky-13 issue | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2013-1135 CVE-2013-0791 CVE-2013-1620 | Version: | 4 |
| Platform(s): | Oracle Linux 5 | Product(s): | nspr nss |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:27716 | |||
| Oval ID: | oval:org.mitre.oval:def:27716 | ||
| Title: | RHSA-2014:1893 -- libXfont security update (Important) | ||
| Description: | The libXfont packages provide the X.Org libXfont runtime library. X.Org is an open source implementation of the X Window System. A use-after-free flaw was found in the way libXfont processed certain font files when attempting to add a new directory to the font path. A malicious, local user could exploit this issue to potentially execute arbitrary code with the privileges of the X.Org server. (CVE-2014-0209) Multiple out-of-bounds write flaws were found in the way libXfont parsed replies received from an X.org font server. A malicious X.org server could cause an X client to crash or, possibly, execute arbitrary code with the privileges of the X.Org server. (CVE-2014-0210, CVE-2014-0211) Red Hat would like to thank the X.org project for reporting these issues. Upstream acknowledges Ilja van Sprundel as the original reporter. Users of libXfont should upgrade to these updated packages, which contain a backported patch to resolve this issue. All running X.Org server instances must be restarted for the update to take effect. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2014:1893 CESA-2014:1893 CVE-2014-0209 CVE-2014-0210 CVE-2014-0211 | Version: | 3 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | libXfont |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:28055 | |||
| Oval ID: | oval:org.mitre.oval:def:28055 | ||
| Title: | DSA-3065-1 -- libxml-security-java security update | ||
| Description: | James Forshaw discovered that, in Apache Santuario XML Security for Java, CanonicalizationMethod parameters were incorrectly validated: by specifying an arbitrary weak canonicalization algorithm, an attacker could spoof XML signatures. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-3065-1 CVE-2013-2172 | Version: | 3 |
| Platform(s): | Debian GNU/Linux 7.0 Debian GNU/kFreeBSD 7.0 | Product(s): | libxml-security-java |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:28393 | |||
| Oval ID: | oval:org.mitre.oval:def:28393 | ||
| Title: | ELSA-2014-1870 -- libXfont security update (important) | ||
| Description: | [1.4.5-4] - CVE-2014-0209: integer overflow of allocations in font metadata file parsing (bug 1163602, bug 1163601) - CVE-2014-0210: unvalidated length fields when parsing xfs protocol replies (bug 1163602, bug 1163601) - CVE-2014-0211: integer overflows calculating memory needs for xfs replies (bug 1163602, bug 1163601) | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2014-1870 CVE-2014-0209 CVE-2014-0210 CVE-2014-0211 | Version: | 3 |
| Platform(s): | Oracle Linux 6 Oracle Linux 7 | Product(s): | libXfont |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:28409 | |||
| Oval ID: | oval:org.mitre.oval:def:28409 | ||
| Title: | DSA-2987-2 -- openjdk-7 regression update | ||
| Description: | Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure or denial of service. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2987-2 CVE-2014-2483 CVE-2014-2490 CVE-2014-4209 CVE-2014-4216 CVE-2014-4218 CVE-2014-4219 CVE-2014-4221 CVE-2014-4223 CVE-2014-4244 CVE-2014-4252 CVE-2014-4262 CVE-2014-4263 CVE-2014-4264 CVE-2014-4266 CVE-2014-4268 | Version: | 3 |
| Platform(s): | Debian GNU/Linux 7.0 Debian GNU/kFreeBSD 7.0 | Product(s): | openjdk-7 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:28414 | |||
| Oval ID: | oval:org.mitre.oval:def:28414 | ||
| Title: | ELSA-2014-1893 -- libXfont security update (important) | ||
| Description: | [1.2.2-1.0.6] - CVE-2014-0209: integer overflow of allocations in font metadata file parsing (bug 1163602, bug 1163601) - CVE-2014-0210: unvalidated length fields when parsing xfs protocol replies (bug 1163602, bug 1163601) - CVE-2014-0211: integer overflows calculating memory needs for xfs replies (bug 1163602, bug 1163601) | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2014-1893 CVE-2014-0209 CVE-2014-0210 CVE-2014-0211 | Version: | 3 |
| Platform(s): | Oracle Linux 5 | Product(s): | libXfont |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:28435 | |||
| Oval ID: | oval:org.mitre.oval:def:28435 | ||
| Title: | RHSA-2014:1870 -- libXfont security update (Important) | ||
| Description: | The libXfont packages provide the X.Org libXfont runtime library. X.Org is an open source implementation of the X Window System. A use-after-free flaw was found in the way libXfont processed certain font files when attempting to add a new directory to the font path. A malicious, local user could exploit this issue to potentially execute arbitrary code with the privileges of the X.Org server. (CVE-2014-0209) Multiple out-of-bounds write flaws were found in the way libXfont parsed replies received from an X.org font server. A malicious X.org server could cause an X client to crash or, possibly, execute arbitrary code with the privileges of the X.Org server. (CVE-2014-0210, CVE-2014-0211) Red Hat would like to thank the X.org project for reporting these issues. Upstream acknowledges Ilja van Sprundel as the original reporter. Users of libXfont should upgrade to these updated packages, which contain a backported patch to resolve this issue. All running X.Org server instances must be restarted for the update to take effect. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2014:1870 CESA-2014:1870-CentOS 6 CESA-2014:1870-CentOS 7 CVE-2014-0209 CVE-2014-0210 CVE-2014-0211 | Version: | 3 |
| Platform(s): | Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 CentOS Linux 6 CentOS Linux 7 | Product(s): | libXfont |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:29321 | |||
| Oval ID: | oval:org.mitre.oval:def:29321 | ||
| Title: | DSA-2896-2 -- openssl -- security update | ||
| Description: | A vulnerability has been discovered in OpenSSL's support for the TLS/DTLS Heartbeat extension. Up to 64KB of memory from either client or server can be recovered by an attacker. This vulnerability might allow an attacker to compromise the private key and other sensitive data in memory. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2896-2 CVE-2014-0160 | Version: | 3 |
| Platform(s): | Debian GNU/Linux 7.0 Debian GNU/kFreeBSD 7.0 | Product(s): | openssl |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:29338 | |||
| Oval ID: | oval:org.mitre.oval:def:29338 | ||
| Title: | DSA-2950-2 -- openssl -- security update | ||
| Description: | Multiple vulnerabilities have been discovered in OpenSSL. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2950-2 CVE-2014-0195 CVE-2014-0221 CVE-2014-0224 CVE-2014-3470 | Version: | 3 |
| Platform(s): | Debian GNU/Linux 7.0 Debian GNU/kFreeBSD 7.0 | Product(s): | openssl |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
ExploitDB Exploits
| id | Description |
|---|---|
| 2014-04-24 | Heartbleed OpenSSL - Information Leak Exploit (2) - DTLS Support |
| 2014-04-10 | Heartbleed OpenSSL - Information Leak Exploit (1) |
| 2014-04-09 | OpenSSL 1.0.1f TLS Heartbeat Extension - Memory Disclosure (Multiple SSL/TLS ... |
| 2014-04-08 | OpenSSL TLS Heartbeat Extension - Memory Disclosure |
| 2014-02-12 | Apache Commons FileUpload and Apache Tomcat Denial-of-Service |
Information Assurance Vulnerability Management (IAVM)
| Date | Description |
|---|---|
| 2015-08-20 | IAVM : 2015-A-0199 - Multiple Vulnerabilities in Apple Mac OS X Severity : Category I - VMSKEY : V0061337 |
| 2015-07-16 | IAVM : 2015-A-0149 - Multiple Vulnerabilities in Juniper Networks and Security Manager(NSM) Appliance Severity : Category I - VMSKEY : V0061101 |
| 2015-06-25 | IAVM : 2015-B-0083 - Multiple Vulnerabilities in IBM Storwize V7000 Unified Severity : Category I - VMSKEY : V0060983 |
| 2015-05-21 | IAVM : 2015-A-0113 - Multiple Vulnerabilities in Juniper Networks CTPOS Severity : Category I - VMSKEY : V0060737 |
| 2015-01-22 | IAVM : 2015-B-0007 - Multiple Vulnerabilities in Juniper Secure Analytics (JSA) and Security Threa... Severity : Category I - VMSKEY : V0058213 |
| 2014-12-11 | IAVM : 2014-B-0161 - Multiple Vulnerabilities in VMware ESXi 5.1 Severity : Category I - VMSKEY : V0057717 |
| 2014-12-11 | IAVM : 2014-A-0191 - VMware vCenter Server 5.0 Certificate Validation Vulnerability Severity : Category I - VMSKEY : V0057699 |
| 2014-12-11 | IAVM : 2014-B-0159 - VMware vCenter Server Appliance 5.1 Cross-site Scripting Vulnerability Severity : Category II - VMSKEY : V0057687 |
| 2014-12-11 | IAVM : 2014-B-0162 - VMware vCenter Server 5.1 Certificate Validation Vulnerability Severity : Category I - VMSKEY : V0057685 |
| 2014-11-13 | IAVM : 2014-A-0172 - Multiple Vulnerabilities in Red Hat JBoss Enterprise Application Platform Severity : Category I - VMSKEY : V0057381 |
| 2014-07-31 | IAVM : 2014-B-0103 - Multiple Vulnerabilities in VMware Horizon View Client Severity : Category I - VMSKEY : V0053509 |
| 2014-07-31 | IAVM : 2014-A-0115 - Multiple Vulnerabilities in VMware Horizon View Severity : Category I - VMSKEY : V0053501 |
| 2014-07-31 | IAVM : 2014-B-0101 - Multiple Vulnerabilities in VMware vCenter Converter Standalone 5.1 Severity : Category I - VMSKEY : V0053505 |
| 2014-07-31 | IAVM : 2014-B-0102 - Multiple Vulnerabilities in VMware vCenter Converter Standalone 5.5 Severity : Category I - VMSKEY : V0053507 |
| 2014-07-24 | IAVM : 2014-B-0097 - Multiple Vulnerabilities in VMware ESXi 5.0 Severity : Category I - VMSKEY : V0053319 |
| 2014-07-17 | IAVM : 2014-A-0100 - Multiple Vulnerabilities in McAfee VirusScan Enterprise for Linux Severity : Category I - VMSKEY : V0053201 |
| 2014-07-17 | IAVM : 2014-B-0095 - Multiple Vulnerabilities in Splunk Severity : Category I - VMSKEY : V0053177 |
| 2014-07-17 | IAVM : 2014-A-0111 - Multiple Vulnerabilities in VMware Workstation Severity : Category I - VMSKEY : V0053179 |
| 2014-07-17 | IAVM : 2014-A-0110 - Multiple Vulnerabilities in VMware Player Severity : Category I - VMSKEY : V0053181 |
| 2014-07-17 | IAVM : 2014-A-0109 - Multiple Vulnerabilities in VMware Fusion Severity : Category I - VMSKEY : V0053183 |
| 2014-07-17 | IAVM : 2014-A-0107 - Multiple Vulnerabilities in Oracle & Sun Systems Products Suite Severity : Category I - VMSKEY : V0053187 |
| 2014-07-17 | IAVM : 2014-A-0106 - Multiple Vulnerabilities in Oracle MySQL Product Suite Severity : Category I - VMSKEY : V0053189 |
| 2014-07-17 | IAVM : 2014-A-0105 - Multiple Vulnerabilities in Oracle Java Severity : Category I - VMSKEY : V0053191 |
| 2014-07-17 | IAVM : 2014-A-0104 - Multiple Vulnerabilities in Oracle Fusion Middleware Severity : Category I - VMSKEY : V0053193 |
| 2014-07-17 | IAVM : 2014-A-0103 - Multiple Vulnerabilities in Oracle E-Business Severity : Category I - VMSKEY : V0053195 |
| 2014-07-17 | IAVM : 2014-A-0102 - Multiple Vulnerabilities in Oracle Database Severity : Category I - VMSKEY : V0053197 |
| 2014-07-17 | IAVM : 2014-A-0099 - Multiple Vulnerabilities in McAfee Email Gateway Severity : Category I - VMSKEY : V0053203 |
| 2014-07-03 | IAVM : 2014-B-0092 - Multiple Vulnerabilities in VMware vSphere Client 5.5 Severity : Category I - VMSKEY : V0052893 |
| 2014-07-03 | IAVM : 2014-B-0088 - Multiple Vulnerabilities in VMware ESXi 5.5 Severity : Category I - VMSKEY : V0052911 |
| 2014-07-03 | IAVM : 2014-B-0089 - Multiple Vulnerabilities in VMware ESXi 5.1 Severity : Category I - VMSKEY : V0052909 |
| 2014-07-03 | IAVM : 2014-B-0091 - Multiple Vulnerabilities in VMware vCenter Update Manager 5.5 Severity : Category I - VMSKEY : V0052907 |
| 2014-07-03 | IAVM : 2014-B-0084 - HP Onboard Administrator Information Disclosure Vulnerability Severity : Category I - VMSKEY : V0052901 |
| 2014-07-03 | IAVM : 2014-B-0085 - Multiple Vulnerabilities in HP System Management Homepage (SMH) Severity : Category I - VMSKEY : V0052899 |
| 2014-07-03 | IAVM : 2014-B-0090 - Multiple Vulnerabilities in VMware vCenter Operations Severity : Category I - VMSKEY : V0052895 |
| 2014-06-26 | IAVM : 2014-A-0089 - Multiple Vulnerabilities in Juniper Pulse Secure Access Service (IVE) Severity : Category I - VMSKEY : V0052805 |
| 2014-06-19 | IAVM : 2014-B-0079 - Multiple Vulnerabilities in IBM AIX Severity : Category I - VMSKEY : V0052641 |
| 2014-06-19 | IAVM : 2014-B-0078 - Multiple Vulnerabilities in Blue Coat ProxySG Severity : Category I - VMSKEY : V0052639 |
| 2014-06-19 | IAVM : 2014-A-0087 - Multiple Vulnerabilities in McAfee ePolicy Orchestrator Severity : Category I - VMSKEY : V0052637 |
| 2014-06-19 | IAVM : 2014-A-0084 - Multiple Vulnerabilities in Apache HTTP Server Severity : Category I - VMSKEY : V0052631 |
| 2014-06-19 | IAVM : 2014-B-0080 - Multiple Vulnerabilities in Stunnel Severity : Category I - VMSKEY : V0052627 |
| 2014-06-19 | IAVM : 2014-B-0077 - Multiple Vulnerabilities in McAfee Web Gateway Severity : Category I - VMSKEY : V0052625 |
| 2014-06-12 | IAVM : 2014-A-0083 - Multiple Vulnerabilities in OpenSSL Severity : Category I - VMSKEY : V0052495 |
| 2014-05-29 | IAVM : 2014-B-0065 - Multiple Vulnerabilities in IBM WebSphere Application Server Severity : Category I - VMSKEY : V0051617 |
| 2014-05-29 | IAVM : 2014-B-0063 - Multiple Vulnerabilities in Apache Tomcat Severity : Category I - VMSKEY : V0051613 |
| 2014-05-01 | IAVM : 2014-A-0063 - Multiple Vulnerabilities in McAfee VirusScan Enterprise for Linux Severity : Category I - VMSKEY : V0050009 |
| 2014-05-01 | IAVM : 2014-A-0062 - Multiple Vulnerabilities In McAfee Email Gateway Severity : Category I - VMSKEY : V0050005 |
| 2014-05-01 | IAVM : 2014-B-0050 - McAfee Web Gateway Information Disclosure Vulnerability Severity : Category I - VMSKEY : V0050003 |
| 2014-04-24 | IAVM : 2014-B-0046 - Multiple Vulnerabilities in HP System Management Homepage (SMH) Severity : Category I - VMSKEY : V0049737 |
| 2014-04-17 | IAVM : 2014-A-0054 - Multiple Vulnerabilities in Oracle Database Severity : Category I - VMSKEY : V0049587 |
| 2014-04-17 | IAVM : 2014-B-0042 - Stunnel Information Disclosure Vulnerability Severity : Category I - VMSKEY : V0049575 |
| 2014-04-17 | IAVM : 2014-B-0041 - Multiple Vulnerabilities in Splunk Severity : Category I - VMSKEY : V0049577 |
| 2014-04-17 | IAVM : 2014-A-0058 - Multiple Vulnerabilities in Oracle & Sun Systems Product Suite Severity : Category I - VMSKEY : V0049579 |
| 2014-04-17 | IAVM : 2014-A-0056 - Multiple Vulnerabilities in Oracle Java SE Severity : Category I - VMSKEY : V0049583 |
| 2014-04-17 | IAVM : 2014-A-0055 - Multiple Vulnerabilities in Oracle Fusion Middleware Severity : Category I - VMSKEY : V0049585 |
| 2014-04-17 | IAVM : 2014-A-0053 - Multiple Vulnerabilities in Juniper Network JUNOS Severity : Category I - VMSKEY : V0049589 |
| 2014-04-17 | IAVM : 2014-A-0057 - Multiple Vulnerabilities in Oracle MySQL Products Severity : Category I - VMSKEY : V0049591 |
| 2014-04-10 | IAVM : 2014-A-0051 - OpenSSL Information Disclosure Vulnerability Severity : Category I - VMSKEY : V0048667 |
| 2014-02-27 | IAVM : 2014-B-0019 - Multiple Vulnerabilities in Apache Tomcat Severity : Category I - VMSKEY : V0044527 |
| 2014-02-06 | IAVM : 2014-A-0021 - Multiple Vulnerabilities in Mozilla Products Severity : Category I - VMSKEY : V0043921 |
| 2014-01-30 | IAVM : 2014-A-0017 - Multiple Vulnerabilities in Cisco TelePresence Video Communication Server Severity : Category I - VMSKEY : V0043846 |
| 2014-01-30 | IAVM : 2014-A-0019 - Multiple Vulnerabilities in VMware Fusion Severity : Category I - VMSKEY : V0043844 |
| 2014-01-16 | IAVM : 2014-A-0009 - Multiple Vulnerabilities in Oracle Fusion Middleware Severity : Category I - VMSKEY : V0043395 |
| 2013-11-21 | IAVM : 2013-A-0222 - Multiple Vulnerabilties in VMware Workstation Severity : Category II - VMSKEY : V0042383 |
| 2013-11-21 | IAVM : 2013-A-0220 - Multiple Vulnerabilities in Mozilla Products Severity : Category I - VMSKEY : V0042380 |
| 2013-10-17 | IAVM : 2013-A-0199 - Multiple Vulnerabilities in Oracle Fusion Middleware Severity : Category I - VMSKEY : V0040786 |
| 2013-09-12 | IAVM : 2013-A-0177 - Multiple Vulnerabilities in Red Hat JBoss Enterprise Application Platform Severity : Category I - VMSKEY : V0040288 |
| 2013-05-16 | IAVM : 2013-B-0047 - Multiple Vulnerabilities in Apache Tomcat Severity : Category I - VMSKEY : V0037947 |
| 2012-06-28 | IAVM : 2012-A-0104 - Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client Severity : Category I - VMSKEY : V0033046 |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2020-02-25 | OpenSSL anonymous ECDH denial of service attempt RuleID : 52626 - Revision : 1 - Type : SERVER-OTHER |
| 2020-02-25 | OpenSSL anonymous ECDH denial of service attempt RuleID : 52625 - Revision : 1 - Type : SERVER-OTHER |
| 2020-01-21 | OpenSSL SSL ChangeCipherSpec man-in-the-middle attempt RuleID : 52487 - Revision : 1 - Type : SERVER-OTHER |
| 2019-10-17 | Apache cookie logging denial of service attempt RuleID : 51547 - Revision : 1 - Type : SERVER-APACHE |
| 2019-07-23 | Oracle Java AtomicReferenceFieldUpdater remote code execution attempt RuleID : 50460 - Revision : 1 - Type : FILE-JAVA |
| 2019-07-23 | Oracle Java AtomicReferenceFieldUpdater remote code execution attempt RuleID : 50459 - Revision : 1 - Type : FILE-JAVA |
| 2016-05-19 | OpenSSL TLS change cipher spec protocol denial of service attempt RuleID : 38575 - Revision : 4 - Type : SERVER-OTHER |
| 2016-03-22 | Oracle Java IntegerInterleavedRaster integer overflow attempt RuleID : 37805 - Revision : 3 - Type : FILE-JAVA |
| 2016-03-22 | Oracle Java IntegerInterleavedRaster integer overflow attempt RuleID : 37804 - Revision : 4 - Type : FILE-JAVA |
| 2015-01-31 | Oracle Database Server XML stack buffer overflow attempt RuleID : 32904 - Revision : 3 - Type : FILE-OTHER |
| 2015-01-31 | Oracle Database Server XML stack buffer overflow attempt RuleID : 32903 - Revision : 3 - Type : FILE-OTHER |
| 2014-11-16 | OpenSSL TLSv1.2 ChangeCipherSpec man-in-the-middle exploitation attempt RuleID : 31484 - Revision : 3 - Type : SERVER-OTHER |
| 2014-11-16 | OpenSSL TLSv1.1 ChangeCipherSpec man-in-the-middle exploitation attempt RuleID : 31483 - Revision : 3 - Type : SERVER-OTHER |
| 2014-11-16 | OpenSSL TLSv1.0 ChangeCipherSpec man-in-the-middle exploitation attempt RuleID : 31482 - Revision : 3 - Type : SERVER-OTHER |
| 2014-11-16 | OpenSSL SSL ChangeCipherSpec man-in-the-middle exploitation attempt RuleID : 31481 - Revision : 3 - Type : SERVER-OTHER |
| 2014-11-16 | OpenSSL TLSv1.2 ChangeCipherSpec man-in-the-middle exploitation attempt RuleID : 31480 - Revision : 3 - Type : SERVER-OTHER |
| 2014-11-16 | OpenSSL TLSv1.1 ChangeCipherSpec man-in-the-middle exploitation attempt RuleID : 31479 - Revision : 3 - Type : SERVER-OTHER |
| 2014-11-16 | OpenSSL TLSv1.0 ChangeCipherSpec man-in-the-middle exploitation attempt RuleID : 31478 - Revision : 3 - Type : SERVER-OTHER |
| 2014-11-16 | OpenSSL SSL ChangeCipherSpec man-in-the-middle exploitation attempt RuleID : 31477 - Revision : 3 - Type : SERVER-OTHER |
| 2014-11-16 | OpenSSL DTLSv1.0 handshake fragment buffer overrun attempt RuleID : 31361 - Revision : 4 - Type : SERVER-OTHER |
| 2014-11-16 | http POST request smuggling attempt RuleID : 31213 - Revision : 2 - Type : INDICATOR-COMPROMISE |
| 2014-11-16 | http GET request smuggling attempt RuleID : 31212 - Revision : 2 - Type : INDICATOR-COMPROMISE |
| 2014-11-16 | OpenSSL DTLSv1.0 handshake fragment buffer overrun attempt RuleID : 31182 - Revision : 2 - Type : SERVER-OTHER |
| 2014-07-05 | OpenSSL DTLS handshake recursion denial of service attempt RuleID : 31181 - Revision : 9 - Type : SERVER-OTHER |
| 2014-07-05 | OpenSSL DTLS handshake recursion denial of service attempt RuleID : 31180 - Revision : 7 - Type : SERVER-OTHER |
| 2014-05-25 | Apache Struts ParametersInterceptor classloader access attempt RuleID : 30792 - Revision : 6 - Type : SERVER-APACHE |
| 2014-05-25 | Apache Struts ParametersInterceptor classloader access attempt RuleID : 30790 - Revision : 6 - Type : SERVER-APACHE |
| 2014-04-25 | OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt RuleID : 30788-community - Revision : 5 - Type : SERVER-OTHER |
| 2014-05-24 | OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt RuleID : 30788 - Revision : 5 - Type : SERVER-OTHER |
| 2014-04-25 | OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt RuleID : 30787-community - Revision : 5 - Type : SERVER-OTHER |
| 2014-05-24 | OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt RuleID : 30787 - Revision : 5 - Type : SERVER-OTHER |
| 2014-04-25 | OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt RuleID : 30786-community - Revision : 4 - Type : SERVER-OTHER |
| 2014-05-24 | OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt RuleID : 30786 - Revision : 4 - Type : SERVER-OTHER |
| 2014-04-25 | OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt RuleID : 30785-community - Revision : 4 - Type : SERVER-OTHER |
| 2014-05-24 | OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt RuleID : 30785 - Revision : 4 - Type : SERVER-OTHER |
| 2014-04-25 | OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt RuleID : 30784-community - Revision : 4 - Type : SERVER-OTHER |
| 2014-05-24 | OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt RuleID : 30784 - Revision : 4 - Type : SERVER-OTHER |
| 2014-04-25 | OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt RuleID : 30783-community - Revision : 4 - Type : SERVER-OTHER |
| 2014-05-24 | OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt RuleID : 30783 - Revision : 4 - Type : SERVER-OTHER |
| 2014-04-25 | OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt RuleID : 30782-community - Revision : 4 - Type : SERVER-OTHER |
| 2014-05-24 | OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt RuleID : 30782 - Revision : 4 - Type : SERVER-OTHER |
| 2014-04-25 | OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt RuleID : 30781-community - Revision : 5 - Type : SERVER-OTHER |
| 2014-05-24 | OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt RuleID : 30781 - Revision : 5 - Type : SERVER-OTHER |
| 2014-04-25 | OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt RuleID : 30780-community - Revision : 4 - Type : SERVER-OTHER |
| 2014-05-24 | OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt RuleID : 30780 - Revision : 4 - Type : SERVER-OTHER |
| 2014-04-25 | OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt RuleID : 30779-community - Revision : 4 - Type : SERVER-OTHER |
| 2014-05-24 | OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt RuleID : 30779 - Revision : 4 - Type : SERVER-OTHER |
| 2014-04-25 | OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt RuleID : 30778-community - Revision : 4 - Type : SERVER-OTHER |
| 2014-05-24 | OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt RuleID : 30778 - Revision : 4 - Type : SERVER-OTHER |
| 2014-04-25 | OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt RuleID : 30777-community - Revision : 4 - Type : SERVER-OTHER |
| 2014-05-24 | OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt RuleID : 30777 - Revision : 4 - Type : SERVER-OTHER |
| 2014-05-17 | OpenVPN OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed at... RuleID : 30742 - Revision : 2 - Type : SERVER-OTHER |
| 2014-05-17 | OpenVPN OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed at... RuleID : 30741 - Revision : 3 - Type : SERVER-OTHER |
| 2014-05-17 | OpenVPN OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed at... RuleID : 30740 - Revision : 2 - Type : SERVER-OTHER |
| 2014-05-17 | OpenVPN OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed at... RuleID : 30739 - Revision : 3 - Type : SERVER-OTHER |
| 2014-05-17 | OpenVPN OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt RuleID : 30738 - Revision : 2 - Type : SERVER-OTHER |
| 2014-05-17 | OpenVPN OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt RuleID : 30737 - Revision : 3 - Type : SERVER-OTHER |
| 2014-05-17 | OpenVPN OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt RuleID : 30736 - Revision : 2 - Type : SERVER-OTHER |
| 2014-05-17 | OpenVPN OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt RuleID : 30735 - Revision : 3 - Type : SERVER-OTHER |
| 2014-05-17 | OpenVPN OpenSSL TLSv1.2 heartbeat read overrun attempt RuleID : 30734 - Revision : 4 - Type : SERVER-OTHER |
| 2014-05-17 | OpenVPN OpenSSL TLSv1.2 heartbeat read overrun attempt RuleID : 30733 - Revision : 5 - Type : SERVER-OTHER |
| 2014-05-17 | OpenVPN OpenSSL TLSv1.1 heartbeat read overrun attempt RuleID : 30732 - Revision : 4 - Type : SERVER-OTHER |
| 2014-05-17 | OpenVPN OpenSSL TLSv1.1 heartbeat read overrun attempt RuleID : 30731 - Revision : 5 - Type : SERVER-OTHER |
| 2014-05-17 | OpenVPN OpenSSL TLSv1 heartbeat read overrun attempt RuleID : 30730 - Revision : 4 - Type : SERVER-OTHER |
| 2014-05-17 | OpenVPN OpenSSL TLSv1 heartbeat read overrun attempt RuleID : 30729 - Revision : 5 - Type : SERVER-OTHER |
| 2014-05-17 | OpenVPN OpenSSL SSLv3 heartbeat read overrun attempt RuleID : 30728 - Revision : 4 - Type : SERVER-OTHER |
| 2014-05-17 | OpenVPN OpenSSL SSLv3 heartbeat read overrun attempt RuleID : 30727 - Revision : 5 - Type : SERVER-OTHER |
| 2014-05-17 | OpenVPN OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed at... RuleID : 30726 - Revision : 4 - Type : SERVER-OTHER |
| 2014-05-17 | OpenVPN OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed at... RuleID : 30725 - Revision : 3 - Type : SERVER-OTHER |
| 2014-05-17 | OpenVPN OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed at... RuleID : 30724 - Revision : 4 - Type : SERVER-OTHER |
| 2014-05-17 | OpenVPN OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed at... RuleID : 30723 - Revision : 3 - Type : SERVER-OTHER |
| 2014-05-17 | OpenVPN OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt RuleID : 30722 - Revision : 4 - Type : SERVER-OTHER |
| 2014-05-17 | OpenVPN OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt RuleID : 30721 - Revision : 3 - Type : SERVER-OTHER |
| 2014-05-17 | OpenVPN OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt RuleID : 30720 - Revision : 4 - Type : SERVER-OTHER |
| 2014-05-17 | OpenVPN OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt RuleID : 30719 - Revision : 3 - Type : SERVER-OTHER |
| 2014-05-17 | OpenVPN OpenSSL TLSv1.2 heartbeat read overrun attempt RuleID : 30718 - Revision : 5 - Type : SERVER-OTHER |
| 2014-05-17 | OpenVPN OpenSSL TLSv1.2 heartbeat read overrun attempt RuleID : 30717 - Revision : 4 - Type : SERVER-OTHER |
| 2014-05-17 | OpenVPN OpenSSL TLSv1.1 heartbeat read overrun attempt RuleID : 30716 - Revision : 5 - Type : SERVER-OTHER |
| 2014-05-17 | OpenVPN OpenSSL TLSv1.1 heartbeat read overrun attempt RuleID : 30715 - Revision : 4 - Type : SERVER-OTHER |
| 2014-05-17 | OpenVPN OpenSSL TLSv1 heartbeat read overrun attempt RuleID : 30714 - Revision : 5 - Type : SERVER-OTHER |
| 2014-05-17 | OpenVPN OpenSSL TLSv1 heartbeat read overrun attempt RuleID : 30713 - Revision : 4 - Type : SERVER-OTHER |
| 2014-05-17 | OpenVPN OpenSSL SSLv3 heartbeat read overrun attempt RuleID : 30712 - Revision : 5 - Type : SERVER-OTHER |
| 2014-05-17 | OpenVPN OpenSSL SSLv3 heartbeat read overrun attempt RuleID : 30711 - Revision : 4 - Type : SERVER-OTHER |
| 2014-04-15 | OpenSSL Heartbleed masscan access exploitation attempt RuleID : 30549-community - Revision : 2 - Type : SERVER-OTHER |
| 2014-05-15 | OpenSSL Heartbleed masscan access exploitation attempt RuleID : 30549 - Revision : 2 - Type : SERVER-OTHER |
| 2014-04-11 | OpenSSL TLSv1.2 heartbeat read overrun attempt RuleID : 30525-community - Revision : 4 - Type : SERVER-OTHER |
| 2014-05-11 | OpenSSL TLSv1.2 heartbeat read overrun attempt RuleID : 30525 - Revision : 4 - Type : SERVER-OTHER |
| 2014-04-11 | OpenSSL TLSv1.1 heartbeat read overrun attempt RuleID : 30524-community - Revision : 5 - Type : SERVER-OTHER |
| 2014-05-11 | OpenSSL TLSv1.1 heartbeat read overrun attempt RuleID : 30524 - Revision : 5 - Type : SERVER-OTHER |
| 2014-04-10 | OpenSSL TLSv1.2 heartbeat read overrun attempt - vulnerable client response RuleID : 30523-community - Revision : 9 - Type : SERVER-OTHER |
| 2014-05-10 | OpenSSL TLSv1.2 heartbeat read overrun attempt - vulnerable client response RuleID : 30523 - Revision : 9 - Type : SERVER-OTHER |
| 2014-04-10 | OpenSSL TLSv1.1 heartbeat read overrun attempt - vulnerable client response RuleID : 30522-community - Revision : 9 - Type : SERVER-OTHER |
| 2014-05-10 | OpenSSL TLSv1.1 heartbeat read overrun attempt - vulnerable client response RuleID : 30522 - Revision : 9 - Type : SERVER-OTHER |
| 2014-04-10 | OpenSSL TLSv1 heartbeat read overrun attempt - vulnerable client response RuleID : 30521-community - Revision : 9 - Type : SERVER-OTHER |
| 2014-05-10 | OpenSSL TLSv1 heartbeat read overrun attempt - vulnerable client response RuleID : 30521 - Revision : 9 - Type : SERVER-OTHER |
| 2014-04-10 | OpenSSL SSLv3 heartbeat read overrun attempt - vulnerable client response RuleID : 30520-community - Revision : 9 - Type : SERVER-OTHER |
| 2014-05-10 | OpenSSL SSLv3 heartbeat read overrun attempt - vulnerable client response RuleID : 30520 - Revision : 9 - Type : SERVER-OTHER |
| 2014-04-10 | OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt RuleID : 30517-community - Revision : 11 - Type : SERVER-OTHER |
| 2014-05-08 | OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt RuleID : 30517 - Revision : 11 - Type : SERVER-OTHER |
| 2014-04-10 | OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt RuleID : 30516-community - Revision : 11 - Type : SERVER-OTHER |
| 2014-05-08 | OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt RuleID : 30516 - Revision : 11 - Type : SERVER-OTHER |
| 2014-04-10 | OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt RuleID : 30515-community - Revision : 11 - Type : SERVER-OTHER |
| 2014-05-08 | OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt RuleID : 30515 - Revision : 11 - Type : SERVER-OTHER |
| 2014-04-10 | OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt RuleID : 30514-community - Revision : 11 - Type : SERVER-OTHER |
| 2014-05-08 | OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt RuleID : 30514 - Revision : 11 - Type : SERVER-OTHER |
| 2014-04-10 | OpenSSL TLSv1.2 heartbeat read overrun attempt RuleID : 30513-community - Revision : 8 - Type : SERVER-OTHER |
| 2014-05-08 | OpenSSL TLSv1.2 heartbeat read overrun attempt RuleID : 30513 - Revision : 8 - Type : SERVER-OTHER |
| 2014-04-10 | OpenSSL TLSv1.1 heartbeat read overrun attempt RuleID : 30512-community - Revision : 8 - Type : SERVER-OTHER |
| 2014-05-08 | OpenSSL TLSv1.1 heartbeat read overrun attempt RuleID : 30512 - Revision : 8 - Type : SERVER-OTHER |
| 2014-04-10 | OpenSSL TLSv1 heartbeat read overrun attempt RuleID : 30511-community - Revision : 8 - Type : SERVER-OTHER |
| 2014-05-08 | OpenSSL TLSv1 heartbeat read overrun attempt RuleID : 30511 - Revision : 8 - Type : SERVER-OTHER |
| 2014-04-10 | OpenSSL SSLv3 heartbeat read overrun attempt RuleID : 30510-community - Revision : 8 - Type : SERVER-OTHER |
| 2014-05-08 | OpenSSL SSLv3 heartbeat read overrun attempt RuleID : 30510 - Revision : 8 - Type : SERVER-OTHER |
| 2014-03-22 | Apache Tomcat infinite loop denial of service attempt RuleID : 29896 - Revision : 2 - Type : SERVER-APACHE |
| 2014-01-10 | Oracle Java XML digital signature spoofing attempt RuleID : 28157 - Revision : 3 - Type : BROWSER-PLUGINS |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2018-08-30 | Name : A web application running on the remote host is affected by multiple vulnerab... File : activemq_5_15_5.nasl - Type : ACT_GATHER_INFO |
| 2017-07-24 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL53192206.nasl - Type : ACT_GATHER_INFO |
| 2017-05-23 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2017-1366-1.nasl - Type : ACT_GATHER_INFO |
| 2017-04-06 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL16704.nasl - Type : ACT_GATHER_INFO |
| 2016-11-15 | Name : The remote Fedora host is missing a security update. File : fedora_2016-d6c87eb4af.nasl - Type : ACT_GATHER_INFO |
| 2016-07-21 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201607-09.nasl - Type : ACT_GATHER_INFO |
| 2016-06-23 | Name : The remote device is affected by multiple vulnerabilities. File : juniper_space_jsa10698.nasl - Type : ACT_GATHER_INFO |
| 2016-06-22 | Name : The remote OracleVM host is missing a security update. File : oraclevm_OVMSA-2016-0065.nasl - Type : ACT_GATHER_INFO |
| 2016-06-22 | Name : The remote OracleVM host is missing a security update. File : oraclevm_OVMSA-2016-0066.nasl - Type : ACT_GATHER_INFO |
| 2016-05-18 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL16716.nasl - Type : ACT_GATHER_INFO |
| 2016-04-18 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-3552.nasl - Type : ACT_GATHER_INFO |
| 2016-04-04 | Name : The remote device is affected by multiple vulnerabilities. File : appletv_7_2_1.nasl - Type : ACT_GATHER_INFO |
| 2016-03-29 | Name : The remote web server is affected by multiple vulnerabilities. File : hpsmh_7_2_6.nasl - Type : ACT_GATHER_INFO |
| 2016-03-28 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-3530.nasl - Type : ACT_GATHER_INFO |
| 2016-03-04 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2016-294.nasl - Type : ACT_GATHER_INFO |
| 2016-03-04 | Name : The remote VMware ESX / ESXi host is missing a security-related patch. File : vmware_esx_VMSA-2013-0012_remote.nasl - Type : ACT_GATHER_INFO |
| 2016-03-04 | Name : The remote VMware ESX / ESXi host is missing a security-related patch. File : vmware_esx_VMSA-2013-0015_remote.nasl - Type : ACT_GATHER_INFO |
| 2016-02-26 | Name : The remote device is missing a vendor-supplied security patch. File : cisco-sa-20140605-openssl-ios.nasl - Type : ACT_GATHER_INFO |
| 2016-02-26 | Name : The remote device is missing a vendor-supplied security patch. File : cisco-sa-20140605-openssl-iosxe.nasl - Type : ACT_GATHER_INFO |
| 2016-02-26 | Name : The remote device is missing a vendor-supplied security patch. File : cisco-sa-20140605-openssl-iosxr.nasl - Type : ACT_GATHER_INFO |
| 2016-02-26 | Name : The remote device is missing a vendor-supplied security patch. File : cisco-sa-20140605-openssl-nxos.nasl - Type : ACT_GATHER_INFO |
| 2016-02-10 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2016-652.nasl - Type : ACT_GATHER_INFO |
| 2016-01-19 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-3447.nasl - Type : ACT_GATHER_INFO |
| 2015-12-30 | Name : The remote VMware ESXi host is missing a security-related patch. File : vmware_VMSA-2014-0004_remote.nasl - Type : ACT_GATHER_INFO |
| 2015-12-30 | Name : The remote VMware ESXi host is missing a security-related patch. File : vmware_VMSA-2014-0006_remote.nasl - Type : ACT_GATHER_INFO |
| 2015-12-30 | Name : The remote VMware ESXi host is missing a security-related patch. File : vmware_VMSA-2014-0012_remote.nasl - Type : ACT_GATHER_INFO |
| 2015-12-29 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2015-959.nasl - Type : ACT_GATHER_INFO |
| 2015-12-22 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20151119_python_on_SL7_x.nasl - Type : ACT_GATHER_INFO |
| 2015-12-15 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2015-621.nasl - Type : ACT_GATHER_INFO |
| 2015-12-02 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2015-2101.nasl - Type : ACT_GATHER_INFO |
| 2015-11-24 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2015-2101.nasl - Type : ACT_GATHER_INFO |
| 2015-11-20 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-2101.nasl - Type : ACT_GATHER_INFO |
| 2015-11-03 | Name : The remote multi-function device is affected by multiple vulnerabilities. File : xerox_xrx15ao_colorqube.nasl - Type : ACT_GATHER_INFO |
| 2015-10-23 | Name : The remote web server is affected by multiple vulnerabilities. File : oracle_http_server_cpu_oct_2015.nasl - Type : ACT_GATHER_INFO |
| 2015-09-30 | Name : The remote Debian host is missing a security update. File : debian_DLA-313.nasl - Type : ACT_GATHER_INFO |
| 2015-08-17 | Name : The remote host is missing a Mac OS X update that fixes multiple security vul... File : macosx_10_10_5.nasl - Type : ACT_GATHER_INFO |
| 2015-08-17 | Name : The remote host is missing a Mac OS X update that fixes multiple security vul... File : macosx_SecUpd2015-006.nasl - Type : ACT_GATHER_INFO |
| 2015-08-06 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2015-1344-1.nasl - Type : ACT_GATHER_INFO |
| 2015-08-04 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20150722_python_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
| 2015-07-31 | Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2015-0098.nasl - Type : ACT_GATHER_INFO |
| 2015-07-31 | Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2015-0107.nasl - Type : ACT_GATHER_INFO |
| 2015-07-30 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2015-1330.nasl - Type : ACT_GATHER_INFO |
| 2015-07-28 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2015-1330.nasl - Type : ACT_GATHER_INFO |
| 2015-07-23 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-1330.nasl - Type : ACT_GATHER_INFO |
| 2015-07-20 | Name : The remote host is affected by multiple vulnerabilities. File : juniper_nsm_jsa10685.nasl - Type : ACT_GATHER_INFO |
| 2015-07-20 | Name : The remote host is affected by multiple vulnerabilities. File : juniper_nsm_jsa10685_cred.nasl - Type : ACT_GATHER_INFO |
| 2015-06-26 | Name : The remote IBM Storwize device is affected by multiple vulnerabilities. File : ibm_storwize_1_5_0_2.nasl - Type : ACT_GATHER_INFO |
| 2015-06-26 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2653-1.nasl - Type : ACT_GATHER_INFO |
| 2015-06-26 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-2654-1.nasl - Type : ACT_GATHER_INFO |
| 2015-06-25 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2015-552.nasl - Type : ACT_GATHER_INFO |
| 2015-05-29 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2015-529.nasl - Type : ACT_GATHER_INFO |
| 2015-05-29 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2015-530.nasl - Type : ACT_GATHER_INFO |
| 2015-05-29 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2015-531.nasl - Type : ACT_GATHER_INFO |
| 2015-05-29 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2015-532.nasl - Type : ACT_GATHER_INFO |
| 2015-05-29 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2015-533.nasl - Type : ACT_GATHER_INFO |
| 2015-05-20 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2013-1627-1.nasl - Type : ACT_GATHER_INFO |
| 2015-05-20 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2014-0665-1.nasl - Type : ACT_GATHER_INFO |
| 2015-05-20 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2014-0665-2.nasl - Type : ACT_GATHER_INFO |
| 2015-05-20 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2014-0727-1.nasl - Type : ACT_GATHER_INFO |
| 2015-05-20 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2014-1082-1.nasl - Type : ACT_GATHER_INFO |
| 2015-05-20 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2015-0743-1.nasl - Type : ACT_GATHER_INFO |
| 2015-05-18 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2015-526.nasl - Type : ACT_GATHER_INFO |
| 2015-05-18 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2015-527.nasl - Type : ACT_GATHER_INFO |
| 2015-05-14 | Name : The website content management system installed on the remote host is affecte... File : oracle_webcenter_sites_apr_2015_cpu.nasl - Type : ACT_GATHER_INFO |
| 2015-05-08 | Name : A web application running on the remote host is affected by multiple vulnerab... File : mysql_enterprise_monitor_2_3_17.nasl - Type : ACT_GATHER_INFO |
| 2015-05-08 | Name : A web application running on the remote host is affected by multiple vulnerab... File : mysql_enterprise_monitor_3_0_11.nasl - Type : ACT_GATHER_INFO |
| 2015-04-23 | Name : The remote Fedora host is missing a security update. File : fedora_2015-6010.nasl - Type : ACT_GATHER_INFO |
| 2015-04-22 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2015-5938.nasl - Type : ACT_GATHER_INFO |
| 2015-04-20 | Name : The remote Fedora host is missing a security update. File : fedora_2015-6003.nasl - Type : ACT_GATHER_INFO |
| 2015-04-13 | Name : The remote Fedora host is missing a security update. File : fedora_2015-4719.nasl - Type : ACT_GATHER_INFO |
| 2015-04-10 | Name : The remote host is missing a Mac OS X update that fixes multiple security vul... File : macosx_10_10_3.nasl - Type : ACT_GATHER_INFO |
| 2015-04-10 | Name : The remote host is missing a Mac OS X update that fixes multiple security vul... File : macosx_SecUpd2015-004.nasl - Type : ACT_GATHER_INFO |
| 2015-04-08 | Name : The remote Fedora host is missing a security update. File : fedora_2015-4658.nasl - Type : ACT_GATHER_INFO |
| 2015-04-08 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201504-01.nasl - Type : ACT_GATHER_INFO |
| 2015-04-01 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2015-0749.nasl - Type : ACT_GATHER_INFO |
| 2015-03-31 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2015-0749.nasl - Type : ACT_GATHER_INFO |
| 2015-03-31 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20150330_libxml2_on_SL7_x.nasl - Type : ACT_GATHER_INFO |
| 2015-03-30 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2015-062.nasl - Type : ACT_GATHER_INFO |
| 2015-03-30 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2015-075.nasl - Type : ACT_GATHER_INFO |
| 2015-03-30 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2015-084.nasl - Type : ACT_GATHER_INFO |
| 2015-03-30 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2015-091.nasl - Type : ACT_GATHER_INFO |
| 2015-03-30 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2015-093.nasl - Type : ACT_GATHER_INFO |
| 2015-03-30 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2015-098.nasl - Type : ACT_GATHER_INFO |
| 2015-03-30 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2015-111.nasl - Type : ACT_GATHER_INFO |
| 2015-03-30 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2015-145.nasl - Type : ACT_GATHER_INFO |
| 2015-03-30 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-0749.nasl - Type : ACT_GATHER_INFO |
| 2015-03-30 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libmysql55client18-150302.nasl - Type : ACT_GATHER_INFO |
| 2015-03-27 | Name : The remote Fedora host is missing a security update. File : fedora_2015-3948.nasl - Type : ACT_GATHER_INFO |
| 2015-03-27 | Name : The remote Fedora host is missing a security update. File : fedora_2015-3964.nasl - Type : ACT_GATHER_INFO |
| 2015-03-26 | Name : The remote Debian host is missing a security update. File : debian_DLA-151.nasl - Type : ACT_GATHER_INFO |
| 2015-03-26 | Name : The remote Debian host is missing a security update. File : debian_DLA-16.nasl - Type : ACT_GATHER_INFO |
| 2015-03-26 | Name : The remote Debian host is missing a security update. File : debian_DLA-23.nasl - Type : ACT_GATHER_INFO |
| 2015-03-26 | Name : The remote Debian host is missing a security update. File : debian_DLA-57.nasl - Type : ACT_GATHER_INFO |
| 2015-03-26 | Name : The remote Debian host is missing a security update. File : debian_DLA-66.nasl - Type : ACT_GATHER_INFO |
| 2015-03-26 | Name : The remote Debian host is missing a security update. File : debian_DLA-80.nasl - Type : ACT_GATHER_INFO |
| 2015-03-26 | Name : The remote Debian host is missing a security update. File : debian_DLA-85.nasl - Type : ACT_GATHER_INFO |
| 2015-03-26 | Name : The remote Debian host is missing a security update. File : debian_DLA-96.nasl - Type : ACT_GATHER_INFO |
| 2015-03-24 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201406-11.nasl - Type : ACT_GATHER_INFO |
| 2015-03-24 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201503-10.nasl - Type : ACT_GATHER_INFO |
| 2015-03-23 | Name : The remote Fedora host is missing a security update. File : fedora_2015-3953.nasl - Type : ACT_GATHER_INFO |
| 2015-03-19 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2015-052.nasl - Type : ACT_GATHER_INFO |
| 2015-03-19 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2015-053.nasl - Type : ACT_GATHER_INFO |
| 2015-03-19 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2015-059.nasl - Type : ACT_GATHER_INFO |
| 2015-03-12 | Name : The remote host has software installed that is affected by multiple vulnerabi... File : ibm_rational_clearquest_8_0_1_3_01.nasl - Type : ACT_GATHER_INFO |
| 2015-03-12 | Name : The remote host has software installed that is affected by multiple vulnerabi... File : ibm_rational_clearquest_8_0_1_6.nasl - Type : ACT_GATHER_INFO |
| 2015-03-05 | Name : The remote Apache Tomcat server is affected by multiple vulnerabilities. File : tomcat_6_0_43.nasl - Type : ACT_GATHER_INFO |
| 2015-02-25 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-0264.nasl - Type : ACT_GATHER_INFO |
| 2015-02-24 | Name : The remote Fedora host is missing a security update. File : fedora_2015-2109.nasl - Type : ACT_GATHER_INFO |
| 2015-02-16 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201502-12.nasl - Type : ACT_GATHER_INFO |
| 2015-02-09 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2015-116.nasl - Type : ACT_GATHER_INFO |
| 2015-01-30 | Name : The remote web server contains a web application that uses a Java framework t... File : struts_2_3_16_1_win_local.nasl - Type : ACT_GATHER_INFO |
| 2015-01-27 | Name : The remote web server is affected by multiple vulnerabilities. File : oracle_http_server_cpu_jan_2015.nasl - Type : ACT_GATHER_INFO |
| 2015-01-26 | Name : The remote host has an enterprise management application installed that is af... File : oracle_enterprise_manager_jan_2015_cpu.nasl - Type : ACT_GATHER_INFO |
| 2015-01-23 | Name : The remote device is missing a vendor-supplied security patch. File : juniper_jsa10669.nasl - Type : ACT_GATHER_INFO |
| 2015-01-22 | Name : The remote host has an application installed that is affected by multiple vul... File : oracle_virtualbox_jan_2015_cpu.nasl - Type : ACT_GATHER_INFO |
| 2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_apache_20140915.nasl - Type : ACT_GATHER_INFO |
| 2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_libcurl_20140415.nasl - Type : ACT_GATHER_INFO |
| 2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_libxml2_20140819.nasl - Type : ACT_GATHER_INFO |
| 2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_nss_20140809.nasl - Type : ACT_GATHER_INFO |
| 2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_openssl_20140623.nasl - Type : ACT_GATHER_INFO |
| 2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_openssl_20140731.nasl - Type : ACT_GATHER_INFO |
| 2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_openssl_20141014.nasl - Type : ACT_GATHER_INFO |
| 2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_tomcat_20140401_2.nasl - Type : ACT_GATHER_INFO |
| 2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_tomcat_20140522.nasl - Type : ACT_GATHER_INFO |
| 2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_tomcat_20140715.nasl - Type : ACT_GATHER_INFO |
| 2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_wanboot_20141014.nasl - Type : ACT_GATHER_INFO |
| 2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_xorg_20141107_2.nasl - Type : ACT_GATHER_INFO |
| 2015-01-02 | Name : The remote Fedora host is missing a security update. File : fedora_2014-17573.nasl - Type : ACT_GATHER_INFO |
| 2015-01-02 | Name : The remote Fedora host is missing a security update. File : fedora_2014-17576.nasl - Type : ACT_GATHER_INFO |
| 2015-01-02 | Name : The remote Fedora host is missing a security update. File : fedora_2014-17587.nasl - Type : ACT_GATHER_INFO |
| 2015-01-02 | Name : The remote Fedora host is missing a security update. File : fedora_2014-17609.nasl - Type : ACT_GATHER_INFO |
| 2014-12-26 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201412-39.nasl - Type : ACT_GATHER_INFO |
| 2014-12-22 | Name : The remote device is affected by multiple vulnerabilities. File : juniper_space_jsa10659.nasl - Type : ACT_GATHER_INFO |
| 2014-12-16 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-770.nasl - Type : ACT_GATHER_INFO |
| 2014-12-16 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-772.nasl - Type : ACT_GATHER_INFO |
| 2014-12-16 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-773.nasl - Type : ACT_GATHER_INFO |
| 2014-12-15 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201412-11.nasl - Type : ACT_GATHER_INFO |
| 2014-12-15 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201412-29.nasl - Type : ACT_GATHER_INFO |
| 2014-12-12 | Name : The remote VMware ESXi 5.1 host is affected by multiple vulnerabilities. File : vmware_esxi_5_1_build_2323236_remote.nasl - Type : ACT_GATHER_INFO |
| 2014-12-12 | Name : The remote host has a virtualization appliance installed that is affected by ... File : vmware_vcenter_server_appliance_vmsa-2014-0012.nasl - Type : ACT_GATHER_INFO |
| 2014-12-12 | Name : The remote host has an update manager installed that is affected by multiple ... File : vmware_vcenter_update_mgr_vmsa-2014-0012.nasl - Type : ACT_GATHER_INFO |
| 2014-12-12 | Name : The remote host has a virtualization management application installed that is... File : vmware_vcenter_vmsa-2014-0012.nasl - Type : ACT_GATHER_INFO |
| 2014-12-06 | Name : The remote VMware ESXi host is missing a security-related patch. File : vmware_VMSA-2014-0012.nasl - Type : ACT_GATHER_INFO |
| 2014-12-05 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_compat-openssl097g-141202.nasl - Type : ACT_GATHER_INFO |
| 2014-12-03 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL15428.nasl - Type : ACT_GATHER_INFO |
| 2014-12-03 | Name : The remote Windows host has web portal software installed that is affected by... File : websphere_portal_7_0_0_2_cf29.nasl - Type : ACT_GATHER_INFO |
| 2014-11-26 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-1893.nasl - Type : ACT_GATHER_INFO |
| 2014-11-26 | Name : The remote OracleVM host is missing a security update. File : oraclevm_OVMSA-2014-0007.nasl - Type : ACT_GATHER_INFO |
| 2014-11-26 | Name : The remote OracleVM host is missing a security update. File : oraclevm_OVMSA-2014-0008.nasl - Type : ACT_GATHER_INFO |
| 2014-11-26 | Name : The remote OracleVM host is missing a security update. File : oraclevm_OVMSA-2014-0012.nasl - Type : ACT_GATHER_INFO |
| 2014-11-26 | Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2014-0014.nasl - Type : ACT_GATHER_INFO |
| 2014-11-26 | Name : The remote OracleVM host is missing a security update. File : oraclevm_OVMSA-2014-0015.nasl - Type : ACT_GATHER_INFO |
| 2014-11-26 | Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2014-0023.nasl - Type : ACT_GATHER_INFO |
| 2014-11-26 | Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2014-0031.nasl - Type : ACT_GATHER_INFO |
| 2014-11-26 | Name : The remote OracleVM host is missing a security update. File : oraclevm_OVMSA-2014-0032.nasl - Type : ACT_GATHER_INFO |
| 2014-11-26 | Name : The remote OracleVM host is missing a security update. File : oraclevm_OVMSA-2014-0039.nasl - Type : ACT_GATHER_INFO |
| 2014-11-26 | Name : The remote OracleVM host is missing a security update. File : oraclevm_OVMSA-2014-0040.nasl - Type : ACT_GATHER_INFO |
| 2014-11-26 | Name : The remote OracleVM host is missing a security update. File : oraclevm_OVMSA-2014-0080.nasl - Type : ACT_GATHER_INFO |
| 2014-11-25 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-1893.nasl - Type : ACT_GATHER_INFO |
| 2014-11-25 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1893.nasl - Type : ACT_GATHER_INFO |
| 2014-11-25 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20141124_libXfont_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2014-11-21 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-1859.nasl - Type : ACT_GATHER_INFO |
| 2014-11-21 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-1861.nasl - Type : ACT_GATHER_INFO |
| 2014-11-21 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-1870.nasl - Type : ACT_GATHER_INFO |
| 2014-11-19 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-1870.nasl - Type : ACT_GATHER_INFO |
| 2014-11-19 | Name : The remote host is affected by a security bypass vulnerability. File : ibm_tem_9_1_1117_0.nasl - Type : ACT_GATHER_INFO |
| 2014-11-19 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1870.nasl - Type : ACT_GATHER_INFO |
| 2014-11-19 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20141118_libXfont_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
| 2014-11-18 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-1859.nasl - Type : ACT_GATHER_INFO |
| 2014-11-18 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-1861.nasl - Type : ACT_GATHER_INFO |
| 2014-11-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1859.nasl - Type : ACT_GATHER_INFO |
| 2014-11-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1861.nasl - Type : ACT_GATHER_INFO |
| 2014-11-18 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20141117_mariadb_on_SL7_x.nasl - Type : ACT_GATHER_INFO |
| 2014-11-18 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20141117_mysql55_mysql_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2014-11-12 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-1582.nasl - Type : ACT_GATHER_INFO |
| 2014-11-12 | Name : The remote Windows host has web portal software installed that is affected by... File : websphere_portal_8_5_0_0_cf02.nasl - Type : ACT_GATHER_INFO |
| 2014-11-11 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0908.nasl - Type : ACT_GATHER_INFO |
| 2014-11-10 | Name : The remote AIX host is missing a vendor-supplied security patch. File : aix_U861276.nasl - Type : ACT_GATHER_INFO |
| 2014-11-10 | Name : The remote AIX host is missing a vendor-supplied security patch. File : aix_U862099.nasl - Type : ACT_GATHER_INFO |
| 2014-11-08 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2013-1181.nasl - Type : ACT_GATHER_INFO |
| 2014-11-08 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2013-1527.nasl - Type : ACT_GATHER_INFO |
| 2014-11-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-1840.nasl - Type : ACT_GATHER_INFO |
| 2014-11-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-1841.nasl - Type : ACT_GATHER_INFO |
| 2014-11-08 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2014-0041.nasl - Type : ACT_GATHER_INFO |
| 2014-11-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0377.nasl - Type : ACT_GATHER_INFO |
| 2014-11-08 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2014-0378.nasl - Type : ACT_GATHER_INFO |
| 2014-11-08 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2014-0396.nasl - Type : ACT_GATHER_INFO |
| 2014-11-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0414.nasl - Type : ACT_GATHER_INFO |
| 2014-11-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0416.nasl - Type : ACT_GATHER_INFO |
| 2014-11-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0500.nasl - Type : ACT_GATHER_INFO |
| 2014-11-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0627.nasl - Type : ACT_GATHER_INFO |
| 2014-11-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0628.nasl - Type : ACT_GATHER_INFO |
| 2014-11-08 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2014-0629.nasl - Type : ACT_GATHER_INFO |
| 2014-11-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0902.nasl - Type : ACT_GATHER_INFO |
| 2014-11-08 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2014-0979.nasl - Type : ACT_GATHER_INFO |
| 2014-11-07 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-3065.nasl - Type : ACT_GATHER_INFO |
| 2014-10-31 | Name : The remote host is affected by multiple vulnerabilities. File : oracle_opensso_agent_cpu_oct_2014.nasl - Type : ACT_GATHER_INFO |
| 2014-10-30 | Name : The remote host is affected by multiple vulnerabilities. File : oracle_edq_oct_2014_cpu.nasl - Type : ACT_GATHER_INFO |
| 2014-10-28 | Name : The remote host is affected by a remote code execution vulnerability. File : oracle_oaam_cpu_oct_2014.nasl - Type : ACT_GATHER_INFO |
| 2014-10-24 | Name : The remote host has a virtualization appliance installed that is affected by ... File : vmware_orchestrator_appliance_vmsa_2014_0007.nasl - Type : ACT_GATHER_INFO |
| 2014-10-24 | Name : The remote host has a virtualization application installed that is affected b... File : vmware_orchestrator_vmsa_2014_0007.nasl - Type : ACT_GATHER_INFO |
| 2014-10-21 | Name : The remote host is affected by multiple vulnerabilities. File : oracle_eids_cpu_oct_2014.nasl - Type : ACT_GATHER_INFO |
| 2014-10-20 | Name : The remote host is affected by a man-in-the-middle vulnerability. File : palo_alto_PAN-SA-2014-0003.nasl - Type : ACT_GATHER_INFO |
| 2014-10-17 | Name : The remote host is missing a Mac OS X update that fixes multiple vulnerabilit... File : macosx_10_10.nasl - Type : ACT_GATHER_INFO |
| 2014-10-17 | Name : The remote host has an application installed that is affected by multiple vul... File : oracle_identity_management_cpu_oct_2014.nasl - Type : ACT_GATHER_INFO |
| 2014-10-17 | Name : The remote database server is affected by multiple vulnerabilities. File : oracle_rdbms_cpu_oct_2014.nasl - Type : ACT_GATHER_INFO |
| 2014-10-12 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2014-331.nasl - Type : ACT_GATHER_INFO |
| 2014-10-12 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2014-340.nasl - Type : ACT_GATHER_INFO |
| 2014-10-12 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2014-341.nasl - Type : ACT_GATHER_INFO |
| 2014-10-12 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2014-344.nasl - Type : ACT_GATHER_INFO |
| 2014-10-12 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2014-349.nasl - Type : ACT_GATHER_INFO |
| 2014-10-12 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2014-350.nasl - Type : ACT_GATHER_INFO |
| 2014-10-12 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2014-351.nasl - Type : ACT_GATHER_INFO |
| 2014-10-12 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2014-383.nasl - Type : ACT_GATHER_INFO |
| 2014-10-12 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2014-387.nasl - Type : ACT_GATHER_INFO |
| 2014-10-12 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2014-404.nasl - Type : ACT_GATHER_INFO |
| 2014-10-10 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL15147.nasl - Type : ACT_GATHER_INFO |
| 2014-10-10 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL15158.nasl - Type : ACT_GATHER_INFO |
| 2014-10-10 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL15159.nasl - Type : ACT_GATHER_INFO |
| 2014-10-10 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL15189.nasl - Type : ACT_GATHER_INFO |
| 2014-10-10 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL15325.nasl - Type : ACT_GATHER_INFO |
| 2014-10-10 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL15328.nasl - Type : ACT_GATHER_INFO |
| 2014-10-10 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL15329.nasl - Type : ACT_GATHER_INFO |
| 2014-10-10 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL15343.nasl - Type : ACT_GATHER_INFO |
| 2014-10-10 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL15356.nasl - Type : ACT_GATHER_INFO |
| 2014-10-10 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL15426.nasl - Type : ACT_GATHER_INFO |
| 2014-10-10 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL15429.nasl - Type : ACT_GATHER_INFO |
| 2014-10-10 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL15432.nasl - Type : ACT_GATHER_INFO |
| 2014-10-10 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL15630.nasl - Type : ACT_GATHER_INFO |
| 2014-10-09 | Name : The remote printer is affected by a security bypass vulnerability. File : hp_laserjet_hpsbpi03107.nasl - Type : ACT_GATHER_INFO |
| 2014-10-09 | Name : The remote HP OfficeJet printer is affected by a security bypass vulnerability. File : hp_officejet_hpsbpi03107.nasl - Type : ACT_GATHER_INFO |
| 2014-10-02 | Name : The remote host has a virtualization appliance installed that is affected by ... File : vmware_vsphere_replication_vmsa_2014_0006.nasl - Type : ACT_GATHER_INFO |
| 2014-10-01 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-1246.nasl - Type : ACT_GATHER_INFO |
| 2014-09-29 | Name : The remote Fedora host is missing a security update. File : fedora_2014-11048.nasl - Type : ACT_GATHER_INFO |
| 2014-09-29 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20140916_nss_and_nspr_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2014-09-22 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201409-08.nasl - Type : ACT_GATHER_INFO |
| 2014-09-18 | Name : The remote host is missing a Mac OS X update that fixes multiple vulnerabilit... File : macosx_10_9_5.nasl - Type : ACT_GATHER_INFO |
| 2014-09-18 | Name : The remote host is missing a Mac OS X update that fixes multiple security iss... File : macosx_SecUpd2014-004.nasl - Type : ACT_GATHER_INFO |
| 2014-09-18 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-1246.nasl - Type : ACT_GATHER_INFO |
| 2014-09-17 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2319-3.nasl - Type : ACT_GATHER_INFO |
| 2014-09-17 | Name : The remote host has a virtualization management application installed that is... File : vmware_vcenter_vmsa-2014-0008.nasl - Type : ACT_GATHER_INFO |
| 2014-09-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1246.nasl - Type : ACT_GATHER_INFO |
| 2014-09-12 | Name : The remote database server is affected by multiple vulnerabilities. File : mysql_5_6_20.nasl - Type : ACT_GATHER_INFO |
| 2014-09-11 | Name : The remote host is affected by multiple vulnerabilities. File : emc_documentum_content_server_ESA-2014-079.nasl - Type : ACT_GATHER_INFO |
| 2014-09-11 | Name : The remote VMware ESXi host is missing a security-related patch. File : vmware_VMSA-2014-0008.nasl - Type : ACT_GATHER_INFO |
| 2014-09-05 | Name : The remote Windows host has web portal software installed that is affected by... File : websphere_portal_cve-2014-0114.nasl - Type : ACT_GATHER_INFO |
| 2014-09-02 | Name : The remote Apache Tomcat server is affected by multiple vulnerabilities. File : tomcat_7_0_55.nasl - Type : ACT_GATHER_INFO |
| 2014-09-02 | Name : The remote Apache Tomcat server is affected by multiple vulnerabilities. File : tomcat_8_0_11.nasl - Type : ACT_GATHER_INFO |
| 2014-08-30 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201408-12.nasl - Type : ACT_GATHER_INFO |
| 2014-08-29 | Name : The remote host has software installed that is affected by an information dis... File : kaspersky_internet_security_heartbleed.nasl - Type : ACT_GATHER_INFO |
| 2014-08-29 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libmysql55client18-140819.nasl - Type : ACT_GATHER_INFO |
| 2014-08-29 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libmysql55client18-140820.nasl - Type : ACT_GATHER_INFO |
| 2014-08-29 | Name : The remote application server may be affected by multiple vulnerabilities. File : websphere_8_5_5_3.nasl - Type : ACT_GATHER_INFO |
| 2014-08-26 | Name : The remote web server has an application installed that is affected by multip... File : pivotal_webserver_5_4_1.nasl - Type : ACT_GATHER_INFO |
| 2014-08-26 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2319-2.nasl - Type : ACT_GATHER_INFO |
| 2014-08-23 | Name : The remote Fedora host is missing a security update. File : fedora_2014-9380.nasl - Type : ACT_GATHER_INFO |
| 2014-08-23 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1087.nasl - Type : ACT_GATHER_INFO |
| 2014-08-23 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1088.nasl - Type : ACT_GATHER_INFO |
| 2014-08-22 | Name : The remote AIX host has a version of Java SDK installed that is affected by m... File : aix_java_jul2014_advisory.nasl - Type : ACT_GATHER_INFO |
| 2014-08-22 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2940.nasl - Type : ACT_GATHER_INFO |
| 2014-08-22 | Name : The remote host is affected by multiple vulnerabilities. File : juniper_nsm_jsa10642.nasl - Type : ACT_GATHER_INFO |
| 2014-08-22 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-ibm-140815.nasl - Type : ACT_GATHER_INFO |
| 2014-08-21 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-502.nasl - Type : ACT_GATHER_INFO |
| 2014-08-21 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-503.nasl - Type : ACT_GATHER_INFO |
| 2014-08-20 | Name : The remote AIX host is missing a security patch. File : aix_IV62447.nasl - Type : ACT_GATHER_INFO |
| 2014-08-20 | Name : The remote AIX host is missing a security patch. File : aix_IV62448.nasl - Type : ACT_GATHER_INFO |
| 2014-08-20 | Name : The remote AIX host is missing a security patch. File : aix_IV62449.nasl - Type : ACT_GATHER_INFO |
| 2014-08-20 | Name : The remote AIX host is missing a security patch. File : aix_IV62450.nasl - Type : ACT_GATHER_INFO |
| 2014-08-20 | Name : A web application on the remote host is affected by multiple vulnerabilities. File : puppet_enterprise_330.nasl - Type : ACT_GATHER_INFO |
| 2014-08-20 | Name : A web application on the remote host is affected by multiple vulnerabilities. File : puppet_enterprise_331.nasl - Type : ACT_GATHER_INFO |
| 2014-08-20 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_7_0-ibm-140815.nasl - Type : ACT_GATHER_INFO |
| 2014-08-20 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2319-1.nasl - Type : ACT_GATHER_INFO |
| 2014-08-20 | Name : The remote Mac OS X host has an application installed that is affected by mul... File : macosx_vmware_ovftool_vmsa_2014_0006.nasl - Type : ACT_GATHER_INFO |
| 2014-08-20 | Name : The remote Windows host has an application installed that is affected by mult... File : vmware_ovftool_vmsa_2014-0006.nasl - Type : ACT_GATHER_INFO |
| 2014-08-19 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-1073.nasl - Type : ACT_GATHER_INFO |
| 2014-08-19 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-1073.nasl - Type : ACT_GATHER_INFO |
| 2014-08-19 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1073.nasl - Type : ACT_GATHER_INFO |
| 2014-08-19 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-2232-4.nasl - Type : ACT_GATHER_INFO |
| 2014-08-15 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20140813_openssl_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2014-08-14 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-1053.nasl - Type : ACT_GATHER_INFO |
| 2014-08-14 | Name : The remote host is affected by a vulnerability that could allow sensitive dat... File : openssl_ccs_1_0_1.nasl - Type : ACT_ATTACK |
| 2014-08-14 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-1053.nasl - Type : ACT_GATHER_INFO |
| 2014-08-14 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1053.nasl - Type : ACT_GATHER_INFO |
| 2014-08-14 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_tomcat6-201407-140706.nasl - Type : ACT_GATHER_INFO |
| 2014-08-13 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2312-1.nasl - Type : ACT_GATHER_INFO |
| 2014-08-12 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-1038.nasl - Type : ACT_GATHER_INFO |
| 2014-08-12 | Name : The remote host contains software that is affected by multiple vulnerabilitie... File : hp_vca_SSRT101614-rhel.nasl - Type : ACT_GATHER_INFO |
| 2014-08-12 | Name : The remote host contains software that is affected by multiple vulnerabilitie... File : hp_vca_SSRT101614-sles.nasl - Type : ACT_GATHER_INFO |
| 2014-08-12 | Name : The remote host contains software that is affected by multiple vulnerabilitie... File : hp_vca_SSRT101614.nasl - Type : ACT_GATHER_INFO |
| 2014-08-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-1038.nasl - Type : ACT_GATHER_INFO |
| 2014-08-12 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1038.nasl - Type : ACT_GATHER_INFO |
| 2014-08-12 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1041.nasl - Type : ACT_GATHER_INFO |
| 2014-08-12 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1042.nasl - Type : ACT_GATHER_INFO |
| 2014-08-12 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20140811_tomcat6_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
| 2014-08-10 | Name : The remote Fedora host is missing a security update. File : fedora_2014-9301.nasl - Type : ACT_GATHER_INFO |
| 2014-08-10 | Name : The remote Fedora host is missing a security update. File : fedora_2014-9308.nasl - Type : ACT_GATHER_INFO |
| 2014-08-08 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-1034.nasl - Type : ACT_GATHER_INFO |
| 2014-08-08 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-1034.nasl - Type : ACT_GATHER_INFO |
| 2014-08-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1033.nasl - Type : ACT_GATHER_INFO |
| 2014-08-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1034.nasl - Type : ACT_GATHER_INFO |
| 2014-08-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1036.nasl - Type : ACT_GATHER_INFO |
| 2014-08-07 | Name : The remote host is missing a vendor-supplied security patch. File : fireeye_os_SB001.nasl - Type : ACT_GATHER_INFO |
| 2014-08-07 | Name : The remote Windows host has an application that is affected by an information... File : hp_loadrunner_12_00_1.nasl - Type : ACT_GATHER_INFO |
| 2014-08-07 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_apache2-140721.nasl - Type : ACT_GATHER_INFO |
| 2014-08-06 | Name : The remote Windows host contains software that is affected by multiple vulner... File : hp_systems_insight_manager_73_hotfix_34.nasl - Type : ACT_GATHER_INFO |
| 2014-08-06 | Name : The remote host contains software that is affected by an information disclosu... File : hp_vca_SSRT101531-rhel.nasl - Type : ACT_GATHER_INFO |
| 2014-08-06 | Name : The remote host contains software that is affected by an information disclosu... File : hp_vca_SSRT101531-sles.nasl - Type : ACT_GATHER_INFO |
| 2014-08-06 | Name : The remote host contains software that is affected by an information disclosu... File : hp_vca_SSRT101531.nasl - Type : ACT_GATHER_INFO |
| 2014-08-06 | Name : The remote host contains software that is affected by an information disclosu... File : hp_vcrm_SSRT101531.nasl - Type : ACT_GATHER_INFO |
| 2014-08-05 | Name : The FTP server installed on the remote Windows host is affected by multiple O... File : cerberus_ftp_7_0_0_3.nasl - Type : ACT_GATHER_INFO |
| 2014-08-05 | Name : The remote device is missing a vendor-supplied security patch. File : juniper_jsa10629.nasl - Type : ACT_GATHER_INFO |
| 2014-08-05 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_7_0-openjdk-140721.nasl - Type : ACT_GATHER_INFO |
| 2014-08-04 | Name : The remote host has a support tool installed that is affected by multiple vul... File : vmware_vcenter_support_assistant_2014-0006.nasl - Type : ACT_GATHER_INFO |
| 2014-08-04 | Name : The remote application server is affected by multiple vulnerabilities. File : websphere_8_0_0_9.nasl - Type : ACT_GATHER_INFO |
| 2014-08-01 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2994.nasl - Type : ACT_GATHER_INFO |
| 2014-08-01 | Name : The remote Mac OS X host has a virtual desktop solution that is affected by m... File : macosx_vmware_horizon_view_client_vmsa_2014_0006.nasl - Type : ACT_GATHER_INFO |
| 2014-08-01 | Name : The remote host has a virtual desktop solution that is affected by multiple v... File : vmware_horizon_view_client_vmsa_2014_0006.nasl - Type : ACT_GATHER_INFO |
| 2014-08-01 | Name : The remote application server is affected by multiple vulnerabilities. File : websphere_7_0_0_33.nasl - Type : ACT_GATHER_INFO |
| 2014-07-31 | Name : The remote host is running software with multiple vulnerabilities. File : oracle_traffic_director_july_2014_cpu.nasl - Type : ACT_GATHER_INFO |
| 2014-07-31 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2302-1.nasl - Type : ACT_GATHER_INFO |
| 2014-07-31 | Name : The remote Windows host has an application installed that is affected by mult... File : vmware_horizon_view_VMSA-2014-0006.nasl - Type : ACT_GATHER_INFO |
| 2014-07-31 | Name : The remote host has an application installed that is affected by multiple vul... File : vmware_vcenter_converter_2014-0006.nasl - Type : ACT_GATHER_INFO |
| 2014-07-30 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2014-141.nasl - Type : ACT_GATHER_INFO |
| 2014-07-30 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0679.nasl - Type : ACT_GATHER_INFO |
| 2014-07-30 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0680.nasl - Type : ACT_GATHER_INFO |
| 2014-07-30 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0686.nasl - Type : ACT_GATHER_INFO |
| 2014-07-30 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0827.nasl - Type : ACT_GATHER_INFO |
| 2014-07-29 | Name : The remote Windows host contains a programming platform that is affected by m... File : oracle_jrockit_cpu_jul_2014.nasl - Type : ACT_GATHER_INFO |
| 2014-07-28 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201407-05.nasl - Type : ACT_GATHER_INFO |
| 2014-07-26 | Name : The remote Solaris system is missing a security patch from CPU jul2014. File : solaris_jul2014_SRU11_1_17_5_0.nasl - Type : ACT_GATHER_INFO |
| 2014-07-26 | Name : The remote Solaris system is missing a security patch from CPU jul2014. File : solaris_jul2014_SRU11_1_18_5_0.nasl - Type : ACT_GATHER_INFO |
| 2014-07-26 | Name : The remote Solaris system is missing a security patch from CPU jul2014. File : solaris_jul2014_SRU11_1_19_6_0.nasl - Type : ACT_GATHER_INFO |
| 2014-07-26 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2987.nasl - Type : ACT_GATHER_INFO |
| 2014-07-24 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_81fc1076128611e4bebd000c2980a9f3.nasl - Type : ACT_GATHER_INFO |
| 2014-07-24 | Name : The remote host has an application installed that is affected by multiple Ope... File : hp_oneview_1_10.nasl - Type : ACT_GATHER_INFO |
| 2014-07-24 | Name : The remote host is running software that is affected by multiple vulnerabilit... File : hp_sum_6_4_1.nasl - Type : ACT_GATHER_INFO |
| 2014-07-24 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-0679.nasl - Type : ACT_GATHER_INFO |
| 2014-07-24 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2014-0680.nasl - Type : ACT_GATHER_INFO |
| 2014-07-24 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-0686.nasl - Type : ACT_GATHER_INFO |
| 2014-07-24 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-0827.nasl - Type : ACT_GATHER_INFO |
| 2014-07-23 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-0917.nasl - Type : ACT_GATHER_INFO |
| 2014-07-23 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2980.nasl - Type : ACT_GATHER_INFO |
| 2014-07-23 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2985.nasl - Type : ACT_GATHER_INFO |
| 2014-07-23 | Name : The remote Fedora host is missing a security update. File : fedora_2014-8223.nasl - Type : ACT_GATHER_INFO |
| 2014-07-23 | Name : The remote host is affected by an unspecified remote information disclosure v... File : oracle_bi_publisher_july_2014_cpu_win.nasl - Type : ACT_GATHER_INFO |
| 2014-07-23 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-0917.nasl - Type : ACT_GATHER_INFO |
| 2014-07-23 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0917.nasl - Type : ACT_GATHER_INFO |
| 2014-07-23 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20140722_nss_and_nspr_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
| 2014-07-22 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-0907.nasl - Type : ACT_GATHER_INFO |
| 2014-07-22 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-0907.nasl - Type : ACT_GATHER_INFO |
| 2014-07-22 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0907.nasl - Type : ACT_GATHER_INFO |
| 2014-07-22 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20140721_java_1_6_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2014-07-21 | Name : The remote web server is affected by multiple vulnerabilities. File : oracle_http_server_cpu_jul_2014.nasl - Type : ACT_GATHER_INFO |
| 2014-07-18 | Name : The remote web server is affected by multiple vulnerabilities. File : glassfish_cpu_jul_2014.nasl - Type : ACT_GATHER_INFO |
| 2014-07-18 | Name : A web proxy server on the remote host is affected by multiple vulnerabilities. File : iplanet_web_proxy_4_0_24.nasl - Type : ACT_GATHER_INFO |
| 2014-07-18 | Name : The remote host has a web application installed that is affected by multiple ... File : oracle_e-business_cpu_jul_2014.nasl - Type : ACT_GATHER_INFO |
| 2014-07-18 | Name : The remote web server is affected by multiple vulnerabilities. File : sun_java_web_server_7_0_20.nasl - Type : ACT_GATHER_INFO |
| 2014-07-18 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-2291-1.nasl - Type : ACT_GATHER_INFO |
| 2014-07-17 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-0889.nasl - Type : ACT_GATHER_INFO |
| 2014-07-17 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-0890.nasl - Type : ACT_GATHER_INFO |
| 2014-07-17 | Name : The remote host is affected by multiple vulnerabilities related to the includ... File : mcafee_email_gateway_SB10075.nasl - Type : ACT_GATHER_INFO |
| 2014-07-17 | Name : The remote host is affected by multiple vulnerabilities. File : mcafee_vsel_SB10075.nasl - Type : ACT_GATHER_INFO |
| 2014-07-17 | Name : The remote host has a version of Oracle Secure Global Desktop that is affecte... File : oracle_secure_global_desktop_jul_2014_cpu.nasl - Type : ACT_GATHER_INFO |
| 2014-07-17 | Name : The remote host is affected by multiple vulnerabilities. File : oracle_siebel_server_jul_2014_cpu.nasl - Type : ACT_GATHER_INFO |
| 2014-07-17 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-0889.nasl - Type : ACT_GATHER_INFO |
| 2014-07-17 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-0890.nasl - Type : ACT_GATHER_INFO |
| 2014-07-17 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20140716_java_1_7_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2014-07-17 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20140716_java_1_7_0_openjdk_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
| 2014-07-17 | Name : The remote host is missing Sun Security Patch number 121972-06 File : solaris8_121972.nasl - Type : ACT_GATHER_INFO |
| 2014-07-17 | Name : The remote host is missing Sun Security Patch number 121973-06 File : solaris8_x86_121973.nasl - Type : ACT_GATHER_INFO |
| 2014-07-17 | Name : The remote host is missing Sun Security Patch number 118335-10 File : solaris9_118335.nasl - Type : ACT_GATHER_INFO |
| 2014-07-17 | Name : The remote host is missing Sun Security Patch number 120463-07 File : solaris9_x86_120463.nasl - Type : ACT_GATHER_INFO |
| 2014-07-16 | Name : The remote Fedora host is missing a security update. File : fedora_2014-8208.nasl - Type : ACT_GATHER_INFO |
| 2014-07-16 | Name : The remote Windows host is affected by a security bypass vulnerability. File : forticlient_5_0_10.nasl - Type : ACT_GATHER_INFO |
| 2014-07-16 | Name : The remote database server is affected by multiple vulnerabilities. File : mysql_5_5_38.nasl - Type : ACT_GATHER_INFO |
| 2014-07-16 | Name : The remote database server is affected by multiple vulnerabilities. File : mysql_5_6_19.nasl - Type : ACT_GATHER_INFO |
| 2014-07-16 | Name : The remote Windows host contains a programming platform that is affected by m... File : oracle_java_cpu_jul_2014.nasl - Type : ACT_GATHER_INFO |
| 2014-07-16 | Name : The remote Unix host contains a programming platform that is affected by mult... File : oracle_java_cpu_jul_2014_unix.nasl - Type : ACT_GATHER_INFO |
| 2014-07-16 | Name : The remote database server is affected by multiple vulnerabilities. File : oracle_rdbms_cpu_jul_2014.nasl - Type : ACT_GATHER_INFO |
| 2014-07-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0889.nasl - Type : ACT_GATHER_INFO |
| 2014-07-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0890.nasl - Type : ACT_GATHER_INFO |
| 2014-07-16 | Name : The remote web server contains an application that is affected by multiple Op... File : splunk_605.nasl - Type : ACT_GATHER_INFO |
| 2014-07-16 | Name : The remote host has an application that is affected by multiple unspecified v... File : virtualbox_4_3_14.nasl - Type : ACT_GATHER_INFO |
| 2014-07-15 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2978.nasl - Type : ACT_GATHER_INFO |
| 2014-07-15 | Name : The remote host is affected by an information disclosure vulnerability. File : hp_onboard_admin_heartbleed_versions.nasl - Type : ACT_GATHER_INFO |
| 2014-07-15 | Name : The remote host contains an application that is affected by an information di... File : libreoffice_423.nasl - Type : ACT_GATHER_INFO |
| 2014-07-15 | Name : The remote host contains an application that is affected by an information di... File : macosx_libreoffice_423.nasl - Type : ACT_GATHER_INFO |
| 2014-07-14 | Name : The remote host is affected by multiple vulnerabilities. File : cisco_anyconnect_3_1_5170.nasl - Type : ACT_GATHER_INFO |
| 2014-07-14 | Name : The remote host is affected by multiple vulnerabilities related to OpenSSL. File : fortinet_FG-IR-14-018.nasl - Type : ACT_GATHER_INFO |
| 2014-07-14 | Name : The remote mail server is potentially affected by multiple vulnerabilities. File : ipswitch_imail_12_4_1_15.nasl - Type : ACT_GATHER_INFO |
| 2014-07-14 | Name : The remote host is affected by multiple vulnerabilities. File : macosx_cisco_anyconnect_3_1_5170.nasl - Type : ACT_GATHER_INFO |
| 2014-07-14 | Name : The remote host has a virtualization appliance installed that is affected by ... File : vmware_vcenter_server_appliance_2014-0006.nasl - Type : ACT_GATHER_INFO |
| 2014-07-10 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-0865.nasl - Type : ACT_GATHER_INFO |
| 2014-07-10 | Name : The remote Windows host has migration software installed that is affected by ... File : hp_insight_control_server_migration_7_3_2.nasl - Type : ACT_GATHER_INFO |
| 2014-07-10 | Name : A VMware product installed on the remote host is affected by multiple vulnera... File : macosx_fusion_6_0_4.nasl - Type : ACT_GATHER_INFO |
| 2014-07-10 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2014-132.nasl - Type : ACT_GATHER_INFO |
| 2014-07-10 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-0865.nasl - Type : ACT_GATHER_INFO |
| 2014-07-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0865.nasl - Type : ACT_GATHER_INFO |
| 2014-07-10 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20140709_tomcat6_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
| 2014-07-10 | Name : The remote host contains software that is affected by multiple vulnerabilities. File : vmware_player_linux_6_0_3.nasl - Type : ACT_GATHER_INFO |
| 2014-07-10 | Name : The remote host contains software that is affected by multiple vulnerabilities. File : vmware_player_multiple_vmsa_2014-0006.nasl - Type : ACT_GATHER_INFO |
| 2014-07-10 | Name : The remote host has a virtualization management application installed that is... File : vmware_vcenter_vmsa-2014-0006.nasl - Type : ACT_GATHER_INFO |
| 2014-07-10 | Name : The remote host has a virtualization application that is affected by multiple... File : vmware_workstation_linux_10_0_3.nasl - Type : ACT_GATHER_INFO |
| 2014-07-10 | Name : The remote host has a virtualization application that is affected by multiple... File : vmware_workstation_multiple_vmsa_2014_0006.nasl - Type : ACT_GATHER_INFO |
| 2014-07-09 | Name : A clustered file system on the remote host is affected by a security vulnerab... File : ibm_gpfs_isg3t1020948_windows.nasl - Type : ACT_GATHER_INFO |
| 2014-07-09 | Name : The remote Windows host has an application installed that is affected by mult... File : vmware_vcenter_chargeback_manager_2601.nasl - Type : ACT_GATHER_INFO |
| 2014-07-08 | Name : The remote mail server is affected by the Heartbleed vulnerability File : kerio_connect_824.nasl - Type : ACT_GATHER_INFO |
| 2014-07-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0826.nasl - Type : ACT_GATHER_INFO |
| 2014-07-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0834.nasl - Type : ACT_GATHER_INFO |
| 2014-07-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0835.nasl - Type : ACT_GATHER_INFO |
| 2014-07-08 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2014-0843.nasl - Type : ACT_GATHER_INFO |
| 2014-07-07 | Name : The remote Windows host has an application installed that is affected by mult... File : hp_version_control_repo_manager_hpsbmu03056.nasl - Type : ACT_GATHER_INFO |
| 2014-07-07 | Name : The remote host has a virtualization appliance installed that is affected by ... File : vcenter_operations_manager_vmsa_2014-0007.nasl - Type : ACT_GATHER_INFO |
| 2014-07-04 | Name : The remote VMware ESXi 5.0 host is affected by multiple security vulnerabilit... File : vmware_esxi_5_0_build_1918656_remote.nasl - Type : ACT_GATHER_INFO |
| 2014-07-03 | Name : The remote server is affected by a remote information disclosure vulnerability. File : hp_onboard_admin_4_22.nasl - Type : ACT_GATHER_INFO |
| 2014-07-03 | Name : The remote host has a virtualization appliance installed that is affected by ... File : vmware_vcenter_operations_manager_vmsa_2014-0006.nasl - Type : ACT_GATHER_INFO |
| 2014-07-03 | Name : The remote host has an update manager installed that is affected by multiple ... File : vmware_vcenter_update_mgr_vmsa-2014-0006.nasl - Type : ACT_GATHER_INFO |
| 2014-07-03 | Name : The remote host has a virtualization client application installed that is aff... File : vsphere_client_vmsa_2014-0006.nasl - Type : ACT_GATHER_INFO |
| 2014-07-02 | Name : The remote web server is affected by multiple vulnerabilities. File : hpsmh_7_3_3_1.nasl - Type : ACT_GATHER_INFO |
| 2014-07-01 | Name : The remote host is missing a Mac OS X update that fixes a certificate validat... File : macosx_10_9_4.nasl - Type : ACT_GATHER_INFO |
| 2014-06-30 | Name : An application on the remote host is affected by an information disclosure vu... File : attachmate_reflection_heartbleed.nasl - Type : ACT_GATHER_INFO |
| 2014-06-30 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201406-32.nasl - Type : ACT_GATHER_INFO |
| 2014-06-28 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2013-1219.nasl - Type : ACT_GATHER_INFO |
| 2014-06-26 | Name : The remote device is affected by a security bypass vulnerability. File : bluecoat_proxy_sg_6_4_6_4.nasl - Type : ACT_GATHER_INFO |
| 2014-06-26 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-1011.nasl - Type : ACT_GATHER_INFO |
| 2014-06-26 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-1012.nasl - Type : ACT_GATHER_INFO |
| 2014-06-26 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0525.nasl - Type : ACT_GATHER_INFO |
| 2014-06-26 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0526.nasl - Type : ACT_GATHER_INFO |
| 2014-06-26 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0783.nasl - Type : ACT_GATHER_INFO |
| 2014-06-24 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2232-3.nasl - Type : ACT_GATHER_INFO |
| 2014-06-24 | Name : The remote VMware ESXi 5.1 host is affected by multiple vulnerabilities. File : vmware_esxi_5_1_build_1900470_remote.nasl - Type : ACT_GATHER_INFO |
| 2014-06-23 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201406-19.nasl - Type : ACT_GATHER_INFO |
| 2014-06-23 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201406-21.nasl - Type : ACT_GATHER_INFO |
| 2014-06-20 | Name : The remote device is potentially affected by a security bypass vulnerability. File : bluecoat_proxy_sg_4_x_openssl.nasl - Type : ACT_GATHER_INFO |
| 2014-06-20 | Name : The remote device is potentially affected by a security bypass vulnerability. File : bluecoat_proxy_sg_6_2_15_6.nasl - Type : ACT_GATHER_INFO |
| 2014-06-20 | Name : The remote device is potentially affected by multiple vulnerabilities. File : bluecoat_proxy_sg_6_5_4_4.nasl - Type : ACT_GATHER_INFO |
| 2014-06-20 | Name : The remote Windows host has an application that may be affected by multiple v... File : winscp_5_5_4.nasl - Type : ACT_GATHER_INFO |
| 2014-06-19 | Name : The remote host is affected by multiple vulnerabilities. File : mcafee_epo_sb10075.nasl - Type : ACT_GATHER_INFO |
| 2014-06-19 | Name : The remote host is affected by multiple vulnerabilities. File : mcafee_web_gateway_sb10075.nasl - Type : ACT_GATHER_INFO |
| 2014-06-18 | Name : The remote host is affected by a man-in-the-middle vulnerability. File : cisco-CSCup22544-ace.nasl - Type : ACT_GATHER_INFO |
| 2014-06-18 | Name : The remote host is affected by multiple vulnerabilities. File : cisco_asa_CSCup22532.nasl - Type : ACT_GATHER_INFO |
| 2014-06-18 | Name : The remote host is affected by multiple vulnerabilities. File : cisco_jabber_client_CSCup23913.nasl - Type : ACT_GATHER_INFO |
| 2014-06-18 | Name : The remote host is affected by multiple vulnerabilities. File : cisco_ons_CSCup24077.nasl - Type : ACT_GATHER_INFO |
| 2014-06-18 | Name : The remote host is affected by multiple vulnerabilities. File : cisco_telepresence_mcu_CSCup23994.nasl - Type : ACT_GATHER_INFO |
| 2014-06-18 | Name : The remote host is affected by multiple vulnerabilities. File : cisco_telepresence_supervisor_8050_mse_CSCup22635.nasl - Type : ACT_GATHER_INFO |
| 2014-06-18 | Name : The remote device is missing a vendor-supplied security patch. File : junos_pulse_jsa10629.nasl - Type : ACT_GATHER_INFO |
| 2014-06-17 | Name : The remote host is missing Sun Security Patch number 151355-01 File : solaris10_151355.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote AIX host has a version of OpenSSL installed that is potentially af... File : aix_openssl_advisory9.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-309.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-592.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-622.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-633.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-694.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-695.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-696.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-697.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-749.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-878.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-10.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-11.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-119.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-149.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-213.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-27.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-277.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-278.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-297.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-298.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-318.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-325.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-329.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-336.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-354.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-359.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-360.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-363.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-391.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-394.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-398.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-4.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-409.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-410.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-2232-2.nasl - Type : ACT_GATHER_INFO |
| 2014-06-12 | Name : The remote Mandriva Linux host is missing a security update. File : mandriva_MDVSA-2014-123.nasl - Type : ACT_GATHER_INFO |
| 2014-06-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-3040.nasl - Type : ACT_GATHER_INFO |
| 2014-06-12 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20140605_openssl_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2014-06-11 | Name : The remote AIX host has a vulnerable version of OpenSSL. File : aix_openssl_advisory8.nasl - Type : ACT_GATHER_INFO |
| 2014-06-11 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_xorg-x11-devel-140515.nasl - Type : ACT_GATHER_INFO |
| 2014-06-11 | Name : The remote VMware ESXi host is missing one or more security-related patches. File : vmware_VMSA-2014-0006.nasl - Type : ACT_GATHER_INFO |
| 2014-06-11 | Name : The remote VMware ESXi 5.5 host is affected by multiple vulnerabilities. File : vmware_esxi_5_5_build_1881737_remote.nasl - Type : ACT_GATHER_INFO |
| 2014-06-10 | Name : The remote Fedora host is missing a security update. File : fedora_2014-6912.nasl - Type : ACT_GATHER_INFO |
| 2014-06-10 | Name : The remote Fedora host is missing a security update. File : fedora_2014-6921.nasl - Type : ACT_GATHER_INFO |
| 2014-06-10 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2014-106.nasl - Type : ACT_GATHER_INFO |
| 2014-06-10 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2014-110.nasl - Type : ACT_GATHER_INFO |
| 2014-06-10 | Name : The remote Windows host contains a program that is affected by multiple vulne... File : stunnel_5_02.nasl - Type : ACT_GATHER_INFO |
| 2014-06-06 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2014-156-03.nasl - Type : ACT_GATHER_INFO |
| 2014-06-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-0624.nasl - Type : ACT_GATHER_INFO |
| 2014-06-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-0625.nasl - Type : ACT_GATHER_INFO |
| 2014-06-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-0626.nasl - Type : ACT_GATHER_INFO |
| 2014-06-06 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2950.nasl - Type : ACT_GATHER_INFO |
| 2014-06-06 | Name : The remote Fedora host is missing a security update. File : fedora_2014-7101.nasl - Type : ACT_GATHER_INFO |
| 2014-06-06 | Name : The remote Fedora host is missing a security update. File : fedora_2014-7102.nasl - Type : ACT_GATHER_INFO |
| 2014-06-06 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_5ac53801ec2e11e39cf33c970e169bc2.nasl - Type : ACT_GATHER_INFO |
| 2014-06-06 | Name : The remote service is affected by multiple vulnerabilities. File : openssl_0_9_8za.nasl - Type : ACT_GATHER_INFO |
| 2014-06-06 | Name : The remote service is affected by multiple vulnerabilities. File : openssl_1_0_1h.nasl - Type : ACT_GATHER_INFO |
| 2014-06-06 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-0624.nasl - Type : ACT_GATHER_INFO |
| 2014-06-06 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-0625.nasl - Type : ACT_GATHER_INFO |
| 2014-06-06 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-0626.nasl - Type : ACT_GATHER_INFO |
| 2014-06-06 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0624.nasl - Type : ACT_GATHER_INFO |
| 2014-06-06 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0625.nasl - Type : ACT_GATHER_INFO |
| 2014-06-06 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0626.nasl - Type : ACT_GATHER_INFO |
| 2014-06-06 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20140605_openssl097a_and_openssl098e_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2014-06-06 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20140605_openssl_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
| 2014-06-06 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libopenssl-devel-140604.nasl - Type : ACT_GATHER_INFO |
| 2014-06-06 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2232-1.nasl - Type : ACT_GATHER_INFO |
| 2014-06-05 | Name : The remote host is potentially affected by a vulnerability that could allow s... File : openssl_ccs.nasl - Type : ACT_ATTACK |
| 2014-06-03 | Name : The remote Windows host has web portal software installed that is affected by... File : websphere_portal_cve-2014-0050.nasl - Type : ACT_GATHER_INFO |
| 2014-06-02 | Name : The remote HP OfficeJet printer is affected by an information disclosure vuln... File : hp_officejet_pro_heartbleed.nasl - Type : ACT_GATHER_INFO |
| 2014-06-02 | Name : The remote web server hosts a virtual appliance that is affected by multiple ... File : wd_arkeia_10_1_19_ver_check.nasl - Type : ACT_GATHER_INFO |
| 2014-05-30 | Name : The remote Apache Tomcat server is affected by multiple vulnerabilities. File : tomcat_6_0_41.nasl - Type : ACT_GATHER_INFO |
| 2014-05-30 | Name : The remote Apache Tomcat server is affected by multiple vulnerabilities. File : tomcat_7_0_53.nasl - Type : ACT_GATHER_INFO |
| 2014-05-30 | Name : The remote Apache Tomcat server is affected by an information disclosure vuln... File : tomcat_7_0_54.nasl - Type : ACT_GATHER_INFO |
| 2014-05-30 | Name : The remote Apache Tomcat server is affected by multiple vulnerabilities. File : tomcat_8_0_5.nasl - Type : ACT_GATHER_INFO |
| 2014-05-30 | Name : The remote Apache Tomcat server is affected by an information disclosure vuln... File : tomcat_8_0_8.nasl - Type : ACT_GATHER_INFO |
| 2014-05-29 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-0561.nasl - Type : ACT_GATHER_INFO |
| 2014-05-29 | Name : The remote application server may be affected by multiple vulnerabilities. File : websphere_8_5_5_2.nasl - Type : ACT_GATHER_INFO |
| 2014-05-28 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-0561.nasl - Type : ACT_GATHER_INFO |
| 2014-05-28 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0561.nasl - Type : ACT_GATHER_INFO |
| 2014-05-28 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20140527_curl_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
| 2014-05-27 | Name : An application on the remote host is affected by an information disclosure vu... File : attachmate_reflection_x_heartbleed.nasl - Type : ACT_GATHER_INFO |
| 2014-05-23 | Name : The remote Windows host has web portal software installed that is affected by... File : websphere_portal_8_0_0_1_cf12.nasl - Type : ACT_GATHER_INFO |
| 2014-05-21 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_curl-140415.nasl - Type : ACT_GATHER_INFO |
| 2014-05-20 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-0513.nasl - Type : ACT_GATHER_INFO |
| 2014-05-20 | Name : A clustered file system on the remote host is affected by multiple vulnerabil... File : ibm_gpfs_isg3T1020683.nasl - Type : ACT_GATHER_INFO |
| 2014-05-20 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-0513.nasl - Type : ACT_GATHER_INFO |
| 2014-05-20 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0513.nasl - Type : ACT_GATHER_INFO |
| 2014-05-20 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20140519_libxml2_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
| 2014-05-19 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2931.nasl - Type : ACT_GATHER_INFO |
| 2014-05-19 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2014-090.nasl - Type : ACT_GATHER_INFO |
| 2014-05-19 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2014-095.nasl - Type : ACT_GATHER_INFO |
| 2014-05-19 | Name : The remote host is missing Sun Security Patch number 150113-02 File : solaris10_150113.nasl - Type : ACT_GATHER_INFO |
| 2014-05-19 | Name : The remote host is missing Sun Security Patch number 150114-02 File : solaris10_x86_150114.nasl - Type : ACT_GATHER_INFO |
| 2014-05-16 | Name : The host is affected by an information disclosure vulnerability. File : bluecoat_proxy_av_3_5_1_9.nasl - Type : ACT_GATHER_INFO |
| 2014-05-16 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-2214-1.nasl - Type : ACT_GATHER_INFO |
| 2014-05-15 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-2211-1.nasl - Type : ACT_GATHER_INFO |
| 2014-05-14 | Name : The version of Cisco TelePresence Video Communication Server installed on the... File : cisco-vcs-CSCuo16472.nasl - Type : ACT_GATHER_INFO |
| 2014-05-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2927.nasl - Type : ACT_GATHER_INFO |
| 2014-05-14 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_b060ee50daba11e399f2bcaec565249c.nasl - Type : ACT_GATHER_INFO |
| 2014-05-14 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_MozillaFirefox-201404-140501.nasl - Type : ACT_GATHER_INFO |
| 2014-05-13 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_e7bb3885da4011e39ecb2c4138874f7d.nasl - Type : ACT_GATHER_INFO |
| 2014-05-13 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_efdd0edcda3d11e39ecb2c4138874f7d.nasl - Type : ACT_GATHER_INFO |
| 2014-05-13 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2014-086.nasl - Type : ACT_GATHER_INFO |
| 2014-05-12 | Name : An application on the remote host is affected by an information disclosure vu... File : attachmate_reflection_secure_it_for_win_client_heartbleed.nasl - Type : ACT_GATHER_INFO |
| 2014-05-12 | Name : The version of Symantec Endpoint Protection Manager installed on the remote h... File : symantec_endpoint_prot_mgr_12_1_ru4_mp1a.nasl - Type : ACT_GATHER_INFO |
| 2014-05-09 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-0474.nasl - Type : ACT_GATHER_INFO |
| 2014-05-09 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2014-080.nasl - Type : ACT_GATHER_INFO |
| 2014-05-09 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-0474.nasl - Type : ACT_GATHER_INFO |
| 2014-05-08 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20140507_struts_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2014-05-08 | Name : The remote host is missing Sun Security Patch number 123893-81 File : solaris10_123893.nasl - Type : ACT_GATHER_INFO |
| 2014-05-08 | Name : The remote host is missing Sun Security Patch number 123896-81 File : solaris10_x86_123896.nasl - Type : ACT_GATHER_INFO |
| 2014-05-08 | Name : The remote host is missing Sun Security Patch number 123893-81 File : solaris8_123893.nasl - Type : ACT_GATHER_INFO |
| 2014-05-08 | Name : The remote host is missing Sun Security Patch number 123893-81 File : solaris9_123893.nasl - Type : ACT_GATHER_INFO |
| 2014-05-08 | Name : The remote host is missing Sun Security Patch number 123896-81 File : solaris9_x86_123896.nasl - Type : ACT_GATHER_INFO |
| 2014-05-08 | Name : The remote web server contains a web application that uses a Java framework t... File : struts_classloader_manipulation.nasl - Type : ACT_DENIAL |
| 2014-05-08 | Name : The remote VMware ESXi 5.5 host is potentially affected by multiple vulnerabi... File : vmware_esxi_5_5_build_1746974_remote.nasl - Type : ACT_GATHER_INFO |
| 2014-05-07 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_1959e847d4f011e384b00018fe623f2b.nasl - Type : ACT_GATHER_INFO |
| 2014-05-07 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0474.nasl - Type : ACT_GATHER_INFO |
| 2014-05-06 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-2192-1.nasl - Type : ACT_GATHER_INFO |
| 2014-05-06 | Name : The remote host has a device management application installed that is affecte... File : vmware_horizon_workspace_vmsa2014-0004.nasl - Type : ACT_GATHER_INFO |
| 2014-05-05 | Name : The remote host has VPN client software installed that is affected by an info... File : smb_kb2962393.nasl - Type : ACT_GATHER_INFO |
| 2014-05-03 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2014-5829.nasl - Type : ACT_GATHER_INFO |
| 2014-05-03 | Name : The remote host is affected by an information disclosure vulnerability. File : mcafee_vsel_SB10071.nasl - Type : ACT_GATHER_INFO |
| 2014-05-03 | Name : The remote VMware ESXi host is missing one or more security-related patches. File : vmware_VMSA-2014-0004.nasl - Type : ACT_GATHER_INFO |
| 2014-05-02 | Name : The remote host is affected by an information disclosure vulnerability. File : mcafee_email_gateway_SB10071.nasl - Type : ACT_GATHER_INFO |
| 2014-05-02 | Name : The remote host is affected by an information disclosure vulnerability. File : mcafee_epo_sb10071.nasl - Type : ACT_GATHER_INFO |
| 2014-05-02 | Name : The remote host is affected by an information disclosure vulnerability. File : mcafee_firewall_enterprise_SB10071.nasl - Type : ACT_GATHER_INFO |
| 2014-05-02 | Name : The remote host is affected by an information disclosure vulnerability. File : mcafee_ngfw_SB10071.nasl - Type : ACT_GATHER_INFO |
| 2014-05-02 | Name : The remote host is affected by an information disclosure vulnerability. File : mcafee_web_gateway_SB10071.nasl - Type : ACT_GATHER_INFO |
| 2014-04-30 | Name : The remote Fedora host is missing a security update. File : fedora_2014-5321.nasl - Type : ACT_GATHER_INFO |
| 2014-04-30 | Name : The remote Fedora host is missing a security update. File : fedora_2014-5337.nasl - Type : ACT_GATHER_INFO |
| 2014-04-30 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_985d4d6ccfbd11e3a003b4b52fce4ce8.nasl - Type : ACT_GATHER_INFO |
| 2014-04-30 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-2185-1.nasl - Type : ACT_GATHER_INFO |
| 2014-04-29 | Name : The remote host has an email security application installed that is affected ... File : websense_email_security_heartbleed.nasl - Type : ACT_GATHER_INFO |
| 2014-04-29 | Name : The remote host contains a web application that is affected by an information... File : websense_web_security_heartbleed.nasl - Type : ACT_GATHER_INFO |
| 2014-04-29 | Name : The remote Windows host has an application that is affected by an information... File : blackberry_es_UDS_kb35882.nasl - Type : ACT_GATHER_INFO |
| 2014-04-29 | Name : The remote Mac OS X host contains a web browser that is potentially affected ... File : macosx_firefox_29.nasl - Type : ACT_GATHER_INFO |
| 2014-04-29 | Name : The remote Windows host contains a web browser that is potentially affected b... File : mozilla_firefox_29.nasl - Type : ACT_GATHER_INFO |
| 2014-04-29 | Name : The remote Windows host contains a web browser that is potentially affected b... File : seamonkey_2_26.nasl - Type : ACT_GATHER_INFO |
| 2014-04-24 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-0429.nasl - Type : ACT_GATHER_INFO |
| 2014-04-24 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-0429.nasl - Type : ACT_GATHER_INFO |
| 2014-04-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0429.nasl - Type : ACT_GATHER_INFO |
| 2014-04-24 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20140423_tomcat6_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
| 2014-04-23 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2014-322.nasl - Type : ACT_GATHER_INFO |
| 2014-04-23 | Name : The remote Fedora host is missing a security update. File : fedora_2014-5004.nasl - Type : ACT_GATHER_INFO |
| 2014-04-23 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_0b8d7194ca8811e39d8dc80aa9043978.nasl - Type : ACT_GATHER_INFO |
| 2014-04-22 | Name : An application on the remote host is affected by an information disclosure vu... File : openvpn_2_3_3_0.nasl - Type : ACT_GATHER_INFO |
| 2014-04-21 | Name : The remote FTP server is affected by an information disclosure vulnerability. File : filezilla_server_0944.nasl - Type : ACT_GATHER_INFO |
| 2014-04-21 | Name : The remote host has a virtualization application that is affected by multiple... File : macosx_fusion_6_0_3.nasl - Type : ACT_GATHER_INFO |
| 2014-04-21 | Name : The remote host contains software that is affected by multiple vulnerabilities. File : vmware_player_linux_6_0_2.nasl - Type : ACT_GATHER_INFO |
| 2014-04-21 | Name : The remote host contains software that is affected by multiple vulnerabilities. File : vmware_player_multiple_vmsa_2014-0004.nasl - Type : ACT_GATHER_INFO |
| 2014-04-21 | Name : The remote host has a virtualization application that is affected by multiple... File : vmware_workstation_linux_10_0_2.nasl - Type : ACT_GATHER_INFO |
| 2014-04-21 | Name : The remote host has a virtualization application that is affected by multiple... File : vmware_workstation_multiple_vmsa_2014_0004.nasl - Type : ACT_GATHER_INFO |
| 2014-04-18 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2908.nasl - Type : ACT_GATHER_INFO |
| 2014-04-18 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_jakarta-commons-fileupload-140403.nasl - Type : ACT_GATHER_INFO |
| 2014-04-18 | Name : The remote Windows host has an application that is affected by multiple vulne... File : winscp_5_5_3.nasl - Type : ACT_GATHER_INFO |
| 2014-04-18 | Name : The remote web server is affected by multiple vulnerabilities. File : hpsmh_7_3_2.nasl - Type : ACT_GATHER_INFO |
| 2014-04-18 | Name : The remote device is missing a vendor-supplied security patch. File : juniper_jsa10623.nasl - Type : ACT_GATHER_INFO |
| 2014-04-18 | Name : The remote device is affected by an information disclosure vulnerability. File : junos_pulse_jsa10623.nasl - Type : ACT_GATHER_INFO |
| 2014-04-16 | Name : The remote AIX host is running a vulnerable version of OpenSSL. File : aix_openssl_advisory6.nasl - Type : ACT_GATHER_INFO |
| 2014-04-16 | Name : The remote Fedora host is missing a security update. File : fedora_2014-4999.nasl - Type : ACT_GATHER_INFO |
| 2014-04-16 | Name : The remote database server is affected by multiple vulnerabilities. File : mysql_5_5_36.nasl - Type : ACT_GATHER_INFO |
| 2014-04-16 | Name : The remote database server is affected by multiple vulnerabilities. File : mysql_5_6_16.nasl - Type : ACT_GATHER_INFO |
| 2014-04-16 | Name : The remote web server contains an application that is affected by multiple Op... File : splunk_603.nasl - Type : ACT_GATHER_INFO |
| 2014-04-15 | Name : The remote device is potentially affected by an information disclosure vulner... File : bluecoat_proxy_sg_6_5_3_6.nasl - Type : ACT_GATHER_INFO |
| 2014-04-15 | Name : The remote Fedora host is missing a security update. File : fedora_2014-4982.nasl - Type : ACT_GATHER_INFO |
| 2014-04-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2167-1.nasl - Type : ACT_GATHER_INFO |
| 2014-04-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2902.nasl - Type : ACT_GATHER_INFO |
| 2014-04-14 | Name : The remote service is affected by an information disclosure vulnerability. File : openvpn_heartbleed.nasl - Type : ACT_ATTACK |
| 2014-04-14 | Name : The remote Windows host contains a program that is affected by an information... File : stunnel_5_01.nasl - Type : ACT_GATHER_INFO |
| 2014-04-11 | Name : The remote AIX host is running a vulnerable version of OpenSSL. File : aix_openssl_advisory7.nasl - Type : ACT_GATHER_INFO |
| 2014-04-11 | Name : The remote host is affected by an information disclosure vulnerability. File : fortinet_FG-IR-14-011.nasl - Type : ACT_GATHER_INFO |
| 2014-04-10 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2014-074.nasl - Type : ACT_GATHER_INFO |
| 2014-04-09 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2014-320.nasl - Type : ACT_GATHER_INFO |
| 2014-04-09 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2897.nasl - Type : ACT_GATHER_INFO |
| 2014-04-09 | Name : The remote Fedora host is missing a security update. File : fedora_2014-4879.nasl - Type : ACT_GATHER_INFO |
| 2014-04-09 | Name : The remote Fedora host is missing a security update. File : fedora_2014-4910.nasl - Type : ACT_GATHER_INFO |
| 2014-04-08 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2014-098-01.nasl - Type : ACT_GATHER_INFO |
| 2014-04-08 | Name : The remote web server is affected by multiple vulnerabilities. File : apache_2_2_27.nasl - Type : ACT_GATHER_INFO |
| 2014-04-08 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-0376.nasl - Type : ACT_GATHER_INFO |
| 2014-04-08 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2896.nasl - Type : ACT_GATHER_INFO |
| 2014-04-08 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_5631ae98be9e11e3b5e3c80aa9043978.nasl - Type : ACT_GATHER_INFO |
| 2014-04-08 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201404-07.nasl - Type : ACT_GATHER_INFO |
| 2014-04-08 | Name : The remote service is affected by multiple vulnerabilities. File : openssl_1_0_0m.nasl - Type : ACT_GATHER_INFO |
| 2014-04-08 | Name : The remote service may be affected by multiple vulnerabilities. File : openssl_1_0_1g.nasl - Type : ACT_GATHER_INFO |
| 2014-04-08 | Name : The remote service is affected by an information disclosure vulnerability. File : openssl_heartbleed.nasl - Type : ACT_ATTACK |
| 2014-04-08 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-0376.nasl - Type : ACT_GATHER_INFO |
| 2014-04-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0376.nasl - Type : ACT_GATHER_INFO |
| 2014-04-08 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20140408_openssl_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
| 2014-04-08 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-2165-1.nasl - Type : ACT_GATHER_INFO |
| 2014-04-07 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20140403_httpd_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2014-04-07 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20140403_httpd_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
| 2014-04-04 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-0369.nasl - Type : ACT_GATHER_INFO |
| 2014-04-04 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-0370.nasl - Type : ACT_GATHER_INFO |
| 2014-04-04 | Name : The remote host contains an application that is affected by multiple vulnerab... File : libreoffice_420.nasl - Type : ACT_GATHER_INFO |
| 2014-04-04 | Name : The remote host contains an application that is affected by multiple vulnerab... File : macosx_libreoffice_420.nasl - Type : ACT_GATHER_INFO |
| 2014-04-04 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-0369.nasl - Type : ACT_GATHER_INFO |
| 2014-04-04 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-0370.nasl - Type : ACT_GATHER_INFO |
| 2014-04-04 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0369.nasl - Type : ACT_GATHER_INFO |
| 2014-04-04 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0370.nasl - Type : ACT_GATHER_INFO |
| 2014-04-03 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2159-1.nasl - Type : ACT_GATHER_INFO |
| 2014-04-01 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0343.nasl - Type : ACT_GATHER_INFO |
| 2014-04-01 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0344.nasl - Type : ACT_GATHER_INFO |
| 2014-03-31 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2014-086-01.nasl - Type : ACT_GATHER_INFO |
| 2014-03-31 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2014-086-02.nasl - Type : ACT_GATHER_INFO |
| 2014-03-31 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2014-086-04.nasl - Type : ACT_GATHER_INFO |
| 2014-03-31 | Name : The remote Fedora host is missing a security update. File : fedora_2014-4436.nasl - Type : ACT_GATHER_INFO |
| 2014-03-31 | Name : The remote Fedora host is missing a security update. File : fedora_2014-4449.nasl - Type : ACT_GATHER_INFO |
| 2014-03-31 | Name : The remote Fedora host is missing a security update. File : fedora_2014-4555.nasl - Type : ACT_GATHER_INFO |
| 2014-03-28 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2014-309.nasl - Type : ACT_GATHER_INFO |
| 2014-03-28 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2014-312.nasl - Type : ACT_GATHER_INFO |
| 2014-03-25 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-2152-1.nasl - Type : ACT_GATHER_INFO |
| 2014-03-24 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_91ecb546b1e611e3980f20cf30e32f6d.nasl - Type : ACT_GATHER_INFO |
| 2014-03-21 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2014-065.nasl - Type : ACT_GATHER_INFO |
| 2014-03-21 | Name : A web application on the remote host is affected by a denial of service vulne... File : puppet_enterprise_312.nasl - Type : ACT_GATHER_INFO |
| 2014-03-18 | Name : The remote web server is affected by multiple vulnerabilities. File : apache_2_4_8.nasl - Type : ACT_GATHER_INFO |
| 2014-03-18 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2880.nasl - Type : ACT_GATHER_INFO |
| 2014-03-14 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2014-056.nasl - Type : ACT_GATHER_INFO |
| 2014-03-07 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_python-201402-140224.nasl - Type : ACT_GATHER_INFO |
| 2014-03-07 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2130-1.nasl - Type : ACT_GATHER_INFO |
| 2014-03-06 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2014-0253.nasl - Type : ACT_GATHER_INFO |
| 2014-03-02 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2014-295.nasl - Type : ACT_GATHER_INFO |
| 2014-03-02 | Name : The remote Fedora host is missing a security update. File : fedora_2014-2083.nasl - Type : ACT_GATHER_INFO |
| 2014-02-25 | Name : The remote Apache Tomcat server is affected by multiple vulnerabilities. File : tomcat_6_0_39.nasl - Type : ACT_GATHER_INFO |
| 2014-02-25 | Name : The remote Apache Tomcat server is affected by multiple vulnerabilities. File : tomcat_7_0_50.nasl - Type : ACT_GATHER_INFO |
| 2014-02-25 | Name : The remote Apache Tomcat server is affected by a denial of service vulnerabil... File : tomcat_7_0_52.nasl - Type : ACT_GATHER_INFO |
| 2014-02-25 | Name : The remote Apache Tomcat server is affected by a denial of service vulnerabil... File : tomcat_8_0_3.nasl - Type : ACT_GATHER_INFO |
| 2014-02-20 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2014-042.nasl - Type : ACT_GATHER_INFO |
| 2014-02-20 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-2102-2.nasl - Type : ACT_GATHER_INFO |
| 2014-02-20 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-2119-1.nasl - Type : ACT_GATHER_INFO |
| 2014-02-18 | Name : The remote Fedora host is missing a security update. File : fedora_2014-2175.nasl - Type : ACT_GATHER_INFO |
| 2014-02-18 | Name : The remote Fedora host is missing a security update. File : fedora_2014-2183.nasl - Type : ACT_GATHER_INFO |
| 2014-02-18 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_firefox-201402-140207.nasl - Type : ACT_GATHER_INFO |
| 2014-02-17 | Name : The remote Fedora host is missing a security update. File : fedora_2014-1864.nasl - Type : ACT_GATHER_INFO |
| 2014-02-14 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2014-044-01.nasl - Type : ACT_GATHER_INFO |
| 2014-02-12 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2858.nasl - Type : ACT_GATHER_INFO |
| 2014-02-11 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-2102-1.nasl - Type : ACT_GATHER_INFO |
| 2014-02-10 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2856.nasl - Type : ACT_GATHER_INFO |
| 2014-02-07 | Name : The remote Fedora host is missing a security update. File : fedora_2014-2041.nasl - Type : ACT_GATHER_INFO |
| 2014-02-05 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2014-273.nasl - Type : ACT_GATHER_INFO |
| 2014-02-05 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_1753f0ff8dd511e39b45b4b52fce4ce8.nasl - Type : ACT_GATHER_INFO |
| 2014-02-05 | Name : The remote Mac OS X host contains a web browser that is potentially affected ... File : macosx_firefox_24_3_esr.nasl - Type : ACT_GATHER_INFO |
| 2014-02-05 | Name : The remote Mac OS X host contains a web browser that is potentially affected ... File : macosx_firefox_27.nasl - Type : ACT_GATHER_INFO |
| 2014-02-05 | Name : The remote Mac OS X host contains a mail client that is potentially affected ... File : macosx_thunderbird_24_3.nasl - Type : ACT_GATHER_INFO |
| 2014-02-05 | Name : The remote Windows host contains a web browser that is potentially affected b... File : mozilla_firefox_24_3_esr.nasl - Type : ACT_GATHER_INFO |
| 2014-02-05 | Name : The remote Windows host contains a web browser that is potentially affected b... File : mozilla_firefox_27.nasl - Type : ACT_GATHER_INFO |
| 2014-02-05 | Name : The remote Windows host contains a mail client that is potentially affected b... File : mozilla_thunderbird_24_3.nasl - Type : ACT_GATHER_INFO |
| 2014-02-05 | Name : The remote host has a version of Oracle Secure Global Desktop that is affecte... File : oracle_secure_global_desktop_jan_2014_cpu.nasl - Type : ACT_GATHER_INFO |
| 2014-02-05 | Name : The remote Windows host contains a web browser that is potentially affected b... File : seamonkey_2_24.nasl - Type : ACT_GATHER_INFO |
| 2014-02-04 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2014-1100.nasl - Type : ACT_GATHER_INFO |
| 2014-02-04 | Name : The remote Fedora host is missing a security update. File : fedora_2014-1560.nasl - Type : ACT_GATHER_INFO |
| 2014-02-04 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2097-1.nasl - Type : ACT_GATHER_INFO |
| 2014-02-03 | Name : The remote Fedora host is missing a security update. File : fedora_2014-1876.nasl - Type : ACT_GATHER_INFO |
| 2014-02-02 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2849.nasl - Type : ACT_GATHER_INFO |
| 2014-02-02 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_curl-140117.nasl - Type : ACT_GATHER_INFO |
| 2014-02-02 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_curl-140118.nasl - Type : ACT_GATHER_INFO |
| 2014-01-31 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2013-1209.nasl - Type : ACT_GATHER_INFO |
| 2014-01-31 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2013-1437.nasl - Type : ACT_GATHER_INFO |
| 2014-01-29 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2014-028-02.nasl - Type : ACT_GATHER_INFO |
| 2014-01-29 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libxml2-140106.nasl - Type : ACT_GATHER_INFO |
| 2014-01-28 | Name : The remote Fedora host is missing a security update. File : fedora_2014-1567.nasl - Type : ACT_GATHER_INFO |
| 2014-01-27 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201401-30.nasl - Type : ACT_GATHER_INFO |
| 2014-01-24 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2088-1.nasl - Type : ACT_GATHER_INFO |
| 2014-01-21 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2014-1120.nasl - Type : ACT_GATHER_INFO |
| 2014-01-21 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2014-012.nasl - Type : ACT_GATHER_INFO |
| 2014-01-20 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2014-007.nasl - Type : ACT_GATHER_INFO |
| 2014-01-14 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2014-013-02.nasl - Type : ACT_GATHER_INFO |
| 2014-01-13 | Name : The remote Fedora host is missing a security update. File : fedora_2014-0474.nasl - Type : ACT_GATHER_INFO |
| 2014-01-12 | Name : The remote Fedora host is missing a security update. File : fedora_2014-0456.nasl - Type : ACT_GATHER_INFO |
| 2014-01-12 | Name : The remote Fedora host is missing a security update. File : fedora_2014-0476.nasl - Type : ACT_GATHER_INFO |
| 2014-01-10 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20140108_openssl_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
| 2014-01-10 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-2079-1.nasl - Type : ACT_GATHER_INFO |
| 2014-01-09 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-0015.nasl - Type : ACT_GATHER_INFO |
| 2014-01-09 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-0015.nasl - Type : ACT_GATHER_INFO |
| 2014-01-09 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0015.nasl - Type : ACT_GATHER_INFO |
| 2014-01-08 | Name : The remote server is affected by multiple vulnerabilities. File : domino_9_0_1.nasl - Type : ACT_GATHER_INFO |
| 2014-01-08 | Name : The remote host has software installed that is affected by multiple vulnerabi... File : lotus_domino_9_0_1.nasl - Type : ACT_GATHER_INFO |
| 2014-01-08 | Name : The remote host may be affected by a security bypass vulnerability. File : openssl_1_0_0l.nasl - Type : ACT_GATHER_INFO |
| 2014-01-08 | Name : The remote service may be affected by multiple vulnerabilities. File : openssl_1_0_1f.nasl - Type : ACT_GATHER_INFO |
| 2014-01-07 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_5aaa257e772d11e3a65a3c970e169bc2.nasl - Type : ACT_GATHER_INFO |
| 2014-01-02 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2833.nasl - Type : ACT_GATHER_INFO |
| 2013-12-23 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2013-265.nasl - Type : ACT_GATHER_INFO |
| 2013-12-23 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2013-266.nasl - Type : ACT_GATHER_INFO |
| 2013-12-23 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2013-23479.nasl - Type : ACT_GATHER_INFO |
| 2013-12-23 | Name : The remote Fedora host is missing a security update. File : fedora_2013-23768.nasl - Type : ACT_GATHER_INFO |
| 2013-12-23 | Name : The remote Fedora host is missing a security update. File : fedora_2013-23788.nasl - Type : ACT_GATHER_INFO |
| 2013-12-23 | Name : The remote Fedora host is missing a security update. File : fedora_2013-23794.nasl - Type : ACT_GATHER_INFO |
| 2013-12-16 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2013-23301.nasl - Type : ACT_GATHER_INFO |
| 2013-12-14 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2013-22756.nasl - Type : ACT_GATHER_INFO |
| 2013-12-14 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20131212_nss__nspr__and_nss_util_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
| 2013-12-13 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-1829.nasl - Type : ACT_GATHER_INFO |
| 2013-12-13 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-1829.nasl - Type : ACT_GATHER_INFO |
| 2013-12-13 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-1829.nasl - Type : ACT_GATHER_INFO |
| 2013-12-10 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20131205_nss_and_nspr_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2013-12-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-1791.nasl - Type : ACT_GATHER_INFO |
| 2013-12-06 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-1791.nasl - Type : ACT_GATHER_INFO |
| 2013-12-06 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-1791.nasl - Type : ACT_GATHER_INFO |
| 2013-12-06 | Name : The remote VMware ESX host is missing one or more security-related patches. File : vmware_VMSA-2013-0015.nasl - Type : ACT_GATHER_INFO |
| 2013-12-04 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20131121_python_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
| 2013-12-03 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_nss-201311-131121.nasl - Type : ACT_GATHER_INFO |
| 2013-11-29 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-1582.nasl - Type : ACT_GATHER_INFO |
| 2013-11-26 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2800.nasl - Type : ACT_GATHER_INFO |
| 2013-11-22 | Name : The remote Mac OS X host contains a mail client that is potentially affected ... File : macosx_thunderbird_17_0_11_esr.nasl - Type : ACT_GATHER_INFO |
| 2013-11-22 | Name : The remote Mac OS X host contains a mail client that is potentially affected ... File : macosx_thunderbird_24_1_1.nasl - Type : ACT_GATHER_INFO |
| 2013-11-22 | Name : The remote Windows host contains a mail client that is potentially affected b... File : mozilla_thunderbird_17011_esr.nasl - Type : ACT_GATHER_INFO |
| 2013-11-22 | Name : The remote Windows host contains a mail client that is potentially affected b... File : mozilla_thunderbird_24_1_1.nasl - Type : ACT_GATHER_INFO |
| 2013-11-22 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-2032-1.nasl - Type : ACT_GATHER_INFO |
| 2013-11-21 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-270.nasl - Type : ACT_GATHER_INFO |
| 2013-11-21 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-1582.nasl - Type : ACT_GATHER_INFO |
| 2013-11-21 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-2031-1.nasl - Type : ACT_GATHER_INFO |
| 2013-11-19 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2030-1.nasl - Type : ACT_GATHER_INFO |
| 2013-11-18 | Name : The remote Mac OS X host contains a web browser that is potentially affected ... File : macosx_firefox_17_0_11_esr.nasl - Type : ACT_GATHER_INFO |
| 2013-11-18 | Name : The remote Mac OS X host contains a web browser that is potentially affected ... File : macosx_firefox_24_1_1_esr.nasl - Type : ACT_GATHER_INFO |
| 2013-11-18 | Name : The remote Mac OS X host contains a web browser that is potentially affected ... File : macosx_firefox_25_0_1.nasl - Type : ACT_GATHER_INFO |
| 2013-11-18 | Name : The remote Windows host contains a web browser that is potentially affected b... File : mozilla_firefox_17011_esr.nasl - Type : ACT_GATHER_INFO |
| 2013-11-18 | Name : The remote Windows host contains a web browser that is potentially affected b... File : mozilla_firefox_24_1_1_esr.nasl - Type : ACT_GATHER_INFO |
| 2013-11-18 | Name : The remote Windows host contains a web browser that is potentially affected b... File : mozilla_firefox_2501.nasl - Type : ACT_GATHER_INFO |
| 2013-11-18 | Name : The remote Windows host contains a web browser that is potentially affected b... File : seamonkey_2221.nasl - Type : ACT_GATHER_INFO |
| 2013-11-17 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_firefox-201310-131101.nasl - Type : ACT_GATHER_INFO |
| 2013-11-17 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_firefox-201310-131108.nasl - Type : ACT_GATHER_INFO |
| 2013-11-17 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_firefox-201310-131109.nasl - Type : ACT_GATHER_INFO |
| 2013-11-17 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_mozilla-nss-201310-131029.nasl - Type : ACT_GATHER_INFO |
| 2013-11-17 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_mozilla-nss-201310-131030.nasl - Type : ACT_GATHER_INFO |
| 2013-11-14 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2013-241.nasl - Type : ACT_GATHER_INFO |
| 2013-11-13 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-2028-1.nasl - Type : ACT_GATHER_INFO |
| 2013-11-11 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201311-06.nasl - Type : ACT_GATHER_INFO |
| 2013-11-04 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2790.nasl - Type : ACT_GATHER_INFO |
| 2013-11-04 | Name : The remote server is affected by multiple vulnerabilities. File : domino_8_5_3fp5.nasl - Type : ACT_GATHER_INFO |
| 2013-11-04 | Name : The remote host has software installed that is affected by multiple vulnerabi... File : lotus_domino_8_5_3_fp5.nasl - Type : ACT_GATHER_INFO |
| 2013-11-04 | Name : The remote host has software installed that is affected by multiple vulnerabi... File : lotus_notes_8_5_3_fp5.nasl - Type : ACT_GATHER_INFO |
| 2013-11-01 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_python-201310-130927.nasl - Type : ACT_GATHER_INFO |
| 2013-11-01 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-2010-1.nasl - Type : ACT_GATHER_INFO |
| 2013-10-31 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_81f866ad41a411e3a4af0025905a4771.nasl - Type : ACT_GATHER_INFO |
| 2013-10-31 | Name : The remote Mac OS X host contains a web browser that is potentially affected ... File : macosx_firefox_17_0_10_esr.nasl - Type : ACT_GATHER_INFO |
| 2013-10-31 | Name : The remote Mac OS X host contains a web browser that is potentially affected ... File : macosx_firefox_24_1_esr.nasl - Type : ACT_GATHER_INFO |
| 2013-10-31 | Name : The remote Mac OS X host contains a web browser that is potentially affected ... File : macosx_firefox_25.nasl - Type : ACT_GATHER_INFO |
| 2013-10-31 | Name : The remote Mac OS X host contains a mail client that is potentially affected ... File : macosx_thunderbird_17_0_10_esr.nasl - Type : ACT_GATHER_INFO |
| 2013-10-31 | Name : The remote Mac OS X host contains a mail client that is potentially affected ... File : macosx_thunderbird_24_1.nasl - Type : ACT_GATHER_INFO |
| 2013-10-31 | Name : The remote Windows host contains a web browser that is potentially affected b... File : mozilla_firefox_17010_esr.nasl - Type : ACT_GATHER_INFO |
| 2013-10-31 | Name : The remote Windows host contains a web browser that is potentially affected b... File : mozilla_firefox_24_1_esr.nasl - Type : ACT_GATHER_INFO |
| 2013-10-31 | Name : The remote Windows host contains a web browser that is potentially affected b... File : mozilla_firefox_25.nasl - Type : ACT_GATHER_INFO |
| 2013-10-31 | Name : The remote Windows host contains a mail client that is potentially affected b... File : mozilla_thunderbird_17010_esr.nasl - Type : ACT_GATHER_INFO |
| 2013-10-31 | Name : The remote Windows host contains a mail client that is potentially affected b... File : mozilla_thunderbird_24_1.nasl - Type : ACT_GATHER_INFO |
| 2013-10-31 | Name : The remote Windows host contains a web browser that is potentially affected b... File : seamonkey_222.nasl - Type : ACT_GATHER_INFO |
| 2013-10-30 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-2009-1.nasl - Type : ACT_GATHER_INFO |
| 2013-10-25 | Name : The remote host has a virtualization management application installed that is... File : vmware_vcenter_vmsa-2013-0012.nasl - Type : ACT_GATHER_INFO |
| 2013-10-24 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-257.nasl - Type : ACT_GATHER_INFO |
| 2013-10-17 | Name : The remote web server is affected by multiple vulnerabilities. File : glassfish_cpu_oct_2013.nasl - Type : ACT_GATHER_INFO |
| 2013-10-15 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2779.nasl - Type : ACT_GATHER_INFO |
| 2013-10-02 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1982-1.nasl - Type : ACT_GATHER_INFO |
| 2013-10-02 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1983-1.nasl - Type : ACT_GATHER_INFO |
| 2013-10-02 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1984-1.nasl - Type : ACT_GATHER_INFO |
| 2013-10-02 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1985-1.nasl - Type : ACT_GATHER_INFO |
| 2013-10-01 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2013-216.nasl - Type : ACT_GATHER_INFO |
| 2013-10-01 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2013-217.nasl - Type : ACT_GATHER_INFO |
| 2013-10-01 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2013-220.nasl - Type : ACT_GATHER_INFO |
| 2013-09-25 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201309-16.nasl - Type : ACT_GATHER_INFO |
| 2013-09-13 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-1207.nasl - Type : ACT_GATHER_INFO |
| 2013-09-13 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-1208.nasl - Type : ACT_GATHER_INFO |
| 2013-09-10 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2013-1217.nasl - Type : ACT_GATHER_INFO |
| 2013-09-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2013-204.nasl - Type : ACT_GATHER_INFO |
| 2013-09-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2013-207.nasl - Type : ACT_GATHER_INFO |
| 2013-08-28 | Name : The remote Fedora host is missing a security update. File : fedora_2013-15254.nasl - Type : ACT_GATHER_INFO |
| 2013-08-25 | Name : The remote Fedora host is missing a security update. File : fedora_2013-15146.nasl - Type : ACT_GATHER_INFO |
| 2013-08-23 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_tomcat6-130802.nasl - Type : ACT_GATHER_INFO |
| 2013-08-22 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-214.nasl - Type : ACT_GATHER_INFO |
| 2013-08-12 | Name : The remote Windows host contains a programming platform that is potentially a... File : oracle_jrockit_cpu_jul_2013.nasl - Type : ACT_GATHER_INFO |
| 2013-08-09 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130807_nss__nss_util__nss_softokn__and_nspr_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
| 2013-08-08 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-1144.nasl - Type : ACT_GATHER_INFO |
| 2013-08-08 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-1144.nasl - Type : ACT_GATHER_INFO |
| 2013-08-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-1144.nasl - Type : ACT_GATHER_INFO |
| 2013-08-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-1135.nasl - Type : ACT_GATHER_INFO |
| 2013-08-06 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-1135.nasl - Type : ACT_GATHER_INFO |
| 2013-08-06 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-1135.nasl - Type : ACT_GATHER_INFO |
| 2013-08-06 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130805_nss_and_nspr_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2013-07-28 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2727.nasl - Type : ACT_GATHER_INFO |
| 2013-07-26 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_7_0-openjdk-130719.nasl - Type : ACT_GATHER_INFO |
| 2013-07-25 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-198.nasl - Type : ACT_GATHER_INFO |
| 2013-07-24 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-openjdk-130718.nasl - Type : ACT_GATHER_INFO |
| 2013-07-24 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1908-1.nasl - Type : ACT_GATHER_INFO |
| 2013-07-19 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2724.nasl - Type : ACT_GATHER_INFO |
| 2013-07-19 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2725.nasl - Type : ACT_GATHER_INFO |
| 2013-07-18 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1904-2.nasl - Type : ACT_GATHER_INFO |
| 2013-07-17 | Name : The remote database server is affected by multiple vulnerabilities. File : oracle_rdbms_cpu_jul_2013.nasl - Type : ACT_GATHER_INFO |
| 2013-07-17 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1907-1.nasl - Type : ACT_GATHER_INFO |
| 2013-07-17 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1907-2.nasl - Type : ACT_GATHER_INFO |
| 2013-07-16 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2722.nasl - Type : ACT_GATHER_INFO |
| 2013-07-16 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1904-1.nasl - Type : ACT_GATHER_INFO |
| 2013-07-14 | Name : The remote host is missing Sun Security Patch number 150401-55 File : solaris10_x86_150401.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-0957.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-0958.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-1014.nasl - Type : ACT_GATHER_INFO |
| 2013-07-11 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_3b80104fe96c11e28bac00262d5ed8ee.nasl - Type : ACT_GATHER_INFO |
| 2013-07-10 | Name : The remote host contains a web browser that is affected by multiple vulnerabi... File : google_chrome_28_0_1500_71.nasl - Type : ACT_GATHER_INFO |
| 2013-07-05 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-1014.nasl - Type : ACT_GATHER_INFO |
| 2013-07-05 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-1014.nasl - Type : ACT_GATHER_INFO |
| 2013-07-05 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130703_java_1_6_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2013-06-28 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-183.nasl - Type : ACT_GATHER_INFO |
| 2013-06-21 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-0957.nasl - Type : ACT_GATHER_INFO |
| 2013-06-21 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-0958.nasl - Type : ACT_GATHER_INFO |
| 2013-06-21 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0963.nasl - Type : ACT_GATHER_INFO |
| 2013-06-21 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130620_java_1_7_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2013-06-21 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130620_java_1_7_0_openjdk_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
| 2013-06-20 | Name : The remote Unix host contains a programming platform that is potentially affe... File : oracle_java_cpu_jun_2013_unix.nasl - Type : ACT_GATHER_INFO |
| 2013-06-20 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0957.nasl - Type : ACT_GATHER_INFO |
| 2013-06-20 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0958.nasl - Type : ACT_GATHER_INFO |
| 2013-06-19 | Name : The remote host has a version of Java that is affected by multiple vulnerabil... File : macosx_java_10_6_update16.nasl - Type : ACT_GATHER_INFO |
| 2013-06-19 | Name : The remote host has a version of Java that is affected by multiple vulnerabil... File : macosx_java_2013-004.nasl - Type : ACT_GATHER_INFO |
| 2013-06-19 | Name : The remote Windows host contains a programming platform that is potentially a... File : oracle_java_cpu_jun_2013.nasl - Type : ACT_GATHER_INFO |
| 2013-06-05 | Name : The remote host is missing Sun Security Patch number 150383-19 File : solaris10_150383.nasl - Type : ACT_GATHER_INFO |
| 2013-06-02 | Name : The remote host is missing Sun Security Patch number 148071-19 File : solaris10_148071.nasl - Type : ACT_GATHER_INFO |
| 2013-06-02 | Name : The remote host is missing Sun Security Patch number 148072-19 File : solaris10_x86_148072.nasl - Type : ACT_GATHER_INFO |
| 2013-05-29 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1841-1.nasl - Type : ACT_GATHER_INFO |
| 2013-05-15 | Name : The remote Apache Tomcat server is affected by multiple vulnerabilities. File : tomcat_6_0_37.nasl - Type : ACT_GATHER_INFO |
| 2013-04-20 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-050.nasl - Type : ACT_GATHER_INFO |
| 2013-03-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1763-1.nasl - Type : ACT_GATHER_INFO |
| 2013-03-14 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2013-3079.nasl - Type : ACT_GATHER_INFO |
| 2013-03-01 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2013-2929.nasl - Type : ACT_GATHER_INFO |
| 2012-11-21 | Name : The remote Apache Tomcat server is affected by multiple vulnerabilities. File : tomcat_7_0_30.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2019-07-09 01:13:39 |
|
| 2016-01-22 09:27:06 |
|
| 2015-12-31 13:26:18 |
|
| 2015-10-18 17:26:46 |
|
| 2015-03-17 09:32:42 |
|
| 2015-02-27 21:29:53 |
|
| 2015-01-28 05:36:04 |
|
| 2015-01-28 05:31:44 |
|
| 2015-01-21 17:25:40 |
|
| 2014-12-13 13:24:54 |
|
| 2014-12-12 09:31:00 |
|
| 2014-12-08 17:27:39 |
|
| 2014-12-07 13:26:20 |
|
| 2014-12-05 09:25:31 |
|
