This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Haxx First view 2011-07-07
Product Libcurl Last view 2019-05-28
Version Type
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:a:haxx:libcurl:7.28.1:*:*:*:*:*:*:* 34
cpe:2.3:a:haxx:libcurl:7.28.0:*:*:*:*:*:*:* 34
cpe:2.3:a:haxx:libcurl:7.27.0:*:*:*:*:*:*:* 34
cpe:2.3:a:haxx:libcurl:7.29.0:*:*:*:*:*:*:* 33
cpe:2.3:a:haxx:libcurl:7.26.0:*:*:*:*:*:*:* 33
cpe:2.3:a:haxx:libcurl:7.21.5:*:*:*:*:*:*:* 33
cpe:2.3:a:haxx:libcurl:7.30.0:*:*:*:*:*:*:* 33
cpe:2.3:a:haxx:libcurl:7.21.6:*:*:*:*:*:*:* 33
cpe:2.3:a:haxx:libcurl:7.21.4:*:*:*:*:*:*:* 33
cpe:2.3:a:haxx:libcurl:7.31.0:*:*:*:*:*:*:* 33
cpe:2.3:a:haxx:libcurl:7.32.0:*:*:*:*:*:*:* 33
cpe:2.3:a:haxx:libcurl:7.22.0:*:*:*:*:*:*:* 32
cpe:2.3:a:haxx:libcurl:7.18.2:*:*:*:*:*:*:* 32
cpe:2.3:a:haxx:libcurl:7.23.0:*:*:*:*:*:*:* 32
cpe:2.3:a:haxx:libcurl:7.21.2:*:*:*:*:*:*:* 32
cpe:2.3:a:haxx:libcurl:7.20.0:*:*:*:*:*:*:* 32
cpe:2.3:a:haxx:libcurl:7.18.0:*:*:*:*:*:*:* 32
cpe:2.3:a:haxx:libcurl:7.19.3:*:*:*:*:*:*:* 32
cpe:2.3:a:haxx:libcurl:7.23.1:*:*:*:*:*:*:* 32
cpe:2.3:a:haxx:libcurl:7.19.4:*:*:*:*:*:*:* 32
cpe:2.3:a:haxx:libcurl:7.19.1:*:*:*:*:*:*:* 32
cpe:2.3:a:haxx:libcurl:7.18.1:*:*:*:*:*:*:* 32
cpe:2.3:a:haxx:libcurl:7.24.0:*:*:*:*:*:*:* 32
cpe:2.3:a:haxx:libcurl:7.25.0:*:*:*:*:*:*:* 32
cpe:2.3:a:haxx:libcurl:7.20.1:*:*:*:*:*:*:* 32
cpe:2.3:a:haxx:libcurl:7.19.2:*:*:*:*:*:*:* 32
cpe:2.3:a:haxx:libcurl:7.21.0:*:*:*:*:*:*:* 32
cpe:2.3:a:haxx:libcurl:7.19.6:*:*:*:*:*:*:* 32
cpe:2.3:a:haxx:libcurl:7.19.7:*:*:*:*:*:*:* 32
cpe:2.3:a:haxx:libcurl:7.19.5:*:*:*:*:*:*:* 32
cpe:2.3:a:haxx:libcurl:7.19.0:*:*:*:*:*:*:* 32
cpe:2.3:a:haxx:libcurl:7.21.7:*:*:*:*:*:*:* 32
cpe:2.3:a:haxx:libcurl:7.21.3:*:*:*:*:*:*:* 32
cpe:2.3:a:haxx:libcurl:7.21.1:*:*:*:*:*:*:* 32
cpe:2.3:a:haxx:libcurl:7.33.0:*:*:*:*:*:*:* 32
cpe:2.3:a:haxx:libcurl:7.17.1:*:*:*:*:*:*:* 31
cpe:2.3:a:haxx:libcurl:7.34.0:*:*:*:*:*:*:* 31
cpe:2.3:a:haxx:libcurl:7.16.4:*:*:*:*:*:*:* 30
cpe:2.3:a:haxx:libcurl:7.15.2:*:*:*:*:*:*:* 30
cpe:2.3:a:haxx:libcurl:7.15.3:*:*:*:*:*:*:* 30
cpe:2.3:a:haxx:libcurl:7.15.4:*:*:*:*:*:*:* 30
cpe:2.3:a:haxx:libcurl:7.15.0:*:*:*:*:*:*:* 30
cpe:2.3:a:haxx:libcurl:7.16.0:*:*:*:*:*:*:* 30
cpe:2.3:a:haxx:libcurl:7.17.0:*:*:*:*:*:*:* 30
cpe:2.3:a:haxx:libcurl:7.16.2:*:*:*:*:*:*:* 30
cpe:2.3:a:haxx:libcurl:7.15.1:*:*:*:*:*:*:* 30
cpe:2.3:a:haxx:libcurl:7.16.3:*:*:*:*:*:*:* 30
cpe:2.3:a:haxx:libcurl:7.15.5:*:*:*:*:*:*:* 30
cpe:2.3:a:haxx:libcurl:7.16.1:*:*:*:*:*:*:* 30
cpe:2.3:a:haxx:libcurl:7.35.0:*:*:*:*:*:*:* 30

Related : CVE

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
7.8 2019-05-28 CVE-2019-5436

A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.

7.5 2019-02-06 CVE-2019-3823

libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP. If the buffer passed to `smtp_endofresp()` isn't NUL terminated and contains no character ending the parsed number, and `len` is set to 5, then the `strtol()` call reads beyond the allocated buffer. The read contents will not be returned to the caller.

9.8 2019-02-06 CVE-2019-3822

libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM type-3 header (`lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_message()`), generates the request HTTP header contents based on previously received data. The check that exists to prevent the local buffer from getting overflowed is implemented wrongly (using unsigned math) and as such it does not prevent the overflow from happening. This output data can grow larger than the local buffer if very large 'nt response' data is extracted from a previous NTLMv2 header provided by the malicious or broken HTTP server. Such a 'large value' needs to be around 1000 bytes or more. The actual payload data copied to the target buffer comes from the NTLMv2 type-2 response header.

7.5 2019-02-06 CVE-2018-16890

libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds.

9.8 2018-09-05 CVE-2018-14618

curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to iterate over the password and generate output into the allocated storage buffer. On systems with a 32 bit size_t, the math to calculate SUM triggers an integer overflow when the password length exceeds 2GB (2^31 bytes). This integer overflow usually causes a very small buffer to actually get allocated instead of the intended very huge one, making the use of that buffer end up in a heap buffer overflow. (This bug is almost identical to CVE-2017-8816.)

9.8 2018-07-31 CVE-2016-8622

The URL percent-encoding decode function in libcurl before 7.51.0 is called `curl_easy_unescape`. Internally, even if this function would be made to allocate a unscape destination buffer larger than 2GB, it would return that new length in a signed 32 bit integer variable, thus the length would get either just truncated or both truncated and turned negative. That could then lead to libcurl writing outside of its heap based buffer.

7.5 2018-07-16 CVE-2017-7468

In curl and libcurl 7.52.0 to and including 7.53.1, libcurl would attempt to resume a TLS session even if the client certificate had changed. That is unacceptable since a server by specification is allowed to skip the client certificate check on resume, and may instead use the old identity which was established by the previous certificate (or no certificate). libcurl supports by default the use of TLS session id/ticket to resume previous TLS sessions to speed up subsequent TLS handshakes. They are used when for any reason an existing TLS connection couldn't be kept alive to make the next handshake faster. This flaw is a regression and identical to CVE-2016-5419 reported on August 3rd 2016, but affecting a different version range.

9.1 2018-01-24 CVE-2018-1000005

libcurl 7.49.0 to and including 7.57.0 contains an out bounds read in code handling HTTP/2 trailers. It was reported (https://github.com/curl/curl/pull/2231) that reading an HTTP/2 trailer could mess up future trailers since the stored size was one byte less than required. The problem is that the code that creates HTTP/1-like headers from the HTTP/2 trailer data once appended a string like `:` to the target buffer, while this was recently changed to `: ` (a space was added after the colon) but the following math wasn't updated correspondingly. When accessed, the data is read out of bounds and causes either a crash or that the (too large) data gets passed to client write. This could lead to a denial-of-service situation or an information disclosure if someone has a service that echoes back or uses the trailers for something.

9.8 2017-11-29 CVE-2017-8818

curl and libcurl before 7.57.0 on 32-bit platforms allow attackers to cause a denial of service (out-of-bounds access and application crash) or possibly have unspecified other impact because too little memory is allocated for interfacing to an SSL library.

9.8 2017-11-29 CVE-2017-8817

The FTP wildcard function in curl and libcurl before 7.57.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a string that ends with an '[' character.

9.8 2017-11-29 CVE-2017-8816

The NTLM authentication feature in curl and libcurl before 7.57.0 on 32-bit platforms allows attackers to cause a denial of service (integer overflow and resultant buffer overflow, and application crash) or possibly have unspecified other impact via vectors involving long user and password fields.

9.1 2017-10-31 CVE-2017-1000257

An IMAP FETCH response line indicates the size of the returned data, in number of bytes. When that response says the data is zero bytes, libcurl would pass on that (non-existing) data with a pointer and the size (zero) to the deliver-data function. libcurl's deliver-data function treats zero as a magic number and invokes strlen() on the data to figure out the length. The strlen() is called on a heap based buffer that might not be zero terminated so libcurl might read beyond the end of it into whatever memory lies after (or just crash) and then deliver that to the application as if it was actually downloaded.

7.5 2017-10-06 CVE-2017-1000254

libcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in (anonymous or not), it asks the server for the current directory with the `PWD` command. The server then responds with a 257 response containing the path, inside double quotes. The returned path name is then kept by libcurl for subsequent uses. Due to a flaw in the string parser for this directory name, a directory name passed like this but without a closing double quote would lead to libcurl not adding a trailing NUL byte to the buffer holding the name. When libcurl would then later access the string, it could read beyond the allocated heap buffer and crash or wrongly access data beyond the buffer, thinking it was part of the path. A malicious server could abuse this fact and effectively prevent libcurl-based clients to work with it - the PWD command is always issued on new FTP connections and the mistake has a high chance of causing a segfault. The simple fact that this has issue remained undiscovered for this long could suggest that malformed PWD responses are rare in benign servers. We are not aware of any exploit of this flaw. This bug was introduced in commit [415d2e7cb7](https://github.com/curl/curl/commit/415d2e7cb7), March 2005. In libcurl version 7.56.0, the parser always zero terminates the string but also rejects it if not terminated properly with a final double quote.

6.5 2017-10-04 CVE-2017-1000100

When doing a TFTP transfer and curl/libcurl is given a URL that contains a very long file name (longer than about 515 bytes), the file name is truncated to fit within the buffer boundaries, but the buffer size is still wrongly updated to use the untruncated length. This too large value is then used in the sendto() call, making curl attempt to send more data than what is actually put into the buffer. The endto() function will then read beyond the end of the heap based buffer. A malicious HTTP(S) server could redirect a vulnerable libcurl-using client to a crafted TFTP URL (if the client hasn't restricted which protocols it allows redirects to) and trick it to send private memory contents to a remote server over UDP. Limit curl's redirect protocols with --proto-redir and libcurl's with CURLOPT_REDIR_PROTOCOLS.

6.5 2017-10-04 CVE-2017-1000099

When asking to get a file from a file:// URL, libcurl provides a feature that outputs meta-data about the file using HTTP-like headers. The code doing this would send the wrong buffer to the user (stdout or the application's provide callback), which could lead to other private data from the heap to get inadvertently displayed. The wrong buffer was an uninitialized memory area allocated on the heap and if it turned out to not contain any zero byte, it would continue and display the data following that buffer in memory.

9.8 2016-10-07 CVE-2016-7167

Multiple integer overflows in the (1) curl_escape, (2) curl_easy_escape, (3) curl_unescape, and (4) curl_easy_unescape functions in libcurl before 7.50.3 allow attackers to have unspecified impact via a string of length 0xffffffff, which triggers a heap-based buffer overflow.

7.5 2016-10-03 CVE-2016-7141

curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack the authentication of a TLS connection by leveraging reuse of a previously loaded client certificate from file for a connection for which no certificate has been set, a different vulnerability than CVE-2016-5420.

8.1 2016-08-10 CVE-2016-5421

Use-after-free vulnerability in libcurl before 7.50.1 allows attackers to control which connection is used or possibly have unspecified other impact via unknown vectors.

7.5 2016-08-10 CVE-2016-5420

curl and libcurl before 7.50.1 do not check the client certificate when choosing the TLS connection to reuse, which might allow remote attackers to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate.

7.5 2016-08-10 CVE-2016-5419

curl and libcurl before 7.50.1 do not prevent TLS session resumption when the client certificate has changed, which allows remote attackers to bypass intended restrictions by resuming a session.

6.4 2015-06-22 CVE-2015-3237

The smb_request_state function in cURL and libcurl 7.40.0 through 7.42.1 allows remote SMB servers to obtain sensitive information from memory or cause a denial of service (out-of-bounds read and crash) via crafted length and offset values.

5 2015-06-22 CVE-2015-3236

cURL and libcurl 7.40.0 through 7.42.1 send the HTTP Basic authentication credentials for a previous connection when reusing a reset (curl_easy_reset) connection handle to send a request to the same host name, which allows remote attackers to obtain sensitive information via unspecified vectors.

5 2015-05-01 CVE-2015-3153

The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents.

5 2015-04-24 CVE-2015-3148

cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request.

7.5 2015-04-24 CVE-2015-3145

The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via a cookie path containing only a double-quote character.

CWE : Common Weakness Enumeration

%idName
22% (9) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
15% (6) CWE-200 Information Exposure
12% (5) CWE-310 Cryptographic Issues
10% (4) CWE-125 Out-of-bounds Read
7% (3) CWE-287 Improper Authentication
7% (3) CWE-190 Integer Overflow or Wraparound
7% (3) CWE-20 Improper Input Validation
2% (1) CWE-787 Out-of-bounds Write
2% (1) CWE-416 Use After Free
2% (1) CWE-295 Certificate Issues
2% (1) CWE-285 Improper Access Control (Authorization)
2% (1) CWE-284 Access Control (Authorization) Issues
2% (1) CWE-264 Permissions, Privileges, and Access Controls
2% (1) CWE-255 Credentials Management

Oval Markup Language : Definitions

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
OvalID Name
oval:org.mitre.oval:def:21913 RHSA-2011:0918: curl security update (Moderate)
oval:org.mitre.oval:def:20630 VMware ESXi and ESX updates to third party library and ESX Service Console
oval:org.mitre.oval:def:13004 DSA-2271-1 curl -- improper delegation of client credentials
oval:org.mitre.oval:def:23218 ELSA-2011:0918: curl security update (Moderate)
oval:org.mitre.oval:def:18190 USN-1721-1 -- curl vulnerability
oval:org.mitre.oval:def:20280 RHSA-2013:0771: curl security update (Moderate)
oval:org.mitre.oval:def:20032 DSA-2660-1 curl - cookie leak vulnerability
oval:org.mitre.oval:def:18259 USN-1801-1 -- curl vulnerability
oval:org.mitre.oval:def:23950 ELSA-2013:0771: curl security update (Moderate)
oval:org.mitre.oval:def:23498 DEPRECATED: ELSA-2013:0771: curl security update (Moderate)
oval:org.mitre.oval:def:26023 SUSE-SU-2013:0771-1 -- Security update for curl
oval:org.mitre.oval:def:25795 SUSE-SU-2013:0772-1 -- Security update for compat-curl2
oval:org.mitre.oval:def:25538 SUSE-SU-2013:0773-1 -- Security update for curl, curl
oval:org.mitre.oval:def:27357 DEPRECATED: ELSA-2013-0771 -- curl security update (moderate)
oval:org.mitre.oval:def:21195 RHSA-2013:0983: curl security update (Moderate)
oval:org.mitre.oval:def:18350 USN-1894-1 -- curl vulnerability
oval:org.mitre.oval:def:18308 DSA-2713-1 curl - heap overflow
oval:org.mitre.oval:def:23721 ELSA-2013:0983: curl security update (Moderate)
oval:org.mitre.oval:def:23483 DEPRECATED: ELSA-2013:0983: curl security update (Moderate)
oval:org.mitre.oval:def:25977 SUSE-SU-2013:1166-1 -- Security update for compat-curl2
oval:org.mitre.oval:def:25912 SUSE-SU-2013:1166-2 -- Security update for curl
oval:org.mitre.oval:def:27292 DEPRECATED: ELSA-2013-0983 -- curl security update (moderate)
oval:org.mitre.oval:def:21073 USN-2048-1 -- curl vulnerability
oval:org.mitre.oval:def:19943 DSA-2798-1 curl - unchecked ssl certificate host name
oval:org.mitre.oval:def:25586 SUSE-SU-2014:0004-1 -- Security update for curl

Open Source Vulnerability Database (OSVDB)

id Description
73686 libcurl http_negotiate.c Curl_input_negotiate Function GSSAPI Credential Dele...
73328 cURL GSSAPI Client Credential Remote Disclosure

ExploitDB Exploits

id Description
24487 cURL Buffer Overflow Vulnerability

OpenVAS Exploits

id Description
2012-07-30 Name : CentOS Update for curl CESA-2011:0918 centos4 x86_64
File : nvt/gb_CESA-2011_0918_curl_centos4_x86_64.nasl
2012-07-30 Name : CentOS Update for curl CESA-2011:0918 centos5 x86_64
File : nvt/gb_CESA-2011_0918_curl_centos5_x86_64.nasl
2012-03-15 Name : VMSA-2012-0001 VMware ESXi and ESX updates to third party library and ESX Ser...
File : nvt/gb_VMSA-2012-0001.nasl
2012-03-12 Name : Gentoo Security Advisory GLSA 201203-02 (cURL)
File : nvt/glsa_201203_02.nasl
2012-02-13 Name : Fedora Update for curl FEDORA-2012-0888
File : nvt/gb_fedora_2012_0888_curl_fc15.nasl
2012-02-06 Name : Mac OS X Multiple Vulnerabilities (2012-001)
File : nvt/gb_macosx_su12-001.nasl
2011-08-18 Name : CentOS Update for curl CESA-2011:0918 centos4 i386
File : nvt/gb_CESA-2011_0918_curl_centos4_i386.nasl
2011-08-09 Name : CentOS Update for curl CESA-2011:0918 centos5 i386
File : nvt/gb_CESA-2011_0918_curl_centos5_i386.nasl
2011-08-03 Name : Debian Security Advisory DSA 2271-1 (curl)
File : nvt/deb_2271_1.nasl
2011-07-27 Name : Mandriva Update for curl MDVSA-2011:116 (curl)
File : nvt/gb_mandriva_MDVSA_2011_116.nasl
2011-07-12 Name : Fedora Update for curl FEDORA-2011-8586
File : nvt/gb_fedora_2011_8586_curl_fc15.nasl
2011-07-08 Name : RedHat Update for curl RHSA-2011:0918-01
File : nvt/gb_RHSA-2011_0918-01_curl.nasl
2011-07-08 Name : Fedora Update for curl FEDORA-2011-8640
File : nvt/gb_fedora_2011_8640_curl_fc14.nasl
2011-06-24 Name : Ubuntu Update for curl USN-1158-1
File : nvt/gb_ubuntu_USN_1158_1.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2015-A-0199 Multiple Vulnerabilities in Apple Mac OS X
Severity: Category I - VMSKEY: V0061337
2014-B-0161 Multiple Vulnerabilities in VMware ESXi 5.1
Severity: Category I - VMSKEY: V0057717
2012-A-0020 Multiple Vulnerabilities in VMware ESX 4.1 and ESXi 4.1
Severity: Category I - VMSKEY: V0031252

Snort® IPS/IDS

Date Description
2017-04-12 cURL and libcurl set-cookie remote code execution attempt
RuleID : 41853 - Type : OS-LINUX - Revision : 4
2014-01-10 libcurl MD5 digest buffer overflow attempt
RuleID : 26391 - Type : PROTOCOL-POP - Revision : 3

Nessus® Vulnerability Scanner

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2019-01-08 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2019-1002.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-111044d435.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-7f83032de6.nasl - Type: ACT_GATHER_INFO
2018-12-28 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2018-1427.nasl - Type: ACT_GATHER_INFO
2018-12-20 Name: The remote Amazon Linux 2 host is missing a security update.
File: al2_ALAS-2018-1135.nasl - Type: ACT_GATHER_INFO
2018-12-10 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2018-1401.nasl - Type: ACT_GATHER_INFO
2018-12-07 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2018-1112.nasl - Type: ACT_GATHER_INFO
2018-11-07 Name: The remote Debian host is missing a security update.
File: debian_DLA-1568.nasl - Type: ACT_GATHER_INFO
2018-10-26 Name: The remote EulerOS Virtualization host is missing multiple security updates.
File: EulerOS_SA-2018-1330.nasl - Type: ACT_GATHER_INFO
2018-09-21 Name: The remote Fedora host is missing a security update.
File: fedora_2018-ba443bcb6d.nasl - Type: ACT_GATHER_INFO
2018-09-18 Name: The remote EulerOS Virtualization host is missing a security update.
File: EulerOS_SA-2018-1237.nasl - Type: ACT_GATHER_INFO
2018-09-10 Name: The remote Debian host is missing a security update.
File: debian_DLA-1498.nasl - Type: ACT_GATHER_INFO
2018-09-06 Name: The remote Slackware host is missing a security update.
File: Slackware_SSA_2018-249-01.nasl - Type: ACT_GATHER_INFO
2018-09-06 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4286.nasl - Type: ACT_GATHER_INFO
2018-09-06 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_f4d638b9e6e54dbe8c70571dbc116174.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2017-0041.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2017-0044.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2017-0045.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2017-0048.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2017-0050.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2017-1_0-0095.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2018-1_0-0108.nasl - Type: ACT_GATHER_INFO
2018-07-24 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2018-2_0-0009.nasl - Type: ACT_GATHER_INFO
2018-07-24 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2018-2_0-0016.nasl - Type: ACT_GATHER_INFO
2018-04-18 Name: The remote Amazon Linux 2 host is missing a security update.
File: al2_ALAS-2018-951.nasl - Type: ACT_GATHER_INFO