This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Tcl Tk First view 2007-05-29
Product Tcl Tk Last view 2008-02-07
Version 8.4.6 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:tcl_tk:tcl_tk

Activity : Overall

Related : CVE

  Date Alert Description
6.8 2008-02-07 CVE-2008-0553

Stack-based buffer overflow in the ReadImage function in tkImgGIF.c in Tk (Tcl/Tk) before 8.5.1 allows remote attackers to execute arbitrary code via a crafted GIF image, a similar issue to CVE-2006-4484.

6.8 2008-01-09 CVE-2007-6067

Algorithmic complexity vulnerability in the regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (memory consumption) via a crafted "complex" regular expression with doubly-nested states.

6.8 2008-01-09 CVE-2007-4769

The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (backend crash) via an out-of-bounds backref number.

7.2 2007-05-29 CVE-2007-2877

Buffer overflow in tcl/win/tclWinReg.c in Tcl (Tcl/Tk) before 8.5a6 allows local users to gain privileges via long registry key paths.

CWE : Common Weakness Enumeration

%idName
66% (2) CWE-189 Numeric Errors
33% (1) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

Open Source Vulnerability Database (OSVDB)

id Description
41264 Tcl (Tcl/Tk) generic/tkImgGIF.c Multiple Function GIF Handling Overflow
40906 TCL in PostgreSQL Out-of-bounds Backref Number Remote DoS
40902 TCL in PostgreSQL Regular Expression Parser Crafted Doubly-nested State Regex...
36528 Tcl (Tcl/Tk) tcl/win/tclWinReg.c Registry Key Path Local Overflow

OpenVAS Exploits

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2009-10-13 Name : SLES10: Security update for Tk
File : nvt/sles10_tk.nasl
2009-10-13 Name : SLES10: Security update for PostgreSQL
File : nvt/sles10_postgresql1.nasl
2009-10-10 Name : SLES9: Security update for Tk
File : nvt/sles9p5023004.nasl
2009-10-10 Name : SLES9: Security update for postgresql
File : nvt/sles9p5021809.nasl
2009-06-03 Name : Solaris Update for tk 137871-02
File : nvt/gb_solaris_137871_02.nasl
2009-06-03 Name : Solaris Update for tk 137872-02
File : nvt/gb_solaris_137872_02.nasl
2009-06-03 Name : Solaris Update for tk 137910-02
File : nvt/gb_solaris_137910_02.nasl
2009-06-03 Name : Solaris Update for tk 137911-02
File : nvt/gb_solaris_137911_02.nasl
2009-04-09 Name : Mandriva Update for postgresql MDVSA-2008:004 (postgresql)
File : nvt/gb_mandriva_MDVSA_2008_004.nasl
2009-04-09 Name : Mandriva Update for tk MDVSA-2008:041 (tk)
File : nvt/gb_mandriva_MDVSA_2008_041.nasl
2009-03-23 Name : Ubuntu Update for postgresql vulnerabilities USN-568-1
File : nvt/gb_ubuntu_USN_568_1.nasl
2009-03-23 Name : Ubuntu Update for tk8.0, tk8.3, tk8.4 vulnerability USN-664-1
File : nvt/gb_ubuntu_USN_664_1.nasl
2009-03-06 Name : RedHat Update for postgresql RHSA-2008:0038-01
File : nvt/gb_RHSA-2008_0038-01_postgresql.nasl
2009-03-06 Name : RedHat Update for tcltk RHSA-2008:0134-01
File : nvt/gb_RHSA-2008_0134-01_tcltk.nasl
2009-03-06 Name : RedHat Update for tk RHSA-2008:0135-02
File : nvt/gb_RHSA-2008_0135-02_tk.nasl
2009-03-06 Name : RedHat Update for tk RHSA-2008:0136-01
File : nvt/gb_RHSA-2008_0136-01_tk.nasl
2009-02-27 Name : CentOS Update for expect CESA-2008:0134 centos3 x86_64
File : nvt/gb_CESA-2008_0134_expect_centos3_x86_64.nasl
2009-02-27 Name : CentOS Update for tk CESA-2008:0135 centos4 i386
File : nvt/gb_CESA-2008_0135_tk_centos4_i386.nasl
2009-02-27 Name : CentOS Update for tk CESA-2008:0135 centos4 x86_64
File : nvt/gb_CESA-2008_0135_tk_centos4_x86_64.nasl
2009-02-27 Name : CentOS Update for tk CESA-2008:0136 centos5 i386
File : nvt/gb_CESA-2008_0136_tk_centos5_i386.nasl
2009-02-27 Name : CentOS Update for tk CESA-2008:0136 centos5 x86_64
File : nvt/gb_CESA-2008_0136_tk_centos5_x86_64.nasl
2009-02-27 Name : CentOS Update for expect CESA-2008:0134 centos3 i386
File : nvt/gb_CESA-2008_0134_expect_centos3_i386.nasl
2009-02-27 Name : CentOS Update for tcltk CESA-2008:0134-01 centos2 i386
File : nvt/gb_CESA-2008_0134-01_tcltk_centos2_i386.nasl
2009-02-27 Name : CentOS Update for postgresql CESA-2008:0038 centos4 x86_64
File : nvt/gb_CESA-2008_0038_postgresql_centos4_x86_64.nasl
2009-02-27 Name : CentOS Update for postgresql CESA-2008:0038 centos4 i386
File : nvt/gb_CESA-2008_0038_postgresql_centos4_i386.nasl

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2014-12-15 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201412-08.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2008-0134.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2013-0122.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2008-0136.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2008-0135.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2008-0038.nasl - Type: ACT_GATHER_INFO
2013-01-17 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20130108_tcl_on_SL5_x.nasl - Type: ACT_GATHER_INFO
2013-01-17 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2013-0122.nasl - Type: ACT_GATHER_INFO
2013-01-08 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2013-0122.nasl - Type: ACT_GATHER_INFO
2012-08-01 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20080111_postgresql_on_SL3_x.nasl - Type: ACT_GATHER_INFO
2012-08-01 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20080221_tk_on_SL4_x.nasl - Type: ACT_GATHER_INFO
2012-08-01 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20080221_tcltk_on_SL3_x.nasl - Type: ACT_GATHER_INFO
2009-09-24 Name: The remote SuSE 9 host is missing a security-related patch.
File: suse9_12071.nasl - Type: ACT_GATHER_INFO
2009-09-24 Name: The remote SuSE 9 host is missing a security-related patch.
File: suse9_12065.nasl - Type: ACT_GATHER_INFO
2009-07-27 Name: The remote VMware ESXi / ESX host is missing one or more security-related pat...
File: vmware_VMSA-2008-0009.nasl - Type: ACT_GATHER_INFO
2009-04-23 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-664-1.nasl - Type: ACT_GATHER_INFO
2009-04-23 Name: The remote Mandriva Linux host is missing one or more security updates.
File: mandriva_MDVSA-2008-041.nasl - Type: ACT_GATHER_INFO
2009-04-23 Name: The remote Mandriva Linux host is missing one or more security updates.
File: mandriva_MDVSA-2008-004.nasl - Type: ACT_GATHER_INFO
2008-06-24 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-1598.nasl - Type: ACT_GATHER_INFO
2008-06-09 Name: The remote openSUSE host is missing a security update.
File: suse_tkimg-5328.nasl - Type: ACT_GATHER_INFO
2008-06-09 Name: The remote openSUSE host is missing a security update.
File: suse_tkimg-5320.nasl - Type: ACT_GATHER_INFO
2008-05-16 Name: The remote Fedora host is missing a security update.
File: fedora_2008-3621.nasl - Type: ACT_GATHER_INFO
2008-05-11 Name: The remote Fedora host is missing a security update.
File: fedora_2008-3545.nasl - Type: ACT_GATHER_INFO
2008-04-28 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_51436b4c125011ddbab70016179b2dd5.nasl - Type: ACT_GATHER_INFO
2008-04-11 Name: The remote openSUSE host is missing a security update.
File: suse_tk-4973.nasl - Type: ACT_GATHER_INFO