Summary
Detail | |||
---|---|---|---|
Vendor | Tcl Tk | First view | 2007-05-29 |
Product | Tcl Tk | Last view | 2008-02-07 |
Version | 8.4.14 | Type | Application |
Update | * | ||
Edition | * | ||
Language | * | ||
Sofware Edition | * | ||
Target Software | * | ||
Target Hardware | * | ||
Other | * | ||
CPE Product | cpe:2.3:a:tcl_tk:tcl_tk |
Activity : Overall
Related : CVE
Date | Alert | Description | |
---|---|---|---|
6.8 | 2008-02-07 | CVE-2008-0553 | Stack-based buffer overflow in the ReadImage function in tkImgGIF.c in Tk (Tcl/Tk) before 8.5.1 allows remote attackers to execute arbitrary code via a crafted GIF image, a similar issue to CVE-2006-4484. |
6.8 | 2008-01-09 | CVE-2007-6067 | Algorithmic complexity vulnerability in the regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (memory consumption) via a crafted "complex" regular expression with doubly-nested states. |
6.8 | 2008-01-09 | CVE-2007-4769 | The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (backend crash) via an out-of-bounds backref number. |
6.8 | 2007-09-28 | CVE-2007-5137 | Buffer overflow in the ReadImage function in generic/tkImgGIF.c in Tcl (Tcl/Tk) 8.4.13 through 8.4.15 allows remote attackers to execute arbitrary code via multi-frame interlaced GIF files in which later frames are smaller than the first. NOTE: this issue is due to an incorrect patch for CVE-2007-5378. |
7.2 | 2007-05-29 | CVE-2007-2877 | Buffer overflow in tcl/win/tclWinReg.c in Tcl (Tcl/Tk) before 8.5a6 allows local users to gain privileges via long registry key paths. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
50% (2) | CWE-189 | Numeric Errors |
50% (2) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
41264 | Tcl (Tcl/Tk) generic/tkImgGIF.c Multiple Function GIF Handling Overflow |
40906 | TCL in PostgreSQL Out-of-bounds Backref Number Remote DoS |
40902 | TCL in PostgreSQL Regular Expression Parser Crafted Doubly-nested State Regex... |
36528 | Tcl (Tcl/Tk) tcl/win/tclWinReg.c Registry Key Path Local Overflow |
OpenVAS Exploits
id | Description |
---|---|
2009-10-13 | Name : SLES10: Security update for Tk File : nvt/sles10_tk.nasl |
2009-10-13 | Name : SLES10: Security update for PostgreSQL File : nvt/sles10_postgresql1.nasl |
2009-10-10 | Name : SLES9: Security update for Tk File : nvt/sles9p5023004.nasl |
2009-10-10 | Name : SLES9: Security update for postgresql File : nvt/sles9p5021809.nasl |
2009-10-10 | Name : SLES9: Security update for Tk File : nvt/sles9p5010158.nasl |
2009-06-03 | Name : Solaris Update for tk 137911-02 File : nvt/gb_solaris_137911_02.nasl |
2009-06-03 | Name : Solaris Update for tk 137910-02 File : nvt/gb_solaris_137910_02.nasl |
2009-06-03 | Name : Solaris Update for tk 137872-02 File : nvt/gb_solaris_137872_02.nasl |
2009-06-03 | Name : Solaris Update for tk 137871-02 File : nvt/gb_solaris_137871_02.nasl |
2009-04-09 | Name : Mandriva Update for tk MDVSA-2008:041 (tk) File : nvt/gb_mandriva_MDVSA_2008_041.nasl |
2009-04-09 | Name : Mandriva Update for postgresql MDVSA-2008:004 (postgresql) File : nvt/gb_mandriva_MDVSA_2008_004.nasl |
2009-04-09 | Name : Mandriva Update for tk MDKSA-2007:200 (tk) File : nvt/gb_mandriva_MDKSA_2007_200.nasl |
2009-03-23 | Name : Ubuntu Update for tk8.3, tk8.4 vulnerability USN-529-1 File : nvt/gb_ubuntu_USN_529_1.nasl |
2009-03-23 | Name : Ubuntu Update for postgresql vulnerabilities USN-568-1 File : nvt/gb_ubuntu_USN_568_1.nasl |
2009-03-23 | Name : Ubuntu Update for tk8.0, tk8.3, tk8.4 vulnerability USN-664-1 File : nvt/gb_ubuntu_USN_664_1.nasl |
2009-03-20 | Name : Ubuntu USN-736-1 (gst-plugins-good0.10) File : nvt/ubuntu_736_1.nasl |
2009-03-20 | Name : Debian Security Advisory DSA 1743-1 (libtk-img) File : nvt/deb_1743_1.nasl |
2009-03-06 | Name : RedHat Update for postgresql RHSA-2008:0038-01 File : nvt/gb_RHSA-2008_0038-01_postgresql.nasl |
2009-03-06 | Name : RedHat Update for tk RHSA-2008:0136-01 File : nvt/gb_RHSA-2008_0136-01_tk.nasl |
2009-03-06 | Name : RedHat Update for tcltk RHSA-2008:0134-01 File : nvt/gb_RHSA-2008_0134-01_tcltk.nasl |
2009-03-06 | Name : RedHat Update for tk RHSA-2008:0135-02 File : nvt/gb_RHSA-2008_0135-02_tk.nasl |
2009-02-27 | Name : CentOS Update for postgresql CESA-2008:0038 centos4 i386 File : nvt/gb_CESA-2008_0038_postgresql_centos4_i386.nasl |
2009-02-27 | Name : CentOS Update for postgresql CESA-2008:0038 centos4 x86_64 File : nvt/gb_CESA-2008_0038_postgresql_centos4_x86_64.nasl |
2009-02-27 | Name : CentOS Update for tcltk CESA-2008:0134-01 centos2 i386 File : nvt/gb_CESA-2008_0134-01_tcltk_centos2_i386.nasl |
2009-02-27 | Name : CentOS Update for expect CESA-2008:0134 centos3 i386 File : nvt/gb_CESA-2008_0134_expect_centos3_i386.nasl |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2014-12-15 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201412-08.nasl - Type: ACT_GATHER_INFO |
2013-07-12 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2008-0134.nasl - Type: ACT_GATHER_INFO |
2013-07-12 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2013-0122.nasl - Type: ACT_GATHER_INFO |
2013-07-12 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2008-0136.nasl - Type: ACT_GATHER_INFO |
2013-07-12 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2008-0135.nasl - Type: ACT_GATHER_INFO |
2013-07-12 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2008-0038.nasl - Type: ACT_GATHER_INFO |
2013-01-17 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2013-0122.nasl - Type: ACT_GATHER_INFO |
2013-01-17 | Name: The remote Scientific Linux host is missing one or more security updates. File: sl_20130108_tcl_on_SL5_x.nasl - Type: ACT_GATHER_INFO |
2013-01-08 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2013-0122.nasl - Type: ACT_GATHER_INFO |
2012-08-01 | Name: The remote Scientific Linux host is missing one or more security updates. File: sl_20080111_postgresql_on_SL3_x.nasl - Type: ACT_GATHER_INFO |
2012-08-01 | Name: The remote Scientific Linux host is missing one or more security updates. File: sl_20080221_tcltk_on_SL3_x.nasl - Type: ACT_GATHER_INFO |
2012-08-01 | Name: The remote Scientific Linux host is missing one or more security updates. File: sl_20080221_tk_on_SL4_x.nasl - Type: ACT_GATHER_INFO |
2009-09-24 | Name: The remote SuSE 9 host is missing a security-related patch. File: suse9_11853.nasl - Type: ACT_GATHER_INFO |
2009-09-24 | Name: The remote SuSE 9 host is missing a security-related patch. File: suse9_12065.nasl - Type: ACT_GATHER_INFO |
2009-09-24 | Name: The remote SuSE 9 host is missing a security-related patch. File: suse9_12071.nasl - Type: ACT_GATHER_INFO |
2009-07-27 | Name: The remote VMware ESXi / ESX host is missing one or more security-related pat... File: vmware_VMSA-2008-0009.nasl - Type: ACT_GATHER_INFO |
2009-04-23 | Name: The remote Ubuntu host is missing one or more security-related patches. File: ubuntu_USN-664-1.nasl - Type: ACT_GATHER_INFO |
2009-04-23 | Name: The remote Mandriva Linux host is missing one or more security updates. File: mandriva_MDVSA-2008-004.nasl - Type: ACT_GATHER_INFO |
2009-04-23 | Name: The remote Mandriva Linux host is missing one or more security updates. File: mandriva_MDVSA-2008-041.nasl - Type: ACT_GATHER_INFO |
2009-03-17 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-1743.nasl - Type: ACT_GATHER_INFO |
2008-06-24 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-1598.nasl - Type: ACT_GATHER_INFO |
2008-06-09 | Name: The remote openSUSE host is missing a security update. File: suse_tkimg-5320.nasl - Type: ACT_GATHER_INFO |
2008-06-09 | Name: The remote openSUSE host is missing a security update. File: suse_tkimg-5328.nasl - Type: ACT_GATHER_INFO |
2008-05-16 | Name: The remote Fedora host is missing a security update. File: fedora_2008-3621.nasl - Type: ACT_GATHER_INFO |
2008-05-11 | Name: The remote Fedora host is missing a security update. File: fedora_2008-3545.nasl - Type: ACT_GATHER_INFO |