Executive Summary
Summary | |
---|---|
Title | java-1.6.0-ibm security update |
Informations | |||
---|---|---|---|
Name | RHSA-2013:0823 | First vendor Publication | 2013-05-14 |
Vendor | RedHat | Last vendor Modification | 2013-05-14 |
Severity (Vendor) | Critical | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, ppc, s390x, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2013-0169, CVE-2013-0401, CVE-2013-1491, CVE-2013-1537, CVE-2013-1540, CVE-2013-1557, CVE-2013-1563, CVE-2013-1569, CVE-2013-2383, CVE-2013-2384, CVE-2013-2394, CVE-2013-2417, CVE-2013-2418, CVE-2013-2419, CVE-2013-2420, CVE-2013-2422, CVE-2013-2424, CVE-2013-2429, CVE-2013-2430, CVE-2013-2432, CVE-2013-2433, CVE-2013-2435, CVE-2013-2440) All users of java-1.6.0-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 6 SR13-FP2 release. All running instances of IBM Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 907589 - CVE-2013-0169 SSL/TLS: CBC padding timing attack (lucky-13) 920245 - CVE-2013-0401 OpenJDK: sun.awt.datatransfer.ClassLoaderObjectInputStream class may incorrectly invoke the system class loader (CanSecWest 2013, AWT, 8009305) 920248 - CVE-2013-1491 Oracle JDK: unspecified sanbox bypass (CanSecWest 2013, 2D) 952387 - CVE-2013-1537 OpenJDK: remote code loading enabled by default (RMI, 8001040) 952509 - CVE-2013-2424 OpenJDK: MBeanInstantiator insufficient class access checks (JMX, 8006435) 952521 - CVE-2013-2429 OpenJDK: JPEGImageWriter state corruption (ImageIO, 8007918) 952524 - CVE-2013-2430 OpenJDK: JPEGImageReader state corruption (ImageIO, 8007667) 952638 - CVE-2013-2420 OpenJDK: image processing vulnerability (2D, 8007617) 952642 - CVE-2013-2422 OpenJDK: MethodUtil trampoline class incorrect restrictions (Libraries, 8009857) 952648 - CVE-2013-1557 OpenJDK: LogStream.setDefaultStream() missing security restrictions (RMI, 8001329) 952656 - CVE-2013-2419 ICU: Layout Engine font processing errors (JDK 2D, 8001031) 952657 - CVE-2013-2417 OpenJDK: Network InetAddress serialization information disclosure (Networking, 8000724) 952708 - CVE-2013-2383 ICU: Layout Engine font layout and glyph table errors (JDK 2D, 8004986) 952709 - CVE-2013-2384 ICU: Layout Engine font layout and glyph table errors (JDK 2D, 8004987) 952711 - CVE-2013-1569 ICU: Layout Engine font layout and glyph table errors (JDK 2D, 8004994) 953166 - CVE-2013-1540 Oracle JDK: unspecified vulnerability fixed in 7u21 and 6u45 (Deployment) 953172 - CVE-2013-1563 Oracle JDK: unspecified vulnerability fixed in 7u21 and 6u45 (Install) 953265 - CVE-2013-2394 Oracle JDK: unspecified vulnerability fixed in 7u21 and 6u45 (2D) 953267 - CVE-2013-2418 Oracle JDK: unspecified vulnerability fixed in 7u21 and 6u45 (Deployment) 953269 - CVE-2013-2432 Oracle JDK: unspecified vulnerability fixed in 7u21 and 6u45 (2D) 953270 - CVE-2013-2433 Oracle JDK: unspecified vulnerability fixed in 7u21 and 6u45 (Deployment) 953273 - CVE-2013-2435 Oracle JDK: unspecified vulnerability fixed in 7u21 and 6u45 (Deployment) 953275 - CVE-2013-2440 Oracle JDK: unspecified vulnerability fixed in 7u21 and 6u45 (Deployment) |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2013-0823.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
67 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
33 % | CWE-310 | Cryptographic Issues |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:15708 | |||
Oval ID: | oval:org.mitre.oval:def:15708 | ||
Title: | Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and before, 6 Update 43 and before, 5.0 Update 41 and before and JavaFX 2.2.7 and before. Very difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; JavaFX 2.2.7 and earlier; and OpenJDK 6 and 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to ImageIO. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "JPEGImageReader state corruption" when using native code. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-2430 | Version: | 9 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment JavaFX |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16162 | |||
Oval ID: | oval:org.mitre.oval:def:16162 | ||
Title: | Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and before, 6 Update 43 and before, 5.0 Update 41 and before and JavaFX 2.2.7 and before. Very difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update 41 and earlier, and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-2432 and CVE-2013-1491. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-2394 | Version: | 8 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment JavaFX |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16213 | |||
Oval ID: | oval:org.mitre.oval:def:16213 | ||
Title: | Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and before, 6 Update 43 and before. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-2440. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-2435 | Version: | 4 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16297 | |||
Oval ID: | oval:org.mitre.oval:def:16297 | ||
Title: | Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and before, 6 Update 43 and before, 5.0 Update 41 and before. Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java Runtime Environment accessible data as well as read access to a subset of Java Runtime Environment accessible data. | ||
Description: | The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to execute arbitrary code via vectors related to AWT, as demonstrated by Ben Murphy during a Pwn2Own competition at CanSecWest 2013. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to invocation of the system class loader by the sun.awt.datatransfer.ClassLoaderObjectInputStream class, which allows remote attackers to bypass Java sandbox restrictions. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0401 | Version: | 9 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16314 | |||
Oval ID: | oval:org.mitre.oval:def:16314 | ||
Title: | Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and before, 6 Update 43 and before, 5.0 Update 41 and before. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java Runtime Environment. | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality via vectors related to JMX. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient class access checks" when "creating new instances" using MBeanInstantiator. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-2424 | Version: | 9 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16333 | |||
Oval ID: | oval:org.mitre.oval:def:16333 | ||
Title: | Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and before, 6 Update 43 and before. Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java Runtime Environment accessible data. | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-2433. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1540 | Version: | 4 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16444 | |||
Oval ID: | oval:org.mitre.oval:def:16444 | ||
Title: | Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and before, 6 Update 43 and before. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java Runtime Environment accessible data as well as read access to a subset of Java Runtime Environment accessible data and ability to cause a partial denial of service (partial DOS) of Java Runtime Environment. | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-2418 | Version: | 4 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16446 | |||
Oval ID: | oval:org.mitre.oval:def:16446 | ||
Title: | Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and before, 6 Update 43 and before, 5.0 Update 41 and before. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java Runtime Environment. | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect availability via unknown vectors related to Networking. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to an information leak involving InetAddress serialization. CVE has not investigated the apparent discrepancy between vendor reports regarding the impact of this issue. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-2417 | Version: | 9 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16454 | |||
Oval ID: | oval:org.mitre.oval:def:16454 | ||
Title: | Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and before and 6 Update 43 and before. Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java Runtime Environment accessible data. | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-1540. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-2433 | Version: | 4 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16527 | |||
Oval ID: | oval:org.mitre.oval:def:16527 | ||
Title: | Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and before, 6 Update 43 and before, 5.0 Update 41 and before. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java Runtime Environment. | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect availability via unknown vectors related to 2D. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "font processing errors" in the International Components for Unicode (ICU) Layout Engine before 51.2. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-2419 | Version: | 9 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16549 | |||
Oval ID: | oval:org.mitre.oval:def:16549 | ||
Title: | Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5 Update 41 and earlier can result in unauthorized update, insert or delete access to some Java Runtime Environment accessible data as well as read access to a subset of Java Runtime Environment accessible data. | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-1569, CVE-2013-2383, and CVE-2013-2420. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "font layout" in the International Components for Unicode (ICU) Layout Engine before 51.2. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-2384 | Version: | 9 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16561 | |||
Oval ID: | oval:org.mitre.oval:def:16561 | ||
Title: | Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and before, 6 Update 43 and before. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper method-invocation restrictions by the MethodUtil trampoline class, which allows remote attackers to bypass the Java sandbox. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-2422 | Version: | 5 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16564 | |||
Oval ID: | oval:org.mitre.oval:def:16564 | ||
Title: | Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5 Update 41 and earlier can result in unauthorized update, insert or delete access to some Java Runtime Environment accessible data as well as read access to a subset of Java Runtime Environment accessible data. | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-1569, CVE-2013-2384, and CVE-2013-2420. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "handling of [a] glyph table" in the International Components for Unicode (ICU) Layout Engine before 51.2. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-2383 | Version: | 9 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16578 | |||
Oval ID: | oval:org.mitre.oval:def:16578 | ||
Title: | Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and before, 6 Update 43 and before, 5.0 Update 41 and before. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to the default java.rmi.server.useCodebaseOnly setting of false, which allows remote attackers to perform "dynamic class downloading" and execute arbitrary code. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1537 | Version: | 9 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16586 | |||
Oval ID: | oval:org.mitre.oval:def:16586 | ||
Title: | Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and before, 6 Update 43 and before. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-2435. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-2440 | Version: | 4 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16597 | |||
Oval ID: | oval:org.mitre.oval:def:16597 | ||
Title: | Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and before, 6 Update 43 and before and 5.0 Update 41 and before. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to insufficient "validation of images" in share/native/sun/awt/image/awt_ImageRep.c, possibly involving offsets. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-2420 | Version: | 9 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16611 | |||
Oval ID: | oval:org.mitre.oval:def:16611 | ||
Title: | Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and before, 6 Update 43 and before, 5.0 Update 41 and before and JavaFX 2.2.7 and before. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update 41 and earlier, and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-2394 and CVE-2013-1491. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-2432 | Version: | 8 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment JavaFX |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16663 | |||
Oval ID: | oval:org.mitre.oval:def:16663 | ||
Title: | Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and before, 6 Update 43 and before, 5.0 Update 41 and before and JavaFX 2.2.7 and before. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. | ||
Description: | The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update 41 and earlier, and JavaFX 2.2.7 and earlier allows remote attackers to execute arbitrary code via vectors related to 2D, as demonstrated by Joshua Drake during a Pwn2Own competition at CanSecWest 2013. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1491 | Version: | 8 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment JavaFX |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16688 | |||
Oval ID: | oval:org.mitre.oval:def:16688 | ||
Title: | Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and before, 6 Update 43 and before, 5.0 Update 41 and before. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "missing security restrictions" in the LogStream.setDefaultStream method. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1557 | Version: | 9 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16697 | |||
Oval ID: | oval:org.mitre.oval:def:16697 | ||
Title: | Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5 Update 41 and earlier can result in unauthorized update, insert or delete access to some Java Runtime Environment accessible data as well as read access to a subset of Java Runtime Environment accessible data. | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "checking of [a] glyph table" in the International Components for Unicode (ICU) Layout Engine before 51.2. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1569 | Version: | 9 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18302 | |||
Oval ID: | oval:org.mitre.oval:def:18302 | ||
Title: | USN-1732-1 -- openssl vulnerabilities | ||
Description: | Several security issues were fixed in OpenSSL. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1732-1 CVE-2012-2686 CVE-2013-0166 CVE-2013-0169 | Version: | 7 |
Platform(s): | Ubuntu 12.10 Ubuntu 12.04 Ubuntu 11.10 Ubuntu 10.04 Ubuntu 8.04 | Product(s): | openssl |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18565 | |||
Oval ID: | oval:org.mitre.oval:def:18565 | ||
Title: | DSA-2621-1 openssl - several vulnerabilities | ||
Description: | Multiple vulnerabilities have been found in OpenSSL. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2621-1 CVE-2013-0166 CVE-2013-0169 | Version: | 7 |
Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | openssl |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19016 | |||
Oval ID: | oval:org.mitre.oval:def:19016 | ||
Title: | OpenSSL vulnerability before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d in VisualSVN Server (CVE-2013-0169) | ||
Description: | The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0169 | Version: | 6 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | VisualSVN Server |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19424 | |||
Oval ID: | oval:org.mitre.oval:def:19424 | ||
Title: | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
Description: | The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2013-0169 | Version: | 11 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19428 | |||
Oval ID: | oval:org.mitre.oval:def:19428 | ||
Title: | HP-UX Apache Web Server, Remote Denial of Service (DoS) | ||
Description: | The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2013-0169 | Version: | 7 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19524 | |||
Oval ID: | oval:org.mitre.oval:def:19524 | ||
Title: | HP-UX Running Java5 Runtime Environment (JRE) and Java Developer Kit (JDK), Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect availability via unknown vectors related to Networking. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to an information leak involving InetAddress serialization. CVE has not investigated the apparent discrepancy between vendor reports regarding the impact of this issue. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2013-2417 | Version: | 12 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19550 | |||
Oval ID: | oval:org.mitre.oval:def:19550 | ||
Title: | HP-UX Running Java5 Runtime Environment (JRE) and Java Developer Kit (JDK), Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to the default java.rmi.server.useCodebaseOnly setting of false, which allows remote attackers to perform "dynamic class downloading" and execute arbitrary code. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2013-1537 | Version: | 12 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19608 | |||
Oval ID: | oval:org.mitre.oval:def:19608 | ||
Title: | Multiple OpenSSL vulnerabilities | ||
Description: | The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2013-0169 | Version: | 5 |
Platform(s): | IBM AIX 5.3 IBM AIX 6.1 IBM AIX 7.1 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19641 | |||
Oval ID: | oval:org.mitre.oval:def:19641 | ||
Title: | HP-UX Running Java5 Runtime Environment (JRE) and Java Developer Kit (JDK), Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
Description: | The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to execute arbitrary code via vectors related to AWT, as demonstrated by Ben Murphy during a Pwn2Own competition at CanSecWest 2013. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to invocation of the system class loader by the sun.awt.datatransfer.ClassLoaderObjectInputStream class, which allows remote attackers to bypass Java sandbox restrictions. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2013-0401 | Version: | 12 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20786 | |||
Oval ID: | oval:org.mitre.oval:def:20786 | ||
Title: | VMware vSphere, ESX and ESXi updates to third party libraries | ||
Description: | The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2013-0169 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21079 | |||
Oval ID: | oval:org.mitre.oval:def:21079 | ||
Title: | RHSA-2013:0587: openssl security update (Moderate) | ||
Description: | The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2013:0587-01 CESA-2013:0587 CVE-2012-4929 CVE-2013-0166 CVE-2013-0169 | Version: | 45 |
Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 CentOS Linux 5 CentOS Linux 6 | Product(s): | openssl |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:23489 | |||
Oval ID: | oval:org.mitre.oval:def:23489 | ||
Title: | DEPRECATED: ELSA-2013:0587: openssl security update (Moderate) | ||
Description: | The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2013:0587-01 CVE-2012-4929 CVE-2013-0166 CVE-2013-0169 | Version: | 18 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | openssl |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:23909 | |||
Oval ID: | oval:org.mitre.oval:def:23909 | ||
Title: | ELSA-2013:0587: openssl security update (Moderate) | ||
Description: | The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2013:0587-01 CVE-2012-4929 CVE-2013-0166 CVE-2013-0169 | Version: | 17 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | openssl |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:24405 | |||
Oval ID: | oval:org.mitre.oval:def:24405 | ||
Title: | Vulnerability in the TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products | ||
Description: | The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0169 | Version: | 5 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:24938 | |||
Oval ID: | oval:org.mitre.oval:def:24938 | ||
Title: | OpenSSL vulnerability before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d, allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks | ||
Description: | The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0169 | Version: | 4 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | OpenSSL |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:25669 | |||
Oval ID: | oval:org.mitre.oval:def:25669 | ||
Title: | SUSE-SU-2013:0871-2 -- Security update for IBM Java | ||
Description: | IBM Java 1.7.0 has been updated to SR4-FP2 which fixes bugs and security issues. http://www.ibm.com/developerworks/java/jdk/alerts/ <http://www.ibm.com/developerworks/java/jdk/alerts/> | ||
Family: | unix | Class: | patch |
Reference(s): | SUSE-SU-2013:0871-2 CVE-2013-2422 CVE-2013-1491 CVE-2013-2435 CVE-2013-2420 CVE-2013-2432 CVE-2013-1569 CVE-2013-2384 CVE-2013-2383 CVE-2013-1557 CVE-2013-1537 CVE-2013-2440 CVE-2013-2429 CVE-2013-2430 CVE-2013-1563 CVE-2013-2394 CVE-2013-0401 CVE-2013-2424 CVE-2013-2419 CVE-2013-2417 CVE-2013-2418 CVE-2013-1540 CVE-2013-2433 | Version: | 3 |
Platform(s): | SUSE Linux Enterprise Server 11 | Product(s): | IBM Java |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:25791 | |||
Oval ID: | oval:org.mitre.oval:def:25791 | ||
Title: | SUSE-SU-2013:0871-1 -- Security update for IBM Java 1.7.0 | ||
Description: | IBM Java 1.7.0 has been updated to SR4-FP2 which fixes several bugs and security issues. http://www.ibm.com/developerworks/java/jdk/alerts/ <http://www.ibm.com/developerworks/java/jdk/alerts/> | ||
Family: | unix | Class: | patch |
Reference(s): | SUSE-SU-2013:0871-1 CVE-2013-2422 CVE-2013-1491 CVE-2013-2435 CVE-2013-2420 CVE-2013-2432 CVE-2013-1569 CVE-2013-2384 CVE-2013-2383 CVE-2013-1557 CVE-2013-1537 CVE-2013-2440 CVE-2013-2429 CVE-2013-2430 CVE-2013-1563 CVE-2013-2394 CVE-2013-0401 CVE-2013-2424 CVE-2013-2419 CVE-2013-2417 CVE-2013-2418 CVE-2013-1540 CVE-2013-2433 | Version: | 3 |
Platform(s): | SUSE Linux Enterprise Server 11 | Product(s): | IBM Java 1.7.0 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:25811 | |||
Oval ID: | oval:org.mitre.oval:def:25811 | ||
Title: | SUSE-SU-2013:0701-1 -- Security update for java-1_7_0-ibm | ||
Description: | IBM Java 7 was updated to SR4-FP1, fixing bugs and security issues. | ||
Family: | unix | Class: | patch |
Reference(s): | SUSE-SU-2013:0701-1 CVE-2013-0485 CVE-2013-0809 CVE-2013-1493 CVE-2013-0169 | Version: | 3 |
Platform(s): | SUSE Linux Enterprise Server 11 | Product(s): | java-1_7_0-ibm |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:25883 | |||
Oval ID: | oval:org.mitre.oval:def:25883 | ||
Title: | SUSE-SU-2013:0814-1 -- Security update for java-1_6_0-openjdk | ||
Description: | java-1_6_0-openjdk has been updated to version Icedtea6-1.12.5 which fixes several security issues. | ||
Family: | unix | Class: | patch |
Reference(s): | SUSE-SU-2013:0814-1 CVE-2013-1518 CVE-2013-2417 CVE-2013-2419 CVE-2013-1537 CVE-2013-1557 CVE-2013-2415 CVE-2013-2431 CVE-2013-2383 CVE-2013-2384 CVE-2013-1569 CVE-2013-2424 CVE-2013-2420 CVE-2013-2430 CVE-2013-2429 CVE-2013-2426 CVE-2013-0401 CVE-2013-2421 CVE-2013-1488 CVE-2013-2422 | Version: | 3 |
Platform(s): | SUSE Linux Enterprise Desktop 11 | Product(s): | java-1_6_0-openjdk |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:25988 | |||
Oval ID: | oval:org.mitre.oval:def:25988 | ||
Title: | SUSE-SU-2013:0934-1 -- Security update for Java 1.4.2 | ||
Description: | IBM Java 1.4.2 has been updated to SR13-FP17 fixing bugs and security issues. http://www.ibm.com/developerworks/java/jdk/alerts/ <http://www.ibm.com/developerworks/java/jdk/alerts/> | ||
Family: | unix | Class: | patch |
Reference(s): | SUSE-SU-2013:0934-1 CVE-2013-1491 CVE-2013-2420 CVE-2013-2432 CVE-2013-1569 CVE-2013-2384 CVE-2013-2383 CVE-2013-1557 CVE-2013-1537 CVE-2013-2429 CVE-2013-2430 CVE-2013-2394 CVE-2013-2419 CVE-2013-2417 | Version: | 3 |
Platform(s): | SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server 10 | Product(s): | Java 1.4.2 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:26214 | |||
Oval ID: | oval:org.mitre.oval:def:26214 | ||
Title: | SUSE-SU-2013:0328-1 -- Security update for Java | ||
Description: | java-1_6_0-openjdk has been updated to IcedTea 1.12.3 (bnc#804654) which contains security and bugfixes: * Security fixes o S8006446: Restrict MBeanServer access (CVE-2013-1486) o S8006777: Improve TLS handling of invalid messages Lucky 13 (CVE-2013-0169) o S8007688: Blacklist known bad certificate (issued by DigiCert) * Backports o S8007393: Possible race condition after JDK-6664509 o S8007611: logging behavior in applet changed * Bug fixes o PR1319: Support GIF lib v5. | ||
Family: | unix | Class: | patch |
Reference(s): | SUSE-SU-2013:0328-1 CVE-2013-1486 CVE-2013-0169 | Version: | 3 |
Platform(s): | SUSE Linux Enterprise Desktop 11 | Product(s): | Java |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:27551 | |||
Oval ID: | oval:org.mitre.oval:def:27551 | ||
Title: | DEPRECATED: ELSA-2013-0275 -- java-1.7.0-openjdk security update (important) | ||
Description: | [1.7.0.9-2.3.7.1.0.2.el6_3] - Increase release number and rebuild. [1.7.0.9-2.3.7.1.0.1.el6_3] - Update DISTRO_NAME in specfile [1.7.0.9-2.3.7.1.el6_3] - Updated main source tarball - Resolves: rhbz#911529 [1.7.0.9-2.3.7.0.el6_3] - Removed patch1000 sec-2013-02-01-8005615.patch - Removed patch1001 sec-2013-02-01-8005615-sync_with_jdk7u.patch - Removed patch1010 sec-2013-02-01-7201064.patch - Removed testing - mauve was outdated and - jtreg was icedtea relict - Updated to icedtea 2.3.7 - Added java -Xshare:dump to post (see 513605) fo jitarchs - Resolves: rhbz#911529 | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2013-0275 CVE-2013-1485 CVE-2013-1484 CVE-2013-1486 CVE-2013-0169 | Version: | 4 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | java-1.7.0-openjdk |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:27605 | |||
Oval ID: | oval:org.mitre.oval:def:27605 | ||
Title: | DEPRECATED: ELSA-2013-0587 -- openssl security update (moderate) | ||
Description: | [1.0.0-27.2] - fix for CVE-2013-0169 - SSL/TLS CBC timing attack (#907589) - fix for CVE-2013-0166 - DoS in OCSP signatures checking (#908052) - enable compression only if explicitly asked for or OPENSSL_DEFAULT_ZLIB environment variable is set (fixes CVE-2012-4929 #857051) - use __secure_getenv() everywhere instead of getenv() (#839735) | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2013-0587 CVE-2013-0166 CVE-2012-4929 CVE-2013-0169 | Version: | 4 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | openssl |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
ExploitDB Exploits
id | Description |
---|---|
2013-04-18 | Java Web Start Launcher ActiveX Control - Memory Corruption |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2013-10-17 | IAVM : 2013-A-0199 - Multiple Vulnerabilities in Oracle Fusion Middleware Severity : Category I - VMSKEY : V0040786 |
2013-09-19 | IAVM : 2013-A-0181 - Multiple Vulnerabilities in Junos Pulse Secure Access Service (IVE) Severity : Category I - VMSKEY : V0040371 |
2013-09-19 | IAVM : 2013-A-0180 - Multiple Vulnerabilities in Juniper Networks Junos Pulse Access Service Acces... Severity : Category I - VMSKEY : V0040372 |
2013-09-19 | IAVM : 2013-A-0179 - Apple Mac OS X Security Update 2013-004 Severity : Category I - VMSKEY : V0040373 |
2013-04-11 | IAVM : 2013-A-0077 - Multiple Vulnerabilities in OpenSSL Severity : Category I - VMSKEY : V0037605 |
Snort® IPS/IDS
Date | Description |
---|---|
2019-03-12 | Oracle Java JPEGImageWriter memory corruption attempt RuleID : 49117 - Revision : 1 - Type : FILE-JAVA |
2019-03-12 | Oracle Java JPEGImageWriter memory corruption attempt RuleID : 49116 - Revision : 1 - Type : FILE-JAVA |
2014-04-17 | Oracle Java font rendering remote code execution attempt RuleID : 30218 - Revision : 3 - Type : FILE-JAVA |
2014-04-17 | Oracle Java font rendering remote code execution attempt RuleID : 30217 - Revision : 2 - Type : FILE-JAVA |
2014-02-08 | Oracle Java sun.awt.image.ImageRepresentation.setPixels integer overflow attempt RuleID : 29269 - Revision : 2 - Type : FILE-JAVA |
2014-02-08 | Oracle Java sun.awt.image.ImageRepresentation.setPixels integer overflow attempt RuleID : 29268 - Revision : 3 - Type : FILE-JAVA |
2014-02-08 | Oracle Java and JavaFX JPEGImageReader memory corruption attempt RuleID : 29219 - Revision : 2 - Type : FILE-JAVA |
2014-02-08 | Oracle Java and JavaFX JPEGImageReader memory corruption attempt RuleID : 29218 - Revision : 3 - Type : FILE-JAVA |
2014-02-08 | Oracle Java sun.awt.image.ImageRepresentation.setPixels integer overflow attempt RuleID : 29215 - Revision : 2 - Type : FILE-JAVA |
2014-02-08 | Oracle Java JPEGImageWriter memory corruption attempt RuleID : 29214 - Revision : 3 - Type : FILE-JAVA |
2014-01-10 | Oracle Java font rendering remote code execution attempt RuleID : 26717 - Revision : 5 - Type : FILE-JAVA |
2014-01-10 | Oracle Java font rendering remote code execution attempt RuleID : 26716 - Revision : 6 - Type : FILE-JAVA |
2014-01-10 | SSLv3 plaintext recovery attempt RuleID : 25828 - Revision : 4 - Type : SERVER-OTHER |
2014-01-10 | TLSv1.2 plaintext recovery attempt RuleID : 25827 - Revision : 4 - Type : SERVER-OTHER |
2014-01-10 | TLSv1.1 plaintext recovery attempt RuleID : 25826 - Revision : 4 - Type : SERVER-OTHER |
2014-01-10 | TLSv1.0 plaintext recovery attempt RuleID : 25825 - Revision : 4 - Type : SERVER-OTHER |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2018-09-27 | Name : The remote Debian host is missing a security update. File : debian_DLA-1518.nasl - Type : ACT_GATHER_INFO |
2016-11-21 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL93600123.nasl - Type : ACT_GATHER_INFO |
2016-03-04 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2016-294.nasl - Type : ACT_GATHER_INFO |
2016-03-04 | Name : The remote VMware ESX / ESXi host is missing a security-related patch. File : vmware_esx_VMSA-2013-0009_remote.nasl - Type : ACT_GATHER_INFO |
2015-05-15 | Name : The remote Debian host is missing a security update. File : debian_DLA-219.nasl - Type : ACT_GATHER_INFO |
2015-03-17 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-3187.nasl - Type : ACT_GATHER_INFO |
2015-03-11 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-2522-3.nasl - Type : ACT_GATHER_INFO |
2015-03-09 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-2522-2.nasl - Type : ACT_GATHER_INFO |
2015-03-06 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2522-1.nasl - Type : ACT_GATHER_INFO |
2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_gnutls_20130924.nasl - Type : ACT_GATHER_INFO |
2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_nss_20140809.nasl - Type : ACT_GATHER_INFO |
2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_openssl_20130716.nasl - Type : ACT_GATHER_INFO |
2015-01-13 | Name : The remote host has a library installed that is affected by an information di... File : tivoli_directory_svr_swg21638270.nasl - Type : ACT_GATHER_INFO |
2014-12-22 | Name : The remote device is affected by multiple vulnerabilities. File : juniper_space_jsa10627.nasl - Type : ACT_GATHER_INFO |
2014-12-22 | Name : The remote device is affected by multiple vulnerabilities. File : juniper_space_jsa10659.nasl - Type : ACT_GATHER_INFO |
2014-12-05 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_compat-openssl097g-141202.nasl - Type : ACT_GATHER_INFO |
2014-11-26 | Name : The remote OracleVM host is missing a security update. File : oraclevm_OVMSA-2014-0007.nasl - Type : ACT_GATHER_INFO |
2014-11-26 | Name : The remote OracleVM host is missing a security update. File : oraclevm_OVMSA-2014-0008.nasl - Type : ACT_GATHER_INFO |
2014-11-08 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2013-0636.nasl - Type : ACT_GATHER_INFO |
2014-11-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-1455.nasl - Type : ACT_GATHER_INFO |
2014-11-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-1456.nasl - Type : ACT_GATHER_INFO |
2014-11-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0416.nasl - Type : ACT_GATHER_INFO |
2014-10-10 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL14190.nasl - Type : ACT_GATHER_INFO |
2014-10-10 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL15630.nasl - Type : ACT_GATHER_INFO |
2014-10-10 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL15637.nasl - Type : ACT_GATHER_INFO |
2014-08-22 | Name : The remote host is affected by multiple vulnerabilities. File : juniper_nsm_jsa10642.nasl - Type : ACT_GATHER_INFO |
2014-08-11 | Name : The remote backup service is affected by multiple vulnerabilities. File : ibm_tsm_server_5_5_x.nasl - Type : ACT_GATHER_INFO |
2014-08-11 | Name : The remote backup service is affected by multiple vulnerabilities. File : ibm_tsm_server_6_1_x.nasl - Type : ACT_GATHER_INFO |
2014-08-11 | Name : The remote backup service is affected by multiple vulnerabilities. File : ibm_tsm_server_6_2_6_0.nasl - Type : ACT_GATHER_INFO |
2014-08-11 | Name : The remote backup service is affected by an information disclosure vulnerabil... File : ibm_tsm_server_6_3_4_200.nasl - Type : ACT_GATHER_INFO |
2014-07-14 | Name : The remote mail server is affected by an information disclosure vulnerability. File : ipswitch_imail_12_3.nasl - Type : ACT_GATHER_INFO |
2014-06-30 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201406-32.nasl - Type : ACT_GATHER_INFO |
2014-06-18 | Name : The remote database server is affected by multiple vulnerabilities. File : db2_101fp3a.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-153.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-154.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-164.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-402.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-410.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-426.nasl - Type : ACT_GATHER_INFO |
2014-04-16 | Name : The remote AIX host is running a vulnerable version of OpenSSL. File : aix_openssl_advisory5.nasl - Type : ACT_GATHER_INFO |
2014-01-27 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201401-30.nasl - Type : ACT_GATHER_INFO |
2014-01-20 | Name : The remote VMware ESXi 5.1 host is affected by multiple vulnerabilities. File : vmware_esxi_5_1_build_1483097_remote.nasl - Type : ACT_GATHER_INFO |
2014-01-08 | Name : The remote server is affected by multiple vulnerabilities. File : domino_9_0_1.nasl - Type : ACT_GATHER_INFO |
2014-01-08 | Name : The remote host has software installed that is affected by multiple vulnerabi... File : lotus_domino_9_0_1.nasl - Type : ACT_GATHER_INFO |
2013-12-18 | Name : The remote database server is affected by multiple vulnerabilities. File : db2_97fp9.nasl - Type : ACT_GATHER_INFO |
2013-12-03 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201312-03.nasl - Type : ACT_GATHER_INFO |
2013-11-13 | Name : The remote VMware ESXi 5.0 host is affected by multiple security vulnerabilit... File : vmware_esxi_5_0_build_1311177_remote.nasl - Type : ACT_GATHER_INFO |
2013-11-04 | Name : The remote server is affected by multiple vulnerabilities. File : domino_8_5_3fp5.nasl - Type : ACT_GATHER_INFO |
2013-11-04 | Name : The remote host has software installed that is affected by multiple vulnerabi... File : lotus_domino_8_5_3_fp5.nasl - Type : ACT_GATHER_INFO |
2013-11-04 | Name : The remote host has software installed that is affected by multiple vulnerabi... File : lotus_notes_8_5_3_fp5.nasl - Type : ACT_GATHER_INFO |
2013-10-18 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201310-10.nasl - Type : ACT_GATHER_INFO |
2013-10-16 | Name : The remote database server is affected by multiple vulnerabilities. File : oracle_rdbms_cpu_oct_2013.nasl - Type : ACT_GATHER_INFO |
2013-09-20 | Name : The remote application server may be affected by multiple vulnerabilities. File : websphere_6_1_0_47.nasl - Type : ACT_GATHER_INFO |
2013-09-19 | Name : The remote device is missing a vendor-supplied security patch. File : junos_pulse_jsa10591.nasl - Type : ACT_GATHER_INFO |
2013-09-13 | Name : The remote host is missing a Mac OS X update that fixes several security issues. File : macosx_10_8_5.nasl - Type : ACT_GATHER_INFO |
2013-09-13 | Name : The remote host is missing a Mac OS X update that fixes several security issues. File : macosx_SecUpd2013-004.nasl - Type : ACT_GATHER_INFO |
2013-09-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2013-162.nasl - Type : ACT_GATHER_INFO |
2013-09-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2013-163.nasl - Type : ACT_GATHER_INFO |
2013-09-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2013-171.nasl - Type : ACT_GATHER_INFO |
2013-09-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2013-183.nasl - Type : ACT_GATHER_INFO |
2013-09-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2013-185.nasl - Type : ACT_GATHER_INFO |
2013-08-23 | Name : The remote application server may be affected by multiple vulnerabilities. File : websphere_8_0_0_7.nasl - Type : ACT_GATHER_INFO |
2013-08-05 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2013-13479.nasl - Type : ACT_GATHER_INFO |
2013-08-02 | Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2013-0009.nasl - Type : ACT_GATHER_INFO |
2013-07-28 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2013-13523.nasl - Type : ACT_GATHER_INFO |
2013-07-23 | Name : The remote application server may be affected by multiple vulnerabilities. File : websphere_8_5_5.nasl - Type : ACT_GATHER_INFO |
2013-07-19 | Name : The remote application server is potentially affected by multiple vulnerabili... File : websphere_7_0_0_29.nasl - Type : ACT_GATHER_INFO |
2013-07-16 | Name : The remote device is missing a vendor-supplied security patch. File : juniper_jsa10575.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-0273.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-0274.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-0275.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-0587.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-0751.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-0752.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-0770.nasl - Type : ACT_GATHER_INFO |
2013-07-10 | Name : The remote host has a library installed that is affected by an information di... File : ibm_gskit_swg21638270.nasl - Type : ACT_GATHER_INFO |
2013-06-24 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2013-0833.nasl - Type : ACT_GATHER_INFO |
2013-06-11 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_4_2-ibm-130529.nasl - Type : ACT_GATHER_INFO |
2013-06-11 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_7_0-ibm-130529.nasl - Type : ACT_GATHER_INFO |
2013-06-06 | Name : The remote web server contains an application that is affected by multiple vu... File : splunk_503.nasl - Type : ACT_GATHER_INFO |
2013-05-28 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-ibm-130517.nasl - Type : ACT_GATHER_INFO |
2013-05-23 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0855.nasl - Type : ACT_GATHER_INFO |
2013-05-22 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-openjdk-130512.nasl - Type : ACT_GATHER_INFO |
2013-05-15 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0822.nasl - Type : ACT_GATHER_INFO |
2013-05-15 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0823.nasl - Type : ACT_GATHER_INFO |
2013-05-10 | Name : The remote application server may be affected by multiple vulnerabilities. File : websphere_8_0_0_6.nasl - Type : ACT_GATHER_INFO |
2013-05-10 | Name : The remote application server may be affected by multiple vulnerabilities. File : websphere_8_5_0_2.nasl - Type : ACT_GATHER_INFO |
2013-05-08 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1819-1.nasl - Type : ACT_GATHER_INFO |
2013-05-07 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-161.nasl - Type : ACT_GATHER_INFO |
2013-04-30 | Name : The remote host is affected by multiple vulnerabilities. File : ibm_tem_8_2_1372.nasl - Type : ACT_GATHER_INFO |
2013-04-26 | Name : The remote Fedora host is missing a security update. File : fedora_2013-6368.nasl - Type : ACT_GATHER_INFO |
2013-04-26 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130424_java_1_6_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2013-04-25 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-0770.nasl - Type : ACT_GATHER_INFO |
2013-04-25 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0770.nasl - Type : ACT_GATHER_INFO |
2013-04-24 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-ibm-130416.nasl - Type : ACT_GATHER_INFO |
2013-04-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_6_0-ibm-8544.nasl - Type : ACT_GATHER_INFO |
2013-04-24 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1806-1.nasl - Type : ACT_GATHER_INFO |
2013-04-20 | Name : The remote Fedora host is missing a security update. File : fedora_2013-5922.nasl - Type : ACT_GATHER_INFO |
2013-04-20 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-050.nasl - Type : ACT_GATHER_INFO |
2013-04-20 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-052.nasl - Type : ACT_GATHER_INFO |
2013-04-20 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-095.nasl - Type : ACT_GATHER_INFO |
2013-04-19 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-0751.nasl - Type : ACT_GATHER_INFO |
2013-04-19 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0757.nasl - Type : ACT_GATHER_INFO |
2013-04-19 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0758.nasl - Type : ACT_GATHER_INFO |
2013-04-19 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_7_0-ibm-130415.nasl - Type : ACT_GATHER_INFO |
2013-04-18 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-0752.nasl - Type : ACT_GATHER_INFO |
2013-04-18 | Name : The remote Fedora host is missing a security update. File : fedora_2013-5958.nasl - Type : ACT_GATHER_INFO |
2013-04-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0751.nasl - Type : ACT_GATHER_INFO |
2013-04-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0752.nasl - Type : ACT_GATHER_INFO |
2013-04-18 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130417_java_1_7_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2013-04-18 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130417_java_1_7_0_openjdk_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2013-04-17 | Name : The remote host has a version of Java that is affected by multiple vulnerabil... File : macosx_java_10_6_update15.nasl - Type : ACT_GATHER_INFO |
2013-04-17 | Name : The remote host has a version of Java that is affected by multiple vulnerabil... File : macosx_java_2013-003.nasl - Type : ACT_GATHER_INFO |
2013-04-17 | Name : The remote Windows host contains a programming platform that is potentially a... File : oracle_java_cpu_apr_2013.nasl - Type : ACT_GATHER_INFO |
2013-04-17 | Name : The remote Unix host contains a programming platform that is potentially affe... File : oracle_java_cpu_apr_2013_unix.nasl - Type : ACT_GATHER_INFO |
2013-04-08 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_69bfc8529bd011e2a7be8c705af55518.nasl - Type : ACT_GATHER_INFO |
2013-04-03 | Name : The remote Fedora host is missing a security update. File : fedora_2013-4403.nasl - Type : ACT_GATHER_INFO |
2013-03-28 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libopenssl-devel-130325.nasl - Type : ACT_GATHER_INFO |
2013-03-28 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_openssl-8517.nasl - Type : ACT_GATHER_INFO |
2013-03-26 | Name : The remote Windows host contains a program that is affected by multiple vulne... File : stunnel_4_55.nasl - Type : ACT_GATHER_INFO |
2013-03-26 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1732-3.nasl - Type : ACT_GATHER_INFO |
2013-03-08 | Name : The remote Fedora host is missing a security update. File : fedora_2013-2793.nasl - Type : ACT_GATHER_INFO |
2013-03-07 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-0587.nasl - Type : ACT_GATHER_INFO |
2013-03-05 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0587.nasl - Type : ACT_GATHER_INFO |
2013-03-05 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130304_openssl_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2013-03-04 | Name : The remote Fedora host is missing a security update. File : fedora_2013-2834.nasl - Type : ACT_GATHER_INFO |
2013-03-01 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1732-2.nasl - Type : ACT_GATHER_INFO |
2013-02-27 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-0274.nasl - Type : ACT_GATHER_INFO |
2013-02-24 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-014.nasl - Type : ACT_GATHER_INFO |
2013-02-24 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-openjdk-130221.nasl - Type : ACT_GATHER_INFO |
2013-02-22 | Name : The remote Unix host contains a programming platform that is potentially affe... File : oracle_java_cpu_feb_2013_1_unix.nasl - Type : ACT_GATHER_INFO |
2013-02-22 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1732-1.nasl - Type : ACT_GATHER_INFO |
2013-02-22 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1735-1.nasl - Type : ACT_GATHER_INFO |
2013-02-21 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-0273.nasl - Type : ACT_GATHER_INFO |
2013-02-21 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-0275.nasl - Type : ACT_GATHER_INFO |
2013-02-21 | Name : The remote Windows host contains a programming platform that is potentially a... File : oracle_java_cpu_feb_2013_1.nasl - Type : ACT_GATHER_INFO |
2013-02-21 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0273.nasl - Type : ACT_GATHER_INFO |
2013-02-21 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0274.nasl - Type : ACT_GATHER_INFO |
2013-02-21 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0275.nasl - Type : ACT_GATHER_INFO |
2013-02-21 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0531.nasl - Type : ACT_GATHER_INFO |
2013-02-21 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0532.nasl - Type : ACT_GATHER_INFO |
2013-02-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2621.nasl - Type : ACT_GATHER_INFO |
2013-02-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2622.nasl - Type : ACT_GATHER_INFO |
2013-02-13 | Name : The remote service may be affected by an information disclosure vulnerability. File : openssl_1_0_1e.nasl - Type : ACT_GATHER_INFO |
2013-02-11 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2013-040-01.nasl - Type : ACT_GATHER_INFO |
2013-02-09 | Name : The remote host may be affected by multiple vulnerabilities. File : openssl_0_9_8y.nasl - Type : ACT_GATHER_INFO |
2013-02-09 | Name : The remote host may be affected by multiple vulnerabilities. File : openssl_1_0_0k.nasl - Type : ACT_GATHER_INFO |
2013-02-09 | Name : The remote host may be affected by multiple vulnerabilities. File : openssl_1_0_1d.nasl - Type : ACT_GATHER_INFO |
2013-02-07 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_00b0d8cd709711e298d9003067c2616f.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:57:12 |
|
2013-05-15 00:18:46 |
|