Summary
Detail | |||
---|---|---|---|
Vendor | Suse | First view | 2007-03-06 |
Product | Linux Enterprise Server | Last view | 2023-04-25 |
Version | Type | ||
Update | |||
Edition | |||
Language | |||
Sofware Edition | |||
Target Software | |||
Target Hardware | |||
Other |
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
Related : CVE
Date | Alert | Description | |
---|---|---|---|
7.5 | 2023-04-25 | CVE-2023-29552 | The Service Location Protocol (SLP, RFC 2608) allows an unauthenticated, remote attacker to register arbitrary services. This could allow the attacker to use spoofed UDP traffic to conduct a denial-of-service attack with a significant amplification factor. |
5.5 | 2023-03-01 | CVE-2023-23005 | In the Linux kernel before 6.2, mm/memory-tiers.c misinterprets the alloc_memory_type return value (expects it to be NULL in the error case, whereas it is actually an error pointer). NOTE: this is disputed by third parties because there are no realistic cases in which a user can cause the alloc_memory_type error case to be reached. |
7.8 | 2023-02-15 | CVE-2022-45153 | An Incorrect Default Permissions vulnerability in saphanabootstrap-formula of SUSE Linux Enterprise Module for SAP Applications 15-SP1, SUSE Linux Enterprise Server for SAP 12-SP5; openSUSE Leap 15.4 allows local attackers to escalate to root by manipulating the sudo configuration that is created. This issue affects: SUSE Linux Enterprise Module for SAP Applications 15-SP1 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e. SUSE Linux Enterprise Server for SAP 12-SP5 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e. openSUSE Leap 15.4 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e. |
4.4 | 2022-10-06 | CVE-2022-31252 | A Incorrect Authorization vulnerability in chkstat of SUSE Linux Enterprise Server 12-SP5; openSUSE Leap 15.3, openSUSE Leap 15.4, openSUSE Leap Micro 5.2 did not consider group writable path components, allowing local attackers with access to a group what can write to a location included in the path to a privileged binary to influence path resolution. This issue affects: SUSE Linux Enterprise Server 12-SP5 permissions versions prior to 20170707. openSUSE Leap 15.3 permissions versions prior to 20200127. openSUSE Leap 15.4 permissions versions prior to 20201225. openSUSE Leap Micro 5.2 permissions versions prior to 20181225. |
5.5 | 2022-09-29 | CVE-2015-1931 | IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR1 FP10, 7 R1 before SR3 FP10, 7 before SR9 FP10, 6 R1 before SR8 FP7, 6 before SR16 FP7, and 5.0 before SR16 FP13 stores plaintext information in memory dumps, which allows local users to obtain sensitive information by reading a file. |
7.8 | 2022-04-27 | CVE-2022-27239 | In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges. |
7.8 | 2022-02-19 | CVE-2021-45082 | An issue was discovered in Cobbler before 3.3.1. In the templar.py file, the function check_for_invalid_imports can allow Cheetah code to import Python modules via the "#from MODULE import" substring. (Only lines beginning with #import are blocked.) |
7.8 | 2022-01-28 | CVE-2021-4034 | A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine. |
7.5 | 2021-11-11 | CVE-2002-20001 | The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)at or D(HE)ater attack. The client needs very little CPU resources and network bandwidth. The attack may be more disruptive in cases where a client can require a server to select its largest supported key size. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE. |
7.1 | 2021-07-28 | CVE-2021-32000 | A UNIX Symbolic Link (Symlink) Following vulnerability in the clone-master-clean-up.sh script of clone-master-clean-up in SUSE Linux Enterprise Server 12 SP3, SUSE Linux Enterprise Server 15 SP1; openSUSE Factory allows local attackers to delete arbitrary files. This issue affects: SUSE Linux Enterprise Server 12 SP3 clone-master-clean-up version 1.6-4.6.1 and prior versions. SUSE Linux Enterprise Server 15 SP1 clone-master-clean-up version 1.6-3.9.1 and prior versions. openSUSE Factory clone-master-clean-up version 1.6-1.4 and prior versions. |
7.1 | 2021-06-02 | CVE-2018-10195 | lrzsz before version 0.12.21~rc can leak information to the receiving side due to an incorrect length check in the function zsdata that causes a size_t to wrap around. |
9.3 | 2020-08-07 | CVE-2020-8025 | A Incorrect Execution-Assigned Permissions vulnerability in the permissions package of SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1, openSUSE Tumbleweed sets the permissions for some of the directories of the pcp package to unintended settings. This issue affects: SUSE Linux Enterprise Server 12-SP4 permissions versions prior to 20170707-3.24.1. SUSE Linux Enterprise Server 15-LTSS permissions versions prior to 20180125-3.27.1. SUSE Linux Enterprise Server for SAP 15 permissions versions prior to 20180125-3.27.1. openSUSE Leap 15.1 permissions versions prior to 20181116-lp151.4.24.1. openSUSE Tumbleweed permissions versions prior to 20200624. |
2.5 | 2020-03-02 | CVE-2020-8013 | A UNIX Symbolic Link (Symlink) Following vulnerability in chkstat of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 11 set permissions intended for specific binaries on other binaries because it erroneously followed symlinks. The symlinks can't be controlled by attackers on default systems, so exploitation is difficult. This issue affects: SUSE Linux Enterprise Server 12 permissions versions prior to 2015.09.28.1626-17.27.1. SUSE Linux Enterprise Server 15 permissions versions prior to 20181116-9.23.1. SUSE Linux Enterprise Server 11 permissions versions prior to 2013.1.7-0.6.12.1. |
9.8 | 2020-03-02 | CVE-2019-18903 | A Use After Free vulnerability in wicked of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Leap 15.1, Factory allows remote attackers to cause DoS or potentially code execution. This issue affects: SUSE Linux Enterprise Server 12 wicked versions prior to 0.6.60-2.18.1. SUSE Linux Enterprise Server 15 wicked versions prior to 0.6.60-28.26.1. openSUSE Leap 15.1 wicked versions prior to 0.6.60-lp151.2.9.1. openSUSE Factory wicked versions prior to 0.6.62. |
9.8 | 2020-03-02 | CVE-2019-18902 | A Use After Free vulnerability in wicked of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Leap 15.1, Factory allows remote attackers to cause DoS or potentially code execution. This issue affects: SUSE Linux Enterprise Server 12 wicked versions prior to 0.6.60-3.5.1. SUSE Linux Enterprise Server 15 wicked versions prior to 0.6.60-3.21.1. openSUSE Leap 15.1 wicked versions prior to 0.6.60-lp151.2.6.1. openSUSE Factory wicked versions prior to 0.6.62. |
5.5 | 2020-03-02 | CVE-2019-18901 | A UNIX Symbolic Link (Symlink) Following vulnerability in the mysql-systemd-helper of the mariadb packaging of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allows local attackers to change the permissions of arbitrary files to 0640. This issue affects: SUSE Linux Enterprise Server 12 mariadb versions prior to 10.2.31-3.25.1. SUSE Linux Enterprise Server 15 mariadb versions prior to 10.2.31-3.26.1. |
7.8 | 2020-03-02 | CVE-2019-18897 | A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of salt of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Factory allows local attackers to escalate privileges from user salt to root. This issue affects: SUSE Linux Enterprise Server 12 salt-master version 2019.2.0-46.83.1 and prior versions. SUSE Linux Enterprise Server 15 salt-master version 2019.2.0-6.21.1 and prior versions. openSUSE Factory salt-master version 2019.2.2-3.1 and prior versions. |
7.8 | 2020-02-17 | CVE-2014-1947 | Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick 6.5.4 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number of layers in a PSD image, involving the L%02ld string, a different vulnerability than CVE-2014-2030. |
6.8 | 2020-01-27 | CVE-2006-7246 | NetworkManager 0.9.x does not pin a certificate's subject to an ESSID when 802.11X authentication is used. |
3.3 | 2020-01-24 | CVE-2019-3687 | The permission package in SUSE Linux Enterprise Server allowed all local users to run dumpcap in the "easy" permission profile and sniff network traffic. This issue affects: SUSE Linux Enterprise Server permissions versions starting from 85c83fef7e017f8ab7f8602d3163786d57344439 to 081d081dcfaf61710bda34bc21c80c66276119aa. |
6.5 | 2020-01-23 | CVE-2015-5239 | Integer overflow in the VNC display driver in QEMU before 2.1.0 allows attachers to cause a denial of service (process crash) via a CLIENT_CUT_TEXT message, which triggers an infinite loop. |
8.8 | 2020-01-02 | CVE-2010-3782 | obs-server before 1.7.7 allows logins by 'unconfirmed' accounts due to a bug in the REST api implementation. |
8.8 | 2019-11-25 | CVE-2012-6639 | An privilege elevation vulnerability exists in Cloud-init before 0.7.0 when requests to an untrusted system are submitted for EC2 instance data. |
7.5 | 2019-11-15 | CVE-2016-5285 | A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service. |
5.3 | 2019-06-18 | CVE-2019-11038 | When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value of uninitialized variable. This may lead to disclosing contents of the stack that has been left there by previous code. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
13% (47) | CWE-416 | Use After Free |
9% (34) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
7% (26) | CWE-200 | Information Exposure |
7% (25) | CWE-476 | NULL Pointer Dereference |
7% (24) | CWE-787 | Out-of-bounds Write |
6% (23) | CWE-190 | Integer Overflow or Wraparound |
6% (21) | CWE-20 | Improper Input Validation |
3% (13) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
2% (10) | CWE-330 | Use of Insufficiently Random Values |
2% (10) | CWE-125 | Out-of-bounds Read |
2% (9) | CWE-362 | Race Condition |
2% (8) | CWE-264 | Permissions, Privileges, and Access Controls |
2% (7) | CWE-400 | Uncontrolled Resource Consumption ('Resource Exhaustion') |
1% (6) | CWE-269 | Improper Privilege Management |
1% (6) | CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflo... |
1% (5) | CWE-295 | Certificate Issues |
1% (5) | CWE-189 | Numeric Errors |
1% (4) | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
1% (4) | CWE-59 | Improper Link Resolution Before File Access ('Link Following') |
0% (3) | CWE-399 | Resource Management Errors |
0% (3) | CWE-346 | Origin Validation Error |
0% (3) | CWE-287 | Improper Authentication |
0% (3) | CWE-17 | Code |
0% (2) | CWE-772 | Missing Release of Resource after Effective Lifetime |
0% (2) | CWE-732 | Incorrect Permission Assignment for Critical Resource |
CAPEC : Common Attack Pattern Enumeration & Classification
id | Name |
---|---|
CAPEC-1 | Accessing Functionality Not Properly Constrained by ACLs |
CAPEC-17 | Accessing, Modifying or Executing Executable Files |
CAPEC-22 | Exploiting Trust in Client (aka Make the Client Invisible) |
CAPEC-23 | File System Function Injection, Content Based |
CAPEC-26 | Leveraging Race Conditions |
CAPEC-29 | Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions |
CAPEC-57 | Utilizing REST's Trust in the System Resource to Register Man in the Middle |
CAPEC-59 | Session Credential Falsification through Prediction |
CAPEC-60 | Reusing Session IDs (aka Session Replay) |
CAPEC-61 | Session Fixation |
CAPEC-62 | Cross Site Request Forgery (aka Session Riding) |
CAPEC-64 | Using Slashes and URL Encoding Combined to Bypass Validation Logic |
CAPEC-76 | Manipulating Input to File System Calls |
CAPEC-78 | Using Escaped Slashes in Alternate Encoding |
CAPEC-79 | Using Slashes in Alternate Encoding |
CAPEC-82 | Violating Implicit Assumptions Regarding XML Content (aka XML Denial of Servi... |
CAPEC-94 | Man in the Middle Attack |
CAPEC-99 | XML Parser Attack |
CAPEC-112 | Brute Force |
CAPEC-114 | Authentication Abuse |
CAPEC-122 | Exploitation of Authorization |
CAPEC-139 | Relative Path Traversal |
CAPEC-172 | Time and State Attacks |
CAPEC-180 | Exploiting Incorrectly Configured Access Control Security Levels |
CAPEC-232 | Exploitation of Privilege/Trust |
Oval Markup Language : Definitions
OvalID | Name |
---|---|
oval:org.mitre.oval:def:11017 | The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote ... |
oval:org.mitre.oval:def:10719 | The do_coredump function in fs/exec.c in Linux kernel 2.4.x and 2.6.x up to 2... |
oval:org.mitre.oval:def:9539 | Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Ap... |
oval:org.mitre.oval:def:20265 | Multiple vulnerabilities in the X server |
oval:org.mitre.oval:def:19689 | HP-UX Running Xserver, Remote Execution of Arbitrary Code |
oval:org.mitre.oval:def:10372 | The XInput extension in X.Org Xserver before 1.4.1 allows context-dependent a... |
oval:org.mitre.oval:def:8916 | The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly c... |
oval:org.mitre.oval:def:7816 | DSA-1565 linux-2.6 -- several vulnerabilities |
oval:org.mitre.oval:def:19757 | DSA-1565-1 linux-2.6 - several vulnerabilities |
oval:org.mitre.oval:def:11843 | Race condition in the directory notification subsystem (dnotify) in Linux ker... |
oval:org.mitre.oval:def:9905 | QEMU 0.9.0 does not properly handle changes to removable media, which allows ... |
oval:org.mitre.oval:def:7873 | DSA-1799 qemu -- several vulnerabilities |
oval:org.mitre.oval:def:7938 | DSA-1719 gnutls13 -- design flaw |
oval:org.mitre.oval:def:17875 | USN-678-1 -- gnutls12, gnutls13, gnutls26 vulnerability |
oval:org.mitre.oval:def:17801 | USN-678-2 -- gnutls12, gnutls13, gnutls26 regression |
oval:org.mitre.oval:def:13825 | USN-809-1 -- gnutls12, gnutls13, gnutls26 vulnerabilities |
oval:org.mitre.oval:def:13629 | DSA-1719-2 gnutls13, gnutls26 -- design flaw |
oval:org.mitre.oval:def:12790 | DSA-1719-1 gnutls13 -- design flaw |
oval:org.mitre.oval:def:11650 | The _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutl... |
oval:org.mitre.oval:def:22750 | ELSA-2008:0982: gnutls security update (Moderate) |
oval:org.mitre.oval:def:29020 | RHSA-2008:0982 -- gnutls security update (Moderate) |
oval:org.mitre.oval:def:9642 | nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thun... |
oval:org.mitre.oval:def:6557 | DSA-1750 libpng -- several vulnerabilities |
oval:org.mitre.oval:def:6458 | Libpng Library Uninitialized Pointer Arrays Memory Corruption Vulnerability |
oval:org.mitre.oval:def:13613 | DSA-1750-1 libpng -- several |
SAINT Exploits
Description | Link |
---|---|
Firefox AttributeChildRemoved Use After Free | More info here |
Polkit pkexec privilege elevation | More info here |
Linux kernel futex_requeue privilege elevation | More info here |
Mozilla Firefox XMLSerializer serializeToStream Use-after-free Vulnerability | More info here |
Telnetd Encryption Key ID Code Execution | More info here |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
78556 | Apache HTTP Server Status Code 400 Default Error Response httpOnly Cookie Dis... |
78293 | Apache HTTP Server Scoreboard Invalid Free Operation Local Security Bypass |
78148 | Google Chrome libxml2 parser.c xmlStringLenDecodeEntities() Function Remote O... |
78020 | FreeBSD telnetd Multiple telnet/libtelnet/encrypt.c encrypt_keyid() Function ... |
78014 | Linux Kernel SG_IO SCSI IOCTL Command Parsing Local Privilege Escalation |
77596 | JasPer src/libjasper/jpc/jpc_cs.c jpc_crg_getparms() Function CRG Marker Segm... |
77595 | JasPer src/libjasper/jpc/jpc_cs.c jpc_cox_getcompparms() Function COD Market ... |
77301 | NetworkManager ESSID PEAP / EAP-TTLS 802.11x Authentication MitM Weakness |
77092 | Linux Kernel fs/jbd/journal.c journal_get_superblock() ext3 Image Handling Lo... |
77014 | Apple iOS CoreGraphics Component src/cid/cidload.c FreeType CID-keyed Type 1 ... |
74721 | Apache HTTP Server ByteRange Filter Memory Exhaustion Remote DoS |
73617 | Kerberos Applications GSS-API FTP Daemon EGID Privilege Matching Restriction ... |
73388 | Multiple Vendor libc Implentation fnmatch.c Memory Consumption DoS |
73383 | Apache HTTP Server Portable Runtime (APR) Library apr_fnmatch() Infinite Loop... |
73340 | vsftpd ls.c vsf_filename_passes_filter STAT Command glob Expression Remote DoS |
73046 | Linux Kernel fs/partitions/osf.c osf_partition Function Partition Table Parsi... |
71265 | Linux Kernel epoll Nested Structures Local DoS |
70336 | Linux Kernel net/l2tp/l2tp_ip.c l2tp_ip_sendmsg Function Crafted sendto Call ... |
70335 | Linux Kernel net/l2tp/l2tp_ppp.c pppol2tp_sendmsg Function Crafted sendto Cal... |
70291 | Linux Kernel net/x25/x25_facilities.c x25_parse_facilities Function Facility ... |
70269 | Linux Kernel net/econet/af_econet.c aun_incoming Function UDP AUN Packet Remo... |
70265 | Linux Kernel kernel/exit.c do_exit Function KERNEL_DS get_fs Value Handling L... |
70262 | Linux Kernel net/econet/af_econet.c ec_dev_ioctl Function SIOCSIFADDR IOCTL e... |
70261 | Linux Kernel net/econet/af_econet.c econet_sendmsg Function sendmsg Call Loca... |
70260 | Linux Kernel net/econet/af_econet.c econet_sendmsg Function iovec Structure L... |
ExploitDB Exploits
id | Description |
---|---|
35370 | Linux Kernel libfutex Local Root for RHEL/CentOS 7.0.1406 |
31688 | ImageMagick 6.8.8-4 - Local Buffer Overflow (SEH) |
18221 | Apache HTTP Server Denial of Service |
17787 | Linux Kernel < 2.6.36.2 Econet Privilege Escalation Exploit |
16952 | Linux Kernel < 2.6.37-rc2 TCP_MAXSEG Kernel Panic DoS |
16270 | vsftpd 2.3.2 Denial of Service Vulnerability |
16263 | Linux Kernel <= 2.6.37 Local Kernel Denial of Service |
15704 | Linux Kernel <= 2.6.37 - Local Privilege Escalation |
15344 | Linux Kernel VIDIOCSMICROCODE IOCTL Local Memory Overwrite Vulnerability |
15285 | Linux RDS Protocol Local Privilege Escalation |
15150 | Linux Kernel < 2.6.36-rc6 pktcdvd Kernel Memory Disclosure |
14814 | Linux Kernel < 2.6.36-rc1 CAN BCM Privilege Escalation Exploit |
14422 | libpng <= 1.4.2 Denial of Service Vulnerability |
11203 | Pidgin MSN <= 2.6.4 File Download Vulnerability |
9575 | Linux Kernel < 2.6.19 - udp_sendmsg Local Root Exploit |
9574 | Linux Kernel < 2.6.19 udp_sendmsg Local Root Exploit (x86/x64) |
9542 | Linux Kernel 2.6 < 2.6.19 (32bit) ip_append_data() ring0 Root Exploit |
8572 | Linux Kernel 2.6 UDEV < 141 - Local Privilege Escalation Exploit |
OpenVAS Exploits
id | Description |
---|---|
2013-09-18 | Name : Debian Security Advisory DSA 2389-1 (linux-2.6 - privilege escalation/denial ... File : nvt/deb_2389_1.nasl |
2013-09-18 | Name : Debian Security Advisory DSA 2406-1 (icedove - several vulnerabilities) File : nvt/deb_2406_1.nasl |
2013-09-18 | Name : Debian Security Advisory DSA 2443-1 (linux-2.6 - privilege escalation/denial ... File : nvt/deb_2443_1.nasl |
2013-09-18 | Name : Debian Security Advisory DSA 2469-1 (linux-2.6 - privilege escalation/denial ... File : nvt/deb_2469_1.nasl |
2013-09-18 | Name : Debian Security Advisory DSA 2553-1 (iceweasel - several vulnerabilities) File : nvt/deb_2553_1.nasl |
2013-09-18 | Name : Debian Security Advisory DSA 2583-1 (iceweasel - several vulnerabilities) File : nvt/deb_2583_1.nasl |
2013-09-18 | Name : Debian Security Advisory DSA 2584-1 (iceape - several vulnerabilities) File : nvt/deb_2584_1.nasl |
2013-09-18 | Name : Debian Security Advisory DSA 2588-1 (icedove - several vulnerabilities) File : nvt/deb_2588_1.nasl |
2012-12-18 | Name : Fedora Update for xen FEDORA-2012-19828 File : nvt/gb_fedora_2012_19828_xen_fc16.nasl |
2012-12-18 | Name : Fedora Update for kernel FEDORA-2012-20240 File : nvt/gb_fedora_2012_20240_kernel_fc16.nasl |
2012-12-14 | Name : Fedora Update for xen FEDORA-2012-19717 File : nvt/gb_fedora_2012_19717_xen_fc17.nasl |
2012-12-13 | Name : SuSE Update for MozillaFirefox, openSUSE-SU-2012:0760-1 (MozillaFirefox,) File : nvt/gb_suse_2012_0760_1.nasl |
2012-12-13 | Name : SuSE Update for MozillaFirefox openSUSE-SU-2012:1064-1 (MozillaFirefox) File : nvt/gb_suse_2012_1064_1.nasl |
2012-12-13 | Name : SuSE Update for qemu openSUSE-SU-2012:1170-1 (qemu) File : nvt/gb_suse_2012_1170_1.nasl |
2012-12-13 | Name : SuSE Update for Security openSUSE-SU-2012:1172-1 (Security) File : nvt/gb_suse_2012_1172_1.nasl |
2012-12-13 | Name : SuSE Update for Security openSUSE-SU-2012:1174-1 (Security) File : nvt/gb_suse_2012_1174_1.nasl |
2012-12-13 | Name : SuSE Update for MozillaFirefox openSUSE-SU-2012:1345-1 (MozillaFirefox) File : nvt/gb_suse_2012_1345_1.nasl |
2012-12-13 | Name : SuSE Update for Mozilla Suite openSUSE-SU-2012:1412-1 (Mozilla Suite) File : nvt/gb_suse_2012_1412_1.nasl |
2012-12-13 | Name : SuSE Update for XEN openSUSE-SU-2012:1572-1 (XEN) File : nvt/gb_suse_2012_1572_1.nasl |
2012-12-06 | Name : Fedora Update for seamonkey FEDORA-2012-18931 File : nvt/gb_fedora_2012_18931_seamonkey_fc16.nasl |
2012-12-06 | Name : Fedora Update for seamonkey FEDORA-2012-18952 File : nvt/gb_fedora_2012_18952_seamonkey_fc17.nasl |
2012-12-04 | Name : Ubuntu Update for firefox USN-1638-3 File : nvt/gb_ubuntu_USN_1638_3.nasl |
2012-11-29 | Name : Fedora Update for kernel FEDORA-2012-18691 File : nvt/gb_fedora_2012_18691_kernel_fc16.nasl |
2012-11-26 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox72.nasl |
2012-11-26 | Name : Mozilla Firefox ESR Multiple Vulnerabilities-01 November12 (Windows) File : nvt/gb_mozilla_firefox_esr_mult_vuln01_nov12_win.nasl |
Information Assurance Vulnerability Management (IAVM)
id | Description |
---|---|
2015-A-0202 | Citrix XenServer Information Disclosure Vulnerability Severity: Category I - VMSKEY: V0061343 |
2015-A-0158 | Multiple Vulnerabilities in Oracle Java SE Severity: Category I - VMSKEY: V0061089 |
2015-A-0150 | Multiple Security Vulnerabilities in Juniper Networks CTPView Severity: Category I - VMSKEY: V0061073 |
2015-A-0113 | Multiple Vulnerabilities in Juniper Networks CTPOS Severity: Category I - VMSKEY: V0060737 |
2014-A-0172 | Multiple Vulnerabilities in Red Hat JBoss Enterprise Application Platform Severity: Category I - VMSKEY: V0057381 |
2014-B-0103 | Multiple Vulnerabilities in VMware Horizon View Client Severity: Category I - VMSKEY: V0053509 |
2014-B-0102 | Multiple Vulnerabilities in VMware vCenter Converter Standalone 5.5 Severity: Category I - VMSKEY: V0053507 |
2014-B-0101 | Multiple Vulnerabilities in VMware vCenter Converter Standalone 5.1 Severity: Category I - VMSKEY: V0053505 |
2014-A-0115 | Multiple Vulnerabilities in VMware Horizon View Severity: Category I - VMSKEY: V0053501 |
2014-B-0097 | Multiple Vulnerabilities in VMware ESXi 5.0 Severity: Category I - VMSKEY: V0053319 |
2014-A-0106 | Multiple Vulnerabilities in Oracle MySQL Product Suite Severity: Category I - VMSKEY: V0053189 |
2014-B-0095 | Multiple Vulnerabilities in Splunk Severity: Category I - VMSKEY: V0053177 |
2014-A-0111 | Multiple Vulnerabilities in VMware Workstation Severity: Category I - VMSKEY: V0053179 |
2014-A-0110 | Multiple Vulnerabilities in VMware Player Severity: Category I - VMSKEY: V0053181 |
2014-A-0109 | Multiple Vulnerabilities in VMware Fusion Severity: Category I - VMSKEY: V0053183 |
2014-A-0100 | Multiple Vulnerabilities in McAfee VirusScan Enterprise for Linux Severity: Category I - VMSKEY: V0053201 |
2014-A-0099 | Multiple Vulnerabilities in McAfee Email Gateway Severity: Category I - VMSKEY: V0053203 |
2014-B-0088 | Multiple Vulnerabilities in VMware ESXi 5.5 Severity: Category I - VMSKEY: V0052911 |
2014-B-0089 | Multiple Vulnerabilities in VMware ESXi 5.1 Severity: Category I - VMSKEY: V0052909 |
2014-B-0091 | Multiple Vulnerabilities in VMware vCenter Update Manager 5.5 Severity: Category I - VMSKEY: V0052907 |
2014-B-0085 | Multiple Vulnerabilities in HP System Management Homepage (SMH) Severity: Category I - VMSKEY: V0052899 |
2014-B-0092 | Multiple Vulnerabilities in VMware vSphere Client 5.5 Severity: Category I - VMSKEY: V0052893 |
2014-A-0089 | Multiple Vulnerabilities in Juniper Pulse Secure Access Service (IVE) Severity: Category I - VMSKEY: V0052805 |
2014-A-0087 | Multiple Vulnerabilities in McAfee ePolicy Orchestrator Severity: Category I - VMSKEY: V0052637 |
2014-B-0079 | Multiple Vulnerabilities in IBM AIX Severity: Category I - VMSKEY: V0052641 |
Snort® IPS/IDS
Date | Description |
---|---|
2020-02-25 | OpenSSL anonymous ECDH denial of service attempt RuleID : 52626 - Type : SERVER-OTHER - Revision : 1 |
2020-02-25 | OpenSSL anonymous ECDH denial of service attempt RuleID : 52625 - Type : SERVER-OTHER - Revision : 1 |
2020-01-14 | MySQL/MariaDB Server geometry query envelope object integer overflow attempt RuleID : 52423 - Type : SERVER-MYSQL - Revision : 1 |
2019-12-24 | Mutiple products libpng extra row heap overflow attempt RuleID : 52307 - Type : FILE-IMAGE - Revision : 1 |
2019-12-24 | Mutiple products libpng extra row heap overflow attempt RuleID : 52306 - Type : FILE-IMAGE - Revision : 1 |
2019-12-10 | Libmspack cabd_sys_read_block off-by-one heap overflow attempt RuleID : 52133 - Type : FILE-OTHER - Revision : 2 |
2019-12-10 | Libmspack cabd_sys_read_block off-by-one heap overflow attempt RuleID : 52132 - Type : FILE-OTHER - Revision : 2 |
2018-03-27 | ISC BIND malformed data channel authentication message denial of service attempt RuleID : 45738 - Type : SERVER-OTHER - Revision : 1 |
2018-03-23 | NTP crypto-NAK denial of service attempt RuleID : 45693 - Type : SERVER-OTHER - Revision : 3 |
2017-12-13 | NTP crypto-NAK denial of service attempt RuleID : 44756 - Type : SERVER-OTHER - Revision : 3 |
2017-11-30 | MySQL/MariaDB Server geometry query integer overflow attempt RuleID : 44674 - Type : SERVER-MYSQL - Revision : 2 |
2017-11-28 | WPA2 key reuse tool attempt RuleID : 44640 - Type : POLICY-OTHER - Revision : 2 |
2017-09-06 | ISC BIND malformed control channel authentication message denial of service a... RuleID : 43846 - Type : SERVER-OTHER - Revision : 2 |
2017-04-12 | SSL/TLS weak RC4 cipher suite use attempt RuleID : 41907 - Type : POLICY-OTHER - Revision : 3 |
2016-10-25 | Mozilla Firefox file type memory corruption attempt RuleID : 40280 - Type : BROWSER-FIREFOX - Revision : 1 |
2016-07-01 | ImageMagick and GraphicsMagick OpenBlob command injection attempt RuleID : 39097 - Type : FILE-IMAGE - Revision : 2 |
2016-07-01 | ImageMagick and GraphicsMagick OpenBlob command injection attempt RuleID : 39096 - Type : FILE-IMAGE - Revision : 2 |
2016-07-01 | ImageMagick and GraphicsMagick OpenBlob command injection attempt RuleID : 39095 - Type : FILE-IMAGE - Revision : 2 |
2016-07-01 | ImageMagick and GraphicsMagick OpenBlob command injection attempt RuleID : 39094 - Type : FILE-IMAGE - Revision : 2 |
2016-07-01 | ImageMagick and GraphicsMagick OpenBlob command injection attempt RuleID : 39093 - Type : FILE-IMAGE - Revision : 2 |
2016-07-01 | ImageMagick and GraphicsMagick OpenBlob command injection attempt RuleID : 39092 - Type : FILE-IMAGE - Revision : 2 |
2016-07-01 | ImageMagick and GraphicsMagick OpenBlob command injection attempt RuleID : 39091 - Type : FILE-IMAGE - Revision : 2 |
2016-07-01 | ImageMagick and GraphicsMagick OpenBlob command injection attempt RuleID : 39090 - Type : FILE-IMAGE - Revision : 2 |
2016-05-27 | ISC BIND malformed control channel authentication message denial of service a... RuleID : 38622 - Type : SERVER-OTHER - Revision : 4 |
2016-04-05 | Apache HTTP server potential cookie disclosure attempt RuleID : 37968 - Type : SERVER-WEBAPP - Revision : 1 |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2019-01-16 | Name: The remote database server is affected by multiple vulnerabilities File: mariadb_5_5_42.nasl - Type: ACT_GATHER_INFO |
2019-01-11 | Name: The remote Fedora host is missing a security update. File: fedora_2019-1198005e1f.nasl - Type: ACT_GATHER_INFO |
2019-01-11 | Name: The remote Fedora host is missing a security update. File: fedora_2019-c424e3bb72.nasl - Type: ACT_GATHER_INFO |
2019-01-10 | Name: The remote device is affected by multiple vulnerabilities. File: juniper_space_jsa10917_184R1.nasl - Type: ACT_GATHER_INFO |
2019-01-07 | Name: The remote Debian host is missing a security update. File: debian_DLA-1628.nasl - Type: ACT_GATHER_INFO |
2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-87f2ace20d.nasl - Type: ACT_GATHER_INFO |
2019-01-03 | Name: The remote Fedora host is missing one or more security updates. File: fedora_2018-a5953af115.nasl - Type: ACT_GATHER_INFO |
2019-01-03 | Name: The remote Fedora host is missing one or more security updates. File: fedora_2018-cb337fb199.nasl - Type: ACT_GATHER_INFO |
2018-12-24 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201812-09.nasl - Type: ACT_GATHER_INFO |
2018-12-18 | Name: The remote device is missing a vendor-supplied security patch. File: f5_bigip_SOL06493172.nasl - Type: ACT_GATHER_INFO |
2018-12-17 | Name: The remote Amazon Linux AMI host is missing a security update. File: ala_ALAS-2018-1130.nasl - Type: ACT_GATHER_INFO |
2018-12-01 | Name: The remote Debian host is missing a security update. File: debian_DLA-1599.nasl - Type: ACT_GATHER_INFO |
2018-11-27 | Name: The remote Virtuozzo host is missing a security update. File: Virtuozzo_VZLSA-2017-2838.nasl - Type: ACT_GATHER_INFO |
2018-11-27 | Name: The remote Virtuozzo host is missing a security update. File: Virtuozzo_VZLSA-2017-2911.nasl - Type: ACT_GATHER_INFO |
2018-11-19 | Name: The remote Fedora host is missing one or more security updates. File: fedora_2018-c73d257297.nasl - Type: ACT_GATHER_INFO |
2018-11-16 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2018-3083.nasl - Type: ACT_GATHER_INFO |
2018-11-13 | Name: The remote Debian host is missing a security update. File: debian_DLA-1573.nasl - Type: ACT_GATHER_INFO |
2018-11-13 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-4338.nasl - Type: ACT_GATHER_INFO |
2018-10-29 | Name: The remote Debian host is missing a security update. File: debian_DLA-1555.nasl - Type: ACT_GATHER_INFO |
2018-09-27 | Name: The remote EulerOS host is missing multiple security updates. File: EulerOS_SA-2018-1296.nasl - Type: ACT_GATHER_INFO |
2018-09-18 | Name: The remote EulerOS Virtualization host is missing multiple security updates. File: EulerOS_SA-2018-1232.nasl - Type: ACT_GATHER_INFO |
2018-09-18 | Name: The remote EulerOS Virtualization host is missing multiple security updates. File: EulerOS_SA-2018-1234.nasl - Type: ACT_GATHER_INFO |
2018-09-18 | Name: The remote EulerOS Virtualization host is missing multiple security updates. File: EulerOS_SA-2018-1260.nasl - Type: ACT_GATHER_INFO |
2018-08-31 | Name: The remote Virtuozzo host is missing multiple security updates. File: Virtuozzo_VZA-2018-063.nasl - Type: ACT_GATHER_INFO |
2018-08-20 | Name: The remote Virtuozzo host is missing multiple security updates. File: Virtuozzo_VZA-2018-055.nasl - Type: ACT_GATHER_INFO |