This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Tcl Tk First view 2007-05-29
Product Tcl Tk Last view 2008-02-07
Version Type Application
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:a:tcl_tk:tcl_tk:8.4.15:*:*:*:*:*:*:* 5
cpe:2.3:a:tcl_tk:tcl_tk:8.4.14:*:*:*:*:*:*:* 5
cpe:2.3:a:tcl_tk:tcl_tk:8.4.13:*:*:*:*:*:*:* 5
cpe:2.3:a:tcl_tk:tcl_tk:8.4.16:*:*:*:*:*:*:* 4
cpe:2.3:a:tcl_tk:tcl_tk:8.4.0:*:*:*:*:*:*:* 4
cpe:2.3:a:tcl_tk:tcl_tk:2.1:*:*:*:*:*:*:* 4
cpe:2.3:a:tcl_tk:tcl_tk:8.0.3:*:*:*:*:*:*:* 4
cpe:2.3:a:tcl_tk:tcl_tk:8.2.0:*:*:*:*:*:*:* 4
cpe:2.3:a:tcl_tk:tcl_tk:8.4.4:*:*:*:*:*:*:* 4
cpe:2.3:a:tcl_tk:tcl_tk:8.4.8:*:*:*:*:*:*:* 4
cpe:2.3:a:tcl_tk:tcl_tk:8.4.5:*:*:*:*:*:*:* 4
cpe:2.3:a:tcl_tk:tcl_tk:6.4:*:*:*:*:*:*:* 4
cpe:2.3:a:tcl_tk:tcl_tk:7.1:*:*:*:*:*:*:* 4
cpe:2.3:a:tcl_tk:tcl_tk:8.4.11:*:*:*:*:*:*:* 4
cpe:2.3:a:tcl_tk:tcl_tk:8.1.1:*:*:*:*:*:*:* 4
cpe:2.3:a:tcl_tk:tcl_tk:8.4.12:*:*:*:*:*:*:* 4
cpe:2.3:a:tcl_tk:tcl_tk:8.3.4:*:*:*:*:*:*:* 4
cpe:2.3:a:tcl_tk:tcl_tk:8.4.10:*:*:*:*:*:*:* 4
cpe:2.3:a:tcl_tk:tcl_tk:8.4.2:*:*:*:*:*:*:* 4
cpe:2.3:a:tcl_tk:tcl_tk:8.4.1:*:*:*:*:*:*:* 4
cpe:2.3:a:tcl_tk:tcl_tk:8.0:*:*:*:*:*:*:* 4
cpe:2.3:a:tcl_tk:tcl_tk:8.0.4:*:*:*:*:*:*:* 4
cpe:2.3:a:tcl_tk:tcl_tk:8.3.2:*:*:*:*:*:*:* 4
cpe:2.3:a:tcl_tk:tcl_tk:3.3:*:*:*:*:*:*:* 4
cpe:2.3:a:tcl_tk:tcl_tk:6.7:*:*:*:*:*:*:* 4
cpe:2.3:a:tcl_tk:tcl_tk:6.1p1:*:*:*:*:*:*:* 4
cpe:2.3:a:tcl_tk:tcl_tk:8.2.1:*:*:*:*:*:*:* 4
cpe:2.3:a:tcl_tk:tcl_tk:8.4.9:*:*:*:*:*:*:* 4
cpe:2.3:a:tcl_tk:tcl_tk:6.2:*:*:*:*:*:*:* 4
cpe:2.3:a:tcl_tk:tcl_tk:8.0p2:*:*:*:*:*:*:* 4
cpe:2.3:a:tcl_tk:tcl_tk:8.4.7:*:*:*:*:*:*:* 4
cpe:2.3:a:tcl_tk:tcl_tk:8.3.5:*:*:*:*:*:*:* 4
cpe:2.3:a:tcl_tk:tcl_tk:8.3.3:*:*:*:*:*:*:* 4
cpe:2.3:a:tcl_tk:tcl_tk:8.4.3:*:*:*:*:*:*:* 4
cpe:2.3:a:tcl_tk:tcl_tk:4.0p1:*:*:*:*:*:*:* 4
cpe:2.3:a:tcl_tk:tcl_tk:7.4:*:*:*:*:*:*:* 4
cpe:2.3:a:tcl_tk:tcl_tk:8.4a3:*:*:*:*:*:*:* 4
cpe:2.3:a:tcl_tk:tcl_tk:7.5:*:*:*:*:*:*:* 4
cpe:2.3:a:tcl_tk:tcl_tk:7.5p1:*:*:*:*:*:*:* 4
cpe:2.3:a:tcl_tk:tcl_tk:8.1:*:*:*:*:*:*:* 4
cpe:2.3:a:tcl_tk:tcl_tk:8.4.6:*:*:*:*:*:*:* 4
cpe:2.3:a:tcl_tk:tcl_tk:8.3.1:*:*:*:*:*:*:* 4
cpe:2.3:a:tcl_tk:tcl_tk:6.1:*:*:*:*:*:*:* 4
cpe:2.3:a:tcl_tk:tcl_tk:7.6:*:*:*:*:*:*:* 4
cpe:2.3:a:tcl_tk:tcl_tk:7.3:*:*:*:*:*:*:* 4
cpe:2.3:a:tcl_tk:tcl_tk:8.4a2:*:*:*:*:*:*:* 4
cpe:2.3:a:tcl_tk:tcl_tk:6.6:*:*:*:*:*:*:* 4
cpe:2.3:a:tcl_tk:tcl_tk:8.0.5:*:*:*:*:*:*:* 4
cpe:2.3:a:tcl_tk:tcl_tk:7.6p2:*:*:*:*:*:*:* 4
cpe:2.3:a:tcl_tk:tcl_tk:8.2.3:*:*:*:*:*:*:* 4

Related : CVE

  Date Alert Description
6.8 2008-02-07 CVE-2008-0553

Stack-based buffer overflow in the ReadImage function in tkImgGIF.c in Tk (Tcl/Tk) before 8.5.1 allows remote attackers to execute arbitrary code via a crafted GIF image, a similar issue to CVE-2006-4484.

6.8 2008-01-09 CVE-2007-6067

Algorithmic complexity vulnerability in the regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (memory consumption) via a crafted "complex" regular expression with doubly-nested states.

6.8 2008-01-09 CVE-2007-4769

The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (backend crash) via an out-of-bounds backref number.

6.8 2007-09-28 CVE-2007-5137

Buffer overflow in the ReadImage function in generic/tkImgGIF.c in Tcl (Tcl/Tk) 8.4.13 through 8.4.15 allows remote attackers to execute arbitrary code via multi-frame interlaced GIF files in which later frames are smaller than the first. NOTE: this issue is due to an incorrect patch for CVE-2007-5378.

7.2 2007-05-29 CVE-2007-2877

Buffer overflow in tcl/win/tclWinReg.c in Tcl (Tcl/Tk) before 8.5a6 allows local users to gain privileges via long registry key paths.

CWE : Common Weakness Enumeration

%idName
50% (2) CWE-189 Numeric Errors
50% (2) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

Oval Markup Language : Definitions

OvalID Name
oval:org.mitre.oval:def:9540 Buffer overflow in the ReadImage function in generic/tkImgGIF.c in Tcl (Tcl/T...
oval:org.mitre.oval:def:22566 ELSA-2008:0136: tk security update (Moderate)
oval:org.mitre.oval:def:9804 The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2...
oval:org.mitre.oval:def:20998 RHSA-2013:0122: tcl security and bug fix update (Moderate)
oval:org.mitre.oval:def:10235 Algorithmic complexity vulnerability in the regular expression parser in TCL ...
oval:org.mitre.oval:def:23371 ELSA-2013:0122: tcl security and bug fix update (Moderate)
oval:org.mitre.oval:def:27239 DEPRECATED: ELSA-2013-0122 -- tcl security and bug fix update (moderate)
oval:org.mitre.oval:def:8363 DSA-1598 libtk-img -- buffer overflow
oval:org.mitre.oval:def:7812 DSA-1491 tk8.4 -- buffer overflow
oval:org.mitre.oval:def:7228 DSA-1490 tk8.3 -- buffer overflow
oval:org.mitre.oval:def:20168 DSA-1490-1 tk8.3 - arbitrary code execution
oval:org.mitre.oval:def:18666 DSA-1598-1 libtk-img - arbitrary code execution
oval:org.mitre.oval:def:18578 DSA-1491-1 tk8.4 - arbitrary code execution
oval:org.mitre.oval:def:17105 USN-664-1 -- tk8.0, tk8.3, tk8.4 vulnerability
oval:org.mitre.oval:def:10098 Stack-based buffer overflow in the ReadImage function in tkImgGIF.c in Tk (Tc...

Open Source Vulnerability Database (OSVDB)

id Description
41264 Tcl (Tcl/Tk) generic/tkImgGIF.c Multiple Function GIF Handling Overflow
40906 TCL in PostgreSQL Out-of-bounds Backref Number Remote DoS
40902 TCL in PostgreSQL Regular Expression Parser Crafted Doubly-nested State Regex...
36528 Tcl (Tcl/Tk) tcl/win/tclWinReg.c Registry Key Path Local Overflow

OpenVAS Exploits

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2009-10-13 Name : SLES10: Security update for Tk
File : nvt/sles10_tk.nasl
2009-10-13 Name : SLES10: Security update for PostgreSQL
File : nvt/sles10_postgresql1.nasl
2009-10-10 Name : SLES9: Security update for Tk
File : nvt/sles9p5023004.nasl
2009-10-10 Name : SLES9: Security update for postgresql
File : nvt/sles9p5021809.nasl
2009-10-10 Name : SLES9: Security update for Tk
File : nvt/sles9p5010158.nasl
2009-06-03 Name : Solaris Update for tk 137911-02
File : nvt/gb_solaris_137911_02.nasl
2009-06-03 Name : Solaris Update for tk 137910-02
File : nvt/gb_solaris_137910_02.nasl
2009-06-03 Name : Solaris Update for tk 137872-02
File : nvt/gb_solaris_137872_02.nasl
2009-06-03 Name : Solaris Update for tk 137871-02
File : nvt/gb_solaris_137871_02.nasl
2009-04-09 Name : Mandriva Update for tk MDVSA-2008:041 (tk)
File : nvt/gb_mandriva_MDVSA_2008_041.nasl
2009-04-09 Name : Mandriva Update for postgresql MDVSA-2008:004 (postgresql)
File : nvt/gb_mandriva_MDVSA_2008_004.nasl
2009-04-09 Name : Mandriva Update for tk MDKSA-2007:200 (tk)
File : nvt/gb_mandriva_MDKSA_2007_200.nasl
2009-03-23 Name : Ubuntu Update for tk8.3, tk8.4 vulnerability USN-529-1
File : nvt/gb_ubuntu_USN_529_1.nasl
2009-03-23 Name : Ubuntu Update for postgresql vulnerabilities USN-568-1
File : nvt/gb_ubuntu_USN_568_1.nasl
2009-03-23 Name : Ubuntu Update for tk8.0, tk8.3, tk8.4 vulnerability USN-664-1
File : nvt/gb_ubuntu_USN_664_1.nasl
2009-03-20 Name : Ubuntu USN-736-1 (gst-plugins-good0.10)
File : nvt/ubuntu_736_1.nasl
2009-03-20 Name : Debian Security Advisory DSA 1743-1 (libtk-img)
File : nvt/deb_1743_1.nasl
2009-03-06 Name : RedHat Update for postgresql RHSA-2008:0038-01
File : nvt/gb_RHSA-2008_0038-01_postgresql.nasl
2009-03-06 Name : RedHat Update for tk RHSA-2008:0136-01
File : nvt/gb_RHSA-2008_0136-01_tk.nasl
2009-03-06 Name : RedHat Update for tcltk RHSA-2008:0134-01
File : nvt/gb_RHSA-2008_0134-01_tcltk.nasl
2009-03-06 Name : RedHat Update for tk RHSA-2008:0135-02
File : nvt/gb_RHSA-2008_0135-02_tk.nasl
2009-02-27 Name : CentOS Update for postgresql CESA-2008:0038 centos4 i386
File : nvt/gb_CESA-2008_0038_postgresql_centos4_i386.nasl
2009-02-27 Name : CentOS Update for postgresql CESA-2008:0038 centos4 x86_64
File : nvt/gb_CESA-2008_0038_postgresql_centos4_x86_64.nasl
2009-02-27 Name : CentOS Update for tcltk CESA-2008:0134-01 centos2 i386
File : nvt/gb_CESA-2008_0134-01_tcltk_centos2_i386.nasl
2009-02-27 Name : CentOS Update for expect CESA-2008:0134 centos3 i386
File : nvt/gb_CESA-2008_0134_expect_centos3_i386.nasl

Nessus® Vulnerability Scanner

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2014-12-15 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201412-08.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2008-0134.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2013-0122.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2008-0136.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2008-0135.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2008-0038.nasl - Type: ACT_GATHER_INFO
2013-01-17 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2013-0122.nasl - Type: ACT_GATHER_INFO
2013-01-17 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20130108_tcl_on_SL5_x.nasl - Type: ACT_GATHER_INFO
2013-01-08 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2013-0122.nasl - Type: ACT_GATHER_INFO
2012-08-01 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20080111_postgresql_on_SL3_x.nasl - Type: ACT_GATHER_INFO
2012-08-01 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20080221_tcltk_on_SL3_x.nasl - Type: ACT_GATHER_INFO
2012-08-01 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20080221_tk_on_SL4_x.nasl - Type: ACT_GATHER_INFO
2009-09-24 Name: The remote SuSE 9 host is missing a security-related patch.
File: suse9_11853.nasl - Type: ACT_GATHER_INFO
2009-09-24 Name: The remote SuSE 9 host is missing a security-related patch.
File: suse9_12065.nasl - Type: ACT_GATHER_INFO
2009-09-24 Name: The remote SuSE 9 host is missing a security-related patch.
File: suse9_12071.nasl - Type: ACT_GATHER_INFO
2009-07-27 Name: The remote VMware ESXi / ESX host is missing one or more security-related pat...
File: vmware_VMSA-2008-0009.nasl - Type: ACT_GATHER_INFO
2009-04-23 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-664-1.nasl - Type: ACT_GATHER_INFO
2009-04-23 Name: The remote Mandriva Linux host is missing one or more security updates.
File: mandriva_MDVSA-2008-004.nasl - Type: ACT_GATHER_INFO
2009-04-23 Name: The remote Mandriva Linux host is missing one or more security updates.
File: mandriva_MDVSA-2008-041.nasl - Type: ACT_GATHER_INFO
2009-03-17 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-1743.nasl - Type: ACT_GATHER_INFO
2008-06-24 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-1598.nasl - Type: ACT_GATHER_INFO
2008-06-09 Name: The remote openSUSE host is missing a security update.
File: suse_tkimg-5320.nasl - Type: ACT_GATHER_INFO
2008-06-09 Name: The remote openSUSE host is missing a security update.
File: suse_tkimg-5328.nasl - Type: ACT_GATHER_INFO
2008-05-16 Name: The remote Fedora host is missing a security update.
File: fedora_2008-3621.nasl - Type: ACT_GATHER_INFO
2008-05-11 Name: The remote Fedora host is missing a security update.
File: fedora_2008-3545.nasl - Type: ACT_GATHER_INFO