Summary
| Detail | |||
|---|---|---|---|
| Vendor | Sun | First view | 2006-02-08 |
| Product | Jre | Last view | 2013-02-01 |
| Version | 1.4.2_25 | Type | Application |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:sun:jre | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 10 | 2013-02-01 | CVE-2013-1481 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound. |
| 10 | 2013-02-01 | CVE-2013-1480 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient validation of raster parameters" in awt_parseImage.c, which triggers memory corruption. |
| 10 | 2013-02-01 | CVE-2013-1478 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient validation of raster parameters" that can trigger an integer overflow and memory corruption. |
| 10 | 2013-02-01 | CVE-2013-1476 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2013-0441 and CVE-2013-1475. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass Java sandbox restrictions via "certain value handler constructors." |
| 10 | 2013-02-01 | CVE-2013-1475 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "IIOP type reuse management" in ObjectStreamClass.java. |
| 4 | 2013-02-01 | CVE-2013-0443 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect validation of Diffie-Hellman keys, which allows remote attackers to conduct a "small subgroup attack" to force the use of weak session keys or obtain sensitive information about the private key. |
| 10 | 2013-02-01 | CVE-2013-0442 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to an improper check of "privileges of the code" that bypasses the sandbox. |
| 10 | 2013-02-01 | CVE-2013-0441 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2013-1476 and CVE-2013-1475. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass Java sandbox restrictions via certain methods that should not be serialized, aka "missing serialization restriction." |
| 5 | 2013-02-01 | CVE-2013-0440 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 7, allows remote attackers to affect availability via vectors related to JSSE. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to CPU consumption in the SSL/TLS implementation via a large number of ClientHello packets that are not properly handled by (1) ClientHandshaker.java and (2) ServerHandshaker.java. |
| 5 | 2013-02-01 | CVE-2013-0434 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality via vectors related to JAXP. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to the public declaration of the loadPropertyFile method in the JAXP FuncSystemProperty class, which allows remote attackers to obtain sensitive information. |
| 6.4 | 2013-02-01 | CVE-2013-0432 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality and integrity via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient clipboard access premission checks." |
| 10 | 2013-02-01 | CVE-2013-0428 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0425 and CVE-2013-0426. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "incorrect checks for proxy classes" in the Reflection API. |
| 10 | 2013-02-01 | CVE-2013-0426 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0425 and CVE-2013-0428. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect "access control checks" in the logging API that allow remote attackers to bypass Java sandbox restrictions. |
| 10 | 2013-02-01 | CVE-2013-0425 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0428 and CVE-2013-0426. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect "access control checks" in the logging API that allow remote attackers to bypass Java sandbox restrictions. |
| 5 | 2013-02-01 | CVE-2013-0424 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via vectors related to RMI. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to cross-site scripting (XSS) in the sun.rmi.transport.proxy CGIHandler class that does not properly handle error messages in a (1) command or (2) port number. |
| 7.6 | 2012-10-16 | CVE-2012-5089 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JMX, a different vulnerability than CVE-2012-3143. |
| 0 | 2012-10-16 | CVE-2012-5085 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote authenticated users to have an unspecified impact via unknown vectors related to Networking. NOTE: the Oracle CPU states that this issue has a 0.0 CVSS score. If so, then this is not a vulnerability and this issue should not be included in CVE. |
| 7.6 | 2012-10-16 | CVE-2012-5084 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Swing. |
| 10 | 2012-10-16 | CVE-2012-5083 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, 1.4.2_38 and earlier, and JavaFX 2.2 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. |
| 5 | 2012-10-16 | CVE-2012-5081 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect availability, related to JSSE. |
| 5 | 2012-10-16 | CVE-2012-5079 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect integrity via unknown vectors related to Libraries, a different vulnerability than CVE-2012-5073. |
| 2.6 | 2012-10-16 | CVE-2012-5077 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Security. |
| 5 | 2012-10-16 | CVE-2012-5073 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect integrity via unknown vectors related to Libraries, a different vulnerability than CVE-2012-5079. |
| 2.6 | 2012-10-16 | CVE-2012-3216 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Libraries. |
| 10 | 2012-10-16 | CVE-2012-1531 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier; and JavaFX 2.2 and earlier; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 50% (22) | CWE-264 | Permissions, Privileges, and Access Controls |
| 15% (7) | CWE-200 | Information Exposure |
| 13% (6) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 4% (2) | CWE-189 | Numeric Errors |
| 4% (2) | CWE-20 | Improper Input Validation |
| 4% (2) | CWE-16 | Configuration |
| 2% (1) | CWE-287 | Improper Authentication |
| 2% (1) | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
| 2% (1) | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path ... |
CAPEC : Common Attack Pattern Enumeration & Classification
| id | Name |
|---|---|
| CAPEC-201 | External Entity Attack |
SAINT Exploits
| Description | Link |
|---|---|
| Oracle Java IE Browser Plugin docbase Parameter Stack Buffer Overflow | More info here |
| Oracle Java Applet2ClassLoader Vulnerability | More info here |
| Java SE AtomicReferenceArray Unsafe Security Bypass | More info here |
| Java Runtime CMM readMabCurveData Buffer Overflow | More info here |
| Oracle Java Runtime Hotspot Bytecode Verifier Type Confusion | More info here |
| Java Runtime Environment Soundbank Resource Name Stack Buffer Overflow | More info here |
| Oracle Java Rhino Script Engine Code Execution | More info here |
| Java Runtime Environment MixerSequence Function Pointer Control | More info here |
| Java Runtime Environment JAR manifest Main Class buffer overflow | More info here |
| Oracle Java findMethod findClass Security Bypass | More info here |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 76512 | Oracle Java SE JRE JAXWS Component Unspecified Remote Information Disclosure |
| 76511 | Oracle Java SE JRE Networking Component Unspecified Remote Information Disclo... |
| 76510 | Oracle Java SE JRE HotSpot Component Unspecified Remote Information Disclosure |
| 76507 | Oracle Java SE JRE JSSE Component Unspecified Remote Issue |
| 76506 | Oracle Java SE JRE RMI Component Unspecified Remote Issue (2011-3557) |
| 76505 | Oracle Java SE JRE RMI Component Unspecified Remote Issue (2011-3556) |
| 76504 | Oracle Java SE JRE Deployment Component Unspecified Remote Issue (2011-3516) |
| 76503 | Oracle Java SE JRE AWT Component Unspecified Remote Issue (2011-3550) |
| 76502 | Oracle Java SE JRE 2D Component Unspecified Remote Issue |
| 76501 | Oracle Java SE JRE Swing Component Unspecified Remote Issue |
| 76500 | Oracle Java SE JRE Rhino Javascript Error Parsing Input Sanitation Weakness R... |
| 76499 | Oracle Java SE JRE jsound.dll MixerSequencer.nAddControllerEventCallback Func... |
| 76498 | Oracle Java SE JRE Component Unspecified Remote Issue (2011-3554) |
| 76497 | Oracle Java SE JRE Networking Component java.net.Socket API UDP Socket Satura... |
| 76496 | Oracle Java SE JRE IIOP Deserialization Applet Handling Remote Code Execution |
| 76495 | Oracle Java SE JRE AWT Component Unspecified Remote Issue (2011-3548) |
| 73176 | Oracle Java SE / JRE AWT FileDialog.show() String Copy Overflow |
| 73085 | Oracle Java SE / JRE Deserialization Unspecified Remote Issue |
| 73084 | Oracle Java SE / JRE SAAJ Unspecified Remote Information Disclosure |
| 73083 | Oracle Java SE / JRE Networking Unspecified Remote Information Disclosure |
| 73082 | Oracle Java SE / JRE NIO Unspecified Remote DoS |
| 73081 | Oracle Java SE / JRE 2D Unspecified Remote Information Disclosure |
| 73080 | Oracle Java SE / JRE Java Web Start DLL Search Path Subversion Arbitrary DLL ... |
| 73079 | Oracle Java SE / JRE Java Web Start File Search Path Policy File Loading Remo... |
| 73078 | Oracle Java SE / JRE Java Web Start File Search Path Settings Files Loading R... |
ExploitDB Exploits
| id | Description |
|---|---|
| 19717 | Java Applet Field Bytecode Verifier Cache Remote Code Execution |
| 18679 | Java AtomicReferenceArray Type Violation Vulnerability |
| 18485 | Java MixerSequencer Object GM_Song Structure Handling Vulnerability |
| 18171 | Java Applet Rhino Script Engine Remote Code Execution |
| 16990 | Sun Java Applet2ClassLoader Remote Code Execution Exploit |
| 16495 | Sun Java Web Start BasicServiceImpl Remote Code Execution Exploit |
| 16305 | Java RMIConnectionImpl Deserialization Privilege Escalation Exploit |
| 16302 | Signed Applet Social Engineering Code Exec |
| 16297 | Java Statement.invoke() Trusted Method Chain Exploit |
| 16293 | Sun Java Calendar Deserialization Exploit |
| 15056 | MOAUB #20 - Java CMM readMabCurveData Stack Overflow |
| 9948 | Sun Java Runtime and Development Kit <= 6 update 10 Calendar Deserializati... |
| 8753 | Mac OS X Java applet Remote Deserialization Remote PoC (updated) |
OpenVAS Exploits
| id | Description |
|---|---|
| 2012-12-13 | Name : SuSE Update for java-1_6_0-openjdk openSUSE-SU-2012:0828-1 (java-1_6_0-openjdk) File : nvt/gb_suse_2012_0828_1.nasl |
| 2012-12-13 | Name : SuSE Update for java-1_6_0-openjdk openSUSE-SU-2012:1423-1 (java-1_6_0-openjdk) File : nvt/gb_suse_2012_1423_1.nasl |
| 2012-12-13 | Name : SuSE Update for java-1_6_0-openjdk openSUSE-SU-2012:1424-1 (java-1_6_0-openjdk) File : nvt/gb_suse_2012_1424_1.nasl |
| 2012-11-02 | Name : Mandriva Update for java-1.6.0-openjdk MDVSA-2012:169 (java-1.6.0-openjdk) File : nvt/gb_mandriva_MDVSA_2012_169.nasl |
| 2012-10-29 | Name : Ubuntu Update for openjdk-7 USN-1619-1 File : nvt/gb_ubuntu_USN_1619_1.nasl |
| 2012-10-19 | Name : CentOS Update for java CESA-2012:1384 centos6 File : nvt/gb_CESA-2012_1384_java_centos6.nasl |
| 2012-10-19 | Name : CentOS Update for java CESA-2012:1385 centos5 File : nvt/gb_CESA-2012_1385_java_centos5.nasl |
| 2012-10-19 | Name : CentOS Update for java CESA-2012:1386 centos6 File : nvt/gb_CESA-2012_1386_java_centos6.nasl |
| 2012-10-19 | Name : RedHat Update for java-1.6.0-openjdk RHSA-2012:1384-01 File : nvt/gb_RHSA-2012_1384-01_java-1.6.0-openjdk.nasl |
| 2012-10-19 | Name : RedHat Update for java-1.6.0-openjdk RHSA-2012:1385-01 File : nvt/gb_RHSA-2012_1385-01_java-1.6.0-openjdk.nasl |
| 2012-10-19 | Name : RedHat Update for java-1.7.0-openjdk RHSA-2012:1386-01 File : nvt/gb_RHSA-2012_1386-01_java-1.7.0-openjdk.nasl |
| 2012-10-19 | Name : Fedora Update for java-1.7.0-openjdk FEDORA-2012-16346 File : nvt/gb_fedora_2012_16346_java-1.7.0-openjdk_fc17.nasl |
| 2012-10-19 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2012-16351 File : nvt/gb_fedora_2012_16351_java-1.6.0-openjdk_fc16.nasl |
| 2012-10-19 | Name : Fedora Update for java-1.7.0-openjdk FEDORA-2012-16351 File : nvt/gb_fedora_2012_16351_java-1.7.0-openjdk_fc16.nasl |
| 2012-10-19 | Name : Oracle Java SE JRE Multiple Unspecified Vulnerabilities-01 Oct (Windows) File : nvt/gb_oracle_java_se_mult_vuln01_oct12_win.nasl |
| 2012-10-19 | Name : Oracle Java SE JRE Multiple Unspecified Vulnerabilities-02 oct12 (Windows) File : nvt/gb_oracle_java_se_mult_vuln02_oct12_win.nasl |
| 2012-09-22 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2012-13127 File : nvt/gb_fedora_2012_13127_java-1.6.0-openjdk_fc16.nasl |
| 2012-09-21 | Name : Java for Mac OS X 10.6 Update 10 File : nvt/gb_macosx_java_10_6_upd_10.nasl |
| 2012-09-06 | Name : Ubuntu Update for icedtea-web USN-1505-2 File : nvt/gb_ubuntu_USN_1505_2.nasl |
| 2012-09-04 | Name : CentOS Update for java CESA-2012:1223 centos6 File : nvt/gb_CESA-2012_1223_java_centos6.nasl |
| 2012-09-04 | Name : RedHat Update for java-1.7.0-openjdk RHSA-2012:1223-01 File : nvt/gb_RHSA-2012_1223-01_java-1.7.0-openjdk.nasl |
| 2012-09-04 | Name : Fedora Update for java-1.7.0-openjdk FEDORA-2012-13131 File : nvt/gb_fedora_2012_13131_java-1.7.0-openjdk_fc17.nasl |
| 2012-09-04 | Name : Fedora Update for java-1.7.0-openjdk FEDORA-2012-13138 File : nvt/gb_fedora_2012_13138_java-1.7.0-openjdk_fc16.nasl |
| 2012-09-03 | Name : Oracle Java SE JRE AWT Component Unspecified Vulnerability - (Windows) File : nvt/gb_oracle_java_se_jre_awt_comp_unspecified_vuln_win.nasl |
| 2012-09-03 | Name : Oracle Java SE JRE Multiple Remote Code Execution Vulnerabilities - (Windows) File : nvt/gb_oracle_java_se_jre_mult_code_exec_vuln_win.nasl |
Information Assurance Vulnerability Management (IAVM)
| id | Description |
|---|---|
| 2012-A-0153 | Multiple Vulnerabilities in VMware ESX 4.0 and ESXi 4.0 Severity: Category I - VMSKEY: V0033884 |
| 2012-A-0146 | Multiple Vulnerabilities in VMware vCenter Update Manager 4.1 Severity: Category I - VMSKEY: V0033792 |
| 2012-A-0147 | Multiple Vulnerabilities in VMware vCenter Server 4.1 Severity: Category I - VMSKEY: V0033793 |
| 2012-A-0148 | Multiple Vulnerabilities in VMware ESXi 4.1 and ESX 4.1 Severity: Category I - VMSKEY: V0033794 |
| 2012-A-0136 | Multiple Vulnerabilities in Juniper Network Management Products Severity: Category I - VMSKEY: V0033662 |
| 2012-B-0048 | Multiple Vulnerabilities in HP Systems Insight Manager Severity: Category I - VMSKEY: V0032178 |
| 2012-A-0048 | Multiple Vulnerabilities in VMware vCenter Update Manager 5.0 Severity: Category I - VMSKEY: V0031901 |
| 2011-A-0173 | Multiple Vulnerabilities in VMware ESX 4.0 Severity: Category I - VMSKEY: V0030824 |
| 2011-A-0160 | Multiple Vulnerabilities in VMware vCenter Server 4.0 and vCenter Update Mana... Severity: Category I - VMSKEY: V0030769 |
| 2011-A-0066 | Multiple Vulnerabilities in VMware Products Severity: Category I - VMSKEY: V0027158 |
| 2009-A-0105 | Multiple Vulnerabilities in VMware Products Severity: Category I - VMSKEY: V0021867 |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2019-05-21 | Oracle Java privileged protection domain exploitation attempt RuleID : 49846 - Type : FILE-JAVA - Revision : 1 |
| 2019-05-21 | Oracle Java privileged protection domain exploitation attempt RuleID : 49845 - Type : FILE-JAVA - Revision : 1 |
| 2018-04-05 | limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt RuleID : 45830 - Type : SERVER-OTHER - Revision : 1 |
| 2018-01-17 | limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt RuleID : 45201 - Type : SERVER-OTHER - Revision : 2 |
| 2018-01-17 | limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt RuleID : 45200 - Type : SERVER-OTHER - Revision : 2 |
| 2018-01-17 | limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt RuleID : 45199 - Type : SERVER-OTHER - Revision : 2 |
| 2017-08-01 | multiple products PNG processing buffer overflow attempt RuleID : 43399 - Type : FILE-IMAGE - Revision : 2 |
| 2015-04-30 | Nuclear exploit kit obfuscated file download RuleID : 33983 - Type : EXPLOIT-KIT - Revision : 4 |
| 2015-04-30 | Nuclear exploit kit landing page detected RuleID : 33982 - Type : EXPLOIT-KIT - Revision : 3 |
| 2014-11-16 | Oracle Java field bytecode verifier cache code execution attempt RuleID : 31512 - Type : FILE-JAVA - Revision : 3 |
| 2014-11-16 | Oracle Java field bytecode verifier cache code execution attempt RuleID : 31511 - Type : FILE-JAVA - Revision : 2 |
| 2018-06-15 | Hello/LightsOut exploit kit payload download attempt RuleID : 30003-community - Type : EXPLOIT-KIT - Revision : 6 |
| 2014-04-03 | Hello/LightsOut exploit kit payload download attempt RuleID : 30003 - Type : EXPLOIT-KIT - Revision : 6 |
| 2014-03-13 | Java FileDialog heap buffer overflow attempt RuleID : 29643 - Type : MALWARE-OTHER - Revision : 3 |
| 2014-03-13 | Java FileDialog heap buffer overflow attempt RuleID : 29642 - Type : MALWARE-OTHER - Revision : 3 |
| 2014-03-13 | Java FileDialog heap buffer overflow attempt RuleID : 29641 - Type : MALWARE-OTHER - Revision : 2 |
| 2014-03-13 | Java FileDialog heap buffer overflow attempt RuleID : 29640 - Type : MALWARE-OTHER - Revision : 2 |
| 2014-03-06 | Oracle Java Rhino script engine remote code execution attempt RuleID : 29535 - Type : FILE-JAVA - Revision : 4 |
| 2014-02-21 | Styx exploit kit eot outbound connection RuleID : 29453 - Type : EXPLOIT-KIT - Revision : 2 |
| 2014-02-21 | Styx exploit kit landing page request RuleID : 29452 - Type : EXPLOIT-KIT - Revision : 2 |
| 2014-02-21 | Styx exploit kit outbound jar request RuleID : 29451 - Type : EXPLOIT-KIT - Revision : 2 |
| 2014-02-21 | Styx exploit kit outbound connection attempt RuleID : 29450 - Type : EXPLOIT-KIT - Revision : 2 |
| 2014-02-21 | Styx exploit kit landing page RuleID : 29449 - Type : EXPLOIT-KIT - Revision : 2 |
| 2014-02-21 | Styx exploit kit landing page RuleID : 29448 - Type : EXPLOIT-KIT - Revision : 2 |
| 2014-02-21 | Styx exploit kit jar outbound connection RuleID : 29446 - Type : EXPLOIT-KIT - Revision : 8 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2016-11-30 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_18449f92ab3911e68011005056925db4.nasl - Type: ACT_GATHER_INFO |
| 2016-03-08 | Name: The remote VMware ESX host is missing a security-related patch. File: vmware_VMSA-2010-0002_remote.nasl - Type: ACT_GATHER_INFO |
| 2016-03-04 | Name: The remote VMware ESX / ESXi host is missing a security-related patch. File: vmware_VMSA-2011-0003_remote.nasl - Type: ACT_GATHER_INFO |
| 2016-03-04 | Name: The remote VMware ESX / ESXi host is missing a security-related patch. File: vmware_VMSA-2011-0013_remote.nasl - Type: ACT_GATHER_INFO |
| 2016-03-04 | Name: The remote VMware ESX / ESXi host is missing a security-related patch. File: vmware_esx_VMSA-2013-0003_remote.nasl - Type: ACT_GATHER_INFO |
| 2016-03-03 | Name: The remote host is missing a security-related patch. File: vmware_VMSA-2009-0014_remote.nasl - Type: ACT_GATHER_INFO |
| 2016-03-03 | Name: The remote host is missing a security-related patch. File: vmware_VMSA-2009-0016_remote.nasl - Type: ACT_GATHER_INFO |
| 2016-03-03 | Name: The remote VMware ESXi / ESX host is missing a security-related patch. File: vmware_VMSA-2012-0005_remote.nasl - Type: ACT_GATHER_INFO |
| 2015-05-20 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2012-1489-1.nasl - Type: ACT_GATHER_INFO |
| 2015-05-20 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2012-1489-2.nasl - Type: ACT_GATHER_INFO |
| 2015-05-20 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2012-1490-1.nasl - Type: ACT_GATHER_INFO |
| 2014-12-15 | Name: The remote device is missing a vendor-supplied security patch. File: f5_bigip_SOL15905.nasl - Type: ACT_GATHER_INFO |
| 2014-11-08 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2012-1080.nasl - Type: ACT_GATHER_INFO |
| 2014-11-08 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2012-1332.nasl - Type: ACT_GATHER_INFO |
| 2014-11-08 | Name: The remote Red Hat host is missing a security update. File: redhat-RHSA-2012-1537.nasl - Type: ACT_GATHER_INFO |
| 2014-11-08 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2013-1455.nasl - Type: ACT_GATHER_INFO |
| 2014-11-08 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2013-1456.nasl - Type: ACT_GATHER_INFO |
| 2014-08-22 | Name: The remote host is affected by multiple vulnerabilities. File: juniper_nsm_jsa10642.nasl - Type: ACT_GATHER_INFO |
| 2014-07-22 | Name: The remote Windows host contains a programming platform that is affected by m... File: oracle_jrockit_cpu_apr_2012.nasl - Type: ACT_GATHER_INFO |
| 2014-07-18 | Name: The remote Windows host contains a programming platform that is potentially a... File: oracle_jrockit_cpu_oct_2012.nasl - Type: ACT_GATHER_INFO |
| 2014-06-30 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201406-32.nasl - Type: ACT_GATHER_INFO |
| 2014-06-13 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2012-136.nasl - Type: ACT_GATHER_INFO |
| 2014-06-13 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2012-368.nasl - Type: ACT_GATHER_INFO |
| 2014-06-13 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2012-592.nasl - Type: ACT_GATHER_INFO |
| 2014-06-13 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2012-749.nasl - Type: ACT_GATHER_INFO |
