Executive Summary
Summary | |
---|---|
Title | java-1.5.0-ibm security update |
Informations | |||
---|---|---|---|
Name | RHSA-2010:0873 | First vendor Publication | 2010-11-10 |
Vendor | RedHat | Last vendor Modification | 2010-11-10 |
Severity (Vendor) | Critical | Revision | 02 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. Detailed vulnerability descriptions are linked from the IBM "Security alerts" page, listed in the References section. (CVE-2010-1321, CVE-2010-3541, CVE-2010-3548, CVE-2010-3549, CVE-2010-3550, CVE-2010-3551, CVE-2010-3556, CVE-2010-3559, CVE-2010-3562, CVE-2010-3565, CVE-2010-3566, CVE-2010-3568, CVE-2010-3569, CVE-2010-3572, CVE-2010-3573, CVE-2010-3574) All users of java-1.5.0-ibm are advised to upgrade to these updated packages, containing the IBM 1.5.0 SR12-FP2 Java release. All running instances of IBM Java must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 582466 - CVE-2010-1321 krb5: null pointer dereference in GSS-API library leads to DoS (MITKRB5-SA-2010-005) 639876 - CVE-2010-3568 OpenJDK Deserialization Race condition (6559775) 639897 - CVE-2010-3562 OpenJDK IndexColorModel double-free (6925710) 639909 - CVE-2010-3548 OpenJDK DNS server IP address information leak (6957564) 639920 - CVE-2010-3565 OpenJDK JPEG writeImage remote code execution (6963023) 639922 - CVE-2010-3566 OpenJDK ICC Profile remote code execution (6963489) 639925 - CVE-2010-3569 OpenJDK Serialization inconsistencies (6966692) 642180 - CVE-2010-3549 OpenJDK HttpURLConnection request splitting (6952017) 642187 - CVE-2010-3551 OpenJDK local network address disclosure (6952603) 642202 - CVE-2010-3541 CVE-2010-3573 OpenJDK HttpURLConnection allows arbitrary request headers (6961084,6980004) 642215 - CVE-2010-3574 OpenJDK HttpURLConnection incomplete TRACE permission check (6981426) 642559 - CVE-2010-3550 JDK unspecified vulnerability in Java Web Start component 642576 - CVE-2010-3556 JDK unspecified vulnerability in 2D component 642606 - CVE-2010-3559 JDK unspecified vulnerability in Sound component 642611 - CVE-2010-3572 JDK unspecified vulnerability in Sound component |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2010-0873.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-476 | NULL Pointer Dereference |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:11330 | |||
Oval ID: | oval:org.mitre.oval:def:11330 | ||
Title: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 and earlier versions | ||
Description: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality via unknown vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3551 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11604 | |||
Oval ID: | oval:org.mitre.oval:def:11604 | ||
Title: | The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API library in MIT Kerberos 5 (aka krb5) through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an AP-REQ message in which the authenticator's checksum field is missing. | ||
Description: | The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API library in MIT Kerberos 5 (aka krb5) through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an AP-REQ message in which the authenticator's checksum field is missing. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-1321 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11619 | |||
Oval ID: | oval:org.mitre.oval:def:11619 | ||
Title: | Unspecified vulnerability in the Java Web Start component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update and 25 and earlier versions | ||
Description: | Unspecified vulnerability in the Java Web Start component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3550 | Version: | 8 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11662 | |||
Oval ID: | oval:org.mitre.oval:def:11662 | ||
Title: | DEPRECATED: Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions | ||
Description: | Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this involves an incorrect sign extension in the HeadspaceSoundbank.nGetName function, which allows attackers to execute arbitrary code via a crafted BANK record that leads to a buffer overflow. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3559 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11815 | |||
Oval ID: | oval:org.mitre.oval:def:11815 | ||
Title: | Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions | ||
Description: | Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3556 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11880 | |||
Oval ID: | oval:org.mitre.oval:def:11880 | ||
Title: | Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions | ||
Description: | Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this involves an incorrect sign extension in the HeadspaceSoundbank.nGetName function, which allows attackers to execute arbitrary code via a crafted BANK record that leads to a buffer overflow. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3559 | Version: | 8 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11893 | |||
Oval ID: | oval:org.mitre.oval:def:11893 | ||
Title: | Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions | ||
Description: | Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is a double free vulnerability in IndexColorModel that allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3562 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11990 | |||
Oval ID: | oval:org.mitre.oval:def:11990 | ||
Title: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21 and earlier versions | ||
Description: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to missing validation of request headers in the HttpURLConnection class when they are set by applets, which allows remote attackers to bypass the intended security policy. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3573 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12029 | |||
Oval ID: | oval:org.mitre.oval:def:12029 | ||
Title: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 and earlier versions | ||
Description: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is a race condition related to deserialization. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3568 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12040 | |||
Oval ID: | oval:org.mitre.oval:def:12040 | ||
Title: | DEPRECATED: Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update and 25 and earlier versions | ||
Description: | Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update and 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow that leads to a buffer overflow via a crafted devs (device information) tag structure in a color profile. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3566 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12180 | |||
Oval ID: | oval:org.mitre.oval:def:12180 | ||
Title: | Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 and earlier versions | ||
Description: | Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow that triggers memory corruption via large values in a subsample of a JPEG image, related to JPEGImageWriter.writeImage in the imageio API. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3565 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12225 | |||
Oval ID: | oval:org.mitre.oval:def:12225 | ||
Title: | Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update and 25 and earlier versions | ||
Description: | Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update and 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow that leads to a buffer overflow via a crafted devs (device information) tag structure in a color profile. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3566 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12226 | |||
Oval ID: | oval:org.mitre.oval:def:12226 | ||
Title: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 and earlier versions | ||
Description: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this allows remote attackers to execute arbitrary code by causing the defaultReadObject method in the Serialization API to set a volatile field multiple times. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3569 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12229 | |||
Oval ID: | oval:org.mitre.oval:def:12229 | ||
Title: | DEPRECATED: Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions | ||
Description: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3574 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12240 | |||
Oval ID: | oval:org.mitre.oval:def:12240 | ||
Title: | Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions | ||
Description: | Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3572 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12274 | |||
Oval ID: | oval:org.mitre.oval:def:12274 | ||
Title: | DEPRECATED: Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21 and earlier versions | ||
Description: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to missing validation of request headers in the HttpURLConnection class when they are set by applets, which allows remote attackers to bypass the intended security policy. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3573 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12328 | |||
Oval ID: | oval:org.mitre.oval:def:12328 | ||
Title: | DEPRECATED: Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions | ||
Description: | Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is a double free vulnerability in IndexColorModel that allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3562 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12367 | |||
Oval ID: | oval:org.mitre.oval:def:12367 | ||
Title: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions | ||
Description: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3574 | Version: | 11 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12484 | |||
Oval ID: | oval:org.mitre.oval:def:12484 | ||
Title: | DEPRECATED: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 and earlier versions | ||
Description: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this allows remote attackers to execute arbitrary code by causing the defaultReadObject method in the Serialization API to set a volatile field multiple times. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3569 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12488 | |||
Oval ID: | oval:org.mitre.oval:def:12488 | ||
Title: | DEPRECATED: Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 and earlier versions | ||
Description: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality via unknown vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3551 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12496 | |||
Oval ID: | oval:org.mitre.oval:def:12496 | ||
Title: | DEPRECATED: Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions | ||
Description: | Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3556 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12531 | |||
Oval ID: | oval:org.mitre.oval:def:12531 | ||
Title: | DEPRECATED: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 and earlier versions | ||
Description: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is a race condition related to deserialization. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3568 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12536 | |||
Oval ID: | oval:org.mitre.oval:def:12536 | ||
Title: | DEPRECATED: Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions | ||
Description: | Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3572 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12571 | |||
Oval ID: | oval:org.mitre.oval:def:12571 | ||
Title: | DEPRECATED: Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 and earlier versions | ||
Description: | Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow that triggers memory corruption via large values in a subsample of a JPEG image, related to JPEGImageWriter.writeImage in the imageio API. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3565 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12590 | |||
Oval ID: | oval:org.mitre.oval:def:12590 | ||
Title: | DEPRECATED: Unspecified vulnerability in the Java Web Start component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update and 25 and earlier versions | ||
Description: | Unspecified vulnerability in the Java Web Start component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3550 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13305 | |||
Oval ID: | oval:org.mitre.oval:def:13305 | ||
Title: | USN-1010-1 -- openjdk-6, openjdk-6b18 vulnerabilities | ||
Description: | Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user�s session. USN-923-1 disabled SSL/TLS renegotiation by default; this update implements the TLS Renegotiation Indication Extension as defined in RFC 5746, and thus supports secure renegotiation between updated clients and servers. It was discovered that the HttpURLConnection class did not validate request headers set by java applets, which could allow an attacker to trigger actions otherwise not allowed to HTTP clients. It was discovered that JNDI could leak information that would allow an attacker to access information about otherwise-protected internal network names. It was discovered that HttpURLConnection improperly handled the "chunked" transfer encoding method, which could allow attackers to conduct HTTP response splitting attacks. It was discovered that the NetworkInterface class improperly checked the network "connect" permissions for local network addresses. This could allow an attacker to read local network addresses. It was discovered that UIDefault.ProxyLazyValue had unsafe reflection usage, allowing an attacker to create objects. It was discovered that multiple flaws in the CORBA reflection implementation could allow an attacker to execute arbitrary code by misusing permissions granted to certain system objects. It was discovered that unspecified flaws in the Swing library could allow untrusted applications to modify the behavior and state of certain JDK classes. It was discovered that the privileged accept method of the ServerSocket class in the CORBA implementation allowed it to receive connections from any host, instead of just the host of the current connection. An attacker could use this flaw to bypass restrictions defined by network permissions. It was discovered that there exists a double free in java�s indexColorModel that could allow an attacker to cause an applet or application to crash, or possibly execute arbitrary code with the privilege of the user running the java applet or application. It was discovered that the Kerberos implementation improperly checked AP-REQ requests, which could allow an attacker to cause a denial of service against the receiving JVM. It was discovered that improper checks of unspecified image metadata in JPEGImageWriter.writeImage of the imageio API could allow an attacker to execute arbitrary code with the privileges of the user running a java applet or application. It was discovered that an unspecified vulnerability in the ICC profile handling code could allow an attacker to execute arbitrary code with the privileges of the user running a java applet or application. It was discovered that a miscalculation in the OpenType font rendering implementation would allow out-of-bounds memory access. This could allow an attacker to execute arbitrary code with the privileges of the user running a java application. It was discovered that an unspecified race condition in the way objects were deserialized could allow an attacker to cause an applet or application to misuse the privileges of the user running the java applet or application. It was discovered that the defaultReadObject of the Serialization API could be tricked into setting a volatile field multiple times. This could allow an attacker to execute arbitrary code with the privileges of the user running a java applet or application. It was discovered that the HttpURLConnection class did not validate request headers set by java applets, which could allow an attacker to trigger actions otherwise not allowed to HTTP clients. It was discovered that the HttpURLConnection class improperly checked whether the calling code was granted the "allowHttpTrace" permission, allowing an attacker to create HTTP TRACE requests | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1010-1 CVE-2009-3555 CVE-2010-3541 CVE-2010-3548 CVE-2010-3549 CVE-2010-3551 CVE-2010-3553 CVE-2010-3554 CVE-2010-3557 CVE-2010-3561 CVE-2010-3562 CVE-2010-3564 CVE-2010-3565 CVE-2010-3566 CVE-2010-3567 CVE-2010-3568 CVE-2010-3569 CVE-2010-3573 CVE-2010-3574 | Version: | 5 |
Platform(s): | Ubuntu 8.04 Ubuntu 10.10 Ubuntu 9.10 Ubuntu 10.04 | Product(s): | openjdk-6 openjdk-6b18 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14340 | |||
Oval ID: | oval:org.mitre.oval:def:14340 | ||
Title: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is an HTTP request splitting vulnerability involving the handling of the chunked transfer encoding method by the HttpURLConnection class. | ||
Description: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is an HTTP request splitting vulnerability involving the handling of the chunked transfer encoding method by the HttpURLConnection class. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3549 | Version: | 9 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment Java Development Kit |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14354 | |||
Oval ID: | oval:org.mitre.oval:def:14354 | ||
Title: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to missing validation of request headers in the HttpURLConnection class when they are set by applets, which allows remote attackers to bypass the intended security policy. | ||
Description: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to missing validation of request headers in the HttpURLConnection class when they are set by applets, which allows remote attackers to bypass the intended security policy. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3541 | Version: | 9 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment Java Development Kit |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14475 | |||
Oval ID: | oval:org.mitre.oval:def:14475 | ||
Title: | Unspecified vulnerability in the Java Naming and Directory Interface (JNDI) component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this allows remote attackers to determine internal IP addresses or "otherwise-protected internal network names." | ||
Description: | Unspecified vulnerability in the Java Naming and Directory Interface (JNDI) component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this allows remote attackers to determine internal IP addresses or "otherwise-protected internal network names." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3548 | Version: | 9 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19571 | |||
Oval ID: | oval:org.mitre.oval:def:19571 | ||
Title: | Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
Description: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to missing validation of request headers in the HttpURLConnection class when they are set by applets, which allows remote attackers to bypass the intended security policy. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-3541 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.0 VMWare ESX Server 4.1 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20077 | |||
Oval ID: | oval:org.mitre.oval:def:20077 | ||
Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
Description: | Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow that triggers memory corruption via large values in a subsample of a JPEG image, related to JPEGImageWriter.writeImage in the imageio API. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-3565 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20190 | |||
Oval ID: | oval:org.mitre.oval:def:20190 | ||
Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
Description: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to missing validation of request headers in the HttpURLConnection class when they are set by applets, which allows remote attackers to bypass the intended security policy. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-3573 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20195 | |||
Oval ID: | oval:org.mitre.oval:def:20195 | ||
Title: | Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
Description: | Unspecified vulnerability in the Java Naming and Directory Interface (JNDI) component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this allows remote attackers to determine internal IP addresses or "otherwise-protected internal network names." | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-3548 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20205 | |||
Oval ID: | oval:org.mitre.oval:def:20205 | ||
Title: | Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
Description: | Unspecified vulnerability in the Java Web Start component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-3550 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.0 VMWare ESX Server 4.1 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20242 | |||
Oval ID: | oval:org.mitre.oval:def:20242 | ||
Title: | Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
Description: | Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-3556 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.0 VMWare ESX Server 4.1 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20272 | |||
Oval ID: | oval:org.mitre.oval:def:20272 | ||
Title: | Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
Description: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality via unknown vectors. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-3551 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.0 VMWare ESX Server 4.1 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20306 | |||
Oval ID: | oval:org.mitre.oval:def:20306 | ||
Title: | Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
Description: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-3574 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.0 VMWare ESX Server 4.1 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20380 | |||
Oval ID: | oval:org.mitre.oval:def:20380 | ||
Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
Description: | The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API library in MIT Kerberos 5 (aka krb5) through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an AP-REQ message in which the authenticator's checksum field is missing. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-1321 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20418 | |||
Oval ID: | oval:org.mitre.oval:def:20418 | ||
Title: | Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
Description: | Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this involves an incorrect sign extension in the HeadspaceSoundbank.nGetName function, which allows attackers to execute arbitrary code via a crafted BANK record that leads to a buffer overflow. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-3559 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.0 VMWare ESX Server 4.1 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20443 | |||
Oval ID: | oval:org.mitre.oval:def:20443 | ||
Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
Description: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this allows remote attackers to execute arbitrary code by causing the defaultReadObject method in the Serialization API to set a volatile field multiple times. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-3569 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20453 | |||
Oval ID: | oval:org.mitre.oval:def:20453 | ||
Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
Description: | Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update and 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow that leads to a buffer overflow via a crafted devs (device information) tag structure in a color profile. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-3566 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20460 | |||
Oval ID: | oval:org.mitre.oval:def:20460 | ||
Title: | Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
Description: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is an HTTP request splitting vulnerability involving the handling of the chunked transfer encoding method by the HttpURLConnection class. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-3549 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.0 VMWare ESX Server 4.1 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20492 | |||
Oval ID: | oval:org.mitre.oval:def:20492 | ||
Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
Description: | Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is a double free vulnerability in IndexColorModel that allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-3562 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20557 | |||
Oval ID: | oval:org.mitre.oval:def:20557 | ||
Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
Description: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is a race condition related to deserialization. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-3568 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20558 | |||
Oval ID: | oval:org.mitre.oval:def:20558 | ||
Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
Description: | Unspecified vulnerability in the Java Naming and Directory Interface (JNDI) component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this allows remote attackers to determine internal IP addresses or "otherwise-protected internal network names." | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-3548 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20588 | |||
Oval ID: | oval:org.mitre.oval:def:20588 | ||
Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
Description: | Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-3572 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21498 | |||
Oval ID: | oval:org.mitre.oval:def:21498 | ||
Title: | RHSA-2011:0152: java-1.4.2-ibm security update (Moderate) | ||
Description: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2011:0152-01 CVE-2010-1321 CVE-2010-3574 | Version: | 29 |
Platform(s): | Red Hat Enterprise Linux 5 | Product(s): | java-1.4.2-ibm |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21548 | |||
Oval ID: | oval:org.mitre.oval:def:21548 | ||
Title: | RHSA-2010:0423: krb5 security update (Important) | ||
Description: | The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API library in MIT Kerberos 5 (aka krb5) through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an AP-REQ message in which the authenticator's checksum field is missing. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2010:0423-01 CESA-2010:0423 CVE-2010-1321 | Version: | 4 |
Platform(s): | Red Hat Enterprise Linux 3 Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | krb5 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21716 | |||
Oval ID: | oval:org.mitre.oval:def:21716 | ||
Title: | RHSA-2010:0768: java-1.6.0-openjdk security and bug fix update (Important) | ||
Description: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2010:0768-01 CESA-2010:0768 CVE-2009-3555 CVE-2010-3541 CVE-2010-3548 CVE-2010-3549 CVE-2010-3551 CVE-2010-3553 CVE-2010-3554 CVE-2010-3557 CVE-2010-3561 CVE-2010-3562 CVE-2010-3564 CVE-2010-3565 CVE-2010-3567 CVE-2010-3568 CVE-2010-3569 CVE-2010-3573 CVE-2010-3574 | Version: | 224 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | java-1.6.0-openjdk |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22124 | |||
Oval ID: | oval:org.mitre.oval:def:22124 | ||
Title: | RHSA-2010:0770: java-1.6.0-sun security update (Critical) | ||
Description: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2010:0770-01 CVE-2009-3555 CVE-2010-1321 CVE-2010-3541 CVE-2010-3548 CVE-2010-3549 CVE-2010-3550 CVE-2010-3551 CVE-2010-3552 CVE-2010-3553 CVE-2010-3554 CVE-2010-3555 CVE-2010-3556 CVE-2010-3557 CVE-2010-3558 CVE-2010-3559 CVE-2010-3560 CVE-2010-3561 CVE-2010-3562 CVE-2010-3563 CVE-2010-3565 CVE-2010-3566 CVE-2010-3567 CVE-2010-3568 CVE-2010-3569 CVE-2010-3570 CVE-2010-3571 CVE-2010-3572 CVE-2010-3573 CVE-2010-3574 | Version: | 380 |
Platform(s): | Red Hat Enterprise Linux 5 | Product(s): | java-1.6.0-sun |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22284 | |||
Oval ID: | oval:org.mitre.oval:def:22284 | ||
Title: | RHSA-2010:0935: java-1.4.2-ibm security update (Moderate) | ||
Description: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2010:0935-01 CVE-2010-1321 CVE-2010-3574 | Version: | 29 |
Platform(s): | Red Hat Enterprise Linux 5 | Product(s): | java-1.4.2-ibm |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22285 | |||
Oval ID: | oval:org.mitre.oval:def:22285 | ||
Title: | RHSA-2010:0865: java-1.6.0-openjdk security and bug fix update (Important) | ||
Description: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2010:0865-02 CVE-2009-3555 CVE-2010-3541 CVE-2010-3548 CVE-2010-3549 CVE-2010-3551 CVE-2010-3553 CVE-2010-3554 CVE-2010-3557 CVE-2010-3561 CVE-2010-3562 CVE-2010-3564 CVE-2010-3565 CVE-2010-3567 CVE-2010-3568 CVE-2010-3569 CVE-2010-3573 CVE-2010-3574 | Version: | 224 |
Platform(s): | Red Hat Enterprise Linux 6 | Product(s): | java-1.6.0-openjdk |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22342 | |||
Oval ID: | oval:org.mitre.oval:def:22342 | ||
Title: | RHSA-2010:0873: java-1.5.0-ibm security update (Critical) | ||
Description: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2010:0873-02 CVE-2010-1321 CVE-2010-3541 CVE-2010-3548 CVE-2010-3549 CVE-2010-3550 CVE-2010-3551 CVE-2010-3556 CVE-2010-3559 CVE-2010-3562 CVE-2010-3565 CVE-2010-3566 CVE-2010-3568 CVE-2010-3569 CVE-2010-3572 CVE-2010-3573 CVE-2010-3574 | Version: | 211 |
Platform(s): | Red Hat Enterprise Linux 6 | Product(s): | java-1.5.0-ibm |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22361 | |||
Oval ID: | oval:org.mitre.oval:def:22361 | ||
Title: | RHSA-2010:0807: java-1.5.0-ibm security update (Critical) | ||
Description: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2010:0807-01 CVE-2009-3555 CVE-2010-1321 CVE-2010-3541 CVE-2010-3548 CVE-2010-3549 CVE-2010-3550 CVE-2010-3551 CVE-2010-3556 CVE-2010-3559 CVE-2010-3562 CVE-2010-3565 CVE-2010-3566 CVE-2010-3568 CVE-2010-3569 CVE-2010-3572 CVE-2010-3573 CVE-2010-3574 | Version: | 224 |
Platform(s): | Red Hat Enterprise Linux 5 | Product(s): | java-1.5.0-ibm |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22816 | |||
Oval ID: | oval:org.mitre.oval:def:22816 | ||
Title: | ELSA-2011:0152: java-1.4.2-ibm security update (Moderate) | ||
Description: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011:0152-01 CVE-2010-1321 CVE-2010-3574 | Version: | 13 |
Platform(s): | Oracle Linux 5 | Product(s): | java-1.4.2-ibm |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22873 | |||
Oval ID: | oval:org.mitre.oval:def:22873 | ||
Title: | ELSA-2010:0807: java-1.5.0-ibm security update (Critical) | ||
Description: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010:0807-01 CVE-2009-3555 CVE-2010-1321 CVE-2010-3541 CVE-2010-3548 CVE-2010-3549 CVE-2010-3550 CVE-2010-3551 CVE-2010-3556 CVE-2010-3559 CVE-2010-3562 CVE-2010-3565 CVE-2010-3566 CVE-2010-3568 CVE-2010-3569 CVE-2010-3572 CVE-2010-3573 CVE-2010-3574 | Version: | 73 |
Platform(s): | Oracle Linux 5 | Product(s): | java-1.5.0-ibm |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22954 | |||
Oval ID: | oval:org.mitre.oval:def:22954 | ||
Title: | ELSA-2010:0770: java-1.6.0-sun security update (Critical) | ||
Description: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010:0770-01 CVE-2009-3555 CVE-2010-1321 CVE-2010-3541 CVE-2010-3548 CVE-2010-3549 CVE-2010-3550 CVE-2010-3551 CVE-2010-3552 CVE-2010-3553 CVE-2010-3554 CVE-2010-3555 CVE-2010-3556 CVE-2010-3557 CVE-2010-3558 CVE-2010-3559 CVE-2010-3560 CVE-2010-3561 CVE-2010-3562 CVE-2010-3563 CVE-2010-3565 CVE-2010-3566 CVE-2010-3567 CVE-2010-3568 CVE-2010-3569 CVE-2010-3570 CVE-2010-3571 CVE-2010-3572 CVE-2010-3573 CVE-2010-3574 | Version: | 121 |
Platform(s): | Oracle Linux 5 | Product(s): | java-1.6.0-sun |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22962 | |||
Oval ID: | oval:org.mitre.oval:def:22962 | ||
Title: | ELSA-2010:0768: java-1.6.0-openjdk security and bug fix update (Important) | ||
Description: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010:0768-01 CVE-2009-3555 CVE-2010-3541 CVE-2010-3548 CVE-2010-3549 CVE-2010-3551 CVE-2010-3553 CVE-2010-3554 CVE-2010-3557 CVE-2010-3561 CVE-2010-3562 CVE-2010-3564 CVE-2010-3565 CVE-2010-3567 CVE-2010-3568 CVE-2010-3569 CVE-2010-3573 CVE-2010-3574 | Version: | 73 |
Platform(s): | Oracle Linux 5 | Product(s): | java-1.6.0-openjdk |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:23034 | |||
Oval ID: | oval:org.mitre.oval:def:23034 | ||
Title: | ELSA-2010:0423: krb5 security update (Important) | ||
Description: | The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API library in MIT Kerberos 5 (aka krb5) through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an AP-REQ message in which the authenticator's checksum field is missing. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010:0423-01 CVE-2010-1321 | Version: | 6 |
Platform(s): | Oracle Linux 5 | Product(s): | krb5 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:23245 | |||
Oval ID: | oval:org.mitre.oval:def:23245 | ||
Title: | ELSA-2010:0935: java-1.4.2-ibm security update (Moderate) | ||
Description: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010:0935-01 CVE-2010-1321 CVE-2010-3574 | Version: | 13 |
Platform(s): | Oracle Linux 5 | Product(s): | java-1.4.2-ibm |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:23563 | |||
Oval ID: | oval:org.mitre.oval:def:23563 | ||
Title: | ELSA-2010:0865: java-1.6.0-openjdk security and bug fix update (Important) | ||
Description: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010:0865-02 CVE-2009-3555 CVE-2010-3541 CVE-2010-3548 CVE-2010-3549 CVE-2010-3551 CVE-2010-3553 CVE-2010-3554 CVE-2010-3557 CVE-2010-3561 CVE-2010-3562 CVE-2010-3564 CVE-2010-3565 CVE-2010-3567 CVE-2010-3568 CVE-2010-3569 CVE-2010-3573 CVE-2010-3574 | Version: | 73 |
Platform(s): | Oracle Linux 6 | Product(s): | java-1.6.0-openjdk |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:23606 | |||
Oval ID: | oval:org.mitre.oval:def:23606 | ||
Title: | ELSA-2010:0873: java-1.5.0-ibm security update (Critical) | ||
Description: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010:0873-02 CVE-2010-1321 CVE-2010-3541 CVE-2010-3548 CVE-2010-3549 CVE-2010-3550 CVE-2010-3551 CVE-2010-3556 CVE-2010-3559 CVE-2010-3562 CVE-2010-3565 CVE-2010-3566 CVE-2010-3568 CVE-2010-3569 CVE-2010-3572 CVE-2010-3573 CVE-2010-3574 | Version: | 69 |
Platform(s): | Oracle Linux 6 | Product(s): | java-1.5.0-ibm |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:7198 | |||
Oval ID: | oval:org.mitre.oval:def:7198 | ||
Title: | VMware ESX,Service Console update for krb5. | ||
Description: | The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API library in MIT Kerberos 5 (aka krb5) through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an AP-REQ message in which the authenticator's checksum field is missing. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-1321 | Version: | 5 |
Platform(s): | VMWare ESX Server 3.5 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:7450 | |||
Oval ID: | oval:org.mitre.oval:def:7450 | ||
Title: | HP-UX Running Kerberos, Remote Denial of Service (DoS), Execution of Arbitrary Code | ||
Description: | The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API library in MIT Kerberos 5 (aka krb5) through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an AP-REQ message in which the authenticator's checksum field is missing. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-1321 | Version: | 11 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-03-16 | Name : VMSA-2011-0003.2 Third party component updates for VMware vCenter Server, vCe... File : nvt/gb_VMSA-2011-0003.nasl |
2012-03-15 | Name : VMSA-2010-0016 VMware ESXi and ESX third party updates for Service Console an... File : nvt/gb_VMSA-2010-0016.nasl |
2012-03-15 | Name : VMSA-2011-0013.2 VMware third party component updates for VMware vCenter Serv... File : nvt/gb_VMSA-2011-0013.nasl |
2012-02-12 | Name : Gentoo Security Advisory GLSA 201201-13 (mit-krb5) File : nvt/glsa_201201_13.nasl |
2012-02-12 | Name : Gentoo Security Advisory GLSA 201111-02 (sun-jre-bin sun-jdk emul-linux-x86-j... File : nvt/glsa_201111_02.nasl |
2011-08-09 | Name : CentOS Update for java CESA-2010:0768 centos5 i386 File : nvt/gb_CESA-2010_0768_java_centos5_i386.nasl |
2011-05-05 | Name : Fedora Update for krb5 FEDORA-2011-5343 File : nvt/gb_fedora_2011_5343_krb5_fc13.nasl |
2011-03-25 | Name : Fedora Update for krb5 FEDORA-2011-3464 File : nvt/gb_fedora_2011_3464_krb5_fc13.nasl |
2011-02-18 | Name : Fedora Update for krb5 FEDORA-2011-1210 File : nvt/gb_fedora_2011_1210_krb5_fc13.nasl |
2011-01-04 | Name : HP-UX Update for Java HPSBUX02608 File : nvt/gb_hp_ux_HPSBUX02608.nasl |
2010-12-23 | Name : Fedora Update for krb5 FEDORA-2010-18425 File : nvt/gb_fedora_2010_18425_krb5_fc13.nasl |
2010-12-02 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2010-16312 File : nvt/gb_fedora_2010_16312_java-1.6.0-openjdk_fc14.nasl |
2010-11-04 | Name : Ubuntu Update for openjdk-6, openjdk-6b18 vulnerabilities USN-1010-1 File : nvt/gb_ubuntu_USN_1010_1.nasl |
2010-10-28 | Name : Oracle Java SE Multiple Vulnerabilities (Windows) File : nvt/gb_sun_java_se_mult_vuln_oct10_win.nasl |
2010-10-22 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2010-16294 File : nvt/gb_fedora_2010_16294_java-1.6.0-openjdk_fc13.nasl |
2010-10-22 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2010-16240 File : nvt/gb_fedora_2010_16240_java-1.6.0-openjdk_fc12.nasl |
2010-10-19 | Name : RedHat Update for java-1.6.0-openjdk RHSA-2010:0768-01 File : nvt/gb_RHSA-2010_0768-01_java-1.6.0-openjdk.nasl |
2010-07-23 | Name : Ubuntu Update for krb5 vulnerability USN-940-2 File : nvt/gb_ubuntu_USN_940_2.nasl |
2010-07-12 | Name : Mandriva Update for heimdal MDVSA-2010:130 (heimdal) File : nvt/gb_mandriva_MDVSA_2010_130.nasl |
2010-06-03 | Name : Debian Security Advisory DSA 2052-1 (krb5) File : nvt/deb_2052_1.nasl |
2010-05-28 | Name : CentOS Update for krb5-devel CESA-2010:0423 centos3 i386 File : nvt/gb_CESA-2010_0423_krb5-devel_centos3_i386.nasl |
2010-05-28 | Name : CentOS Update for krb5-devel CESA-2010:0423 centos4 i386 File : nvt/gb_CESA-2010_0423_krb5-devel_centos4_i386.nasl |
2010-05-28 | Name : Ubuntu Update for krb5 vulnerabilities USN-940-1 File : nvt/gb_ubuntu_USN_940_1.nasl |
2010-05-28 | Name : Mandriva Update for krb5 MDVSA-2010:100 (krb5) File : nvt/gb_mandriva_MDVSA_2010_100.nasl |
2010-05-28 | Name : RedHat Update for krb5 RHSA-2010:0423-01 File : nvt/gb_RHSA-2010_0423-01_krb5.nasl |
2010-05-28 | Name : Fedora Update for krb5 FEDORA-2010-8805 File : nvt/gb_fedora_2010_8805_krb5_fc12.nasl |
2010-05-28 | Name : Fedora Update for krb5 FEDORA-2010-8796 File : nvt/gb_fedora_2010_8796_krb5_fc11.nasl |
2010-04-30 | Name : Mandriva Update for rpm MDVA-2010:130 (rpm) File : nvt/gb_mandriva_MDVA_2010_130.nasl |
2010-04-30 | Name : Mandriva Update for netcdf MDVA-2010:129 (netcdf) File : nvt/gb_mandriva_MDVA_2010_129.nasl |
2010-03-22 | Name : Mandriva Update for rootcerts MDVA-2010:100 (rootcerts) File : nvt/gb_mandriva_MDVA_2010_100.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
70083 | Oracle Database MIT Kerberos 5 kg_accept_krb5 Remote Denial of Service Oracle Database contains a flaw that may allow a remote denial of service. The issue is triggered when 'kg_accept_krb5' function in 'krb5/accept_sec_context.c', the GSS-API library in MIT Kerberos 5 fails to properly check for invalid GSS-API tokens, allowing a remote authenticated attacker to use a crafted AP-REQ message with a missing checksum field to cause a denial of service. |
69059 | Oracle Java SE / Java for Business Networking Component HttpURLConnection App... Oracle Java SE and Java for Business contain a flaw related to the Networking component's HttpURLConnection class's failure to properly validate request headers set by applets. This may allow a remote attacker to trigger otherwise restricted actions. |
69058 | Oracle Java SE / Java for Business JNDI Internal Network Names Information Di... Oracle Java SE and Java for Business contain a flaw that may lead to an unauthorized information disclosure. Â The issue is triggered when an information leak in the JNDI component occurs, which will disclose confidential internal network names to a remote attacker. |
69057 | Oracle Java SE / Java for Business Networking Component HttpURLConnection chu... Oracle Java SE and Java for Business contains a flaw related to the Networking component's HttpURLConnection class's failure to properly handle the 'chunked' transfer encoding method. This may allow a remote attacker to conduct HTTP request splitting attacks. |
69056 | Oracle Java SE / Java for Business Web Start Component Unspecified Issue (201... Oracle Java SE and Java for Business contain an unspecified flaw related to the Web Start component. This may allow a remote attacker to affect confidentiality, integrity, and availability. No further details have been provided. |
69055 | Oracle Java SE / Java for Business Networking Component Network Address Infor... Oracle Java SE and Java for Business contains a flaw that may lead to an unauthorized information disclosure. Â The issue is triggered whentThe NetworkInterface class fails to properly check the network 'connect' permissions for local network addresses, which will disclose local network addresses to a remote attacker. |
69050 | Oracle Java SE / Java for Business 2D Component Unspecified Issue (2010-3556) Oracle Java SE and Java for Business contain an unspecified flaw related to the 2D component. This may allow a remote attacker to affect confidentiality, integrity, and availability. No further details have been provided. |
69047 | Oracle Java SE / Java for Business HeadspaceSoundbank.nGetName BANK Record Si... A memory corruption flaw exists in Oracle Java SE and Java for Business. The 'HeadspaceSoundbank.nGetName' function fails to sanitize user-supplied input when parsing BANK records in SoundBank files, resulting in memory corruption. With a specially crafted BANK record, a context-dependent attacker can execute arbitrary code. |
69044 | Oracle Java SE / Java for Business 2D Component IndexColorModel Double-free E... Oracle Java SE and Java for Business contain a flaw related to the 2D Component. IndexColorModel suffers from a double free error when running an untrusted applet or application, which may allow a remote attacker to potentially execute arbitrary code. |
69042 | Oracle Java SE / Java for Business JRE JPEGImageWriter.writeImage Overflow Oracle Java SE and Java for Business are prone to an overflow condition. The JPEGImageWriter.writeImage in the imageio API in the JRE component fails to properly sanitize user-supplied input resulting in an integer overflow. With a specially crafted JPEG image file, a context-dependent attacker can potentially execute arbitrary code. |
69041 | Oracle Java SE / Java for Business JRE ICC Profile devs Tag Structure Overflow Oracle Java SE and Java for Business are prone to an overflow condition. The color profile parser in the JRE component fails to properly sanitize user-supplied input resulting in an integer overflow. With a specially crafted 'devs' tag structure in a color profile, a context-dependent attacker can potentially execute arbitrary code. |
69039 | Oracle Java SE / Java for Business JRE Component Unspecified Issue (2010-3568) Oracle Java SE and Java for Business contain an unspecified flaw related to the JRE component. This may allow a remote attacker to affect confidentiality, integrity, and availability. No further details have been provided. |
69038 | Oracle Java SE / Java for Business JRE Component Unspecified Issue (2010-3569) Oracle Java SE and Java for Business contain a flaw related to the JRE component. The 'defaultReadObject' method of the Serialization API. can be tricked into setting a volatile field repeatedly. This may allow a remote attacker to execute arbitrary code. |
69035 | Oracle Java SE / Java for Business Sound Component Unspecified Issue (2010-3... Oracle Java SE and Java for Business contain a flaw related to the Sound component that may allow a remote attacker to affect confidentiality, integrity, and availability. No further details have been provided. |
69034 | Oracle Java SE / Java for Business java.net.URLConnection Same-of-origin Poli... Oracle Java SE and Java for Business contain a flaw related to the 'HttpURLConnection' class in the Networking component's failure to properly validate applet request headers. This may allow a remote attacker to trigger actions which are normally restricted to HTTP clients. |
69033 | Oracle Java SE / Java for Business Networking Component HttpURLConnection all... Oracle Java SE and Java for Business contain a flaw related to the 'Networking' component. The 'HttpURLConnection' class fails to properly check if the calling code had the 'allowHttpTrace' permission, allowing the creation of HTTP TRACE requests by untrusted code. |
64744 | Kerberos GSS-API AP-REQ Authenticator NULL Dereference Remote DoS |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2011-12-01 | IAVM : 2011-A-0160 - Multiple Vulnerabilities in VMware vCenter Server 4.0 and vCenter Update Mana... Severity : Category I - VMSKEY : V0030769 |
2011-05-12 | IAVM : 2011-A-0066 - Multiple Vulnerabilities in VMware Products Severity : Category I - VMSKEY : V0027158 |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2016-03-08 | Name : The remote VMware ESX host is missing a security-related patch. File : vmware_VMSA-2010-0013_remote.nasl - Type : ACT_GATHER_INFO |
2016-03-04 | Name : The remote VMware ESX / ESXi host is missing a security-related patch. File : vmware_VMSA-2011-0013_remote.nasl - Type : ACT_GATHER_INFO |
2016-03-04 | Name : The remote VMware ESX / ESXi host is missing a security-related patch. File : vmware_VMSA-2011-0003_remote.nasl - Type : ACT_GATHER_INFO |
2014-11-26 | Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2011-0015.nasl - Type : ACT_GATHER_INFO |
2014-06-30 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201406-32.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_java-1_6_0-sun-101019.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_java-1_6_0-openjdk-101103.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0768.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0423.nasl - Type : ACT_GATHER_INFO |
2013-02-22 | Name : The remote Unix host contains a programming platform that is affected by mult... File : oracle_java_cpu_oct_2010_unix.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0880.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20101110_java_1_6_0_openjdk_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20101014_java__jdk_1_6_0__on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20101013_java_1_6_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100518_krb5_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2012-01-24 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201201-13.nasl - Type : ACT_GATHER_INFO |
2011-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_4_2-ibm-7440.nasl - Type : ACT_GATHER_INFO |
2011-11-07 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201111-02.nasl - Type : ACT_GATHER_INFO |
2011-10-28 | Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2011-0013.nasl - Type : ACT_GATHER_INFO |
2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_java-1_6_0-openjdk-101103.nasl - Type : ACT_GATHER_INFO |
2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_java-1_6_0-openjdk-101103.nasl - Type : ACT_GATHER_INFO |
2011-03-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_4_2-ibm-7348.nasl - Type : ACT_GATHER_INFO |
2011-03-11 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_4_2-ibm-110223.nasl - Type : ACT_GATHER_INFO |
2011-03-11 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12682.nasl - Type : ACT_GATHER_INFO |
2011-02-14 | Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2011-0003.nasl - Type : ACT_GATHER_INFO |
2011-01-27 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_6_0-sun-7204.nasl - Type : ACT_GATHER_INFO |
2011-01-25 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-ibm-101220.nasl - Type : ACT_GATHER_INFO |
2011-01-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12669.nasl - Type : ACT_GATHER_INFO |
2011-01-21 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_4_2-ibm-101112.nasl - Type : ACT_GATHER_INFO |
2011-01-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0152.nasl - Type : ACT_GATHER_INFO |
2010-12-17 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12658.nasl - Type : ACT_GATHER_INFO |
2010-12-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0987.nasl - Type : ACT_GATHER_INFO |
2010-12-02 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-sun-101019.nasl - Type : ACT_GATHER_INFO |
2010-12-02 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_5_0-ibm-7205.nasl - Type : ACT_GATHER_INFO |
2010-12-02 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_krb5-100520.nasl - Type : ACT_GATHER_INFO |
2010-12-02 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0935.nasl - Type : ACT_GATHER_INFO |
2010-12-01 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12659.nasl - Type : ACT_GATHER_INFO |
2010-11-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0873.nasl - Type : ACT_GATHER_INFO |
2010-11-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0865.nasl - Type : ACT_GATHER_INFO |
2010-11-18 | Name : The remote database server is affected by multiple vulnerabilities. File : oracle_rdbms_cpu_oct_2010.nasl - Type : ACT_GATHER_INFO |
2010-11-16 | Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2010-0016.nasl - Type : ACT_GATHER_INFO |
2010-10-29 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1010-1.nasl - Type : ACT_GATHER_INFO |
2010-10-28 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0807.nasl - Type : ACT_GATHER_INFO |
2010-10-22 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_java-1_6_0-sun-101019.nasl - Type : ACT_GATHER_INFO |
2010-10-22 | Name : The remote Fedora host is missing a security update. File : fedora_2010-16240.nasl - Type : ACT_GATHER_INFO |
2010-10-22 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_java-1_6_0-sun-101019.nasl - Type : ACT_GATHER_INFO |
2010-10-21 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0786.nasl - Type : ACT_GATHER_INFO |
2010-10-20 | Name : The remote Fedora host is missing a security update. File : fedora_2010-16294.nasl - Type : ACT_GATHER_INFO |
2010-10-20 | Name : The remote host has a version of Java that is affected by multiple vulnerabil... File : macosx_java_10_5_update8.nasl - Type : ACT_GATHER_INFO |
2010-10-20 | Name : The remote host has a version of Java that is affected by multiple vulnerabil... File : macosx_java_10_6_update3.nasl - Type : ACT_GATHER_INFO |
2010-10-18 | Name : The remote Fedora host is missing a security update. File : fedora_2010-16312.nasl - Type : ACT_GATHER_INFO |
2010-10-18 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0768.nasl - Type : ACT_GATHER_INFO |
2010-10-15 | Name : The remote Windows host contains a programming platform that is affected by m... File : oracle_java_cpu_oct_2010.nasl - Type : ACT_GATHER_INFO |
2010-10-15 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0770.nasl - Type : ACT_GATHER_INFO |
2010-10-14 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0768.nasl - Type : ACT_GATHER_INFO |
2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_krb5-7046.nasl - Type : ACT_GATHER_INFO |
2010-09-02 | Name : The remote VMware ESX host is missing one or more security-related patches. File : vmware_VMSA-2010-0013.nasl - Type : ACT_GATHER_INFO |
2010-07-22 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-940-2.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-8805.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-8749.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-8796.nasl - Type : ACT_GATHER_INFO |
2010-06-28 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHSS_41168.nasl - Type : ACT_GATHER_INFO |
2010-06-28 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHSS_41166.nasl - Type : ACT_GATHER_INFO |
2010-06-28 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHSS_41167.nasl - Type : ACT_GATHER_INFO |
2010-05-26 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_krb5-100521.nasl - Type : ACT_GATHER_INFO |
2010-05-26 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2052.nasl - Type : ACT_GATHER_INFO |
2010-05-26 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_krb5-100521.nasl - Type : ACT_GATHER_INFO |
2010-05-26 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_krb5-100521.nasl - Type : ACT_GATHER_INFO |
2010-05-24 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0423.nasl - Type : ACT_GATHER_INFO |
2010-05-20 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-940-1.nasl - Type : ACT_GATHER_INFO |
2010-05-20 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-100.nasl - Type : ACT_GATHER_INFO |
2010-05-19 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0423.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:54:03 |
|