Executive Summary
Summary | |
---|---|
Title | Oracle JRE/JDK: Multiple vulnerabilities |
Informations | |||
---|---|---|---|
Name | GLSA-201111-02 | First vendor Publication | 2011-11-05 |
Vendor | Gentoo | Last vendor Modification | 2011-11-05 |
Severity (Vendor) | Normal | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Synopsis Multiple vulnerabilities have been found in the Oracle JRE/JDK, allowing attackers to cause unspecified impact. Background Description Impact Workaround Resolution All Oracle JRE 1.6 users should upgrade to the latest version: All users of the precompiled 32-bit Oracle JRE 1.6 should upgrade to the latest version: NOTE: As Oracle has revoked the DLJ license for its Java implementation, the packages can no longer be updated automatically. References Availability http://security.gentoo.org/glsa/glsa-201111-02.xml |
Original Source
Url : http://security.gentoo.org/glsa/glsa-201111-02.xml |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-326 | Inadequate Encryption Strength |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:11268 | |||
Oval ID: | oval:org.mitre.oval:def:11268 | ||
Title: | Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions | ||
Description: | Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to the modification of "behavior and state of certain JDK classes" and "mutable static." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3557 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11320 | |||
Oval ID: | oval:org.mitre.oval:def:11320 | ||
Title: | Unspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update and 21 and earlier versions | ||
Description: | Unspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable third party coordinator that the ActiveX Plugin does not properly initialize an object field that is used as a window handle, which allows attackers to execute arbitrary code. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3555 | Version: | 8 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11330 | |||
Oval ID: | oval:org.mitre.oval:def:11330 | ||
Title: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 and earlier versions | ||
Description: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality via unknown vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3551 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11619 | |||
Oval ID: | oval:org.mitre.oval:def:11619 | ||
Title: | Unspecified vulnerability in the Java Web Start component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update and 25 and earlier versions | ||
Description: | Unspecified vulnerability in the Java Web Start component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3550 | Version: | 8 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11649 | |||
Oval ID: | oval:org.mitre.oval:def:11649 | ||
Title: | DEPRECATED: Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions | ||
Description: | Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to unsafe reflection involving the UIDefault.ProxyLazyValue class. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3553 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11662 | |||
Oval ID: | oval:org.mitre.oval:def:11662 | ||
Title: | DEPRECATED: Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions | ||
Description: | Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this involves an incorrect sign extension in the HeadspaceSoundbank.nGetName function, which allows attackers to execute arbitrary code via a crafted BANK record that leads to a buffer overflow. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3559 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11714 | |||
Oval ID: | oval:org.mitre.oval:def:11714 | ||
Title: | Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, and 5.0 Update 25 and earlier versions | ||
Description: | Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to a calculation error in right-to-left text character counts for the ICU OpenType font rendering implementation, which triggers an out-of-bounds memory access. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3567 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11798 | |||
Oval ID: | oval:org.mitre.oval:def:11798 | ||
Title: | Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions | ||
Description: | Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to unsafe reflection involving the UIDefault.ProxyLazyValue class. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3553 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11815 | |||
Oval ID: | oval:org.mitre.oval:def:11815 | ||
Title: | Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions | ||
Description: | Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3556 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11871 | |||
Oval ID: | oval:org.mitre.oval:def:11871 | ||
Title: | Unspecified vulnerability in the Java Web Start component in Oracle Java SE and Java for Business 6 Update and 21 and earlier versions | ||
Description: | Unspecified vulnerability in the Java Web Start component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3558 | Version: | 8 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11876 | |||
Oval ID: | oval:org.mitre.oval:def:11876 | ||
Title: | DEPRECATED: Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, and 5.0 Update 25 and earlier versions | ||
Description: | Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to a calculation error in right-to-left text character counts for the ICU OpenType font rendering implementation, which triggers an out-of-bounds memory access. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3567 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11880 | |||
Oval ID: | oval:org.mitre.oval:def:11880 | ||
Title: | Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions | ||
Description: | Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this involves an incorrect sign extension in the HeadspaceSoundbank.nGetName function, which allows attackers to execute arbitrary code via a crafted BANK record that leads to a buffer overflow. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3559 | Version: | 8 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11893 | |||
Oval ID: | oval:org.mitre.oval:def:11893 | ||
Title: | Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions | ||
Description: | Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is a double free vulnerability in IndexColorModel that allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3562 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11990 | |||
Oval ID: | oval:org.mitre.oval:def:11990 | ||
Title: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21 and earlier versions | ||
Description: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to missing validation of request headers in the HttpURLConnection class when they are set by applets, which allows remote attackers to bypass the intended security policy. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3573 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12004 | |||
Oval ID: | oval:org.mitre.oval:def:12004 | ||
Title: | Unspecified vulnerability in the New Java Plug-in component in Oracle Java SE and Java for Business 6 Update and 21 and earlier versions | ||
Description: | Unspecified vulnerability in the New Java Plug-in component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3552 | Version: | 8 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12005 | |||
Oval ID: | oval:org.mitre.oval:def:12005 | ||
Title: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update and 21 and earlier versions | ||
Description: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality via unknown vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3560 | Version: | 8 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12029 | |||
Oval ID: | oval:org.mitre.oval:def:12029 | ||
Title: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 and earlier versions | ||
Description: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is a race condition related to deserialization. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3568 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12040 | |||
Oval ID: | oval:org.mitre.oval:def:12040 | ||
Title: | DEPRECATED: Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update and 25 and earlier versions | ||
Description: | Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update and 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow that leads to a buffer overflow via a crafted devs (device information) tag structure in a color profile. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3566 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12173 | |||
Oval ID: | oval:org.mitre.oval:def:12173 | ||
Title: | Unspecified vulnerability in the Deployment Toolkit component in Oracle Java SE and Java for Business 6 Update 21 and earlier versions | ||
Description: | Unspecified vulnerability in the Deployment Toolkit component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3570 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12177 | |||
Oval ID: | oval:org.mitre.oval:def:12177 | ||
Title: | Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions | ||
Description: | Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in the color profile parser that allows remote attackers to execute arbitrary code via a crafted Tag structure in a color profile. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3571 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12180 | |||
Oval ID: | oval:org.mitre.oval:def:12180 | ||
Title: | Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 and earlier versions | ||
Description: | Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow that triggers memory corruption via large values in a subsample of a JPEG image, related to JPEGImageWriter.writeImage in the imageio API. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3565 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12181 | |||
Oval ID: | oval:org.mitre.oval:def:12181 | ||
Title: | Unspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update and 21 and earlier versions | ||
Description: | Unspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to "how Web Start retrieves security policies," BasicServiceImpl, and forged policies that bypass sandbox restrictions. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3563 | Version: | 8 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12189 | |||
Oval ID: | oval:org.mitre.oval:def:12189 | ||
Title: | Unspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions | ||
Description: | Unspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to "permissions granted to certain system objects." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3554 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12200 | |||
Oval ID: | oval:org.mitre.oval:def:12200 | ||
Title: | Unspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update and 25 and earlier versions | ||
Description: | Unspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this involves the use of the privileged accept method in the ServerSocket class, which does not limit which hosts can connect and allows remote attackers to bypass intended network access restrictions. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3561 | Version: | 8 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12225 | |||
Oval ID: | oval:org.mitre.oval:def:12225 | ||
Title: | Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update and 25 and earlier versions | ||
Description: | Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update and 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow that leads to a buffer overflow via a crafted devs (device information) tag structure in a color profile. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3566 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12226 | |||
Oval ID: | oval:org.mitre.oval:def:12226 | ||
Title: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 and earlier versions | ||
Description: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this allows remote attackers to execute arbitrary code by causing the defaultReadObject method in the Serialization API to set a volatile field multiple times. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3569 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12229 | |||
Oval ID: | oval:org.mitre.oval:def:12229 | ||
Title: | DEPRECATED: Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions | ||
Description: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3574 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12231 | |||
Oval ID: | oval:org.mitre.oval:def:12231 | ||
Title: | DEPRECATED: Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions | ||
Description: | Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in the color profile parser that allows remote attackers to execute arbitrary code via a crafted Tag structure in a color profile. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3571 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12240 | |||
Oval ID: | oval:org.mitre.oval:def:12240 | ||
Title: | Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions | ||
Description: | Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3572 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12274 | |||
Oval ID: | oval:org.mitre.oval:def:12274 | ||
Title: | DEPRECATED: Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21 and earlier versions | ||
Description: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to missing validation of request headers in the HttpURLConnection class when they are set by applets, which allows remote attackers to bypass the intended security policy. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3573 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12328 | |||
Oval ID: | oval:org.mitre.oval:def:12328 | ||
Title: | DEPRECATED: Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions | ||
Description: | Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is a double free vulnerability in IndexColorModel that allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3562 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12367 | |||
Oval ID: | oval:org.mitre.oval:def:12367 | ||
Title: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions | ||
Description: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3574 | Version: | 11 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12459 | |||
Oval ID: | oval:org.mitre.oval:def:12459 | ||
Title: | DEPRECATED: Unspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update and 25 and earlier versions | ||
Description: | Unspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this involves the use of the privileged accept method in the ServerSocket class, which does not limit which hosts can connect and allows remote attackers to bypass intended network access restrictions. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3561 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12484 | |||
Oval ID: | oval:org.mitre.oval:def:12484 | ||
Title: | DEPRECATED: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 and earlier versions | ||
Description: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this allows remote attackers to execute arbitrary code by causing the defaultReadObject method in the Serialization API to set a volatile field multiple times. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3569 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12488 | |||
Oval ID: | oval:org.mitre.oval:def:12488 | ||
Title: | DEPRECATED: Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 and earlier versions | ||
Description: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality via unknown vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3551 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12496 | |||
Oval ID: | oval:org.mitre.oval:def:12496 | ||
Title: | DEPRECATED: Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions | ||
Description: | Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3556 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12502 | |||
Oval ID: | oval:org.mitre.oval:def:12502 | ||
Title: | DEPRECATED: Unspecified vulnerability in the Java Web Start component in Oracle Java SE and Java for Business 6 Update and 21 and earlier versions | ||
Description: | Unspecified vulnerability in the Java Web Start component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3558 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12508 | |||
Oval ID: | oval:org.mitre.oval:def:12508 | ||
Title: | DEPRECATED: Unspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update and 21 and earlier versions | ||
Description: | Unspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to "how Web Start retrieves security policies," BasicServiceImpl, and forged policies that bypass sandbox restrictions. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3563 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12518 | |||
Oval ID: | oval:org.mitre.oval:def:12518 | ||
Title: | DEPRECATED: Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions | ||
Description: | Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to the modification of "behavior and state of certain JDK classes" and "mutable static." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3557 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12531 | |||
Oval ID: | oval:org.mitre.oval:def:12531 | ||
Title: | DEPRECATED: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 and earlier versions | ||
Description: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is a race condition related to deserialization. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3568 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12536 | |||
Oval ID: | oval:org.mitre.oval:def:12536 | ||
Title: | DEPRECATED: Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions | ||
Description: | Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3572 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12552 | |||
Oval ID: | oval:org.mitre.oval:def:12552 | ||
Title: | DEPRECATED: Unspecified vulnerability in the New Java Plug-in component in Oracle Java SE and Java for Business 6 Update and 21 and earlier versions | ||
Description: | Unspecified vulnerability in the New Java Plug-in component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3552 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12571 | |||
Oval ID: | oval:org.mitre.oval:def:12571 | ||
Title: | DEPRECATED: Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 and earlier versions | ||
Description: | Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow that triggers memory corruption via large values in a subsample of a JPEG image, related to JPEGImageWriter.writeImage in the imageio API. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3565 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12582 | |||
Oval ID: | oval:org.mitre.oval:def:12582 | ||
Title: | DEPRECATED: Unspecified vulnerability in the Deployment Toolkit component in Oracle Java SE and Java for Business 6 Update 21 and earlier versions | ||
Description: | Unspecified vulnerability in the Deployment Toolkit component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3570 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12590 | |||
Oval ID: | oval:org.mitre.oval:def:12590 | ||
Title: | DEPRECATED: Unspecified vulnerability in the Java Web Start component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update and 25 and earlier versions | ||
Description: | Unspecified vulnerability in the Java Web Start component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3550 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12597 | |||
Oval ID: | oval:org.mitre.oval:def:12597 | ||
Title: | DEPRECATED: Unspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions | ||
Description: | Unspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to "permissions granted to certain system objects." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3554 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12614 | |||
Oval ID: | oval:org.mitre.oval:def:12614 | ||
Title: | DEPRECATED: Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update and 21 and earlier versions | ||
Description: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality via unknown vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3560 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12646 | |||
Oval ID: | oval:org.mitre.oval:def:12646 | ||
Title: | DEPRECATED: Unspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update and 21 and earlier versions | ||
Description: | Unspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable third party coordinator that the ActiveX Plugin does not properly initialize an object field that is used as a window handle, which allows attackers to execute arbitrary code. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3555 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12879 | |||
Oval ID: | oval:org.mitre.oval:def:12879 | ||
Title: | DSA-2161-1 openjdk-6 -- denial of service | ||
Description: | It was discovered that the floating point parser in OpenJDK, an implementation of the Java platform, can enter an infinite loop when processing certain input strings. Such input strings represent valid numbers and can be contained in data supplied by an attacker over the network, leading to a denial-of-service attack. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2161-1 CVE-2010-4476 | Version: | 5 |
Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | openjdk-6 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:13305 | |||
Oval ID: | oval:org.mitre.oval:def:13305 | ||
Title: | USN-1010-1 -- openjdk-6, openjdk-6b18 vulnerabilities | ||
Description: | Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user�s session. USN-923-1 disabled SSL/TLS renegotiation by default; this update implements the TLS Renegotiation Indication Extension as defined in RFC 5746, and thus supports secure renegotiation between updated clients and servers. It was discovered that the HttpURLConnection class did not validate request headers set by java applets, which could allow an attacker to trigger actions otherwise not allowed to HTTP clients. It was discovered that JNDI could leak information that would allow an attacker to access information about otherwise-protected internal network names. It was discovered that HttpURLConnection improperly handled the "chunked" transfer encoding method, which could allow attackers to conduct HTTP response splitting attacks. It was discovered that the NetworkInterface class improperly checked the network "connect" permissions for local network addresses. This could allow an attacker to read local network addresses. It was discovered that UIDefault.ProxyLazyValue had unsafe reflection usage, allowing an attacker to create objects. It was discovered that multiple flaws in the CORBA reflection implementation could allow an attacker to execute arbitrary code by misusing permissions granted to certain system objects. It was discovered that unspecified flaws in the Swing library could allow untrusted applications to modify the behavior and state of certain JDK classes. It was discovered that the privileged accept method of the ServerSocket class in the CORBA implementation allowed it to receive connections from any host, instead of just the host of the current connection. An attacker could use this flaw to bypass restrictions defined by network permissions. It was discovered that there exists a double free in java�s indexColorModel that could allow an attacker to cause an applet or application to crash, or possibly execute arbitrary code with the privilege of the user running the java applet or application. It was discovered that the Kerberos implementation improperly checked AP-REQ requests, which could allow an attacker to cause a denial of service against the receiving JVM. It was discovered that improper checks of unspecified image metadata in JPEGImageWriter.writeImage of the imageio API could allow an attacker to execute arbitrary code with the privileges of the user running a java applet or application. It was discovered that an unspecified vulnerability in the ICC profile handling code could allow an attacker to execute arbitrary code with the privileges of the user running a java applet or application. It was discovered that a miscalculation in the OpenType font rendering implementation would allow out-of-bounds memory access. This could allow an attacker to execute arbitrary code with the privileges of the user running a java application. It was discovered that an unspecified race condition in the way objects were deserialized could allow an attacker to cause an applet or application to misuse the privileges of the user running the java applet or application. It was discovered that the defaultReadObject of the Serialization API could be tricked into setting a volatile field multiple times. This could allow an attacker to execute arbitrary code with the privileges of the user running a java applet or application. It was discovered that the HttpURLConnection class did not validate request headers set by java applets, which could allow an attacker to trigger actions otherwise not allowed to HTTP clients. It was discovered that the HttpURLConnection class improperly checked whether the calling code was granted the "allowHttpTrace" permission, allowing an attacker to create HTTP TRACE requests | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1010-1 CVE-2009-3555 CVE-2010-3541 CVE-2010-3548 CVE-2010-3549 CVE-2010-3551 CVE-2010-3553 CVE-2010-3554 CVE-2010-3557 CVE-2010-3561 CVE-2010-3562 CVE-2010-3564 CVE-2010-3565 CVE-2010-3566 CVE-2010-3567 CVE-2010-3568 CVE-2010-3569 CVE-2010-3573 CVE-2010-3574 | Version: | 5 |
Platform(s): | Ubuntu 8.04 Ubuntu 10.10 Ubuntu 9.10 Ubuntu 10.04 | Product(s): | openjdk-6 openjdk-6b18 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13317 | |||
Oval ID: | oval:org.mitre.oval:def:13317 | ||
Title: | Multiple unspecified vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allow remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. | ||
Description: | Multiple unspecified vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allow remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-0862 | Version: | 9 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13475 | |||
Oval ID: | oval:org.mitre.oval:def:13475 | ||
Title: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to HotSpot. | ||
Description: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to HotSpot. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-3558 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment Java Development Kit |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13546 | |||
Oval ID: | oval:org.mitre.oval:def:13546 | ||
Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound and unspecified APIs. | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound and unspecified APIs. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-4454 | Version: | 9 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13552 | |||
Oval ID: | oval:org.mitre.oval:def:13552 | ||
Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, and 5.0 Update 27 and earlier, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and integrity via unknown vectors related to JDBC. | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, and 5.0 Update 27 and earlier, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and integrity via unknown vectors related to JDBC. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-4468 | Version: | 9 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13639 | |||
Oval ID: | oval:org.mitre.oval:def:13639 | ||
Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to HotSpot. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is heap corruption related to the Verifier and "backward jsrs." | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to HotSpot. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is heap corruption related to the Verifier and "backward jsrs." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-4469 | Version: | 9 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13662 | |||
Oval ID: | oval:org.mitre.oval:def:13662 | ||
Title: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE, 7, 6 Update 27 and earlier, and 5.0 Update 31 earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deserialization. | ||
Description: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE, 7, 6 Update 27 and earlier, and 5.0 Update 31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deserialization. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-3521 | Version: | 10 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment Java Development Kit |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13777 | |||
Oval ID: | oval:org.mitre.oval:def:13777 | ||
Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 21 through 6 Update 23 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 21 through 6 Update 23 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-4463 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13885 | |||
Oval ID: | oval:org.mitre.oval:def:13885 | ||
Title: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Swing. | ||
Description: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Swing. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-3549 | Version: | 9 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13888 | |||
Oval ID: | oval:org.mitre.oval:def:13888 | ||
Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, and 5.0 Update 29 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, and 5.0 Update 29 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-0873 | Version: | 9 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13942 | |||
Oval ID: | oval:org.mitre.oval:def:13942 | ||
Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Windows, when using Java Update, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install. | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Windows, when using Java Update, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-4451 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13947 | |||
Oval ID: | oval:org.mitre.oval:def:13947 | ||
Title: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7 and 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Scripting. | ||
Description: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7 and 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Scripting. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-3544 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment Java Development Kit |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14034 | |||
Oval ID: | oval:org.mitre.oval:def:14034 | ||
Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Swing. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is related to the lack of framework support by AWT event dispatch, and/or "clipboard access in Applets." | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Swing. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is related to the lack of framework support by AWT event dispatch, and/or "clipboard access in Applets." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-4465 | Version: | 9 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14039 | |||
Oval ID: | oval:org.mitre.oval:def:14039 | ||
Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound and unspecified APIs. | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound and unspecified APIs. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-4462 | Version: | 9 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14045 | |||
Oval ID: | oval:org.mitre.oval:def:14045 | ||
Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to Networking. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue involves "DNS cache poisoning by untrusted applets." | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to Networking. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue involves "DNS cache poisoning by untrusted applets." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-4448 | Version: | 9 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14076 | |||
Oval ID: | oval:org.mitre.oval:def:14076 | ||
Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23, and, and earlier allows remote attackers to affect availability via unknown vectors related to JAXP and unspecified APIs. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is related to "Features set on SchemaFactory not inherited by Validator." | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23, and, and earlier allows remote attackers to affect availability via unknown vectors related to JAXP and unspecified APIs. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is related to "Features set on SchemaFactory not inherited by Validator." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-4470 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14081 | |||
Oval ID: | oval:org.mitre.oval:def:14081 | ||
Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to Deserialization. | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to Deserialization. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-0865 | Version: | 9 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14112 | |||
Oval ID: | oval:org.mitre.oval:def:14112 | ||
Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Swing. | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Swing. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-0871 | Version: | 9 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14114 | |||
Oval ID: | oval:org.mitre.oval:def:14114 | ||
Title: | USN-1154-1 -- openjdk-6, openjdk-6b18 vulnerabilities | ||
Description: | openjdk-6: Open Source Java implementation - openjdk-6b18: Open Source Java implementation Multiple OpenJDK 6 vulnerabilities have been fixed. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1154-1 CVE-2011-0815 CVE-2011-0822 CVE-2011-0862 CVE-2011-0864 CVE-2011-0865 CVE-2011-0867 CVE-2011-0868 CVE-2011-0869 CVE-2011-0870 CVE-2011-0871 CVE-2011-0872 | Version: | 5 |
Platform(s): | Ubuntu 11.04 Ubuntu 10.04 Ubuntu 10.10 | Product(s): | openjdk-6 openjdk-6b18 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14118 | |||
Oval ID: | oval:org.mitre.oval:def:14118 | ||
Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote attackers to affect availability, related to XML Digital Signature and unspecified APIs. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue involves the replacement of the "XML DSig Transform or C14N algorithm implementations." | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote attackers to affect availability, related to XML Digital Signature and unspecified APIs. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue involves the replacement of the "XML DSig Transform or C14N algorithm implementations." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-4472 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14119 | |||
Oval ID: | oval:org.mitre.oval:def:14119 | ||
Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound and unspecified APIs. | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound and unspecified APIs. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-4473 | Version: | 9 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14135 | |||
Oval ID: | oval:org.mitre.oval:def:14135 | ||
Title: | DEPRECATED: Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Solaris and Linux; 5.0 Update 27 and earlier for Solaris and Linux; and 1.4.2_29 and earlier for Solaris and Linux allows local standalone applications to affect confidentiality, integrity, and availability via unknown vectors related to Launcher. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is an untrusted search path vulnerability involving an empty LD_LIBRARY_PATH environment variable. | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Solaris and Linux; 5.0 Update 27 and earlier for Solaris and Linux; and 1.4.2_29 and earlier for Solaris and Linux allows local standalone applications to affect confidentiality, integrity, and availability via unknown vectors related to Launcher. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is an untrusted search path vulnerability involving an empty LD_LIBRARY_PATH environment variable. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-4450 | Version: | 8 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14162 | |||
Oval ID: | oval:org.mitre.oval:def:14162 | ||
Title: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability, related to AWT. | ||
Description: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability, related to AWT. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-3550 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment Java Development Kit |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14167 | |||
Oval ID: | oval:org.mitre.oval:def:14167 | ||
Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-0863 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14174 | |||
Oval ID: | oval:org.mitre.oval:def:14174 | ||
Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound, a different vulnerability than CVE-2011-0802. | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound, a different vulnerability than CVE-2011-0802. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-0814 | Version: | 9 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14180 | |||
Oval ID: | oval:org.mitre.oval:def:14180 | ||
Title: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound. | ||
Description: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-3545 | Version: | 9 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14225 | |||
Oval ID: | oval:org.mitre.oval:def:14225 | ||
Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to HotSpot. | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to HotSpot. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-0864 | Version: | 9 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14230 | |||
Oval ID: | oval:org.mitre.oval:def:14230 | ||
Title: | Unspecified vulnerability in the Deployment component in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors. | ||
Description: | Unspecified vulnerability in the Deployment component in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-4452 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14233 | |||
Oval ID: | oval:org.mitre.oval:def:14233 | ||
Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Deployment. | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Deployment. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-4475 | Version: | 9 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14240 | |||
Oval ID: | oval:org.mitre.oval:def:14240 | ||
Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Networking. | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Networking. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-0867 | Version: | 9 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14241 | |||
Oval ID: | oval:org.mitre.oval:def:14241 | ||
Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier allows remote attackers to affect availability via unknown vectors related to NIO. | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier allows remote attackers to affect availability via unknown vectors related to NIO. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-0872 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14264 | |||
Oval ID: | oval:org.mitre.oval:def:14264 | ||
Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier allows remote attackers to affect confidentiality via unknown vectors related to 2D. | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier allows remote attackers to affect confidentiality via unknown vectors related to 2D. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-0868 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14271 | |||
Oval ID: | oval:org.mitre.oval:def:14271 | ||
Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Windows, Solaris, and, Linux; 5.0 Update 27 and earlier for Windows; and 1.4.2_29 and earlier for Windows allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Deployment. | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Windows, Solaris, and, Linux; 5.0 Update 27 and earlier for Windows; and 1.4.2_29 and earlier for Windows allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Deployment. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-4466 | Version: | 9 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14273 | |||
Oval ID: | oval:org.mitre.oval:def:14273 | ||
Title: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 6 Update 27 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. | ||
Description: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 6 Update 27 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-3516 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment Java Development Kit |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14274 | |||
Oval ID: | oval:org.mitre.oval:def:14274 | ||
Title: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JavaFX 2.0 allows remote attackers to affect confidentiality via unknown vectors related to Deployment. | ||
Description: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JavaFX 2.0 allows remote attackers to affect confidentiality via unknown vectors related to Deployment. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-3561 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment Java Development Kit |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14290 | |||
Oval ID: | oval:org.mitre.oval:def:14290 | ||
Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-4422 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14291 | |||
Oval ID: | oval:org.mitre.oval:def:14291 | ||
Title: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JavaFX 2.0 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and integrity via unknown vectors related to Deployment. | ||
Description: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JavaFX 2.0 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and integrity via unknown vectors related to Deployment. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-3546 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment Java Development Kit |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14311 | |||
Oval ID: | oval:org.mitre.oval:def:14311 | ||
Title: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JRockit R28.1.4 and earlier allows remote authenticated users to affect confidentiality, related to JAXWS. | ||
Description: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JRockit R28.1.4 and earlier allows remote authenticated users to affect confidentiality, related to JAXWS. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-3553 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment Java Development Kit |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14316 | |||
Oval ID: | oval:org.mitre.oval:def:14316 | ||
Title: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to RMI. | ||
Description: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to RMI. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-3556 | Version: | 9 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14318 | |||
Oval ID: | oval:org.mitre.oval:def:14318 | ||
Title: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. | ||
Description: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-3551 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment Java Development Kit |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14328 | |||
Oval ID: | oval:org.mitre.oval:def:14328 | ||
Title: | The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308. | ||
Description: | The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-4476 | Version: | 9 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14335 | |||
Oval ID: | oval:org.mitre.oval:def:14335 | ||
Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to AWT. | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to AWT. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-0815 | Version: | 9 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14338 | |||
Oval ID: | oval:org.mitre.oval:def:14338 | ||
Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 26 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to SAAJ. | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 26 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to SAAJ. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-0869 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment Java Development Kit |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14339 | |||
Oval ID: | oval:org.mitre.oval:def:14339 | ||
Title: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Networking. | ||
Description: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Networking. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-3547 | Version: | 9 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14340 | |||
Oval ID: | oval:org.mitre.oval:def:14340 | ||
Title: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is an HTTP request splitting vulnerability involving the handling of the chunked transfer encoding method by the HttpURLConnection class. | ||
Description: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is an HTTP request splitting vulnerability involving the handling of the chunked transfer encoding method by the HttpURLConnection class. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3549 | Version: | 9 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment Java Development Kit |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14354 | |||
Oval ID: | oval:org.mitre.oval:def:14354 | ||
Title: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to missing validation of request headers in the HttpURLConnection class when they are set by applets, which allows remote attackers to bypass the intended security policy. | ||
Description: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to missing validation of request headers in the HttpURLConnection class when they are set by applets, which allows remote attackers to bypass the intended security policy. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3541 | Version: | 9 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment Java Development Kit |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14373 | |||
Oval ID: | oval:org.mitre.oval:def:14373 | ||
Title: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to RMI. | ||
Description: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to RMI. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-3557 | Version: | 9 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14384 | |||
Oval ID: | oval:org.mitre.oval:def:14384 | ||
Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 10 through 6 Update 23 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 10 through 6 Update 23 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-4467 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14394 | |||
Oval ID: | oval:org.mitre.oval:def:14394 | ||
Title: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and integrity, related to JSSE. | ||
Description: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and integrity, related to JSSE. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-3560 | Version: | 9 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14400 | |||
Oval ID: | oval:org.mitre.oval:def:14400 | ||
Title: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE, and 7 allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity and availability via unknown vectors. | ||
Description: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE, and 7 allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity and availability via unknown vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-3555 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14403 | |||
Oval ID: | oval:org.mitre.oval:def:14403 | ||
Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Deployment. | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Deployment. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-4447 | Version: | 9 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14417 | |||
Oval ID: | oval:org.mitre.oval:def:14417 | ||
Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, and 5.0 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to 2D. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is related to the exposure of system properties via vectors related to Font.createFont and exception text. | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, and 5.0 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to 2D. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is related to the exposure of system properties via vectors related to Font.createFont and exception text. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-4471 | Version: | 9 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14465 | |||
Oval ID: | oval:org.mitre.oval:def:14465 | ||
Title: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote attackers to affect integrity via unknown vectors related to Networking. | ||
Description: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote attackers to affect integrity via unknown vectors related to Networking. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-3552 | Version: | 9 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14475 | |||
Oval ID: | oval:org.mitre.oval:def:14475 | ||
Title: | Unspecified vulnerability in the Java Naming and Directory Interface (JNDI) component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this allows remote attackers to determine internal IP addresses or "otherwise-protected internal network names." | ||
Description: | Unspecified vulnerability in the Java Naming and Directory Interface (JNDI) component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this allows remote attackers to determine internal IP addresses or "otherwise-protected internal network names." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3548 | Version: | 9 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14477 | |||
Oval ID: | oval:org.mitre.oval:def:14477 | ||
Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound, a different vulnerability than CVE-2011-0814. | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound, a different vulnerability than CVE-2011-0814. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-0802 | Version: | 9 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14492 | |||
Oval ID: | oval:org.mitre.oval:def:14492 | ||
Title: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability, related to AWT. | ||
Description: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability, related to AWT. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-3548 | Version: | 9 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14524 | |||
Oval ID: | oval:org.mitre.oval:def:14524 | ||
Title: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors. | ||
Description: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-3554 | Version: | 9 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment Java Development Kit |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14534 | |||
Oval ID: | oval:org.mitre.oval:def:14534 | ||
Title: | Unspecified vulnerability in the Java DB component in Oracle Java SE and Java for Business 6 Update 23, and, and earlier allows local users to affect confidentiality via unknown vectors related to Security, a similar vulnerability to CVE-2009-4269. | ||
Description: | Unspecified vulnerability in the Java DB component in Oracle Java SE and Java for Business 6 Update 23, and, and earlier allows local users to affect confidentiality via unknown vectors related to Security, a similar vulnerability to CVE-2009-4269. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-4474 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14589 | |||
Oval ID: | oval:org.mitre.oval:def:14589 | ||
Title: | HP-UX Apache Running Tomcat Servlet Engine, Remote Information Disclosure, Authentication Bypass, Cross-Site Scripting (XSS), Unauthorized Access, Denial of Service (DoS) | ||
Description: | The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-4476 | Version: | 11 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:14752 | |||
Oval ID: | oval:org.mitre.oval:def:14752 | ||
Title: | SSL and TLS Protocols Vulnerability | ||
Description: | The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-3389 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:15238 | |||
Oval ID: | oval:org.mitre.oval:def:15238 | ||
Title: | DSA-2311-1 openjdk-6 -- several | ||
Description: | Several vulnerabilities have been discovered in OpenJDK, an implementation of the Java SE platform. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2011-0862 Integer overflow errors in the JPEG and font parser allow untrusted code to elevate its privileges. CVE-2011-0864 Hotspot, the just-in-time compiler in OpenJDK, mishandled certain byte code instructions, allowing untrusted code to crash the virtual machine. CVE-2011-0865 A race condition in signed object deserialization could allow untrusted code to modify signed content, apparently leaving its signature intact. CVE-2011-0867 Untrusted code could access information about network interfaces which was not intended to be public. CVE-2011-0868 A float-to-long conversion could overflow, allowing untrusted code to crash the virtual machine. CVE-2011-0869 Untrusted code could intercept HTTP requests by reconfiguring proxy settings through a SOAP connection. CVE-2011-0871 Untrusted code could elevate its privileges through the Swing MediaTracker code. In addition, this update removes support for the Zero/Shark and Cacao Hotspot variants from the i386 and amd64 due to stability issues. These Hotspot variants are included in the openjdk-6-jre-zero and icedtea-6-jre-cacao packages, and these packages must be removed during this update. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2311-1 CVE-2011-0862 CVE-2011-0864 CVE-2011-0865 CVE-2011-0867 CVE-2011-0868 CVE-2011-0869 CVE-2011-0871 | Version: | 5 |
Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | openjdk-6 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:15241 | |||
Oval ID: | oval:org.mitre.oval:def:15241 | ||
Title: | DSA-2368-1 lighttpd -- multiple | ||
Description: | Several vulnerabilities have been discovered in lighttpd, a small and fast webserver with minimal memory footprint. CVE-2011-4362 Xi Wang discovered that the base64 decoding routine which is used to decode user input during an HTTP authentication, suffers of a signedness issue when processing user input. As a result it is possible to force lighttpd to perform an out-of-bounds read which results in Denial of Service conditions. CVE-2011-3389 When using CBC ciphers on an SSL enabled virtual host to communicate with certain client, a so called "BEAST" attack allows man-in-the-middle attackers to obtain plaintext HTTP traffic via a blockwise chosen-boundary attack on an HTTPS session. Technically this is no lighttpd vulnerability. However, lighttpd offers a workaround to mitigate this problem by providing a possibility to disable CBC ciphers. This updates includes this option by default. System administrators are advised to read the NEWS file of this update. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2368-1 CVE-2011-4362 CVE-2011-3389 | Version: | 7 |
Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | lighttpd |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:15281 | |||
Oval ID: | oval:org.mitre.oval:def:15281 | ||
Title: | DSA-2356-1 openjdk-6 -- several | ||
Description: | Several vulnerabilities have been discovered in OpenJDK, an implementation of the Java platform: CVE-2011-3389 The TLS implementation does not guard properly against certain chosen-plaintext attacks when block ciphers are used in CBC mode. CVE-2011-3521 The CORBA implementation contains a deserialization vulnerability in the IIOP implementation, allowing untrusted Java code to elevate its privileges. CVE-2011-3544 The Java scripting engine lacks necessary security manager checks, allowing untrusted Java code to elevate its privileges. CVE-2011-3547 The skip method in java.io.InputStream uses a shared buffer, allowing untrusted Java code to access data that is skipped by other code. CVE-2011-3548 The java.awt.AWTKeyStroke class contains a flaw which allows untrusted Java code to elevate its privileges. CVE-2011-3551 The Java2D C code contains an integer overflow which results in a heap-based buffer overflow, potentially allowing untrusted Java code to elevate its privileges. CVE-2011-3552 Malicous Java code can use up an excessive amount of UDP ports, leading to a denial of service. CVE-2011-3553 JAX-WS enables stack traces for certain server responses by default, potentially leaking sensitive information. CVE-2011-3554 JAR files in pack200 format are not properly checked for errors, potentially leading to arbitrary code execution when unpacking crafted pack200 files. CVE-2011-3556 The RMI Registry server lacks access restrictions on certain methods, allowing a remote client to execute arbitary code. CVE-2011-3557 The RMI Registry server fails to properly restrict privileges of untrusted Java code, allowing RMI clients to elevate their privileges on the RMI Registry server. CVE-2011-3560 The com.sun.net.ssl.HttpsURLConnection class does not perform proper security manager checks in the setSSLSocketFactory method, allowing untrusted Java code to bypass security policy restrictions. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2356-1 CVE-2011-3389 CVE-2011-3521 CVE-2011-3544 CVE-2011-3547 CVE-2011-3548 CVE-2011-3551 CVE-2011-3552 CVE-2011-3553 CVE-2011-3554 CVE-2011-3556 CVE-2011-3557 CVE-2011-3560 | Version: | 5 |
Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | openjdk-6 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:15374 | |||
Oval ID: | oval:org.mitre.oval:def:15374 | ||
Title: | DSA-2358-1 openjdk-6 -- several | ||
Description: | Several vulnerabilities have been discovered in OpenJDK, an implementation of the Java platform. This combines the two previous openjdk-6 advisories, DSA-2311-1 and DSA-2356-1. CVE-2011-0862 Integer overflow errors in the JPEG and font parser allow untrusted code to elevate its privileges. CVE-2011-0864 Hotspot, the just-in-time compiler in OpenJDK, mishandled certain byte code instructions, allowing untrusted code to crash the virtual machine. CVE-2011-0865 A race condition in signed object deserialization could allow untrusted code to modify signed content, apparently leaving its signature intact. CVE-2011-0867 Untrusted code could access information about network interfaces which was not intended to be public. CVE-2011-0868 A float-to-long conversion could overflow, allowing untrusted code to crash the virtual machine. CVE-2011-0869 Untrusted code could intercept HTTP requests by reconfiguring proxy settings through a SOAP connection. CVE-2011-0871 Untrusted code could elevate its privileges through the Swing MediaTracker code. CVE-2011-3389 The TLS implementation does not guard properly against certain chosen-plaintext attacks when block ciphers are used in CBC mode. CVE-2011-3521 The CORBA implementation contains a deserialization vulnerability in the IIOP implementation, allowing untrusted Java code to elevate its privileges. CVE-2011-3544 The Java scripting engine lacks necessary security manager checks, allowing untrusted Java code to elevate its privileges. CVE-2011-3547 The skip method in java.io.InputStream uses a shared buffer, allowing untrusted Java code to access data that is skipped by other code. CVE-2011-3548 The java.awt.AWTKeyStroke class contains a flaw which allows untrusted Java code to elevate its privileges. CVE-2011-3551 The Java2D C code contains an integer overflow which results in a heap-based buffer overflow, potentially allowing untrusted Java code to elevate its privileges. CVE-2011-3552 Malicous Java code can use up an excessive amount of UDP ports, leading to a denial of service. CVE-2011-3553 JAX-WS enables stack traces for certain server responses by default, potentially leaking sensitive information. CVE-2011-3554 JAR files in pack200 format are not properly checked for errors, potentially leading to arbitrary code execution when unpacking crafted pack200 files. CVE-2011-3556 The RMI Registry server lacks access restrictions on certain methods, allowing a remote client to execute arbitary code. CVE-2011-3557 The RMI Registry server fails to properly restrict privileges of untrusted Java code, allowing RMI clients to elevate their privileges on the RMI Registry server. CVE-2011-3560 The com.sun.net.ssl.HttpsURLConnection class does not perform proper security manager checks in the setSSLSocketFactory method, allowing untrusted Java code to bypass security policy restrictions. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2358-1 CVE-2011-0862 CVE-2011-0864 CVE-2011-0865 CVE-2011-0867 CVE-2011-0868 CVE-2011-0869 CVE-2011-0871 CVE-2011-3389 CVE-2011-3521 CVE-2011-3544 CVE-2011-3547 CVE-2011-3548 CVE-2011-3551 CVE-2011-3552 CVE-2011-3553 CVE-2011-3554 CVE-2011-3556 CVE-2011-3557 CVE-2011-3560 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | openjdk-6 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:19493 | |||
Oval ID: | oval:org.mitre.oval:def:19493 | ||
Title: | HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other Vulnerabilities | ||
Description: | The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-4476 | Version: | 11 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:19571 | |||
Oval ID: | oval:org.mitre.oval:def:19571 | ||
Title: | Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
Description: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to missing validation of request headers in the HttpURLConnection class when they are set by applets, which allows remote attackers to bypass the intended security policy. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-3541 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.0 VMWare ESX Server 4.1 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19678 | |||
Oval ID: | oval:org.mitre.oval:def:19678 | ||
Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound and unspecified APIs. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-4454 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19749 | |||
Oval ID: | oval:org.mitre.oval:def:19749 | ||
Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 21 through 6 Update 23 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-4463 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19776 | |||
Oval ID: | oval:org.mitre.oval:def:19776 | ||
Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Solaris and Linux; 5.0 Update 27 and earlier for Solaris and Linux; and 1.4.2_29 and earlier for Solaris and Linux allows local standalone applications to affect confidentiality, integrity, and availability via unknown vectors related to Launcher. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is an untrusted search path vulnerability involving an empty LD_LIBRARY_PATH environment variable. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-4450 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19857 | |||
Oval ID: | oval:org.mitre.oval:def:19857 | ||
Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to Networking. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue involves "DNS cache poisoning by untrusted applets." | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-4448 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19972 | |||
Oval ID: | oval:org.mitre.oval:def:19972 | ||
Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Windows, when using Java Update, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-4451 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19986 | |||
Oval ID: | oval:org.mitre.oval:def:19986 | ||
Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23, and, and earlier allows remote attackers to affect availability via unknown vectors related to JAXP and unspecified APIs. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is related to "Features set on SchemaFactory not inherited by Validator." | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-4470 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20014 | |||
Oval ID: | oval:org.mitre.oval:def:20014 | ||
Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Deployment. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-4447 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20077 | |||
Oval ID: | oval:org.mitre.oval:def:20077 | ||
Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
Description: | Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow that triggers memory corruption via large values in a subsample of a JPEG image, related to JPEGImageWriter.writeImage in the imageio API. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-3565 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20186 | |||
Oval ID: | oval:org.mitre.oval:def:20186 | ||
Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
Description: | Unspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to "how Web Start retrieves security policies," BasicServiceImpl, and forged policies that bypass sandbox restrictions. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-3563 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20190 | |||
Oval ID: | oval:org.mitre.oval:def:20190 | ||
Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
Description: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to missing validation of request headers in the HttpURLConnection class when they are set by applets, which allows remote attackers to bypass the intended security policy. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-3573 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20195 | |||
Oval ID: | oval:org.mitre.oval:def:20195 | ||
Title: | Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
Description: | Unspecified vulnerability in the Java Naming and Directory Interface (JNDI) component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this allows remote attackers to determine internal IP addresses or "otherwise-protected internal network names." | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-3548 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20205 | |||
Oval ID: | oval:org.mitre.oval:def:20205 | ||
Title: | Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
Description: | Unspecified vulnerability in the Java Web Start component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-3550 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.0 VMWare ESX Server 4.1 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20242 | |||
Oval ID: | oval:org.mitre.oval:def:20242 | ||
Title: | Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
Description: | Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-3556 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.0 VMWare ESX Server 4.1 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20243 | |||
Oval ID: | oval:org.mitre.oval:def:20243 | ||
Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, and 5.0 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to 2D. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is related to the exposure of system properties via vectors related to Font.createFont and exception text. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-4471 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20270 | |||
Oval ID: | oval:org.mitre.oval:def:20270 | ||
Title: | Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
Description: | Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to unsafe reflection involving the UIDefault.ProxyLazyValue class. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-3553 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.0 VMWare ESX Server 4.1 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20272 | |||
Oval ID: | oval:org.mitre.oval:def:20272 | ||
Title: | Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
Description: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality via unknown vectors. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-3551 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.0 VMWare ESX Server 4.1 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20301 | |||
Oval ID: | oval:org.mitre.oval:def:20301 | ||
Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
Description: | Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in the color profile parser that allows remote attackers to execute arbitrary code via a crafted Tag structure in a color profile. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-3571 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20306 | |||
Oval ID: | oval:org.mitre.oval:def:20306 | ||
Title: | Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
Description: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-3574 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.0 VMWare ESX Server 4.1 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20336 | |||
Oval ID: | oval:org.mitre.oval:def:20336 | ||
Title: | Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
Description: | Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to the modification of "behavior and state of certain JDK classes" and "mutable static." | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-3557 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.0 VMWare ESX Server 4.1 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20365 | |||
Oval ID: | oval:org.mitre.oval:def:20365 | ||
Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, and 5.0 Update 27 and earlier, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and integrity via unknown vectors related to JDBC. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-4468 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20383 | |||
Oval ID: | oval:org.mitre.oval:def:20383 | ||
Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-4422 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20418 | |||
Oval ID: | oval:org.mitre.oval:def:20418 | ||
Title: | Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
Description: | Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this involves an incorrect sign extension in the HeadspaceSoundbank.nGetName function, which allows attackers to execute arbitrary code via a crafted BANK record that leads to a buffer overflow. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-3559 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.0 VMWare ESX Server 4.1 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20443 | |||
Oval ID: | oval:org.mitre.oval:def:20443 | ||
Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
Description: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this allows remote attackers to execute arbitrary code by causing the defaultReadObject method in the Serialization API to set a volatile field multiple times. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-3569 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20449 | |||
Oval ID: | oval:org.mitre.oval:def:20449 | ||
Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
Description: | Unspecified vulnerability in the New Java Plug-in component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-3552 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20453 | |||
Oval ID: | oval:org.mitre.oval:def:20453 | ||
Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
Description: | Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update and 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow that leads to a buffer overflow via a crafted devs (device information) tag structure in a color profile. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-3566 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20460 | |||
Oval ID: | oval:org.mitre.oval:def:20460 | ||
Title: | Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
Description: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is an HTTP request splitting vulnerability involving the handling of the chunked transfer encoding method by the HttpURLConnection class. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-3549 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.0 VMWare ESX Server 4.1 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20466 | |||
Oval ID: | oval:org.mitre.oval:def:20466 | ||
Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Deployment. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-4475 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20492 | |||
Oval ID: | oval:org.mitre.oval:def:20492 | ||
Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
Description: | Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is a double free vulnerability in IndexColorModel that allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-3562 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20504 | |||
Oval ID: | oval:org.mitre.oval:def:20504 | ||
Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to HotSpot. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2011-0864 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20505 | |||
Oval ID: | oval:org.mitre.oval:def:20505 | ||
Title: | Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
Description: | Unspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to "permissions granted to certain system objects." | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-3554 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.0 VMWare ESX Server 4.1 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20513 | |||
Oval ID: | oval:org.mitre.oval:def:20513 | ||
Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Windows, Solaris, and, Linux; 5.0 Update 27 and earlier for Windows; and 1.4.2_29 and earlier for Windows allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Deployment. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-4466 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20519 | |||
Oval ID: | oval:org.mitre.oval:def:20519 | ||
Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound, a different vulnerability than CVE-2011-0814. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2011-0802 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20527 | |||
Oval ID: | oval:org.mitre.oval:def:20527 | ||
Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, and 5.0 Update 29 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2011-0873 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20534 | |||
Oval ID: | oval:org.mitre.oval:def:20534 | ||
Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
Description: | Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to a calculation error in right-to-left text character counts for the ICU OpenType font rendering implementation, which triggers an out-of-bounds memory access. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-3567 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20543 | |||
Oval ID: | oval:org.mitre.oval:def:20543 | ||
Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to HotSpot. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is heap corruption related to the Verifier and "backward jsrs." | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-4469 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20544 | |||
Oval ID: | oval:org.mitre.oval:def:20544 | ||
Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to Deserialization. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2011-0865 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20557 | |||
Oval ID: | oval:org.mitre.oval:def:20557 | ||
Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
Description: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is a race condition related to deserialization. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-3568 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20558 | |||
Oval ID: | oval:org.mitre.oval:def:20558 | ||
Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
Description: | Unspecified vulnerability in the Java Naming and Directory Interface (JNDI) component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this allows remote attackers to determine internal IP addresses or "otherwise-protected internal network names." | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-3548 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20565 | |||
Oval ID: | oval:org.mitre.oval:def:20565 | ||
Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote attackers to affect availability, related to XML Digital Signature and unspecified APIs. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue involves the replacement of the "XML DSig Transform or C14N algorithm implementations." | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-4472 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20574 | |||
Oval ID: | oval:org.mitre.oval:def:20574 | ||
Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
Description: | Unspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable third party coordinator that the ActiveX Plugin does not properly initialize an object field that is used as a window handle, which allows attackers to execute arbitrary code. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-3555 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20578 | |||
Oval ID: | oval:org.mitre.oval:def:20578 | ||
Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
Description: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality via unknown vectors. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-3560 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20580 | |||
Oval ID: | oval:org.mitre.oval:def:20580 | ||
Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Swing. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is related to the lack of framework support by AWT event dispatch, and/or "clipboard access in Applets." | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-4465 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20587 | |||
Oval ID: | oval:org.mitre.oval:def:20587 | ||
Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound, a different vulnerability than CVE-2011-0802. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2011-0814 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20588 | |||
Oval ID: | oval:org.mitre.oval:def:20588 | ||
Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
Description: | Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-3572 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20591 | |||
Oval ID: | oval:org.mitre.oval:def:20591 | ||
Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
Description: | Unspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this involves the use of the privileged accept method in the ServerSocket class, which does not limit which hosts can connect and allows remote attackers to bypass intended network access restrictions. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-3561 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20596 | |||
Oval ID: | oval:org.mitre.oval:def:20596 | ||
Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 10 through 6 Update 23 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-4467 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20597 | |||
Oval ID: | oval:org.mitre.oval:def:20597 | ||
Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
Description: | Multiple unspecified vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allow remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2011-0862 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20622 | |||
Oval ID: | oval:org.mitre.oval:def:20622 | ||
Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound and unspecified APIs. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-4473 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20639 | |||
Oval ID: | oval:org.mitre.oval:def:20639 | ||
Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
Description: | Unspecified vulnerability in the Deployment component in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-4452 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20646 | |||
Oval ID: | oval:org.mitre.oval:def:20646 | ||
Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Networking. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2011-0867 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20648 | |||
Oval ID: | oval:org.mitre.oval:def:20648 | ||
Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
Description: | Unspecified vulnerability in the Java Web Start component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-3558 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20649 | |||
Oval ID: | oval:org.mitre.oval:def:20649 | ||
Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
Description: | The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-4476 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20655 | |||
Oval ID: | oval:org.mitre.oval:def:20655 | ||
Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
Description: | Unspecified vulnerability in the Java DB component in Oracle Java SE and Java for Business 6 Update 23, and, and earlier allows local users to affect confidentiality via unknown vectors related to Security, a similar vulnerability to CVE-2009-4269. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-4474 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20670 | |||
Oval ID: | oval:org.mitre.oval:def:20670 | ||
Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound and unspecified APIs. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-4462 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.0 VMWare ESX Server 4.1 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20679 | |||
Oval ID: | oval:org.mitre.oval:def:20679 | ||
Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Swing. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2011-0871 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21056 | |||
Oval ID: | oval:org.mitre.oval:def:21056 | ||
Title: | RHSA-2011:0857: java-1.6.0-openjdk security update (Important) | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Swing. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2011:0857-01 CESA-2011:0857 CVE-2011-0862 CVE-2011-0864 CVE-2011-0865 CVE-2011-0867 CVE-2011-0868 CVE-2011-0869 CVE-2011-0871 | Version: | 94 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | java-1.6.0-openjdk |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21420 | |||
Oval ID: | oval:org.mitre.oval:def:21420 | ||
Title: | RHSA-2011:0336: tomcat5 security update (Important) | ||
Description: | The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2011:0336-01 CESA-2011:0336 CVE-2010-4476 | Version: | 4 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | tomcat5 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21487 | |||
Oval ID: | oval:org.mitre.oval:def:21487 | ||
Title: | RHSA-2011:0856: java-1.6.0-openjdk security update (Critical) | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Swing. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2011:0856-01 CVE-2011-0862 CVE-2011-0864 CVE-2011-0865 CVE-2011-0867 CVE-2011-0868 CVE-2011-0869 CVE-2011-0871 | Version: | 94 |
Platform(s): | Red Hat Enterprise Linux 6 | Product(s): | java-1.6.0-openjdk |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21498 | |||
Oval ID: | oval:org.mitre.oval:def:21498 | ||
Title: | RHSA-2011:0152: java-1.4.2-ibm security update (Moderate) | ||
Description: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2011:0152-01 CVE-2010-1321 CVE-2010-3574 | Version: | 29 |
Platform(s): | Red Hat Enterprise Linux 5 | Product(s): | java-1.4.2-ibm |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21713 | |||
Oval ID: | oval:org.mitre.oval:def:21713 | ||
Title: | RHSA-2011:0214: java-1.6.0-openjdk security update (Moderate) | ||
Description: | The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2011:0214-01 CVE-2010-4476 CESA-2011:0214-CentOS 5 | Version: | 6 |
Platform(s): | Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | java-1.6.0-openjdk |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21716 | |||
Oval ID: | oval:org.mitre.oval:def:21716 | ||
Title: | RHSA-2010:0768: java-1.6.0-openjdk security and bug fix update (Important) | ||
Description: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2010:0768-01 CESA-2010:0768 CVE-2009-3555 CVE-2010-3541 CVE-2010-3548 CVE-2010-3549 CVE-2010-3551 CVE-2010-3553 CVE-2010-3554 CVE-2010-3557 CVE-2010-3561 CVE-2010-3562 CVE-2010-3564 CVE-2010-3565 CVE-2010-3567 CVE-2010-3568 CVE-2010-3569 CVE-2010-3573 CVE-2010-3574 | Version: | 224 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | java-1.6.0-openjdk |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21907 | |||
Oval ID: | oval:org.mitre.oval:def:21907 | ||
Title: | RHSA-2011:0292: java-1.4.2-ibm security update (Moderate) | ||
Description: | The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2011:0292-01 CVE-2010-4476 | Version: | 4 |
Platform(s): | Red Hat Enterprise Linux 5 | Product(s): | java-1.4.2-ibm |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21931 | |||
Oval ID: | oval:org.mitre.oval:def:21931 | ||
Title: | RHSA-2011:0281: java-1.6.0-openjdk security update (Important) | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote attackers to affect availability, related to XML Digital Signature and unspecified APIs. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue involves the replacement of the "XML DSig Transform or C14N algorithm implementations." | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2011:0281-01 CVE-2010-4448 CVE-2010-4450 CVE-2010-4465 CVE-2010-4469 CVE-2010-4470 CVE-2010-4472 CESA-2011:0281-CentOS 5 | Version: | 83 |
Platform(s): | Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | java-1.6.0-openjdk |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22124 | |||
Oval ID: | oval:org.mitre.oval:def:22124 | ||
Title: | RHSA-2010:0770: java-1.6.0-sun security update (Critical) | ||
Description: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2010:0770-01 CVE-2009-3555 CVE-2010-1321 CVE-2010-3541 CVE-2010-3548 CVE-2010-3549 CVE-2010-3550 CVE-2010-3551 CVE-2010-3552 CVE-2010-3553 CVE-2010-3554 CVE-2010-3555 CVE-2010-3556 CVE-2010-3557 CVE-2010-3558 CVE-2010-3559 CVE-2010-3560 CVE-2010-3561 CVE-2010-3562 CVE-2010-3563 CVE-2010-3565 CVE-2010-3566 CVE-2010-3567 CVE-2010-3568 CVE-2010-3569 CVE-2010-3570 CVE-2010-3571 CVE-2010-3572 CVE-2010-3573 CVE-2010-3574 | Version: | 380 |
Platform(s): | Red Hat Enterprise Linux 5 | Product(s): | java-1.6.0-sun |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22284 | |||
Oval ID: | oval:org.mitre.oval:def:22284 | ||
Title: | RHSA-2010:0935: java-1.4.2-ibm security update (Moderate) | ||
Description: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2010:0935-01 CVE-2010-1321 CVE-2010-3574 | Version: | 29 |
Platform(s): | Red Hat Enterprise Linux 5 | Product(s): | java-1.4.2-ibm |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22285 | |||
Oval ID: | oval:org.mitre.oval:def:22285 | ||
Title: | RHSA-2010:0865: java-1.6.0-openjdk security and bug fix update (Important) | ||
Description: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2010:0865-02 CVE-2009-3555 CVE-2010-3541 CVE-2010-3548 CVE-2010-3549 CVE-2010-3551 CVE-2010-3553 CVE-2010-3554 CVE-2010-3557 CVE-2010-3561 CVE-2010-3562 CVE-2010-3564 CVE-2010-3565 CVE-2010-3567 CVE-2010-3568 CVE-2010-3569 CVE-2010-3573 CVE-2010-3574 | Version: | 224 |
Platform(s): | Red Hat Enterprise Linux 6 | Product(s): | java-1.6.0-openjdk |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22342 | |||
Oval ID: | oval:org.mitre.oval:def:22342 | ||
Title: | RHSA-2010:0873: java-1.5.0-ibm security update (Critical) | ||
Description: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2010:0873-02 CVE-2010-1321 CVE-2010-3541 CVE-2010-3548 CVE-2010-3549 CVE-2010-3550 CVE-2010-3551 CVE-2010-3556 CVE-2010-3559 CVE-2010-3562 CVE-2010-3565 CVE-2010-3566 CVE-2010-3568 CVE-2010-3569 CVE-2010-3572 CVE-2010-3573 CVE-2010-3574 | Version: | 211 |
Platform(s): | Red Hat Enterprise Linux 6 | Product(s): | java-1.5.0-ibm |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22361 | |||
Oval ID: | oval:org.mitre.oval:def:22361 | ||
Title: | RHSA-2010:0807: java-1.5.0-ibm security update (Critical) | ||
Description: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2010:0807-01 CVE-2009-3555 CVE-2010-1321 CVE-2010-3541 CVE-2010-3548 CVE-2010-3549 CVE-2010-3550 CVE-2010-3551 CVE-2010-3556 CVE-2010-3559 CVE-2010-3562 CVE-2010-3565 CVE-2010-3566 CVE-2010-3568 CVE-2010-3569 CVE-2010-3572 CVE-2010-3573 CVE-2010-3574 | Version: | 224 |
Platform(s): | Red Hat Enterprise Linux 5 | Product(s): | java-1.5.0-ibm |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22816 | |||
Oval ID: | oval:org.mitre.oval:def:22816 | ||
Title: | ELSA-2011:0152: java-1.4.2-ibm security update (Moderate) | ||
Description: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011:0152-01 CVE-2010-1321 CVE-2010-3574 | Version: | 13 |
Platform(s): | Oracle Linux 5 | Product(s): | java-1.4.2-ibm |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22826 | |||
Oval ID: | oval:org.mitre.oval:def:22826 | ||
Title: | ELSA-2011:0292: java-1.4.2-ibm security update (Moderate) | ||
Description: | The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011:0292-01 CVE-2010-4476 | Version: | 6 |
Platform(s): | Oracle Linux 5 | Product(s): | java-1.4.2-ibm |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22845 | |||
Oval ID: | oval:org.mitre.oval:def:22845 | ||
Title: | ELSA-2011:0281: java-1.6.0-openjdk security update (Important) | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote attackers to affect availability, related to XML Digital Signature and unspecified APIs. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue involves the replacement of the "XML DSig Transform or C14N algorithm implementations." | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011:0281-01 CVE-2010-4448 CVE-2010-4450 CVE-2010-4465 CVE-2010-4469 CVE-2010-4470 CVE-2010-4472 | Version: | 29 |
Platform(s): | Oracle Linux 6 | Product(s): | java-1.6.0-openjdk |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22873 | |||
Oval ID: | oval:org.mitre.oval:def:22873 | ||
Title: | ELSA-2010:0807: java-1.5.0-ibm security update (Critical) | ||
Description: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010:0807-01 CVE-2009-3555 CVE-2010-1321 CVE-2010-3541 CVE-2010-3548 CVE-2010-3549 CVE-2010-3550 CVE-2010-3551 CVE-2010-3556 CVE-2010-3559 CVE-2010-3562 CVE-2010-3565 CVE-2010-3566 CVE-2010-3568 CVE-2010-3569 CVE-2010-3572 CVE-2010-3573 CVE-2010-3574 | Version: | 73 |
Platform(s): | Oracle Linux 5 | Product(s): | java-1.5.0-ibm |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22894 | |||
Oval ID: | oval:org.mitre.oval:def:22894 | ||
Title: | ELSA-2011:0857: java-1.6.0-openjdk security update (Important) | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Swing. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011:0857-01 CVE-2011-0862 CVE-2011-0864 CVE-2011-0865 CVE-2011-0867 CVE-2011-0868 CVE-2011-0869 CVE-2011-0871 | Version: | 33 |
Platform(s): | Oracle Linux 5 | Product(s): | java-1.6.0-openjdk |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22954 | |||
Oval ID: | oval:org.mitre.oval:def:22954 | ||
Title: | ELSA-2010:0770: java-1.6.0-sun security update (Critical) | ||
Description: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010:0770-01 CVE-2009-3555 CVE-2010-1321 CVE-2010-3541 CVE-2010-3548 CVE-2010-3549 CVE-2010-3550 CVE-2010-3551 CVE-2010-3552 CVE-2010-3553 CVE-2010-3554 CVE-2010-3555 CVE-2010-3556 CVE-2010-3557 CVE-2010-3558 CVE-2010-3559 CVE-2010-3560 CVE-2010-3561 CVE-2010-3562 CVE-2010-3563 CVE-2010-3565 CVE-2010-3566 CVE-2010-3567 CVE-2010-3568 CVE-2010-3569 CVE-2010-3570 CVE-2010-3571 CVE-2010-3572 CVE-2010-3573 CVE-2010-3574 | Version: | 121 |
Platform(s): | Oracle Linux 5 | Product(s): | java-1.6.0-sun |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22962 | |||
Oval ID: | oval:org.mitre.oval:def:22962 | ||
Title: | ELSA-2010:0768: java-1.6.0-openjdk security and bug fix update (Important) | ||
Description: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010:0768-01 CVE-2009-3555 CVE-2010-3541 CVE-2010-3548 CVE-2010-3549 CVE-2010-3551 CVE-2010-3553 CVE-2010-3554 CVE-2010-3557 CVE-2010-3561 CVE-2010-3562 CVE-2010-3564 CVE-2010-3565 CVE-2010-3567 CVE-2010-3568 CVE-2010-3569 CVE-2010-3573 CVE-2010-3574 | Version: | 73 |
Platform(s): | Oracle Linux 5 | Product(s): | java-1.6.0-openjdk |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22977 | |||
Oval ID: | oval:org.mitre.oval:def:22977 | ||
Title: | ELSA-2011:0336: tomcat5 security update (Important) | ||
Description: | The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011:0336-01 CVE-2010-4476 | Version: | 6 |
Platform(s): | Oracle Linux 5 | Product(s): | tomcat5 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:23077 | |||
Oval ID: | oval:org.mitre.oval:def:23077 | ||
Title: | ELSA-2012:0006: java-1.4.2-ibm security update (Critical) | ||
Description: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and integrity, related to JSSE. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2012:0006-01 CVE-2011-3389 CVE-2011-3545 CVE-2011-3547 CVE-2011-3548 CVE-2011-3549 CVE-2011-3552 CVE-2011-3556 CVE-2011-3557 CVE-2011-3560 | Version: | 37 |
Platform(s): | Oracle Linux 5 | Product(s): | java-1.4.2-ibm |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:23111 | |||
Oval ID: | oval:org.mitre.oval:def:23111 | ||
Title: | ELSA-2011:0490: java-1.4.2-ibm security update (Critical) | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Deployment. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011:0490-01 CVE-2010-4447 CVE-2010-4448 CVE-2010-4454 CVE-2010-4462 CVE-2010-4465 CVE-2010-4466 CVE-2010-4473 CVE-2010-4475 | Version: | 30 |
Platform(s): | Oracle Linux 5 | Product(s): | java-1.4.2-ibm |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:23245 | |||
Oval ID: | oval:org.mitre.oval:def:23245 | ||
Title: | ELSA-2010:0935: java-1.4.2-ibm security update (Moderate) | ||
Description: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010:0935-01 CVE-2010-1321 CVE-2010-3574 | Version: | 13 |
Platform(s): | Oracle Linux 5 | Product(s): | java-1.4.2-ibm |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:23249 | |||
Oval ID: | oval:org.mitre.oval:def:23249 | ||
Title: | ELSA-2011:0856: java-1.6.0-openjdk security update (Critical) | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Swing. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011:0856-01 CVE-2011-0862 CVE-2011-0864 CVE-2011-0865 CVE-2011-0867 CVE-2011-0868 CVE-2011-0869 CVE-2011-0871 | Version: | 33 |
Platform(s): | Oracle Linux 6 | Product(s): | java-1.6.0-openjdk |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:23319 | |||
Oval ID: | oval:org.mitre.oval:def:23319 | ||
Title: | ELSA-2011:0214: java-1.6.0-openjdk security update (Moderate) | ||
Description: | The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011:0214-01 CVE-2010-4476 | Version: | 6 |
Platform(s): | Oracle Linux 6 | Product(s): | java-1.6.0-openjdk |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:23563 | |||
Oval ID: | oval:org.mitre.oval:def:23563 | ||
Title: | ELSA-2010:0865: java-1.6.0-openjdk security and bug fix update (Important) | ||
Description: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010:0865-02 CVE-2009-3555 CVE-2010-3541 CVE-2010-3548 CVE-2010-3549 CVE-2010-3551 CVE-2010-3553 CVE-2010-3554 CVE-2010-3557 CVE-2010-3561 CVE-2010-3562 CVE-2010-3564 CVE-2010-3565 CVE-2010-3567 CVE-2010-3568 CVE-2010-3569 CVE-2010-3573 CVE-2010-3574 | Version: | 73 |
Platform(s): | Oracle Linux 6 | Product(s): | java-1.6.0-openjdk |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:23606 | |||
Oval ID: | oval:org.mitre.oval:def:23606 | ||
Title: | ELSA-2010:0873: java-1.5.0-ibm security update (Critical) | ||
Description: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010:0873-02 CVE-2010-1321 CVE-2010-3541 CVE-2010-3548 CVE-2010-3549 CVE-2010-3550 CVE-2010-3551 CVE-2010-3556 CVE-2010-3559 CVE-2010-3562 CVE-2010-3565 CVE-2010-3566 CVE-2010-3568 CVE-2010-3569 CVE-2010-3572 CVE-2010-3573 CVE-2010-3574 | Version: | 69 |
Platform(s): | Oracle Linux 6 | Product(s): | java-1.5.0-ibm |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:27917 | |||
Oval ID: | oval:org.mitre.oval:def:27917 | ||
Title: | DEPRECATED: ELSA-2011-0856 -- java-1.6.0-openjdk security update (critical) | ||
Description: | [1.6.0.0-1.39.1.9.8] - Resolves: rhbz#709375 - Bumped to IcedTea6 1.9.8 - Copy fontconfig files to match names for current and next release - RH706250, S6213702, CVE-2011-0872: (so) non-blocking sockets with TCP urgent disabled get still selected for read ops (win) - RH706106, S6618658, CVE-2011-0865: Vulnerability in deserialization - RH706111, S7012520, CVE-2011-0815: Heap overflow vulnerability in FileDialog.show() - RH706139, S7013519, CVE-2011-0822, CVE-2011-0862: Integer overflows in 2D code - RH706153, S7013969, CVE-2011-0867: NetworkInterface.toString can reveal bindings - RH706234, S7013971, CVE-2011-0869: Vulnerability in SAAJ - RH706239, S7016340, CVE-2011-0870: Vulnerability in SAAJ - RH706241, S7016495, CVE-2011-0868: Crash in Java 2D transforming an image with scale close to zero - RH706248, S7020198, CVE-2011-0871: ImageIcon creates Component with null acc - RH706245, S7020373, CVE-2011-0864: JSR rewriting can overflow memory address size variables | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011-0856 CVE-2011-0862 CVE-2011-0864 CVE-2011-0865 CVE-2011-0867 CVE-2011-0868 CVE-2011-0869 CVE-2011-0871 | Version: | 4 |
Platform(s): | Oracle Linux 6 | Product(s): | java-1.6.0-openjdk |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:28054 | |||
Oval ID: | oval:org.mitre.oval:def:28054 | ||
Title: | DEPRECATED: ELSA-2011-0214 -- java-1.6.0-openjdk security update (moderate) | ||
Description: | [1.6.0.0-1.36.b17] - removed plugin. How it comes in?! - Resolves: rhbz#676295 [1.6.0.0-1.33.b17] - bumped release number, it was accidentaly reduced, and now lower version then last one was released. - Resolves: rhbz#676295 [1.6.0.0-1.22.b17] - Updated to 1.7.9 tarball - removed patch6, fixed upstrream - Resolves: rhbz#676295 | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011-0214 CVE-2010-4476 | Version: | 4 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | java-1.6.0-openjdk |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:28104 | |||
Oval ID: | oval:org.mitre.oval:def:28104 | ||
Title: | DEPRECATED: ELSA-2011-1380 -- java-1.6.0-openjdk security update (critical) | ||
Description: | [1:1.6.0.0-1.40.1.9.10] - Resolves: rhbz#744788 - Bumped to IcedTea6 1.9.8 -removed font copying Security fixes - S7000600, CVE-2011-3547: InputStream skip() information leak - S7019773, CVE-2011-3548: mutable static AWTKeyStroke.ctor - S7023640, CVE-2011-3551: Java2D TransformHelper integer overflow - S7032417, CVE-2011-3552: excessive default UDP socket limit under SecurityManager - S7046823, CVE-2011-3544: missing SecurityManager checks in scripting engine - S7055902, CVE-2011-3521: IIOP deserialization code execution - S7057857, CVE-2011-3554: insufficient pack200 JAR files uncompress error checks - S7064341, CVE-2011-3389: JSSE - S7070134, CVE-2011-3558: Hotspot unspecified issue - S7077466, CVE-2011-3556: RMI DGC server remote code execution - S7083012, CVE-2011-3557: RMI registry privileged code execution - S7096936, CVE-2011-3560: missing checkSetFactory calls in HttpsURLConnection NetX - PR794: javaws does not work if a Web Start app jar has a Class-Path element in the manifest | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011-1380 CVE-2011-3389 CVE-2011-3521 CVE-2011-3544 CVE-2011-3547 CVE-2011-3548 CVE-2011-3551 CVE-2011-3552 CVE-2011-3553 CVE-2011-3554 CVE-2011-3556 CVE-2011-3557 CVE-2011-3558 CVE-2011-3560 | Version: | 4 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | java-1.6.0-openjdk |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:28113 | |||
Oval ID: | oval:org.mitre.oval:def:28113 | ||
Title: | DEPRECATED: ELSA-2011-0857 -- java-1.6.0-openjdk security update (important) | ||
Description: | [1:1.6.0.0-1.22.1.9.8.0.1.el5_6] - Add oracle-enterprise.patch [1:1.6.0.0-1.22.1.9.8] - Resolves: rhbz#668488 - Bumped to IcedTea6 1.9.8 - RH706250, S6213702, CVE-2011-0872: (so) non-blocking sockets with TCP urgent disabled get still selected for read ops (win) - RH706106, S6618658, CVE-2011-0865: Vulnerability in deserialization - RH706111, S7012520, CVE-2011-0815: Heap overflow vulnerability in FileDialog.show() - RH706139, S7013519, CVE-2011-0822, CVE-2011-0862: Integer overflows in 2D code - RH706153, S7013969, CVE-2011-0867: NetworkInterface.toString can reveal bindings - RH706234, S7013971, CVE-2011-0869: Vulnerability in SAAJ - RH706239, S7016340, CVE-2011-0870: Vulnerability in SAAJ - RH706241, S7016495, CVE-2011-0868: Crash in Java 2D transforming an image with scale close to zero - RH706248, S7020198, CVE-2011-0871: ImageIcon creates Component with null acc - RH706245, S7020373, CVE-2011-0864: JSR rewriting can overflow memory address size variables [1:1.6.0.0-1.22.1.9.7] - Resolves bz690289 - Import from RHEL-5_6-Z - Updated to IcedTea6 1.9.7 - Removed all plugin/webstart related commented lines - Modified bz entry format in previous logs to get around cvs ack checking bug | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011-0857 CVE-2011-0862 CVE-2011-0864 CVE-2011-0865 CVE-2011-0867 CVE-2011-0868 CVE-2011-0869 CVE-2011-0871 | Version: | 4 |
Platform(s): | Oracle Linux 5 | Product(s): | java-1.6.0-openjdk |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
SAINT Exploits
Description | Link |
---|---|
Oracle Java IE Browser Plugin docbase Parameter Stack Buffer Overflow | More info here |
Oracle Java Applet2ClassLoader Vulnerability | More info here |
Oracle Java Rhino Script Engine Code Execution | More info here |
ExploitDB Exploits
id | Description |
---|---|
2011-11-30 | Java Applet Rhino Script Engine Remote Code Execution |
2011-03-16 | Sun Java Applet2ClassLoader Remote Code Execution Exploit |
2011-01-22 | Sun Java Web Start BasicServiceImpl Remote Code Execution Exploit |
OpenVAS Exploits
Date | Description |
---|---|
2012-10-19 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2012-16351 File : nvt/gb_fedora_2012_16351_java-1.6.0-openjdk_fc16.nasl |
2012-10-19 | Name : Fedora Update for java-1.7.0-openjdk FEDORA-2012-16351 File : nvt/gb_fedora_2012_16351_java-1.7.0-openjdk_fc16.nasl |
2012-09-25 | Name : Mac OS X v10.6.8 Multiple Vulnerabilities (2012-004) File : nvt/gb_macosx_su12-004.nasl |
2012-09-22 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2012-13127 File : nvt/gb_fedora_2012_13127_java-1.6.0-openjdk_fc16.nasl |
2012-09-04 | Name : Fedora Update for java-1.7.0-openjdk FEDORA-2012-13138 File : nvt/gb_fedora_2012_13138_java-1.7.0-openjdk_fc16.nasl |
2012-09-04 | Name : Mandriva Update for fetchmail MDVSA-2012:149 (fetchmail) File : nvt/gb_mandriva_MDVSA_2012_149.nasl |
2012-08-30 | Name : FreeBSD Ports: fetchmail File : nvt/freebsd_fetchmail16.nasl |
2012-08-30 | Name : Fedora Update for python3 FEDORA-2012-5785 File : nvt/gb_fedora_2012_5785_python3_fc17.nasl |
2012-08-30 | Name : Fedora Update for python-docs FEDORA-2012-5892 File : nvt/gb_fedora_2012_5892_python-docs_fc17.nasl |
2012-08-30 | Name : Fedora Update for python FEDORA-2012-5892 File : nvt/gb_fedora_2012_5892_python_fc17.nasl |
2012-08-03 | Name : Mandriva Update for curl MDVSA-2012:058 (curl) File : nvt/gb_mandriva_MDVSA_2012_058.nasl |
2012-07-30 | Name : CentOS Update for java CESA-2011:0214 centos5 x86_64 File : nvt/gb_CESA-2011_0214_java_centos5_x86_64.nasl |
2012-07-30 | Name : CentOS Update for java CESA-2011:0281 centos5 x86_64 File : nvt/gb_CESA-2011_0281_java_centos5_x86_64.nasl |
2012-07-30 | Name : CentOS Update for tomcat5 CESA-2011:0336 centos5 x86_64 File : nvt/gb_CESA-2011_0336_tomcat5_centos5_x86_64.nasl |
2012-07-30 | Name : CentOS Update for java CESA-2011:0857 centos5 x86_64 File : nvt/gb_CESA-2011_0857_java_centos5_x86_64.nasl |
2012-07-30 | Name : CentOS Update for java CESA-2011:1380 centos5 x86_64 File : nvt/gb_CESA-2011_1380_java_centos5_x86_64.nasl |
2012-07-30 | Name : CentOS Update for firefox CESA-2012:1088 centos5 File : nvt/gb_CESA-2012_1088_firefox_centos5.nasl |
2012-07-30 | Name : CentOS Update for firefox CESA-2012:1088 centos6 File : nvt/gb_CESA-2012_1088_firefox_centos6.nasl |
2012-07-30 | Name : CentOS Update for thunderbird CESA-2012:1089 centos5 File : nvt/gb_CESA-2012_1089_thunderbird_centos5.nasl |
2012-07-30 | Name : CentOS Update for thunderbird CESA-2012:1089 centos6 File : nvt/gb_CESA-2012_1089_thunderbird_centos6.nasl |
2012-07-19 | Name : RedHat Update for firefox RHSA-2012:1088-01 File : nvt/gb_RHSA-2012_1088-01_firefox.nasl |
2012-07-19 | Name : RedHat Update for thunderbird RHSA-2012:1089-01 File : nvt/gb_RHSA-2012_1089-01_thunderbird.nasl |
2012-06-22 | Name : Fedora Update for python3 FEDORA-2012-9135 File : nvt/gb_fedora_2012_9135_python3_fc16.nasl |
2012-06-22 | Name : Mandriva Update for python MDVSA-2012:096 (python) File : nvt/gb_mandriva_MDVSA_2012_096.nasl |
2012-06-22 | Name : Mandriva Update for python MDVSA-2012:097 (python) File : nvt/gb_mandriva_MDVSA_2012_097.nasl |
2012-06-19 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2012-9541 File : nvt/gb_fedora_2012_9541_java-1.6.0-openjdk_fc15.nasl |
2012-06-19 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2012-9545 File : nvt/gb_fedora_2012_9545_java-1.6.0-openjdk_fc16.nasl |
2012-06-19 | Name : Fedora Update for java-1.7.0-openjdk FEDORA-2012-9593 File : nvt/gb_fedora_2012_9593_java-1.7.0-openjdk_fc16.nasl |
2012-06-06 | Name : RedHat Update for tomcat6 RHSA-2011:0335-01 File : nvt/gb_RHSA-2011_0335-01_tomcat6.nasl |
2012-06-06 | Name : RedHat Update for java-1.6.0-openjdk RHSA-2011:0856-01 File : nvt/gb_RHSA-2011_0856-01_java-1.6.0-openjdk.nasl |
2012-05-18 | Name : Mac OS X Multiple Vulnerabilities (2012-002) File : nvt/gb_macosx_su12-002.nasl |
2012-05-08 | Name : Fedora Update for python-docs FEDORA-2012-5924 File : nvt/gb_fedora_2012_5924_python-docs_fc16.nasl |
2012-05-08 | Name : Fedora Update for python FEDORA-2012-5924 File : nvt/gb_fedora_2012_5924_python_fc16.nasl |
2012-05-04 | Name : Fedora Update for python3 FEDORA-2012-5916 File : nvt/gb_fedora_2012_5916_python3_fc15.nasl |
2012-04-30 | Name : Debian Security Advisory DSA 2398-2 (curl) File : nvt/deb_2398_2.nasl |
2012-04-06 | Name : Opera Extended Validation Information Disclosure Vulnerabilities (Linux) File : nvt/gb_opera_extented_validation_info_disc_vuln_lin.nasl |
2012-04-02 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2011-15020 File : nvt/gb_fedora_2011_15020_java-1.6.0-openjdk_fc16.nasl |
2012-04-02 | Name : Fedora Update for firefox FEDORA-2011-17400 File : nvt/gb_fedora_2011_17400_firefox_fc16.nasl |
2012-04-02 | Name : Fedora Update for nss-softokn FEDORA-2011-17400 File : nvt/gb_fedora_2011_17400_nss-softokn_fc16.nasl |
2012-04-02 | Name : Fedora Update for nss-util FEDORA-2011-17400 File : nvt/gb_fedora_2011_17400_nss-util_fc16.nasl |
2012-04-02 | Name : Fedora Update for thunderbird-lightning FEDORA-2011-17400 File : nvt/gb_fedora_2011_17400_thunderbird-lightning_fc16.nasl |
2012-04-02 | Name : Fedora Update for thunderbird FEDORA-2011-17400 File : nvt/gb_fedora_2011_17400_thunderbird_fc16.nasl |
2012-04-02 | Name : Fedora Update for xulrunner FEDORA-2011-17400 File : nvt/gb_fedora_2011_17400_xulrunner_fc16.nasl |
2012-04-02 | Name : Fedora Update for java-1.7.0-openjdk FEDORA-2012-1690 File : nvt/gb_fedora_2012_1690_java-1.7.0-openjdk_fc16.nasl |
2012-04-02 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2012-1711 File : nvt/gb_fedora_2012_1711_java-1.6.0-openjdk_fc16.nasl |
2012-03-19 | Name : Fedora Update for java-1.7.0-openjdk FEDORA-2011-15555 File : nvt/gb_fedora_2011_15555_java-1.7.0-openjdk_fc16.nasl |
2012-03-19 | Name : Fedora Update for nss FEDORA-2011-17400 File : nvt/gb_fedora_2011_17400_nss_fc16.nasl |
2012-03-16 | Name : VMSA-2011-0003.2 Third party component updates for VMware vCenter Server, vCe... File : nvt/gb_VMSA-2011-0003.nasl |
2012-03-15 | Name : VMSA-2011-0013.2 VMware third party component updates for VMware vCenter Serv... File : nvt/gb_VMSA-2011-0013.nasl |
2012-03-12 | Name : Gentoo Security Advisory GLSA 201203-02 (cURL) File : nvt/glsa_201203_02.nasl |
2012-03-09 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2012-1721 File : nvt/gb_fedora_2012_1721_java-1.6.0-openjdk_fc15.nasl |
2012-02-12 | Name : Debian Security Advisory DSA 2398-1 (curl) File : nvt/deb_2398_1.nasl |
2012-02-12 | Name : Gentoo Security Advisory GLSA 201111-02 (sun-jre-bin sun-jdk emul-linux-x86-j... File : nvt/glsa_201111_02.nasl |
2012-02-11 | Name : Debian Security Advisory DSA 2356-1 (openjdk-6) File : nvt/deb_2356_1.nasl |
2012-02-11 | Name : Debian Security Advisory DSA 2358-1 (openjdk-6) File : nvt/deb_2358_1.nasl |
2012-02-11 | Name : Debian Security Advisory DSA 2368-1 (lighttpd) File : nvt/deb_2368_1.nasl |
2012-02-06 | Name : Mac OS X Multiple Vulnerabilities (2012-001) File : nvt/gb_macosx_su12-001.nasl |
2012-01-25 | Name : Ubuntu Update for openjdk-6 USN-1263-2 File : nvt/gb_ubuntu_USN_1263_2.nasl |
2012-01-23 | Name : Fedora Update for firefox FEDORA-2011-17399 File : nvt/gb_fedora_2011_17399_firefox_fc15.nasl |
2012-01-23 | Name : Fedora Update for gnome-python2-extras FEDORA-2011-17399 File : nvt/gb_fedora_2011_17399_gnome-python2-extras_fc15.nasl |
2012-01-23 | Name : Fedora Update for nspr FEDORA-2011-17399 File : nvt/gb_fedora_2011_17399_nspr_fc15.nasl |
2012-01-23 | Name : Fedora Update for nss-softokn FEDORA-2011-17399 File : nvt/gb_fedora_2011_17399_nss-softokn_fc15.nasl |
2012-01-23 | Name : Fedora Update for nss-util FEDORA-2011-17399 File : nvt/gb_fedora_2011_17399_nss-util_fc15.nasl |
2012-01-23 | Name : Fedora Update for nss FEDORA-2011-17399 File : nvt/gb_fedora_2011_17399_nss_fc15.nasl |
2012-01-23 | Name : Fedora Update for perl-Gtk2-MozEmbed FEDORA-2011-17399 File : nvt/gb_fedora_2011_17399_perl-Gtk2-MozEmbed_fc15.nasl |
2012-01-23 | Name : Fedora Update for thunderbird-lightning FEDORA-2011-17399 File : nvt/gb_fedora_2011_17399_thunderbird-lightning_fc15.nasl |
2012-01-23 | Name : Fedora Update for thunderbird FEDORA-2011-17399 File : nvt/gb_fedora_2011_17399_thunderbird_fc15.nasl |
2012-01-23 | Name : Fedora Update for xulrunner FEDORA-2011-17399 File : nvt/gb_fedora_2011_17399_xulrunner_fc15.nasl |
2012-01-11 | Name : Microsoft Windows SSL/TLS Information Disclosure Vulnerability (2643584) File : nvt/secpod_ms12-006.nasl |
2011-11-18 | Name : Ubuntu Update for icedtea-web USN-1263-1 File : nvt/gb_ubuntu_USN_1263_1.nasl |
2011-11-15 | Name : Oracle Java SE Java Runtime Environment Unspecified Vulnerability - October 2... File : nvt/gb_oracle_java_se_deployment_unspec_vuln_win.nasl |
2011-11-15 | Name : Oracle Java SE Java Runtime Environment Unspecified Vulnerability - October 2... File : nvt/gb_oracle_java_se_java_runtime_env_unspec_vuln_win.nasl |
2011-11-15 | Name : Oracle Java SE Multiple Vulnerabilities - October 2011 (Windows01) File : nvt/gb_oracle_java_se_mult_vuln_oct11_win_01.nasl |
2011-11-15 | Name : Oracle Java SE Multiple Vulnerabilities - October 2011 (Windows02) File : nvt/gb_oracle_java_se_mult_vuln_oct11_win_02.nasl |
2011-11-15 | Name : Oracle Java SE Multiple Vulnerabilities - October 2011 (Windows03) File : nvt/gb_oracle_java_se_mult_vuln_oct11_win_03.nasl |
2011-11-15 | Name : Oracle Java SE Multiple Vulnerabilities - October 2011 (Windows04) File : nvt/gb_oracle_java_se_mult_vuln_oct11_win_04.nasl |
2011-11-14 | Name : Mandriva Update for java-1.6.0-openjdk MDVSA-2011:170 (java-1.6.0-openjdk) File : nvt/gb_mandriva_MDVSA_2011_170.nasl |
2011-10-21 | Name : CentOS Update for java CESA-2011:1380 centos5 i386 File : nvt/gb_CESA-2011_1380_java_centos5_i386.nasl |
2011-10-21 | Name : RedHat Update for java-1.6.0-openjdk RHSA-2011:1380-01 File : nvt/gb_RHSA-2011_1380-01_java-1.6.0-openjdk.nasl |
2011-10-21 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2011-14638 File : nvt/gb_fedora_2011_14638_java-1.6.0-openjdk_fc14.nasl |
2011-10-21 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2011-14648 File : nvt/gb_fedora_2011_14648_java-1.6.0-openjdk_fc15.nasl |
2011-10-16 | Name : Debian Security Advisory DSA 2311-1 (openjdk-6) File : nvt/deb_2311_1.nasl |
2011-09-09 | Name : Opera Extended Validation Information Disclosure Vulnerabilities (Mac OS X) File : nvt/gb_opera_extented_validation_info_disc_vuln_macosx.nasl |
2011-09-09 | Name : Opera Extended Validation Information Disclosure Vulnerabilities (Windows) File : nvt/gb_opera_extented_validation_info_disc_vuln_win.nasl |
2011-08-29 | Name : Java for Mac OS X 10.5 Update 9 File : nvt/secpod_macosx_java_10_5_upd_9.nasl |
2011-08-29 | Name : Java for Mac OS X 10.6 Update 4 File : nvt/secpod_macosx_java_10_6_upd_4.nasl |
2011-08-26 | Name : Java for Mac OS X 10.5 Update 10 File : nvt/secpod_macosx_java_10_5_upd_10.nasl |
2011-08-26 | Name : Java for Mac OS X 10.6 Update 5 File : nvt/secpod_macosx_java_10_6_upd_5.nasl |
2011-08-18 | Name : Mandriva Update for java-1.6.0-openjdk MDVSA-2011:126 (java-1.6.0-openjdk) File : nvt/gb_mandriva_MDVSA_2011_126.nasl |
2011-08-12 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2011-9523 File : nvt/gb_fedora_2011_9523_java-1.6.0-openjdk_fc14.nasl |
2011-08-09 | Name : CentOS Update for java CESA-2010:0768 centos5 i386 File : nvt/gb_CESA-2010_0768_java_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for java CESA-2011:0214 centos5 i386 File : nvt/gb_CESA-2011_0214_java_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for java CESA-2011:0281 centos5 i386 File : nvt/gb_CESA-2011_0281_java_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for tomcat5 CESA-2011:0336 centos5 i386 File : nvt/gb_CESA-2011_0336_tomcat5_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for java CESA-2011:0857 centos5 i386 File : nvt/gb_CESA-2011_0857_java_centos5_i386.nasl |
2011-07-12 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2011-8028 File : nvt/gb_fedora_2011_8028_java-1.6.0-openjdk_fc15.nasl |
2011-06-24 | Name : Ubuntu Update for openjdk-6 USN-1154-1 File : nvt/gb_ubuntu_USN_1154_1.nasl |
2011-06-24 | Name : Oracle Java SE Multiple Unspecified Vulnerabilities 01 - June11 (Windows) File : nvt/secpod_oracle_java_mult_unspecified_vuln_win01_jun11.nasl |
2011-06-24 | Name : Oracle Java SE Multiple Unspecified Vulnerabilities - June11 (Windows) File : nvt/secpod_oracle_java_mult_unspecified_vuln_win_jun11.nasl |
2011-06-20 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2011-8003 File : nvt/gb_fedora_2011_8003_java-1.6.0-openjdk_fc14.nasl |
2011-06-20 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2011-8020 File : nvt/gb_fedora_2011_8020_java-1.6.0-openjdk_fc13.nasl |
2011-06-10 | Name : RedHat Update for java-1.6.0-openjdk RHSA-2011:0857-01 File : nvt/gb_RHSA-2011_0857-01_java-1.6.0-openjdk.nasl |
2011-06-06 | Name : HP-UX Update for Java HPSBUX02685 File : nvt/gb_hp_ux_HPSBUX02685.nasl |
2011-05-12 | Name : Debian Security Advisory DSA 2224-1 (openjdk-6) File : nvt/deb_2224_1.nasl |
2011-05-05 | Name : HP-UX Update for Apache Web Server HPSBUX02645 File : nvt/gb_hp_ux_HPSBUX02645.nasl |
2011-04-01 | Name : Mandriva Update for java-1.6.0-openjdk MDVSA-2011:054 (java-1.6.0-openjdk) File : nvt/gb_mandriva_MDVSA_2011_054.nasl |
2011-03-15 | Name : RedHat Update for tomcat5 RHSA-2011:0336-01 File : nvt/gb_RHSA-2011_0336-01_tomcat5.nasl |
2011-03-07 | Name : Debian Security Advisory DSA 2161-1 (openjdk-6) File : nvt/deb_2161_1.nasl |
2011-03-07 | Name : Debian Security Advisory DSA 2161-2 (openjdk-6) File : nvt/deb_2161_2.nasl |
2011-03-07 | Name : Ubuntu Update for openjdk-6 vulnerabilities USN-1079-1 File : nvt/gb_ubuntu_USN_1079_1.nasl |
2011-02-28 | Name : SuSE Update for java-1_6_0-sun SUSE-SA:2011:010 File : nvt/gb_suse_2011_010.nasl |
2011-02-28 | Name : Oracle Java SE Code Execution Vulnerability (Windows) File : nvt/secpod_oracle_java_code_exec_vuln_win.nasl |
2011-02-28 | Name : Oracle Java SE Code Execution Vulnerability (Windows-01) File : nvt/secpod_oracle_java_code_exec_vuln_win01.nasl |
2011-02-28 | Name : Oracle Java SE Code Execution Vulnerabilities (Windows) File : nvt/secpod_oracle_java_mult_code_exec_vuln_win.nasl |
2011-02-28 | Name : Oracle Java SE Multiple Unspecified Vulnerabilities (Windows) File : nvt/secpod_oracle_java_mult_unspecified_vuln_win.nasl |
2011-02-28 | Name : Oracle Java SE Multiple Unspecified Vulnerabilities (Windows) File : nvt/secpod_oracle_java_mult_unspecified_vuln_win_feb11.nasl |
2011-02-18 | Name : RedHat Update for java-1.6.0-openjdk RHSA-2011:0281-01 File : nvt/gb_RHSA-2011_0281-01_java-1.6.0-openjdk.nasl |
2011-02-18 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2011-1631 File : nvt/gb_fedora_2011_1631_java-1.6.0-openjdk_fc13.nasl |
2011-02-18 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2011-1645 File : nvt/gb_fedora_2011_1645_java-1.6.0-openjdk_fc14.nasl |
2011-02-16 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2011-1231 File : nvt/gb_fedora_2011_1231_java-1.6.0-openjdk_fc13.nasl |
2011-02-16 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2011-1263 File : nvt/gb_fedora_2011_1263_java-1.6.0-openjdk_fc14.nasl |
2011-02-11 | Name : RedHat Update for java-1.6.0-openjdk RHSA-2011:0214-01 File : nvt/gb_RHSA-2011_0214-01_java-1.6.0-openjdk.nasl |
2011-01-04 | Name : HP-UX Update for Java HPSBUX02608 File : nvt/gb_hp_ux_HPSBUX02608.nasl |
2010-12-02 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2010-16312 File : nvt/gb_fedora_2010_16312_java-1.6.0-openjdk_fc14.nasl |
2010-11-04 | Name : Ubuntu Update for openjdk-6, openjdk-6b18 vulnerabilities USN-1010-1 File : nvt/gb_ubuntu_USN_1010_1.nasl |
2010-10-28 | Name : Oracle Java SE Multiple Vulnerabilities (Windows) File : nvt/gb_sun_java_se_mult_vuln_oct10_win.nasl |
2010-10-22 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2010-16240 File : nvt/gb_fedora_2010_16240_java-1.6.0-openjdk_fc12.nasl |
2010-10-22 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2010-16294 File : nvt/gb_fedora_2010_16294_java-1.6.0-openjdk_fc13.nasl |
2010-10-19 | Name : RedHat Update for java-1.6.0-openjdk RHSA-2010:0768-01 File : nvt/gb_RHSA-2010_0768-01_java-1.6.0-openjdk.nasl |
0000-00-00 | Name : FreeBSD Ports: opera, linux-opera File : nvt/freebsd_opera25.nasl |
0000-00-00 | Name : Java for Mac OS X 10.6 Update 6 And 10.7 Update 1 File : nvt/secpod_macosx_java_10_6_upd_6_and_10_7_upd_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
76513 | Oracle Java SE JRE Deployment Component Unspecified Remote Information Disclo... Oracle Java SE contains a flaw related to the Deployment sub-component within the Java Runtime Environment component that may allow a remote attacker to gain unauthorized access to unspecified information. No further details have been provided. |
76512 | Oracle Java SE JRE JAXWS Component Unspecified Remote Information Disclosure Oracle Java SE contains a flaw related to the JAXWS sub-component within the Java Runtime Environment component that may allow a remote attacker to gain unauthorized access to unspecified information. No further details have been provided. |
76511 | Oracle Java SE JRE Networking Component Unspecified Remote Information Disclo... Oracle Java SE contains a flaw related to the Networking sub-component within the Java Runtime Environment component that may allow a remote attacker to gain unauthorized access to unspecified information. No further details have been provided. |
76510 | Oracle Java SE JRE HotSpot Component Unspecified Remote Information Disclosure Oracle Java SE contains a flaw related to the HotSpot sub-component within the Java Runtime Environment component that may allow a remote attacker to gain unauthorized access to unspecified information. No further details have been provided. |
76509 | Oracle Java SE JRE Deployment Component Unspecified Remote Issue (2011-3546) Oracle Java SE contains a flaw related to the Deployment sub-component within the Java Runtime Environment component that may allow a remote attacker to gain unauthorized access to unspecified information and manipulate unspecified data. No further details have been provided. |
76508 | Oracle Java SE JRE Component Unspecified Remote Issue (2011-3555) Oracle Java SE contains a flaw related to the Java Runtime Environment component that may allow a remote attacker to manipulate unspecified data and cause a denial of service. No further details have been provided. |
76507 | Oracle Java SE JRE JSSE Component Unspecified Remote Issue Oracle Java SE contains a flaw related to the JSSE sub-component within the Java Runtime Environment component that may allow a remote attacker to gain unauthorized access to unspecified information and manipulate unspecified data. No further details have been provided. |
76506 | Oracle Java SE JRE RMI Component Unspecified Remote Issue (2011-3557) Oracle Java SE contains a flaw related to the RMI sub-component within the Java Runtime Environment component that may allow a remote attacker to gain unauthorized access to unspecified information, manipulate unspecified data, and cause a denial of service. No further details have been provided. |
76505 | Oracle Java SE JRE RMI Component Unspecified Remote Issue (2011-3556) Oracle Java SE contains a flaw related to the RMI sub-component within the Java Runtime Environment component that may allow a remote attacker to gain unauthorized access to unspecified information, manipulate unspecified data, and cause a denial of service. No further details have been provided. |
76504 | Oracle Java SE JRE Deployment Component Unspecified Remote Issue (2011-3516) Oracle Java SE contains a flaw related to the Deployment sub-component within the Java Runtime Environment component that may allow a remote attacker to gain unauthorized access to unspecified information, manipulate unspecified data, and cause a denial of service. No further details have been provided. |
76503 | Oracle Java SE JRE AWT Component Unspecified Remote Issue (2011-3550) Oracle Java SE contains a flaw related to the AWT sub-component within the Java Runtime Environment component that may allow a remote attacker to gain unauthorized access to unspecified information, manipulate unspecified data, and cause a denial of service. No further details have been provided. |
76502 | Oracle Java SE JRE 2D Component Unspecified Remote Issue Oracle Java SE contains a flaw related to the 2D sub-component within the Java Runtime Environment component that may allow a remote attacker to gain unauthorized access to unspecified information, manipulate unspecified data, and cause a denial of service. No further details have been provided. |
76501 | Oracle Java SE JRE Swing Component Unspecified Remote Issue Oracle Java SE contains a flaw related to the Swing sub-component within the Java Runtime Environment component that may allow a remote attacker to gain unauthorized access to unspecified information, manipulate unspecified data, and cause a denial of service. No further details have been provided. |
76500 | Oracle Java SE JRE Rhino Javascript Error Parsing Input Sanitation Weakness R... |
76499 | Oracle Java SE JRE jsound.dll MixerSequencer.nAddControllerEventCallback Func... |
76498 | Oracle Java SE JRE Component Unspecified Remote Issue (2011-3554) Oracle Java SE contains a flaw related to the Java Runtime Environment component that may allow a remote attacker to gain unauthorized access to unspecified information, manipulate unspecified data, and cause a denial of service. No further details have been provided. |
76497 | Oracle Java SE JRE Networking Component java.net.Socket API UDP Socket Satura... |
76496 | Oracle Java SE JRE IIOP Deserialization Applet Handling Remote Code Execution |
76495 | Oracle Java SE JRE AWT Component Unspecified Remote Issue (2011-3548) Oracle Java SE contains a flaw related to the AWT sub-component within the Java Runtime Environment component that may allow a remote attacker to gain unauthorized access to unspecified information, manipulate unspecified data, and cause a denial of service. No further details have been provided. |
74829 | SSL Chained Initialization Vector CBC Mode MiTM Weakness |
73176 | Oracle Java SE / JRE AWT FileDialog.show() String Copy Overflow |
73085 | Oracle Java SE / JRE Deserialization Unspecified Remote Issue |
73084 | Oracle Java SE / JRE SAAJ Unspecified Remote Information Disclosure |
73083 | Oracle Java SE / JRE Networking Unspecified Remote Information Disclosure |
73082 | Oracle Java SE / JRE NIO Unspecified Remote DoS |
73081 | Oracle Java SE / JRE 2D Unspecified Remote Information Disclosure |
73077 | Oracle Java SE / JRE Swing Unspecified Remote Code Execution |
73076 | Oracle Java SE / JRE Soundbank Pointer Dereference Overflow |
73075 | Oracle Java SE / JRE Soundbank Compressed Data Handling Overflow |
73074 | Oracle Java SE / JRE Hotspot Unspecified Remote Code Execution |
73073 | Oracle Java SE / JRE jnlp File Properties Handling Web Start Command Argument... |
73071 | Oracle Java SE / JRE AWT Unspecified Remote Code Execution |
73070 | Oracle Java SE / JRE 2D Unspecified Remote Code Execution |
73069 | Oracle Java SE / JRE ICC Profile Multiple Tag Parsing Memory Corruption |
71623 | Oracle Java SE / Java for Business DB Security Component Unspecified Local In... |
71622 | Oracle Java SE / Java for Business XML Digital Signature Unspecified Remote DoS |
71621 | Oracle Java SE / Java for Business Networking Unspecified Remote DoS |
71620 | Oracle Java SE / Java for Business Launcher Unspecified Local Issue |
71619 | Oracle Java SE / Java for Business JDBC Unspecified Remote Issue |
71618 | Oracle Java SE / Java for Business Deployment Unspecified Remote Information ... |
71617 | Oracle Java SE / Java for Business Deployment Unspecified Remote Information ... |
71616 | Oracle Java SE / Java for Business 2D Unspecified Remote Information Disclosure |
71615 | Oracle Java SE / Java for Business JAXP Unspecified Remote DoS |
71614 | Oracle Java SE / Java for Business Deployment Java Runtime WWW-Authenticate R... |
71613 | Oracle Java SE / Java for Business Install Unspecified Remote Compromise |
71612 | Oracle Java SE / Java for Business Deployment Unspecified Remote Compromise (... |
71611 | Oracle Java SE / Java for Business Sound Unspecified Remote Compromise (2010-... |
71610 | Oracle Java SE / Java for Business Hotspot Unspecified Remote Compromise |
71609 | Oracle Java SE / Java for Business Deployment Unspecified Remote Compromise (... |
71608 | Oracle Java SE / Java for Business Swing Clipboard Handle Arbitrary Command I... |
71607 | Oracle Java SE / Java for Business Deployment Java Webstart JNLP Extension Pe... |
71606 | Oracle Java SE / Java for Business Sound Component XGetSamplePtrFromSnd PV_Sw... |
71605 | Oracle Java SE / Java for Business Sound Unspecified Remote Compromise (2010-... |
71193 | Oracle Java SE / Java for Business sun.plugin2.applet.Applet2ClassLoader fin... Oracle Java contains a flaw related to the findClass method of the sun.plugin2.applet.Applet2ClassLoader class failing to properly validate URLS supplied by a trusted applet. This may allow a context-dependent attacker to use a crafted file or page to execute arbitrary code. |
70965 | Oracle Java SE / Java for Business Double.parseDouble Method Floating Point ... Oracle Java SE and Java for Business contain a flaw that may allow a remote denial of service. The issue is triggered when the 'Double.parseDouble' method in JRE allows remote attackers to trigger an infinite loop with a crafted string, resulting in a denial of service. |
69059 | Oracle Java SE / Java for Business Networking Component HttpURLConnection App... Oracle Java SE and Java for Business contain a flaw related to the Networking component's HttpURLConnection class's failure to properly validate request headers set by applets. This may allow a remote attacker to trigger otherwise restricted actions. |
69058 | Oracle Java SE / Java for Business JNDI Internal Network Names Information Di... Oracle Java SE and Java for Business contain a flaw that may lead to an unauthorized information disclosure. Â The issue is triggered when an information leak in the JNDI component occurs, which will disclose confidential internal network names to a remote attacker. |
69057 | Oracle Java SE / Java for Business Networking Component HttpURLConnection chu... Oracle Java SE and Java for Business contains a flaw related to the Networking component's HttpURLConnection class's failure to properly handle the 'chunked' transfer encoding method. This may allow a remote attacker to conduct HTTP request splitting attacks. |
69056 | Oracle Java SE / Java for Business Web Start Component Unspecified Issue (201... Oracle Java SE and Java for Business contain an unspecified flaw related to the Web Start component. This may allow a remote attacker to affect confidentiality, integrity, and availability. No further details have been provided. |
69055 | Oracle Java SE / Java for Business Networking Component Network Address Infor... Oracle Java SE and Java for Business contains a flaw that may lead to an unauthorized information disclosure. Â The issue is triggered whentThe NetworkInterface class fails to properly check the network 'connect' permissions for local network addresses, which will disclose local network addresses to a remote attacker. |
69053 | Oracle Java SE / Java for Business Swing Component Unspecified Issue (2010-3553) Oracle Java SE and Java for Business contain an unspecified flaw related to the Swing component. This may allow a remote attacker to affect confidentiality, integrity, and availability. No further details have been provided. |
69052 | Oracle Java SE / Java for Business CORBA Component Remote Code Execution Oracle Java SE and Java for Business contain an unspecified flaw related to the CORBA component. This may allow a remote attacker to execute arbitrary code by misusing permissions granted to certain system objects. No further details have been provided |
69051 | Oracle Java SE / Java for Business ActiveX Plugin Uninitialized Window Handle... Oracle Java SE and Java for Business contain a flaw related to the ActiveX Plugin. The plugin does not properly initialize objects. When the plugin is in a particular state, the application will fail to properly initialize a window handle field. This may be exploited by a remote attacker to allow the execution of arbitrary code. |
69050 | Oracle Java SE / Java for Business 2D Component Unspecified Issue (2010-3556) Oracle Java SE and Java for Business contain an unspecified flaw related to the 2D component. This may allow a remote attacker to affect confidentiality, integrity, and availability. No further details have been provided. |
69049 | Oracle Java SE / Java for Business Swing Component Unspecified Issue (2010-3557) Oracle Java SE and Java for Business contain an unspecified flaw related to the Swing component. This may allow a remote attacker to affect confidentiality, integrity, and availability. This is related to the modification of the behavior and state of certain JDK classes. No further details have been provided. |
69048 | Oracle Java SE / Java for Business Web Start Component Unspecified Issue (201... Oracle Java SE and Java for Business contain an unspecified flaw related to the Web Start component. This may allow a remote attacker to affect confidentiality, integrity, and availability. No further details have been provided. |
69047 | Oracle Java SE / Java for Business HeadspaceSoundbank.nGetName BANK Record Si... A memory corruption flaw exists in Oracle Java SE and Java for Business. The 'HeadspaceSoundbank.nGetName' function fails to sanitize user-supplied input when parsing BANK records in SoundBank files, resulting in memory corruption. With a specially crafted BANK record, a context-dependent attacker can execute arbitrary code. |
69046 | Oracle Java SE / Java for Business Networking Component Unspecified Informati... Oracle Java SE and Java for Business contain an unspecified flaw related to the Networking component. This may allow disclose certain unspecified information to a remote attacker. No further details have been provided. |
69045 | Oracle Java SE / Java for Business CORBA Component ServerSocket Network Permi... Oracle Java SE and Java for Business contain a flaw related to the CORBA Component's ServerSocket class's privileged accept method allowing it to receive connections from any host. This may allow a remote attacker to bypass network permission restrictions. |
69044 | Oracle Java SE / Java for Business 2D Component IndexColorModel Double-free E... Oracle Java SE and Java for Business contain a flaw related to the 2D Component. IndexColorModel suffers from a double free error when running an untrusted applet or application, which may allow a remote attacker to potentially execute arbitrary code. |
69043 | Oracle Java SE / Java for Business Web Start BasicServiceImpl Class Arbitrary... Oracle Java SE and Java for Business contain a flaw related to the 'com.sun.jnlp.BasicServiceImpl' class. The issue is triggered when a remote attacker exploits Web Start's retrieval of security policies. This may allow an attacker to execute arbitrary code. |
69042 | Oracle Java SE / Java for Business JRE JPEGImageWriter.writeImage Overflow Oracle Java SE and Java for Business are prone to an overflow condition. The JPEGImageWriter.writeImage in the imageio API in the JRE component fails to properly sanitize user-supplied input resulting in an integer overflow. With a specially crafted JPEG image file, a context-dependent attacker can potentially execute arbitrary code. |
69041 | Oracle Java SE / Java for Business JRE ICC Profile devs Tag Structure Overflow Oracle Java SE and Java for Business are prone to an overflow condition. The color profile parser in the JRE component fails to properly sanitize user-supplied input resulting in an integer overflow. With a specially crafted 'devs' tag structure in a color profile, a context-dependent attacker can potentially execute arbitrary code. |
69040 | Oracle Java SE / Java for Business 2D Component ICU Opentype out-of-bounds Re... Oracle Java SE and Java for Business contains a flaw related to the 2D component. The issue is triggered when a crash in ICU Opentype layout engine is caused by a miscalculation in character counts for right-to-left text causing out-of-bounds memory access. This may allow a remote attacker to execute arbitrary code. |
69039 | Oracle Java SE / Java for Business JRE Component Unspecified Issue (2010-3568) Oracle Java SE and Java for Business contain an unspecified flaw related to the JRE component. This may allow a remote attacker to affect confidentiality, integrity, and availability. No further details have been provided. |
69038 | Oracle Java SE / Java for Business JRE Component Unspecified Issue (2010-3569) Oracle Java SE and Java for Business contain a flaw related to the JRE component. The 'defaultReadObject' method of the Serialization API. can be tricked into setting a volatile field repeatedly. This may allow a remote attacker to execute arbitrary code. |
69037 | Oracle Java SE / Java for Business Deployment Toolkit Component Unspecified I... Oracle Java SE and Java for Business contain an unspecified flaw related to the Deployment Toolkit component. This may allow a remote attacker to affect confidentiality, integrity, and availability. No further details have been provided. |
69036 | Oracle Java SE / Java for Business ICC Profile Unicode Description Tag Struc... Oracle Java SE and Java for Business is prone to an overflow condition. The color profile parser fails to properly sanitize user-supplied input resulting in an integer overflow. With a specially crafted Tag structure in a color profile, a context-dependent attacker can potentially execute arbitrary code. |
69035 | Oracle Java SE / Java for Business Sound Component Unspecified Issue (2010-3... Oracle Java SE and Java for Business contain a flaw related to the Sound component that may allow a remote attacker to affect confidentiality, integrity, and availability. No further details have been provided. |
69034 | Oracle Java SE / Java for Business java.net.URLConnection Same-of-origin Poli... Oracle Java SE and Java for Business contain a flaw related to the 'HttpURLConnection' class in the Networking component's failure to properly validate applet request headers. This may allow a remote attacker to trigger actions which are normally restricted to HTTP clients. |
69033 | Oracle Java SE / Java for Business Networking Component HttpURLConnection all... Oracle Java SE and Java for Business contain a flaw related to the 'Networking' component. The 'HttpURLConnection' class fails to properly check if the calling code had the 'allowHttpTrace' permission, allowing the creation of HTTP TRACE requests by untrusted code. |
68873 | Oracle Java New Plugin docbase Parameter Overflow Java is prone to an overflow condition. The new plugin component fails to properly sanitize user-supplied input resulting in a stack buffer overflow. With a specially crafted website, a context-dependent attacker can potentially cause arbitrary code execution. |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2014-02-27 | IAVM : 2014-A-0030 - Apple Mac OS X Security Update 2014-001 Severity : Category I - VMSKEY : V0044547 |
2013-10-17 | IAVM : 2013-A-0199 - Multiple Vulnerabilities in Oracle Fusion Middleware Severity : Category I - VMSKEY : V0040786 |
2012-08-16 | IAVM : 2012-A-0136 - Multiple Vulnerabilities in Juniper Network Management Products Severity : Category I - VMSKEY : V0033662 |
2012-05-03 | IAVM : 2012-B-0048 - Multiple Vulnerabilities in HP Systems Insight Manager Severity : Category I - VMSKEY : V0032178 |
2012-03-29 | IAVM : 2012-A-0048 - Multiple Vulnerabilities in VMware vCenter Update Manager 5.0 Severity : Category I - VMSKEY : V0031901 |
2012-01-13 | IAVM : 2012-B-0006 - Microsoft SSL/TLS Information Disclosure Vulnerability Severity : Category I - VMSKEY : V0031054 |
2011-12-15 | IAVM : 2011-A-0173 - Multiple Vulnerabilities in VMware ESX 4.0 Severity : Category I - VMSKEY : V0030824 |
2011-12-01 | IAVM : 2011-A-0160 - Multiple Vulnerabilities in VMware vCenter Server 4.0 and vCenter Update Mana... Severity : Category I - VMSKEY : V0030769 |
2011-05-12 | IAVM : 2011-A-0066 - Multiple Vulnerabilities in VMware Products Severity : Category I - VMSKEY : V0027158 |
Snort® IPS/IDS
Date | Description |
---|---|
2014-03-13 | Java FileDialog heap buffer overflow attempt RuleID : 29643 - Revision : 3 - Type : MALWARE-OTHER |
2014-03-13 | Java FileDialog heap buffer overflow attempt RuleID : 29642 - Revision : 3 - Type : MALWARE-OTHER |
2014-03-13 | Java FileDialog heap buffer overflow attempt RuleID : 29641 - Revision : 2 - Type : MALWARE-OTHER |
2014-03-13 | Java FileDialog heap buffer overflow attempt RuleID : 29640 - Revision : 2 - Type : MALWARE-OTHER |
2014-03-06 | Oracle Java Rhino script engine remote code execution attempt RuleID : 29535 - Revision : 4 - Type : FILE-JAVA |
2014-02-21 | Styx exploit kit eot outbound connection RuleID : 29453 - Revision : 2 - Type : EXPLOIT-KIT |
2014-02-21 | Styx exploit kit landing page request RuleID : 29452 - Revision : 2 - Type : EXPLOIT-KIT |
2014-02-21 | Styx exploit kit outbound jar request RuleID : 29451 - Revision : 2 - Type : EXPLOIT-KIT |
2014-02-21 | Styx exploit kit outbound connection attempt RuleID : 29450 - Revision : 2 - Type : EXPLOIT-KIT |
2014-02-21 | Styx exploit kit landing page RuleID : 29449 - Revision : 3 - Type : EXPLOIT-KIT |
2014-02-21 | Styx exploit kit landing page RuleID : 29448 - Revision : 2 - Type : EXPLOIT-KIT |
2014-02-21 | Styx exploit kit jar outbound connection RuleID : 29446 - Revision : 9 - Type : EXPLOIT-KIT |
2014-02-21 | Styx exploit kit fonts download page RuleID : 29445 - Revision : 2 - Type : EXPLOIT-KIT |
2014-01-30 | Stamp exploit kit PDF exploit retrieval attempt RuleID : 29131 - Revision : 2 - Type : EXPLOIT-KIT |
2014-01-30 | Stamp exploit kit malicious payload download attempt RuleID : 29130 - Revision : 2 - Type : EXPLOIT-KIT |
2014-01-30 | Stamp exploit kit jar exploit download - specific structure RuleID : 29129 - Revision : 2 - Type : EXPLOIT-KIT |
2014-01-30 | Stamp exploit kit plugin detection page RuleID : 29128 - Revision : 2 - Type : EXPLOIT-KIT |
2014-01-10 | Styx exploit kit landing page request RuleID : 28478 - Revision : 4 - Type : EXPLOIT-KIT |
2014-01-10 | Styx exploit kit outbound pdf request RuleID : 28477 - Revision : 5 - Type : EXPLOIT-KIT |
2014-01-10 | Himan exploit kit payload - Oracle Java compromise RuleID : 28310 - Revision : 2 - Type : EXPLOIT-KIT |
2014-01-10 | Himan exploit kit landing page RuleID : 28307 - Revision : 2 - Type : EXPLOIT-KIT |
2014-01-10 | Multiple exploit kit Payload detection - readme.dll RuleID : 27898 - Revision : 2 - Type : EXPLOIT-KIT |
2014-01-10 | Multiple exploit kit Payload detection - calc.dll RuleID : 27897 - Revision : 2 - Type : EXPLOIT-KIT |
2014-01-10 | Multiple exploit kit Payload detection - contacts.dll RuleID : 27896 - Revision : 2 - Type : EXPLOIT-KIT |
2014-01-10 | Multiple exploit kit Payload detection - info.dll RuleID : 27895 - Revision : 2 - Type : EXPLOIT-KIT |
2014-01-10 | Multiple exploit kit Payload detection - about.dll RuleID : 27894 - Revision : 2 - Type : EXPLOIT-KIT |
2014-01-10 | Styx exploit kit malicious redirection attempt RuleID : 27815 - Revision : 3 - Type : EXPLOIT-KIT |
2014-01-10 | Styx exploit kit landing page request RuleID : 27814 - Revision : 3 - Type : EXPLOIT-KIT |
2014-01-10 | Styx exploit kit landing page with payload RuleID : 27813 - Revision : 4 - Type : EXPLOIT-KIT |
2014-01-10 | Gong Da exploit kit possible jar download RuleID : 27706 - Revision : 3 - Type : EXPLOIT-KIT |
2014-01-10 | Gong Da exploit kit Java exploit requested RuleID : 27705 - Revision : 3 - Type : EXPLOIT-KIT |
2014-01-10 | Gong Da exploit kit Java exploit requested RuleID : 27704 - Revision : 3 - Type : EXPLOIT-KIT |
2014-01-10 | Gong Da exploit kit plugin detection RuleID : 27703 - Revision : 2 - Type : EXPLOIT-KIT |
2014-01-10 | Gong Da exploit kit landing page RuleID : 27702 - Revision : 3 - Type : EXPLOIT-KIT |
2014-01-10 | Gong Da Jar file download RuleID : 27701 - Revision : 2 - Type : EXPLOIT-KIT |
2014-01-10 | iFramer toolkit injected iframe detected - specific structure RuleID : 27271 - Revision : 3 - Type : EXPLOIT-KIT |
2014-01-10 | Private exploit kit outbound traffic RuleID : 27144-community - Revision : 3 - Type : EXPLOIT-KIT |
2014-01-10 | Private exploit kit outbound traffic RuleID : 27144 - Revision : 3 - Type : EXPLOIT-KIT |
2014-01-10 | Private exploit kit landing page RuleID : 27143 - Revision : 3 - Type : EXPLOIT-KIT |
2014-01-10 | Private exploit kit landing page RuleID : 27142 - Revision : 3 - Type : EXPLOIT-KIT |
2014-01-10 | Private exploit kit landing page RuleID : 27141 - Revision : 4 - Type : EXPLOIT-KIT |
2014-01-10 | Private exploit kit numerically named exe file dowload RuleID : 27140 - Revision : 4 - Type : EXPLOIT-KIT |
2014-01-10 | Nailed exploit kit rhino remote code execution exploit download - autopwn RuleID : 27084 - Revision : 2 - Type : EXPLOIT-KIT |
2014-01-10 | Blackhole exploit kit landing page retrieval RuleID : 27072 - Revision : 4 - Type : EXPLOIT-KIT |
2014-01-10 | Blackhole exploit kit landing page retrieval RuleID : 27071 - Revision : 4 - Type : EXPLOIT-KIT |
2014-01-10 | Styx exploit kit plugin detection connection jovf RuleID : 27042-community - Revision : 5 - Type : EXPLOIT-KIT |
2014-01-10 | Styx exploit kit plugin detection connection jovf RuleID : 27042 - Revision : 5 - Type : EXPLOIT-KIT |
2014-01-10 | Styx exploit kit plugin detection connection jlnp RuleID : 27041-community - Revision : 4 - Type : EXPLOIT-KIT |
2014-01-10 | Styx exploit kit plugin detection connection jlnp RuleID : 27041 - Revision : 4 - Type : EXPLOIT-KIT |
2014-01-10 | Styx exploit kit plugin detection connection jorg RuleID : 27040-community - Revision : 4 - Type : EXPLOIT-KIT |
2014-01-10 | Styx exploit kit plugin detection connection jorg RuleID : 27040 - Revision : 4 - Type : EXPLOIT-KIT |
2014-01-10 | Impact/Stamp exploit kit landing page RuleID : 26600 - Revision : 2 - Type : EXPLOIT-KIT |
2014-01-10 | Impact/Stamp exploit kit landing page RuleID : 26599 - Revision : 2 - Type : EXPLOIT-KIT |
2014-01-10 | Sakura exploit kit pdf download detection RuleID : 26539 - Revision : 2 - Type : EXPLOIT-KIT |
2014-01-10 | Sakura exploit kit landing page received RuleID : 26538 - Revision : 2 - Type : EXPLOIT-KIT |
2014-01-10 | Sakura exploit kit jar download detection RuleID : 26537 - Revision : 2 - Type : EXPLOIT-KIT |
2014-01-10 | Stamp exploit kit landing page RuleID : 26536 - Revision : 4 - Type : EXPLOIT-KIT |
2014-01-10 | Multiple exploit kit landing page - specific structure RuleID : 26535 - Revision : 6 - Type : EXPLOIT-KIT |
2014-01-10 | Multiple exploit kit Payload detection - info.dll RuleID : 26508 - Revision : 3 - Type : EXPLOIT-KIT |
2014-01-10 | Blackholev2 exploit kit jar file downloaded RuleID : 26434 - Revision : 4 - Type : EXPLOIT-KIT |
2014-01-10 | Nuclear exploit kit landing page RuleID : 26343 - Revision : 4 - Type : EXPLOIT-KIT |
2014-01-10 | Nuclear exploit kit landing page - specific structure RuleID : 26342 - Revision : 3 - Type : EXPLOIT-KIT |
2014-01-10 | Nuclear exploit kit landing page RuleID : 26341 - Revision : 3 - Type : EXPLOIT-KIT |
2014-01-10 | Blackhole exploit kit landing page retrieval - ff.php RuleID : 26339 - Revision : 4 - Type : EXPLOIT-KIT |
2014-01-10 | IFRAMEr injection detection - leads to exploit kit RuleID : 26338 - Revision : 4 - Type : EXPLOIT-KIT |
2014-01-10 | Blackhole exploit kit landing page - specific structure RuleID : 26337 - Revision : 3 - Type : EXPLOIT-KIT |
2014-01-10 | Styx exploit kit redirection page RuleID : 26297 - Revision : 3 - Type : EXPLOIT-KIT |
2014-01-10 | Styx exploit kit landing page RuleID : 26296 - Revision : 3 - Type : EXPLOIT-KIT |
2014-01-10 | Watering Hole Campaign applet download RuleID : 26295 - Revision : 6 - Type : FILE-OTHER |
2014-01-10 | Blackhole exploit kit landing page RuleID : 26253 - Revision : 3 - Type : EXPLOIT-KIT |
2014-01-10 | Blackhole exploit kit landing page retrieval RuleID : 26227 - Revision : 5 - Type : EXPLOIT-KIT |
2014-01-10 | Crimeboss exploit kit redirection attempt RuleID : 26226 - Revision : 2 - Type : EXPLOIT-KIT |
2014-01-10 | Oracle Java Gmbal package sandbox breach attempt RuleID : 26186 - Revision : 7 - Type : FILE-JAVA |
2014-01-10 | Oracle Java Gmbal package sandbox breach attempt RuleID : 26185 - Revision : 7 - Type : FILE-JAVA |
2014-01-10 | Styx exploit kit landing page RuleID : 26090 - Revision : 4 - Type : EXPLOIT-KIT |
2014-01-10 | Gong Da exploit kit redirection page received RuleID : 26013 - Revision : 4 - Type : EXPLOIT-KIT |
2014-01-10 | Whitehole exploit kit landing page RuleID : 25806 - Revision : 5 - Type : EXPLOIT-KIT |
2014-01-10 | Whitehole exploit kit Java exploit retrieval RuleID : 25805 - Revision : 4 - Type : EXPLOIT-KIT |
2014-01-10 | Whitehole exploit kit malicious jar download attempt RuleID : 25804 - Revision : 5 - Type : EXPLOIT-KIT |
2014-01-10 | Multiple exploit kit 32-alpha jar request RuleID : 25798 - Revision : 10 - Type : EXPLOIT-KIT |
2014-01-10 | Blackholev2 exploit kit redirection successful RuleID : 25611 - Revision : 4 - Type : EXPLOIT-KIT |
2014-01-10 | Blackholev2 exploit kit landing page RuleID : 25569 - Revision : 4 - Type : EXPLOIT-KIT |
2014-01-10 | Blackhole exploit kit landing page retrieval RuleID : 25568 - Revision : 6 - Type : EXPLOIT-KIT |
2014-01-10 | Multiple Exploit Kit Payload detection - setup.exe RuleID : 25526 - Revision : 2 - Type : EXPLOIT-KIT |
2014-01-10 | Oracle Java Rhino script engine remote code execution attempt RuleID : 25392 - Revision : 8 - Type : FILE-JAVA |
2014-01-10 | Sweet Orange exploit kit obfuscated payload download RuleID : 25391 - Revision : 5 - Type : EXPLOIT-KIT |
2014-01-10 | Sweet Orange exploit kit landing page - specific structure RuleID : 25390 - Revision : 2 - Type : EXPLOIT-KIT |
2014-01-10 | Sweet Orange exploit kit landing page - specific structure RuleID : 25389 - Revision : 2 - Type : EXPLOIT-KIT |
2014-01-10 | Blackholev2 exploit kit redirection successful RuleID : 25388 - Revision : 4 - Type : EXPLOIT-KIT |
2014-01-10 | Multiple exploit kit Payload detection - readme.exe RuleID : 25387 - Revision : 4 - Type : EXPLOIT-KIT |
2014-01-10 | Multiple exploit kit Payload detection - about.exe RuleID : 25386 - Revision : 4 - Type : EXPLOIT-KIT |
2014-01-10 | Multiple exploit kit Payload detection - calc.exe RuleID : 25385 - Revision : 4 - Type : EXPLOIT-KIT |
2014-01-10 | Multiple exploit kit Payload detection - contacts.exe RuleID : 25384 - Revision : 4 - Type : EXPLOIT-KIT |
2014-01-10 | Multiple exploit kit Payload detection - info.exe RuleID : 25383 - Revision : 4 - Type : EXPLOIT-KIT |
2014-01-10 | Multiple exploit kit malicious jar file dropped RuleID : 25382 - Revision : 5 - Type : EXPLOIT-KIT |
2014-01-10 | Styx exploit kit portable executable download request RuleID : 25140 - Revision : 7 - Type : EXPLOIT-KIT |
2014-01-10 | Styx exploit kit eot outbound connection RuleID : 25139 - Revision : 4 - Type : EXPLOIT-KIT |
2014-01-10 | Styx exploit kit pdf outbound connection RuleID : 25138 - Revision : 4 - Type : EXPLOIT-KIT |
2014-01-10 | Styx exploit kit jar outbound connection RuleID : 25137 - Revision : 9 - Type : EXPLOIT-KIT |
2014-01-10 | Styx exploit kit plugin detection connection RuleID : 25136 - Revision : 8 - Type : EXPLOIT-KIT |
2014-01-10 | Styx Exploit Kit outbound connection RuleID : 25135 - Revision : 9 - Type : EXPLOIT-KIT |
2014-01-10 | Sweet Orange exploit kit landing page - specific structure RuleID : 25044 - Revision : 3 - Type : EXPLOIT-KIT |
2014-01-10 | Blackholev2 exploit kit url structure detected RuleID : 25043 - Revision : 4 - Type : EXPLOIT-KIT |
2014-01-10 | Oracle Java Applet remote code execution attempt RuleID : 24993 - Revision : 9 - Type : FILE-JAVA |
2014-01-10 | Nuclear exploit kit landing page detected RuleID : 24888 - Revision : 5 - Type : EXPLOIT-KIT |
2014-01-10 | Sweet Orange exploit kit landing page - JAR redirection RuleID : 24840 - Revision : 4 - Type : EXPLOIT-KIT |
2014-01-10 | Sweet Orange exploit kit landing page - specific structure RuleID : 24839 - Revision : 4 - Type : EXPLOIT-KIT |
2014-01-10 | Sweet Orange User-Agent - contype RuleID : 24838 - Revision : 2 - Type : EXPLOIT-KIT |
2014-01-10 | Sweet Orange initial landing page RuleID : 24837 - Revision : 6 - Type : EXPLOIT-KIT |
2014-01-10 | KaiXin exploit kit Java Class download RuleID : 24793 - Revision : 5 - Type : EXPLOIT-KIT |
2014-01-10 | KaiXin exploit kit attack vector attempt RuleID : 24670 - Revision : 5 - Type : EXPLOIT-KIT |
2014-01-10 | KaiXin exploit kit attack vector attempt RuleID : 24669 - Revision : 5 - Type : EXPLOIT-KIT |
2014-01-10 | KaiXin exploit kit attack vector attempt RuleID : 24668 - Revision : 6 - Type : EXPLOIT-KIT |
2014-01-10 | KaiXin exploit kit attack vector attempt RuleID : 24667 - Revision : 6 - Type : EXPLOIT-KIT |
2014-01-10 | Blackholev2 exploit kit redirection successful RuleID : 24638 - Revision : 6 - Type : EXPLOIT-KIT |
2014-01-10 | Blackholev2 exploit kit redirection page - specific structure RuleID : 24637 - Revision : 6 - Type : EXPLOIT-KIT |
2014-01-10 | Blackholev2 exploit kit redirection page - specific structure RuleID : 24636 - Revision : 7 - Type : EXPLOIT-KIT |
2014-01-10 | Blackholev2 exploit kit landing page download attempt RuleID : 24608 - Revision : 6 - Type : EXPLOIT-KIT |
2014-01-10 | Blackholev2 exploit kit landing page received - specific structure RuleID : 24593 - Revision : 7 - Type : EXPLOIT-KIT |
2014-01-10 | Blackhole exploit kit landing page download attempt RuleID : 24548 - Revision : 5 - Type : EXPLOIT-KIT |
2014-01-10 | Blackhole exploit kit landing page download attempt RuleID : 24547 - Revision : 5 - Type : EXPLOIT-KIT |
2014-01-10 | Blackholev2 exploit kit landing page download attempt RuleID : 24546 - Revision : 6 - Type : EXPLOIT-KIT |
2014-01-10 | Blackhole admin page outbound access attempt RuleID : 24544 - Revision : 4 - Type : EXPLOIT-KIT |
2014-01-10 | Blackhole admin page inbound access attempt RuleID : 24543 - Revision : 4 - Type : EXPLOIT-KIT |
2014-01-10 | Oracle Java XGetSamplePtrFromSnd memory corruption attempt RuleID : 24511 - Revision : 8 - Type : FILE-JAVA |
2014-01-10 | Oracle Java XGetSamplePtrFromSnd memory corruption attempt RuleID : 24510 - Revision : 6 - Type : FILE-JAVA |
2014-01-10 | Blackholev2 exploit kit fallback executable download RuleID : 24501 - Revision : 5 - Type : EXPLOIT-KIT |
2014-01-10 | Blackhole - Cookie Set RuleID : 24475 - Revision : 3 - Type : EXPLOIT-KIT |
2014-01-10 | Crimeboss exploit kit outbound connection RuleID : 24234 - Revision : 4 - Type : EXPLOIT-KIT |
2014-01-10 | Crimeboss exploit kit outbound connection RuleID : 24233 - Revision : 3 - Type : EXPLOIT-KIT |
2014-01-10 | Crimeboss exploit kit outbound connection RuleID : 24232 - Revision : 4 - Type : EXPLOIT-KIT |
2014-01-10 | Crimeboss exploit kit redirection attempt RuleID : 24231 - Revision : 3 - Type : EXPLOIT-KIT |
2014-01-10 | Blackholev2 exploit kit landing page Received RuleID : 24228 - Revision : 7 - Type : EXPLOIT-KIT |
2014-01-10 | Blackholev2 - URI Structure RuleID : 24227 - Revision : 9 - Type : EXPLOIT-KIT |
2014-01-10 | Blackholev2 exploit kit landing page received RuleID : 24226 - Revision : 6 - Type : EXPLOIT-KIT |
2014-01-10 | Blackhole possible email Landing to 8 chr folder RuleID : 24171 - Revision : 8 - Type : EXPLOIT-KIT |
2014-01-10 | Blackhole exploit kit landing page with specific structure RuleID : 24054 - Revision : 10 - Type : EXPLOIT-KIT |
2014-01-10 | Blackhole exploit kit landing page with specific structure RuleID : 24053 - Revision : 7 - Type : EXPLOIT-KIT |
2014-01-10 | Blackhole exploit kit landing page with specific structure - fewbgazr catch RuleID : 23962 - Revision : 7 - Type : EXPLOIT-KIT |
2014-01-10 | Blackhole exploit kit landing page with specific structure - hwehes RuleID : 23850 - Revision : 7 - Type : EXPLOIT-KIT |
2014-01-10 | Blackhole redirection attempt RuleID : 23849 - Revision : 8 - Type : EXPLOIT-KIT |
2014-01-10 | Blackhole redirection attempt RuleID : 23848 - Revision : 5 - Type : EXPLOIT-KIT |
2014-01-10 | Blackhole redirection page RuleID : 23797 - Revision : 6 - Type : EXPLOIT-KIT |
2014-01-10 | Blackhole exploit kit landing page with specific structure - Math.round catch RuleID : 23786 - Revision : 9 - Type : EXPLOIT-KIT |
2014-01-10 | Blackhole exploit kit landing page with specific structure - Math.floor catch RuleID : 23785 - Revision : 9 - Type : EXPLOIT-KIT |
2014-01-10 | Blackhole exploit kit landing page RuleID : 23781 - Revision : 7 - Type : EXPLOIT-KIT |
2014-01-10 | Blackhole exploit kit landing page request - tkr RuleID : 23622 - Revision : 7 - Type : EXPLOIT-KIT |
2014-01-10 | Blackhole exploit kit landing page with specific structure - prototype catch ... RuleID : 23619 - Revision : 7 - Type : EXPLOIT-KIT |
2014-01-10 | Oracle Java MixerSequencer RMF MIDI structure handling exploit attempt RuleID : 23490 - Revision : 8 - Type : FILE-MULTIMEDIA |
2014-01-10 | Blackhole exploit kit landing page download attempt RuleID : 23159 - Revision : 9 - Type : EXPLOIT-KIT |
2014-01-10 | Blackhole exploit kit landing page with specific structure - prototype catch RuleID : 23158 - Revision : 7 - Type : EXPLOIT-KIT |
2014-01-10 | Nuclear Pack exploit kit binary download RuleID : 23157 - Revision : 10 - Type : EXPLOIT-KIT |
2014-01-10 | Nuclear Pack exploit kit landing page RuleID : 23156 - Revision : 11 - Type : EXPLOIT-KIT |
2014-01-10 | Oracle Java Rhino script engine remote code execution attempt RuleID : 23008 - Revision : 9 - Type : FILE-JAVA |
2014-01-10 | Blackhole redirection attempt RuleID : 22949 - Revision : 5 - Type : EXPLOIT-KIT |
2014-01-10 | Blackhole Exploit Kit javascript service method RuleID : 22088 - Revision : 12 - Type : EXPLOIT-KIT |
2014-01-10 | Blackhole landing redirection page RuleID : 22041 - Revision : 6 - Type : EXPLOIT-KIT |
2014-01-10 | Blackhole suspected landing page RuleID : 22040 - Revision : 5 - Type : EXPLOIT-KIT |
2014-01-10 | Blackhole suspected landing page RuleID : 22039 - Revision : 5 - Type : EXPLOIT-KIT |
2014-01-10 | Blackhole exploit landing page with specific structure - Loading RuleID : 21876 - Revision : 8 - Type : EXPLOIT-KIT |
2014-01-10 | Possible exploit kit post compromise activity - taskkill RuleID : 21875 - Revision : 5 - Type : EXPLOIT-KIT |
2014-01-10 | Possible exploit kit post compromise activity - StrReverse RuleID : 21874 - Revision : 5 - Type : EXPLOIT-KIT |
2014-01-10 | Phoenix exploit kit post-compromise behavior RuleID : 21860 - Revision : 5 - Type : MALWARE-CNC |
2014-01-10 | Java exploit kit iframe drive by attempt RuleID : 21668 - Revision : 5 - Type : EXPLOIT-KIT |
2014-01-10 | Blackhole exploit kit landing page with specific structure - catch RuleID : 21661 - Revision : 8 - Type : EXPLOIT-KIT |
2014-01-10 | Blackhole exploit kit landing page Requested - /Index/index.php RuleID : 21660 - Revision : 8 - Type : EXPLOIT-KIT |
2014-01-10 | Blackhole exploit kit landing page Requested - /Home/index.php RuleID : 21659 - Revision : 7 - Type : EXPLOIT-KIT |
2014-01-10 | Blackhole exploit kit landing page RuleID : 21658 - Revision : 7 - Type : EXPLOIT-KIT |
2014-01-10 | Blackhole exploit kit landing page - specific structure RuleID : 21657 - Revision : 7 - Type : EXPLOIT-KIT |
2014-01-10 | Blackhole exploit kit landing page with specific structure - prototype catch RuleID : 21646-community - Revision : 16 - Type : EXPLOIT-KIT |
2014-01-10 | Blackhole exploit kit landing page with specific structure - prototype catch RuleID : 21646 - Revision : 16 - Type : EXPLOIT-KIT |
2014-01-10 | Phoenix exploit kit landing page RuleID : 21640 - Revision : 6 - Type : EXPLOIT-KIT |
2014-01-10 | Blackhole exploit kit landing page with specific structure - BBB RuleID : 21581 - Revision : 9 - Type : EXPLOIT-KIT |
2014-01-10 | Blackhole exploit kit landing page with specific header RuleID : 21549 - Revision : 8 - Type : EXPLOIT-KIT |
2014-01-10 | Blackhole exploit kit landing page with specific header RuleID : 21539 - Revision : 8 - Type : EXPLOIT-KIT |
2014-01-10 | Sakura exploit kit rhino jar request RuleID : 21509 - Revision : 3 - Type : EXPLOIT-KIT |
2014-01-10 | Blackhole exploit kit landing page with specific structure - prototype catch RuleID : 21492-community - Revision : 22 - Type : EXPLOIT-KIT |
2014-01-10 | Blackhole exploit kit landing page with specific structure - prototype catch RuleID : 21492 - Revision : 22 - Type : EXPLOIT-KIT |
2014-01-10 | Blackhole exploit kit JavaScript carat string splitting with hostile applet RuleID : 21438-community - Revision : 7 - Type : EXPLOIT-KIT |
2014-01-10 | Blackhole exploit kit JavaScript carat string splitting with hostile applet RuleID : 21438 - Revision : 7 - Type : EXPLOIT-KIT |
2014-01-10 | Blackhole exploit kit URL - search.php?page= RuleID : 21348 - Revision : 8 - Type : EXPLOIT-KIT |
2014-01-10 | Blackhole exploit kit URL - .php?page= RuleID : 21347 - Revision : 12 - Type : EXPLOIT-KIT |
2014-01-10 | Blackhole exploit kit malicious jar download RuleID : 21346 - Revision : 7 - Type : EXPLOIT-KIT |
2014-01-10 | Blackhole exploit kit malicious jar request RuleID : 21345 - Revision : 9 - Type : EXPLOIT-KIT |
2014-01-10 | Blackhole exploit kit pdf download RuleID : 21344 - Revision : 5 - Type : EXPLOIT-KIT |
2014-01-10 | Blackhole exploit kit pdf request RuleID : 21343 - Revision : 7 - Type : EXPLOIT-KIT |
2014-01-10 | Blackhole exploit kit response RuleID : 21259 - Revision : 5 - Type : EXPLOIT-KIT |
2014-01-10 | Blackhole exploit kit control panel access RuleID : 21141 - Revision : 7 - Type : EXPLOIT-KIT |
2014-01-10 | Eleanore exploit kit post-exploit page request RuleID : 21071 - Revision : 5 - Type : EXPLOIT-KIT |
2014-01-10 | Eleanore exploit kit pdf exploit page request RuleID : 21070 - Revision : 4 - Type : EXPLOIT-KIT |
2014-01-10 | Eleanore exploit kit exploit fetch request RuleID : 21069 - Revision : 4 - Type : EXPLOIT-KIT |
2014-01-10 | Eleanore exploit kit landing page RuleID : 21068 - Revision : 4 - Type : EXPLOIT-KIT |
2014-01-10 | Java Applet Rhino script engine remote code execution attempt RuleID : 21057 - Revision : 9 - Type : FILE-OTHER |
2014-01-10 | Blackhole exploit kit landing page RuleID : 21045 - Revision : 6 - Type : EXPLOIT-KIT |
2014-01-10 | Blackhole exploit kit landing page RuleID : 21044 - Revision : 6 - Type : EXPLOIT-KIT |
2014-01-10 | Blackhole exploit kit post-compromise download attempt - .php?e= RuleID : 21043 - Revision : 10 - Type : EXPLOIT-KIT |
2014-01-10 | Blackhole exploit kit post-compromise download attempt - .php?f= RuleID : 21042 - Revision : 11 - Type : EXPLOIT-KIT |
2014-01-10 | Blackhole exploit kit URL - main.php?page= RuleID : 21041 - Revision : 12 - Type : EXPLOIT-KIT |
2014-01-10 | Yang Pack yg.htm landing page RuleID : 21006 - Revision : 5 - Type : MALWARE-CNC |
2014-01-10 | Oracle Java Applet Rhino script engine remote code execution attempt RuleID : 20831 - Revision : 12 - Type : FILE-JAVA |
2014-01-10 | Oracle Java Applet remote code execution attempt RuleID : 20622 - Revision : 18 - Type : FILE-JAVA |
2014-01-10 | Oracle Java browser plugin docbase overflow attempt RuleID : 20444 - Revision : 7 - Type : FILE-JAVA |
2014-01-10 | Oracle Java Web Start BasicServiceImpl security policy bypass attempt RuleID : 20430 - Revision : 7 - Type : FILE-JAVA |
2014-01-10 | SSL CBC encryption mode weakness brute force attempt RuleID : 20212 - Revision : 11 - Type : SERVER-OTHER |
2014-01-10 | Oracle Java Applet2ClassLoader Remote Code Execution RuleID : 18679 - Revision : 10 - Type : SERVER-OTHER |
2014-01-10 | Java floating point number denial of service - via POST RuleID : 18471 - Revision : 8 - Type : SERVER-WEBAPP |
2014-01-10 | Java floating point number denial of service - via URI RuleID : 18470 - Revision : 9 - Type : SERVER-WEBAPP |
2014-01-10 | Oracle Java browser plugin docbase overflow attempt RuleID : 18245 - Revision : 14 - Type : BROWSER-PLUGINS |
2014-01-10 | Oracle Java browser plugin docbase overflow attempt RuleID : 18244 - Revision : 14 - Type : FILE-JAVA |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2016-03-04 | Name : The remote VMware ESX / ESXi host is missing a security-related patch. File : vmware_VMSA-2011-0003_remote.nasl - Type : ACT_GATHER_INFO |
2016-03-04 | Name : The remote VMware ESX / ESXi host is missing a security-related patch. File : vmware_VMSA-2011-0013_remote.nasl - Type : ACT_GATHER_INFO |
2016-03-03 | Name : The remote VMware ESXi / ESX host is missing a security-related patch. File : vmware_VMSA-2012-0005_remote.nasl - Type : ACT_GATHER_INFO |
2016-02-12 | Name : A telephony application running on the remote host is affected by multiple vu... File : asterisk_ast_2016_003.nasl - Type : ACT_GATHER_INFO |
2016-02-05 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_559f3d1bcb1d11e580a4001999f8d30b.nasl - Type : ACT_GATHER_INFO |
2016-01-25 | Name : The remote Debian host is missing a security update. File : debian_DLA-400.nasl - Type : ACT_GATHER_INFO |
2015-03-26 | Name : The remote Debian host is missing a security update. File : debian_DLA-154.nasl - Type : ACT_GATHER_INFO |
2015-01-27 | Name : The remote web server is affected by an information disclosure vulnerability. File : oracle_http_server_cpu_jan_2015_ldap.nasl - Type : ACT_GATHER_INFO |
2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_fetchmail_20121016.nasl - Type : ACT_GATHER_INFO |
2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_python_20130410.nasl - Type : ACT_GATHER_INFO |
2014-12-12 | Name : The remote VMware ESXi 5.1 host is affected by multiple vulnerabilities. File : vmware_esxi_5_1_build_2323236_remote.nasl - Type : ACT_GATHER_INFO |
2014-11-12 | Name : The remote Fedora host is missing a security update. File : fedora_2014-13777.nasl - Type : ACT_GATHER_INFO |
2014-11-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-1455.nasl - Type : ACT_GATHER_INFO |
2014-11-07 | Name : The remote Fedora host is missing a security update. File : fedora_2014-13764.nasl - Type : ACT_GATHER_INFO |
2014-06-30 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201406-32.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2011-100.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-302.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-76.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_icedtea-web-110627.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_java-1_6_0-openjdk-101103.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_java-1_6_0-openjdk-110228.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_java-1_6_0-openjdk-111025.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_java-1_6_0-sun-101019.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_java-1_6_0-sun-110217.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_java-1_6_0-sun-110608.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_java-1_6_0-sun-111024.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_nss-201112-111220.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_opera-110906.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_curl-120124.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_icedtea-web-110627.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_java-1_6_0-openjdk-111025.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_java-1_6_0-sun-110314.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_java-1_6_0-sun-110608.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_java-1_6_0-sun-111024.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_nss-201112-111220.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_opera-110906.nasl - Type : ACT_GATHER_INFO |
2014-02-25 | Name : The remote host is missing a Mac OS X update that fixes multiple security vul... File : macosx_SecUpd2014-001.nasl - Type : ACT_GATHER_INFO |
2014-02-07 | Name : The remote mail server is affected by an information disclosure vulnerability. File : kerio_connect_810.nasl - Type : ACT_GATHER_INFO |
2013-10-23 | Name : The remote host is missing a Mac OS X update that fixes multiple security vul... File : macosx_10_9.nasl - Type : ACT_GATHER_INFO |
2013-10-16 | Name : The remote database server is affected by multiple vulnerabilities. File : oracle_rdbms_cpu_oct_2013.nasl - Type : ACT_GATHER_INFO |
2013-09-13 | Name : The remote host is affected by multiple vulnerabilities. File : juniper_nsm_psn_2012_08_689.nasl - Type : ACT_GATHER_INFO |
2013-09-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2011-10.nasl - Type : ACT_GATHER_INFO |
2013-07-23 | Name : The remote web server is affected by multiple vulnerabilities. File : hpsmh_7_2_1_0.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0768.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-0214.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-0281.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-0335.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-0336.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-0856.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-0857.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-1380.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-1088.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2012-1089.nasl - Type : ACT_GATHER_INFO |
2013-04-20 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-037.nasl - Type : ACT_GATHER_INFO |
2013-03-09 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1079-2.nasl - Type : ACT_GATHER_INFO |
2013-03-09 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1079-3.nasl - Type : ACT_GATHER_INFO |
2013-02-22 | Name : The remote Unix host contains a programming platform that is affected by mult... File : oracle_java_cpu_feb_2011_unix.nasl - Type : ACT_GATHER_INFO |
2013-02-22 | Name : The remote Unix host contains a programming platform that is affected by mult... File : oracle_java_cpu_jun_2011_unix.nasl - Type : ACT_GATHER_INFO |
2013-02-22 | Name : The remote Unix host contains a programming platform that is affected by mult... File : oracle_java_cpu_oct_2010_unix.nasl - Type : ACT_GATHER_INFO |
2013-02-22 | Name : The remote Unix host contains a programming platform that is affected by mult... File : oracle_java_cpu_oct_2011_unix.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0880.nasl - Type : ACT_GATHER_INFO |
2013-01-08 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201301-01.nasl - Type : ACT_GATHER_INFO |
2012-11-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-1467.nasl - Type : ACT_GATHER_INFO |
2012-09-20 | Name : The remote host is missing a Mac OS X update that fixes multiple security vul... File : macosx_10_7_5.nasl - Type : ACT_GATHER_INFO |
2012-09-20 | Name : The remote host is missing a Mac OS X update that fixes multiple security vul... File : macosx_SecUpd2012-004.nasl - Type : ACT_GATHER_INFO |
2012-09-06 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2012-097.nasl - Type : ACT_GATHER_INFO |
2012-09-06 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2012-149.nasl - Type : ACT_GATHER_INFO |
2012-08-30 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_18ce9a90f26911e1be53080027ef73ec.nasl - Type : ACT_GATHER_INFO |
2012-08-03 | Name : The remote host has an application installed that is affected by multiple vul... File : macosx_xcode_4_4.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20101013_java_1_6_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20101014_java__jdk_1_6_0__on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20101110_java_1_6_0_openjdk_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110210_java_1_6_0_openjdk_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110217_java_1_6_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110217_java__jdk_1_6_0__on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110309_tomcat5_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110309_tomcat6_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110608_java_1_6_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110608_java_1_6_0_openjdk_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110621_java__jdk_1_6_0__on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20111018_java_1_6_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20111019_java_1_6_0_sun_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-07-18 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-1088.nasl - Type : ACT_GATHER_INFO |
2012-07-18 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2012-1089.nasl - Type : ACT_GATHER_INFO |
2012-07-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-1088.nasl - Type : ACT_GATHER_INFO |
2012-07-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-1089.nasl - Type : ACT_GATHER_INFO |
2012-06-21 | Name : The remote database server is affected by multiple denial of service vulnerab... File : db2_9fp11.nasl - Type : ACT_GATHER_INFO |
2012-06-21 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2012-096.nasl - Type : ACT_GATHER_INFO |
2012-06-20 | Name : The remote Fedora host is missing a security update. File : fedora_2012-9135.nasl - Type : ACT_GATHER_INFO |
2012-06-15 | Name : The remote Windows host contains software that is affected by multiple vulner... File : hp_systems_insight_manager_700_multiple_vulns.nasl - Type : ACT_GATHER_INFO |
2012-05-10 | Name : The remote host is missing a Mac OS X update that fixes several security issues. File : macosx_10_7_4.nasl - Type : ACT_GATHER_INFO |
2012-05-10 | Name : The remote host is missing a Mac OS X update that fixes multiple security vul... File : macosx_SecUpd2012-002.nasl - Type : ACT_GATHER_INFO |
2012-05-07 | Name : The remote Fedora host is missing a security update. File : fedora_2012-5785.nasl - Type : ACT_GATHER_INFO |
2012-05-07 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2012-5924.nasl - Type : ACT_GATHER_INFO |
2012-05-04 | Name : The remote Fedora host is missing a security update. File : fedora_2012-5916.nasl - Type : ACT_GATHER_INFO |
2012-05-02 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2012-5892.nasl - Type : ACT_GATHER_INFO |
2012-04-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0508.nasl - Type : ACT_GATHER_INFO |
2012-04-16 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2012-058.nasl - Type : ACT_GATHER_INFO |
2012-04-16 | Name : It may be possible to obtain sensitive information from the remote host with ... File : ssl3_tls1_iv_impl_info_disclosure.nasl - Type : ACT_GATHER_INFO |
2012-03-16 | Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2012-0005.nasl - Type : ACT_GATHER_INFO |
2012-03-09 | Name : The remote VMware ESX host is missing a security-related patch. File : vmware_VMSA-2012-0003.nasl - Type : ACT_GATHER_INFO |
2012-03-06 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201203-02.nasl - Type : ACT_GATHER_INFO |
2012-02-29 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-ibm-120223.nasl - Type : ACT_GATHER_INFO |
2012-02-24 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_4_2-ibm-120105.nasl - Type : ACT_GATHER_INFO |
2012-02-02 | Name : The remote host is missing a Mac OS X update that fixes several security vuln... File : macosx_10_7_3.nasl - Type : ACT_GATHER_INFO |
2012-02-02 | Name : The remote host is missing a Mac OS X update that fixes multiple security vul... File : macosx_SecUpd2012-001.nasl - Type : ACT_GATHER_INFO |
2012-01-31 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2398.nasl - Type : ACT_GATHER_INFO |
2012-01-25 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_4_2-ibm-7908.nasl - Type : ACT_GATHER_INFO |
2012-01-25 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1263-2.nasl - Type : ACT_GATHER_INFO |
2012-01-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_6_0-ibm-7926.nasl - Type : ACT_GATHER_INFO |
2012-01-23 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2011-17399.nasl - Type : ACT_GATHER_INFO |
2012-01-19 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0034.nasl - Type : ACT_GATHER_INFO |
2012-01-12 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2358.nasl - Type : ACT_GATHER_INFO |
2012-01-12 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2368.nasl - Type : ACT_GATHER_INFO |
2012-01-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0006.nasl - Type : ACT_GATHER_INFO |
2012-01-10 | Name : It may be possibe to obtain sensitive information from the remote Windows hos... File : smb_nt_ms12-006.nasl - Type : ACT_GATHER_INFO |
2011-12-23 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2011-17400.nasl - Type : ACT_GATHER_INFO |
2011-12-14 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_a4a809d825c811e1b53100215c6a37bb.nasl - Type : ACT_GATHER_INFO |
2011-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_4_2-ibm-7440.nasl - Type : ACT_GATHER_INFO |
2011-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_4_2-ibm-7698.nasl - Type : ACT_GATHER_INFO |
2011-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_5_0-ibm-7650.nasl - Type : ACT_GATHER_INFO |
2011-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_5_0-ibm-7862.nasl - Type : ACT_GATHER_INFO |
2011-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_6_0-ibm-7443.nasl - Type : ACT_GATHER_INFO |
2011-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_6_0-ibm-7627.nasl - Type : ACT_GATHER_INFO |
2011-12-07 | Name : The remote host contains a web browser that is affected by multiple vulnerabi... File : opera_1160.nasl - Type : ACT_GATHER_INFO |
2011-12-02 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2356.nasl - Type : ACT_GATHER_INFO |
2011-11-26 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-1478.nasl - Type : ACT_GATHER_INFO |
2011-11-23 | Name : The remote database server is affected by multiple denial of service vulnerab... File : db2_97fp5.nasl - Type : ACT_GATHER_INFO |
2011-11-17 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1263-1.nasl - Type : ACT_GATHER_INFO |
2011-11-14 | Name : The remote Fedora host is missing a security update. File : fedora_2011-15555.nasl - Type : ACT_GATHER_INFO |
2011-11-14 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-170.nasl - Type : ACT_GATHER_INFO |
2011-11-09 | Name : The remote host has a version of Java installed that is affected by multiple ... File : macosx_java_10_6_update6.nasl - Type : ACT_GATHER_INFO |
2011-11-09 | Name : The remote host has a version of Java installed that is affected by multiple ... File : macosx_java_10_7_update1.nasl - Type : ACT_GATHER_INFO |
2011-11-07 | Name : The remote Fedora host is missing a security update. File : fedora_2011-15020.nasl - Type : ACT_GATHER_INFO |
2011-11-07 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201111-02.nasl - Type : ACT_GATHER_INFO |
2011-10-28 | Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2011-0013.nasl - Type : ACT_GATHER_INFO |
2011-10-20 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2011-1380.nasl - Type : ACT_GATHER_INFO |
2011-10-20 | Name : The remote Windows host contains a programming platform that is affected by m... File : oracle_java_cpu_oct_2011.nasl - Type : ACT_GATHER_INFO |
2011-10-20 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-1384.nasl - Type : ACT_GATHER_INFO |
2011-10-19 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-1380.nasl - Type : ACT_GATHER_INFO |
2011-09-28 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2311.nasl - Type : ACT_GATHER_INFO |
2011-09-01 | Name : The remote host contains a web browser that is affected by multiple vulnerabi... File : opera_1151.nasl - Type : ACT_GATHER_INFO |
2011-08-30 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12819.nasl - Type : ACT_GATHER_INFO |
2011-08-30 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_4_2-ibm-110818.nasl - Type : ACT_GATHER_INFO |
2011-08-30 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_4_2-ibm-7697.nasl - Type : ACT_GATHER_INFO |
2011-08-16 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-126.nasl - Type : ACT_GATHER_INFO |
2011-08-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-1159.nasl - Type : ACT_GATHER_INFO |
2011-08-05 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12810.nasl - Type : ACT_GATHER_INFO |
2011-08-03 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_5_0-ibm-7649.nasl - Type : ACT_GATHER_INFO |
2011-07-25 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-1087.nasl - Type : ACT_GATHER_INFO |
2011-07-19 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-ibm-110713.nasl - Type : ACT_GATHER_INFO |
2011-07-19 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_6_0-ibm-7626.nasl - Type : ACT_GATHER_INFO |
2011-07-15 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0938.nasl - Type : ACT_GATHER_INFO |
2011-06-29 | Name : The remote host has a version of Java that is affected by multiple vulnerabil... File : macosx_java_10_5_update10.nasl - Type : ACT_GATHER_INFO |
2011-06-29 | Name : The remote host has a version of Java that is affected by multiple vulnerabil... File : macosx_java_10_6_update5.nasl - Type : ACT_GATHER_INFO |
2011-06-20 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1154-1.nasl - Type : ACT_GATHER_INFO |
2011-06-16 | Name : The remote Fedora host is missing a security update. File : fedora_2011-8020.nasl - Type : ACT_GATHER_INFO |
2011-06-16 | Name : The remote Fedora host is missing a security update. File : fedora_2011-8028.nasl - Type : ACT_GATHER_INFO |
2011-06-15 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-sun-110609.nasl - Type : ACT_GATHER_INFO |
2011-06-14 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2011-0857.nasl - Type : ACT_GATHER_INFO |
2011-06-12 | Name : The remote Fedora host is missing a security update. File : fedora_2011-8003.nasl - Type : ACT_GATHER_INFO |
2011-06-09 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0856.nasl - Type : ACT_GATHER_INFO |
2011-06-09 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0857.nasl - Type : ACT_GATHER_INFO |
2011-06-09 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0860.nasl - Type : ACT_GATHER_INFO |
2011-06-08 | Name : The remote Windows host contains a programming platform that is affected by m... File : oracle_java_cpu_jun_2011.nasl - Type : ACT_GATHER_INFO |
2011-05-13 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12706.nasl - Type : ACT_GATHER_INFO |
2011-05-13 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_4_2-ibm-110504.nasl - Type : ACT_GATHER_INFO |
2011-05-06 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0490.nasl - Type : ACT_GATHER_INFO |
2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_java-1_6_0-openjdk-101103.nasl - Type : ACT_GATHER_INFO |
2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_java-1_6_0-openjdk-101103.nasl - Type : ACT_GATHER_INFO |
2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_java-1_6_0-openjdk-110228.nasl - Type : ACT_GATHER_INFO |
2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_java-1_6_0-sun-110217.nasl - Type : ACT_GATHER_INFO |
2011-04-21 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2224.nasl - Type : ACT_GATHER_INFO |
2011-04-15 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2011-0214.nasl - Type : ACT_GATHER_INFO |
2011-04-15 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2011-0281.nasl - Type : ACT_GATHER_INFO |
2011-04-15 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2011-0336.nasl - Type : ACT_GATHER_INFO |
2011-04-01 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12691.nasl - Type : ACT_GATHER_INFO |
2011-03-28 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-054.nasl - Type : ACT_GATHER_INFO |
2011-03-22 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-ibm-110307.nasl - Type : ACT_GATHER_INFO |
2011-03-22 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_6_0-ibm-7369.nasl - Type : ACT_GATHER_INFO |
2011-03-21 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_5_0-ibm-7350.nasl - Type : ACT_GATHER_INFO |
2011-03-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0364.nasl - Type : ACT_GATHER_INFO |
2011-03-17 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0357.nasl - Type : ACT_GATHER_INFO |
2011-03-17 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12683.nasl - Type : ACT_GATHER_INFO |
2011-03-11 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12682.nasl - Type : ACT_GATHER_INFO |
2011-03-11 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_4_2-ibm-110223.nasl - Type : ACT_GATHER_INFO |
2011-03-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_4_2-ibm-7348.nasl - Type : ACT_GATHER_INFO |
2011-03-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0335.nasl - Type : ACT_GATHER_INFO |
2011-03-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0336.nasl - Type : ACT_GATHER_INFO |
2011-03-09 | Name : The remote host has a version of Java that is affected by multiple vulnerabil... File : macosx_java_10_5_update9.nasl - Type : ACT_GATHER_INFO |
2011-03-09 | Name : The remote host has a version of Java that is affected by multiple vulnerabil... File : macosx_java_10_6_update4.nasl - Type : ACT_GATHER_INFO |
2011-03-02 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1079-1.nasl - Type : ACT_GATHER_INFO |
2011-02-23 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0290.nasl - Type : ACT_GATHER_INFO |
2011-02-23 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0291.nasl - Type : ACT_GATHER_INFO |
2011-02-23 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0292.nasl - Type : ACT_GATHER_INFO |
2011-02-23 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-sun-110217.nasl - Type : ACT_GATHER_INFO |
2011-02-23 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_6_0-sun-7342.nasl - Type : ACT_GATHER_INFO |
2011-02-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0281.nasl - Type : ACT_GATHER_INFO |
2011-02-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0282.nasl - Type : ACT_GATHER_INFO |
2011-02-17 | Name : The remote Fedora host is missing a security update. File : fedora_2011-1631.nasl - Type : ACT_GATHER_INFO |
2011-02-17 | Name : The remote Fedora host is missing a security update. File : fedora_2011-1645.nasl - Type : ACT_GATHER_INFO |
2011-02-16 | Name : The remote Windows host contains a programming platform that is affected by m... File : oracle_java_cpu_feb_2011.nasl - Type : ACT_GATHER_INFO |
2011-02-15 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2161.nasl - Type : ACT_GATHER_INFO |
2011-02-14 | Name : The remote Fedora host is missing a security update. File : fedora_2011-1231.nasl - Type : ACT_GATHER_INFO |
2011-02-14 | Name : The remote Fedora host is missing a security update. File : fedora_2011-1263.nasl - Type : ACT_GATHER_INFO |
2011-02-14 | Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2011-0003.nasl - Type : ACT_GATHER_INFO |
2011-02-11 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0214.nasl - Type : ACT_GATHER_INFO |
2011-01-27 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_6_0-sun-7204.nasl - Type : ACT_GATHER_INFO |
2011-01-25 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-ibm-101220.nasl - Type : ACT_GATHER_INFO |
2011-01-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12669.nasl - Type : ACT_GATHER_INFO |
2011-01-21 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0169.nasl - Type : ACT_GATHER_INFO |
2011-01-21 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_4_2-ibm-101112.nasl - Type : ACT_GATHER_INFO |
2011-01-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0152.nasl - Type : ACT_GATHER_INFO |
2010-12-17 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12658.nasl - Type : ACT_GATHER_INFO |
2010-12-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0987.nasl - Type : ACT_GATHER_INFO |
2010-12-02 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0935.nasl - Type : ACT_GATHER_INFO |
2010-12-02 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-sun-101019.nasl - Type : ACT_GATHER_INFO |
2010-12-02 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_5_0-ibm-7205.nasl - Type : ACT_GATHER_INFO |
2010-12-01 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12659.nasl - Type : ACT_GATHER_INFO |
2010-11-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0865.nasl - Type : ACT_GATHER_INFO |
2010-11-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0873.nasl - Type : ACT_GATHER_INFO |
2010-10-29 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1010-1.nasl - Type : ACT_GATHER_INFO |
2010-10-28 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0807.nasl - Type : ACT_GATHER_INFO |
2010-10-22 | Name : The remote Fedora host is missing a security update. File : fedora_2010-16240.nasl - Type : ACT_GATHER_INFO |
2010-10-22 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_java-1_6_0-sun-101019.nasl - Type : ACT_GATHER_INFO |
2010-10-22 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_java-1_6_0-sun-101019.nasl - Type : ACT_GATHER_INFO |
2010-10-21 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0786.nasl - Type : ACT_GATHER_INFO |
2010-10-20 | Name : The remote Fedora host is missing a security update. File : fedora_2010-16294.nasl - Type : ACT_GATHER_INFO |
2010-10-18 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0768.nasl - Type : ACT_GATHER_INFO |
2010-10-18 | Name : The remote Fedora host is missing a security update. File : fedora_2010-16312.nasl - Type : ACT_GATHER_INFO |
2010-10-15 | Name : The remote Windows host contains a programming platform that is affected by m... File : oracle_java_cpu_oct_2010.nasl - Type : ACT_GATHER_INFO |
2010-10-15 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0770.nasl - Type : ACT_GATHER_INFO |
2010-10-14 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0768.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2016-02-29 21:29:48 |
|
2016-02-24 09:28:55 |
|
2014-02-17 11:37:05 |
|