Summary
Detail | |||
---|---|---|---|
Vendor | Redhat | First view | 2009-03-06 |
Product | Enterprise Linux Server Aus | Last view | 2024-02-07 |
Version | Type | ||
Update | |||
Edition | |||
Language | |||
Sofware Edition | |||
Target Software | |||
Target Hardware | |||
Other |
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
Related : CVE
Date | Alert | Description | |
---|---|---|---|
7.5 | 2024-02-07 | CVE-2023-6536 | A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service. |
7.5 | 2024-02-07 | CVE-2023-6535 | A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service. |
7.5 | 2024-02-07 | CVE-2023-6356 | A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver and causing kernel panic and a denial of service. |
6.5 | 2024-01-10 | CVE-2023-5455 | A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA. This flaw allows an attacker to trick the user into submitting a request that could perform actions as the user, resulting in a loss of confidentiality and system integrity. During community penetration testing it was found that for certain HTTP end-points FreeIPA does not ensure CSRF protection. Due to implementation details one cannot use this flaw for reflection of a cookie representing already logged-in user. An attacker would always have to go through a new authentication attempt. |
4.4 | 2023-12-10 | CVE-2023-5870 | A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would affect that specific background worker only. This issue may allow a remote high privileged user to launch a denial of service (DoS) attack. |
8.8 | 2023-12-10 | CVE-2023-5869 | A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbitrary code on the target system, allowing users to write arbitrary bytes to memory and extensively read the server's memory. |
4.3 | 2023-12-10 | CVE-2023-5868 | A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes, potentially revealing notable and confidential information. This issue exists due to excessive data output in aggregate function calls, enabling remote users to read some portion of system memory. |
7.5 | 2023-11-03 | CVE-2023-46848 | Squid is vulnerable to Denial of Service, where a remote attacker can perform DoS by sending ftp:// URLs in HTTP Request messages or constructing ftp:// URLs from FTP Native input. |
7.5 | 2023-11-03 | CVE-2023-46847 | Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication. |
5.3 | 2023-11-03 | CVE-2023-46846 | SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems. |
7.8 | 2023-11-01 | CVE-2023-3972 | A vulnerability was found in insights-client. This security issue occurs because of insecure file operations or unsafe handling of temporary files and directories that lead to local privilege escalation. Before the insights-client has been registered on the system by root, an unprivileged local user or attacker could create the /var/tmp/insights-client directory (owning the directory with read, write, and execute permissions) on the system. After the insights-client is registered by root, an attacker could then control the directory content that insights are using by putting malicious scripts into it and executing arbitrary code as root (trivially bypassing SELinux protections because insights processes are allowed to disable SELinux system-wide). |
7.8 | 2023-10-03 | CVE-2023-4911 | A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges. |
7.5 | 2023-09-27 | CVE-2023-5157 | A vulnerability was found in MariaDB. An OpenVAS port scan on ports 3306 and 4567 allows a malicious remote client to cause a denial of service. |
5.9 | 2023-09-18 | CVE-2023-4806 | A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags. |
6.5 | 2023-09-18 | CVE-2023-4527 | A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash. |
5.9 | 2023-09-12 | CVE-2023-4813 | A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge. |
6.5 | 2023-08-25 | CVE-2023-38201 | A flaw was found in the Keylime registrar that could allow a bypass of the challenge-response protocol during agent registration. This issue may allow an attacker to impersonate an agent and hide the true status of a monitored machine if the fake agent is added to the verifier list by a legitimate user, resulting in a breach of the integrity of the registrar database. |
7.8 | 2023-08-23 | CVE-2023-3899 | A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user could tamper with the state of the registration, by unregistering the system or by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an unconfined root. |
7.8 | 2023-08-07 | CVE-2023-4147 | A use-after-free flaw was found in the Linux kernel’s Netfilter functionality when adding a rule with NFTA_RULE_CHAIN_ID. This flaw allows a local user to crash or escalate their privileges on the system. |
7.5 | 2023-07-24 | CVE-2023-38200 | A flaw was found in Keylime. Due to their blocking nature, the Keylime registrar is subject to a remote denial of service against its SSL connections. This flaw allows an attacker to exhaust all available connections. |
7.8 | 2023-05-17 | CVE-2023-2491 | A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the "org-babel-execute:latex" function in ob-latex.el can result in arbitrary command execution. This CVE exists because of a CVE-2023-28617 security regression for the emacs package in Red Hat Enterprise Linux 8.8 and Red Hat Enterprise Linux 9.2. |
7.5 | 2023-05-17 | CVE-2023-2295 | A vulnerability was found in the libreswan library. This security issue occurs when an IKEv1 Aggressive Mode packet is received with only unacceptable crypto algorithms, and the response packet is not sent with a zero responder SPI. When a subsequent packet is received where the sender reuses the libreswan responder SPI as its own initiator SPI, the pluto daemon state machine crashes. No remote code execution is possible. This CVE exists because of a CVE-2023-30570 security regression for libreswan package in Red Hat Enterprise Linux 8.8 and Red Hat Enterprise Linux 9.2. |
8.8 | 2023-05-17 | CVE-2023-2203 | A flaw was found in the WebKitGTK package. An improper input validation issue may lead to a use-after-free vulnerability. This flaw allows attackers with network access to pass specially crafted web content files, causing a denial of service or arbitrary code execution. This CVE exists because of a CVE-2023-28205 security regression for the WebKitGTK package in Red Hat Enterprise Linux 8.8 and Red Hat Enterprise Linux 9.2. |
7.8 | 2023-03-27 | CVE-2023-0494 | A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions. |
8.8 | 2023-03-06 | CVE-2019-8720 | A vulnerability was found in WebKit. The flaw is triggered when processing maliciously crafted web content that may lead to arbitrary code execution. Improved memory handling addresses the multiple memory corruption issues. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
13% (87) | CWE-416 | Use After Free |
11% (73) | CWE-787 | Out-of-bounds Write |
10% (70) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
8% (52) | CWE-20 | Improper Input Validation |
7% (48) | CWE-125 | Out-of-bounds Read |
5% (35) | CWE-190 | Integer Overflow or Wraparound |
4% (28) | CWE-200 | Information Exposure |
2% (18) | CWE-476 | NULL Pointer Dereference |
2% (16) | CWE-362 | Race Condition |
2% (14) | CWE-400 | Uncontrolled Resource Consumption ('Resource Exhaustion') |
1% (9) | CWE-287 | Improper Authentication |
1% (8) | CWE-269 | Improper Privilege Management |
1% (8) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
1% (8) | CWE-59 | Improper Link Resolution Before File Access ('Link Following') |
1% (7) | CWE-704 | Incorrect Type Conversion or Cast |
1% (7) | CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflo... |
1% (7) | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
0% (6) | CWE-122 | Heap-based Buffer Overflow |
0% (5) | CWE-732 | Incorrect Permission Assignment for Critical Resource |
0% (5) | CWE-617 | Reachable Assertion |
0% (5) | CWE-444 | Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggli... |
0% (5) | CWE-399 | Resource Management Errors |
0% (5) | CWE-346 | Origin Validation Error |
0% (5) | CWE-284 | Access Control (Authorization) Issues |
0% (5) | CWE-78 | Improper Sanitization of Special Elements used in an OS Command ('O... |
Oval Markup Language : Definitions
OvalID | Name |
---|---|
oval:org.mitre.oval:def:9600 | The audit_syscall_entry function in the Linux kernel 2.6.28.7 and earlier on ... |
oval:org.mitre.oval:def:8508 | VMware kernel audit_syscall_entry function vulnerability |
oval:org.mitre.oval:def:10628 | Race condition in the NPObjWrapper_NewResolve function in modules/plugin/base... |
oval:org.mitre.oval:def:9403 | The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in... |
oval:org.mitre.oval:def:8616 | Apache 'mod_proxy' Remote Denial Of Service Vulnerability |
oval:org.mitre.oval:def:13643 | USN-802-2 -- apache2 regression |
oval:org.mitre.oval:def:12330 | HP-UX Apache-based Web Server, Local Information Disclosure, Increase of Priv... |
oval:org.mitre.oval:def:9248 | The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large fi... |
oval:org.mitre.oval:def:8632 | Apache 'mod_deflate' Connection State Denial Of Service Vulnerability |
oval:org.mitre.oval:def:7600 | DSA-1834 apache2 -- denial of service |
oval:org.mitre.oval:def:19296 | DSA-1834-1 apache2 apache2-mpm-itk - denial of service |
oval:org.mitre.oval:def:13769 | DSA-1834-2 apache2 -- denial of service |
oval:org.mitre.oval:def:13185 | USN-802-1 -- apache2 vulnerabilities |
oval:org.mitre.oval:def:12361 | HP-UX Apache-based Web Server, Local Information Disclosure, Increase of Priv... |
oval:org.mitre.oval:def:22875 | ELSA-2009:1148: httpd security update (Important) |
oval:org.mitre.oval:def:28396 | RHSA-2009:1148 -- httpd security update (Important) |
oval:org.mitre.oval:def:8657 | VMware kernel NULL pointer dereference vulnerability |
oval:org.mitre.oval:def:8131 | DSA-1864 linux-2.6.24 -- privilege escalation |
oval:org.mitre.oval:def:7993 | DSA-1865 linux-2.6 -- denial of service/privilege escalation |
oval:org.mitre.oval:def:7970 | DSA-1862 linux-2.6 -- privilege escalation |
oval:org.mitre.oval:def:13819 | USN-819-1 -- linux, linux-source-2.6.15 vulnerability |
oval:org.mitre.oval:def:13654 | DSA-1865-1 linux-2.6 -- denial of service/privilege escalation |
oval:org.mitre.oval:def:13630 | DSA-1864-1 linux-2.6.24 -- privilege escalation |
oval:org.mitre.oval:def:13563 | DSA-1862-1 linux-2.6 -- privilege escalation |
oval:org.mitre.oval:def:11591 | The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not... |
SAINT Exploits
Description | Link |
---|---|
Mozilla Firefox XMLSerializer serializeToStream Use-after-free Vulnerability | More info here |
Linux kernel futex_requeue privilege elevation | More info here |
Polkit pkexec privilege elevation | More info here |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
78293 | Apache HTTP Server Scoreboard Invalid Free Operation Local Security Bypass |
74829 | SSL Chained Initialization Vector CBC Mode MiTM Weakness |
74654 | Linux Kernel EFI GUID Partition Table (GPT) Implementation Crafted Partition ... |
73046 | Linux Kernel fs/partitions/osf.c osf_partition Function Partition Table Parsi... |
72993 | Linux Kernel drivers/infiniband/core/uverbs_cmd.c ib_uverbs_poll_cq Function ... |
71649 | Linux Kernel drivers/infiniband/core/uverbs_cmd.c ib_uverbs_poll_cq Function ... |
71480 | Linux Kernel cm_work_handler() Function InfiniBand Request Handling DoS |
70950 | Linux Kernel fs/xfs/xfs_fsops.c xfs_fs_geometry() Local Memory Disclosure |
57462 | Linux Kernel net/ipv*/udp.c MSG_MORE Flag Local Privilege Escalation |
56992 | Linux Kernel Multiple Protocol proto_ops() Initialization NULL Dereference Lo... |
55782 | Apache HTTP Server mod_deflate Module Aborted Connection DoS |
55553 | Apache HTTP Server mod_proxy Module mod_proxy_http.c stream_reqbody_cl Functi... |
55164 | Mozilla Firefox xul.dll nsJSNPRuntime.cpp NPObjWrapper_NewResolve Function Ra... |
52461 | Linux Kernel 32bit/64bit audit_syscall_entry Function 32/64 Bit Syscall Cross... |
52201 | Linux Kernel syscall Filtering 32/64-bit Switching Bypass |
ExploitDB Exploits
id | Description |
---|---|
35370 | Linux Kernel libfutex Local Root for RHEL/CentOS 7.0.1406 |
32998 | Heartbleed OpenSSL - Information Leak Exploit (2) - DTLS Support |
32791 | Heartbleed OpenSSL - Information Leak Exploit (1) |
32764 | OpenSSL 1.0.1f TLS Heartbeat Extension - Memory Disclosure (Multiple SSL/TLS ... |
32745 | OpenSSL TLS Heartbeat Extension - Memory Disclosure |
9575 | Linux Kernel < 2.6.19 - udp_sendmsg Local Root Exploit |
9574 | Linux Kernel < 2.6.19 udp_sendmsg Local Root Exploit (x86/x64) |
9542 | Linux Kernel 2.6 < 2.6.19 (32bit) ip_append_data() ring0 Root Exploit |
9479 | Linux Kernel 2.4/2.6 - sock_sendpage() ring0 Root Exploit (simple ver) |
9477 | Linux Kernel 2.x sock_sendpage() Local Root Exploit (Android Edition) |
OpenVAS Exploits
id | Description |
---|---|
2013-09-18 | Name : Debian Security Advisory DSA 2427-1 (imagemagick - several vulnerabilities) File : nvt/deb_2427_1.nasl |
2013-09-18 | Name : Debian Security Advisory DSA 2439-1 (libpng - buffer overflow) File : nvt/deb_2439_1.nasl |
2013-09-18 | Name : Debian Security Advisory DSA 2462-2 (imagemagick - several vulnerabilities) File : nvt/deb_2462_2.nasl |
2012-12-24 | Name : LibreOffice Graphic Object Loading Buffer Overflow Vulnerability (Mac OS X) File : nvt/gb_libreoffice_graphic_object_bof_vuln_macosx.nasl |
2012-12-24 | Name : LibreOffice Graphic Object Loading Buffer Overflow Vulnerability (Windows) File : nvt/gb_libreoffice_graphic_object_bof_vuln_win.nasl |
2012-12-24 | Name : OpenOffice Multiple Buffer Overflow Vulnerabilities - Dec12 (Windows) File : nvt/gb_openoffice_mult_bof_vuln_dec12_win.nasl |
2012-12-13 | Name : SuSE Update for update openSUSE-SU-2012:0466-1 (update) File : nvt/gb_suse_2012_0466_1.nasl |
2012-12-13 | Name : SuSE Update for MozillaFirefox, openSUSE-SU-2012:0760-1 (MozillaFirefox,) File : nvt/gb_suse_2012_0760_1.nasl |
2012-11-16 | Name : VMSA-2012-0016: VMware security updates for vSphere API and ESX Service Console File : nvt/gb_VMSA-2012-0016.nasl |
2012-10-19 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2012-16351 File : nvt/gb_fedora_2012_16351_java-1.6.0-openjdk_fc16.nasl |
2012-10-19 | Name : Fedora Update for java-1.7.0-openjdk FEDORA-2012-16351 File : nvt/gb_fedora_2012_16351_java-1.7.0-openjdk_fc16.nasl |
2012-10-19 | Name : Ubuntu Update for python2.5 USN-1613-1 File : nvt/gb_ubuntu_USN_1613_1.nasl |
2012-10-19 | Name : Ubuntu Update for python2.4 USN-1613-2 File : nvt/gb_ubuntu_USN_1613_2.nasl |
2012-10-03 | Name : Gentoo Security Advisory GLSA 201209-24 (PostgreSQL) File : nvt/glsa_201209_24.nasl |
2012-09-27 | Name : CentOS Update for kernel CESA-2012:1304 centos6 File : nvt/gb_CESA-2012_1304_kernel_centos6.nasl |
2012-09-27 | Name : RedHat Update for kernel RHSA-2012:1304-01 File : nvt/gb_RHSA-2012_1304-01_kernel.nasl |
2012-09-26 | Name : Gentoo Security Advisory GLSA 201209-05 (libreoffice) File : nvt/glsa_201209_05.nasl |
2012-09-26 | Name : Gentoo Security Advisory GLSA 201209-06 (expat) File : nvt/glsa_201209_06.nasl |
2012-09-25 | Name : Mac OS X v10.6.8 Multiple Vulnerabilities (2012-004) File : nvt/gb_macosx_su12-004.nasl |
2012-09-22 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2012-13127 File : nvt/gb_fedora_2012_13127_java-1.6.0-openjdk_fc16.nasl |
2012-09-11 | Name : Ubuntu Update for xmlrpc-c USN-1527-2 File : nvt/gb_ubuntu_USN_1527_2.nasl |
2012-09-10 | Name : Slackware Advisory SSA:2012-041-01 httpd File : nvt/esoft_slk_ssa_2012_041_01.nasl |
2012-09-10 | Name : Slackware Advisory SSA:2012-206-01 libpng File : nvt/esoft_slk_ssa_2012_206_01.nasl |
2012-09-04 | Name : Fedora Update for java-1.7.0-openjdk FEDORA-2012-13138 File : nvt/gb_fedora_2012_13138_java-1.7.0-openjdk_fc16.nasl |
2012-09-04 | Name : Mandriva Update for fetchmail MDVSA-2012:149 (fetchmail) File : nvt/gb_mandriva_MDVSA_2012_149.nasl |
Information Assurance Vulnerability Management (IAVM)
id | Description |
---|---|
2015-A-0202 | Citrix XenServer Information Disclosure Vulnerability Severity: Category I - VMSKEY: V0061343 |
2015-A-0199 | Multiple Vulnerabilities in Apple Mac OS X Severity: Category I - VMSKEY: V0061337 |
2015-A-0149 | Multiple Vulnerabilities in Juniper Networks and Security Manager(NSM) Appliance Severity: Category I - VMSKEY: V0061101 |
2015-A-0158 | Multiple Vulnerabilities in Oracle Java SE Severity: Category I - VMSKEY: V0061089 |
2015-A-0155 | Multiple Vulnerabilities in Oracle MySQL Product Suite Severity: Category I - VMSKEY: V0061083 |
2014-A-0064 | Multiple Vulnerabilities in Mozilla Products Severity: Category I - VMSKEY: V0050011 |
2014-A-0063 | Multiple Vulnerabilities in McAfee VirusScan Enterprise for Linux Severity: Category I - VMSKEY: V0050009 |
2014-A-0062 | Multiple Vulnerabilities In McAfee Email Gateway Severity: Category I - VMSKEY: V0050005 |
2014-B-0050 | McAfee Web Gateway Information Disclosure Vulnerability Severity: Category I - VMSKEY: V0050003 |
2014-B-0046 | Multiple Vulnerabilities in HP System Management Homepage (SMH) Severity: Category I - VMSKEY: V0049737 |
2014-A-0057 | Multiple Vulnerabilities in Oracle MySQL Products Severity: Category I - VMSKEY: V0049591 |
2014-A-0053 | Multiple Vulnerabilities in Juniper Network JUNOS Severity: Category I - VMSKEY: V0049589 |
2014-A-0054 | Multiple Vulnerabilities in Oracle Database Severity: Category I - VMSKEY: V0049587 |
2014-A-0055 | Multiple Vulnerabilities in Oracle Fusion Middleware Severity: Category I - VMSKEY: V0049585 |
2014-A-0056 | Multiple Vulnerabilities in Oracle Java SE Severity: Category I - VMSKEY: V0049583 |
2014-A-0058 | Multiple Vulnerabilities in Oracle & Sun Systems Product Suite Severity: Category I - VMSKEY: V0049579 |
2014-B-0041 | Multiple Vulnerabilities in Splunk Severity: Category I - VMSKEY: V0049577 |
2014-B-0042 | Stunnel Information Disclosure Vulnerability Severity: Category I - VMSKEY: V0049575 |
2014-A-0051 | OpenSSL Information Disclosure Vulnerability Severity: Category I - VMSKEY: V0048667 |
2014-A-0043 | Multiple Vulnerabilities in Mozilla Products Severity: Category I - VMSKEY: V0046769 |
2014-A-0030 | Apple Mac OS X Security Update 2014-001 Severity: Category I - VMSKEY: V0044547 |
2014-A-0021 | Multiple Vulnerabilities in Mozilla Products Severity: Category I - VMSKEY: V0043921 |
2014-A-0017 | Multiple Vulnerabilities in Cisco TelePresence Video Communication Server Severity: Category I - VMSKEY: V0043846 |
2014-A-0019 | Multiple Vulnerabilities in VMware Fusion Severity: Category I - VMSKEY: V0043844 |
2014-A-0011 | Multiple Vulnerabilities in Oracle MySQL Products Severity: Category I - VMSKEY: V0043399 |
Snort® IPS/IDS
Date | Description |
---|---|
2020-01-14 | IonMonkey MArraySlice buffer overflow attempt RuleID : 52431 - Type : BROWSER-FIREFOX - Revision : 1 |
2020-01-14 | IonMonkey MArraySlice buffer overflow attempt RuleID : 52430 - Type : BROWSER-FIREFOX - Revision : 1 |
2020-01-07 | LibVNCServer file transfer extension heap buffer overflow attempt RuleID : 52397 - Type : SERVER-OTHER - Revision : 1 |
2020-01-07 | LibVNCServer file transfer extension heap buffer overflow attempt RuleID : 52396 - Type : SERVER-OTHER - Revision : 1 |
2020-01-07 | LibVNCServer file transfer extension heap buffer overflow attempt RuleID : 52395 - Type : SERVER-OTHER - Revision : 1 |
2020-01-07 | LibVNCServer file transfer extension heap buffer overflow attempt RuleID : 52394 - Type : SERVER-OTHER - Revision : 1 |
2020-01-07 | LibVNCServer file transfer extension heap buffer overflow attempt RuleID : 52393 - Type : SERVER-OTHER - Revision : 1 |
2020-01-03 | ISC BIND deny-answer-aliases denial of service attempt RuleID : 52344 - Type : SERVER-OTHER - Revision : 1 |
2020-01-03 | ISC BIND deny-answer-aliases denial of service attempt RuleID : 52343 - Type : SERVER-OTHER - Revision : 1 |
2019-12-05 | ISC BIND DHCP client DNAME resource record parsing denial of service attempt RuleID : 52078 - Type : SERVER-OTHER - Revision : 1 |
2019-10-08 | Mozilla Firefox Custom Elements write-after-free attempt RuleID : 51440 - Type : BROWSER-FIREFOX - Revision : 1 |
2019-10-08 | Mozilla Firefox Custom Elements write-after-free attempt RuleID : 51439 - Type : BROWSER-FIREFOX - Revision : 1 |
2019-09-24 | MIT Kerberos kpasswd UDP denial of service attempt RuleID : 51212 - Type : SERVER-OTHER - Revision : 1 |
2019-04-30 | Unix systemd-journald memory corruption attempt RuleID : 49618 - Type : FILE-OTHER - Revision : 1 |
2019-04-30 | Unix systemd-journald memory corruption attempt RuleID : 49617 - Type : FILE-OTHER - Revision : 1 |
2019-03-05 | Ghostscript PostScript remote code execution attempt RuleID : 49086 - Type : FILE-OTHER - Revision : 1 |
2019-03-05 | Ghostscript PostScript remote code execution attempt RuleID : 49085 - Type : FILE-OTHER - Revision : 1 |
2020-12-05 | TRUFFLEHUNTER TALOS-2019-0758 attack attempt RuleID : 48855 - Type : PROTOCOL-OTHER - Revision : 1 |
2020-12-05 | TRUFFLEHUNTER TALOS-2019-0758 attack attempt RuleID : 48854 - Type : PROTOCOL-OTHER - Revision : 1 |
2019-01-17 | Mozilla Firefox method array.prototype.push remote code execution attempt RuleID : 48626 - Type : BROWSER-FIREFOX - Revision : 2 |
2019-01-17 | Mozilla Firefox method array.prototype.push remote code execution attempt RuleID : 48625 - Type : BROWSER-FIREFOX - Revision : 2 |
2019-01-10 | Mozilla Firefox javascript type confusion code execution attempt RuleID : 48565 - Type : BROWSER-FIREFOX - Revision : 1 |
2019-01-10 | Mozilla Firefox javascript type confusion code execution attempt RuleID : 48564 - Type : BROWSER-FIREFOX - Revision : 1 |
2018-12-07 | out-of-bounds write attempt with malicious MAR file detected RuleID : 48296 - Type : FILE-OTHER - Revision : 2 |
2018-12-07 | out-of-bounds write attempt with malicious MAR file detected RuleID : 48295 - Type : FILE-OTHER - Revision : 2 |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2019-01-17 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2019-0059.nasl - Type: ACT_GATHER_INFO |
2019-01-17 | Name: The remote Fedora host is missing one or more security updates. File: fedora_2019-509c133845.nasl - Type: ACT_GATHER_INFO |
2019-01-17 | Name: The remote Fedora host is missing one or more security updates. File: fedora_2019-f812c9fb22.nasl - Type: ACT_GATHER_INFO |
2019-01-17 | Name: The remote database server is affected by multiple vulnerabilities. File: mysql_5_6_43.nasl - Type: ACT_GATHER_INFO |
2019-01-17 | Name: The remote database server is affected by multiple vulnerabilities. File: mysql_5_7_25.nasl - Type: ACT_GATHER_INFO |
2019-01-17 | Name: The remote database server is affected by multiple vulnerabilities. File: mysql_8_0_14.nasl - Type: ACT_GATHER_INFO |
2019-01-16 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2019-0049.nasl - Type: ACT_GATHER_INFO |
2019-01-16 | Name: The remote Fedora host is missing a security update. File: fedora_2019-348547a32d.nasl - Type: ACT_GATHER_INFO |
2019-01-16 | Name: The remote Fedora host is missing a security update. File: fedora_2019-f6ff819834.nasl - Type: ACT_GATHER_INFO |
2019-01-16 | Name: The remote database server is affected by multiple vulnerabilities File: mariadb_5_5_42.nasl - Type: ACT_GATHER_INFO |
2019-01-14 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-4367.nasl - Type: ACT_GATHER_INFO |
2019-01-14 | Name: The remote Fedora host is missing a security update. File: fedora_2019-18b3a10c7f.nasl - Type: ACT_GATHER_INFO |
2019-01-11 | Name: The remote Virtuozzo host is missing a security update. File: Virtuozzo_VZA-2018-072.nasl - Type: ACT_GATHER_INFO |
2019-01-11 | Name: The remote Virtuozzo host is missing multiple security updates. File: Virtuozzo_VZA-2018-075.nasl - Type: ACT_GATHER_INFO |
2019-01-11 | Name: The remote Virtuozzo host is missing a security update. File: Virtuozzo_VZA-2018-077.nasl - Type: ACT_GATHER_INFO |
2019-01-11 | Name: The remote Virtuozzo host is missing a security update. File: Virtuozzo_VZA-2018-085.nasl - Type: ACT_GATHER_INFO |
2019-01-11 | Name: The remote Virtuozzo host is missing a security update. File: Virtuozzo_VZA-2018-086.nasl - Type: ACT_GATHER_INFO |
2019-01-11 | Name: The remote Virtuozzo host is missing a security update. File: Virtuozzo_VZA-2018-088.nasl - Type: ACT_GATHER_INFO |
2019-01-11 | Name: The remote device is missing a vendor-supplied security patch. File: juniper_jsa10916.nasl - Type: ACT_GATHER_INFO |
2019-01-10 | Name: The remote Amazon Linux 2 host is missing a security update. File: al2_ALAS-2019-1139.nasl - Type: ACT_GATHER_INFO |
2019-01-10 | Name: The remote Amazon Linux 2 host is missing a security update. File: al2_ALAS-2019-1141.nasl - Type: ACT_GATHER_INFO |
2019-01-10 | Name: The remote Amazon Linux 2 host is missing a security update. File: al2_ALAS-2019-1144.nasl - Type: ACT_GATHER_INFO |
2019-01-10 | Name: The remote device is affected by multiple vulnerabilities. File: juniper_space_jsa10917_183R1.nasl - Type: ACT_GATHER_INFO |
2019-01-10 | Name: The remote device is affected by multiple vulnerabilities. File: juniper_space_jsa10917_184R1.nasl - Type: ACT_GATHER_INFO |
2019-01-08 | Name: The remote EulerOS host is missing multiple security updates. File: EulerOS_SA-2019-1002.nasl - Type: ACT_GATHER_INFO |