Executive Summary
Informations | |||
---|---|---|---|
Name | MDVSA-2015:161-1 | First vendor Publication | 2015-04-02 |
Vendor | Mandriva | Last vendor Modification | 2015-04-02 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Updated icu packages fix security vulnerabilities: The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via vectors related to a zero-length quantifier or look-behind expression (CVE-2014-7923, CVE-2014-7926). The collator implementation in i18n/ucol.cpp in International Components for Unicode (ICU) 52 through SVN revision 293126 does not initialize memory for a data structure, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted character sequence (CVE-2014-7940). It was discovered that ICU incorrectly handled memory operations when processing fonts. If an application using ICU processed crafted data, an attacker could cause it to crash or potentially execute arbitrary code with the privileges of the user invoking the program (CVE-2014-6585, CVE-2014-6591). Update: Packages for Mandriva Business Server 1 are now being provided. |
Original Source
Url : http://www.mandriva.com/security/advisories?name=MDVSA-2015:161-1 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
67 % | CWE-17 | Code |
33 % | CWE-399 | Resource Management Errors |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:28035 | |||
Oval ID: | oval:org.mitre.oval:def:28035 | ||
Title: | Multiple vulnerabilities in current releases of the IBM® SDK,Java Technology Edition | ||
Description: | Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors reelated to 2D, a different vulnerability than CVE-2014-6591. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2014-6585 | Version: | 4 |
Platform(s): | IBM AIX 6.1 IBM AIX 7.1 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:28455 | |||
Oval ID: | oval:org.mitre.oval:def:28455 | ||
Title: | Multiple vulnerabilities in current releases of the IBM® SDK,Java Technology Edition | ||
Description: | Unspecified vulnerability in the Java SE component in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to 2D, a different vulnerability than CVE-2014-6585. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2014-6591 | Version: | 4 |
Platform(s): | IBM AIX 6.1 IBM AIX 7.1 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:28733 | |||
Oval ID: | oval:org.mitre.oval:def:28733 | ||
Title: | Potential security vulnerabilities have been identified in the Java Runtime Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities. | ||
Description: | Unspecified vulnerability in the Java SE component in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to 2D, a different vulnerability than CVE-2014-6585. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2014-6591 | Version: | 4 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2016-03-14 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201603-14.nasl - Type : ACT_GATHER_INFO |
2015-10-14 | Name : The remote Fedora host is missing a security update. File : fedora_2015-16314.nasl - Type : ACT_GATHER_INFO |
2015-09-24 | Name : The remote Fedora host is missing a security update. File : fedora_2015-16315.nasl - Type : ACT_GATHER_INFO |
2015-08-03 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-3323.nasl - Type : ACT_GATHER_INFO |
2015-07-14 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201507-14.nasl - Type : ACT_GATHER_INFO |
2015-05-20 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2015-0503-1.nasl - Type : ACT_GATHER_INFO |
2015-05-15 | Name : The remote Debian host is missing a security update. File : debian_DLA-219.nasl - Type : ACT_GATHER_INFO |
2015-05-01 | Name : The remote host has a virtualization management application installed that is... File : vmware_vcenter_vmsa-2015-0003.nasl - Type : ACT_GATHER_INFO |
2015-04-29 | Name : The remote Fedora host is missing a security update. File : fedora_2015-6087.nasl - Type : ACT_GATHER_INFO |
2015-04-29 | Name : The remote Fedora host is missing a security update. File : fedora_2015-6084.nasl - Type : ACT_GATHER_INFO |
2015-04-20 | Name : The remote Windows host has an application installed that is affected by mult... File : vmware_vcenter_chargeback_manager_vmsa_2015_0003.nasl - Type : ACT_GATHER_INFO |
2015-04-13 | Name : The remote host has a device management application installed that is affecte... File : vmware_workspace_portal_vmsa2015-0003.nasl - Type : ACT_GATHER_INFO |
2015-04-13 | Name : The remote Windows host has an application installed that is affected by mult... File : vmware_horizon_view_VMSA-2015-0003.nasl - Type : ACT_GATHER_INFO |
2015-04-10 | Name : The remote Windows host has a virtualization application installed that is mi... File : vcenter_operations_manager_vmsa_2015-0003-win.nasl - Type : ACT_GATHER_INFO |
2015-04-10 | Name : The remote host has a virtualization application installed that is missing a ... File : vcenter_operations_manager_vmsa_2015-0003-vapp.nasl - Type : ACT_GATHER_INFO |
2015-04-10 | Name : The remote Linux host has a virtualization application installed that is miss... File : vcenter_operations_manager_vmsa_2015-0003-linux.nasl - Type : ACT_GATHER_INFO |
2015-04-10 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2015-198.nasl - Type : ACT_GATHER_INFO |
2015-04-03 | Name : The remote Fedora host is missing a security update. File : fedora_2015-3569.nasl - Type : ACT_GATHER_INFO |
2015-03-30 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2015-161.nasl - Type : ACT_GATHER_INFO |
2015-03-26 | Name : The remote Debian host is missing a security update. File : debian_DLA-157.nasl - Type : ACT_GATHER_INFO |
2015-03-25 | Name : The remote Fedora host is missing a security update. File : fedora_2015-3590.nasl - Type : ACT_GATHER_INFO |
2015-03-24 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201503-06.nasl - Type : ACT_GATHER_INFO |
2015-03-17 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-3187.nasl - Type : ACT_GATHER_INFO |
2015-03-11 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-2522-3.nasl - Type : ACT_GATHER_INFO |
2015-03-09 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-2522-2.nasl - Type : ACT_GATHER_INFO |
2015-03-09 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2015-204.nasl - Type : ACT_GATHER_INFO |
2015-03-06 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2522-1.nasl - Type : ACT_GATHER_INFO |
2015-02-25 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-0264.nasl - Type : ACT_GATHER_INFO |
2015-02-25 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-0263.nasl - Type : ACT_GATHER_INFO |
2015-02-24 | Name : The remote AIX host has a version of Java SDK installed that is affected by m... File : aix_java_feb2015_advisory.nasl - Type : ACT_GATHER_INFO |
2015-02-20 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_7_0-openjdk-150206.nasl - Type : ACT_GATHER_INFO |
2015-02-18 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201502-13.nasl - Type : ACT_GATHER_INFO |
2015-02-13 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2015-480.nasl - Type : ACT_GATHER_INFO |
2015-02-09 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2015-033.nasl - Type : ACT_GATHER_INFO |
2015-02-06 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-0135.nasl - Type : ACT_GATHER_INFO |
2015-02-06 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-0136.nasl - Type : ACT_GATHER_INFO |
2015-02-06 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-0134.nasl - Type : ACT_GATHER_INFO |
2015-02-06 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-0133.nasl - Type : ACT_GATHER_INFO |
2015-02-03 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2015-91.nasl - Type : ACT_GATHER_INFO |
2015-02-02 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-3147.nasl - Type : ACT_GATHER_INFO |
2015-01-30 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-3144.nasl - Type : ACT_GATHER_INFO |
2015-01-28 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2487-1.nasl - Type : ACT_GATHER_INFO |
2015-01-28 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2486-1.nasl - Type : ACT_GATHER_INFO |
2015-01-28 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-0093.nasl - Type : ACT_GATHER_INFO |
2015-01-27 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20150126_java_1_6_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2015-01-27 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2015-0085.nasl - Type : ACT_GATHER_INFO |
2015-01-27 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2015-0085.nasl - Type : ACT_GATHER_INFO |
2015-01-27 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-0085.nasl - Type : ACT_GATHER_INFO |
2015-01-27 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-0086.nasl - Type : ACT_GATHER_INFO |
2015-01-27 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2476-1.nasl - Type : ACT_GATHER_INFO |
2015-01-23 | Name : The remote Mac OS X host contains a web browser that is affected by multiple ... File : macosx_google_chrome_40_0_2214_91.nasl - Type : ACT_GATHER_INFO |
2015-01-23 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2015-471.nasl - Type : ACT_GATHER_INFO |
2015-01-23 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2015-472.nasl - Type : ACT_GATHER_INFO |
2015-01-23 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : google_chrome_40_0_2214_91.nasl - Type : ACT_GATHER_INFO |
2015-01-23 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-0079.nasl - Type : ACT_GATHER_INFO |
2015-01-23 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-0080.nasl - Type : ACT_GATHER_INFO |
2015-01-22 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2015-0067.nasl - Type : ACT_GATHER_INFO |
2015-01-22 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_e30e0c99a1b711e4b85c00262d5ed8ee.nasl - Type : ACT_GATHER_INFO |
2015-01-22 | Name : The remote Windows host contains a programming platform that is affected by m... File : oracle_java_cpu_jan_2015.nasl - Type : ACT_GATHER_INFO |
2015-01-22 | Name : The remote Unix host contains a programming platform that is affected by mult... File : oracle_java_cpu_jan_2015_unix.nasl - Type : ACT_GATHER_INFO |
2015-01-22 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2015-0068.nasl - Type : ACT_GATHER_INFO |
2015-01-22 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2015-0069.nasl - Type : ACT_GATHER_INFO |
2015-01-22 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20150121_java_1_7_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2015-01-22 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20150121_java_1_7_0_openjdk_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2015-01-22 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20150121_java_1_8_0_openjdk_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2015-01-21 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2015-0067.nasl - Type : ACT_GATHER_INFO |
2015-01-21 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-0069.nasl - Type : ACT_GATHER_INFO |
2015-01-21 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-0068.nasl - Type : ACT_GATHER_INFO |
2015-01-21 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-0067.nasl - Type : ACT_GATHER_INFO |
2015-01-21 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2015-0069.nasl - Type : ACT_GATHER_INFO |
2015-01-21 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2015-0068.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2015-04-04 13:27:29 |
|
2015-04-02 17:24:32 |
|