Summary
| Detail | |||
|---|---|---|---|
| Vendor | Redhat | First view | 2010-11-05 |
| Product | Enterprise Linux Server | Last view | 2020-03-12 |
| Version | 6.0 | Type | Os |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:o:redhat:enterprise_linux_server | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 8.8 | 2020-03-12 | CVE-2020-10531 | An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend() function in common/unistr.cpp. |
| 8.8 | 2020-02-11 | CVE-2013-4535 | The virtqueue_map_sg function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary files via a crafted savevm image, related to virtio-block or virtio-serial read. |
| 7.5 | 2020-02-06 | CVE-2013-4166 | The gpg_ctx_add_recipient function in camel/camel-gpg-context.c in GNOME Evolution 3.8.4 and earlier and Evolution Data Server 3.9.5 and earlier does not properly select the GPG key to use for email encryption, which might cause the email to be encrypted with the wrong key and allow remote attackers to obtain sensitive information. |
| 7.8 | 2020-01-31 | CVE-2014-8141 | Heap-based buffer overflow in the getZip64Data function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command. |
| 7.8 | 2020-01-31 | CVE-2014-8140 | Heap-based buffer overflow in the test_compr_eb function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command. |
| 7.8 | 2020-01-31 | CVE-2014-8139 | Heap-based buffer overflow in the CRC32 verification in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command. |
| 7.5 | 2020-01-31 | CVE-2011-4088 | ABRT might allow attackers to obtain sensitive information from crash reports. |
| 3.7 | 2020-01-15 | CVE-2020-2659 | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241 and 8u231; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). |
| 8.1 | 2020-01-15 | CVE-2020-2604 | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS v3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). |
| 6.8 | 2020-01-15 | CVE-2020-2601 | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N). |
| 4.8 | 2020-01-15 | CVE-2020-2593 | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N). |
| 3.7 | 2020-01-15 | CVE-2020-2590 | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). |
| 3.7 | 2020-01-15 | CVE-2020-2583 | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). |
| 7.8 | 2020-01-14 | CVE-2014-7844 | BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via a crafted email address. |
| 8.8 | 2020-01-08 | CVE-2019-17024 | Mozilla developers reported memory safety bugs present in Firefox 71 and Firefox ESR 68.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72. |
| 6.1 | 2020-01-08 | CVE-2019-17022 | When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer does not escape < and > characters. Because the resulting string is pasted directly into the text node of the element this does not result in a direct injection into the webpage; however, if a webpage subsequently copies the node's innerHTML, assigning it to another innerHTML, this would result in an XSS vulnerability. Two WYSIWYG editors were identified with this behavior, more may exist. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72. |
| 8.8 | 2020-01-08 | CVE-2019-17017 | Due to a missing case handling object types, a type confusion vulnerability could occur, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72. |
| 6.1 | 2020-01-08 | CVE-2019-17016 | When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly rewrites a @namespace rule. This could allow for injection into certain types of websites resulting in data exfiltration. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72. |
| 8.8 | 2019-12-10 | CVE-2019-13730 | Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| 5.3 | 2019-11-27 | CVE-2011-2515 | PackageKit 0.6.17 allows installation of unsigned RPM packages as though they were signed which may allow installation of non-trusted packages and execution of arbitrary code. |
| 8.8 | 2019-11-25 | CVE-2019-13723 | Use after free in WebBluetooth in Google Chrome prior to 78.0.3904.108 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. |
| 5.5 | 2019-11-20 | CVE-2012-6136 | tuned 2.10.0 creates its PID file with insecure permissions which allows local users to kill arbitrary processes. |
| 9.1 | 2019-10-17 | CVE-2019-17631 | From Eclipse OpenJ9 0.15 to 0.16, access to diagnostic operations such as causing a GC or creating a diagnostic file are permitted without any privilege checks. |
| 4.7 | 2019-10-16 | CVE-2019-2999 | Vulnerability in the Java SE product of Oracle Java SE (component: Javadoc). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.7 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N). |
| 3.7 | 2019-10-16 | CVE-2019-2992 | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 16% (122) | CWE-416 | Use After Free |
| 15% (118) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 11% (88) | CWE-20 | Improper Input Validation |
| 8% (66) | CWE-787 | Out-of-bounds Write |
| 7% (56) | CWE-200 | Information Exposure |
| 5% (44) | CWE-125 | Out-of-bounds Read |
| 3% (25) | CWE-190 | Integer Overflow or Wraparound |
| 2% (22) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
| 2% (16) | CWE-284 | Access Control (Authorization) Issues |
| 1% (11) | CWE-362 | Race Condition |
| 1% (9) | CWE-476 | NULL Pointer Dereference |
| 1% (9) | CWE-269 | Improper Privilege Management |
| 1% (8) | CWE-732 | Incorrect Permission Assignment for Critical Resource |
| 1% (8) | CWE-704 | Incorrect Type Conversion or Cast |
| 1% (8) | CWE-400 | Uncontrolled Resource Consumption ('Resource Exhaustion') |
| 1% (8) | CWE-264 | Permissions, Privileges, and Access Controls |
| 1% (8) | CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflo... |
| 0% (7) | CWE-399 | Resource Management Errors |
| 0% (6) | CWE-346 | Origin Validation Error |
| 0% (6) | CWE-189 | Numeric Errors |
| 0% (6) | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
| 0% (5) | CWE-415 | Double Free |
| 0% (5) | CWE-254 | Security Features |
| 0% (5) | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path ... |
| 0% (5) | CWE-19 | Data Handling |
SAINT Exploits
| Description | Link |
|---|---|
| Mozilla Firefox XMLSerializer serializeToStream Use-after-free Vulnerability | More info here |
| Red Hat DHCP client NetworkManager integration script command injection | More info here |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 78148 | Google Chrome libxml2 parser.c xmlStringLenDecodeEntities() Function Remote O... |
| 77707 | Google Chrome libxml Out-of-bounds Read Remote DoS |
| 75652 | Qt src/3rdparty/harfbuzz/src/harfbuzz-gpos.c Font Handling Overflow |
| 75560 | Google Chrome Double-free libxml XPath Handling Remote Code Execution |
| 74695 | Google Chrome Double Free Unspecified libxml XPath Handling Issue |
| 73046 | Linux Kernel fs/partitions/osf.c osf_partition Function Partition Table Parsi... |
| 71265 | Linux Kernel epoll Nested Structures Local DoS |
| 69673 | Google Chrome XPath Handling Double-free Remote DoS |
| 69205 | libxml2 Crafted XML File XPath Axis Traversal DoS |
| 69169 | Google Chrome WebM libvpx Unspecified Memory Corruption |
| 69003 | Linux Kernel KVM Memory arch/x86/kvm/x86.c Multiple Function Memory Content D... |
ExploitDB Exploits
| id | Description |
|---|---|
| 32998 | Heartbleed OpenSSL - Information Leak Exploit (2) - DTLS Support |
| 32791 | Heartbleed OpenSSL - Information Leak Exploit (1) |
| 32764 | OpenSSL 1.0.1f TLS Heartbeat Extension - Memory Disclosure (Multiple SSL/TLS ... |
| 32745 | OpenSSL TLS Heartbeat Extension - Memory Disclosure |
OpenVAS Exploits
| id | Description |
|---|---|
| 2014-10-16 | Name : POODLE SSLv3 Protocol CBC ciphers Information Disclosure Vulnerability File : nvt/gb_poodel_sslv3_info_disc_vuln.nasl |
| 2013-09-18 | Name : Debian Security Advisory DSA 2427-1 (imagemagick - several vulnerabilities) File : nvt/deb_2427_1.nasl |
| 2013-09-18 | Name : Debian Security Advisory DSA 2462-2 (imagemagick - several vulnerabilities) File : nvt/deb_2462_2.nasl |
| 2013-09-18 | Name : Debian Security Advisory DSA 2553-1 (iceweasel - several vulnerabilities) File : nvt/deb_2553_1.nasl |
| 2013-09-18 | Name : Debian Security Advisory DSA 2581-1 (mysql-5.1 - several vulnerabilities) File : nvt/deb_2581_1.nasl |
| 2013-09-18 | Name : Debian Security Advisory DSA 2583-1 (iceweasel - several vulnerabilities) File : nvt/deb_2583_1.nasl |
| 2013-09-18 | Name : Debian Security Advisory DSA 2584-1 (iceape - several vulnerabilities) File : nvt/deb_2584_1.nasl |
| 2013-09-18 | Name : Debian Security Advisory DSA 2588-1 (icedove - several vulnerabilities) File : nvt/deb_2588_1.nasl |
| 2012-12-31 | Name : Fedora Update for libtiff FEDORA-2012-20404 File : nvt/gb_fedora_2012_20404_libtiff_fc16.nasl |
| 2012-12-31 | Name : Fedora Update for libtiff FEDORA-2012-20446 File : nvt/gb_fedora_2012_20446_libtiff_fc17.nasl |
| 2012-12-26 | Name : CentOS Update for libtiff CESA-2012:1590 centos5 File : nvt/gb_CESA-2012_1590_libtiff_centos5.nasl |
| 2012-12-26 | Name : CentOS Update for libtiff CESA-2012:1590 centos6 File : nvt/gb_CESA-2012_1590_libtiff_centos6.nasl |
| 2012-12-26 | Name : RedHat Update for libtiff RHSA-2012:1590-01 File : nvt/gb_RHSA-2012_1590-01_libtiff.nasl |
| 2012-12-24 | Name : LibreOffice Graphic Object Loading Buffer Overflow Vulnerability (Mac OS X) File : nvt/gb_libreoffice_graphic_object_bof_vuln_macosx.nasl |
| 2012-12-24 | Name : LibreOffice Graphic Object Loading Buffer Overflow Vulnerability (Windows) File : nvt/gb_libreoffice_graphic_object_bof_vuln_win.nasl |
| 2012-12-24 | Name : OpenOffice Multiple Buffer Overflow Vulnerabilities - Dec12 (Windows) File : nvt/gb_openoffice_mult_bof_vuln_dec12_win.nasl |
| 2012-12-18 | Name : Fedora Update for xen FEDORA-2012-19828 File : nvt/gb_fedora_2012_19828_xen_fc16.nasl |
| 2012-12-14 | Name : Fedora Update for xen FEDORA-2012-19717 File : nvt/gb_fedora_2012_19717_xen_fc17.nasl |
| 2012-12-13 | Name : SuSE Update for MozillaFirefox, openSUSE-SU-2012:0760-1 (MozillaFirefox,) File : nvt/gb_suse_2012_0760_1.nasl |
| 2012-12-13 | Name : SuSE Update for MozillaFirefox openSUSE-SU-2012:1064-1 (MozillaFirefox) File : nvt/gb_suse_2012_1064_1.nasl |
| 2012-12-13 | Name : SuSE Update for qemu openSUSE-SU-2012:1170-1 (qemu) File : nvt/gb_suse_2012_1170_1.nasl |
| 2012-12-13 | Name : SuSE Update for Security openSUSE-SU-2012:1172-1 (Security) File : nvt/gb_suse_2012_1172_1.nasl |
| 2012-12-13 | Name : SuSE Update for Security openSUSE-SU-2012:1174-1 (Security) File : nvt/gb_suse_2012_1174_1.nasl |
| 2012-12-13 | Name : SuSE Update for MozillaFirefox openSUSE-SU-2012:1345-1 (MozillaFirefox) File : nvt/gb_suse_2012_1345_1.nasl |
| 2012-12-13 | Name : SuSE Update for Mozilla Suite openSUSE-SU-2012:1412-1 (Mozilla Suite) File : nvt/gb_suse_2012_1412_1.nasl |
Information Assurance Vulnerability Management (IAVM)
| id | Description |
|---|---|
| 2015-A-0199 | Multiple Vulnerabilities in Apple Mac OS X Severity: Category I - VMSKEY: V0061337 |
| 2015-A-0158 | Multiple Vulnerabilities in Oracle Java SE Severity: Category I - VMSKEY: V0061089 |
| 2015-A-0154 | Multiple Vulnerabilities in Oracle Fusion Middleware Severity: Category I - VMSKEY: V0061081 |
| 2015-B-0012 | Multiple Vulnerabilities in VMware ESXi 5.0 Severity: Category I - VMSKEY: V0058517 |
| 2015-B-0013 | Multiple Vulnerabilities in VMware ESXi 5.1 Severity: Category I - VMSKEY: V0058515 |
| 2015-B-0014 | Multiple Vulnerabilities in VMware ESXi 5.5 Severity: Category I - VMSKEY: V0058513 |
| 2014-A-0064 | Multiple Vulnerabilities in Mozilla Products Severity: Category I - VMSKEY: V0050011 |
| 2014-A-0063 | Multiple Vulnerabilities in McAfee VirusScan Enterprise for Linux Severity: Category I - VMSKEY: V0050009 |
| 2014-A-0062 | Multiple Vulnerabilities In McAfee Email Gateway Severity: Category I - VMSKEY: V0050005 |
| 2014-B-0050 | McAfee Web Gateway Information Disclosure Vulnerability Severity: Category I - VMSKEY: V0050003 |
| 2014-B-0046 | Multiple Vulnerabilities in HP System Management Homepage (SMH) Severity: Category I - VMSKEY: V0049737 |
| 2014-A-0056 | Multiple Vulnerabilities in Oracle Java SE Severity: Category I - VMSKEY: V0049583 |
| 2014-A-0057 | Multiple Vulnerabilities in Oracle MySQL Products Severity: Category I - VMSKEY: V0049591 |
| 2014-A-0053 | Multiple Vulnerabilities in Juniper Network JUNOS Severity: Category I - VMSKEY: V0049589 |
| 2014-A-0054 | Multiple Vulnerabilities in Oracle Database Severity: Category I - VMSKEY: V0049587 |
| 2014-A-0055 | Multiple Vulnerabilities in Oracle Fusion Middleware Severity: Category I - VMSKEY: V0049585 |
| 2014-A-0058 | Multiple Vulnerabilities in Oracle & Sun Systems Product Suite Severity: Category I - VMSKEY: V0049579 |
| 2014-B-0041 | Multiple Vulnerabilities in Splunk Severity: Category I - VMSKEY: V0049577 |
| 2014-B-0042 | Stunnel Information Disclosure Vulnerability Severity: Category I - VMSKEY: V0049575 |
| 2014-A-0051 | OpenSSL Information Disclosure Vulnerability Severity: Category I - VMSKEY: V0048667 |
| 2014-A-0043 | Multiple Vulnerabilities in Mozilla Products Severity: Category I - VMSKEY: V0046769 |
| 2014-A-0021 | Multiple Vulnerabilities in Mozilla Products Severity: Category I - VMSKEY: V0043921 |
| 2014-A-0017 | Multiple Vulnerabilities in Cisco TelePresence Video Communication Server Severity: Category I - VMSKEY: V0043846 |
| 2014-A-0019 | Multiple Vulnerabilities in VMware Fusion Severity: Category I - VMSKEY: V0043844 |
| 2013-A-0233 | Multiple Vulnerabilities in Mozilla Products Severity: Category I - VMSKEY: V0042596 |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2020-02-13 | Google V8 engine type confusion attempt RuleID : 52602 - Type : BROWSER-CHROME - Revision : 1 |
| 2020-02-13 | Google V8 engine type confusion attempt RuleID : 52601 - Type : BROWSER-CHROME - Revision : 1 |
| 2020-01-23 | Google Chrome V8 AwaitedPromise memory corruption attempt RuleID : 52504 - Type : BROWSER-CHROME - Revision : 1 |
| 2020-01-23 | Google Chrome V8 AwaitedPromise memory corruption attempt RuleID : 52503 - Type : BROWSER-CHROME - Revision : 1 |
| 2020-01-03 | ISC BIND deny-answer-aliases denial of service attempt RuleID : 52344 - Type : SERVER-OTHER - Revision : 1 |
| 2020-01-03 | ISC BIND deny-answer-aliases denial of service attempt RuleID : 52343 - Type : SERVER-OTHER - Revision : 1 |
| 2019-12-05 | ISC BIND DHCP client DNAME resource record parsing denial of service attempt RuleID : 52078 - Type : SERVER-OTHER - Revision : 1 |
| 2019-10-25 | Red Hat NetworkManager DHCP client command injection attempt RuleID : 52022-community - Type : OS-LINUX - Revision : 1 |
| 2019-11-26 | Red Hat NetworkManager DHCP client command injection attempt RuleID : 52022 - Type : OS-LINUX - Revision : 1 |
| 2019-11-19 | Ghostscript -dSAFER sandbox bypass attempt RuleID : 51945 - Type : FILE-OTHER - Revision : 1 |
| 2019-10-08 | Mozilla Firefox Custom Elements write-after-free attempt RuleID : 51440 - Type : BROWSER-FIREFOX - Revision : 1 |
| 2019-10-08 | Mozilla Firefox Custom Elements write-after-free attempt RuleID : 51439 - Type : BROWSER-FIREFOX - Revision : 1 |
| 2019-10-08 | Google Chrome V8 engine object instantiation heap corruption attempt RuleID : 51428 - Type : BROWSER-CHROME - Revision : 2 |
| 2019-10-08 | Google Chrome V8 engine object instantiation heap corruption attempt RuleID : 51427 - Type : BROWSER-CHROME - Revision : 2 |
| 2019-09-24 | MIT Kerberos kpasswd UDP denial of service attempt RuleID : 51212 - Type : SERVER-OTHER - Revision : 1 |
| 2019-01-17 | Mozilla Firefox method array.prototype.push remote code execution attempt RuleID : 48626 - Type : BROWSER-FIREFOX - Revision : 2 |
| 2019-01-17 | Mozilla Firefox method array.prototype.push remote code execution attempt RuleID : 48625 - Type : BROWSER-FIREFOX - Revision : 2 |
| 2019-01-10 | Mozilla Firefox javascript type confusion code execution attempt RuleID : 48565 - Type : BROWSER-FIREFOX - Revision : 1 |
| 2019-01-10 | Mozilla Firefox javascript type confusion code execution attempt RuleID : 48564 - Type : BROWSER-FIREFOX - Revision : 1 |
| 2018-12-07 | out-of-bounds write attempt with malicious MAR file detected RuleID : 48296 - Type : FILE-OTHER - Revision : 2 |
| 2018-12-07 | out-of-bounds write attempt with malicious MAR file detected RuleID : 48295 - Type : FILE-OTHER - Revision : 2 |
| 2018-11-10 | libvorbis VORBIS audio data out of bounds write attempt RuleID : 48106 - Type : FILE-MULTIMEDIA - Revision : 1 |
| 2018-11-10 | libvorbis VORBIS audio data out of bounds write attempt RuleID : 48105 - Type : FILE-MULTIMEDIA - Revision : 1 |
| 2018-10-25 | Ghostscript -dSAFER sandbox bypass attempt RuleID : 47882 - Type : FILE-OTHER - Revision : 1 |
| 2018-09-18 | LibreOffice WEBSERVICE arbitrary file disclosure attempt RuleID : 47566 - Type : FILE-OFFICE - Revision : 1 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2019-01-16 | Name: The remote Fedora host is missing a security update. File: fedora_2019-348547a32d.nasl - Type: ACT_GATHER_INFO |
| 2019-01-14 | Name: The remote Slackware host is missing a security update. File: Slackware_SSA_2019-013-01.nasl - Type: ACT_GATHER_INFO |
| 2019-01-11 | Name: The remote Virtuozzo host is missing a security update. File: Virtuozzo_VZA-2018-072.nasl - Type: ACT_GATHER_INFO |
| 2019-01-11 | Name: The remote Virtuozzo host is missing multiple security updates. File: Virtuozzo_VZA-2018-075.nasl - Type: ACT_GATHER_INFO |
| 2019-01-10 | Name: The remote device is affected by multiple vulnerabilities. File: juniper_space_jsa10917_183R1.nasl - Type: ACT_GATHER_INFO |
| 2019-01-10 | Name: The remote device is affected by multiple vulnerabilities. File: juniper_space_jsa10917_184R1.nasl - Type: ACT_GATHER_INFO |
| 2019-01-08 | Name: The remote EulerOS host is missing a security update. File: EulerOS_SA-2019-1007.nasl - Type: ACT_GATHER_INFO |
| 2019-01-08 | Name: The remote EulerOS host is missing a security update. File: EulerOS_SA-2019-1008.nasl - Type: ACT_GATHER_INFO |
| 2019-01-08 | Name: The remote EulerOS host is missing a security update. File: EulerOS_SA-2019-1012.nasl - Type: ACT_GATHER_INFO |
| 2019-01-08 | Name: The remote EulerOS host is missing a security update. File: EulerOS_SA-2019-1013.nasl - Type: ACT_GATHER_INFO |
| 2019-01-07 | Name: The remote Fedora host is missing a security update. File: fedora_2019-859384e002.nasl - Type: ACT_GATHER_INFO |
| 2019-01-07 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_546d4dd410ea11e9b407080027ef1a23.nasl - Type: ACT_GATHER_INFO |
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-043bd3349e.nasl - Type: ACT_GATHER_INFO |
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-04eded822e.nasl - Type: ACT_GATHER_INFO |
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-05acd3c734.nasl - Type: ACT_GATHER_INFO |
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-065a7722ee.nasl - Type: ACT_GATHER_INFO |
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-0ddef94854.nasl - Type: ACT_GATHER_INFO |
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-13d8c35127.nasl - Type: ACT_GATHER_INFO |
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-1cb4c4a6d8.nasl - Type: ACT_GATHER_INFO |
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-23ca7a6798.nasl - Type: ACT_GATHER_INFO |
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-34f7f68029.nasl - Type: ACT_GATHER_INFO |
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-357e8e07ce.nasl - Type: ACT_GATHER_INFO |
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-39be36e9fc.nasl - Type: ACT_GATHER_INFO |
| 2019-01-03 | Name: The remote Fedora host is missing one or more security updates. File: fedora_2018-3dc16842e2.nasl - Type: ACT_GATHER_INFO |
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-3ff1cb628b.nasl - Type: ACT_GATHER_INFO |
