Executive Summary
This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
| Summary | |
|---|---|
| Title | Microsoft Updates for Multiple Vulnerabilities |
| Informations | |||
|---|---|---|---|
| Name | TA10-222A | First vendor Publication | 2010-08-10 |
| Vendor | US-CERT | Last vendor Modification | 2010-08-10 |
| Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 10 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Microsoft has released updates to address vulnerabilities in Microsoft Windows, Microsoft Office, Internet Explorer, Microsoft I. Description The Microsoft Security Bulletin Summary for August 2010 describes multiple vulnerabilities in Microsoft Windows, Microsoft Office, Internet Explorer, Microsoft .NET framework, and Microsoft Silverlight. Microsoft has released updates to address the vulnerabilities. One of the bulletins released, MS10-046, addresses a previously identified vulnerability in the Windows Shell that is actively being exploited. This vulnerability was also described in US-CERT Vulnerability Note VU#940193. II. Impact A remote, unauthenticated attacker could execute arbitrary code or cause a vulnerable system or application to crash. III. Solution Apply updates Microsoft has provided updates for these vulnerabilities in the Microsoft Security Bulletin Summary for August 2010. The security bulletin describes any known issues related to the updates. |
Original Source
| Url : http://www.us-cert.gov/cas/techalerts/TA10-222A.html |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 32 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
| 18 % | CWE-20 | Improper Input Validation |
| 11 % | CWE-264 | Permissions, Privileges, and Access Controls |
| 11 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 7 % | CWE-399 | Resource Management Errors |
| 7 % | CWE-362 | Race Condition |
| 4 % | CWE-787 | Out-of-bounds Write (CWE/SANS Top 25) |
| 4 % | CWE-295 | Certificate Issues |
| 4 % | CWE-200 | Information Exposure |
| 4 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:10088 | |||
| Oval ID: | oval:org.mitre.oval:def:10088 | ||
| Title: | The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue. | ||
| Description: | The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-3555 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11044 | |||
| Oval ID: | oval:org.mitre.oval:def:11044 | ||
| Title: | Windows Kernel Double Free Vulnerability | ||
| Description: | Double free vulnerability in the kernel in Microsoft Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2, allows local users to gain privileges via a crafted application, related to object initialization during error handling, aka "Windows Kernel Double Free Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-1889 | Version: | 3 |
| Platform(s): | Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11106 | |||
| Oval ID: | oval:org.mitre.oval:def:11106 | ||
| Title: | SMB Pool Overflow Vulnerability | ||
| Description: | The SMB Server in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate fields in an SMB request, which allows remote attackers to execute arbitrary code via a crafted SMB packet, aka "SMB Pool Overflow Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-2550 | Version: | 5 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11426 | |||
| Oval ID: | oval:org.mitre.oval:def:11426 | ||
| Title: | Tracing Memory Corruption Vulnerability | ||
| Description: | The Tracing Feature for Services in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly determine the length of strings in the registry, which allows local users to gain privileges or cause a denial of service (memory corruption) via vectors involving a long string, aka "Tracing Memory Corruption Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-2555 | Version: | 7 |
| Platform(s): | Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11472 | |||
| Oval ID: | oval:org.mitre.oval:def:11472 | ||
| Title: | Word RTF Parsing Buffer Overflow Vulnerability | ||
| Description: | Buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2; Microsoft Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Word Viewer; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code via unspecified properties in the data in a crafted RTF document, aka "Word RTF Parsing Buffer Overflow Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-1902 | Version: | 12 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Microsoft Word 2002 Microsoft Word 2003 Microsoft Word 2007 Microsoft Office Word Viewer Microsoft Office Compatibility Pack |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11490 | |||
| Oval ID: | oval:org.mitre.oval:def:11490 | ||
| Title: | Word Record Parsing Vulnerability | ||
| Description: | Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2; Microsoft Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Word Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; and Works 9 do not properly handle malformed records in a Word file, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, aka "Word Record Parsing Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-1900 | Version: | 12 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Microsoft Word 2002 Microsoft Word 2003 Microsoft Word 2007 Microsoft Office Word Viewer Microsoft Office Compatibility Pack Microsoft Works 9 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11564 | |||
| Oval ID: | oval:org.mitre.oval:def:11564 | ||
| Title: | Windows Shell Vulnerability | ||
| Description: | Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users or remote attackers to execute arbitrary code via a crafted (1) .LNK or (2) .PIF shortcut file, which is not properly handled during icon display in Windows Explorer, as demonstrated in the wild in July 2010, and originally reported for malware that leverages CVE-2010-2772 in Siemens WinCC SCADA systems. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-2568 | Version: | 9 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11578 | |||
| Oval ID: | oval:org.mitre.oval:def:11578 | ||
| Title: | Security Vulnerability in the Transport Layer Security (TLS) and Secure Sockets Layer 3.0 (SSLv3) Protocols Involving Handshake Renegotiation Affects OpenSSL | ||
| Description: | The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-3555 | Version: | 3 |
| Platform(s): | Sun Solaris 10 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11585 | |||
| Oval ID: | oval:org.mitre.oval:def:11585 | ||
| Title: | MPEG Layer-3 Audio Decoder Buffer Overflow Vulnerability | ||
| Description: | Multiple buffer overflows in the MPEG Layer-3 Audio Codec for Microsoft DirectShow in l3codecx.ax in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allow remote attackers to execute arbitrary code via an MPEG Layer-3 audio stream in (1) a crafted media file or (2) crafted streaming content, aka "MPEG Layer-3 Audio Decoder Buffer Overflow Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-1882 | Version: | 3 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11612 | |||
| Oval ID: | oval:org.mitre.oval:def:11612 | ||
| Title: | Word RTF Parsing Engine Memory Corruption Vulnerability | ||
| Description: | Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2; Microsoft Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Word Viewer; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly handle unspecified properties in rich text data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted RTF document, aka "Word RTF Parsing Engine Memory Corruption Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-1901 | Version: | 12 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Microsoft Word 2002 Microsoft Word 2003 Microsoft Word 2007 Microsoft Office Word Viewer Microsoft Office Compatibility Pack |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11617 | |||
| Oval ID: | oval:org.mitre.oval:def:11617 | ||
| Title: | AIX OpenSSL session renegotiation vulnerability | ||
| Description: | The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-3555 | Version: | 3 |
| Platform(s): | IBM AIX 5.2 IBM AIX 5.3 IBM AIX 6.1 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11663 | |||
| Oval ID: | oval:org.mitre.oval:def:11663 | ||
| Title: | Win32k Window Creation Vulnerability (CVE-2010-1897) | ||
| Description: | The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly validate pseudo-handle values in callback parameters during window creation, which allows local users to gain privileges via a crafted application, aka "Win32k Window Creation Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-1897 | Version: | 9 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11730 | |||
| Oval ID: | oval:org.mitre.oval:def:11730 | ||
| Title: | Msxml2.XMLHTTP.3.0 Response Handling Memory Corruption Vulnerability | ||
| Description: | Microsoft XML Core Services (aka MSXML) 3.0 does not properly handle HTTP responses, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted response, aka "Msxml2.XMLHTTP.3.0 Response Handling Memory Corruption Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-2561 | Version: | 5 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11769 | |||
| Oval ID: | oval:org.mitre.oval:def:11769 | ||
| Title: | Win32k Exception Handling Vulnerability | ||
| Description: | The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, do not properly handle unspecified exceptions, which allows local users to gain privileges via a crafted application, aka "Win32k Exception Handling Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-1894 | Version: | 3 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11773 | |||
| Oval ID: | oval:org.mitre.oval:def:11773 | ||
| Title: | Cinepak Codec Decompression Vulnerability | ||
| Description: | The Cinepak codec in Microsoft Windows XP SP2 and SP3, Windows Vista SP1 and SP2, and Windows 7 does not properly decompress media files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Cinepak Codec Decompression Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-2553 | Version: | 5 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11787 | |||
| Oval ID: | oval:org.mitre.oval:def:11787 | ||
| Title: | SChannel Malformed Certificate Request Remote Code Execution Vulnerability | ||
| Description: | The Secure Channel (aka SChannel) security package in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, does not properly validate certificate request messages from TLS and SSL servers, which allows remote servers to execute arbitrary code via a crafted SSL response, aka "SChannel Malformed Certificate Request Remote Code Execution Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-2566 | Version: | 3 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11825 | |||
| Oval ID: | oval:org.mitre.oval:def:11825 | ||
| Title: | Windows Kernel Data Initialization Vulnerability | ||
| Description: | Race condition in the kernel in Microsoft Windows XP SP3 allows local users to gain privileges via vectors involving thread creation, aka "Windows Kernel Data Initialization Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-1888 | Version: | 3 |
| Platform(s): | Microsoft Windows XP | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:11832 | |||
| Oval ID: | oval:org.mitre.oval:def:11832 | ||
| Title: | HTML Layout Memory Corruption Vulnerability | ||
| Description: | Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Layout Memory Corruption Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-2560 | Version: | 11 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 | Product(s): | Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11844 | |||
| Oval ID: | oval:org.mitre.oval:def:11844 | ||
| Title: | Win32k Pool Overflow Vulnerability | ||
| Description: | The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, do not properly perform memory allocation before copying user-mode data to kernel mode, which allows local users to gain privileges via a crafted application, aka "Win32k Pool Overflow Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-1895 | Version: | 3 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11845 | |||
| Oval ID: | oval:org.mitre.oval:def:11845 | ||
| Title: | IPv6 Memory Corruption Vulnerability | ||
| Description: | The TCP/IP stack in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly handle malformed IPv6 packets, which allows remote attackers to cause a denial of service (system hang) via multiple crafted packets, aka "IPv6 Memory Corruption Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-1892 | Version: | 5 |
| Platform(s): | Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11853 | |||
| Oval ID: | oval:org.mitre.oval:def:11853 | ||
| Title: | Race Condition Memory Corruption Vulnerability | ||
| Description: | Race condition in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to an object in memory, aka "Race Condition Memory Corruption Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-2558 | Version: | 11 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 | Product(s): | Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11954 | |||
| Oval ID: | oval:org.mitre.oval:def:11954 | ||
| Title: | Event Handler Cross-Domain Vulnerability | ||
| Description: | Microsoft Internet Explorer 6, 7, and 8 does not properly determine the origin of script code, which allows remote attackers to execute script in an unintended domain or security zone, and obtain sensitive information, via unspecified vectors, aka "Event Handler Cross-Domain Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-1258 | Version: | 11 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 | Product(s): | Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11968 | |||
| Oval ID: | oval:org.mitre.oval:def:11968 | ||
| Title: | Uninitialized Memory Corruption Vulnerability | ||
| Description: | Microsoft Internet Explorer 6 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-2557 | Version: | 3 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Microsoft Internet Explorer 6 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11984 | |||
| Oval ID: | oval:org.mitre.oval:def:11984 | ||
| Title: | Uninitialized Memory Corruption Vulnerability | ||
| Description: | Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3671, CVE-2009-3674, CVE-2010-0245, and CVE-2010-0246. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-2559 | Version: | 9 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 | Product(s): | Microsoft Internet Explorer 8 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11994 | |||
| Oval ID: | oval:org.mitre.oval:def:11994 | ||
| Title: | Uninitialized Memory Corruption Vulnerability | ||
| Description: | Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-2556 | Version: | 11 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 | Product(s): | Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12006 | |||
| Oval ID: | oval:org.mitre.oval:def:12006 | ||
| Title: | Win32k User Input Validation Vulnerability | ||
| Description: | The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 do not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Win32k User Input Validation Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-1896 | Version: | 7 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12011 | |||
| Oval ID: | oval:org.mitre.oval:def:12011 | ||
| Title: | Movie Maker Memory Corruption Vulnerability | ||
| Description: | Buffer overflow in Microsoft Windows Movie Maker (WMM) 2.1, 2.6, and 6.0 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted project file, aka "Movie Maker Memory Corruption Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-2564 | Version: | 12 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Vista | Product(s): | Movie Maker 2.1 Movie Maker 2.6 Movie Maker 6.0 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12015 | |||
| Oval ID: | oval:org.mitre.oval:def:12015 | ||
| Title: | SMB Variable Validation Vulnerability | ||
| Description: | The SMB Server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate an internal variable in an SMB packet, which allows remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 packet, aka "SMB Variable Validation Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-2551 | Version: | 5 |
| Platform(s): | Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12033 | |||
| Oval ID: | oval:org.mitre.oval:def:12033 | ||
| Title: | Microsoft Silverlight and Microsoft .NET Framework CLR Virtual Method Delegate Vulnerability | ||
| Description: | The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP1, 2.0 SP2, 3.5, 3.5 SP1, and 3.5.1, and Microsoft Silverlight 2 and 3 before 3.0.50611.0 on Windows and before 3.0.41130.0 on Mac OS X, does not properly handle interfaces and delegations to virtual methods, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft Silverlight and Microsoft .NET Framework CLR Virtual Method Delegate Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-1898 | Version: | 13 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 | Product(s): | Microsoft .NET Framework |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12039 | |||
| Oval ID: | oval:org.mitre.oval:def:12039 | ||
| Title: | Word HTML Linked Objects Memory Corruption Vulnerability | ||
| Description: | Microsoft Office Word 2002 SP3 and 2003 SP3, and Office Word Viewer, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a malformed record in a Word file, aka "Word HTML Linked Objects Memory Corruption Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-1903 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Microsoft Word 2002 Microsoft Word 2003 Microsoft Office Word Viewer |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12072 | |||
| Oval ID: | oval:org.mitre.oval:def:12072 | ||
| Title: | SMB Stack Exhaustion Vulnerability | ||
| Description: | Stack consumption vulnerability in the SMB Server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to cause a denial of service (system hang) via a malformed SMBv2 compounded request, aka "SMB Stack Exhaustion Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-2552 | Version: | 5 |
| Platform(s): | Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12087 | |||
| Oval ID: | oval:org.mitre.oval:def:12087 | ||
| Title: | Integer Overflow in Windows Networking Vulnerability | ||
| Description: | Integer overflow in the TCP/IP stack in Microsoft Windows Vista SP1, Windows Server 2008 Gold and R2, and Windows 7 allows local users to gain privileges via a buffer of user-mode data that is copied to kernel mode, aka "Integer Overflow in Windows Networking Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-1893 | Version: | 5 |
| Platform(s): | Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12088 | |||
| Oval ID: | oval:org.mitre.oval:def:12088 | ||
| Title: | Excel Memory Corruption Vulnerability (CVE-2010-2562) | ||
| Description: | Microsoft Office Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Excel file, aka "Excel Memory Corruption Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-2562 | Version: | 5 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Microsoft Excel 2002 Microsoft Excel 2003 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13085 | |||
| Oval ID: | oval:org.mitre.oval:def:13085 | ||
| Title: | USN-927-1 -- nss vulnerability | ||
| Description: | Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user�s session. This update adds support for the new new renegotiation extension and will use it when the server supports it. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-927-1 CVE-2009-3555 | Version: | 5 |
| Platform(s): | Ubuntu 9.10 | Product(s): | nss |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13424 | |||
| Oval ID: | oval:org.mitre.oval:def:13424 | ||
| Title: | USN-990-1 -- openssl vulnerability | ||
| Description: | Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user�s session. This update adds backported support for the new RFC5746 renegotiation extension and will use it when both the client and the server support it. ATTENTION: After applying this update, a patched server will allow both patched and unpatched clients to connect, but unpatched clients will not be able to renegotiate | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-990-1 CVE-2009-3555 | Version: | 5 |
| Platform(s): | Ubuntu 8.04 Ubuntu 10.04 Ubuntu 9.10 Ubuntu 6.06 Ubuntu 9.04 | Product(s): | openssl |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13440 | |||
| Oval ID: | oval:org.mitre.oval:def:13440 | ||
| Title: | USN-927-4 -- nss vulnerability | ||
| Description: | USN-927-1 fixed vulnerabilities in nss in Ubuntu 9.10. This update provides the corresponding updates for Ubuntu 8.04 LTS. Original advisory details: Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user�s session. This update adds support for the new new renegotiation extension and will use it when the server supports it. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-927-4 CVE-2009-3555 | Version: | 5 |
| Platform(s): | Ubuntu 8.04 | Product(s): | nss |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13532 | |||
| Oval ID: | oval:org.mitre.oval:def:13532 | ||
| Title: | USN-927-6 -- nss vulnerability | ||
| Description: | USN-927-1 fixed vulnerabilities in NSS on Ubuntu 9.10. This update provides the corresponding updates for Ubuntu 9.04. Original advisory details: Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user�s session. This update adds support for the new new renegotiation extension and will use it when the server supports it. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-927-6 CVE-2009-3555 | Version: | 5 |
| Platform(s): | Ubuntu 9.04 | Product(s): | nss |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13623 | |||
| Oval ID: | oval:org.mitre.oval:def:13623 | ||
| Title: | DSA-1934-1 apache2 -- multiple issues | ||
| Description: | A design flaw has been found in the TLS and SSL protocol that allows an attacker to inject arbitrary content at the beginning of a TLS/SSL connection. The attack is related to the way how TLS and SSL handle session renegotiations. CVE-2009-3555 has been assigned to this vulnerability. As a partial mitigation against this attack, this apache2 update disables client-initiated renegotiations. This should fix the vulnerability for the majority of Apache configurations in use. NOTE: This is not a complete fix for the problem. The attack is still possible in configurations where the server initiates the renegotiation. This is the case for the following configurations: - - The "SSLVerifyClient" directive is used in a Directory or Location context. - - The "SSLCipherSuite" directive is used in a Directory or Location context. As a workaround, you may rearrange your configuration in a way that SSLVerifyClient and SSLCipherSuite are only used on the server or virtual host level. A complete fix for the problem will require a protocol change. Further information will be included in a separate announcement about this issue. In addition, this update fixes the following issues in Apache's mod_proxy_ftp: CVE-2009-3094: Insufficient input validation in the mod_proxy_ftp module allowed remote FTP servers to cause a denial of service via a malformed reply to an EPSV command. CVE-2009-3095: Insufficient input validation in the mod_proxy_ftp module allowed remote authenticated attackers to bypass intended access restrictions and send arbitrary FTP commands to an FTP server. For the stable distribution, these problems have been fixed in version 2.2.9-10+lenny6. This version also includes some non-security bug fixes that were scheduled for inclusion in the next stable point release. The oldstable distribution, these problems have been fixed in version 2.2.3-4+etch11. For the testing distribution and the unstable distribution, these problems will be fixed in version 2.2.14-2. This advisory also provides updated apache2-mpm-itk packages which have been recompiled against the new apache2 packages. Updated apache2-mpm-itk packages for the armel architecture are not included yet. They will be released as soon as they become available. We recommend that you upgrade your apache2 and apache2-mpm-itk packages. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1934-1 CVE-2009-3094 CVE-2009-3095 CVE-2009-3555 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 4.0 | Product(s): | apache2 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20357 | |||
| Oval ID: | oval:org.mitre.oval:def:20357 | ||
| Title: | Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
| Description: | The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-3555 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21255 | |||
| Oval ID: | oval:org.mitre.oval:def:21255 | ||
| Title: | RHSA-2010:0155: java-1.4.2-ibm security and bug fix update (Moderate) | ||
| Description: | The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2010:0155-01 CVE-2009-3555 | Version: | 4 |
| Platform(s): | Red Hat Enterprise Linux 5 | Product(s): | java-1.4.2-ibm |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21587 | |||
| Oval ID: | oval:org.mitre.oval:def:21587 | ||
| Title: | RHSA-2010:0165: nss security update (Moderate) | ||
| Description: | The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2010:0165-01 CESA-2010:0165 CVE-2009-3555 | Version: | 4 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | nspr nss |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21828 | |||
| Oval ID: | oval:org.mitre.oval:def:21828 | ||
| Title: | RHSA-2010:0166: gnutls security update (Moderate) | ||
| Description: | The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2010:0166-01 CESA-2010:0166 CVE-2009-2409 CVE-2009-3555 | Version: | 29 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | gnutls |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21877 | |||
| Oval ID: | oval:org.mitre.oval:def:21877 | ||
| Title: | RHSA-2010:0164: openssl097a security update (Moderate) | ||
| Description: | The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2010:0164-01 CESA-2010:0164 CVE-2009-3555 | Version: | 4 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | openssl097a |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:22820 | |||
| Oval ID: | oval:org.mitre.oval:def:22820 | ||
| Title: | ELSA-2009:1579: httpd security update (Moderate) | ||
| Description: | The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2009:1579-02 CVE-2009-3094 CVE-2009-3095 CVE-2009-3555 | Version: | 17 |
| Platform(s): | Oracle Linux 5 | Product(s): | httpd |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:22913 | |||
| Oval ID: | oval:org.mitre.oval:def:22913 | ||
| Title: | ELSA-2010:0155: java-1.4.2-ibm security and bug fix update (Moderate) | ||
| Description: | The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2010:0155-01 CVE-2009-3555 | Version: | 6 |
| Platform(s): | Oracle Linux 5 | Product(s): | java-1.4.2-ibm |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22993 | |||
| Oval ID: | oval:org.mitre.oval:def:22993 | ||
| Title: | ELSA-2010:0165: nss security update (Moderate) | ||
| Description: | The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2010:0165-01 CVE-2009-3555 | Version: | 6 |
| Platform(s): | Oracle Linux 5 | Product(s): | nspr nss |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:23000 | |||
| Oval ID: | oval:org.mitre.oval:def:23000 | ||
| Title: | ELSA-2010:0166: gnutls security update (Moderate) | ||
| Description: | The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2010:0166-01 CVE-2009-2409 CVE-2009-3555 | Version: | 13 |
| Platform(s): | Oracle Linux 5 | Product(s): | gnutls |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:23090 | |||
| Oval ID: | oval:org.mitre.oval:def:23090 | ||
| Title: | ELSA-2010:0164: openssl097a security update (Moderate) | ||
| Description: | The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2010:0164-01 CVE-2009-3555 | Version: | 6 |
| Platform(s): | Oracle Linux 5 | Product(s): | openssl097a |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:25097 | |||
| Oval ID: | oval:org.mitre.oval:def:25097 | ||
| Title: | Vulnerability in OpenSSL before 0.9.8i, allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL | ||
| Description: | The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-3555 | Version: | 4 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | OpenSSL |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:27295 | |||
| Oval ID: | oval:org.mitre.oval:def:27295 | ||
| Title: | DEPRECATED: ELSA-2010-0164 -- openssl097a security update (moderate) | ||
| Description: | [0.9.7a-9.2] - CVE-2009-3555 - support the secure renegotiation RFC (#533125) | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2010-0164 CVE-2009-3555 | Version: | 4 |
| Platform(s): | Oracle Linux 5 | Product(s): | openssl097a |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:27748 | |||
| Oval ID: | oval:org.mitre.oval:def:27748 | ||
| Title: | DEPRECATED: ELSA-2010-0162 -- openssl security update (important) | ||
| Description: | [0.9.8e-12.6] - fix CVE-2009-3245 - add missing bn_wexpand return checks (#570924) [0.9.8e-12.5] - fix CVE-2010-0433 - do not pass NULL princ to krb5_kt_get_entry which in the RHEL-5 and newer versions will crash in such case (#569774) [0.9.8e-12.4] - do not disable SSLv2 in the renegotiation patch - SSLv2 does not support renegotiation - allow unsafe renegotiation on clients with SSL_OP_LEGACY_SERVER_CONNECT [0.9.8e-12.3] - mention the RFC5746 in the CVE-2009-3555 doc [0.9.8e-12.2] - fix CVE-2009-3555 - support the safe renegotiation extension and do not allow legacy renegotiation on the server by default (#533125) | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2010-0162 CVE-2010-0433 CVE-2009-3245 CVE-2009-3555 | Version: | 4 |
| Platform(s): | Oracle Linux 5 | Product(s): | openssl |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:27881 | |||
| Oval ID: | oval:org.mitre.oval:def:27881 | ||
| Title: | DEPRECATED: ELSA-2010-0166 -- gnutls security update (moderate) | ||
| Description: | [1.4.1-3.8] - fix safe renegotiation on SSL3 protocol [1.4.1-3.7] - implement safe renegotiation - CVE-2009-3555 (#533125) - do not allow MD2 in certificate signatures by default - CVE-2009-2409 (#510197) | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2010-0166 CVE-2009-2409 CVE-2009-3555 | Version: | 4 |
| Platform(s): | Oracle Linux 5 | Product(s): | gnutls |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:28188 | |||
| Oval ID: | oval:org.mitre.oval:def:28188 | ||
| Title: | DEPRECATED: ELSA-2010-0768 -- java-1.6.0-openjdk security and bug fix update (important) | ||
| Description: | [1.6.0.0-1.16.b17.0.1.el5] - Add oracle-enterprise.patch [1.6.0.0-1.16.b17.el5] - Updated 1.7.5 tarball (contains additional security fixes) - Resolves: bz639951 [1.6.0.0-1.15.b17.el5] - Rebuild - Resolves: bz639951 [1.6.0.0-1.14.b17.el5] - Synched with el6 branch - Updated to IcedTea 1.7.5 - Resolves: bz639951 - Also resolves 619800 and 621303 | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2010-0768 CVE-2010-3541 CVE-2010-3548 CVE-2010-3549 CVE-2010-3551 CVE-2010-3553 CVE-2010-3554 CVE-2010-3557 CVE-2010-3561 CVE-2010-3562 CVE-2010-3564 CVE-2010-3565 CVE-2010-3567 CVE-2010-3568 CVE-2010-3569 CVE-2010-3573 CVE-2010-3574 CVE-2009-3555 | Version: | 4 |
| Platform(s): | Oracle Linux 5 | Product(s): | java-1.6.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:28269 | |||
| Oval ID: | oval:org.mitre.oval:def:28269 | ||
| Title: | DEPRECATED: ELSA-2010-0339 -- java-1.6.0-openjdk security update (important) | ||
| Description: | [1:1.6.0.0-1.11.b16.0.1.el5] - Add oracle-enterprise.patch [1:1.6.0.0-1.11.b16.el5] - Remove javaws alternative due to conflict with java-1.6.0-sun's alternatives [1:1.6.0-1.10.b16] - Update to openjdk build b16 - Update to icedtea6-1.6 - Added tzdata-java requirement - Added autoconf and automake build requirement - Added tzdata-java requirement - Added java-1.6.0-openjdk-gcc-stack-markings.patch - Added java-1.6.0-openjdk-memory-barriers.patch - Added java-1.6.0-openjdk-jar-misc.patch - Added java-1.6.0-openjdk-linux-separate-debuginfo.patch - Added java-1.6.0-openjdk-securitypatches-20100323.patch - Added STRIP_KEEP_SYMTAB=libjvm* to install section, fix bz530402 - Resolves: rhbz#576124 [1:1.6.0-1.8.b09] - Added java-1.6.0-openjdk-debuginfo.patch - Added java-1.6.0-openjdk-elf-debuginfo.patch | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2010-0339 CVE-2010-0082 CVE-2010-0084 CVE-2010-0085 CVE-2010-0088 CVE-2010-0091 CVE-2010-0092 CVE-2010-0093 CVE-2010-0094 CVE-2010-0095 CVE-2010-0837 CVE-2010-0838 CVE-2010-0840 CVE-2010-0845 CVE-2010-0847 CVE-2010-0848 CVE-2009-3555 | Version: | 4 |
| Platform(s): | Oracle Linux 5 | Product(s): | java-1.6.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:29317 | |||
| Oval ID: | oval:org.mitre.oval:def:29317 | ||
| Title: | RHSA-2009:1579 -- httpd security update (Moderate) | ||
| Description: | Updated httpd packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server. A flaw was found in the way the TLS/SSL (Transport Layer Security/Secure Sockets Layer) protocols handle session renegotiation. A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client's session (for example, an HTTPS connection to a website). This could force the server to process an attacker's request as if authenticated using the victim's credentials. This update partially mitigates this flaw for SSL sessions to HTTP servers using mod_ssl by rejecting client-requested renegotiation. (CVE-2009-3555) | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2009:1579 CESA-2009:1579-CentOS 3 CESA-2009:1579-CentOS 5 CVE-2009-3094 CVE-2009-3095 CVE-2009-3555 | Version: | 3 |
| Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 3 CentOS Linux 3 CentOS Linux 5 | Product(s): | httpd |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:7315 | |||
| Oval ID: | oval:org.mitre.oval:def:7315 | ||
| Title: | TLS/SSL Renegotiation Vulnerability | ||
| Description: | The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-3555 | Version: | 23 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:7478 | |||
| Oval ID: | oval:org.mitre.oval:def:7478 | ||
| Title: | VMware ESX, Service Console update for OpenSSL, GnuTLS, NSS and NSPR. | ||
| Description: | The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-3555 | Version: | 5 |
| Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:7973 | |||
| Oval ID: | oval:org.mitre.oval:def:7973 | ||
| Title: | Security Vulnerability in the Transport Layer Security (TLS) and Secure Sockets Layer 3.0 (SSLv3) Protocols Involving Handshake Renegotiation Affects Applications Utilizing Network Security Services (NSS) | ||
| Description: | The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-3555 | Version: | 1 |
| Platform(s): | Sun Solaris 8 Sun Solaris 9 Sun Solaris 10 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:8201 | |||
| Oval ID: | oval:org.mitre.oval:def:8201 | ||
| Title: | DSA-1934 apache2 -- multiple issues | ||
| Description: | A design flaw has been found in the TLS and SSL protocol that allows an attacker to inject arbitrary content at the beginning of a TLS/SSL connection. The attack is related to the way how TLS and SSL handle session renegotiations. CVE-2009-3555 has been assigned to this vulnerability. As a partial mitigation against this attack, this apache2 update disables client-initiated renegotiations. This should fix the vulnerability for the majority of Apache configurations in use. NOTE: This is not a complete fix for the problem. The attack is still possible in configurations where the server initiates the renegotiation. This is the case for the following configurations (the information in the changelog of the updated packages is slightly inaccurate): As a workaround, you may rearrange your configuration in a way that SSLVerifyClient and SSLCipherSuite are only used on the server or virtual host level. A complete fix for the problem will require a protocol change. Further information will be included in a separate announcement about this issue. In addition, this update fixes the following issues in Apache's mod_proxy_ftp: Insufficient input validation in the mod_proxy_ftp module allowed remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command. Insufficient input validation in the mod_proxy_ftp module allowed remote authenticated attackers to bypass intended access restrictions and send arbitrary FTP commands to an FTP server. The oldstable distribution (etch), these problems have been fixed in version 2.2.3-4+etch11. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1934 CVE-2009-3094 CVE-2009-3095 CVE-2009-3555 | Version: | 3 |
| Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 4.0 | Product(s): | apache2 |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
SAINT Exploits
| Description | Link |
|---|---|
| Microsoft Office Excel PivotTable Cache Data Record Handling Overflow | More info here |
| Microsoft Office Word RTF Parsing Engine Memory Corruption | More info here |
| Microsoft Windows Movie Maker MediaClipString Buffer Overflow | More info here |
| Windows Shell LNK file CONTROL item command execution | More info here |
ExploitDB Exploits
| id | Description |
|---|---|
| 2010-09-26 | MOAUB #26 - Microsoft Cinepak Codec CVDecompress Heap Overflow |
| 2010-09-11 | MOAUB #11 - Microsoft Office Word 2007 sprmCMajority Buffer Overflow |
| 2010-08-17 | Microsoft Windows KTM Invalid Free with Reused Transaction GUID (MS10-047) |
| 2010-08-17 | Microsoft Windows nt!NtCreateThread Race Condition with Invalid Code Segment ... |
| 2010-08-10 | Microsoft Windows CreateWindow Function Callback Vulnerability (MS10-048) |
| 2009-12-21 | TLS Renegotiation Vulnerability PoC Exploit |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2012-08-10 | Name : Gentoo Security Advisory GLSA 201206-18 (GnuTLS) File : nvt/glsa_201206_18.nasl |
| 2012-04-30 | Name : Gentoo Security Advisory GLSA 201203-22 (nginx) File : nvt/glsa_201203_22.nasl |
| 2012-03-16 | Name : VMSA-2011-0003.2 Third party component updates for VMware vCenter Server, vCe... File : nvt/gb_VMSA-2011-0003.nasl |
| 2012-02-29 | Name : MicroSoft SMB Server Trans2 Request Remote Code Execution Vulnerability File : nvt/secpod_ms10-054_remote.nasl |
| 2012-02-12 | Name : Gentoo Security Advisory GLSA 201110-05 (gnutls) File : nvt/glsa_201110_05.nasl |
| 2011-08-09 | Name : CentOS Update for httpd CESA-2009:1579 centos3 i386 File : nvt/gb_CESA-2009_1579_httpd_centos3_i386.nasl |
| 2011-08-09 | Name : CentOS Update for httpd CESA-2009:1579 centos5 i386 File : nvt/gb_CESA-2009_1579_httpd_centos5_i386.nasl |
| 2011-08-09 | Name : CentOS Update for httpd CESA-2009:1580 centos4 i386 File : nvt/gb_CESA-2009_1580_httpd_centos4_i386.nasl |
| 2011-08-09 | Name : CentOS Update for openssl CESA-2010:0162 centos5 i386 File : nvt/gb_CESA-2010_0162_openssl_centos5_i386.nasl |
| 2011-08-09 | Name : CentOS Update for openssl097a CESA-2010:0164 centos5 i386 File : nvt/gb_CESA-2010_0164_openssl097a_centos5_i386.nasl |
| 2011-08-09 | Name : CentOS Update for nspr CESA-2010:0165 centos5 i386 File : nvt/gb_CESA-2010_0165_nspr_centos5_i386.nasl |
| 2011-08-09 | Name : CentOS Update for gnutls CESA-2010:0166 centos5 i386 File : nvt/gb_CESA-2010_0166_gnutls_centos5_i386.nasl |
| 2011-08-09 | Name : CentOS Update for java CESA-2010:0339 centos5 i386 File : nvt/gb_CESA-2010_0339_java_centos5_i386.nasl |
| 2011-08-09 | Name : CentOS Update for java CESA-2010:0768 centos5 i386 File : nvt/gb_CESA-2010_0768_java_centos5_i386.nasl |
| 2011-03-09 | Name : Gentoo Security Advisory GLSA 201006-18 (sun-jre-bin sun-jdk emul-linux-x86-j... File : nvt/glsa_201006_18.nasl |
| 2011-03-07 | Name : Debian Security Advisory DSA 2161-2 (openjdk-6) File : nvt/deb_2161_2.nasl |
| 2011-01-04 | Name : HP-UX Update for Java HPSBUX02608 File : nvt/gb_hp_ux_HPSBUX02608.nasl |
| 2010-12-02 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2010-16312 File : nvt/gb_fedora_2010_16312_java-1.6.0-openjdk_fc14.nasl |
| 2010-11-23 | Name : Fedora Update for openssl FEDORA-2010-17826 File : nvt/gb_fedora_2010_17826_openssl_fc12.nasl |
| 2010-11-16 | Name : Fedora Update for nss FEDORA-2010-15989 File : nvt/gb_fedora_2010_15989_nss_fc12.nasl |
| 2010-11-16 | Name : Fedora Update for proftpd FEDORA-2010-17220 File : nvt/gb_fedora_2010_17220_proftpd_fc12.nasl |
| 2010-11-04 | Name : Ubuntu Update for openjdk-6, openjdk-6b18 vulnerabilities USN-1010-1 File : nvt/gb_ubuntu_USN_1010_1.nasl |
| 2010-10-22 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2010-16240 File : nvt/gb_fedora_2010_16240_java-1.6.0-openjdk_fc12.nasl |
| 2010-10-22 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2010-16294 File : nvt/gb_fedora_2010_16294_java-1.6.0-openjdk_fc13.nasl |
| 2010-10-19 | Name : RedHat Update for java-1.6.0-openjdk RHSA-2010:0768-01 File : nvt/gb_RHSA-2010_0768-01_java-1.6.0-openjdk.nasl |
| 2010-09-27 | Name : Ubuntu Update for openssl vulnerability USN-990-1 File : nvt/gb_ubuntu_USN_990_1.nasl |
| 2010-09-27 | Name : Ubuntu Update for apache2 vulnerability USN-990-2 File : nvt/gb_ubuntu_USN_990_2.nasl |
| 2010-08-26 | Name : Microsoft Windows TCP/IP Privilege Elevation Vulnerabilities (978886) File : nvt/secpod_ms10-058.nasl |
| 2010-08-26 | Name : Microsoft Windows Tracing Feature Privilege Elevation Vulnerabilities (982799) File : nvt/secpod_ms10-059.nasl |
| 2010-08-11 | Name : Microsoft Windows Kernel Privilege Elevation Vulnerabilities (981852) File : nvt/secpod_ms10-047.nasl |
| 2010-08-11 | Name : Microsoft Windows Kernel Mode Drivers Privilege Elevation Vulnerabilities (21... File : nvt/secpod_ms10-048.nasl |
| 2010-08-11 | Name : Remote Code Execution Vulnerabilities in SChannel (980436) File : nvt/secpod_ms10-049.nasl |
| 2010-08-11 | Name : Microsoft Windows Movie Maker Could Allow Remote Code Execution Vulnerability... File : nvt/secpod_ms10-050.nasl |
| 2010-08-11 | Name : Microsoft Windows LSASS Denial of Service Vulnerability (975467) File : nvt/secpod_ms10-051.nasl |
| 2010-08-11 | Name : Microsoft Window MPEG Layer-3 Remote Code Execution Vulnerability (2115168) File : nvt/secpod_ms10-052.nasl |
| 2010-08-11 | Name : Microsoft Internet Explorer Multiple Vulnerabilities (2183461) File : nvt/secpod_ms10-053.nasl |
| 2010-08-11 | Name : Microsoft Windows SMB Code Execution and DoS Vulnerabilities (982214) File : nvt/secpod_ms10-054.nasl |
| 2010-08-11 | Name : Remote Code Execution Vulnerability in Cinepak Codec (982665) File : nvt/secpod_ms10-055.nasl |
| 2010-08-11 | Name : Microsoft Office Word Remote Code Execution Vulnerabilities (2269638) File : nvt/secpod_ms10-056.nasl |
| 2010-08-11 | Name : Microsoft Office Excel Remote Code Execution Vulnerability (2269707) File : nvt/secpod_ms10-057.nasl |
| 2010-08-11 | Name : Microsoft .NET Common Language Runtime Remote Code Execution Vulnerability (2... File : nvt/secpod_ms10-060.nasl |
| 2010-08-04 | Name : Microsoft Windows Shell Remote Code Execution Vulnerability (2286198) File : nvt/secpod_ms10-046.nasl |
| 2010-07-26 | Name : Ubuntu Update for nss vulnerability USN-927-6 File : nvt/gb_ubuntu_USN_927_6.nasl |
| 2010-07-02 | Name : Ubuntu Update for nss vulnerability USN-927-4 File : nvt/gb_ubuntu_USN_927_4.nasl |
| 2010-07-02 | Name : Ubuntu Update for nspr update USN-927-5 File : nvt/gb_ubuntu_USN_927_5.nasl |
| 2010-06-28 | Name : Fedora Update for gnutls FEDORA-2010-9487 File : nvt/gb_fedora_2010_9487_gnutls_fc12.nasl |
| 2010-06-25 | Name : Fedora Update for openssl FEDORA-2010-9421 File : nvt/gb_fedora_2010_9421_openssl_fc11.nasl |
| 2010-06-25 | Name : Fedora Update for gnutls FEDORA-2010-9518 File : nvt/gb_fedora_2010_9518_gnutls_fc13.nasl |
| 2010-06-18 | Name : Fedora Update for openssl FEDORA-2010-9639 File : nvt/gb_fedora_2010_9639_openssl_fc12.nasl |
| 2010-06-07 | Name : Fedora Update for httpd FEDORA-2010-6055 File : nvt/gb_fedora_2010_6055_httpd_fc12.nasl |
| 2010-06-07 | Name : HP-UX Update for Java HPSBUX02524 File : nvt/gb_hp_ux_HPSBUX02524.nasl |
| 2010-05-28 | Name : Fedora Update for openssl FEDORA-2010-8742 File : nvt/gb_fedora_2010_8742_openssl_fc12.nasl |
| 2010-05-28 | Name : Java for Mac OS X 10.5 Update 7 File : nvt/macosx_java_for_10_5_upd_7.nasl |
| 2010-05-28 | Name : Java for Mac OS X 10.6 Update 2 File : nvt/macosx_java_for_10_6_upd_2.nasl |
| 2010-05-07 | Name : Fedora Update for httpd FEDORA-2010-6131 File : nvt/gb_fedora_2010_6131_httpd_fc11.nasl |
| 2010-04-30 | Name : HP-UX Update for OpenSSL HPSBUX02517 File : nvt/gb_hp_ux_HPSBUX02517.nasl |
| 2010-04-30 | Name : Mandriva Update for java-1.6.0-openjdk MDVSA-2010:084 (java-1.6.0-openjdk) File : nvt/gb_mandriva_MDVSA_2010_084.nasl |
| 2010-04-29 | Name : Mandriva Update for firefox MDVSA-2010:070-1 (firefox) File : nvt/gb_mandriva_MDVSA_2010_070_1.nasl |
| 2010-04-29 | Name : Mandriva Update for openssl MDVSA-2010:076-1 (openssl) File : nvt/gb_mandriva_MDVSA_2010_076_1.nasl |
| 2010-04-29 | Name : SuSE Update for MozillaFirefox,MozillaThunderbird,seamonkey,mozilla-nss SUSE-... File : nvt/gb_suse_2010_021.nasl |
| 2010-04-19 | Name : Fedora Update for openssl FEDORA-2010-5357 File : nvt/gb_fedora_2010_5357_openssl_fc11.nasl |
| 2010-04-19 | Name : Mandriva Update for openssl MDVSA-2010:076 (openssl) File : nvt/gb_mandriva_MDVSA_2010_076.nasl |
| 2010-04-16 | Name : Mandriva Update for firefox MDVSA-2010:070 (firefox) File : nvt/gb_mandriva_MDVSA_2010_070.nasl |
| 2010-04-16 | Name : Ubuntu Update for nss vulnerability USN-927-1 File : nvt/gb_ubuntu_USN_927_1.nasl |
| 2010-04-09 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2010-6025 File : nvt/gb_fedora_2010_6025_java-1.6.0-openjdk_fc12.nasl |
| 2010-04-09 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2010-6039 File : nvt/gb_fedora_2010_6039_java-1.6.0-openjdk_fc11.nasl |
| 2010-04-09 | Name : Mandriva Update for nss MDVSA-2010:069 (nss) File : nvt/gb_mandriva_MDVSA_2010_069.nasl |
| 2010-04-09 | Name : Ubuntu Update for openjdk-6 vulnerabilities USN-923-1 File : nvt/gb_ubuntu_USN_923_1.nasl |
| 2010-04-07 | Name : Oracle Java SE Multiple Vulnerabilities (Linux) File : nvt/gb_oracle_java_se_mult_vuln_lin_apr10.nasl |
| 2010-04-07 | Name : Oracle Java SE Multiple Vulnerabilities (Windows) File : nvt/gb_oracle_java_se_mult_vuln_win_apr10.nasl |
| 2010-04-06 | Name : FreeBSD Ports: seamonkey File : nvt/freebsd_seamonkey0.nasl |
| 2010-04-06 | Name : RedHat Update for java-1.6.0-openjdk RHSA-2010:0339-01 File : nvt/gb_RHSA-2010_0339-01_java-1.6.0-openjdk.nasl |
| 2010-04-06 | Name : Mac OS X Security Update 2010-001 File : nvt/macosx_secupd_2010-001.nasl |
| 2010-03-31 | Name : CentOS Update for openssl CESA-2010:0163 centos3 i386 File : nvt/gb_CESA-2010_0163_openssl_centos3_i386.nasl |
| 2010-03-31 | Name : CentOS Update for openssl CESA-2010:0163 centos4 i386 File : nvt/gb_CESA-2010_0163_openssl_centos4_i386.nasl |
| 2010-03-31 | Name : CentOS Update for nspr CESA-2010:0165 centos4 i386 File : nvt/gb_CESA-2010_0165_nspr_centos4_i386.nasl |
| 2010-03-31 | Name : CentOS Update for gnutls CESA-2010:0167 centos4 i386 File : nvt/gb_CESA-2010_0167_gnutls_centos4_i386.nasl |
| 2010-03-31 | Name : RedHat Update for openssl RHSA-2010:0162-01 File : nvt/gb_RHSA-2010_0162-01_openssl.nasl |
| 2010-03-31 | Name : RedHat Update for openssl RHSA-2010:0163-01 File : nvt/gb_RHSA-2010_0163-01_openssl.nasl |
| 2010-03-31 | Name : RedHat Update for openssl097a RHSA-2010:0164-01 File : nvt/gb_RHSA-2010_0164-01_openssl097a.nasl |
| 2010-03-31 | Name : RedHat Update for nss RHSA-2010:0165-01 File : nvt/gb_RHSA-2010_0165-01_nss.nasl |
| 2010-03-31 | Name : RedHat Update for gnutls RHSA-2010:0166-01 File : nvt/gb_RHSA-2010_0166-01_gnutls.nasl |
| 2010-03-31 | Name : RedHat Update for gnutls RHSA-2010:0167-01 File : nvt/gb_RHSA-2010_0167-01_gnutls.nasl |
| 2010-03-31 | Name : Fedora Update for nss FEDORA-2010-3905 File : nvt/gb_fedora_2010_3905_nss_fc11.nasl |
| 2010-03-12 | Name : Mandriva Update for cacti MDVA-2010:089 (cacti) File : nvt/gb_mandriva_MDVA_2010_089.nasl |
| 2010-03-02 | Name : Fedora Update for httpd FEDORA-2009-12747 File : nvt/gb_fedora_2009_12747_httpd_fc11.nasl |
| 2010-03-02 | Name : Fedora Update for nss FEDORA-2010-1127 File : nvt/gb_fedora_2010_1127_nss_fc12.nasl |
| 2010-03-02 | Name : Mandriva Update for rsh MDVA-2010:076 (rsh) File : nvt/gb_mandriva_MDVA_2010_076.nasl |
| 2010-03-02 | Name : Mandriva Update for x11-driver-video-ati MDVA-2010:084 (x11-driver-video-ati) File : nvt/gb_mandriva_MDVA_2010_084.nasl |
| 2010-02-19 | Name : Mandriva Update for mandriva-release MDVA-2010:069 (mandriva-release) File : nvt/gb_mandriva_MDVA_2010_069.nasl |
| 2010-02-11 | Name : Microsoft Windows TLS/SSL Spoofing Vulnerability (977377) File : nvt/gb_ms_tls_ssl_spoofing_vuln.nasl |
| 2009-12-30 | Name : Fedora Core 12 FEDORA-2009-12229 (tomcat-native) File : nvt/fcore_2009_12229.nasl |
| 2009-12-30 | Name : Fedora Core 11 FEDORA-2009-12305 (tomcat-native) File : nvt/fcore_2009_12305.nasl |
| 2009-12-30 | Name : Fedora Core 12 FEDORA-2009-12606 (httpd) File : nvt/fcore_2009_12606.nasl |
| 2009-12-30 | Name : Fedora Core 11 FEDORA-2009-13236 (proftpd) File : nvt/fcore_2009_13236.nasl |
| 2009-12-30 | Name : Fedora Core 12 FEDORA-2009-13250 (proftpd) File : nvt/fcore_2009_13250.nasl |
| 2009-12-14 | Name : Fedora Core 10 FEDORA-2009-12604 (httpd) File : nvt/fcore_2009_12604.nasl |
| 2009-12-14 | Name : Fedora Core 12 FEDORA-2009-12968 (nss-util) File : nvt/fcore_2009_12968.nasl |
| 2009-12-14 | Name : Gentoo Security Advisory GLSA 200912-01 (openssl) File : nvt/glsa_200912_01.nasl |
| 2009-12-10 | Name : Fedora Core 12 FEDORA-2009-12750 (nginx) File : nvt/fcore_2009_12750.nasl |
| 2009-12-10 | Name : Fedora Core 10 FEDORA-2009-12775 (nginx) File : nvt/fcore_2009_12775.nasl |
| 2009-12-10 | Name : Fedora Core 11 FEDORA-2009-12782 (nginx) File : nvt/fcore_2009_12782.nasl |
| 2009-12-10 | Name : FreeBSD Security Advisory (FreeBSD-SA-09:15.ssl.asc) File : nvt/freebsdsa_ssl.nasl |
| 2009-12-10 | Name : Mandriva Security Advisory MDVSA-2009:323 (apache) File : nvt/mdksa_2009_323.nasl |
| 2009-11-23 | Name : SLES9: Security update for OpenSSL File : nvt/sles9p5062661.nasl |
| 2009-11-23 | Name : SuSE Security Advisory SUSE-SA:2009:057 (openssl) File : nvt/suse_sa_2009_057.nasl |
| 2009-11-17 | Name : RedHat Security Advisory RHSA-2009:1579 File : nvt/RHSA_2009_1579.nasl |
| 2009-11-17 | Name : RedHat Security Advisory RHSA-2009:1580 File : nvt/RHSA_2009_1580.nasl |
| 2009-11-17 | Name : CentOS Security Advisory CESA-2009:1579 (httpd) File : nvt/ovcesa2009_1579.nasl |
| 2009-11-17 | Name : CentOS Security Advisory CESA-2009:1580 (httpd) File : nvt/ovcesa2009_1580.nasl |
| 2009-11-17 | Name : SLES10: Security update for OpenSSL File : nvt/sles10_compat-openssl02.nasl |
| 2009-11-17 | Name : SLES10: Security update for OpenSSL File : nvt/sles10_openssl3.nasl |
| 2009-11-17 | Name : SLES11: Security update for libopenssl File : nvt/sles11_libopenssl0_9_82.nasl |
| 2005-11-03 | Name : foxweb CGI File : nvt/foxweb_dll.nasl |
| 0000-00-00 | Name : Slackware Advisory SSA:2009-320-01 openssl File : nvt/esoft_slk_ssa_2009_320_01.nasl |
| 0000-00-00 | Name : Slackware Advisory SSA:2010-067-01 httpd File : nvt/esoft_slk_ssa_2010_067_01.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 77832 | Parallels Plesk Panel Billing System TLS Renegotiation Handshakes MiTM Plaint... |
| 75622 | Blue Coat Director TLS Renegotiation Handshakes MiTM Plaintext Data Injection |
| 74335 | Hitachi Web Server TLS Renegotiation Handshakes MiTM Plaintext Data Injection Hitachi Web Server contains a flaw related to the SSL protocol failing to properly associate renegotiation handshakes with an existing connection, allowing a man-in-the-middle attacker to insert data into HTTPS sessions, and possibly other sessions which are protected by TLS or SSL. The issue is triggered when a remote attacker sends an unauthenticated request which is processed retroactively by the server in a post-renegotiation context, related to a plaintext injection attack. |
| 71961 | Oracle Fusion Middleware Oracle WebLogic Server TLS Renegotiation Handshakes ... Oracle Fusion Middleware contains a flaw related to the Oracle WebLogic Server component. The component fails to properly associate renegotiation handshakes with an existing connection, allowing a man-in-the-middle attacker to insert data into HTTPS sessions, and possibly other sessions which are protected by TLS or SSL. The issue is triggered when a remote attacker sends an unauthenticated request which is processed retroactively by the server in a post-renegotiation context, related to a plaintext injection attack. |
| 71951 | Oracle Multiple Products Oracle Security Service TLS Renegotiation Handshakes... Oracle Database and Fusion Middleware contain a flaw related to the Oracle Security Service component. The component fails to properly associate renegotiation handshakes with an existing connection, allowing a man-in-the-middle attacker to insert data into HTTPS sessions, and possibly other sessions which are protected by TLS or SSL. The issue is triggered when a remote attacker sends an unauthenticated request which is processed retroactively by the server in a post-renegotiation context, related to a plaintext injection attack. |
| 70620 | mGuard TLS Renegotiation Handshakes MiTM Plaintext Data Injection mGuard contains a flaw related to the TLS protocol's failure to properly associate renegotiation handshakes with an existing connection. The issue is triggered when a man-in-the-middle attacker uses unauthenticated requests processed retroactively. This may allow an attacker to inject data into HTTPS sessions. |
| 70055 | Oracle Supply Chain Transportation Management TLS Renegotiation Handshakes Mi... Oracle Supply Chain contains a flaw related to the Transportation Management component. The component fails to properly associate renegotiation handshakes with an existing connection, allowing a man-in-the-middle attacker to insert data into HTTPS sessions, and possibly other sessions which are protected by TLS or SSL. The issue is triggered when a remote attacker sends an unauthenticated request which is processed retroactively by the server in a post-renegotiation context, related to a plaintext injection attack. |
| 69561 | IBM WebSphere MQ Internet Pass-Thru TLS Renegotiation Handshake MiTM Plaintex... IBM WebSphere MQ Internet Pass-Thru contains a flaw related to the TLS Renegotiation Handshake protocol. The issue is triggered when a remote attacker uses a MiTM attack to insert arbitrary plaintext into data sent by a legitimate client. |
| 69032 | Oracle Java SE / Java for Business TLS Renegotiation Handshake MiTM Plaintext... Oracle Java SE and Java for Business contains a flaw related to the JSSE component. The application fails to properly associate renegotiation handshakes with an existing connection, allowing a MiTM attacker to use an unauthenticated request to insert data into HTTPS sessions, related to a 'plaintext injection' attack |
| 67029 | HP Threat Management Services zl Module TLS Renegotiation Handshakes MiTM Pla... |
| 67005 | Microsoft Windows TCP/IP Implementation IppSortDestinationAddresses() Functio... Microsoft Windows contains a flaw that may allow an attacker to gain access to unauthorized privileges. The issue is triggered when an integer overflow error in the "IppSortDestinationAddresses()" function when processing SOCKET_ADDRESS_LIST structures can be exploited by a local user to corrupt kernel memory and execute arbitrary code with system-level privileges. |
| 67004 | Microsoft Windows Malformed IPv6 Extension Header Handling Remote Memory Corr... Microsoft Windows contains a flaw that may allow a local denial of service. The issue is triggered when an error in the TCP/IP stack can be exploited via a small number of IPv6 packets with specially crafted extension headers and it can cause a vulnerable system to stop responding. |
| 67003 | Microsoft IE HTML Layout Table Element Handling Memory Corruption Microsoft IE contains a flaw that may allow a remote attacker to accesses an object that has not been correctly initialized or has been deleted. This may allow an attacker to exploited this flaw that could gain the same user rights as the logged-on user. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. |
| 67002 | Microsoft IE Object Handling Unspecified Memory Corruption (2010-2559) Microsoft IE contains a flaw that may allow a remote attacker to accesses an object that has not been correctly initialized or has been deleted. This may allow an attacker to exploited this flaw that could gain the same user rights as the logged-on user. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. |
| 67001 | Microsoft IE CIframeElement Object Handling Race Condition Memory Corruption Microsoft IE contains a flaw that may allow a remote attacker to accesses an object that may have been corrupted due to a race condition. This may allow an attacker to exploited this flaw that could gain the same user rights as the logged-on user. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. |
| 67000 | Microsoft IE boundElements Property Handling Memory Corruption Microsoft IE contains a flaw that may allow a remote attacker to accesses an object that has not been correctly initialized or has been deleted. This may allow an attacker to exploited this flaw that could gain the same user rights as the logged-on user. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. |
| 66999 | Microsoft IE OnPropertyChange_Src() Function Malformed HTML/JS Data Handling ... Microsoft IE contains a flaw that may allow a remote attacker to accesses an object that has not been correctly initialized or has been deleted. This may allow an attacker to successfully exploited this flaw and gain the same user rights as the logged-on user. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system |
| 66998 | Microsoft IE Event Handler Unspecified Cross-domain Information Disclosure Microsoft IE contains a flaw that may allow script to gain access to a browser window in another domain or Internet Explorer zone. Â The issue could exploit the flaw by constructing a specially crafted Web page that could allow information disclosure if a user viewed the Web page and then interacts with the browser window using the mouse. |
| 66997 | Microsoft Office Word DOC plcffldMom Parsing Memory Corruption Microsoft Office Word contains a flaw in the way that Microsoft Office Word handles a specially crafted Word file that includes a malformed record. This may allow an attacker to take complete control of an affected system. |
| 66996 | Microsoft Office Word RTF Document Object Control Word Drawing Overflow Microsoft Office Word contains a flaw in the way that Microsoft Office Word parses certain rich text data. This may allow an attacker to gain the same user rights as the local user. |
| 66995 | Microsoft Office Word RTF Document Control Word Parsing Memory Corruption Microsoft Office Word contains a flaw in the way that Microsoft Office Word parses rich text data. This may allow an attacker to gain the same user rights as the local user. |
| 66994 | Microsoft Office Word Malformed Record Parsing Unspecified Remote Code Execution Microsoft Office Word contains a flaw in the way that it handles malformed records inside a specially crafted Word file. This may allow an attacker to take complete control of an affected system. |
| 66993 | Microsoft .NET Framework / Silverlight CLR Virtual Delegate Handling Remote C... Microsoft .NET Framework and Silverlight contain a flaw related to the Common Language Runtime failing to properly handle virtual method delegations and interfaces. This may allow a context-dependent attacker to use a crafted ASP.NET application, XAML browser application or .NET Framework application to execute arbitrary code. |
| 66992 | Microsoft Silverlight Pointer Handling Unspecified Memory Corruption A memory corruption flaw exists in Microsoft Silverlight. The program fails to sanitize user-supplied input when handling pointers, resulting in memory corruption. With a specially crafted web site, a context-dependent attacker can execute arbitrary code. |
| 66991 | Microsoft Office Excel PivotTable Cache Data Record Handling Overflow Microsoft Office Excel contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to a logic error when parsing certain records following a SXDB (PivotTable Cache Data) record having the "cfdbTot" field value set to zero. This can be exploited to cause a stack-based buffer overflow via a specially crafted Excel file. |
| 66989 | Microsoft Windows Kernel Object Initialization Error Handling Local Privilege... Microsoft Windows contains a double-free error that may allow an attacker to gain access to unauthorized privileges. The issue is triggered when the Kernel Transaction Manager fails to properly handle the 'UOW' parameter when passing it to the 'NtCreateTransaction()' function, allowing a local authenticated attacker to gain full user rights. |
| 66988 | Microsoft Windows Kernel Thread Creation Handling NtCreateThread() Local Priv... Microsoft Windows contains a race condition that may allow an attacker to gain access to unauthorized privileges. The issue is triggered when the 'NtCreateThread()' function fails to properly handle thread creation attempts, allowing a local authenticated attacker to gain full user privileges. |
| 66987 | Microsoft Windows SChannel Malformed Certificate Request Remote Code Execution Microsoft Windows contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue exists in the way that SChannel on a client machine validates a certificate request message sent by the server, and can result in convincing a user to view the malicious Web site containing arbitrary code. |
| 66986 | Microsoft Windows Movie Maker Imported Projector File (.MSWMM) String Parsing... Windows Movie Maker contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the way that Windows Movie Maker handles specially crafted project files. This may allow an attacker to take complete control of an affected system. |
| 66985 | Microsoft Windows MPEG Layer-3 Audio Stream Decoding Overflow Microsoft Windows contains a flaw that may exists in the way that Microsoft DirectShow MP3 filter handles supported format files.. This could allow code execution if a user opened a specially crafted audio file. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. |
| 66984 | Microsoft Windows iccvid.dll VIDC (Cinepak) Codec Decompression Arbitrary Cod... Microsoft Windows contains a flaw in the way the Cinepak codec handles supported format files. The issue could allow code execution if a user opened a specially crafted media file. If a user is logged on with administrative user rights, this may allow an attacker to take complete control of an affected system. |
| 66983 | Microsoft Windows win32k.sys Driver xxxCreateWindowsEx hParent Value Handling... Microsoft Windows contains a flaw that may allow an attacker to gain access to unauthorized privileges. The issue is triggered when the kernel-mode drivers in win32k.sys fail to properly validate pseudo-handle values in callback parameters during window creation, allowing a local authenticated attacker to gain full user privileges. |
| 66982 | Microsoft Windows win32k.sys Driver User Mode Input Unspecified Local Privile... Microsoft Windows contains a flaw that may allow an attacker to gain access to unauthorized privileges. The issue is triggered when the kernel-mode drivers in win32k.sys fail to properly validate user-mode input passed to kernel mode, allowing a local authenticated attacker to gain full user privileges. |
| 66981 | Microsoft Windows win32k.sys Driver User Mode Copy Memory Allocation Local Pr... Microsoft Windows contains a flaw that may allow an attacker to gain access to unauthorized privileges. The issue is triggered when win32k.sys fails to properly allocate memory when copying data from user mode, allowing a local authenticated attacker to cause a pool overflow and gain full user privileges. |
| 66980 | Microsoft Windows win32k.sys Driver Exception Handling Unspecified Local Priv... Microsoft Windows contains a flaw that may allow an attacker to gain access to unauthorized privileges. The issue is triggered when the kernel-mode drivers in win32k.sys fail to properly handle certain exceptions, allowing a local, authenticated attacker to gain elevated privileges. |
| 66978 | Microsoft Windows Tracing Feature for Services Registry String Handling Memor... A memory corruption flaw exists in Microsoft Windows. The Tracing Feature for Services fails to sanitize user-supplied input, resulting in memory corruption. With a specially crafted overly long string, a local, authenticated attacker can gain full user privileges. |
| 66976 | Microsoft Windows SMB Server Compounded Request Handling Stack Exhaustion Rem... Microsoft Windows contains a flaw that may allow a denial of service. The issue is triggered when an error when handling Server Message Block (SMB) version 2 compounded requests can be exploited via a specially crafted SMB packet. It can cause a system running the Server service to stop responding. |
| 66975 | Microsoft Windows SMB Server Crafted Packet Handling Unspecified Remote DoS Microsoft Windows contains a flaw that may allow a denial of service. The issue is triggered when a variable validation error when parsing Server Message Block (SMB) packets can be exploited via a specially crafted SMB packet and it can cause a system running the Server service to stop responding. |
| 66974 | Microsoft Windows SMB Server SMB_COM_TRANSACTION2 Request Handling Remote Cod... Microsoft Windows contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to an error when validating certain Server Message Block (SMB) fields can be exploited to cause a SMB pool overflow via a specially crafted SMB_COM_TRANSACTION2 request to a system running the Server service and it can allow execution of arbitrary code. |
| 66973 | Microsoft XML Core Services Msxml2.XMLHTTP.3.0 ActiveX HTTP Response Handling... A memory corruption flaw exists in Microsoft XML Core Services. The 'Msxml2.XMLHTTP.3.0' ActiveX control fails to sanitize user-supplied input when handling invalid HTTP responses, resulting in memory corruption. With a specially crafted page or mail, a context-dependent attacker can execute arbitrary code. |
| 66387 | Microsoft Windows Shell LNK File Parsing Arbitrary Command Execution Windows contains a flaw that may allow an attacker to execute arbitrary code. The issue is triggered by a specially crafted .LNK or .PIF shortcut file which contains an icon resource that points to a malicious DLL file. |
| 66315 | HP Insight Manager TLS Renegotiation Handshakes MiTM Plaintext Data Injection |
| 65202 | OpenOffice.org (OOo) TLS Renegotiation Handshakes MiTM Plaintext Data Injection |
| 64725 | HP System Management Homepage (SMH) TLS Renegotiation Handshakes MiTM Plainte... |
| 64499 | ArubaOS HTTPS WebUI Admin Interface TLS Renegotiation Handshakes MiTM Plainte... |
| 64040 | IBM DB2 TLS Renegotiation Handshakes MiTM Plaintext Data Injection |
| 62877 | SSH Tectia Audit Player TLS Renegotiation Handshakes MiTM Plaintext Data Inje... |
| 62536 | Blue Coat Products TLS Renegotiation Handshakes MiTM Plaintext Data Injection |
| 62273 | Opera TLS Renegotiation Handshakes MiTM Plaintext Data Injection |
| 62210 | Aruba Mobility Controller TLS Renegotiation Handshakes MiTM Plaintext Data In... |
| 62135 | Network Security Services (NSS) TLS Renegotiation Handshakes MiTM Plaintext D... |
| 62064 | IBM Java TLS Renegotiation Handshakes MiTM Plaintext Data Injection |
| 61929 | IBM WebSphere Application Server TLS Renegotiation Handshakes MiTM Plaintext ... |
| 61785 | Avaya Products Multiple Product TLS Renegotiation Handshakes MiTM Plaintext D... |
| 61784 | Sun Java System Multiple Product TLS Renegotiation Handshakes MiTM Plaintext ... |
| 61718 | IBM WebSphere DataPower TLS Renegotiation Handshakes MiTM Plaintext Data Inje... |
| 61234 | IBM SDK for Java TLS Renegotiation Handshakes MiTM Plaintext Data Injection |
| 60521 | Ingate Firewall/SIParator SSL / TLS Renegotiation Handshakes MiTM Plaintext D... |
| 60366 | Cisco Multiple Devices TLS Renegotiation Handshakes MiTM Plaintext Data Injec... |
| 59974 | MatrixSSL TLS Renegotiation Handshakes MiTM Plaintext Data Injection |
| 59973 | Citrix Secure Gateway TLS Renegotiation Handshakes MiTM Plaintext Data Injection |
| 59972 | GnuTLS TLS Renegotiation Handshakes MiTM Plaintext Data Injection |
| 59971 | OpenSSL TLS Renegotiation Handshakes MiTM Plaintext Data Injection |
| 59970 | Mozilla Network Security Services (NSS) SSL / TLS Renegotiation Handshakes Mi... |
| 59969 | Apache HTTP Server mod_ssl SSL / TLS Renegotiation Handshakes MiTM Plaintext ... |
| 59968 | Microsoft Multiple Products SSL / TLS Renegotiation Handshakes MiTM Plaintext... |
Information Assurance Vulnerability Management (IAVM)
| Date | Description |
|---|---|
| 2012-05-03 | IAVM : 2012-B-0048 - Multiple Vulnerabilities in HP Systems Insight Manager Severity : Category I - VMSKEY : V0032178 |
| 2012-04-05 | IAVM : 2012-B-0038 - Multiple Vulnerabilities in HP Onboard Administrator Severity : Category I - VMSKEY : V0031972 |
| 2011-05-12 | IAVM : 2011-A-0066 - Multiple Vulnerabilities in VMware Products Severity : Category I - VMSKEY : V0027158 |
| 2010-08-12 | IAVM : 2010-A-0107 - Microsoft MPEG Layer-3 Codecs Remote Code Execution Vulnerability Severity : Category II - VMSKEY : V0025061 |
| 2010-08-12 | IAVM : 2010-A-0103 - Microsoft Cinepak Codec Remote Code Execution Vulnerability Severity : Category II - VMSKEY : V0025067 |
| 2010-08-12 | IAVM : 2010-B-0064 - Multiple Vulnerabilities in Microsoft Windows Tracing Feature for Services Severity : Category I - VMSKEY : V0025074 |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2018-02-03 | Microsoft Windows MPEG Layer-3 audio heap corruption attempt RuleID : 45316 - Revision : 1 - Type : FILE-OTHER |
| 2018-02-03 | Microsoft Windows MPEG Layer-3 audio heap corruption attempt RuleID : 45315 - Revision : 1 - Type : FILE-OTHER |
| 2017-09-26 | Microsoft Office Word rich text format invalid field size memory corruption a... RuleID : 44157 - Revision : 1 - Type : FILE-OFFICE |
| 2016-07-13 | Microsoft Internet Explorer use-after-free memory corruption attempt RuleID : 39175 - Revision : 2 - Type : BROWSER-IE |
| 2016-07-13 | Microsoft Internet Explorer iframe uninitialized memory corruption attempt RuleID : 39174 - Revision : 1 - Type : BROWSER-IE |
| 2016-04-19 | Microsoft Office Word HTML linked objects memory corruption attempt RuleID : 38267 - Revision : 2 - Type : FILE-OFFICE |
| 2016-04-19 | Microsoft Office Word HTML linked objects memory corruption attempt RuleID : 38266 - Revision : 2 - Type : FILE-OFFICE |
| 2016-04-05 | Microsoft Internet Explorer boundElements arbitrary code execution attempt RuleID : 37956 - Revision : 1 - Type : BROWSER-IE |
| 2016-04-05 | Microsoft Internet Explorer boundElements arbitrary code execution attempt RuleID : 37955 - Revision : 1 - Type : BROWSER-IE |
| 2016-04-05 | Microsoft Internet Explorer boundElements arbitrary code execution attempt RuleID : 37954 - Revision : 1 - Type : BROWSER-IE |
| 2016-04-05 | Microsoft Internet Explorer malformed table tag memory corruption attempt RuleID : 37936 - Revision : 1 - Type : BROWSER-IE |
| 2016-04-05 | Microsoft Internet Explorer malformed table tag memory corruption attempt RuleID : 37935 - Revision : 1 - Type : BROWSER-IE |
| 2015-07-13 | Win.Trojan.Fanny outbound connection RuleID : 34857 - Revision : 2 - Type : MALWARE-CNC |
| 2014-11-16 | Microsoft Office Word rich text format unexpected field type memory corruptio... RuleID : 31845 - Revision : 3 - Type : FILE-OFFICE |
| 2014-11-16 | Microsoft Office Word rich text format unexpected field type memory corruptio... RuleID : 31844 - Revision : 3 - Type : FILE-OFFICE |
| 2014-11-16 | Microsoft Office Word rich text format unexpected field type memory corruptio... RuleID : 31843 - Revision : 3 - Type : FILE-OFFICE |
| 2014-03-20 | Microsoft Windows secure channel malformed certificate request memory corrupt... RuleID : 29823 - Revision : 4 - Type : OS-WINDOWS |
| 2014-01-10 | DNS request for known malware domain level4-co1-as30912.su RuleID : 28067 - Revision : 2 - Type : BLACKLIST |
| 2014-01-10 | DNS request for known malware domain level4-co2-as30938.su RuleID : 28066 - Revision : 2 - Type : BLACKLIST |
| 2014-01-10 | DNS request for known malware domain x2v9.com RuleID : 28065 - Revision : 2 - Type : BLACKLIST |
| 2014-01-10 | DNS request for known malware domain intelbackupsrv.su RuleID : 28064 - Revision : 2 - Type : BLACKLIST |
| 2014-01-10 | DNS request for known malware domain intelsystems.su RuleID : 28063 - Revision : 2 - Type : BLACKLIST |
| 2014-01-10 | DNS request for known malware domain intelsecurity.su RuleID : 28062 - Revision : 2 - Type : BLACKLIST |
| 2014-01-10 | DNS request for known malware domain intelcore.su RuleID : 28061 - Revision : 2 - Type : BLACKLIST |
| 2014-01-10 | Microsoft LNK shortcut arbitrary dll load attempt RuleID : 24500 - Revision : 6 - Type : FILE-OTHER |
| 2014-01-10 | Microsoft Office Excel pivot item index boundary corruption attempt RuleID : 23559 - Revision : 7 - Type : FILE-OFFICE |
| 2014-01-10 | Microsoft Office Excel pivot item index boundary corruption attempt RuleID : 23558 - Revision : 5 - Type : FILE-OFFICE |
| 2014-01-10 | Microsoft Windows MSXML2 ActiveX malformed HTTP response RuleID : 21754 - Revision : 9 - Type : OS-WINDOWS |
| 2014-01-10 | Microsoft Office Word sprmCMajority record buffer overflow attempt RuleID : 19459 - Revision : 15 - Type : FILE-OFFICE |
| 2014-01-10 | Microsoft Office Word sprmCMajority record buffer overflow attempt RuleID : 19458 - Revision : 15 - Type : FILE-OFFICE |
| 2014-01-10 | Microsoft Windows AVI cinepak codec decompression remote code execution attempt RuleID : 19403 - Revision : 17 - Type : FILE-MULTIMEDIA |
| 2014-01-10 | Microsoft Office Word HTML linked objects memory corruption attempt RuleID : 19295 - Revision : 17 - Type : FILE-OFFICE |
| 2014-01-10 | Microsoft LNK shortcut download attempt RuleID : 19291 - Revision : 4 - Type : NETBIOS |
| 2014-01-10 | Microsoft LNK shortcut arbitary dll load attempt RuleID : 19290 - Revision : 9 - Type : FILE-OTHER |
| 2014-01-10 | Microsoft Internet Explorer iframe uninitialized memory corruption attempt RuleID : 19181 - Revision : 14 - Type : BROWSER-IE |
| 2014-01-10 | Microsoft Office Excel pivot item index boundary corruption attempt RuleID : 19180 - Revision : 20 - Type : FILE-OFFICE |
| 2014-01-10 | Microsoft Internet Explorer malformed table tag memory corruption attempt RuleID : 19150 - Revision : 13 - Type : BROWSER-IE |
| 2014-01-10 | Microsoft Internet Explorer malformed table tag memory corruption attempt RuleID : 19149 - Revision : 13 - Type : BROWSER-IE |
| 2014-01-10 | Microsoft Windows MPEG Layer-3 audio heap corruption attempt RuleID : 19144 - Revision : 14 - Type : FILE-OTHER |
| 2014-01-10 | Microsoft Windows Movie Maker string size overflow attempt RuleID : 19063 - Revision : 16 - Type : FILE-MULTIMEDIA |
| 2014-01-10 | Microsoft Windows MSXML2 ActiveX malformed HTTP response RuleID : 18962 - Revision : 12 - Type : OS-WINDOWS |
| 2014-01-10 | Microsoft Windows MSXML2 ActiveX malformed HTTP response RuleID : 18961 - Revision : 15 - Type : OS-WINDOWS |
| 2014-01-10 | rich text format unexpected field type memory corruption attempt RuleID : 18954 - Revision : 13 - Type : FILE-OTHER |
| 2014-01-10 | rich text format unexpected field type memory corruption attempt RuleID : 18953 - Revision : 13 - Type : FILE-OTHER |
| 2014-01-10 | Microsoft Windows MPEG Layer-3 audio heap corruption attempt RuleID : 18463 - Revision : 16 - Type : FILE-OTHER |
| 2014-01-10 | Microsoft Internet Explorer 6 race condition exploit attempt RuleID : 17136 - Revision : 9 - Type : BROWSER-IE |
| 2014-01-10 | Microsoft Windows Movie Maker string size overflow attempt RuleID : 17135 - Revision : 16 - Type : FILE-MULTIMEDIA |
| 2014-01-10 | Microsoft Office Excel pivot item index boundary corruption attempt RuleID : 17134 - Revision : 21 - Type : FILE-OFFICE |
| 2014-01-10 | Microsoft Windows MSXML2 ActiveX malformed HTTP response RuleID : 17133 - Revision : 17 - Type : OS-WINDOWS |
| 2014-01-10 | Microsoft Internet Explorer invalid object access attempt RuleID : 17132 - Revision : 18 - Type : BROWSER-IE |
| 2014-01-10 | Microsoft Internet Explorer 8 parent style rendering arbitrary code execution RuleID : 17131 - Revision : 21 - Type : BROWSER-IE |
| 2014-01-10 | Microsoft Internet Explorer boundElements arbitrary code execution attempt RuleID : 17130 - Revision : 14 - Type : BROWSER-IE |
| 2014-01-10 | Microsoft Internet Explorer use-after-free memory corruption attempt RuleID : 17129 - Revision : 24 - Type : BROWSER-IE |
| 2014-01-10 | Microsoft Windows AVI cinepak codec decompression remote code execution attempt RuleID : 17128 - Revision : 19 - Type : FILE-MULTIMEDIA |
| 2015-05-28 | BytesIndicated validation dos attempt RuleID : 17127 - Revision : 5 - Type : NETBIOS |
| 2014-01-10 | Microsoft Windows SMB large session length with small packet RuleID : 17126 - Revision : 10 - Type : OS-WINDOWS |
| 2014-01-10 | Microsoft Windows SMB Trans2 MaxDataCount overflow attempt RuleID : 17125 - Revision : 11 - Type : OS-WINDOWS |
| 2014-01-10 | Microsoft Office Word HTML linked objects memory corruption attempt RuleID : 17124 - Revision : 15 - Type : FILE-OFFICE |
| 2014-01-10 | Microsoft Office Word rich text format invalid field size memory corruption a... RuleID : 17123 - Revision : 18 - Type : FILE-OFFICE |
| 2014-01-10 | Microsoft Office Word rich text format unexpected field type memory corruptio... RuleID : 17122 - Revision : 17 - Type : FILE-OFFICE |
| 2014-01-10 | Microsoft Office Word rich text format unexpected field type memory corruptio... RuleID : 17121 - Revision : 18 - Type : FILE-OFFICE |
| 2014-01-10 | Microsoft Office Word rich text format unexpected field type memory corruptio... RuleID : 17120 - Revision : 18 - Type : FILE-OFFICE |
| 2014-01-10 | Microsoft Office Word sprmCMajority SPRM overflow attempt RuleID : 17119 - Revision : 15 - Type : FILE-OFFICE |
| 2014-01-10 | Microsoft .NET CreateDelegate method arbitrary code execution attempt RuleID : 17118 - Revision : 7 - Type : FILE-EXECUTABLE |
| 2014-01-10 | Microsoft Windows MPEG Layer-3 audio heap corruption attempt RuleID : 17117 - Revision : 17 - Type : FILE-MULTIMEDIA |
| 2014-01-10 | Microsoft Internet Explorer cross domain information disclosure attempt RuleID : 17115 - Revision : 8 - Type : BROWSER-IE |
| 2014-01-10 | Microsoft SilverLight ImageSource remote code execution attempt RuleID : 17114 - Revision : 15 - Type : OS-WINDOWS |
| 2014-01-10 | Microsoft Windows PIF shortcut file download request RuleID : 17043 - Revision : 9 - Type : FILE-IDENTIFY |
| 2014-01-10 | Microsoft LNK shortcut arbitrary dll load attempt RuleID : 17042 - Revision : 17 - Type : FILE-OTHER |
| 2014-01-10 | Microsoft Windows SMBv2 compound request DoS attempt RuleID : 16577 - Revision : 9 - Type : OS-WINDOWS |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2018-04-03 | Name : The remote web server may allow remote code execution. File : iis_7_pci.nasl - Type : ACT_GATHER_INFO |
| 2018-03-09 | Name : The remote web server is affected by multiple vulnerabilities. File : nginx_0_7_64.nasl - Type : ACT_GATHER_INFO |
| 2017-11-17 | Name : The remote host is affected by a MITM vulnerability. File : fortios_FG-IR-17-137.nasl - Type : ACT_GATHER_INFO |
| 2016-03-08 | Name : The remote VMware ESX host is missing a security-related patch. File : vmware_VMSA-2010-0015_remote.nasl - Type : ACT_GATHER_INFO |
| 2016-03-08 | Name : The remote VMware ESX host is missing a security-related patch. File : vmware_VMSA-2010-0019_remote.nasl - Type : ACT_GATHER_INFO |
| 2016-03-04 | Name : The remote VMware ESX / ESXi host is missing a security-related patch. File : vmware_VMSA-2011-0003_remote.nasl - Type : ACT_GATHER_INFO |
| 2016-01-25 | Name : The remote Debian host is missing a security update. File : debian_DLA-400.nasl - Type : ACT_GATHER_INFO |
| 2015-05-11 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-3253.nasl - Type : ACT_GATHER_INFO |
| 2014-11-26 | Name : The remote OracleVM host is missing a security update. File : oraclevm_OVMSA-2014-0007.nasl - Type : ACT_GATHER_INFO |
| 2014-11-26 | Name : The remote OracleVM host is missing a security update. File : oraclevm_OVMSA-2014-0008.nasl - Type : ACT_GATHER_INFO |
| 2014-10-10 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL10737.nasl - Type : ACT_GATHER_INFO |
| 2014-06-30 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201406-32.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_compat-openssl097g-110721.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_gnutls-101025.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_gnutls-101206.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_java-1_6_0-openjdk-101103.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_java-1_6_0-sun-101019.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_compat-openssl097g-110721.nasl - Type : ACT_GATHER_INFO |
| 2014-04-16 | Name : The remote AIX host is running a vulnerable version of OpenSSL. File : aix_ssl_advisory.nasl - Type : ACT_GATHER_INFO |
| 2013-11-21 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201311-13.nasl - Type : ACT_GATHER_INFO |
| 2013-09-25 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201309-15.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1579.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1580.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0162.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0163.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2010-0164.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0165.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0166.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0167.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0333.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0339.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0768.nasl - Type : ACT_GATHER_INFO |
| 2013-06-29 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1579.nasl - Type : ACT_GATHER_INFO |
| 2013-06-29 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1580.nasl - Type : ACT_GATHER_INFO |
| 2013-02-22 | Name : The remote Unix host contains a runtime environment that is affected by multi... File : oracle_java_cpu_mar_2010_unix.nasl - Type : ACT_GATHER_INFO |
| 2013-02-22 | Name : The remote Unix host contains a programming platform that is affected by mult... File : oracle_java_cpu_oct_2010_unix.nasl - Type : ACT_GATHER_INFO |
| 2013-02-18 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2626.nasl - Type : ACT_GATHER_INFO |
| 2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0880.nasl - Type : ACT_GATHER_INFO |
| 2013-01-08 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201301-01.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20091111_httpd_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100325_gnutls_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100325_nss_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20100325_openssl097a_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100325_openssl_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100325_openssl_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100331_java_1_6_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100331_java__jdk_1_6_0__on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20101013_java_1_6_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20101014_java__jdk_1_6_0__on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20101110_java_1_6_0_openjdk_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
| 2012-06-25 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201206-18.nasl - Type : ACT_GATHER_INFO |
| 2012-06-21 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201203-22.nasl - Type : ACT_GATHER_INFO |
| 2012-06-15 | Name : The remote Windows host contains software that is affected by multiple vulner... File : hp_systems_insight_manager_700_multiple_vulns.nasl - Type : ACT_GATHER_INFO |
| 2012-05-17 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_4_2-ibm-7036.nasl - Type : ACT_GATHER_INFO |
| 2011-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_compat-openssl097g-7645.nasl - Type : ACT_GATHER_INFO |
| 2011-10-12 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201110-05.nasl - Type : ACT_GATHER_INFO |
| 2011-07-28 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_compat-openssl097g-110721.nasl - Type : ACT_GATHER_INFO |
| 2011-07-28 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_compat-openssl097g-7644.nasl - Type : ACT_GATHER_INFO |
| 2011-05-13 | Name : The remote database server is affected by multiple vulnerabilities. File : oracle_rdbms_cpu_apr_2011.nasl - Type : ACT_GATHER_INFO |
| 2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_gnutls-101025.nasl - Type : ACT_GATHER_INFO |
| 2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_gnutls-101206.nasl - Type : ACT_GATHER_INFO |
| 2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_java-1_6_0-openjdk-101103.nasl - Type : ACT_GATHER_INFO |
| 2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_gnutls-101025.nasl - Type : ACT_GATHER_INFO |
| 2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_gnutls-101206.nasl - Type : ACT_GATHER_INFO |
| 2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_java-1_6_0-openjdk-101103.nasl - Type : ACT_GATHER_INFO |
| 2011-05-02 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12705.nasl - Type : ACT_GATHER_INFO |
| 2011-03-17 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_MozillaFirefox-100407.nasl - Type : ACT_GATHER_INFO |
| 2011-03-17 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_mozilla-xulrunner190-100407.nasl - Type : ACT_GATHER_INFO |
| 2011-02-14 | Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2011-0003.nasl - Type : ACT_GATHER_INFO |
| 2011-01-27 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_gnutls-7299.nasl - Type : ACT_GATHER_INFO |
| 2011-01-27 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_6_0-sun-7204.nasl - Type : ACT_GATHER_INFO |
| 2011-01-25 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-ibm-101220.nasl - Type : ACT_GATHER_INFO |
| 2011-01-21 | Name : The remote SuSE 11 host is missing a security update. File : suse_11_java-1_4_2-ibm-100510.nasl - Type : ACT_GATHER_INFO |
| 2011-01-21 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_4_2-ibm-101112.nasl - Type : ACT_GATHER_INFO |
| 2011-01-10 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2141.nasl - Type : ACT_GATHER_INFO |
| 2010-12-17 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12658.nasl - Type : ACT_GATHER_INFO |
| 2010-12-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0987.nasl - Type : ACT_GATHER_INFO |
| 2010-12-16 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_gnutls-101206.nasl - Type : ACT_GATHER_INFO |
| 2010-12-08 | Name : The remote VMware ESX host is missing one or more security-related patches. File : vmware_VMSA-2010-0019.nasl - Type : ACT_GATHER_INFO |
| 2010-12-02 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_MozillaFirefox-100406.nasl - Type : ACT_GATHER_INFO |
| 2010-12-02 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-sun-100331.nasl - Type : ACT_GATHER_INFO |
| 2010-12-02 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-sun-101019.nasl - Type : ACT_GATHER_INFO |
| 2010-12-02 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libfreebl3-100406.nasl - Type : ACT_GATHER_INFO |
| 2010-12-02 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libopenssl-devel-100331.nasl - Type : ACT_GATHER_INFO |
| 2010-12-02 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_mozilla-xulrunner190-100406.nasl - Type : ACT_GATHER_INFO |
| 2010-12-02 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_5_0-ibm-7205.nasl - Type : ACT_GATHER_INFO |
| 2010-12-01 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12659.nasl - Type : ACT_GATHER_INFO |
| 2010-11-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0865.nasl - Type : ACT_GATHER_INFO |
| 2010-10-29 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1010-1.nasl - Type : ACT_GATHER_INFO |
| 2010-10-28 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0807.nasl - Type : ACT_GATHER_INFO |
| 2010-10-22 | Name : The remote Fedora host is missing a security update. File : fedora_2010-16240.nasl - Type : ACT_GATHER_INFO |
| 2010-10-22 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_java-1_6_0-sun-101019.nasl - Type : ACT_GATHER_INFO |
| 2010-10-22 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_java-1_6_0-sun-101019.nasl - Type : ACT_GATHER_INFO |
| 2010-10-21 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0786.nasl - Type : ACT_GATHER_INFO |
| 2010-10-20 | Name : The remote web server is affected by multiple vulnerabilities. File : apache_2_0_64.nasl - Type : ACT_GATHER_INFO |
| 2010-10-20 | Name : The remote web server is affected by multiple vulnerabilities File : apache_2_2_15.nasl - Type : ACT_GATHER_INFO |
| 2010-10-20 | Name : The remote Fedora host is missing a security update. File : fedora_2010-16294.nasl - Type : ACT_GATHER_INFO |
| 2010-10-20 | Name : The remote host has a version of Java that is affected by multiple vulnerabil... File : macosx_java_10_5_update8.nasl - Type : ACT_GATHER_INFO |
| 2010-10-20 | Name : The remote host has a version of Java that is affected by multiple vulnerabil... File : macosx_java_10_6_update3.nasl - Type : ACT_GATHER_INFO |
| 2010-10-20 | Name : An application installed on the remote Mac OS X host is affected by multiple ... File : macosx_ms_office_aug2010.nasl - Type : ACT_GATHER_INFO |
| 2010-10-18 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0768.nasl - Type : ACT_GATHER_INFO |
| 2010-10-18 | Name : The remote Fedora host is missing a security update. File : fedora_2010-16312.nasl - Type : ACT_GATHER_INFO |
| 2010-10-15 | Name : The remote Windows host contains a programming platform that is affected by m... File : oracle_java_cpu_oct_2010.nasl - Type : ACT_GATHER_INFO |
| 2010-10-15 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0770.nasl - Type : ACT_GATHER_INFO |
| 2010-10-14 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0768.nasl - Type : ACT_GATHER_INFO |
| 2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_MozillaFirefox-6979.nasl - Type : ACT_GATHER_INFO |
| 2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_compat-openssl097g-6657.nasl - Type : ACT_GATHER_INFO |
| 2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_5_0-ibm-7077.nasl - Type : ACT_GATHER_INFO |
| 2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_mozilla-nss-6978.nasl - Type : ACT_GATHER_INFO |
| 2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_mozilla-xulrunner190-6971.nasl - Type : ACT_GATHER_INFO |
| 2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_openssl-6655.nasl - Type : ACT_GATHER_INFO |
| 2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_openssl-6944.nasl - Type : ACT_GATHER_INFO |
| 2010-10-04 | Name : The remote VMware ESX host is missing one or more security-related patches. File : vmware_VMSA-2010-0015.nasl - Type : ACT_GATHER_INFO |
| 2010-09-22 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-990-1.nasl - Type : ACT_GATHER_INFO |
| 2010-09-22 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-990-2.nasl - Type : ACT_GATHER_INFO |
| 2010-09-17 | Name : The remote web server is affected by multiple vulnerabilities. File : hpsmh_6_2_0_12.nasl - Type : ACT_GATHER_INFO |
| 2010-09-07 | Name : The remote database server is affected by multiple vulnerabilities. File : db2_95fp6.nasl - Type : ACT_GATHER_INFO |
| 2010-08-23 | Name : It is possible to execute arbitrary code on the remote Windows host due to fl... File : smb_pool_overflow.nasl - Type : ACT_GATHER_INFO |
| 2010-08-11 | Name : The Windows kernel is affected by several vulnerabilities that could allow es... File : smb_nt_ms10-047.nasl - Type : ACT_GATHER_INFO |
| 2010-08-11 | Name : The Windows kernel is affected by several vulnerabilities that could allow es... File : smb_nt_ms10-048.nasl - Type : ACT_GATHER_INFO |
| 2010-08-11 | Name : It may be possible to execute arbitrary code on the remote Windows host using... File : smb_nt_ms10-049.nasl - Type : ACT_GATHER_INFO |
| 2010-08-11 | Name : Arbitrary code can be executed on the remote host through Windows Movie Maker. File : smb_nt_ms10-050.nasl - Type : ACT_GATHER_INFO |
| 2010-08-11 | Name : Arbitrary code can be executed on the remote host through its Microsoft XML C... File : smb_nt_ms10-051.nasl - Type : ACT_GATHER_INFO |
| 2010-08-11 | Name : An audio codec on the remote Windows host has a buffer overflow vulnerability. File : smb_nt_ms10-052.nasl - Type : ACT_GATHER_INFO |
| 2010-08-11 | Name : Arbitrary code can be executed on the remote host through a web browser. File : smb_nt_ms10-053.nasl - Type : ACT_GATHER_INFO |
| 2010-08-11 | Name : It is possible to execute arbitrary code on the remote Windows host due to fl... File : smb_nt_ms10-054.nasl - Type : ACT_GATHER_INFO |
| 2010-08-11 | Name : A media codec on the remote Windows host has a code execution vulnerability. File : smb_nt_ms10-055.nasl - Type : ACT_GATHER_INFO |
| 2010-08-11 | Name : Arbitrary code can be executed on the remote host through Microsoft Word. File : smb_nt_ms10-056.nasl - Type : ACT_GATHER_INFO |
| 2010-08-11 | Name : Arbitrary code can be executed on the remote host through Microsoft Office Ex... File : smb_nt_ms10-057.nasl - Type : ACT_GATHER_INFO |
| 2010-08-11 | Name : The remote host has multiple vulnerabilities in its TCP/IP implementation. File : smb_nt_ms10-058.nasl - Type : ACT_GATHER_INFO |
| 2010-08-11 | Name : The remote Windows host has multiple privilege escalation vulnerabilities. File : smb_nt_ms10-059.nasl - Type : ACT_GATHER_INFO |
| 2010-08-11 | Name : The Microsoft .NET Common Language Runtime and/or Microsoft Silverlight have ... File : smb_nt_ms10-060.nasl - Type : ACT_GATHER_INFO |
| 2010-08-02 | Name : The remote windows host is affected by a remote code execution vulnerability. File : smb_nt_ms10-046.nasl - Type : ACT_GATHER_INFO |
| 2010-07-26 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-927-6.nasl - Type : ACT_GATHER_INFO |
| 2010-07-18 | Name : It may be possible to execute arbitrary code on the remote Windows host using... File : smb_kb_2286198.nasl - Type : ACT_GATHER_INFO |
| 2010-07-07 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12623.nasl - Type : ACT_GATHER_INFO |
| 2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2009-12747.nasl - Type : ACT_GATHER_INFO |
| 2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-1127.nasl - Type : ACT_GATHER_INFO |
| 2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-3905.nasl - Type : ACT_GATHER_INFO |
| 2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-3929.nasl - Type : ACT_GATHER_INFO |
| 2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-3956.nasl - Type : ACT_GATHER_INFO |
| 2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-5357.nasl - Type : ACT_GATHER_INFO |
| 2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-5942.nasl - Type : ACT_GATHER_INFO |
| 2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-6025.nasl - Type : ACT_GATHER_INFO |
| 2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-6039.nasl - Type : ACT_GATHER_INFO |
| 2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-6131.nasl - Type : ACT_GATHER_INFO |
| 2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-6279.nasl - Type : ACT_GATHER_INFO |
| 2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-8742.nasl - Type : ACT_GATHER_INFO |
| 2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-9487.nasl - Type : ACT_GATHER_INFO |
| 2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-9518.nasl - Type : ACT_GATHER_INFO |
| 2010-06-30 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-927-4.nasl - Type : ACT_GATHER_INFO |
| 2010-06-14 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0339.nasl - Type : ACT_GATHER_INFO |
| 2010-06-11 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12621.nasl - Type : ACT_GATHER_INFO |
| 2010-06-07 | Name : The remote Windows host has an application installed that is affected by mult... File : openoffice_321.nasl - Type : ACT_GATHER_INFO |
| 2010-06-04 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201006-18.nasl - Type : ACT_GATHER_INFO |
| 2010-06-01 | Name : The remote database server is affected by multiple vulnerabilities. File : db2_97fp2.nasl - Type : ACT_GATHER_INFO |
| 2010-05-19 | Name : The remote web server has multiple vulnerabilities. File : hpsmh_6_1_0_102.nasl - Type : ACT_GATHER_INFO |
| 2010-05-19 | Name : The remote host has a version of Java that is affected by multiple vulnerabil... File : macosx_java_10_5_update7.nasl - Type : ACT_GATHER_INFO |
| 2010-05-19 | Name : The remote host has a version of Java that is affected by multiple vulnerabil... File : macosx_java_10_6_update2.nasl - Type : ACT_GATHER_INFO |
| 2010-05-11 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0155.nasl - Type : ACT_GATHER_INFO |
| 2010-05-11 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0162.nasl - Type : ACT_GATHER_INFO |
| 2010-05-11 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0163.nasl - Type : ACT_GATHER_INFO |
| 2010-05-11 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2010-0164.nasl - Type : ACT_GATHER_INFO |
| 2010-05-11 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0165.nasl - Type : ACT_GATHER_INFO |
| 2010-05-11 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0166.nasl - Type : ACT_GATHER_INFO |
| 2010-05-11 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0167.nasl - Type : ACT_GATHER_INFO |
| 2010-05-11 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0333.nasl - Type : ACT_GATHER_INFO |
| 2010-05-11 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0337.nasl - Type : ACT_GATHER_INFO |
| 2010-05-11 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2010-0338.nasl - Type : ACT_GATHER_INFO |
| 2010-05-11 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0339.nasl - Type : ACT_GATHER_INFO |
| 2010-04-30 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_java-1_6_0-openjdk-100428.nasl - Type : ACT_GATHER_INFO |
| 2010-04-30 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_java-1_6_0-openjdk-100428.nasl - Type : ACT_GATHER_INFO |
| 2010-04-30 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_java-1_6_0-openjdk-100412.nasl - Type : ACT_GATHER_INFO |
| 2010-04-29 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-084.nasl - Type : ACT_GATHER_INFO |
| 2010-04-28 | Name : The remote database server is affected by multiple issues. File : db2_9fp9.nasl - Type : ACT_GATHER_INFO |
| 2010-04-19 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-076.nasl - Type : ACT_GATHER_INFO |
| 2010-04-14 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-070.nasl - Type : ACT_GATHER_INFO |
| 2010-04-14 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_firefox35upgrade-100407.nasl - Type : ACT_GATHER_INFO |
| 2010-04-14 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_mozilla-xulrunner190-100407.nasl - Type : ACT_GATHER_INFO |
| 2010-04-14 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_MozillaFirefox-branding-openSUSE-100413.nasl - Type : ACT_GATHER_INFO |
| 2010-04-14 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_firefox35upgrade-100407.nasl - Type : ACT_GATHER_INFO |
| 2010-04-14 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_mozilla-xulrunner190-100407.nasl - Type : ACT_GATHER_INFO |
| 2010-04-14 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_MozillaFirefox-100412.nasl - Type : ACT_GATHER_INFO |
| 2010-04-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_libfreebl3-100407.nasl - Type : ACT_GATHER_INFO |
| 2010-04-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_libfreebl3-100407.nasl - Type : ACT_GATHER_INFO |
| 2010-04-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_MozillaThunderbird-100406.nasl - Type : ACT_GATHER_INFO |
| 2010-04-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_libfreebl3-100406.nasl - Type : ACT_GATHER_INFO |
| 2010-04-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_seamonkey-100406.nasl - Type : ACT_GATHER_INFO |
| 2010-04-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_MozillaFirefox-6970.nasl - Type : ACT_GATHER_INFO |
| 2010-04-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_mozilla-nspr-6977.nasl - Type : ACT_GATHER_INFO |
| 2010-04-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_mozilla-xulrunner190-6976.nasl - Type : ACT_GATHER_INFO |
| 2010-04-12 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-927-1.nasl - Type : ACT_GATHER_INFO |
| 2010-04-09 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0333.nasl - Type : ACT_GATHER_INFO |
| 2010-04-09 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-069.nasl - Type : ACT_GATHER_INFO |
| 2010-04-09 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_java-1_6_0-sun-100331.nasl - Type : ACT_GATHER_INFO |
| 2010-04-09 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_java-1_6_0-sun-100331.nasl - Type : ACT_GATHER_INFO |
| 2010-04-09 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_libopenssl-devel-100331.nasl - Type : ACT_GATHER_INFO |
| 2010-04-09 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_java-1_6_0-sun-100331.nasl - Type : ACT_GATHER_INFO |
| 2010-04-09 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_libopenssl-devel-100401.nasl - Type : ACT_GATHER_INFO |
| 2010-04-09 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-923-1.nasl - Type : ACT_GATHER_INFO |
| 2010-04-02 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12606.nasl - Type : ACT_GATHER_INFO |
| 2010-03-31 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_9ccfee393c3b11df9edc000f20797ede.nasl - Type : ACT_GATHER_INFO |
| 2010-03-31 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_359.nasl - Type : ACT_GATHER_INFO |
| 2010-03-31 | Name : The remote Windows host contains a mail client that is affected by multiple v... File : mozilla_thunderbird_304.nasl - Type : ACT_GATHER_INFO |
| 2010-03-31 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : seamonkey_204.nasl - Type : ACT_GATHER_INFO |
| 2010-03-31 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_openssl-6943.nasl - Type : ACT_GATHER_INFO |
| 2010-03-30 | Name : The remote Windows host contains a runtime environment that is affected by mu... File : oracle_java_cpu_mar_2010.nasl - Type : ACT_GATHER_INFO |
| 2010-03-29 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0162.nasl - Type : ACT_GATHER_INFO |
| 2010-03-29 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2010-0164.nasl - Type : ACT_GATHER_INFO |
| 2010-03-29 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0165.nasl - Type : ACT_GATHER_INFO |
| 2010-03-29 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0166.nasl - Type : ACT_GATHER_INFO |
| 2010-03-29 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0167.nasl - Type : ACT_GATHER_INFO |
| 2010-03-26 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0163.nasl - Type : ACT_GATHER_INFO |
| 2010-03-23 | Name : The remote Windows host contains a web browser that is affected by Multiple V... File : mozilla_firefox_362.nasl - Type : ACT_GATHER_INFO |
| 2010-03-11 | Name : The remote web server has multiple SSL-related vulnerabilities. File : openssl_0_9_8m.nasl - Type : ACT_GATHER_INFO |
| 2010-03-09 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2010-067-01.nasl - Type : ACT_GATHER_INFO |
| 2010-03-04 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0130.nasl - Type : ACT_GATHER_INFO |
| 2010-03-02 | Name : The remote host contains a web browser that is affected by multiple issues. File : opera_1050.nasl - Type : ACT_GATHER_INFO |
| 2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1934.nasl - Type : ACT_GATHER_INFO |
| 2010-01-20 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2010-001.nasl - Type : ACT_GATHER_INFO |
| 2009-12-28 | Name : The remote Fedora host is missing a security update. File : fedora_2009-13236.nasl - Type : ACT_GATHER_INFO |
| 2009-12-28 | Name : The remote Fedora host is missing a security update. File : fedora_2009-13250.nasl - Type : ACT_GATHER_INFO |
| 2009-12-27 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1694.nasl - Type : ACT_GATHER_INFO |
| 2009-12-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-337.nasl - Type : ACT_GATHER_INFO |
| 2009-12-18 | Name : The remote Fedora host is missing a security update. File : fedora_2009-12229.nasl - Type : ACT_GATHER_INFO |
| 2009-12-18 | Name : The remote Fedora host is missing a security update. File : fedora_2009-12305.nasl - Type : ACT_GATHER_INFO |
| 2009-12-18 | Name : The remote Fedora host is missing a security update. File : fedora_2009-12606.nasl - Type : ACT_GATHER_INFO |
| 2009-12-10 | Name : The remote Fedora host is missing a security update. File : fedora_2009-12604.nasl - Type : ACT_GATHER_INFO |
| 2009-12-10 | Name : The remote Fedora host is missing a security update. File : fedora_2009-12968.nasl - Type : ACT_GATHER_INFO |
| 2009-12-08 | Name : The remote Fedora host is missing a security update. File : fedora_2009-12750.nasl - Type : ACT_GATHER_INFO |
| 2009-12-08 | Name : The remote Fedora host is missing a security update. File : fedora_2009-12775.nasl - Type : ACT_GATHER_INFO |
| 2009-12-08 | Name : The remote Fedora host is missing a security update. File : fedora_2009-12782.nasl - Type : ACT_GATHER_INFO |
| 2009-12-08 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-323.nasl - Type : ACT_GATHER_INFO |
| 2009-12-02 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200912-01.nasl - Type : ACT_GATHER_INFO |
| 2009-11-24 | Name : The remote service allows insecure renegotiation of TLS / SSL connections. File : ssl_renegotiation.nasl - Type : ACT_GATHER_INFO |
| 2009-11-19 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_libopenssl-devel-091112.nasl - Type : ACT_GATHER_INFO |
| 2009-11-19 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_libopenssl-devel-091112.nasl - Type : ACT_GATHER_INFO |
| 2009-11-19 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_libopenssl-devel-091113.nasl - Type : ACT_GATHER_INFO |
| 2009-11-19 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-860-1.nasl - Type : ACT_GATHER_INFO |
| 2009-11-18 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12550.nasl - Type : ACT_GATHER_INFO |
| 2009-11-18 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_compat-openssl097g-091113.nasl - Type : ACT_GATHER_INFO |
| 2009-11-18 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_compat-openssl097g-091113.nasl - Type : ACT_GATHER_INFO |
| 2009-11-18 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_compat-openssl097g-091113.nasl - Type : ACT_GATHER_INFO |
| 2009-11-18 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_compat-openssl097g-6656.nasl - Type : ACT_GATHER_INFO |
| 2009-11-18 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_openssl-6654.nasl - Type : ACT_GATHER_INFO |
| 2009-11-17 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2009-320-01.nasl - Type : ACT_GATHER_INFO |
| 2009-11-17 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_compat-openssl097g-091113.nasl - Type : ACT_GATHER_INFO |
| 2009-11-17 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libopenssl-devel-091112.nasl - Type : ACT_GATHER_INFO |
| 2009-11-12 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1579.nasl - Type : ACT_GATHER_INFO |
| 2009-11-12 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1580.nasl - Type : ACT_GATHER_INFO |
| 2009-11-09 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-295.nasl - Type : ACT_GATHER_INFO |
| 2009-01-19 | Name : The remote host is missing Sun Security Patch number 128640-30 File : solaris10_128640.nasl - Type : ACT_GATHER_INFO |
| 2009-01-19 | Name : The remote host is missing Sun Security Patch number 128641-30 File : solaris10_x86_128641.nasl - Type : ACT_GATHER_INFO |
| 2009-01-19 | Name : The remote host is missing Sun Security Patch number 128640-30 File : solaris9_128640.nasl - Type : ACT_GATHER_INFO |
| 2009-01-19 | Name : The remote host is missing Sun Security Patch number 128641-30 File : solaris9_x86_128641.nasl - Type : ACT_GATHER_INFO |
| 2007-10-12 | Name : The remote host is missing Sun Security Patch number 125437-22 File : solaris10_125437.nasl - Type : ACT_GATHER_INFO |
| 2007-10-12 | Name : The remote host is missing Sun Security Patch number 125438-22 File : solaris10_x86_125438.nasl - Type : ACT_GATHER_INFO |
| 2007-10-12 | Name : The remote host is missing Sun Security Patch number 125437-22 File : solaris8_125437.nasl - Type : ACT_GATHER_INFO |
| 2007-10-12 | Name : The remote host is missing Sun Security Patch number 125437-22 File : solaris9_125437.nasl - Type : ACT_GATHER_INFO |
| 2007-10-12 | Name : The remote host is missing Sun Security Patch number 125438-22 File : solaris9_x86_125438.nasl - Type : ACT_GATHER_INFO |
