Executive Summary
This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
| Summary | |
|---|---|
| Title | Sun JDK/JRE: Multiple vulnerabilites |
| Informations | |||
|---|---|---|---|
| Name | GLSA-200911-02 | First vendor Publication | 2009-11-17 |
| Vendor | Gentoo | Last vendor Modification | 2009-11-17 |
| Severity (Vendor) | Normal | Revision | N/A |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 10 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Synopsis Multiple vulnerabilites in the Sun JDK and JRE allow for several attacks, including the remote execution of arbitrary code. Background Description Impact NOTE: Some vulnerabilities require a trusted environment, user interaction, a DNS Man-in-the-Middle or Cross-Site-Scripting attack. Workaround Resolution All Sun JRE 1.6.x users should upgrade to the latest version: All Sun JDK 1.5.x users should upgrade to the latest version: All Sun JDK 1.6.x users should upgrade to the latest version: All users of the precompiled 32bit Sun JRE 1.5.x should upgrade to the latest version: All users of the precompiled 32bit Sun JRE 1.6.x should upgrade to the latest version: All Sun JRE 1.4.x, Sun JDK 1.4.x, Blackdown JRE, Blackdown JDK and precompiled 32bit Sun JRE 1.4.x users are strongly advised to unmerge Java 1.4: Gentoo is ceasing support for the 1.4 generation of the Sun Java Platform in accordance with upstream. All 1.4 JRE and JDK versions are masked and will be removed shortly. References Availability http://security.gentoo.org/glsa/glsa-200911-02.xml |
Original Source
| Url : http://security.gentoo.org/glsa/glsa-200911-02.xml |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 34 % | CWE-264 | Permissions, Privileges, and Access Controls |
| 22 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 13 % | CWE-200 | Information Exposure |
| 7 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
| 4 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
| 4 % | CWE-16 | Configuration |
| 3 % | CWE-399 | Resource Management Errors |
| 3 % | CWE-20 | Improper Input Validation |
| 1 % | CWE-362 | Race Condition |
| 1 % | CWE-310 | Cryptographic Issues |
| 1 % | CWE-295 | Certificate Issues |
| 1 % | CWE-287 | Improper Authentication |
| 1 % | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25) |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:10073 | |||
| Oval ID: | oval:org.mitre.oval:def:10073 | ||
| Title: | Integer overflow in javaws.exe in Sun Java Web Start in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 allows context-dependent attackers to execute arbitrary code via a crafted JPEG image that is not properly handled during display to a splash screen, which triggers a heap-based buffer overflow. | ||
| Description: | Integer overflow in javaws.exe in Sun Java Web Start in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 allows context-dependent attackers to execute arbitrary code via a crafted JPEG image that is not properly handled during display to a splash screen, which triggers a heap-based buffer overflow. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-2674 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:10124 | |||
| Oval ID: | oval:org.mitre.oval:def:10124 | ||
| Title: | Integer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers. | ||
| Description: | Integer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-1095 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:10152 | |||
| Oval ID: | oval:org.mitre.oval:def:10152 | ||
| Title: | Unspecified vulnerability in the lightweight HTTP server implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to cause a denial of service (probably resource consumption) for a JAX-WS service endpoint via a connection without any data, which triggers a file descriptor "leak." | ||
| Description: | Unspecified vulnerability in the lightweight HTTP server implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to cause a denial of service (probably resource consumption) for a JAX-WS service endpoint via a connection without any data, which triggers a file descriptor "leak." | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-1101 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:10191 | |||
| Oval ID: | oval:org.mitre.oval:def:10191 | ||
| Title: | Multiple unspecified vulnerabilities in the Windows Pluggable Look and Feel (PLF) feature in the Swing implementation in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, have unknown impact and remote attack vectors, related to "information leaks in mutable variables," aka Bug Id 6657138. | ||
| Description: | Multiple unspecified vulnerabilities in the Windows Pluggable Look and Feel (PL&F) feature in the Swing implementation in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, have unknown impact and remote attack vectors, related to "information leaks in mutable variables," aka Bug Id 6657138. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-3883 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:10219 | |||
| Oval ID: | oval:org.mitre.oval:def:10219 | ||
| Title: | Unspecified vulnerability in the Virtual Machine in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application or applet that grants itself privileges to (a) read local files, (b) write to local files, or (c) execute local programs. | ||
| Description: | Unspecified vulnerability in the Virtual Machine in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application or applet that grants itself privileges to (a) read local files, (b) write to local files, or (c) execute local programs. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2008-3107 | Version: | 3 |
| Platform(s): | Red Hat Enterprise Linux Extras 4 Red Hat Enterprise Linux Extras 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:10221 | |||
| Oval ID: | oval:org.mitre.oval:def:10221 | ||
| Title: | Sun Java SE 5.0 before Update 20 and 6 before Update 15, and OpenJDK, might allow context-dependent attackers to obtain sensitive information via vectors involving static variables that are declared without the final keyword, related to (1) LayoutQueue, (2) Cursor.predefined, (3) AccessibleResourceBundle.getContents, (4) ImageReaderSpi.STANDARD_INPUT_TYPE, (5) ImageWriterSpi.STANDARD_OUTPUT_TYPE, (6) the imageio plugins, (7) DnsContext.debug, (8) RmfFileReader/StandardMidiFileWriter.types, (9) AbstractSaslImpl.logger, (10) Synth.Region.uiToRegionMap/lowerCaseNameMap, (11) the Introspector class and a cache of BeanInfo, and (12) JAX-WS, a different vulnerability than CVE-2009-2673. | ||
| Description: | Sun Java SE 5.0 before Update 20 and 6 before Update 15, and OpenJDK, might allow context-dependent attackers to obtain sensitive information via vectors involving static variables that are declared without the final keyword, related to (1) LayoutQueue, (2) Cursor.predefined, (3) AccessibleResourceBundle.getContents, (4) ImageReaderSpi.STANDARD_INPUT_TYPE, (5) ImageWriterSpi.STANDARD_OUTPUT_TYPE, (6) the imageio plugins, (7) DnsContext.debug, (8) RmfFileReader/StandardMidiFileWriter.types, (9) AbstractSaslImpl.logger, (10) Synth.Region.uiToRegionMap/lowerCaseNameMap, (11) the Introspector class and a cache of BeanInfo, and (12) JAX-WS, a different vulnerability than CVE-2009-2673. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-2475 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:10263 | |||
| Oval ID: | oval:org.mitre.oval:def:10263 | ||
| Title: | The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to bypass intended access restrictions and connect to arbitrary sites via unspecified vectors, related to a declaration that lacks the final keyword. | ||
| Description: | The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to bypass intended access restrictions and connect to arbitrary sites via unspecified vectors, related to a declaration that lacks the final keyword. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-2673 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:10300 | |||
| Oval ID: | oval:org.mitre.oval:def:10300 | ||
| Title: | Unspecified vulnerability in the Virtual Machine in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to "code generation." | ||
| Description: | Unspecified vulnerability in the Virtual Machine in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to "code generation." | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-1102 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:10328 | |||
| Oval ID: | oval:org.mitre.oval:def:10328 | ||
| Title: | Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consumption) via crafted DER encoded data, which is not properly decoded by the ASN.1 DER input stream parser, aka Bug Id 6864911. | ||
| Description: | Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consumption) via crafted DER encoded data, which is not properly decoded by the ASN.1 DER input stream parser, aka Bug Id 6864911. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-3876 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:10381 | |||
| Oval ID: | oval:org.mitre.oval:def:10381 | ||
| Title: | The Java Management Extensions (JMX) implementation in Sun Java SE 6 before Update 15, and OpenJDK, does not properly enforce OpenType checks, which allows context-dependent attackers to bypass intended access restrictions by leveraging finalizer resurrection to obtain a reference to a privileged object. | ||
| Description: | The Java Management Extensions (JMX) implementation in Sun Java SE 6 before Update 15, and OpenJDK, does not properly enforce OpenType checks, which allows context-dependent attackers to bypass intended access restrictions by leveraging finalizer resurrection to obtain a reference to a privileged object. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-2476 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:10469 | |||
| Oval ID: | oval:org.mitre.oval:def:10469 | ||
| Title: | Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consumption) via crafted HTTP headers, which are not properly parsed by the ASN.1 DER input stream parser, aka Bug Id 6864911. | ||
| Description: | Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consumption) via crafted HTTP headers, which are not properly parsed by the ASN.1 DER input stream parser, aka Bug Id 6864911. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-3877 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:10520 | |||
| Oval ID: | oval:org.mitre.oval:def:10520 | ||
| Title: | Directory traversal vulnerability in the ICC_Profile.getInstance method in Java Runtime Environment (JRE) in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, allows remote attackers to determine the existence of local International Color Consortium (ICC) profile files via a .. (dot dot) in a pathname, aka Bug Id 6631533. | ||
| Description: | Directory traversal vulnerability in the ICC_Profile.getInstance method in Java Runtime Environment (JRE) in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, allows remote attackers to determine the existence of local International Color Consortium (ICC) profile files via a .. (dot dot) in a pathname, aka Bug Id 6631533. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-3728 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:10541 | |||
| Oval ID: | oval:org.mitre.oval:def:10541 | ||
| Title: | Multiple buffer overflows in Sun Java Web Start in JDK and JRE 6 before Update 4, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allow context-dependent attackers to gain privileges via an untrusted application, as demonstrated by (a) an application that grants itself privileges to (1) read local files, (2) write to local files, or (3) execute local programs; and as demonstrated by (b) a long value associated with a java-vm-args attribute in a j2se tag in a JNLP file, which triggers a stack-based buffer overflow in the GetVMArgsOption function; aka CR 6557220. | ||
| Description: | Multiple buffer overflows in Sun Java Web Start in JDK and JRE 6 before Update 4, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allow context-dependent attackers to gain privileges via an untrusted application, as demonstrated by (a) an application that grants itself privileges to (1) read local files, (2) write to local files, or (3) execute local programs; and as demonstrated by (b) a long value associated with a java-vm-args attribute in a j2se tag in a JNLP file, which triggers a stack-based buffer overflow in the GetVMArgsOption function; aka CR 6557220. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2008-3111 | Version: | 3 |
| Platform(s): | Red Hat Enterprise Linux Extras 4 Red Hat Enterprise Linux Extras 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:10734 | |||
| Oval ID: | oval:org.mitre.oval:def:10734 | ||
| Title: | Unspecified vulnerability in scripting language support in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier allows remote attackers to obtain sensitive information by using an applet to read information from another applet. | ||
| Description: | Unspecified vulnerability in scripting language support in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier allows remote attackers to obtain sensitive information by using an applet to read information from another applet. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2008-3110 | Version: | 3 |
| Platform(s): | Red Hat Enterprise Linux Extras 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:10741 | |||
| Oval ID: | oval:org.mitre.oval:def:10741 | ||
| Title: | Stack-based buffer overflow in the setDiffICM function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via a crafted argument, aka Bug Id 6872357. | ||
| Description: | Stack-based buffer overflow in the setDiffICM function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via a crafted argument, aka Bug Id 6872357. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-3869 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:10761 | |||
| Oval ID: | oval:org.mitre.oval:def:10761 | ||
| Title: | The Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, does not properly restrict the objects that may be sent to loggers, which allows attackers to obtain sensitive information via vectors related to the implementation of Component, KeyboardFocusManager, and DefaultKeyboardFocusManager, aka Bug Id 6664512. | ||
| Description: | The Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, does not properly restrict the objects that may be sent to loggers, which allows attackers to obtain sensitive information via vectors related to the implementation of Component, KeyboardFocusManager, and DefaultKeyboardFocusManager, aka Bug Id 6664512. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-3880 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:10840 | |||
| Oval ID: | oval:org.mitre.oval:def:10840 | ||
| Title: | Integer overflow in the unpack200 utility in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows context-dependent attackers to gain privileges via unspecified length fields in the header of a Pack200-compressed JAR file, which leads to a heap-based buffer overflow during decompression. | ||
| Description: | Integer overflow in the unpack200 utility in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows context-dependent attackers to gain privileges via unspecified length fields in the header of a Pack200-compressed JAR file, which leads to a heap-based buffer overflow during decompression. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-2675 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:10866 | |||
| Oval ID: | oval:org.mitre.oval:def:10866 | ||
| Title: | Unspecified vulnerability in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier and JDK and JRE 5.0 Update 15 and earlier allows remote attackers to access URLs via unknown vectors involving processing of XML data by an untrusted (1) application or (2) applet, a different vulnerability than CVE-2008-3105. | ||
| Description: | Unspecified vulnerability in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier and JDK and JRE 5.0 Update 15 and earlier allows remote attackers to access URLs via unknown vectors involving processing of XML data by an untrusted (1) application or (2) applet, a different vulnerability than CVE-2008-3105. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2008-3106 | Version: | 3 |
| Platform(s): | Red Hat Enterprise Linux Extras 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11064 | |||
| Oval ID: | oval:org.mitre.oval:def:11064 | ||
| Title: | Unspecified vulnerability in the LDAP implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier allows remote LDAP servers to execute arbitrary code via unknown vectors related to serialized data. | ||
| Description: | Unspecified vulnerability in the LDAP implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier allows remote LDAP servers to execute arbitrary code via unknown vectors related to serialized data. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-1094 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11115 | |||
| Oval ID: | oval:org.mitre.oval:def:11115 | ||
| Title: | The SOCKS proxy implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to discover the username of the account that invoked an untrusted (1) applet or (2) Java Web Start application via unspecified vectors. | ||
| Description: | The SOCKS proxy implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to discover the username of the account that invoked an untrusted (1) applet or (2) Java Web Start application via unspecified vectors. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-2671 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11241 | |||
| Oval ID: | oval:org.mitre.oval:def:11241 | ||
| Title: | Multiple buffer overflows in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allow remote attackers to access files or execute arbitrary code via (1) a crafted PNG image that triggers an integer overflow during memory allocation for display on the splash screen, aka CR 6804996; and (2) a crafted GIF image from which unspecified values are used in calculation of offsets, leading to object-pointer corruption, aka CR 6804997. | ||
| Description: | Multiple buffer overflows in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allow remote attackers to access files or execute arbitrary code via (1) a crafted PNG image that triggers an integer overflow during memory allocation for display on the splash screen, aka CR 6804996; and (2) a crafted GIF image from which unspecified values are used in calculation of offsets, leading to object-pointer corruption, aka CR 6804997. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-1097 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11274 | |||
| Oval ID: | oval:org.mitre.oval:def:11274 | ||
| Title: | Unspecified vulnerability in the JAX-WS client and service in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier allows remote attackers to access URLs or cause a denial of service via unknown vectors involving "processing of XML data" by a trusted application. | ||
| Description: | Unspecified vulnerability in the JAX-WS client and service in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier allows remote attackers to access URLs or cause a denial of service via unknown vectors involving "processing of XML data" by a trusted application. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2008-3105 | Version: | 3 |
| Platform(s): | Red Hat Enterprise Linux Extras 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11326 | |||
| Oval ID: | oval:org.mitre.oval:def:11326 | ||
| Title: | The audio system in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to java.lang.System properties by (1) untrusted applets and (2) Java Web Start applications, which allows context-dependent attackers to obtain sensitive information by reading these properties. | ||
| Description: | The audio system in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to java.lang.System properties by (1) untrusted applets and (2) Java Web Start applications, which allows context-dependent attackers to obtain sensitive information by reading these properties. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-2670 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11343 | |||
| Oval ID: | oval:org.mitre.oval:def:11343 | ||
| Title: | LdapCtx in the LDAP service in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier does not close the connection when initialization fails, which allows remote attackers to cause a denial of service (LDAP service hang). | ||
| Description: | LdapCtx in the LDAP service in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier does not close the connection when initialization fails, which allows remote attackers to cause a denial of service (LDAP service hang). | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-1093 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11484 | |||
| Oval ID: | oval:org.mitre.oval:def:11484 | ||
| Title: | Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, does not prevent the existence of children of a resurrected ClassLoader, which allows remote attackers to gain privileges via unspecified vectors, related to an "information leak vulnerability," aka Bug Id 6636650. | ||
| Description: | Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, does not prevent the existence of children of a resurrected ClassLoader, which allows remote attackers to gain privileges via unspecified vectors, related to an "information leak vulnerability," aka Bug Id 6636650. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-3881 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11566 | |||
| Oval ID: | oval:org.mitre.oval:def:11566 | ||
| Title: | Integer overflow in the JPEGImageReader implementation in the ImageI/O component in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via large subsample dimensions in a JPEG file that triggers a heap-based buffer overflow, aka Bug Id 6874643. | ||
| Description: | Integer overflow in the JPEGImageReader implementation in the ImageI/O component in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via large subsample dimensions in a JPEG file that triggers a heap-based buffer overflow, aka Bug Id 6874643. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-3874 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11686 | |||
| Oval ID: | oval:org.mitre.oval:def:11686 | ||
| Title: | The TimeZone.getTimeZone method in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, allows remote attackers to determine the existence of local files via vectors related to handling of zoneinfo (aka tz) files, aka Bug Id 6824265. | ||
| Description: | The TimeZone.getTimeZone method in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, allows remote attackers to determine the existence of local files via vectors related to handling of zoneinfo (aka tz) files, aka Bug Id 6824265. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-3884 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11847 | |||
| Oval ID: | oval:org.mitre.oval:def:11847 | ||
| Title: | The MessageDigest.isEqual function in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to spoof HMAC-based digital signatures, and possibly bypass authentication, via unspecified vectors related to "timing attack vulnerabilities," aka Bug Id 6863503. | ||
| Description: | The MessageDigest.isEqual function in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to spoof HMAC-based digital signatures, and possibly bypass authentication, via unspecified vectors related to "timing attack vulnerabilities," aka Bug Id 6863503. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-3875 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13310 | |||
| Oval ID: | oval:org.mitre.oval:def:13310 | ||
| Title: | USN-748-1 -- openjdk-6 vulnerabilities | ||
| Description: | It was discovered that font creation could leak temporary files. If a user were tricked into loading a malicious program or applet, a remote attacker could consume disk space, leading to a denial of service. It was discovered that the lightweight HttpServer did not correctly close files on dataless connections. A remote attacker could send specially crafted requests, leading to a denial of service. Certain 64bit Java actions would crash an application. A local attacker might be able to cause a denial of service. It was discovered that LDAP connections did not close correctly. A remote attacker could send specially crafted requests, leading to a denial of service. Java LDAP routines did not unserialize certain data correctly. A remote attacker could send specially crafted requests that could lead to arbitrary code execution. Java did not correctly check certain JAR headers. If a user or automated system were tricked into processing a malicious JAR file, a remote attacker could crash the application, leading to a denial of service. It was discovered that PNG and GIF decoding in Java could lead to memory corruption. If a user or automated system were tricked into processing a specially crafted image, a remote attacker could crash the application, leading to a denial of service | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-748-1 CVE-2006-2426 CVE-2009-1100 CVE-2009-1101 CVE-2009-1102 CVE-2009-1093 CVE-2009-1094 CVE-2009-1095 CVE-2009-1096 CVE-2009-1097 CVE-2009-1098 | Version: | 5 |
| Platform(s): | Ubuntu 8.10 | Product(s): | openjdk-6 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13408 | |||
| Oval ID: | oval:org.mitre.oval:def:13408 | ||
| Title: | USN-713-1 -- openjdk-6 vulnerabilities | ||
| Description: | It was discovered that Java did not correctly handle untrusted applets. If a user were tricked into running a malicious applet, a remote attacker could gain user privileges, or list directory contents. It was discovered that Kerberos authentication and RSA public key processing were not correctly handled in Java. A remote attacker could exploit these flaws to cause a denial of service. It was discovered that Java accepted UTF-8 encodings that might be handled incorrectly by certain applications. A remote attacker could bypass string filters, possible leading to other exploits. Overflows were discovered in Java JAR processing. If a user or automated system were tricked into processing a malicious JAR file, a remote attacker could crash the application, leading to a denial of service. It was discovered that Java calendar objects were not unserialized safely. If a user or automated system were tricked into processing a specially crafted calendar object, a remote attacker could execute arbitrary code with user privileges. It was discovered that the Java image handling code could lead to memory corruption. If a user or automated system were tricked into processing a specially crafted image, a remote attacker could crash the application, leading to a denial of service. It was discovered that temporary files created by Java had predictable names. If a user or automated system were tricked into processing a specially crafted JAR file, a remote attacker could overwrite sensitive information | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-713-1 CVE-2008-5347 CVE-2008-5350 CVE-2008-5348 CVE-2008-5349 CVE-2008-5351 CVE-2008-5352 CVE-2008-5354 CVE-2008-5353 CVE-2008-5358 CVE-2008-5359 CVE-2008-5360 | Version: | 5 |
| Platform(s): | Ubuntu 8.10 | Product(s): | openjdk-6 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13409 | |||
| Oval ID: | oval:org.mitre.oval:def:13409 | ||
| Title: | USN-830-1 -- openssl vulnerability | ||
| Description: | Dan Kaminsky discovered OpenSSL would still accept certificates with MD2 hash signatures. As a result, an attacker could potentially create a malicious trusted certificate to impersonate another site. This update handles this issue by completely disabling MD2 for certificate validation. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-830-1 CVE-2009-2409 | Version: | 5 |
| Platform(s): | Ubuntu 8.04 Ubuntu 9.04 Ubuntu 6.06 Ubuntu 8.10 | Product(s): | openssl |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13469 | |||
| Oval ID: | oval:org.mitre.oval:def:13469 | ||
| Title: | DSA-1769-1 openjdk-6 -- several | ||
| Description: | Several vulnerabilities have been identified in OpenJDK, an implementation of the Java SE platform. Creation of large, temporary fonts could use up available disk space, leading to a denial of service condition. Several vulnerabilities existed in the embedded LittleCMS library, exploitable through crafted images: a memory leak, resulting in a denial of service condition, heap-based buffer overflows, potentially allowing arbitrary code execution, and a null-pointer dereference, leading to denial of service. The LDAP server implementation did not properly close sockets if an error was encountered, leading to a denial-of-service condition. The LDAP client implementation allowed malicious LDAP servers to execute arbitrary code on the client. The HTTP server implementation contained an unspecified denial of service vulnerability. Several issues in Java Web Start have been addressed. The Debian packages currently do not support Java Web Start, so these issues are not directly exploitable, but the relevant code has been updated nevertheless. For the stable distribution, these problems have been fixed in version 9.1+lenny2. We recommend that you upgrade your openjdk-6 packages. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1769-1 CVE-2006-2426 CVE-2009-0581 CVE-2009-0723 CVE-2009-0733 CVE-2009-0793 CVE-2009-1093 CVE-2009-1094 CVE-2009-1095 CVE-2009-1096 CVE-2009-1097 CVE-2009-1098 CVE-2009-1101 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 5.0 | Product(s): | openjdk-6 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13737 | |||
| Oval ID: | oval:org.mitre.oval:def:13737 | ||
| Title: | DSA-1874-1 nss -- several | ||
| Description: | Several vulnerabilities have been discovered in the Network Security Service libraries. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-2404 Moxie Marlinspike discovered that a buffer overflow in the regular expression parser could lead to the execution of arbitrary code. CVE-2009-2408 Dan Kaminsky discovered that NULL characters in certificate names could lead to man-in-the-middle attacks by tricking the user into accepting a rogue certificate. CVE-2009-2409 Certificates with MD2 hash signatures are no longer accepted since they’re no longer considered cryptographically secure. The old stable distribution doesn’t contain nss. For the stable distribution, these problems have been fixed in version 3.12.3.1-0lenny1. For the unstable distribution, these problems have been fixed in version 3.12.3.1-1. We recommend that you upgrade your nss packages. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1874-1 CVE-2009-2404 CVE-2009-2408 CVE-2009-2409 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 5.0 | Product(s): | nss |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13780 | |||
| Oval ID: | oval:org.mitre.oval:def:13780 | ||
| Title: | USN-810-2 -- nspr update | ||
| Description: | USN-810-1 fixed vulnerabilities in NSS. This update provides the NSPR needed to use the new NSS. Original advisory details: Moxie Marlinspike discovered that NSS did not properly handle regular expressions in certificate names. A remote attacker could create a specially crafted certificate to cause a denial of service or execute arbitrary code as the user invoking the program. Moxie Marlinspike and Dan Kaminsky independently discovered that NSS did not properly handle certificates with NULL characters in the certificate name. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. Dan Kaminsky discovered NSS would still accept certificates with MD2 hash signatures. As a result, an attacker could potentially create a malicious trusted certificate to impersonate another site | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-810-2 CVE-2009-2404 CVE-2009-2408 CVE-2009-2409 | Version: | 5 |
| Platform(s): | Ubuntu 8.10 Ubuntu 8.04 Ubuntu 9.04 | Product(s): | nspr |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13836 | |||
| Oval ID: | oval:org.mitre.oval:def:13836 | ||
| Title: | USN-814-1 -- openjdk-6 vulnerabilities | ||
| Description: | It was discovered that the XML HMAC signature system did not correctly check certain lengths. If an attacker sent a truncated HMAC, it could bypass authentication, leading to potential privilege escalation. It was discovered that certain variables could leak information. If a user were tricked into running a malicious Java applet, a remote attacker could exploit this gain access to private information and potentially run untrusted code. A flaw was discovered the OpenType checking. If a user were tricked into running a malicious Java applet, a remote attacker could bypass access restrictions. It was discovered that the XML processor did not correctly check recursion. If a user or automated system were tricked into processing a specially crafted XML, the system could crash, leading to a denial of service. It was discovered that the Java audio subsystem did not correctly validate certain parameters. If a user were tricked into running an untrusted applet, a remote attacker could read system properties. Multiple flaws were discovered in the proxy subsystem. If a user were tricked into running an untrusted applet, a remote attacker could discover local user names, obtain access to sensitive information, or bypass socket restrictions, leading to a loss of privacy. Flaws were discovered in the handling of JPEG images, Unpack200 archives, and JDK13Services. If a user were tricked into running an untrusted applet, a remote attacker could load a specially crafted file that would bypass local file access protections and run arbitrary code with user privileges | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-814-1 CVE-2009-0217 CVE-2009-1896 CVE-2009-2475 CVE-2009-2690 CVE-2009-2476 CVE-2009-2625 CVE-2009-2670 CVE-2009-2671 CVE-2009-2672 CVE-2009-2673 CVE-2009-2674 CVE-2009-2675 CVE-2009-2676 CVE-2009-2689 | Version: | 5 |
| Platform(s): | Ubuntu 8.10 Ubuntu 9.04 | Product(s): | openjdk-6 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13850 | |||
| Oval ID: | oval:org.mitre.oval:def:13850 | ||
| Title: | USN-810-1 -- nss vulnerabilities | ||
| Description: | Moxie Marlinspike discovered that NSS did not properly handle regular expressions in certificate names. A remote attacker could create a specially crafted certificate to cause a denial of service or execute arbitrary code as the user invoking the program. Moxie Marlinspike and Dan Kaminsky independently discovered that NSS did not properly handle certificates with NULL characters in the certificate name. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. Dan Kaminsky discovered NSS would still accept certificates with MD2 hash signatures. As a result, an attacker could potentially create a malicious trusted certificate to impersonate another site | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-810-1 CVE-2009-2404 CVE-2009-2408 CVE-2009-2409 | Version: | 5 |
| Platform(s): | Ubuntu 8.10 Ubuntu 8.04 Ubuntu 9.04 | Product(s): | nss |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13907 | |||
| Oval ID: | oval:org.mitre.oval:def:13907 | ||
| Title: | USN-859-1 -- openjdk-6 vulnerabilities | ||
| Description: | Dan Kaminsky discovered that SSL certificates signed with MD2 could be spoofed given enough time. As a result, an attacker could potentially create a malicious trusted certificate to impersonate another site. This update handles this issue by completely disabling MD2 for certificate validation in OpenJDK. It was discovered that ICC profiles could be identified with ".." pathnames. If a user were tricked into running a specially crafted applet, a remote attacker could gain information about a local system. Peter Vreugdenhil discovered multiple flaws in the processing of graphics in the AWT library. If a user were tricked into running a specially crafted applet, a remote attacker could crash the application or run arbitrary code with user privileges. Multiple flaws were discovered in JPEG and BMP image handling. If a user were tricked into loading a specially crafted image, a remote attacker could crash the application or run arbitrary code with user privileges. Coda Hale discovered that HMAC-based signatures were not correctly validated. Remote attackers could bypass certain forms of authentication, granting unexpected access. Multiple flaws were discovered in ASN.1 parsing. A remote attacker could send a specially crafted HTTP stream that would exhaust system memory and lead to a denial of service. It was discovered that the graphics configuration subsystem did not correctly handle arrays. If a user were tricked into running a specially crafted applet, a remote attacker could exploit this to crash the application or execute arbitrary code with user privileges. It was discovered that loggers and Swing did not correctly handle certain sensitive objects. If a user were tricked into running a specially crafted applet, private information could be leaked to a remote attacker, leading to a loss of privacy. It was discovered that the ClassLoader did not correctly handle certain options. If a user were tricked into running a specially crafted applet, a remote attacker could execute arbitrary code with user privileges. It was discovered that time zone file loading could be used to determine the existence of files on the local system. If a user were tricked into running a specially crafted applet, private information could be leaked to a remote attacker, leading to a loss of privacy | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-859-1 CVE-2009-2409 CVE-2009-3728 CVE-2009-3869 CVE-2009-3871 CVE-2009-3873 CVE-2009-3874 CVE-2009-3885 CVE-2009-3875 CVE-2009-3876 CVE-2009-3877 CVE-2009-3879 CVE-2009-3880 CVE-2009-3882 CVE-2009-3883 CVE-2009-3881 CVE-2009-3884 | Version: | 5 |
| Platform(s): | Ubuntu 8.10 Ubuntu 9.10 Ubuntu 9.04 | Product(s): | openjdk-6 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21833 | |||
| Oval ID: | oval:org.mitre.oval:def:21833 | ||
| Title: | ELSA-2009:0392: java-1.6.0-sun security update (Critical) | ||
| Description: | The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier, and 5.0 Update 17 and earlier, allows remote attackers to trick a user into trusting a signed applet via unknown vectors that misrepresent the security warning dialog, related to a "Swing JLabel HTML parsing vulnerability," aka CR 6782871. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2009:0392-01 CVE-2006-2426 CVE-2009-1093 CVE-2009-1094 CVE-2009-1095 CVE-2009-1096 CVE-2009-1097 CVE-2009-1098 CVE-2009-1099 CVE-2009-1100 CVE-2009-1101 CVE-2009-1102 CVE-2009-1103 CVE-2009-1104 CVE-2009-1105 CVE-2009-1106 CVE-2009-1107 | Version: | 69 |
| Platform(s): | Oracle Linux 5 | Product(s): | java-1.6.0-sun |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22043 | |||
| Oval ID: | oval:org.mitre.oval:def:22043 | ||
| Title: | ELSA-2009:1201: java-1.6.0-openjdk security and bug fix update (Important) | ||
| Description: | The encoder in Sun Java SE 6 before Update 15, and OpenJDK, grants read access to private variables with unspecified names, which allows context-dependent attackers to obtain sensitive information via an untrusted (1) applet or (2) application. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2009:1201-01 CVE-2009-0217 CVE-2009-2475 CVE-2009-2476 CVE-2009-2625 CVE-2009-2670 CVE-2009-2671 CVE-2009-2672 CVE-2009-2673 CVE-2009-2674 CVE-2009-2675 CVE-2009-2689 CVE-2009-2690 | Version: | 53 |
| Platform(s): | Oracle Linux 5 | Product(s): | java-1.6.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22389 | |||
| Oval ID: | oval:org.mitre.oval:def:22389 | ||
| Title: | ELSA-2008:0594: java-1.6.0-sun security update (Critical) | ||
| Description: | Unspecified vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to obtain sensitive information (the cache location) via an untrusted application, aka CR 6704074. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2008:0594-01 CVE-2008-3103 CVE-2008-3104 CVE-2008-3105 CVE-2008-3106 CVE-2008-3107 CVE-2008-3109 CVE-2008-3110 CVE-2008-3112 CVE-2008-3114 | Version: | 41 |
| Platform(s): | Oracle Linux 5 | Product(s): | java-1.6.0-sun |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22412 | |||
| Oval ID: | oval:org.mitre.oval:def:22412 | ||
| Title: | ELSA-2009:1186: nspr and nss security, bug fix, and enhancement update (Critical) | ||
| Description: | The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2009:1186-01 CVE-2009-2404 CVE-2009-2408 CVE-2009-2409 | Version: | 17 |
| Platform(s): | Oracle Linux 5 | Product(s): | nspr nss |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22640 | |||
| Oval ID: | oval:org.mitre.oval:def:22640 | ||
| Title: | ELSA-2008:0595: java-1.5.0-sun security update (Critical) | ||
| Description: | Unspecified vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to obtain sensitive information (the cache location) via an untrusted application, aka CR 6704074. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2008:0595-01 CVE-2008-3103 CVE-2008-3104 CVE-2008-3107 CVE-2008-3111 CVE-2008-3112 CVE-2008-3113 CVE-2008-3114 | Version: | 33 |
| Platform(s): | Oracle Linux 5 | Product(s): | java-1.5.0-sun |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22657 | |||
| Oval ID: | oval:org.mitre.oval:def:22657 | ||
| Title: | ELSA-2008:0891: java-1.5.0-ibm security update (Moderate) | ||
| Description: | Unspecified vulnerability in the Java Management Extensions (JMX) management agent in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier and JDK and JRE 5.0 Update 15 and earlier, when local monitoring is enabled, allows remote attackers to "perform unauthorized operations" via unspecified vectors. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2008:0891-01 CVE-2008-3103 | Version: | 6 |
| Platform(s): | Oracle Linux 5 | Product(s): | java-1.5.0-ibm |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22708 | |||
| Oval ID: | oval:org.mitre.oval:def:22708 | ||
| Title: | ELSA-2009:0394: java-1.5.0-sun security update (Critical) | ||
| Description: | The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier, and 5.0 Update 17 and earlier, allows remote attackers to trick a user into trusting a signed applet via unknown vectors that misrepresent the security warning dialog, related to a "Swing JLabel HTML parsing vulnerability," aka CR 6782871. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2009:0394-01 CVE-2006-2426 CVE-2009-1093 CVE-2009-1094 CVE-2009-1095 CVE-2009-1096 CVE-2009-1098 CVE-2009-1099 CVE-2009-1100 CVE-2009-1103 CVE-2009-1104 CVE-2009-1107 | Version: | 49 |
| Platform(s): | Oracle Linux 5 | Product(s): | java-1.5.0-sun |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22710 | |||
| Oval ID: | oval:org.mitre.oval:def:22710 | ||
| Title: | ELSA-2009:1236: java-1.5.0-ibm security update (Critical) | ||
| Description: | Integer overflow in the unpack200 utility in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows context-dependent attackers to gain privileges via unspecified length fields in the header of a Pack200-compressed JAR file, which leads to a heap-based buffer overflow during decompression. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2009:1236-01 CVE-2009-2625 CVE-2009-2670 CVE-2009-2671 CVE-2009-2672 CVE-2009-2673 CVE-2009-2675 | Version: | 29 |
| Platform(s): | Oracle Linux 5 | Product(s): | java-1.5.0-ibm |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22711 | |||
| Oval ID: | oval:org.mitre.oval:def:22711 | ||
| Title: | ELSA-2008:0955: java-1.4.2-ibm security update (Critical) | ||
| Description: | Unspecified vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to obtain sensitive information (the cache location) via an untrusted application, aka CR 6704074. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2008:0955-01 CVE-2008-3104 CVE-2008-3112 CVE-2008-3113 CVE-2008-3114 | Version: | 21 |
| Platform(s): | Oracle Linux 5 | Product(s): | java-1.4.2-ibm |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22718 | |||
| Oval ID: | oval:org.mitre.oval:def:22718 | ||
| Title: | ELSA-2009:0377: java-1.6.0-openjdk security update (Important) | ||
| Description: | Unspecified vulnerability in the Virtual Machine in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to "code generation." | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2009:0377-01 CVE-2006-2426 CVE-2009-0581 CVE-2009-0723 CVE-2009-0733 CVE-2009-0793 CVE-2009-1093 CVE-2009-1094 CVE-2009-1095 CVE-2009-1096 CVE-2009-1097 CVE-2009-1098 CVE-2009-1101 CVE-2009-1102 | Version: | 57 |
| Platform(s): | Oracle Linux 5 | Product(s): | java-1.6.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22972 | |||
| Oval ID: | oval:org.mitre.oval:def:22972 | ||
| Title: | ELSA-2009:1643: java-1.4.2-ibm security update (Critical) | ||
| Description: | Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consumption) via crafted HTTP headers, which are not properly parsed by the ASN.1 DER input stream parser, aka Bug Id 6864911. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2009:1643-01 CVE-2009-3867 CVE-2009-3868 CVE-2009-3869 CVE-2009-3871 CVE-2009-3872 CVE-2009-3873 CVE-2009-3874 CVE-2009-3875 CVE-2009-3876 CVE-2009-3877 | Version: | 45 |
| Platform(s): | Oracle Linux 5 | Product(s): | java-1.4.2-ibm |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22974 | |||
| Oval ID: | oval:org.mitre.oval:def:22974 | ||
| Title: | ELSA-2009:1582: java-1.6.0-ibm security update (Critical) | ||
| Description: | Unspecified vulnerability in JNLPAppletlauncher in Sun Java SE, and SE for Business, in JDK and JRE 6 Update 14 and earlier and JDK and JRE 5.0 Update 19 and earlier; and Java SE for Business in SDK and JRE 1.4.2_21 and earlier; allows remote attackers to create or modify arbitrary files via vectors involving an untrusted Java applet that accesses an old version of JNLPAppletLauncher. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2009:1582-01 CVE-2009-2625 CVE-2009-2670 CVE-2009-2671 CVE-2009-2672 CVE-2009-2673 CVE-2009-2674 CVE-2009-2675 CVE-2009-2676 | Version: | 37 |
| Platform(s): | Oracle Linux 5 | Product(s): | java-1.6.0-ibm |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:25180 | |||
| Oval ID: | oval:org.mitre.oval:def:25180 | ||
| Title: | Vulnerability in OpenSSL 0.9.8 through 0.9.8k, might allow remote attackers to spoof certificates | ||
| Description: | The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-2409 | Version: | 4 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | OpenSSL |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:28253 | |||
| Oval ID: | oval:org.mitre.oval:def:28253 | ||
| Title: | DEPRECATED: ELSA-2010-0054 -- openssl security update (moderate) | ||
| Description: | [0.9.8e-12.1] - fix CVE-2009-2409 - drop MD2 algorithm from EVP tables (#510197) - fix CVE-2009-4355 - do not leak memory when CRYPTO_cleanup_all_ex_data() is called prematurely by application (#546707) | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2010-0054 CVE-2009-4355 CVE-2009-2409 | Version: | 4 |
| Platform(s): | Oracle Linux 5 | Product(s): | openssl |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:28898 | |||
| Oval ID: | oval:org.mitre.oval:def:28898 | ||
| Title: | RHSA-2009:1584 -- java-1.6.0-openjdk security update (Important) | ||
| Description: | Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. The Java Runtime Environment (JRE) contains the software and tools that users need to run applications written using the Java programming language. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2009:1584 CESA-2009:1584-CentOS 5 CVE-2009-2409 CVE-2009-3728 CVE-2009-3869 CVE-2009-3871 CVE-2009-3873 CVE-2009-3874 CVE-2009-3875 CVE-2009-3876 CVE-2009-3877 CVE-2009-3879 CVE-2009-3880 CVE-2009-3881 CVE-2009-3882 CVE-2009-3883 CVE-2009-3884 | Version: | 3 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | java-1.6.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:29071 | |||
| Oval ID: | oval:org.mitre.oval:def:29071 | ||
| Title: | USN-810-3 -- NSS regression | ||
| Description: | USN-810-1 fixed vulnerabilities in NSS. Jozsef Kadlecsik noticed that the new libraries on amd64 did not correctly set stack memory flags, and caused applications using NSS (e.g. Firefox) to have an executable stack. This reduced the effectiveness of some defensive security protections. This update fixes the problem. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-810-3 CVE-2009-2404 CVE-2009-2408 CVE-2009-2409 | Version: | 3 |
| Platform(s): | Ubuntu 9.04 Ubuntu 8.10 Ubuntu 8.04 | Product(s): | nss |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:29169 | |||
| Oval ID: | oval:org.mitre.oval:def:29169 | ||
| Title: | RHSA-2009:1186 -- nspr and nss security, bug fix, and enhancement update (Critical) | ||
| Description: | Updated nspr and nss packages that fix security issues, bugs, and add an enhancement are now available for Red Hat Enterprise Linux 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2009:1186 CVE-2009-2404 CVE-2009-2408 CVE-2009-2409 | Version: | 3 |
| Platform(s): | Red Hat Enterprise Linux 5 | Product(s): | nspr nss |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:29205 | |||
| Oval ID: | oval:org.mitre.oval:def:29205 | ||
| Title: | RHSA-2009:1201 -- java-1.6.0-openjdk security and bug fix update (Important) | ||
| Description: | Updated java-1.6.0-openjdk packages that fix several security issues and a bug are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. The Java Runtime Environment (JRE) contains the software and tools that users need to run applications written using the Java programming language. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2009:1201 CESA-2009:1201-CentOS 5 CVE-2009-0217 CVE-2009-2475 CVE-2009-2476 CVE-2009-2625 CVE-2009-2670 CVE-2009-2671 CVE-2009-2672 CVE-2009-2673 CVE-2009-2674 CVE-2009-2675 CVE-2009-2689 CVE-2009-2690 | Version: | 3 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | java-1.6.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:29277 | |||
| Oval ID: | oval:org.mitre.oval:def:29277 | ||
| Title: | RHSA-2009:0377 -- java-1.6.0-openjdk security update (Important) | ||
| Description: | Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. The Java Runtime Environment (JRE) contains the software and tools that users need to run applications written using the Java programming language. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2009:0377 CESA-2009:0377-CentOS 5 CVE-2006-2426 CVE-2009-0581 CVE-2009-0723 CVE-2009-0733 CVE-2009-0793 CVE-2009-1093 CVE-2009-1094 CVE-2009-1095 CVE-2009-1096 CVE-2009-1097 CVE-2009-1098 CVE-2009-1101 CVE-2009-1102 | Version: | 3 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | java-1.6.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:5601 | |||
| Oval ID: | oval:org.mitre.oval:def:5601 | ||
| Title: | Java Web Start Bugs Let Remote Users Read/Write Files, Execute Arbitrary Code, and Establish Network Connections | ||
| Description: | Sun Java Web Start and Java Plug-in for JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allow remote attackers to execute arbitrary code via a crafted jnlp file that modifies the (1) java.home, (2) java.ext.dirs, or (3) user.home System Properties, aka "Java Web Start File Inclusion" and CR 6694892. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2008-2086 | Version: | 1 |
| Platform(s): | VMWare ESX Server 3.5 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:5633 | |||
| Oval ID: | oval:org.mitre.oval:def:5633 | ||
| Title: | Sun Java Runtime Environment JAX-WS and JAXB Lets Remote Applets Gain Elevated Privileges | ||
| Description: | Multiple unspecified vulnerabilities in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier allow untrusted applets and applications to gain privileges via vectors related to access to inner classes in the (1) JAX-WS and (2) JAXB packages. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2008-5347 | Version: | 1 |
| Platform(s): | VMWare ESX Server 3.5 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:5664 | |||
| Oval ID: | oval:org.mitre.oval:def:5664 | ||
| Title: | Sun Java Runtime Environment Java Update Fails to Validate Digital Signatures | ||
| Description: | The "Java Update" feature for Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier does not verify the signature of the JRE that is downloaded, which allows remote attackers to execute arbitrary code via DNS man-in-the-middle attacks. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2008-5355 | Version: | 1 |
| Platform(s): | VMWare ESX Server 3.5 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:5726 | |||
| Oval ID: | oval:org.mitre.oval:def:5726 | ||
| Title: | Integer signedness error in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) | ||
| Description: | Integer signedness error in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via crafted glyph descriptions in a Type1 font, which bypasses a signed comparison and triggers a buffer overflow. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-1099 | Version: | 3 |
| Platform(s): | VMWare ESX Server 3.5 VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:5841 | |||
| Oval ID: | oval:org.mitre.oval:def:5841 | ||
| Title: | Sun Java Runtime Environment image processing code buffer overflow | ||
| Description: | Buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier might allow remote attackers to execute arbitrary code, related to a ConvolveOp operation in the Java AWT library. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2008-5359 | Version: | 1 |
| Platform(s): | VMWare ESX Server 3.5 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:5843 | |||
| Oval ID: | oval:org.mitre.oval:def:5843 | ||
| Title: | Sun Java Runtime Environment RSA Public Key Processing Bug Lets Remote Users Deny Service | ||
| Description: | Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows remote attackers to cause a denial of service (CPU consumption) via a crafted RSA public key. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2008-5349 | Version: | 1 |
| Platform(s): | VMWare ESX Server 3.5 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:5924 | |||
| Oval ID: | oval:org.mitre.oval:def:5924 | ||
| Title: | Sun Java Web Start and Java Plug-in JAR File Privilege Escalation Vulnerability | ||
| Description: | Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows remote attackers to make unauthorized network connections and hijack HTTP sessions via a crafted file that validates as both a GIF and a Java JAR file, aka "GIFAR" and CR 6707535. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2008-5343 | Version: | 1 |
| Platform(s): | VMWare ESX Server 3.5 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:6008 | |||
| Oval ID: | oval:org.mitre.oval:def:6008 | ||
| Title: | Buffer Overflow Vulnerabilities in the Java Runtime Environment (JRE) with Processing Image Files and Fonts may Allow Privileges to be Escalated | ||
| Description: | Buffer overflow in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files or execute arbitrary code via a crafted GIF image, aka CR 6804998. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-1098 | Version: | 3 |
| Platform(s): | VMWare ESX Server 3.5 VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:6059 | |||
| Oval ID: | oval:org.mitre.oval:def:6059 | ||
| Title: | Sun Java Runtime Environment (JRE) Lets Remote Users Access 'localhost' | ||
| Description: | Unspecified vulnerability in Java Runtime Environment (JRE) with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier allows code that is loaded from a local filesystem to read arbitrary files and make unauthorized connections to localhost via unknown vectors. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2008-5345 | Version: | 1 |
| Platform(s): | VMWare ESX Server 3.5 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:6212 | |||
| Oval ID: | oval:org.mitre.oval:def:6212 | ||
| Title: | Java Runtime Environment UTF-8 Decoding Bug May Let Users Bypass Access Restrictions | ||
| Description: | Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier accepts UTF-8 encodings that are not the "shortest" form, which makes it easier for attackers to bypass protection mechanisms for other applications that rely on shortest-form UTF-8 encodings. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2008-5351 | Version: | 1 |
| Platform(s): | VMWare ESX Server 3.5 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:6224 | |||
| Oval ID: | oval:org.mitre.oval:def:6224 | ||
| Title: | Java Runtime Environment (JRE) Flaws in Storing and Processing Temporary Font Files Let Remote Users Deny Service | ||
| Description: | Multiple unspecified vulnerabilities in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allow remote attackers to cause a denial of service (disk consumption) via vectors related to temporary font files and (1) "limits on Font creation," aka CR 6522586, and (2) another unspecified vector, aka CR 6632886. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-1100 | Version: | 3 |
| Platform(s): | VMWare ESX Server 3.5 VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:6249 | |||
| Oval ID: | oval:org.mitre.oval:def:6249 | ||
| Title: | Sun Java Web Start and Java Plug-in applet class security bypass | ||
| Description: | Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted applets to read arbitrary files and make unauthorized network connections via unknown vectors related to applet classloading, aka 6716217. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2008-5344 | Version: | 1 |
| Platform(s): | VMWare ESX Server 3.5 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:6288 | |||
| Oval ID: | oval:org.mitre.oval:def:6288 | ||
| Title: | Java Runtime Environment (JRE) Buffer Overflow in Processing Image Files and Fonts Lets Remote Users Gain Privileges on the Target System | ||
| Description: | Multiple buffer overflows in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allow remote attackers to access files or execute arbitrary code via (1) a crafted PNG image that triggers an integer overflow during memory allocation for display on the splash screen, aka CR 6804996; and (2) a crafted GIF image from which unspecified values are used in calculation of offsets, leading to object-pointer corruption, aka CR 6804997. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-1097 | Version: | 3 |
| Platform(s): | VMWare ESX Server 3.5 VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:6319 | |||
| Oval ID: | oval:org.mitre.oval:def:6319 | ||
| Title: | Sun Java Runtime Environment GIF images code execution | ||
| Description: | Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier might allow remote attackers to execute arbitrary code via a crafted GIF file that triggers memory corruption during display of the splash screen, possibly related to splashscreen.dll. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2008-5358 | Version: | 1 |
| Platform(s): | VMWare ESX Server 3.5 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:6359 | |||
| Oval ID: | oval:org.mitre.oval:def:6359 | ||
| Title: | Unspecified vulnerability in the BasicService for Java Web Start (JWS) and Java Plug-in | ||
| Description: | Unspecified vulnerability in the BasicService for Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted downloaded applications to cause local files to be displayed in the browser of the user of the untrusted application via unknown vectors, aka 6767668. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2008-5342 | Version: | 3 |
| Platform(s): | VMWare ESX Server 3.5 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:6383 | |||
| Oval ID: | oval:org.mitre.oval:def:6383 | ||
| Title: | Sun Java Runtime Environment Buffer Overflow in unpack200 Utility Lets Remote Users Execute Arbitrary Code | ||
| Description: | Integer overflow in the JAR unpacking utility (unpack200) in the unpack library (unpack.dll) in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows untrusted applications and applets to gain privileges via a Pack200 compressed JAR file that triggers a heap-based buffer overflow. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2008-5352 | Version: | 1 |
| Platform(s): | VMWare ESX Server 3.5 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:6409 | |||
| Oval ID: | oval:org.mitre.oval:def:6409 | ||
| Title: | Multiple Security Vulnerabilities in Java Web Start and Java Plug-in May Allow Privilege Escalation | ||
| Description: | Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted JWS applications to perform network connections to unauthorized hosts via unknown vectors, aka CR 6727079. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2008-5339 | Version: | 1 |
| Platform(s): | VMWare ESX Server 3.5 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:6412 | |||
| Oval ID: | oval:org.mitre.oval:def:6412 | ||
| Title: | Java Runtime Environment (JRE) HTTP Server Bug Lets Remote Users Deny Service | ||
| Description: | Unspecified vulnerability in the lightweight HTTP server implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to cause a denial of service (probably resource consumption) for a JAX-WS service endpoint via a connection without any data, which triggers a file descriptor "leak." | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-1101 | Version: | 3 |
| Platform(s): | VMWare ESX Server 3.5 VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:6424 | |||
| Oval ID: | oval:org.mitre.oval:def:6424 | ||
| Title: | Sun Java Runtime Environment Lets Remote Users View Directory Contents | ||
| Description: | Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted applications and applets to list the contents of the operating user's directory via unknown vectors. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2008-5350 | Version: | 1 |
| Platform(s): | VMWare ESX Server 3.5 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:6494 | |||
| Oval ID: | oval:org.mitre.oval:def:6494 | ||
| Title: | Sun Java Runtime Environment TrueType font buffer overflow | ||
| Description: | Heap-based buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier might allow remote attackers to execute arbitrary code via a crafted TrueType font file. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2008-5356 | Version: | 1 |
| Platform(s): | VMWare ESX Server 3.5 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:6505 | |||
| Oval ID: | oval:org.mitre.oval:def:6505 | ||
| Title: | Sun Java Runtime Environment TrueType font integer overflow | ||
| Description: | Integer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier might allow remote attackers to execute arbitrary code via a crafted TrueType font file, which triggers a heap-based buffer overflow. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2008-5357 | Version: | 1 |
| Platform(s): | VMWare ESX Server 3.5 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:6511 | |||
| Oval ID: | oval:org.mitre.oval:def:6511 | ||
| Title: | Sun Java Runtime Environment 'Calendar.readObject' Bug Lets Remote Applets Gain Elevated Privileges | ||
| Description: | The Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier does not properly enforce context of ZoneInfo objects during deserialization, which allows remote attackers to run untrusted applets and applications in a privileged context, as demonstrated by "deserializing Calendar objects". | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2008-5353 | Version: | 1 |
| Platform(s): | VMWare ESX Server 3.5 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:6529 | |||
| Oval ID: | oval:org.mitre.oval:def:6529 | ||
| Title: | Java Runtime Environment (JRE) Buffer Overflow in Processing Image Files and Fonts Lets Remote Users Gain Privileges on the Target System | ||
| Description: | Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows untrusted JWS applications to obtain the pathname of the JWS cache and the application username via unknown vectors, aka CR 6727071. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2008-5341 | Version: | 1 |
| Platform(s): | VMWare ESX Server 3.5 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:6537 | |||
| Oval ID: | oval:org.mitre.oval:def:6537 | ||
| Title: | Sun Java Runtime Environment JAR Main-Class manifest entry buffer overflow | ||
| Description: | Stack-based buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows locally-launched and possibly remote untrusted Java applications to execute arbitrary code via a JAR file with a long Main-Class manifest entry. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2008-5354 | Version: | 1 |
| Platform(s): | VMWare ESX Server 3.5 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:6542 | |||
| Oval ID: | oval:org.mitre.oval:def:6542 | ||
| Title: | Java Plug-in Bugs Lets Remote Users Gain Privileges | ||
| Description: | Unspecified vulnerability in the Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to "deserializing applets," aka CR 6646860. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-1103 | Version: | 3 |
| Platform(s): | VMWare ESX Server 3.5 VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:6549 | |||
| Oval ID: | oval:org.mitre.oval:def:6549 | ||
| Title: | Sun Java Runtime Environment and Java Development Kit Multiple Security Vulnerabilities | ||
| Description: | Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier, when using Kerberos authentication, allows remote attackers to cause a denial of service (OS resource consumption) via unknown vectors. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2008-5348 | Version: | 1 |
| Platform(s): | VMWare ESX Server 3.5 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:6584 | |||
| Oval ID: | oval:org.mitre.oval:def:6584 | ||
| Title: | Sun Java Runtime Environment Java Plug-in Javascript code unauthorized access | ||
| Description: | The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; and 1.4.2_19 and earlier does not prevent Javascript that is loaded from the localhost from connecting to other ports on the system, which allows user-assisted attackers to bypass intended access restrictions via LiveConnect, aka CR 6724331. NOTE: this vulnerability can be leveraged with separate cross-site scripting (XSS) vulnerabilities for remote attack vectors. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-1104 | Version: | 3 |
| Platform(s): | VMWare ESX Server 3.5 VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:6585 | |||
| Oval ID: | oval:org.mitre.oval:def:6585 | ||
| Title: | Sun Java Runtime Environment Java Plug-in signed applet unauthorized access | ||
| Description: | The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier, and 5.0 Update 17 and earlier, allows remote attackers to trick a user into trusting a signed applet via unknown vectors that misrepresent the security warning dialog, related to a "Swing JLabel HTML parsing vulnerability," aka CR 6782871. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-1107 | Version: | 3 |
| Platform(s): | VMWare ESX Server 3.5 VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:6596 | |||
| Oval ID: | oval:org.mitre.oval:def:6596 | ||
| Title: | Sun Java Runtime Environment temporary files weak security | ||
| Description: | Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier creates temporary files with predictable file names, which allows attackers to write malicious JAR files via unknown vectors. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2008-5360 | Version: | 1 |
| Platform(s): | VMWare ESX Server 3.5 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:6598 | |||
| Oval ID: | oval:org.mitre.oval:def:6598 | ||
| Title: | Sun Java Runtime Environment and Java Development Kit Multiple Security Vulnerabilities | ||
| Description: | Unspecified vulnerability in the LDAP implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier allows remote LDAP servers to execute arbitrary code via unknown vectors related to serialized data. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-1094 | Version: | 3 |
| Platform(s): | VMWare ESX Server 3.5 VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:6619 | |||
| Oval ID: | oval:org.mitre.oval:def:6619 | ||
| Title: | Sun Java Runtime Environment Java Plug-in crossdomain.xml information disclosure | ||
| Description: | The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12, 11, and 10 does not properly parse crossdomain.xml files, which allows remote attackers to bypass intended access restrictions and connect to arbitrary sites via unknown vectors, aka CR 6798948. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-1106 | Version: | 3 |
| Platform(s): | VMWare ESX Server 3.5 VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:6627 | |||
| Oval ID: | oval:org.mitre.oval:def:6627 | ||
| Title: | Sun Java Multiple Code Execution and Security Bypass Vulnerabilities | ||
| Description: | Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted JWS applications to gain privileges to access local files or applications via unknown vectors, aka 6727081. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2008-5340 | Version: | 1 |
| Platform(s): | VMWare ESX Server 3.5 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:6629 | |||
| Oval ID: | oval:org.mitre.oval:def:6629 | ||
| Title: | Sun Java Runtime Environment zip File Processing Bug Lets Remote Users Read Memory Locations | ||
| Description: | Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 or earlier allows untrusted applets and applications to read arbitrary memory via a crafted ZIP file. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2008-5346 | Version: | 1 |
| Platform(s): | VMWare ESX Server 3.5 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:6631 | |||
| Oval ID: | oval:org.mitre.oval:def:6631 | ||
| Title: | Network Security Services Library Supports Certificates With Weak MD2 Hash Signatures | ||
| Description: | The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-2409 | Version: | 5 |
| Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:6635 | |||
| Oval ID: | oval:org.mitre.oval:def:6635 | ||
| Title: | Sun Java Privilege Escalation in the Java Web Start Installer | ||
| Description: | The Java Web Start Installer in Sun Java SE in JDK and JRE 6 before Update 17 does not properly use security model permissions when removing installer extensions, which allows remote attackers to execute arbitrary code by modifying a certain JNLP file to have a URL field that points to an unintended trusted application, aka Bug Id 6872824. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-3866 | Version: | 5 |
| Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:6642 | |||
| Oval ID: | oval:org.mitre.oval:def:6642 | ||
| Title: | Sun Java Runtime Environment Java Plug-in weak security | ||
| Description: | The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12, 11, and 10 allows user-assisted remote attackers to cause a trusted applet to run in an older JRE version, which can be used to exploit vulnerabilities in that older version, aka CR 6706490. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-1105 | Version: | 3 |
| Platform(s): | VMWare ESX Server 3.5 VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:6643 | |||
| Oval ID: | oval:org.mitre.oval:def:6643 | ||
| Title: | Java Runtime Environment Buffer Overflows in unpack200 Utility Lets Remote Users Execute Arbitrary Code | ||
| Description: | Integer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-1095 | Version: | 3 |
| Platform(s): | VMWare ESX Server 3.5 VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:6657 | |||
| Oval ID: | oval:org.mitre.oval:def:6657 | ||
| Title: | OpenJDK ICC_Profile File Existence Detection Information Leak | ||
| Description: | Directory traversal vulnerability in the ICC_Profile.getInstance method in Java Runtime Environment (JRE) in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, allows remote attackers to determine the existence of local International Color Consortium (ICC) profile files via a .. (dot dot) in a pathname, aka Bug Id 6631533. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-3728 | Version: | 5 |
| Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:6659 | |||
| Oval ID: | oval:org.mitre.oval:def:6659 | ||
| Title: | Integer and Buffer Overflow Vulnerabilities in the Java Runtime Environment (JRE) "unpack200" JAR Unpacking Utility May Lead to Escalation of Privileges | ||
| Description: | Buffer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-1096 | Version: | 3 |
| Platform(s): | VMWare ESX Server 3.5 VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:6676 | |||
| Oval ID: | oval:org.mitre.oval:def:6676 | ||
| Title: | Java Runtime Environment LDAP Implementation Bugs Lets Remote Users Deny Service and Execute Arbitrary Code | ||
| Description: | LdapCtx in the LDAP service in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier does not close the connection when initialization fails, which allows remote attackers to cause a denial of service (LDAP service hang). | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-1093 | Version: | 3 |
| Platform(s): | VMWare ESX Server 3.5 VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:6698 | |||
| Oval ID: | oval:org.mitre.oval:def:6698 | ||
| Title: | OpenJDK JRE AWT setBytePixels Heap Overflow Vulnerability | ||
| Description: | Heap-based buffer overflow in the setBytePixels function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via crafted arguments, aka Bug Id 6872358. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-3871 | Version: | 5 |
| Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:6722 | |||
| Oval ID: | oval:org.mitre.oval:def:6722 | ||
| Title: | Java Runtime Environment (JRE) Virtual Machine Lets Remote Users Read/Write Files and Execute Local Applications | ||
| Description: | Unspecified vulnerability in the Virtual Machine in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to "code generation." | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-1102 | Version: | 3 |
| Platform(s): | VMWare ESX Server 3.5 VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:6746 | |||
| Oval ID: | oval:org.mitre.oval:def:6746 | ||
| Title: | Sun Java Stack-based Buffer Overflow via a Long File: URL Argument | ||
| Description: | Stack-based buffer overflow in the HsbParser.getSoundBank function in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via a long file: URL in an argument, aka Bug Id 6854303. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-3867 | Version: | 5 |
| Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:6786 | |||
| Oval ID: | oval:org.mitre.oval:def:6786 | ||
| Title: | Sun Java Privilege Escalation via Crafted Image File Due Improper Color Profiles Parsing | ||
| Description: | Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 does not properly parse color profiles, which allows remote attackers to gain privileges via a crafted image file, aka Bug Id 6862970. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-3868 | Version: | 5 |
| Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:6794 | |||
| Oval ID: | oval:org.mitre.oval:def:6794 | ||
| Title: | Java Web Start Improper Handling of Signed JAR Files | ||
| Description: | The Java Web Start implementation in Sun Java SE 6 before Update 17 does not properly handle the interaction between a signed JAR file and a JNLP (1) application or (2) applet, which has unspecified impact and attack vectors, related to a "regression," aka Bug Id 6870531. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-3886 | Version: | 5 |
| Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:6805 | |||
| Oval ID: | oval:org.mitre.oval:def:6805 | ||
| Title: | OpenJDK ASN.1/DER Input Stream Parser Denial of Service via Crafted DER Encoded Data | ||
| Description: | Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consumption) via crafted DER encoded data, which is not properly decoded by the ASN.1 DER input stream parser, aka Bug Id 6864911. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-3876 | Version: | 5 |
| Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:6906 | |||
| Oval ID: | oval:org.mitre.oval:def:6906 | ||
| Title: | OpenJDK Resurrected Classloaders Can Still Have Children | ||
| Description: | Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, does not prevent the existence of children of a resurrected ClassLoader, which allows remote attackers to gain privileges via unspecified vectors, related to an "information leak vulnerability," aka Bug Id 6636650. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-3881 | Version: | 5 |
| Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:6960 | |||
| Oval ID: | oval:org.mitre.oval:def:6960 | ||
| Title: | OpenJDK Zoneinfo File Existence Information Leak | ||
| Description: | The TimeZone.getTimeZone method in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, allows remote attackers to determine the existence of local files via vectors related to handling of zoneinfo (aka tz) files, aka Bug Id 6824265. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-3884 | Version: | 5 |
| Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:6963 | |||
| Oval ID: | oval:org.mitre.oval:def:6963 | ||
| Title: | JRE JPEG JFIF Decoder Vulnerability | ||
| Description: | Unspecified vulnerability in the JPEG JFIF Decoder in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to gain privileges via a crafted image file, aka Bug Id 6862969. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-3872 | Version: | 5 |
| Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:6968 | |||
| Oval ID: | oval:org.mitre.oval:def:6968 | ||
| Title: | OpenJDK Information Leaks in Mutable Variables | ||
| Description: | Multiple unspecified vulnerabilities in the Windows Pluggable Look and Feel (PL&F) feature in the Swing implementation in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, have unknown impact and remote attack vectors, related to "information leaks in mutable variables," aka Bug Id 6657138. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-3883 | Version: | 5 |
| Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:6970 | |||
| Oval ID: | oval:org.mitre.oval:def:6970 | ||
| Title: | OpenJDK JPEG Image Writer quantization problem | ||
| Description: | The JPEG Image Writer in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to gain privileges via a crafted image file, related to a "quantization problem," aka Bug Id 6862968. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-3873 | Version: | 5 |
| Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:7148 | |||
| Oval ID: | oval:org.mitre.oval:def:7148 | ||
| Title: | OpenJDK ASN.1/DER Input Stream Parser Denial of Service via Crafted HTTP Headers | ||
| Description: | Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consumption) via crafted HTTP headers, which are not properly parsed by the ASN.1 DER input stream parser, aka Bug Id 6864911. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-3877 | Version: | 5 |
| Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:7155 | |||
| Oval ID: | oval:org.mitre.oval:def:7155 | ||
| Title: | VMware ESX, Service Console update for OpenSSL, GnuTLS, NSS and NSPR. | ||
| Description: | The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-2409 | Version: | 5 |
| Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:7300 | |||
| Oval ID: | oval:org.mitre.oval:def:7300 | ||
| Title: | OpenJDK Information Leaks in Mutable Variables | ||
| Description: | Multiple unspecified vulnerabilities in the Swing implementation in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, have unknown impact and remote attack vectors, related to "information leaks in mutable variables," aka Bug Id 6657026. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-3882 | Version: | 5 |
| Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:7316 | |||
| Oval ID: | oval:org.mitre.oval:def:7316 | ||
| Title: | OpenJDK UI Logging Information Leakage | ||
| Description: | The Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, does not properly restrict the objects that may be sent to loggers, which allows attackers to obtain sensitive information via vectors related to the implementation of Component, KeyboardFocusManager, and DefaultKeyboardFocusManager, aka Bug Id 6664512. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-3880 | Version: | 5 |
| Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:7400 | |||
| Oval ID: | oval:org.mitre.oval:def:7400 | ||
| Title: | OpenJDK JRE AWT setDifflCM Stack Overflow Vulnerability | ||
| Description: | Stack-based buffer overflow in the setDiffICM function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via a crafted argument, aka Bug Id 6872357. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-3869 | Version: | 5 |
| Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:7442 | |||
| Oval ID: | oval:org.mitre.oval:def:7442 | ||
| Title: | OpenJDK ImageI/O JPEG Heap Overflow Vulnerability | ||
| Description: | Integer overflow in the JPEGImageReader implementation in the ImageI/O component in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via large subsample dimensions in a JPEG file that triggers a heap-based buffer overflow, aka Bug Id 6874643. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-3874 | Version: | 5 |
| Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:7537 | |||
| Oval ID: | oval:org.mitre.oval:def:7537 | ||
| Title: | JRE TrueType Font Parsing Crash | ||
| Description: | Unspecified vulnerability in the TrueType font parsing functionality in Sun Java SE 5.0 before Update 22 and 6 before Update 17 allows remote attackers to cause a denial of service (application crash) via a certain test suite, aka Bug Id 6815780. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-3729 | Version: | 5 |
| Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:7545 | |||
| Oval ID: | oval:org.mitre.oval:def:7545 | ||
| Title: | OpenJDK GraphicsConfiguration Information Leak | ||
| Description: | Multiple unspecified vulnerabilities in the (1) X11 and (2) Win32GraphicsDevice subsystems in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, have unknown impact and attack vectors, related to failure to clone arrays that are returned by the getConfigurations function, aka Bug Id 6822057. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-3879 | Version: | 5 |
| Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:7549 | |||
| Oval ID: | oval:org.mitre.oval:def:7549 | ||
| Title: | OpenJDK MessageDigest.isEqual Introduces Timing Attack Vulnerabilities | ||
| Description: | The MessageDigest.isEqual function in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to spoof HMAC-based digital signatures, and possibly bypass authentication, via unspecified vectors related to "timing attack vulnerabilities," aka Bug Id 6863503. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-3875 | Version: | 5 |
| Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:7562 | |||
| Oval ID: | oval:org.mitre.oval:def:7562 | ||
| Title: | Sun Java Arbitrary Command Execution in JRE Deployment Toolkit | ||
| Description: | The launch method in the Deployment Toolkit plugin in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 6 before Update 17 allows remote attackers to execute arbitrary commands via a crafted web page, aka Bug Id 6869752. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-3865 | Version: | 5 |
| Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:8037 | |||
| Oval ID: | oval:org.mitre.oval:def:8037 | ||
| Title: | DSA-1769 openjdk-6 -- several vulnerabilities | ||
| Description: | Several vulnerabilities have been identified in OpenJDK, an implementation of the Java SE platform. Creation of large, temporary fonts could use up available disk space, leading to a denial of service condition. Several vulnerabilities existed in the embedded LittleCMS library, exploitable through crafted images: a memory leak, resulting in a denial of service condition (CVE-2009-0581), heap-based buffer overflows, potentially allowing arbitrary code execution (CVE-2009-0723, CVE-2009-0733), and a null-pointer dereference, leading to denial of service (CVE-2009-0793). The LDAP server implementation (in com.sun.jdni.ldap) did not properly close sockets if an error was encountered, leading to a denial-of-service condition. The LDAP client implementation (in com.sun.jdni.ldap) allowed malicious LDAP servers to execute arbitrary code on the client. The HTTP server implementation (sun.net.httpserver) contained an unspecified denial of service vulnerability. Several issues in Java Web Start have been addressed. The Debian packages currently do not support Java Web Start, so these issues are not directly exploitable, but the relevant code has been updated | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1769 CVE-2006-2426 CVE-2009-0581 CVE-2009-0723 CVE-2009-0733 CVE-2009-0793 CVE-2009-1093 CVE-2009-1094 CVE-2009-1095 CVE-2009-1096 CVE-2009-1097 CVE-2009-1098 CVE-2009-1101 | Version: | 3 |
| Platform(s): | Debian GNU/Linux 5.0 | Product(s): | openjdk-6 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:8111 | |||
| Oval ID: | oval:org.mitre.oval:def:8111 | ||
| Title: | DSA-1874 nss -- several vulnerabilities | ||
| Description: | Several vulnerabilities have been discovered in the Network Security Service libraries. The Common Vulnerabilities and Exposures project identifies the following problems: Moxie Marlinspike discovered that a buffer overflow in the regular expression parser could lead to the execution of arbitrary code. Dan Kaminsky discovered that NULL characters in certificate names could lead to man-in-the-middle attacks by tricking the user into accepting a rogue certificate. Certificates with MD2 hash signatures are no longer accepted since they're no longer considered cryptographically secure. The old stable distribution (etch) doesn't contain nss. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1874 CVE-2009-2404 CVE-2009-2408 CVE-2009-2409 | Version: | 3 |
| Platform(s): | Debian GNU/Linux 5.0 | Product(s): | nss |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:8540 | |||
| Oval ID: | oval:org.mitre.oval:def:8540 | ||
| Title: | Unspecified vulnerability in scripting language support in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier allows context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application or applet that grants itself privileges to (a) read local files, (b) write to local files, or (c) execute local programs. | ||
| Description: | Unspecified vulnerability in scripting language support in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier allows context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application or applet that grants itself privileges to (a) read local files, (b) write to local files, or (c) execute local programs. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2008-3109 | Version: | 3 |
| Platform(s): | Red Hat Enterprise Linux Extras 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:8594 | |||
| Oval ID: | oval:org.mitre.oval:def:8594 | ||
| Title: | VMware Network Security Services (NSS) certificate spoofing vulnerability by using MD2 design flaw | ||
| Description: | The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-2409 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:8841 | |||
| Oval ID: | oval:org.mitre.oval:def:8841 | ||
| Title: | Multiple unspecified vulnerabilities in the Swing implementation in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, have unknown impact and remote attack vectors, related to "information leaks in mutable variables," aka Bug Id 6657026. | ||
| Description: | Multiple unspecified vulnerabilities in the Swing implementation in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, have unknown impact and remote attack vectors, related to "information leaks in mutable variables," aka Bug Id 6657026. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-3882 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:8844 | |||
| Oval ID: | oval:org.mitre.oval:def:8844 | ||
| Title: | Buffer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers. | ||
| Description: | Buffer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-1096 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:9359 | |||
| Oval ID: | oval:org.mitre.oval:def:9359 | ||
| Title: | The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to browser cookies by untrusted (1) applets and (2) Java Web Start applications, which allows remote attackers to hijack web sessions via unspecified vectors. | ||
| Description: | The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to browser cookies by untrusted (1) applets and (2) Java Web Start applications, which allows remote attackers to hijack web sessions via unspecified vectors. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-2672 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:9360 | |||
| Oval ID: | oval:org.mitre.oval:def:9360 | ||
| Title: | Heap-based buffer overflow in the setBytePixels function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via crafted arguments, aka Bug Id 6872358. | ||
| Description: | Heap-based buffer overflow in the setBytePixels function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via crafted arguments, aka Bug Id 6872358. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-3871 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:9443 | |||
| Oval ID: | oval:org.mitre.oval:def:9443 | ||
| Title: | The encoder in Sun Java SE 6 before Update 15, and OpenJDK, grants read access to private variables with unspecified names, which allows context-dependent attackers to obtain sensitive information via an untrusted (1) applet or (2) application. | ||
| Description: | The encoder in Sun Java SE 6 before Update 15, and OpenJDK, grants read access to private variables with unspecified names, which allows context-dependent attackers to obtain sensitive information via an untrusted (1) applet or (2) application. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-2690 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:9568 | |||
| Oval ID: | oval:org.mitre.oval:def:9568 | ||
| Title: | Multiple unspecified vulnerabilities in the (1) X11 and (2) Win32GraphicsDevice subsystems in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, have unknown impact and attack vectors, related to failure to clone arrays that are returned by the getConfigurations function, aka Bug Id 6822057. | ||
| Description: | Multiple unspecified vulnerabilities in the (1) X11 and (2) Win32GraphicsDevice subsystems in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, have unknown impact and attack vectors, related to failure to clone arrays that are returned by the getConfigurations function, aka Bug Id 6822057. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-3879 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:9602 | |||
| Oval ID: | oval:org.mitre.oval:def:9602 | ||
| Title: | The JPEG Image Writer in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to gain privileges via a crafted image file, related to a "quantization problem," aka Bug Id 6862968. | ||
| Description: | The JPEG Image Writer in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to gain privileges via a crafted image file, related to a "quantization problem," aka Bug Id 6862968. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-3873 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:9603 | |||
| Oval ID: | oval:org.mitre.oval:def:9603 | ||
| Title: | JDK13Services.getProviders in Sun Java SE 5.0 before Update 20 and 6 before Update 15, and OpenJDK, grants full privileges to instances of unspecified object types, which allows context-dependent attackers to bypass intended access restrictions via an untrusted (1) applet or (2) application. | ||
| Description: | JDK13Services.getProviders in Sun Java SE 5.0 before Update 20 and 6 before Update 15, and OpenJDK, grants full privileges to instances of unspecified object types, which allows context-dependent attackers to bypass intended access restrictions via an untrusted (1) applet or (2) application. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-2689 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:9956 | |||
| Oval ID: | oval:org.mitre.oval:def:9956 | ||
| Title: | Buffer overflow in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files or execute arbitrary code via a crafted GIF image, aka CR 6804998. | ||
| Description: | Buffer overflow in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files or execute arbitrary code via a crafted GIF image, aka CR 6804998. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-1098 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
SAINT Exploits
| Description | Link |
|---|---|
| Sun Java Web Start JNLP file j2se element heap-size buffer overflow | More info here |
| Java Runtime Environment HsbParser.getSoundBank Stack Buffer Overflow | More info here |
| Java Runtime Environment AWT setDiffICM buffer overflow | More info here |
| Java Runtime Environment JAR manifest Main Class buffer overflow | More info here |
ExploitDB Exploits
| id | Description |
|---|---|
| 2011-01-08 | Signed Applet Social Engineering Code Exec |
| 2010-09-20 | Sun Java JRE AWT setDiffICM Buffer Overflow |
| 2010-09-20 | Sun Java JRE getSoundbank file:// URI Buffer Overflow |
| 2010-09-20 | Sun Java Calendar Deserialization Exploit |
| 2008-12-03 | Sun Java Runtime and Development Kit <= 6 update 10 Calendar Deserializati... |
| 2009-05-20 | Mac OS X Java applet Remote Deserialization Remote PoC (updated) |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2012-04-16 | Name : VMSA-2010-0009: ESXi utilities and ESX Service Console third party updates File : nvt/gb_VMSA-2010-0009.nasl |
| 2011-08-09 | Name : CentOS Update for java CESA-2009:0377 centos5 i386 File : nvt/gb_CESA-2009_0377_java_centos5_i386.nasl |
| 2011-08-09 | Name : CentOS Update for java CESA-2009:1201 centos5 i386 File : nvt/gb_CESA-2009_1201_java_centos5_i386.nasl |
| 2011-08-09 | Name : CentOS Update for seamonkey CESA-2009:1432 centos3 i386 File : nvt/gb_CESA-2009_1432_seamonkey_centos3_i386.nasl |
| 2011-08-09 | Name : CentOS Update for java CESA-2009:1584 centos5 i386 File : nvt/gb_CESA-2009_1584_java_centos5_i386.nasl |
| 2011-08-09 | Name : CentOS Update for openssl CESA-2010:0054 centos5 i386 File : nvt/gb_CESA-2010_0054_openssl_centos5_i386.nasl |
| 2011-08-09 | Name : CentOS Update for gnutls CESA-2010:0166 centos5 i386 File : nvt/gb_CESA-2010_0166_gnutls_centos5_i386.nasl |
| 2010-05-28 | Name : Java for Mac OS X 10.5 Update 2 File : nvt/macosx_java_for_10_5_upd_2.nasl |
| 2010-05-28 | Name : Java for Mac OS X 10.5 Update 3 File : nvt/macosx_java_for_10_5_upd_3.nasl |
| 2010-05-28 | Name : Java for Mac OS X 10.5 Update 4 File : nvt/macosx_java_for_10_5_upd_4.nasl |
| 2010-05-28 | Name : Java for Mac OS X 10.5 Update 5 File : nvt/macosx_java_for_10_5_upd_5.nasl |
| 2010-05-28 | Name : Java for Mac OS X 10.5 Update 6 File : nvt/macosx_java_for_10_5_upd_6.nasl |
| 2010-05-28 | Name : Java for Mac OS X 10.6 Update 1 File : nvt/macosx_java_for_10_6_upd_1.nasl |
| 2010-05-28 | Name : Java for Mac OS X 10.6 Update 2 File : nvt/macosx_java_for_10_6_upd_2.nasl |
| 2010-05-12 | Name : Mac OS X 10.6.2 Update / Mac OS X Security Update 2009-006 File : nvt/macosx_upd_10_6_2_secupd_2009-006.nasl |
| 2010-04-30 | Name : Mandriva Update for java-1.6.0-openjdk MDVSA-2010:084 (java-1.6.0-openjdk) File : nvt/gb_mandriva_MDVSA_2010_084.nasl |
| 2010-03-31 | Name : CentOS Update for openssl CESA-2010:0163 centos3 i386 File : nvt/gb_CESA-2010_0163_openssl_centos3_i386.nasl |
| 2010-03-31 | Name : CentOS Update for openssl CESA-2010:0163 centos4 i386 File : nvt/gb_CESA-2010_0163_openssl_centos4_i386.nasl |
| 2010-03-31 | Name : RedHat Update for openssl RHSA-2010:0163-01 File : nvt/gb_RHSA-2010_0163-01_openssl.nasl |
| 2010-03-31 | Name : RedHat Update for gnutls RHSA-2010:0166-01 File : nvt/gb_RHSA-2010_0166-01_gnutls.nasl |
| 2010-03-02 | Name : Mandriva Update for x11-driver-video-ati MDVA-2010:084 (x11-driver-video-ati) File : nvt/gb_mandriva_MDVA_2010_084.nasl |
| 2010-02-15 | Name : HP-UX Update for Java HPSBUX02503 File : nvt/gb_hp_ux_HPSBUX02503.nasl |
| 2010-01-20 | Name : RedHat Update for openssl RHSA-2010:0054-01 File : nvt/gb_RHSA-2010_0054-01_openssl.nasl |
| 2009-12-30 | Name : RedHat Security Advisory RHSA-2009:1694 File : nvt/RHSA_2009_1694.nasl |
| 2009-12-14 | Name : RedHat Security Advisory RHSA-2009:1643 File : nvt/RHSA_2009_1643.nasl |
| 2009-12-14 | Name : RedHat Security Advisory RHSA-2009:1647 File : nvt/RHSA_2009_1647.nasl |
| 2009-12-14 | Name : Gentoo Security Advisory GLSA 200912-01 (openssl) File : nvt/glsa_200912_01.nasl |
| 2009-12-10 | Name : Mandriva Security Advisory MDVSA-2009:197-3 (nss) File : nvt/mdksa_2009_197_3.nasl |
| 2009-12-10 | Name : Mandriva Security Advisory MDVSA-2009:310 (openssl) File : nvt/mdksa_2009_310.nasl |
| 2009-12-03 | Name : SLES10: Security update for IBM Java 1.4.2 File : nvt/sles10_java-1_4_2-ibm4.nasl |
| 2009-12-03 | Name : SLES11: Security update for IBM Java 1.4.2 File : nvt/sles11_java-1_4_2-ibm1.nasl |
| 2009-12-03 | Name : SLES9: Security update for IBM Java2 and SDK File : nvt/sles9p5063230.nasl |
| 2009-11-23 | Name : Debian Security Advisory DSA 1935-1 (gnutls13 gnutls26) File : nvt/deb_1935_1.nasl |
| 2009-11-23 | Name : Gentoo Security Advisory GLSA 200911-02 (sun-jre-bin sun-jdk emul-linux-x86-j... File : nvt/glsa_200911_02.nasl |
| 2009-11-23 | Name : CentOS Security Advisory CESA-2009:1584 (java-1.6.0-openjdk) File : nvt/ovcesa2009_1584.nasl |
| 2009-11-23 | Name : Sun Java SE Multiple Vulnerabilities - Nov09 (Win) File : nvt/secpod_sun_java_se_mult_vuln_nov09_win.nasl |
| 2009-11-23 | Name : SuSE Security Advisory SUSE-SA:2009:058 (java-1_6_0-sun) File : nvt/suse_sa_2009_058.nasl |
| 2009-11-17 | Name : RedHat Security Advisory RHSA-2009:1571 File : nvt/RHSA_2009_1571.nasl |
| 2009-11-17 | Name : RedHat Security Advisory RHSA-2009:1582 File : nvt/RHSA_2009_1582.nasl |
| 2009-11-17 | Name : RedHat Security Advisory RHSA-2009:1584 File : nvt/RHSA_2009_1584.nasl |
| 2009-11-17 | Name : Fedora Core 11 FEDORA-2009-11486 (java-1.6.0-openjdk) File : nvt/fcore_2009_11486.nasl |
| 2009-11-17 | Name : Fedora Core 12 FEDORA-2009-11489 (java-1.6.0-openjdk) File : nvt/fcore_2009_11489.nasl |
| 2009-11-17 | Name : Fedora Core 10 FEDORA-2009-11490 (java-1.6.0-openjdk) File : nvt/fcore_2009_11490.nasl |
| 2009-11-13 | Name : Sun Java JRE Remote Code Execution Vulnerability (Linux) File : nvt/gb_sun_java_jre_code_exe_vuln_lin.nasl |
| 2009-11-13 | Name : Sun Java JRE Remote Code Execution Vulnerability (Win) File : nvt/gb_sun_java_jre_code_exe_vuln_win.nasl |
| 2009-11-13 | Name : Sun Java JDK/JRE Multiple Vulnerabilities - Nov09 (Linux) File : nvt/gb_sun_java_jre_mult_vuln_nov09_lin.nasl |
| 2009-11-13 | Name : Sun Java JDK/JRE Multiple Vulnerabilities - Nov09 (Win) File : nvt/gb_sun_java_jre_mult_vuln_nov09_win.nasl |
| 2009-11-11 | Name : RedHat Security Advisory RHSA-2009:1560 File : nvt/RHSA_2009_1560.nasl |
| 2009-11-11 | Name : SLES11: Security update for IBM Java 1.6.0 File : nvt/sles11_java-1_6_0-ibm1.nasl |
| 2009-10-27 | Name : SuSE Security Summary SUSE-SR:2009:017 File : nvt/suse_sr_2009_017.nasl |
| 2009-10-19 | Name : RedHat Security Advisory RHSA-2009:1505 File : nvt/RHSA_2009_1505.nasl |
| 2009-10-19 | Name : SuSE Security Summary SUSE-SR:2009:016 File : nvt/suse_sr_2009_016.nasl |
| 2009-10-13 | Name : Mandrake Security Advisory MDVSA-2009:258 (openssl) File : nvt/mdksa_2009_258.nasl |
| 2009-10-13 | Name : SLES10: Security update for IBM Java 1.4.2 File : nvt/sles10_java-1_4_2-ibm.nasl |
| 2009-10-13 | Name : SLES10: Security update for IBM Java 1.4.2 File : nvt/sles10_java-1_4_2-ibm0.nasl |
| 2009-10-13 | Name : SLES10: Security update for IBM Java File : nvt/sles10_java-1_4_2-ibm2.nasl |
| 2009-10-13 | Name : SLES10: Security update for Sun Java 1.4.2 File : nvt/sles10_java-1_4_2-sun.nasl |
| 2009-10-13 | Name : SLES10: Security update for Java 1.4.2 File : nvt/sles10_java-1_4_2-sun0.nasl |
| 2009-10-13 | Name : SLES10: Security update for IBM Java 5 File : nvt/sles10_java-1_5_0-ibm.nasl |
| 2009-10-13 | Name : SLES10: Security update for IBM Java 5 File : nvt/sles10_java-1_5_0-ibm1.nasl |
| 2009-10-13 | Name : SLES10: Security update for IBM Java 1.5.0 File : nvt/sles10_java-1_5_0-ibm2.nasl |
| 2009-10-13 | Name : SLES10: Security update for IBM Java 1.5 File : nvt/sles10_java-1_5_0-ibm3.nasl |
| 2009-10-11 | Name : SLES11: Security update for IBM Java 1.4.2 File : nvt/sles11_java-1_4_2-ibm.nasl |
| 2009-10-11 | Name : SLES11: Security update for IBM Java 1.4.2 File : nvt/sles11_java-1_4_2-ibm0.nasl |
| 2009-10-11 | Name : SLES11: Security update for IBM Java 1.6.0 File : nvt/sles11_java-1_6_0-ibm.nasl |
| 2009-10-11 | Name : SLES11: Security update for IBM Java 1.6.0 File : nvt/sles11_java-1_6_0-ibm0.nasl |
| 2009-10-10 | Name : SLES9: Security update for Java2 File : nvt/sles9p5033740.nasl |
| 2009-10-10 | Name : SLES9: Security update for IBM Java5 JRE and IBMJava5 SDK File : nvt/sles9p5034680.nasl |
| 2009-10-10 | Name : SLES9: Security update for IBM Java 5 File : nvt/sles9p5035420.nasl |
| 2009-10-10 | Name : SLES9: Security update for IBMJava5 JRE and IBMJava5 SDK File : nvt/sles9p5037140.nasl |
| 2009-10-10 | Name : SLES9: Security update for IBM Java2 JRE and SDK File : nvt/sles9p5039700.nasl |
| 2009-10-10 | Name : SLES9: Security update for Sun Java File : nvt/sles9p5040565.nasl |
| 2009-10-10 | Name : SLES9: Security update for IBM Java5 JRE and SDK File : nvt/sles9p5041763.nasl |
| 2009-10-10 | Name : SLES9: Security update for IBM Java2 JRE and SDK File : nvt/sles9p5046860.nasl |
| 2009-10-10 | Name : SLES9: Security update for IBM Java 5 JRE and IBM Java 5 SDK File : nvt/sles9p5050060.nasl |
| 2009-10-10 | Name : SLES9: Security update for IBM Java2 JRE and SDK File : nvt/sles9p5059500.nasl |
| 2009-09-28 | Name : Mandrake Security Advisory MDVSA-2009:237 (openssl) File : nvt/mdksa_2009_237.nasl |
| 2009-09-28 | Name : Mandrake Security Advisory MDVSA-2009:238 (openssl) File : nvt/mdksa_2009_238.nasl |
| 2009-09-28 | Name : Mandrake Security Advisory MDVSA-2009:239 (openssl) File : nvt/mdksa_2009_239.nasl |
| 2009-09-21 | Name : Debian Security Advisory DSA 1888-1 (openssl, openssl097) File : nvt/deb_1888_1.nasl |
| 2009-09-15 | Name : RedHat Security Advisory RHSA-2009:1432 File : nvt/RHSA_2009_1432.nasl |
| 2009-09-15 | Name : Mandrake Security Advisory MDVSA-2009:197-2 (nss) File : nvt/mdksa_2009_197_2.nasl |
| 2009-09-15 | Name : CentOS Security Advisory CESA-2009:1432 (seamonkey) File : nvt/ovcesa2009_1432.nasl |
| 2009-09-15 | Name : Ubuntu USN-830-1 (openssl) File : nvt/ubuntu_830_1.nasl |
| 2009-09-02 | Name : RedHat Security Advisory RHSA-2009:1236 File : nvt/RHSA_2009_1236.nasl |
| 2009-09-02 | Name : Debian Security Advisory DSA 1874-1 (nss) File : nvt/deb_1874_1.nasl |
| 2009-09-02 | Name : Mandrake Security Advisory MDVSA-2009:209 (java-1.6.0-openjdk) File : nvt/mdksa_2009_209.nasl |
| 2009-09-02 | Name : Mandrake Security Advisory MDVSA-2009:216 (mozilla-thunderbird) File : nvt/mdksa_2009_216.nasl |
| 2009-09-02 | Name : Ubuntu USN-809-1 (gnutls26) File : nvt/ubuntu_809_1.nasl |
| 2009-08-24 | Name : Sun Java SE Multiple Unspecified Vulnerabilities File : nvt/secpod_sun_java_se_mult_unspecified_vuln.nasl |
| 2009-08-24 | Name : Unsafe Interaction In Sun Java SE Abstract Window Toolkit (Linux) File : nvt/secpod_sun_java_se_unsafe_interaction_lin.nasl |
| 2009-08-20 | Name : Sun Java JDK/JRE JPEG Images Integer Overflow Vulnerability - Aug09 File : nvt/gb_sun_java_jre_int_overflow_vuln_aug09.nasl |
| 2009-08-20 | Name : Sun Java JDK/JRE Multiple Vulnerabilities - Aug09 File : nvt/gb_sun_java_jre_mult_vuln_aug09.nasl |
| 2009-08-20 | Name : Sun Java SE Unspecified Vulnerability In JDK/JRE/SDK - Aug09 File : nvt/gb_sun_java_se_unspecified_vuln_aug09.nasl |
| 2009-08-17 | Name : RedHat Security Advisory RHSA-2009:1184 File : nvt/RHSA_2009_1184.nasl |
| 2009-08-17 | Name : RedHat Security Advisory RHSA-2009:1186 File : nvt/RHSA_2009_1186.nasl |
| 2009-08-17 | Name : RedHat Security Advisory RHSA-2009:1190 File : nvt/RHSA_2009_1190.nasl |
| 2009-08-17 | Name : RedHat Security Advisory RHSA-2009:1198 File : nvt/RHSA_2009_1198.nasl |
| 2009-08-17 | Name : RedHat Security Advisory RHSA-2009:1199 File : nvt/RHSA_2009_1199.nasl |
| 2009-08-17 | Name : RedHat Security Advisory RHSA-2009:1200 File : nvt/RHSA_2009_1200.nasl |
| 2009-08-17 | Name : RedHat Security Advisory RHSA-2009:1201 File : nvt/RHSA_2009_1201.nasl |
| 2009-08-17 | Name : RedHat Security Advisory RHSA-2009:1207 File : nvt/RHSA_2009_1207.nasl |
| 2009-08-17 | Name : Fedora Core 11 FEDORA-2009-8329 (java-1.6.0-openjdk) File : nvt/fcore_2009_8329.nasl |
| 2009-08-17 | Name : Fedora Core 10 FEDORA-2009-8337 (java-1.6.0-openjdk) File : nvt/fcore_2009_8337.nasl |
| 2009-08-17 | Name : Mandrake Security Advisory MDVSA-2009:162 (java-1.6.0-openjdk) File : nvt/mdksa_2009_162.nasl |
| 2009-08-17 | Name : Mandrake Security Advisory MDVSA-2009:197 (nss) File : nvt/mdksa_2009_197.nasl |
| 2009-08-17 | Name : CentOS Security Advisory CESA-2009:1201 (java-1.6.0-openjdk) File : nvt/ovcesa2009_1201.nasl |
| 2009-08-17 | Name : SuSE Security Advisory SUSE-SA:2009:043 (java-1_5_0-sun,java-1_6_0-sun) File : nvt/suse_sa_2009_043.nasl |
| 2009-08-17 | Name : Ubuntu USN-810-1 (nss) File : nvt/ubuntu_810_1.nasl |
| 2009-08-17 | Name : Ubuntu USN-810-2 (fixed) File : nvt/ubuntu_810_2.nasl |
| 2009-08-17 | Name : Ubuntu USN-814-1 (openjdk-6) File : nvt/ubuntu_814_1.nasl |
| 2009-08-05 | Name : Firefox SSL Server Spoofing Vulnerability (Win) File : nvt/gb_firefox_ssl_spoof_vuln_win.nasl |
| 2009-08-05 | Name : OpenSSL/GnuTLS SSL Server Spoofing Vulnerability (Win) File : nvt/gb_openssl_n_gnutls_ssl_spoof_vuln_win.nasl |
| 2009-06-23 | Name : Mandrake Security Advisory MDVSA-2009:137 (java-1.6.0-openjdk) File : nvt/mdksa_2009_137.nasl |
| 2009-06-15 | Name : SuSE Security Summary SUSE-SR:2009:011 File : nvt/suse_sr_2009_011.nasl |
| 2009-06-05 | Name : Ubuntu USN-743-1 (gs-gpl) File : nvt/ubuntu_743_1.nasl |
| 2009-06-05 | Name : Ubuntu USN-744-1 (lcms) File : nvt/ubuntu_744_1.nasl |
| 2009-06-01 | Name : HP-UX Update for Java HPSBUX02429 File : nvt/gb_hp_ux_HPSBUX02429.nasl |
| 2009-05-20 | Name : RedHat Security Advisory RHSA-2009:1038 File : nvt/RHSA_2009_1038.nasl |
| 2009-05-20 | Name : SuSE Security Summary SUSE-SR:2009:010 File : nvt/suse_sr_2009_010.nasl |
| 2009-05-05 | Name : HP-UX Update for Java HPSBUX02411 File : nvt/gb_hp_ux_HPSBUX02411.nasl |
| 2009-04-28 | Name : RedHat Security Advisory RHSA-2009:0445 File : nvt/RHSA_2009_0445.nasl |
| 2009-04-23 | Name : Sun Java JRE Multiple Vulnerabilities (Linux) File : nvt/gb_sun_java_jre_dos_vuln_lin.nasl |
| 2009-04-23 | Name : Sun Java JDK/JRE Multiple Vulnerabilities (Win) File : nvt/gb_sun_java_jre_dos_vuln_win.nasl |
| 2009-04-15 | Name : RedHat Security Advisory RHSA-2009:0377 File : nvt/RHSA_2009_0377.nasl |
| 2009-04-15 | Name : Debian Security Advisory DSA 1769-1 (openjdk-6) File : nvt/deb_1769_1.nasl |
| 2009-04-15 | Name : CentOS Security Advisory CESA-2009:0377 (java-1.6.0-openjdk) File : nvt/ovcesa2009_0377.nasl |
| 2009-04-06 | Name : SuSE Security Advisory SUSE-SA:2009:016 (Sun Java 5 and 6) File : nvt/suse_sa_2009_016.nasl |
| 2009-04-06 | Name : Ubuntu USN-746-1 (xine-lib) File : nvt/ubuntu_746_1.nasl |
| 2009-04-06 | Name : Ubuntu USN-747-1 (icu) File : nvt/ubuntu_747_1.nasl |
| 2009-04-06 | Name : Ubuntu USN-748-1 (openjdk-6) File : nvt/ubuntu_748_1.nasl |
| 2009-03-31 | Name : RedHat Security Advisory RHSA-2009:0369 File : nvt/RHSA_2009_0369.nasl |
| 2009-03-31 | Name : RedHat Security Advisory RHSA-2009:0392 File : nvt/RHSA_2009_0392.nasl |
| 2009-03-31 | Name : RedHat Security Advisory RHSA-2009:0394 File : nvt/RHSA_2009_0394.nasl |
| 2009-03-13 | Name : SuSE Security Summary SUSE-SR:2009:006 File : nvt/suse_sr_2009_006.nasl |
| 2009-03-13 | Name : Ubuntu USN-731-1 (apache2) File : nvt/ubuntu_731_1.nasl |
| 2009-03-13 | Name : Ubuntu USN-732-1 (dash) File : nvt/ubuntu_732_1.nasl |
| 2009-02-16 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2008-10860 File : nvt/gb_fedora_2008_10860_java-1.6.0-openjdk_fc9.nasl |
| 2009-02-16 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2008-10913 File : nvt/gb_fedora_2008_10913_java-1.6.0-openjdk_fc10.nasl |
| 2009-02-02 | Name : Ubuntu USN-710-1 (xine-lib) File : nvt/ubuntu_710_1.nasl |
| 2009-02-02 | Name : Ubuntu USN-711-1 (ktorrent) File : nvt/ubuntu_711_1.nasl |
| 2009-02-02 | Name : Ubuntu USN-712-1 (vim) File : nvt/ubuntu_712_1.nasl |
| 2009-02-02 | Name : Ubuntu USN-713-1 (openjdk-6) File : nvt/ubuntu_713_1.nasl |
| 2009-01-23 | Name : SuSE Update for Sun Java security update SUSE-SA:2008:042 File : nvt/gb_suse_2008_042.nasl |
| 2009-01-23 | Name : SuSE Update for java-1_5_0-ibm,IBMJava5 SUSE-SA:2008:045 File : nvt/gb_suse_2008_045.nasl |
| 2009-01-20 | Name : RedHat Security Advisory RHSA-2009:0015 File : nvt/RHSA_2009_0015.nasl |
| 2009-01-20 | Name : RedHat Security Advisory RHSA-2009:0016 File : nvt/RHSA_2009_0016.nasl |
| 2009-01-13 | Name : SuSE Security Advisory SUSE-SA:2009:001 (Sun Java) File : nvt/suse_sa_2009_001.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 59924 | Sun Java SE TrueType Font Parsing Unspecified Remote DoS |
| 59923 | Sun Java SE Java Web Start Implementation Signed JAR File JNLP Application / ... |
| 59922 | Sun Java SE X11 / Win32GraphicsDevice Subsystems getConfigurations Function C... |
| 59921 | Sun Java SE JRE Abstract Window Toolkit (AWT) Logger Object Restriction Infor... |
| 59920 | Sun Java SE TimeZone.getTimeZone Method tz File Handling Local File Enumeration |
| 59918 | Sun Java SE JRE ICC_Profile.getInstance Method Traversal Arbitrary ICC Profil... |
| 59917 | Sun Java SE Resurrected ClassLoader Children Handling Unspecified Remote Priv... |
| 59916 | Sun Java SE Swing Implementation Mutable Variable Leak Unspecified Issues |
| 59915 | Sun Java SE Swing Implementation Windows Pluggable Look and Feel (PL&F) M... |
| 59717 | Sun Java JDK / JRE Deployment Toolkit Web Page Handling Unspecified Arbitrary... |
| 59716 | Sun Java JDK / JRE Web Start Crafted Installer Extension JNLP Handling Truste... |
| 59714 | Sun Java JDK / JRE JPEG Image Writer Unspecified Overflow (6862968) |
| 59713 | Sun Java JDK / JRE JPEG JFIF Decoder Unspecified Overflow (6862969) |
| 59712 | Sun Java JDK / JRE Color Profile Handling Unspecified Overflow (6862970) |
| 59711 | Sun Java JDK / JRE HsbParser.getSoundBank Function file:// URI Parsing Overflow |
| 59710 | Sun Java JDK / JRE AWT setDifflCM Library Function Overflow |
| 59709 | Sun Java JDK / JRE AWT setBytePixels Library Function Overflow |
| 59708 | Sun Java JDK / JRE JPEGImageReader Subsample Dimension Handling Overflow |
| 59707 | Sun Java JDK / JRE MessageDigest.isEqual Function HMAC Digest Signature Forge... |
| 59706 | Sun Java JDK / JRE HTTP Header Parsing Unspecified Memory Exhaustion DoS |
| 59705 | Sun Java JDK / JRE DER Encoded Data Decoding Unspecified Memory Exhaustion DoS |
| 57431 | Sun Java JDK / JRE JNLPAppletlauncher Unspecified Arbitrary File Manipulation |
| 56968 | Sun Java SE Encoder Unspecified Private Variable Information Disclosure |
| 56967 | Sun Java SE JDK13Services.getProviders Untrusted Resource Restriction Bypass |
| 56966 | Sun Java SE Java Management Extensions (JMX) Implementation OpenType Check Ac... |
| 56965 | Sun Java SE Multiple Static Variables Final Keyword Declaration Information D... |
| 56964 | Sun Java SE Abstract Window Toolkit (AWT) Window Border Distance Rendering We... |
| 56962 | Sun Java SE Web Start Implementation JNLP File Handling DoS |
| 56961 | Sun Java SE Plugin Functionality Version Selection Weakness |
| 56959 | Sun Java SE Swing Implementation javax.swing.plaf.synth.SynthContext.isSubreg... |
| 56958 | Sun Java SE Provider Class Multiple Unspecified Issues (6406003) |
| 56957 | Sun Java SE Provider Class Multiple Unspecified Issues (6429594) |
| 56956 | Sun Java SE Provider Class Deserialization Unspecified Issue |
| 56955 | Sun Java SE java.lang Package Reflection Check Race Condition |
| 56788 | Sun Java JDK / JRE Audio System Unauthorized java.lang.System Properties Access |
| 56787 | Sun Java JDK / JRE WebStart (javaws.exe) JPEG Decompression Overflow |
| 56786 | Sun Java JDK / JRE Pack200 JAR File Decoding Inner Class Count Overflow |
| 56785 | Sun Java JDK / JRE Proxy Mechanism Implementation Arbitrary Host Connection |
| 56784 | Sun Java JDK / JRE Proxy Mechanism Implementation Unauthorized Browser Cookie... |
| 56783 | Sun Java JDK / JRE SOCKS Proxy Implementation Applet Process Owner Disclosure |
| 56752 | Network Security Services (NSS) Library X.509 Certificate MD2 Hash Collision ... |
| 53178 | Sun Java JDK / JRE Java Plug-in Swing JLabel HTML Parsing Signed Applet Trust... |
| 53177 | Sun Java JDK / JRE Java Plug-in crossdomain.xml Parsing Restriction Bypass |
| 53176 | Sun Java JDK / JRE Java Plug-in Applet Execution Version Regression Weakness |
| 53175 | Sun Java JDK / JRE Java Plug-in LiveConnect Localhost Restriction Bypass |
| 53174 | Sun Java JDK / JRE Java Plug-in Deserializing Applets Unspecified Remote Priv... |
| 53173 | Sun Java JDK / JRE Virtual Machine Code Generation Unspecified Remote Privile... |
| 53172 | Sun Java JDK / JRE Lightweight HTTP Server Implementation JAX-WS Service Endp... |
| 53171 | Sun Java JDK / JRE Temporary Font File Unspecified Disk Consumption DoS (6632... |
| 53170 | Sun Java JDK / JRE Temporary Font File Creation Limit Unspecified Disk Consum... |
| 53169 | Sun Java JDK / JRE Type1 Font Glyph Description Handling Overflow |
| 53168 | Sun Java JDK / JRE GIF Image Handling Overflows |
| 53167 | Sun Java JDK / JRE Splash Screen PNG Image Handling Overflow |
| 53166 | Sun Java JDK / JRE unpack200 JAR File Pack200 Header Handling Multiple Overflows |
| 53165 | Sun Java JDK / JRE LDAP Implementation Serialized Data Unspecified Arbitrary ... |
| 53164 | Sun Java JDK / JRE LDAP Service LdapCtx Connection Persistence Remote DoS |
| 50517 | Sun Java JDK / JRE TrueType Font Processing Integer Overflow |
| 50516 | Sun Java JDK / JRE TrueType Font Processing Heap Overflow |
| 50515 | Sun Java JDK / JRE GIF Image Decoding Memory Corruption |
| 50514 | Sun Java JDK / JRE Java Web Start BasicService Arbitrary File Access |
| 50513 | Sun Java JDK / JRE Applet Classloading Privilege Escalation |
| 50512 | Sun Java JDK / JRE Jave Web Start / Plug-in HTTP Session Hijacking |
| 50511 | Sun Java JDK / JRE Java Web Start SingleInstanceImpl Class SI_FILEDIR Propert... |
| 50510 | Sun Java JDK / JRE Java Web Start (JWS) JNLP File System Properties Override ... |
| 50509 | Sun Java JDK / JRE Java Web Start Application file: Protocol Arbitrary File A... |
| 50508 | Sun Java JRE LocalHost Network Access Restriction Bypass |
| 50507 | Sun Java JDK / JRE ZIP File Parsing Arbitrary Memory Disclosure |
| 50506 | Sun Java JDK / JRE JAX-WS / JAXB Packages Internal Classes Applet Privilege E... |
| 50505 | Sun Java JDK / JRE Kerberos Authentication Unspecified Remote DoS |
| 50504 | Sun Java JDK / JRE RSA Public Key Processing Resource Consumption DoS |
| 50503 | Sun Java JDK / JRE Untrusted Applet User Home Directory Content Listing |
| 50502 | Sun Java JDK / JRE UTF-8 Decoder Non-shortest Form Sequence Handling Weakness |
| 50501 | Sun Java JDK / JRE Unpack200 JAR Utility Privilege Escalation |
| 50500 | Sun Java JDK / JRE Deserializing Calendar Object Privilege Escalation A security vulnerability in the Java Runtime Environment (JRE) related to deserializing calendar objects may allow an untrusted applet or application to escalate privileges. For example, an untrusted applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. |
| 50499 | Sun Java JDK / JRE Command Line Application Overflow |
| 50498 | Sun Java JDK / JRE Java Update Mechanism Digital Signature Verification Weakness |
| 50497 | Sun Java JDK / JRE Java Web Start Application JNLP File Handling Socket Restr... |
| 50496 | Sun Java JDK / JRE Java AWT Library ConvolveOp Operation Image Handling Overflow |
| 50495 | Sun Java JDK / JRE Environment Temporary File Name Prediction Weakness |
| 46967 | Sun Java JDK / JRE Java Management Extensions (JMX) Management Agent Remote P... |
| 46966 | Sun Java JDK / JRE Applet Outbound Connection Security Model Bypass |
| 46965 | Sun Java JDK / JRE XML Data Handling Unspecified Arbitrary URL Access |
| 46964 | Sun Java JDK / JRE JAX-WS XML Data Processing Arbitrary URL Resource Access |
| 46963 | Sun Java JDK / JRE Virtual Machine Untrusted Application Privilege Escalation |
| 46962 | Sun Java JDK / JRE Font Processing Unspecified Overflow |
| 46961 | Sun Java JDK / JRE Scripting Language Support Untrusted Applet Privilege Esca... |
| 46960 | Sun Java JDK / JRE Scripting Language Support Cross-applet Information Disclo... |
| 46959 | Sun Java JDK / JRE Java Web Start Untrusted Application Multiple Overflows |
| 46958 | Sun Java JDK / JRE Java Web Start CacheEntry Class writeManifest() Method Arb... |
| 46957 | Sun Java JDK / JRE Java Web Start Untrusted Application Arbitrary File Manipu... |
| 46956 | Sun Java JDK / JRE Java Web Start Untrusted Application Cache Location Disclo... |
| 46955 | Sun Java JDK / JRE Secure Static Versioning JRE Version Revision Applet Privi... |
Information Assurance Vulnerability Management (IAVM)
| Date | Description |
|---|---|
| 2012-08-16 | IAVM : 2012-A-0136 - Multiple Vulnerabilities in Juniper Network Management Products Severity : Category I - VMSKEY : V0033662 |
| 2009-10-22 | IAVM : 2009-A-0105 - Multiple Vulnerabilities in VMware Products Severity : Category I - VMSKEY : V0021867 |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2017-08-01 | multiple products PNG processing buffer overflow attempt RuleID : 43399 - Revision : 2 - Type : FILE-IMAGE |
| 2014-01-10 | Oracle Java Web Start JNLP j2se key value buffer overflow attempt RuleID : 24906 - Revision : 6 - Type : FILE-JAVA |
| 2014-01-10 | Oracle Java Web Start JNLP j2se key value buffer overflow attempt RuleID : 24905 - Revision : 6 - Type : FILE-JAVA |
| 2014-01-10 | Oracle Java Web Start JNLP j2se key value buffer overflow attempt RuleID : 24904 - Revision : 6 - Type : FILE-JAVA |
| 2014-01-10 | Phoenix exploit kit post-compromise behavior RuleID : 21860 - Revision : 5 - Type : MALWARE-CNC |
| 2014-01-10 | Phoenix exploit kit landing page RuleID : 21640 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Oracle Java getSoundBank overflow Attempt malicious jar file RuleID : 20858 - Revision : 8 - Type : FILE-JAVA |
| 2014-01-10 | Oracle Java GIF LZW minimum code size overflow attempt RuleID : 20239 - Revision : 6 - Type : FILE-JAVA |
| 2014-01-10 | Oracle Java calendar deserialize vulnerability RuleID : 20238 - Revision : 5 - Type : SERVER-OTHER |
| 2014-01-10 | Oracle Java runtime JPEGImageReader overflow attempt RuleID : 20055 - Revision : 11 - Type : FILE-JAVA |
| 2014-01-10 | Oracle Java Runtime AWT setDiffICM stack buffer overflow attempt RuleID : 19926 - Revision : 10 - Type : FILE-JAVA |
| 2014-01-10 | Oracle Java HsbParser.getSoundBank stack buffer overflow attempt RuleID : 17776 - Revision : 11 - Type : FILE-JAVA |
| 2014-01-10 | Oracle Java Web Start JNLP j2se key value buffer overflow attempt RuleID : 17631 - Revision : 14 - Type : FILE-JAVA |
| 2014-01-10 | Oracle Java Runtime Environment Type1 Font parsing integer overflow attempt RuleID : 17624 - Revision : 10 - Type : FILE-JAVA |
| 2014-01-10 | Oracle Java Runtime Environment Type1 Font parsing integer overflow attempt RuleID : 17623 - Revision : 16 - Type : FILE-JAVA |
| 2014-01-10 | Oracle Java Runtime Environment JAR File Processing Stack Buffer Overflow RuleID : 17563 - Revision : 12 - Type : FILE-JAVA |
| 2014-01-10 | Oracle Java Runtime Environment Pack200 Decompression Integer Overflow attempt RuleID : 17562 - Revision : 13 - Type : FILE-JAVA |
| 2014-01-10 | Oracle Java Runtime Environment Pack200 Decompression Integer Overflow RuleID : 17522 - Revision : 12 - Type : FILE-JAVA |
| 2014-01-10 | Oracle Java Web Start Splashscreen GIF decoding buffer overflow attempt RuleID : 17395 - Revision : 14 - Type : FILE-IMAGE |
| 2014-01-10 | multiple products PNG processing buffer overflow attempt RuleID : 16716 - Revision : 17 - Type : FILE-IMAGE |
| 2014-01-10 | Oracle Java Runtime AWT setDiffICM stack buffer overflow attempt RuleID : 16288 - Revision : 11 - Type : FILE-JAVA |
| 2014-01-10 | Oracle Java Web Start JNLP attribute buffer overflow attempt RuleID : 13950 - Revision : 14 - Type : FILE-JAVA |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2016-03-08 | Name : The remote VMware ESX host is missing a security-related patch. File : vmware_VMSA-2010-0001_remote.nasl - Type : ACT_GATHER_INFO |
| 2016-03-08 | Name : The remote VMware ESX host is missing a security-related patch. File : vmware_VMSA-2010-0002_remote.nasl - Type : ACT_GATHER_INFO |
| 2016-03-08 | Name : The remote VMware ESX / ESXi host is missing a security-related patch. File : vmware_VMSA-2010-0009_remote.nasl - Type : ACT_GATHER_INFO |
| 2016-03-08 | Name : The remote VMware ESX host is missing a security-related patch. File : vmware_VMSA-2010-0015_remote.nasl - Type : ACT_GATHER_INFO |
| 2016-03-08 | Name : The remote VMware ESX host is missing a security-related patch. File : vmware_VMSA-2010-0019_remote.nasl - Type : ACT_GATHER_INFO |
| 2016-03-03 | Name : The remote host is missing a security-related patch. File : vmware_VMSA-2009-0014_remote.nasl - Type : ACT_GATHER_INFO |
| 2016-03-03 | Name : The remote host is missing a security-related patch. File : vmware_VMSA-2009-0016_remote.nasl - Type : ACT_GATHER_INFO |
| 2014-11-26 | Name : The remote OracleVM host is missing a security update. File : oraclevm_OVMSA-2014-0007.nasl - Type : ACT_GATHER_INFO |
| 2014-11-26 | Name : The remote OracleVM host is missing a security update. File : oraclevm_OVMSA-2014-0008.nasl - Type : ACT_GATHER_INFO |
| 2014-10-10 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL15663.nasl - Type : ACT_GATHER_INFO |
| 2013-09-13 | Name : The remote host is affected by multiple vulnerabilities. File : juniper_nsm_psn_2012_08_689.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-0377.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1184.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1201.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1431.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1432.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1584.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0054.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0163.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0166.nasl - Type : ACT_GATHER_INFO |
| 2013-06-29 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1584.nasl - Type : ACT_GATHER_INFO |
| 2013-03-09 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-810-3.nasl - Type : ACT_GATHER_INFO |
| 2013-02-22 | Name : The remote Unix host has an application that is affected by multiple vulnerab... File : sun_java_j2se_4_2_18_unix.nasl - Type : ACT_GATHER_INFO |
| 2013-02-22 | Name : The remote Unix host contains a runtime environment that is affected by multi... File : sun_java_jre_244986_unix.nasl - Type : ACT_GATHER_INFO |
| 2013-02-22 | Name : The remote Unix host contains a runtime environment that is affected by multi... File : sun_java_jre_254569_unix.nasl - Type : ACT_GATHER_INFO |
| 2013-02-22 | Name : The remote Unix host contains a runtime environment that is affected by multi... File : sun_java_jre_263408_unix.nasl - Type : ACT_GATHER_INFO |
| 2013-02-22 | Name : The remote Unix host contains a runtime environment that is affected by multi... File : sun_java_jre_269868_unix.nasl - Type : ACT_GATHER_INFO |
| 2013-02-22 | Name : The remote Unix host has an application that is affected by multiple vulnerab... File : sun_java_jre_5_16_unix.nasl - Type : ACT_GATHER_INFO |
| 2013-02-22 | Name : The remote Unix host has an application that is affected by multiple vulnerab... File : sun_java_jre_6_7_unix.nasl - Type : ACT_GATHER_INFO |
| 2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0594.nasl - Type : ACT_GATHER_INFO |
| 2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1190.nasl - Type : ACT_GATHER_INFO |
| 2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1207.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080714_java__jdk_1_5_0__on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090117_java__jdk_1_6_0__on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090326_java__jdk_1_6_0__on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090731_nspr_and_nss_for_SL_4_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090731_nspr_and_nss_for_SL_5_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090806_java_1_6_0_openjdk_on_SL5_3.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090824_java__jdk_1_6_0__on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090909_seamonkey_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20091109_java__jdk_1_6_0__on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100119_openssl_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100325_gnutls_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100325_openssl_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
| 2012-01-04 | Name : The remote server is affected by multiple vulnerabilities. File : openssl_0_9_8l.nasl - Type : ACT_GATHER_INFO |
| 2011-04-23 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1662.nasl - Type : ACT_GATHER_INFO |
| 2010-12-08 | Name : The remote VMware ESX host is missing one or more security-related patches. File : vmware_VMSA-2010-0019.nasl - Type : ACT_GATHER_INFO |
| 2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_4_2-ibm-6523.nasl - Type : ACT_GATHER_INFO |
| 2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_4_2-ibm-6647.nasl - Type : ACT_GATHER_INFO |
| 2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_4_2-ibm-6755.nasl - Type : ACT_GATHER_INFO |
| 2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_5_0-ibm-6741.nasl - Type : ACT_GATHER_INFO |
| 2010-10-04 | Name : The remote VMware ESX host is missing one or more security-related patches. File : vmware_VMSA-2010-0015.nasl - Type : ACT_GATHER_INFO |
| 2010-07-30 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-239.nasl - Type : ACT_GATHER_INFO |
| 2010-06-01 | Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2010-0009.nasl - Type : ACT_GATHER_INFO |
| 2010-05-19 | Name : The remote host has a version of Java that is affected by multiple vulnerabil... File : macosx_java_10_6_update2.nasl - Type : ACT_GATHER_INFO |
| 2010-05-11 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0163.nasl - Type : ACT_GATHER_INFO |
| 2010-05-11 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0166.nasl - Type : ACT_GATHER_INFO |
| 2010-04-29 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-084.nasl - Type : ACT_GATHER_INFO |
| 2010-03-31 | Name : The remote VMware ESX host is missing a security-related patch. File : vmware_VMSA-2010-0002.nasl - Type : ACT_GATHER_INFO |
| 2010-03-29 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0166.nasl - Type : ACT_GATHER_INFO |
| 2010-03-26 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0163.nasl - Type : ACT_GATHER_INFO |
| 2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1874.nasl - Type : ACT_GATHER_INFO |
| 2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1888.nasl - Type : ACT_GATHER_INFO |
| 2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1935.nasl - Type : ACT_GATHER_INFO |
| 2010-01-21 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0054.nasl - Type : ACT_GATHER_INFO |
| 2010-01-20 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0054.nasl - Type : ACT_GATHER_INFO |
| 2010-01-15 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0043.nasl - Type : ACT_GATHER_INFO |
| 2010-01-13 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-ibm-100105.nasl - Type : ACT_GATHER_INFO |
| 2010-01-12 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12565.nasl - Type : ACT_GATHER_INFO |
| 2010-01-12 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_4_2-ibm-100105.nasl - Type : ACT_GATHER_INFO |
| 2010-01-12 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_4_2-ibm-6757.nasl - Type : ACT_GATHER_INFO |
| 2010-01-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0636.nasl - Type : ACT_GATHER_INFO |
| 2010-01-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-0466.nasl - Type : ACT_GATHER_INFO |
| 2010-01-08 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_5_0-ibm-6740.nasl - Type : ACT_GATHER_INFO |
| 2010-01-08 | Name : The remote VMware ESX host is missing a security-related patch. File : vmware_VMSA-2010-0001.nasl - Type : ACT_GATHER_INFO |
| 2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-0377.nasl - Type : ACT_GATHER_INFO |
| 2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1201.nasl - Type : ACT_GATHER_INFO |
| 2009-12-27 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1694.nasl - Type : ACT_GATHER_INFO |
| 2009-12-27 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12564.nasl - Type : ACT_GATHER_INFO |
| 2009-12-14 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHSS_40374.nasl - Type : ACT_GATHER_INFO |
| 2009-12-14 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHSS_40375.nasl - Type : ACT_GATHER_INFO |
| 2009-12-09 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1647.nasl - Type : ACT_GATHER_INFO |
| 2009-12-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1643.nasl - Type : ACT_GATHER_INFO |
| 2009-12-04 | Name : The remote host has a version of Java that is affected by multiple vulnerabil... File : macosx_java_10_5_update6.nasl - Type : ACT_GATHER_INFO |
| 2009-12-04 | Name : The remote host has a version of Java that is affected by multiple vulnerabil... File : macosx_java_10_6_update1.nasl - Type : ACT_GATHER_INFO |
| 2009-12-04 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-310.nasl - Type : ACT_GATHER_INFO |
| 2009-12-02 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200912-01.nasl - Type : ACT_GATHER_INFO |
| 2009-11-30 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12531.nasl - Type : ACT_GATHER_INFO |
| 2009-11-30 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_java-1_6_0-openjdk-091125.nasl - Type : ACT_GATHER_INFO |
| 2009-11-30 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_java-1_6_0-openjdk-091125.nasl - Type : ACT_GATHER_INFO |
| 2009-11-30 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_java-1_6_0-openjdk-091127.nasl - Type : ACT_GATHER_INFO |
| 2009-11-30 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_4_2-ibm-091106.nasl - Type : ACT_GATHER_INFO |
| 2009-11-30 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_4_2-ibm-6648.nasl - Type : ACT_GATHER_INFO |
| 2009-11-23 | Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2009-0016.nasl - Type : ACT_GATHER_INFO |
| 2009-11-19 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_java-1_6_0-sun-091113.nasl - Type : ACT_GATHER_INFO |
| 2009-11-19 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_java-1_6_0-sun-091113.nasl - Type : ACT_GATHER_INFO |
| 2009-11-19 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_java-1_6_0-sun-091113.nasl - Type : ACT_GATHER_INFO |
| 2009-11-19 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-sun-091113.nasl - Type : ACT_GATHER_INFO |
| 2009-11-18 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200911-02.nasl - Type : ACT_GATHER_INFO |
| 2009-11-17 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1584.nasl - Type : ACT_GATHER_INFO |
| 2009-11-16 | Name : The remote Fedora host is missing a security update. File : fedora_2009-11486.nasl - Type : ACT_GATHER_INFO |
| 2009-11-16 | Name : The remote Fedora host is missing a security update. File : fedora_2009-11489.nasl - Type : ACT_GATHER_INFO |
| 2009-11-16 | Name : The remote Fedora host is missing a security update. File : fedora_2009-11490.nasl - Type : ACT_GATHER_INFO |
| 2009-11-16 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-859-1.nasl - Type : ACT_GATHER_INFO |
| 2009-11-13 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1582.nasl - Type : ACT_GATHER_INFO |
| 2009-11-11 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1571.nasl - Type : ACT_GATHER_INFO |
| 2009-11-11 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_java-1_5_0-sun-091109.nasl - Type : ACT_GATHER_INFO |
| 2009-11-11 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_java-1_5_0-sun-091109.nasl - Type : ACT_GATHER_INFO |
| 2009-11-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1560.nasl - Type : ACT_GATHER_INFO |
| 2009-11-09 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_10_6_2.nasl - Type : ACT_GATHER_INFO |
| 2009-11-09 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2009-006.nasl - Type : ACT_GATHER_INFO |
| 2009-11-05 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-ibm-091102.nasl - Type : ACT_GATHER_INFO |
| 2009-11-04 | Name : The remote Windows host contains a runtime environment that is affected by mu... File : sun_java_jre_269868.nasl - Type : ACT_GATHER_INFO |
| 2009-10-19 | Name : The remote VMware ESX host is missing one or more security-related patches. File : vmware_VMSA-2009-0014.nasl - Type : ACT_GATHER_INFO |
| 2009-10-15 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1505.nasl - Type : ACT_GATHER_INFO |
| 2009-10-08 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-258.nasl - Type : ACT_GATHER_INFO |
| 2009-10-06 | Name : The remote openSUSE host is missing a security update. File : suse_java-1_5_0-sun-6396.nasl - Type : ACT_GATHER_INFO |
| 2009-10-06 | Name : The remote openSUSE host is missing a security update. File : suse_java-1_6_0-sun-6395.nasl - Type : ACT_GATHER_INFO |
| 2009-10-02 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_4_2-ibm-6508.nasl - Type : ACT_GATHER_INFO |
| 2009-10-01 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12511.nasl - Type : ACT_GATHER_INFO |
| 2009-10-01 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_4_2-ibm-090924.nasl - Type : ACT_GATHER_INFO |
| 2009-09-25 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_java-1_6_0-openjdk-090920.nasl - Type : ACT_GATHER_INFO |
| 2009-09-25 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_java-1_6_0-openjdk-090922.nasl - Type : ACT_GATHER_INFO |
| 2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12206.nasl - Type : ACT_GATHER_INFO |
| 2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12265.nasl - Type : ACT_GATHER_INFO |
| 2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12313.nasl - Type : ACT_GATHER_INFO |
| 2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12321.nasl - Type : ACT_GATHER_INFO |
| 2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12336.nasl - Type : ACT_GATHER_INFO |
| 2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12387.nasl - Type : ACT_GATHER_INFO |
| 2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12422.nasl - Type : ACT_GATHER_INFO |
| 2009-09-24 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_4_2-ibm-090405.nasl - Type : ACT_GATHER_INFO |
| 2009-09-24 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-ibm-090405.nasl - Type : ACT_GATHER_INFO |
| 2009-09-24 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-ibm-090629.nasl - Type : ACT_GATHER_INFO |
| 2009-09-24 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-sun-090327.nasl - Type : ACT_GATHER_INFO |
| 2009-09-24 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-sun-090806.nasl - Type : ACT_GATHER_INFO |
| 2009-09-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_4_2-ibm-5846.nasl - Type : ACT_GATHER_INFO |
| 2009-09-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_4_2-sun-5852.nasl - Type : ACT_GATHER_INFO |
| 2009-09-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_5_0-ibm-5960.nasl - Type : ACT_GATHER_INFO |
| 2009-09-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_5_0-ibm-6253.nasl - Type : ACT_GATHER_INFO |
| 2009-09-22 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-238.nasl - Type : ACT_GATHER_INFO |
| 2009-09-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-830-1.nasl - Type : ACT_GATHER_INFO |
| 2009-09-11 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1431.nasl - Type : ACT_GATHER_INFO |
| 2009-09-11 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1432.nasl - Type : ACT_GATHER_INFO |
| 2009-09-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1431.nasl - Type : ACT_GATHER_INFO |
| 2009-09-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1432.nasl - Type : ACT_GATHER_INFO |
| 2009-09-03 | Name : The remote host has a version of Java that is affected by multiple vulnerabil... File : macosx_java_10_5_update5.nasl - Type : ACT_GATHER_INFO |
| 2009-08-31 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1236.nasl - Type : ACT_GATHER_INFO |
| 2009-08-24 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-209.nasl - Type : ACT_GATHER_INFO |
| 2009-08-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0595.nasl - Type : ACT_GATHER_INFO |
| 2009-08-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0790.nasl - Type : ACT_GATHER_INFO |
| 2009-08-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0891.nasl - Type : ACT_GATHER_INFO |
| 2009-08-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0906.nasl - Type : ACT_GATHER_INFO |
| 2009-08-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0955.nasl - Type : ACT_GATHER_INFO |
| 2009-08-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-1018.nasl - Type : ACT_GATHER_INFO |
| 2009-08-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-1025.nasl - Type : ACT_GATHER_INFO |
| 2009-08-24 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2008-1043.nasl - Type : ACT_GATHER_INFO |
| 2009-08-24 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2008-1044.nasl - Type : ACT_GATHER_INFO |
| 2009-08-24 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2008-1045.nasl - Type : ACT_GATHER_INFO |
| 2009-08-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-0015.nasl - Type : ACT_GATHER_INFO |
| 2009-08-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-0016.nasl - Type : ACT_GATHER_INFO |
| 2009-08-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-0369.nasl - Type : ACT_GATHER_INFO |
| 2009-08-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-0392.nasl - Type : ACT_GATHER_INFO |
| 2009-08-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-0394.nasl - Type : ACT_GATHER_INFO |
| 2009-08-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-0445.nasl - Type : ACT_GATHER_INFO |
| 2009-08-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1038.nasl - Type : ACT_GATHER_INFO |
| 2009-08-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1198.nasl - Type : ACT_GATHER_INFO |
| 2009-08-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1199.nasl - Type : ACT_GATHER_INFO |
| 2009-08-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1200.nasl - Type : ACT_GATHER_INFO |
| 2009-08-20 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-809-1.nasl - Type : ACT_GATHER_INFO |
| 2009-08-11 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-814-1.nasl - Type : ACT_GATHER_INFO |
| 2009-08-10 | Name : The remote Fedora host is missing a security update. File : fedora_2009-8337.nasl - Type : ACT_GATHER_INFO |
| 2009-08-10 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-197.nasl - Type : ACT_GATHER_INFO |
| 2009-08-10 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_java-1_5_0-sun-090806.nasl - Type : ACT_GATHER_INFO |
| 2009-08-10 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_java-1_6_0-sun-090806.nasl - Type : ACT_GATHER_INFO |
| 2009-08-10 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_java-1_5_0-sun-090806.nasl - Type : ACT_GATHER_INFO |
| 2009-08-10 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_java-1_6_0-sun-090806.nasl - Type : ACT_GATHER_INFO |
| 2009-08-07 | Name : The remote Fedora host is missing a security update. File : fedora_2009-8329.nasl - Type : ACT_GATHER_INFO |
| 2009-08-07 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1201.nasl - Type : ACT_GATHER_INFO |
| 2009-08-05 | Name : The remote Windows host contains a runtime environment that is affected by mu... File : sun_java_jre_263408.nasl - Type : ACT_GATHER_INFO |
| 2009-08-05 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-810-1.nasl - Type : ACT_GATHER_INFO |
| 2009-08-05 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-810-2.nasl - Type : ACT_GATHER_INFO |
| 2009-07-31 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1184.nasl - Type : ACT_GATHER_INFO |
| 2009-07-31 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1186.nasl - Type : ACT_GATHER_INFO |
| 2009-07-27 | Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2008-0016.nasl - Type : ACT_GATHER_INFO |
| 2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_java-1_5_0-sun-080715.nasl - Type : ACT_GATHER_INFO |
| 2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_java-1_5_0-sun-081217.nasl - Type : ACT_GATHER_INFO |
| 2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_java-1_5_0-sun-090327.nasl - Type : ACT_GATHER_INFO |
| 2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_java-1_6_0-sun-080715.nasl - Type : ACT_GATHER_INFO |
| 2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_java-1_6_0-sun-081217.nasl - Type : ACT_GATHER_INFO |
| 2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_java-1_6_0-sun-090327.nasl - Type : ACT_GATHER_INFO |
| 2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_java-1_5_0-sun-081217.nasl - Type : ACT_GATHER_INFO |
| 2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_java-1_5_0-sun-090328.nasl - Type : ACT_GATHER_INFO |
| 2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_java-1_6_0-openjdk-090303.nasl - Type : ACT_GATHER_INFO |
| 2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_java-1_6_0-sun-081217.nasl - Type : ACT_GATHER_INFO |
| 2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_java-1_6_0-sun-090328.nasl - Type : ACT_GATHER_INFO |
| 2009-07-09 | Name : The remote host has a version of Java that is affected by multiple vulnerabil... File : macosx_java_rel9.nasl - Type : ACT_GATHER_INFO |
| 2009-06-21 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-137.nasl - Type : ACT_GATHER_INFO |
| 2009-06-17 | Name : The remote host has a version of Java that is affected by multiple vulnerabil... File : macosx_java_10_5_update4.nasl - Type : ACT_GATHER_INFO |
| 2009-04-23 | Name : The remote Fedora host is missing a security update. File : fedora_2008-10913.nasl - Type : ACT_GATHER_INFO |
| 2009-04-23 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-713-1.nasl - Type : ACT_GATHER_INFO |
| 2009-04-23 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-748-1.nasl - Type : ACT_GATHER_INFO |
| 2009-04-13 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1769.nasl - Type : ACT_GATHER_INFO |
| 2009-04-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-0377.nasl - Type : ACT_GATHER_INFO |
| 2009-04-01 | Name : The remote openSUSE host is missing a security update. File : suse_java-1_5_0-sun-6125.nasl - Type : ACT_GATHER_INFO |
| 2009-04-01 | Name : The remote openSUSE host is missing a security update. File : suse_java-1_6_0-sun-6128.nasl - Type : ACT_GATHER_INFO |
| 2009-03-27 | Name : The remote Windows host contains a runtime environment that is affected by mu... File : sun_java_jre_254569.nasl - Type : ACT_GATHER_INFO |
| 2009-02-13 | Name : The remote host has a version of Java that is affected by multiple vulnerabil... File : macosx_java_10_5_update3.nasl - Type : ACT_GATHER_INFO |
| 2009-02-13 | Name : The remote host has a version of Java that is affected by multiple vulnerabil... File : macosx_java_rel8.nasl - Type : ACT_GATHER_INFO |
| 2009-01-07 | Name : The remote openSUSE host is missing a security update. File : suse_java-1_5_0-sun-5875.nasl - Type : ACT_GATHER_INFO |
| 2009-01-07 | Name : The remote openSUSE host is missing a security update. File : suse_java-1_6_0-sun-5876.nasl - Type : ACT_GATHER_INFO |
| 2008-12-08 | Name : The remote Fedora host is missing a security update. File : fedora_2008-10860.nasl - Type : ACT_GATHER_INFO |
| 2008-12-04 | Name : The remote Windows host contains a runtime environment that is affected by mu... File : sun_java_jre_244986.nasl - Type : ACT_GATHER_INFO |
| 2008-10-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_5_0-ibm-5662.nasl - Type : ACT_GATHER_INFO |
| 2008-09-25 | Name : The remote host is affected by multiple vulnerabilities. File : macosx_java_10_5_update2.nasl - Type : ACT_GATHER_INFO |
| 2008-09-25 | Name : The remote host is affected by multiple vulnerabilities. File : macosx_java_rel7.nasl - Type : ACT_GATHER_INFO |
| 2008-09-14 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_5_0-ibm-5591.nasl - Type : ACT_GATHER_INFO |
| 2008-09-03 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_5_0-ibm-5557.nasl - Type : ACT_GATHER_INFO |
| 2008-08-24 | Name : The remote openSUSE host is missing a security update. File : suse_java-1_4_2-sun-5430.nasl - Type : ACT_GATHER_INFO |
| 2008-08-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_4_2-sun-5431.nasl - Type : ACT_GATHER_INFO |
| 2008-08-24 | Name : The remote openSUSE host is missing a security update. File : suse_java-1_5_0-sun-5434.nasl - Type : ACT_GATHER_INFO |
| 2008-08-24 | Name : The remote openSUSE host is missing a security update. File : suse_java-1_6_0-sun-5435.nasl - Type : ACT_GATHER_INFO |
| 2008-07-15 | Name : The remote Windows host has an application that is affected by multiple vulne... File : sun_java_j2se_4_2_18.nasl - Type : ACT_GATHER_INFO |
| 2008-07-15 | Name : The remote Windows host has an application that is affected by multiple vulne... File : sun_java_jre_5_16.nasl - Type : ACT_GATHER_INFO |
| 2008-07-15 | Name : The remote Windows host has an application that is affected by multiple vulne... File : sun_java_jre_6_7.nasl - Type : ACT_GATHER_INFO |
| 2007-10-12 | Name : The remote host is missing Sun Security Patch number 125136-97 File : solaris10_125136.nasl - Type : ACT_GATHER_INFO |
| 2007-10-12 | Name : The remote host is missing Sun Security Patch number 125137-97 File : solaris10_125137.nasl - Type : ACT_GATHER_INFO |
| 2007-10-12 | Name : The remote host is missing Sun Security Patch number 125139-97 File : solaris10_x86_125139.nasl - Type : ACT_GATHER_INFO |
| 2007-10-12 | Name : The remote host is missing Sun Security Patch number 125136-97 File : solaris8_125136.nasl - Type : ACT_GATHER_INFO |
| 2007-10-12 | Name : The remote host is missing Sun Security Patch number 125137-97 File : solaris8_125137.nasl - Type : ACT_GATHER_INFO |
| 2007-10-12 | Name : The remote host is missing Sun Security Patch number 125139-97 File : solaris8_x86_125139.nasl - Type : ACT_GATHER_INFO |
| 2007-10-12 | Name : The remote host is missing Sun Security Patch number 125136-97 File : solaris9_125136.nasl - Type : ACT_GATHER_INFO |
| 2007-10-12 | Name : The remote host is missing Sun Security Patch number 125137-97 File : solaris9_125137.nasl - Type : ACT_GATHER_INFO |
| 2007-10-12 | Name : The remote host is missing Sun Security Patch number 125139-97 File : solaris9_x86_125139.nasl - Type : ACT_GATHER_INFO |
| 2005-09-06 | Name : The remote host is missing Sun Security Patch number 118669-86 File : solaris10_x86_118669.nasl - Type : ACT_GATHER_INFO |
| 2005-09-06 | Name : The remote host is missing Sun Security Patch number 118669-86 File : solaris8_x86_118669.nasl - Type : ACT_GATHER_INFO |
| 2005-09-06 | Name : The remote host is missing Sun Security Patch number 118669-86 File : solaris9_x86_118669.nasl - Type : ACT_GATHER_INFO |
| 2005-08-18 | Name : The remote host is missing Sun Security Patch number 118667-86 File : solaris10_118667.nasl - Type : ACT_GATHER_INFO |
| 2005-08-18 | Name : The remote host is missing Sun Security Patch number 118667-86 File : solaris8_118667.nasl - Type : ACT_GATHER_INFO |
| 2005-08-18 | Name : The remote host is missing Sun Security Patch number 118667-86 File : solaris9_118667.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:36:45 |
|
