Executive Summary
This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
| Summary | |
|---|---|
| Title | ESXi utilities and ESX Service Console third party updates |
| Informations | |||
|---|---|---|---|
| Name | VMSA-2010-0009 | First vendor Publication | 2010-05-27 |
| Vendor | VMware | Last vendor Modification | 2010-05-27 |
| Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 10 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| a. Service Console update for COS kernel Updated COS package "kernel" addresses the security issues that are fixed through versions 2.6.18-164.11.1. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-2695, CVE-2009-2908, CVE-2009-3228, CVE-2009-3286, CVE-2009-3547, CVE-2009-3613 to the security issues fixed in kernel 2.6.18-164.6.1 The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-3612, CVE-2009-3620, CVE-2009-3621, CVE-2009-3726 to the security issues fixed in kernel 2.6.18-164.9.1. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2007-4567, CVE-2009-4536, CVE-2009-4537, CVE-2009-4538 to the security issues fixed in kernel 2.6.18-164.10.1 The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2006-6304, CVE-2009-2910, CVE-2009-3080, CVE-2009-3556, CVE-2009-3889, CVE-2009-3939, CVE-2009-4020, CVE-2009-4021, CVE-2009-4138, CVE-2009-4141, and CVE-2009-4272 to the security issues fixed in kernel 2.6.18-164.11.1. b. ESXi userworld update for ntp The Network Time Protocol (NTP) is used to synchronize the time of a computer client or server to another server or reference time source. A vulnerability in ntpd could allow a remote attacker to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-3563 to this issue. c. Service Console package openssl updated to 0.9.8e-12.el5_4.1 OpenSSL is a toolkit implementing SSL v2/v3 and TLS protocols with full-strength cryptography world-wide. A memory leak in the zlib could allow a remote attacker to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-4355 to this issue. A vulnerability was discovered which may allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-2409 to this issue. This update also includes security fixes that were first addressed in version openssl-0.9.8e-12.el5.i386.rpm. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the names CVE-2009-0590, CVE-2009-1377, CVE-2009-1378, CVE-2009-1379, CVE-2009-1386 and CVE-2009-1387 to these issues. d. Service Console update for krb5 to 1.6.1-36.el5_4.1 and pam_krb5 to 2.2.14-15. Kerberos is a network authentication protocol. It is designed to provide strong authentication for client/server applications by using secret-key cryptography. Multiple integer underflows in the AES and RC4 functionality in the crypto library could allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by providing ciphertext with a length that is too short to be valid. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-4212 to this issue. The service console package for pam_krb5 is updated to version pam_krb5-2.2.14-15. This update fixes a flaw found in pam_krb5. In some non-default configurations (specifically, where pam_krb5 would be the first module to prompt for a password), a remote attacker could use this flaw to recognize valid usernames, which would aid a dictionary-based password guess attack. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-1384 to this issue. e. Service Console package bind updated to 9.3.6-4.P1.el5_4.2 BIND (Berkeley Internet Name Daemon) is by far the most widely used Domain Name System (DNS) software on the Internet. A vulnerability was discovered which could allow remote attacker to add the Authenticated Data (AD) flag to a forged NXDOMAIN response for an existing domain. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2010-0097 to this issue. A vulnerability was discovered which could allow remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains CNAME or DNAME records, which do not have the intended validation before caching. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2010-0290 to this issue. A vulnerability was found in the way that bind handles out-of- bailiwick data accompanying a secure response without re-fetching from the original source, which could allow remote attackers to have an unspecified impact via a crafted response. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2010-0382 to this issue. NOTE: ESX does not use the BIND name service daemon by default. f. Service Console package gcc updated to 3.2.3-60 The GNU Compiler Collection includes front ends for C, C++, Objective-C, Fortran, Java, and Ada, as well as libraries for these languages GNU Libtool's ltdl.c attempts to open .la library files in the current working directory. This could allow a local user to gain privileges via a Trojan horse file. The GNU C Compiler collection (gcc) provided in ESX contains a statically linked version of the vulnerable code, and is being replaced. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-3736 to this issue. g. Service Console package gzip update to 1.3.3-15.rhel3 gzip is a software application used for file compression An integer underflow in gzip's unlzw function on 64-bit platforms may allow a remote attacker to trigger an array index error leading to a denial of service (application crash) or possibly execute arbitrary code via a crafted LZW compressed file. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2010-0001 to this issue. h. Service Console package sudo updated to 1.6.9p17-6.el5_4 Sudo (su "do") allows a system administrator to delegate authority to give certain users (or groups of users) the ability to run some (or all) commands as root or another user while providing an audit trail of the commands and their arguments. When a pseudo-command is enabled, sudo permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileges via a crafted executable file. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2010-0426 to this issue. When the runas_default option is used, sudo does not properly set group memberships, which allows local users to gain privileges via a sudo command. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2010-0427 to this issue. |
Original Source
| Url : http://www.vmware.com/security/advisories/VMSA-2010-0009.html |
CAPEC : Common Attack Pattern Enumeration & Classification
| Id | Name |
|---|---|
| CAPEC-1 | Accessing Functionality Not Properly Constrained by ACLs |
| CAPEC-17 | Accessing, Modifying or Executing Executable Files |
| CAPEC-60 | Reusing Session IDs (aka Session Replay) |
| CAPEC-61 | Session Fixation |
| CAPEC-62 | Cross Site Request Forgery (aka Session Riding) |
| CAPEC-122 | Exploitation of Authorization |
| CAPEC-180 | Exploiting Incorrectly Configured Access Control Security Levels |
| CAPEC-232 | Exploitation of Privilege/Trust |
| CAPEC-234 | Hijacking a privileged process |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 21 % | CWE-399 | Resource Management Errors |
| 13 % | CWE-264 | Permissions, Privileges, and Access Controls |
| 11 % | CWE-476 | NULL Pointer Dereference |
| 11 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 8 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
| 8 % | CWE-20 | Improper Input Validation |
| 5 % | CWE-200 | Information Exposure |
| 3 % | CWE-732 | Incorrect Permission Assignment for Critical Resource (CWE/SANS Top 25) |
| 3 % | CWE-672 | Operation on a Resource after Expiration or Release |
| 3 % | CWE-667 | Insufficient Locking |
| 3 % | CWE-401 | Failure to Release Memory Before Removing Last Reference ('Memory Leak') |
| 3 % | CWE-400 | Uncontrolled Resource Consumption ('Resource Exhaustion') |
| 3 % | CWE-362 | Race Condition |
| 3 % | CWE-295 | Certificate Issues |
| 3 % | CWE-287 | Improper Authentication |
| 3 % | CWE-129 | Improper Validation of Array Index |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:10198 | |||
| Oval ID: | oval:org.mitre.oval:def:10198 | ||
| Title: | The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1) BMPString or (2) UniversalString with an invalid encoded length. | ||
| Description: | The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1) BMPString or (2) UniversalString with an invalid encoded length. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-0590 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:10216 | |||
| Oval ID: | oval:org.mitre.oval:def:10216 | ||
| Title: | The d_delete function in fs/ecryptfs/inode.c in eCryptfs in the Linux kernel 2.6.31 allows local users to cause a denial of service (kernel OOPS) and possibly execute arbitrary code via unspecified vectors that cause a "negative dentry" and trigger a NULL pointer dereference, as demonstrated via a Mutt temporary directory in an eCryptfs mount. | ||
| Description: | The d_delete function in fs/ecryptfs/inode.c in eCryptfs in the Linux kernel 2.6.31 allows local users to cause a denial of service (kernel OOPS) and possibly execute arbitrary code via unspecified vectors that cause a "negative dentry" and trigger a NULL pointer dereference, as demonstrated via a Mutt temporary directory in an eCryptfs mount. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-2908 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:10516 | |||
| Oval ID: | oval:org.mitre.oval:def:10516 | ||
| Title: | The fuse_direct_io function in fs/fuse/file.c in the fuse subsystem in the Linux kernel before 2.6.32-rc7 might allow attackers to cause a denial of service (invalid pointer dereference and OOPS) via vectors possibly related to a memory-consumption attack. | ||
| Description: | The fuse_direct_io function in fs/fuse/file.c in the fuse subsystem in the Linux kernel before 2.6.32-rc7 might allow attackers to cause a denial of service (invalid pointer dereference and OOPS) via vectors possibly related to a memory-consumption attack. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-4021 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:10546 | |||
| Oval ID: | oval:org.mitre.oval:def:10546 | ||
| Title: | Integer underflow in the unlzw function in unlzw.c in gzip before 1.4 on 64-bit platforms allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted archive that uses LZW compression, leading to an array index error. | ||
| Description: | Integer underflow in the unlzw function in unlzw.c in gzip before 1.4 on 64-bit platforms, as used in ncompress and probably others, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted archive that uses LZW compression, leading to an array index error. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-0001 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:10740 | |||
| Oval ID: | oval:org.mitre.oval:def:10740 | ||
| Title: | The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL before 1.0.0 Beta 2 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence DTLS handshake message, related to a "fragment bug." | ||
| Description: | The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL before 1.0.0 Beta 2 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence DTLS handshake message, related to a "fragment bug." | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-1387 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:10797 | |||
| Oval ID: | oval:org.mitre.oval:def:10797 | ||
| Title: | The do_coredump function in fs/exec.c in the Linux kernel 2.6.19 sets the flag variable to O_EXCL but does not use it, which allows context-dependent attackers to modify arbitrary files via a rewrite attack during a core dump. | ||
| Description: | The do_coredump function in fs/exec.c in the Linux kernel 2.6.19 sets the flag variable to O_EXCL but does not use it, which allows context-dependent attackers to modify arbitrary files via a rewrite attack during a core dump. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2006-6304 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:10814 | |||
| Oval ID: | oval:org.mitre.oval:def:10814 | ||
| Title: | sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a pseudo-command is enabled, permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileges via a crafted executable file, as demonstrated by a file named sudoedit in a user's home directory. | ||
| Description: | sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a pseudo-command is enabled, permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileges via a crafted executable file, as demonstrated by a file named sudoedit in a user's home directory. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-0426 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:10946 | |||
| Oval ID: | oval:org.mitre.oval:def:10946 | ||
| Title: | sudo 1.6.x before 1.6.9p21, when the runas_default option is used, does not properly set group memberships, which allows local users to gain privileges via a sudo command. | ||
| Description: | sudo 1.6.x before 1.6.9p21, when the runas_default option is used, does not properly set group memberships, which allows local users to gain privileges via a sudo command. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-0427 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:11083 | |||
| Oval ID: | oval:org.mitre.oval:def:11083 | ||
| Title: | The ipv6_hop_jumbo function in net/ipv6/exthdrs.c in the Linux kernel before 2.6.22 does not properly validate the hop-by-hop IPv6 extended header, which allows remote attackers to cause a denial of service (NULL pointer dereference and kernel panic) via a crafted IPv6 packet. | ||
| Description: | The ipv6_hop_jumbo function in net/ipv6/exthdrs.c in the Linux kernel before 2.6.22 does not properly validate the hop-by-hop IPv6 extended header, which allows remote attackers to cause a denial of service (NULL pointer dereference and kernel panic) via a crafted IPv6 packet. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2007-4567 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11167 | |||
| Oval ID: | oval:org.mitre.oval:def:11167 | ||
| Title: | A certain Red Hat patch for net/ipv4/route.c in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5 allows remote attackers to cause a denial of service (deadlock) via crafted packets that force collisions in the IPv4 routing hash table, and trigger a routing "emergency" in which a hash chain is too long. NOTE: this is related to an issue in the Linux kernel before 2.6.31, when the kernel routing cache is disabled, involving an uninitialized pointer and a panic. | ||
| Description: | A certain Red Hat patch for net/ipv4/route.c in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5 allows remote attackers to cause a denial of service (deadlock) via crafted packets that force collisions in the IPv4 routing hash table, and trigger a routing "emergency" in which a hash chain is too long. NOTE: this is related to an issue in the Linux kernel before 2.6.31, when the kernel routing cache is disabled, involving an uninitialized pointer and a panic. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-4272 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11179 | |||
| Oval ID: | oval:org.mitre.oval:def:11179 | ||
| Title: | ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a DTLS ChangeCipherSpec packet that occurs before ClientHello. | ||
| Description: | ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a DTLS ChangeCipherSpec packet that occurs before ClientHello. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-1386 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11225 | |||
| Oval ID: | oval:org.mitre.oval:def:11225 | ||
| Title: | ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons. | ||
| Description: | ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-3563 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11260 | |||
| Oval ID: | oval:org.mitre.oval:def:11260 | ||
| Title: | Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678. | ||
| Description: | Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-4355 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11272 | |||
| Oval ID: | oval:org.mitre.oval:def:11272 | ||
| Title: | Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by providing ciphertext with a length that is too short to be valid. | ||
| Description: | Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by providing ciphertext with a length that is too short to be valid. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-4212 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11309 | |||
| Oval ID: | oval:org.mitre.oval:def:11309 | ||
| Title: | Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consumption) via DTLS records that (1) are duplicates or (2) have sequence numbers much greater than current sequence numbers, aka "DTLS fragment handling memory leak." | ||
| Description: | Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consumption) via DTLS records that (1) are duplicates or (2) have sequence numbers much greater than current sequence numbers, aka "DTLS fragment handling memory leak." | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-1378 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11513 | |||
| Oval ID: | oval:org.mitre.oval:def:11513 | ||
| Title: | Service Console update for COS kernel | ||
| Description: | Multiple race conditions in fs/pipe.c in the Linux kernel before 2.6.32-rc6 allow local users to cause a denial of service (NULL pointer dereference and system crash) or gain privileges by attempting to open an anonymous pipe via a /proc/*/fd/ pathname. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-3547 | Version: | 3 |
| Platform(s): | VMWare ESX Server 3.5 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:11753 | |||
| Oval ID: | oval:org.mitre.oval:def:11753 | ||
| Title: | ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta handles out-of-bailiwick data accompanying a secure response without re-fetching from the original source, which allows remote attackers to have an unspecified impact via a crafted response, aka Bug 20819. NOTE: this vulnerability exists because of a regression during the fix for CVE-2009-4022. | ||
| Description: | ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta handles out-of-bailiwick data accompanying a secure response without re-fetching from the original source, which allows remote attackers to have an unspecified impact via a crafted response, aka Bug 20819. NOTE: this vulnerability exists because of a regression during the fix for CVE-2009-4022. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-0382 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11783 | |||
| Oval ID: | oval:org.mitre.oval:def:11783 | ||
| Title: | DSA-2054 bind9 -- DNS cache poisoning | ||
| Description: | Several cache-poisoning vulnerabilities have been discovered in BIND. These vulnerabilities apply only if DNSSEC validation is enabled and trust anchors have been installed, which is not the default. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-0097 BIND does not properly validate DNSSEC NSEC records, which allows remote attackers to add the Authenticated Data flag to a forged NXDOMAIN response for an existing domain. When processing crafted responses containing CNAME or DNAME records, BIND is subject to a DNS cache poisoning vulnerability, provided that DNSSEC validation is enabled and trust anchors have been installed. When processing certain responses containing out-of-bailiwick data, BIND is subject to a DNS cache poisoning vulnerability, provided that DNSSEC validation is enabled and trust anchors have been installed. In addition, this update introduce a more conservative query behavior in the presence of repeated DNSSEC validation failures, addressing the "roll over and die" phenomenon. The new version also supports the cryptographic algorithm used by the upcoming signed ICANN DNS root , and the NSEC3 secure denial of existence algorithm used by some signed top-level domains. This update is based on a new upstream version of BIND 9, 9.6-ESV-R1. Because of the scope of changes, extra care is recommended when installing the update. Due to ABI changes, new Debian packages are included, and the update has to be installed using "apt-get dist-upgrade". | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2054 CVE-2010-0097 CVE-2010-0290 CVE-2010-0382 | Version: | 7 |
| Platform(s): | Debian GNU/Linux 5.0 | Product(s): | bind9 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12141 | |||
| Oval ID: | oval:org.mitre.oval:def:12141 | ||
| Title: | AIX xntpd denial-of-service vulnerability | ||
| Description: | ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-3563 | Version: | 3 |
| Platform(s): | IBM AIX 5.3 IBM AIX 6.1 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12205 | |||
| Oval ID: | oval:org.mitre.oval:def:12205 | ||
| Title: | HP-UX Running BIND, Remote Compromise of NXDOMAIN Responses. | ||
| Description: | ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta does not properly validate DNSSEC (1) NSEC and (2) NSEC3 records, which allows remote attackers to add the Authenticated Data (AD) flag to a forged NXDOMAIN response for an existing domain. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-0097 | Version: | 11 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12380 | |||
| Oval ID: | oval:org.mitre.oval:def:12380 | ||
| Title: | USN-905-1 -- sudo vulnerabilities | ||
| Description: | It was discovered that sudo did not properly validate the path for the "sudoedit" pseudo-command. A local attacker could exploit this to execute arbitrary code as root if sudo was configured to allow the attacker to use sudoedit. The sudoedit pseudo-command is not used in the default installation of Ubuntu. It was discovered that sudo did not reset group permissions when the "runas_default" configuration option was used. A local attacker could exploit this to escalate group privileges if sudo was configured to allow the attacker to run commands under the runas_default account. The runas_default configuration option is not used in the default installation of Ubuntu. This issue affected Ubuntu 8.04 LTS, 8.10 and 9.04 | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-905-1 CVE-2010-0426 CVE-2010-0427 | Version: | 5 |
| Platform(s): | Ubuntu 8.04 Ubuntu 8.10 Ubuntu 9.10 Ubuntu 6.06 Ubuntu 9.04 | Product(s): | sudo |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12440 | |||
| Oval ID: | oval:org.mitre.oval:def:12440 | ||
| Title: | VMware vmkernel third party e1000 Driver Packet Filter Bypass | ||
| Description: | drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel 2.6.32.3 and earlier handles Ethernet frames that exceed the MTU by processing certain trailing payload data as if it were a complete frame, which allows remote attackers to bypass packet filters via a large packet with a crafted payload. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-1385. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-4536 | Version: | 4 |
| Platform(s): | VMWare ESX Server 3.5 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:12486 | |||
| Oval ID: | oval:org.mitre.oval:def:12486 | ||
| Title: | USN-884-1 -- openssl vulnerability | ||
| Description: | It was discovered that OpenSSL did not correctly free unused memory in certain situations. A remote attacker could trigger this flaw in services that used SSL, causing the service to use all available system memory, leading to a denial of service. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-884-1 CVE-2009-4355 | Version: | 5 |
| Platform(s): | Ubuntu 8.04 Ubuntu 8.10 Ubuntu 9.10 Ubuntu 6.06 Ubuntu 9.04 | Product(s): | openssl |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12656 | |||
| Oval ID: | oval:org.mitre.oval:def:12656 | ||
| Title: | DSA-1958-1 libtool -- privilege escalation | ||
| Description: | It was discovered that ltdl, a system-independent dlopen wrapper for GNU libtool, can be tricked to load and run modules from an arbitrary directory, which might be used to execute arbitrary code with the privileges of the user running an application that uses libltdl. For the stable distribution, this problem has been fixed in version 1.5.26-4+lenny1. For the oldstable distribution, this problem has been fixed in version 1.5.22-4+etch1. For the testing distribution and unstable distribution, this problem has been fixed in 2.2.6b-1. We recommend that you upgrade your libtool packages. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1958-1 CVE-2009-3736 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 4.0 | Product(s): | libtool |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12783 | |||
| Oval ID: | oval:org.mitre.oval:def:12783 | ||
| Title: | DSA-1992-1 chrony -- several | ||
| Description: | Several vulnerabilities have been discovered in chrony, a pair of programs which are used to maintain the accuracy of the system clock on a computer. This issues are similar to the NTP security flaw CVE-2009-3563. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-0292 chronyd replies to all cmdmon packets with NOHOSTACCESS messages even for unauthorised hosts. An attacker can abuse this behaviour to force two chronyd instances to play packet ping-pong by sending such a packet with spoofed source address and port. This results in high CPU and network usage and thus denial of service conditions. CVE-2010-0293 The client logging facility of chronyd doesn't limit memory that is used to store client information. An attacker can cause chronyd to allocate large amounts of memory by sending NTP or cmdmon packets with spoofed source addresses resulting in memory exhaustion. CVE-2010-0294 chronyd lacks of a rate limit control to the syslog facility when logging received packets from unauthorised hosts. This allows an attacker to cause denial of service conditions via filling up the logs and thus disk space by repeatedly sending invalid cmdmon packets. For the oldstable distribution, this problem has been fixed in version 1.21z-5+etch1. For the stable distribution, this problem has been fixed in version 1.23-6+lenny1. For the testing and unstable distribution, this problem will be fixed soon. We recommend that you upgrade your chrony packages. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1992-1 CVE-2010-0292 CVE-2010-0293 CVE-2010-0294 CVE-2009-3563 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 4.0 | Product(s): | chrony |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12862 | |||
| Oval ID: | oval:org.mitre.oval:def:12862 | ||
| Title: | ESX third party update for Service Console kernel | ||
| Description: | Array index error in the gdth_read_event function in drivers/scsi/gdth.c in the Linux kernel before 2.6.32-rc8 allows local users to cause a denial of service or possibly gain privileges via a negative event index in an IOCTL request. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-3080 | Version: | 4 |
| Platform(s): | VMWare ESX Server 3.5 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:13115 | |||
| Oval ID: | oval:org.mitre.oval:def:13115 | ||
| Title: | DSA-2054-2 bind9 -- DNS cache poisoning | ||
| Description: | This update restores the PID file location for bind to the location before the last security update. For reference, here is the original advisory text that explains the security problems fixed: Several cache-poisoning vulnerabilities have been discovered in BIND. These vulnerabilities are apply only if DNSSEC validation is enabled and trust anchors have been installed, which is not the default. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-0097 BIND does not properly validate DNSSEC NSEC records, which allows remote attackers to add the Authenticated Data flag to a forged NXDOMAIN response for an existing domain. CVE-2010-0290 When processing crafted responses containing CNAME or DNAME records, BIND is subject to a DNS cache poisoning vulnerability, provided that DNSSEC validation is enabled and trust anchors have been installed. CVE-2010-0382 When processing certain responses containing out-of-bailiwick data, BIND is subject to a DNS cache poisoning vulnerability, provided that DNSSEC validation is enabled and trust anchors have been installed. In addition, this update introduce a more conservative query behavior in the presence of repeated DNSSEC validation failures, addressing the "roll over and die" phenomenon. The new version also supports the cryptographic algorithm used by the upcoming signed ICANN DNS root, and the NSEC3 secure denial of existence algorithm used by some signed top-level domains. This update is based on a new upstream version of BIND 9, 9.6-ESV-R1. Because of the scope of changes, extra care is recommended when installing the update. Due to ABI changes, new Debian packages are included, and the update has to be installed using "apt-get dist-upgrade". For the stable distribution, these problems have been fixed in version 1:9.6.ESV.R1+dfsg-0+lenny2. The unstable distribution is not affected by the wrong PID file location. We recommend that you upgrade your bind9 packages. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2054-2 CVE-2010-0097 CVE-2010-0290 CVE-2010-0382 | Version: | 7 |
| Platform(s): | Debian GNU/Linux 5.0 | Product(s): | bind9 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13187 | |||
| Oval ID: | oval:org.mitre.oval:def:13187 | ||
| Title: | DSA-2054-1 bind9 -- DNS cache poisoning | ||
| Description: | Several cache-poisoning vulnerabilities have been discovered in BIND. These vulnerabilities are apply only if DNSSEC validation is enabled and trust anchors have been installed, which is not the default. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-0097 BIND does not properly validate DNSSEC NSEC records, which allows remote attackers to add the Authenticated Data flag to a forged NXDOMAIN response for an existing domain. CVE-2010-0290 When processing crafted responses containing CNAME or DNAME records, BIND is subject to a DNS cache poisoning vulnerability, provided that DNSSEC validation is enabled and trust anchors have been installed. CVE-2010-0382 When processing certain responses containing out-of-bailiwick data, BIND is subject to a DNS cache poisoning vulnerability, provided that DNSSEC validation is enabled and trust anchors have been installed. In addition, this update introduce a more conservative query behavior in the presence of repeated DNSSEC validation failures, addressing the "roll over and die" phenomenon. The new version also supports the cryptographic algorithm used by the upcoming signed ICANN DNS root, and the NSEC3 secure denial of existence algorithm used by some signed top-level domains. This update is based on a new upstream version of BIND 9, 9.6-ESV-R1. Because of the scope of changes, extra care is recommended when installing the update. Due to ABI changes, new Debian packages are included, and the update has to be installed using "apt-get dist-upgrade". For the stable distribution, these problems have been fixed in version 1:9.6.ESV.R1+dfsg-0+lenny1. For the unstable distribution, these problems have been fixed in version 1:9.7.0.dfsg-1. We recommend that you upgrade your bind9 packages. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2054-1 CVE-2010-0097 CVE-2010-0290 CVE-2010-0382 | Version: | 7 |
| Platform(s): | Debian GNU/Linux 5.0 | Product(s): | bind9 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13226 | |||
| Oval ID: | oval:org.mitre.oval:def:13226 | ||
| Title: | ESX third party update for Service Console kernel | ||
| Description: | drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel 2.6.32.3 and earlier handles Ethernet frames that exceed the MTU by processing certain trailing payload data as if it were a complete frame, which allows remote attackers to bypass packet filters via a large packet with a crafted payload. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-1385. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-4536 | Version: | 4 |
| Platform(s): | VMWare ESX Server 3.5 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:13303 | |||
| Oval ID: | oval:org.mitre.oval:def:13303 | ||
| Title: | DSA-1970-1 openssl -- denial of service | ||
| Description: | It was discovered that a significant memory leak could occur in openssl, related to the reinitialisation of zlib. This could result in a remotely exploitable denial of service vulnerability when using the Apache httpd server in a configuration where mod_ssl, mod_php5, and the php5-curl extension are loaded. The old stable distribution is not affected by this issue. For the stable distribution, this problem has been fixed in version 0.9.8g-15+lenny6. The packages for the arm architecture are not included in this advisory. They will be released as soon as they become available. For the testing distribution and the unstable distribution, this problem will be fixed soon. The issue does not seem to be exploitable with the apache2 package contained in squeeze/sid. We recommend that you upgrade your openssl packages. You also need to restart your Apache httpd server to make sure it uses the updated libraries. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1970-1 CVE-2009-4355 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 5.0 | Product(s): | openssl |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:13325 | |||
| Oval ID: | oval:org.mitre.oval:def:13325 | ||
| Title: | USN-889-1 -- gzip vulnerabilities | ||
| Description: | It was discovered that gzip incorrectly handled certain malformed compressed files. If a user or automated system were tricked into opening a specially crafted gzip file, an attacker could cause gzip to crash or possibly execute arbitrary code with the privileges of the user invoking the program. Aki Helin discovered that gzip incorrectly handled certain malformed files compressed with the Lempel–Ziv–Welch algorithm. If a user or automated system were tricked into opening a specially crafted gzip file, an attacker could cause gzip to crash or possibly execute arbitrary code with the privileges of the user invoking the program | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-889-1 CVE-2009-2624 CVE-2010-0001 | Version: | 5 |
| Platform(s): | Ubuntu 8.04 Ubuntu 8.10 Ubuntu 9.10 Ubuntu 6.06 Ubuntu 9.04 | Product(s): | gzip |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13334 | |||
| Oval ID: | oval:org.mitre.oval:def:13334 | ||
| Title: | USN-928-1 -- sudo vulnerability | ||
| Description: | Valerio Costamagna discovered that sudo did not properly validate the path for the "sudoedit" pseudo-command when the PATH contained only a dot. If secure_path and ignore_dot were disabled, a local attacker could exploit this to execute arbitrary code as root if sudo was configured to allow the attacker to use sudoedit. By default, secure_path is used and the sudoedit pseudo-command is not used in Ubuntu. This is a different but related issue to CVE-2010-0426. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-928-1 CVE-2010-0426 | Version: | 5 |
| Platform(s): | Ubuntu 8.04 Ubuntu 8.10 Ubuntu 9.10 Ubuntu 6.06 Ubuntu 9.04 | Product(s): | sudo |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13351 | |||
| Oval ID: | oval:org.mitre.oval:def:13351 | ||
| Title: | DSA-1928-1 linux-2.6.24 -- privilege escalation/denial of service/sensitive memory leak | ||
| Description: | Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, sensitive memory leak or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-2846 Michael Buesch noticed a typing issue in the eisa-eeprom driver for the hppa architecture. Local users could exploit this issue to gain access to restricted memory. CVE-2009-2847 Ulrich Drepper noticed an issue in the do_sigalstack routine on 64-bit systems. This issue allows local users to gain access to potentially sensitive memory on the kernel stack. CVE-2009-2848 Eric Dumazet discovered an issue in the execve path, where the clear_child_tid variable was not being properly cleared. Local users could exploit this issue to cause a denial of service. CVE-2009-2849 Neil Brown discovered an issue in the sysfs interface to md devices. When md arrays are not active, local users can exploit this vulnerability to cause a denial of service. CVE-2009-2903 Mark Smith discovered a memory leak in the appletalk implementation. When the appletalk and ipddp modules are loaded, but no ipddp"N" device is found, remote attackers can cause a denial of service by consuming large amounts of system memory. CVE-2009-2908 Loic Minier discovered an issue in the eCryptfs filesystem. A local user can cause a denial of service by causing a dentry value to go negative. CVE-2009-2909 Arjan van de Ven discovered an issue in the AX.25 protocol implementation. A specially crafted call to setsockopt can result in a denial of service. CVE-2009-2910 Jan Beulich discovered the existence of a sensitive kernel memory leak. Systems running the "amd64" kernel do not properly sanitise registers for 32-bit processes. CVE-2009-3001 Jiri Slaby fixed a sensitive memory leak issue in the ANSI/IEEE 802.2 LLC implementation. This is not exploitable in the Debian lenny kernel as root privileges are required to exploit this issue. CVE-2009-3002 Eric Dumazet fixed several sensitive memory leaks in the IrDA, X.25 PLP, NET/ROM, Acorn Econet/AUN, and Controller Area Network implementations. Local users can exploit these issues to gain access to kernel memory. CVE-2009-3228 Eric Dumazet reported an instance of uninitialised kernel memory in the network packet scheduler. Local users may be able to exploit this issue to read the contents of sensitive kernel memory. CVE-2009-3238 Linus Torvalds provided a change to the get_random_int function to increase its randomness. CVE-2009-3286 Eric Paris discovered an issue with the NFSv4 server implementation. When an O_EXCL create fails, files may be left with corrupted permissions, possibly granting unintentional privileges to other local users. CVE-2009-3547 Earl Chew discovered a NULL pointer dereference issue in the pipe_rdwr_open function which can be used by local users to gain elevated privileges. CVE-2009-3612 Jiri Pirko discovered a typo in the initialisation of a structure in the netlink subsystem that may allow local users to gain access to sensitive kernel memory. CVE-2009-3613 Alistair Strachan reported an issue in the r8169 driver. Remote users can cause a denial of service by transmitting a large amount of jumbo frames. CVE-2009-3620 Ben Hutchings discovered an issue in the DRM manager for ATI Rage 128 graphics adapters. Local users may be able to exploit this vulnerability to cause a denial of service. CVE-2009-3621 Tomoki Sekiyama discovered a deadlock condition in the UNIX domain socket implementation. Local users can exploit this vulnerability to cause a denial of service. For the oldstable distribution, this problem has been fixed in version 2.6.24-6~etchnhalf.9etch1. We recommend that you upgrade your linux-2.6.24 packages. Note: Debian "etch" includes linux kernel packages based upon both the 2.6.18 and 2.6.24 linux releases. All known security issues are carefully tracked against both packages and both packages will receive security updates until security support for Debian "etch" concludes. However, given the high frequency at which low-severity security issues are discovered in the kernel and the resource requirements of doing an update, lower severity 2.6.18 and 2.6.24 updates will typically release in a staggered or "leap-frog" fashion. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1928-1 CVE-2009-2846 CVE-2009-2847 CVE-2009-2848 CVE-2009-2849 CVE-2009-2903 CVE-2009-2908 CVE-2009-2909 CVE-2009-2910 CVE-2009-3001 CVE-2009-3002 CVE-2009-3228 CVE-2009-3238 CVE-2009-3286 CVE-2009-3547 CVE-2009-3612 CVE-2009-3613 CVE-2009-3620 CVE-2009-3621 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 4.0 | Product(s): | linux-2.6.24 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13409 | |||
| Oval ID: | oval:org.mitre.oval:def:13409 | ||
| Title: | USN-830-1 -- openssl vulnerability | ||
| Description: | Dan Kaminsky discovered OpenSSL would still accept certificates with MD2 hash signatures. As a result, an attacker could potentially create a malicious trusted certificate to impersonate another site. This update handles this issue by completely disabling MD2 for certificate validation. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-830-1 CVE-2009-2409 | Version: | 5 |
| Platform(s): | Ubuntu 8.04 Ubuntu 9.04 Ubuntu 6.06 Ubuntu 8.10 | Product(s): | openssl |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13488 | |||
| Oval ID: | oval:org.mitre.oval:def:13488 | ||
| Title: | USN-867-1 -- ntp vulnerability | ||
| Description: | Robin Park and Dmitri Vinokurov discovered a logic error in ntpd. A remote attacker could send a crafted NTP mode 7 packet with a spoofed IP address of an affected server and cause a denial of service via CPU and disk resource consumption. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-867-1 CVE-2009-3563 | Version: | 5 |
| Platform(s): | Ubuntu 8.04 Ubuntu 8.10 Ubuntu 9.10 Ubuntu 6.06 Ubuntu 9.04 | Product(s): | ntp |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13583 | |||
| Oval ID: | oval:org.mitre.oval:def:13583 | ||
| Title: | DSA-2074-1 ncompress -- integer underflow | ||
| Description: | Aki Helin discovered an integer underflow in ncompress, the original Lempel-Ziv compress/uncompress programs. This could lead to the execution of arbitrary code when trying to decompress a crafted LZW compressed gzip archive. For the stable distribution, this problem has been fixed in version 4.2.4.2-1+lenny1. For the testing and unstable distribution, this problem has been fixed in version 4.2.4.3-1. We recommend that you upgrade your ncompress package. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2074-1 CVE-2010-0001 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 5.0 | Product(s): | ncompress |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13588 | |||
| Oval ID: | oval:org.mitre.oval:def:13588 | ||
| Title: | DSA-1915-1 linux-2.6 -- privilege escalation/denial of service/sensitive memory leak | ||
| Description: | Notice: Debian 5.0.4, the next point release of Debian "lenny", will include a new default value for the mmap_min_addr tunable. This change will add an additional safeguard against a class of security vulnerabilities known as "NULL pointer dereference" vulnerabilities, but it will need to be overridden when using certain applications. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-2695 Eric Paris provided several fixes to increase the protection provided by the mmap_min_addr tunable against NULL pointer dereference vulnerabilities. CVE-2009-2903 Mark Smith discovered a memory leak in the appletalk implementation. When the appletalk and ipddp modules are loaded, but no ipddp"N" device is found, remote attackers can cause a denial of service by consuming large amounts of system memory. CVE-2009-2908 Loic Minier discovered an issue in the eCryptfs filesystem. A local user can cause a denial of service by causing a dentry value to go negative. CVE-2009-2909 Arjan van de Ven discovered an issue in the AX.25 protocol implementation. A specially crafted call to setsockopt can result in a denial of service. CVE-2009-2910 Jan Beulich discovered the existence of a sensitive kernel memory leak. Systems running the "amd64" kernel do not properly sanitise registers for 32-bit processes. CVE-2009-3001 Jiri Slaby fixed a sensitive memory leak issue in the ANSI/IEEE 802.2 LLC implementation. This is not exploitable in the Debian lenny kernel as root privileges are required to exploit this issue. CVE-2009-3002 Eric Dumazet fixed several sensitive memory leaks in the IrDA, X.25 PLP, NET/ROM, Acorn Econet/AUN, and Controller Area Network implementations. Local users can exploit these issues to gain access to kernel memory. CVE-2009-3286 Eric Paris discovered an issue with the NFSv4 server implementation. When an O_EXCL create fails, files may be left with corrupted permissions, possibly granting unintentional privileges to other local users. CVE-2009-3290 Jan Kiszka noticed that the kvm_emulate_hypercall function in KVM does not prevent access to MMU hypercalls from ring 0, which allows local guest OS users to cause a denial of service and read or write guest kernel memory. CVE-2009-3613 Alistair Strachan reported an issue in the r8169 driver. Remote users can cause a denial of service by transmitting a large amount of jumbo frames. For the stable distribution, this problem has been fixed in version 2.6.26-19lenny1. For the oldstable distribution, these problems, where applicable, will be fixed in updates to linux-2.6 and linux-2.6.24. We recommend that you upgrade your linux-2.6 and user-mode-linux packages. Note: Debian carefully tracks all known security issues across every linux kernel package in all releases under active security support. However, given the high frequency at which low-severity security issues are discovered in the kernel and the resource requirements of doing an update, updates for lower priority issues will normally not be released for all kernels at the same time. Rather, they will be released in a staggered or "leap-frog" fashion. The following matrix lists additional source packages that were rebuilt for compatibility with or to take advantage of this update: Debian 5.0 user-mode-linux 2.6.26-1um-2+19lenny1 | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1915-1 CVE-2009-2695 CVE-2009-2903 CVE-2009-2908 CVE-2009-2909 CVE-2009-2910 CVE-2009-3001 CVE-2009-3002 CVE-2009-3286 CVE-2009-3290 CVE-2009-3613 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 5.0 | Product(s): | linux-2.6 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13721 | |||
| Oval ID: | oval:org.mitre.oval:def:13721 | ||
| Title: | DSA-1888-1 openssl, openssl097 -- cryptographic weakness | ||
| Description: | Certificates with MD2 hash signatures are no longer accepted by OpenSSL, since they’re no longer considered cryptographically secure. For the stable distribution, this problem has been fixed in version 0.9.8g-15+lenny5. For the old stable distribution, this problem has been fixed in version 0.9.8c-4etch9 for openssl and version 0.9.7k-3.1etch5 for openssl097. The OpenSSL 0.9.8 update for oldstable also provides updated packages for multiple denial of service vulnerabilities in the Datagram Transport Layer Security implementation. These fixes were already provided for Debian stable in a previous point update. The OpenSSL 0.9.7 package from oldstable is not affected. For the unstable distribution, this problem has been fixed in version 0.9.8k-5. We recommend that you upgrade your openssl packages. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1888-1 CVE-2009-2409 CVE-2009-1377 CVE-2009-1378 CVE-2009-1379 CVE-2009-1386 CVE-2009-1387 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 4.0 | Product(s): | openssl openssl097 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13737 | |||
| Oval ID: | oval:org.mitre.oval:def:13737 | ||
| Title: | DSA-1874-1 nss -- several | ||
| Description: | Several vulnerabilities have been discovered in the Network Security Service libraries. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-2404 Moxie Marlinspike discovered that a buffer overflow in the regular expression parser could lead to the execution of arbitrary code. CVE-2009-2408 Dan Kaminsky discovered that NULL characters in certificate names could lead to man-in-the-middle attacks by tricking the user into accepting a rogue certificate. CVE-2009-2409 Certificates with MD2 hash signatures are no longer accepted since they’re no longer considered cryptographically secure. The old stable distribution doesn’t contain nss. For the stable distribution, these problems have been fixed in version 3.12.3.1-0lenny1. For the unstable distribution, these problems have been fixed in version 3.12.3.1-1. We recommend that you upgrade your nss packages. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1874-1 CVE-2009-2404 CVE-2009-2408 CVE-2009-2409 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 5.0 | Product(s): | nss |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13751 | |||
| Oval ID: | oval:org.mitre.oval:def:13751 | ||
| Title: | DSA-1763-1 openssl -- programming error | ||
| Description: | It was discovered that insufficient length validations in the ASN.1 handling of the OpenSSL crypto library may lead to denial of service when processing a manipulated certificate. For the old stable distribution, this problem has been fixed in version 0.9.8c-4etch5 of the openssl package and in version 0.9.7k-3.1etch3 of the openssl097 package. For the stable distribution, this problem has been fixed in version 0.9.8g-15+lenny1. For the unstable distribution, this problem has been fixed in version 0.9.8g-16. We recommend that you upgrade your openssl packages. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1763-1 CVE-2009-0590 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 4.0 | Product(s): | openssl |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13780 | |||
| Oval ID: | oval:org.mitre.oval:def:13780 | ||
| Title: | USN-810-2 -- nspr update | ||
| Description: | USN-810-1 fixed vulnerabilities in NSS. This update provides the NSPR needed to use the new NSS. Original advisory details: Moxie Marlinspike discovered that NSS did not properly handle regular expressions in certificate names. A remote attacker could create a specially crafted certificate to cause a denial of service or execute arbitrary code as the user invoking the program. Moxie Marlinspike and Dan Kaminsky independently discovered that NSS did not properly handle certificates with NULL characters in the certificate name. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. Dan Kaminsky discovered NSS would still accept certificates with MD2 hash signatures. As a result, an attacker could potentially create a malicious trusted certificate to impersonate another site | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-810-2 CVE-2009-2404 CVE-2009-2408 CVE-2009-2409 | Version: | 5 |
| Platform(s): | Ubuntu 8.10 Ubuntu 8.04 Ubuntu 9.04 | Product(s): | nspr |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13799 | |||
| Oval ID: | oval:org.mitre.oval:def:13799 | ||
| Title: | USN-750-1 -- openssl vulnerability | ||
| Description: | It was discovered that OpenSSL did not properly validate the length of an encoded BMPString or UniversalString when printing ASN.1 strings. If a user or automated system were tricked into processing a crafted certificate, an attacker could cause a denial of service via application crash in applications linked against OpenSSL. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-750-1 CVE-2009-0590 | Version: | 5 |
| Platform(s): | Ubuntu 7.10 Ubuntu 8.04 Ubuntu 6.06 Ubuntu 8.10 | Product(s): | openssl |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13850 | |||
| Oval ID: | oval:org.mitre.oval:def:13850 | ||
| Title: | USN-810-1 -- nss vulnerabilities | ||
| Description: | Moxie Marlinspike discovered that NSS did not properly handle regular expressions in certificate names. A remote attacker could create a specially crafted certificate to cause a denial of service or execute arbitrary code as the user invoking the program. Moxie Marlinspike and Dan Kaminsky independently discovered that NSS did not properly handle certificates with NULL characters in the certificate name. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. Dan Kaminsky discovered NSS would still accept certificates with MD2 hash signatures. As a result, an attacker could potentially create a malicious trusted certificate to impersonate another site | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-810-1 CVE-2009-2404 CVE-2009-2408 CVE-2009-2409 | Version: | 5 |
| Platform(s): | Ubuntu 8.10 Ubuntu 8.04 Ubuntu 9.04 | Product(s): | nss |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13891 | |||
| Oval ID: | oval:org.mitre.oval:def:13891 | ||
| Title: | USN-792-1 -- openssl vulnerabilities | ||
| Description: | It was discovered that OpenSSL did not limit the number of DTLS records it would buffer when they arrived with a future epoch. A remote attacker could cause a denial of service via memory resource consumption by sending a large number of crafted requests. It was discovered that OpenSSL did not properly free memory when processing DTLS fragments. A remote attacker could cause a denial of service via memory resource consumption by sending a large number of crafted requests. It was discovered that OpenSSL did not properly handle certain server certificates when processing DTLS packets. A remote DTLS server could cause a denial of service by sending a message containing a specially crafted server certificate. It was discovered that OpenSSL did not properly handle a DTLS ChangeCipherSpec packet when it occured before ClientHello. A remote attacker could cause a denial of service by sending a specially crafted request. It was discovered that OpenSSL did not properly handle out of sequence DTLS handshake messages. A remote attacker could cause a denial of service by sending a specially crafted request | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-792-1 CVE-2009-1377 CVE-2009-1378 CVE-2009-1379 CVE-2009-1386 CVE-2009-1387 | Version: | 5 |
| Platform(s): | Ubuntu 8.04 Ubuntu 9.04 Ubuntu 6.06 Ubuntu 8.10 | Product(s): | openssl |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:17673 | |||
| Oval ID: | oval:org.mitre.oval:def:17673 | ||
| Title: | DSA-1948-1 ntp - denial of service | ||
| Description: | Robin Park and Dmitri Vinokurov discovered that the daemon component of the ntp package, a reference implementation of the NTP protocol, is not properly reacting to certain incoming packets. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1948-1 CVE-2009-3563 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 4.0 Debian GNU/Linux 5.0 | Product(s): | ntp |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:18169 | |||
| Oval ID: | oval:org.mitre.oval:def:18169 | ||
| Title: | DSA-2006-1 sudo - several vulnerabilities | ||
| Description: | Several vulnerabilities have been discovered in sudo, a program designed to allow a sysadmin to give limited root privileges to users. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2006-1 CVE-2010-0426 CVE-2010-0427 | Version: | 7 |
| Platform(s): | Debian GNU/Linux 5.0 | Product(s): | sudo |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:19376 | |||
| Oval ID: | oval:org.mitre.oval:def:19376 | ||
| Title: | HP-UX Running XNTP, Remote Denial of Service (DoS) and Execution of Arbitrary Code | ||
| Description: | ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-3563 | Version: | 9 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19668 | |||
| Oval ID: | oval:org.mitre.oval:def:19668 | ||
| Title: | VMware hosted product updates, ESX patches and VI Client update resolve multiple security issues | ||
| Description: | drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel 2.6.32.3 and earlier handles Ethernet frames that exceed the MTU by processing certain trailing payload data as if it were a complete frame, which allows remote attackers to bypass packet filters via a large packet with a crafted payload. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-1385. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-4536 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 VMWare ESX Server 3.5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19879 | |||
| Oval ID: | oval:org.mitre.oval:def:19879 | ||
| Title: | Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
| Description: | pam_krb5 2.2.14 through 2.3.4, as used in Red Hat Enterprise Linux (RHEL) 5, generates different password prompts depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-1384 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.1 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20189 | |||
| Oval ID: | oval:org.mitre.oval:def:20189 | ||
| Title: | VMware hosted product updates, ESX patches and VI Client update resolve multiple security issues | ||
| Description: | Array index error in the gdth_read_event function in drivers/scsi/gdth.c in the Linux kernel before 2.6.32-rc8 allows local users to cause a denial of service or possibly gain privileges via a negative event index in an IOCTL request. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-3080 | Version: | 4 |
| Platform(s): | VMWare ESX Server 3.5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20476 | |||
| Oval ID: | oval:org.mitre.oval:def:20476 | ||
| Title: | Multiple vulnerabilities in AIX BIND | ||
| Description: | ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta does not properly validate DNSSEC (1) NSEC and (2) NSEC3 records, which allows remote attackers to add the Authenticated Data (AD) flag to a forged NXDOMAIN response for an existing domain. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-0097 | Version: | 6 |
| Platform(s): | IBM AIX 6.1 IBM AIX 7.1 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20762 | |||
| Oval ID: | oval:org.mitre.oval:def:20762 | ||
| Title: | Multiple vulnerabilities in AIX BIND | ||
| Description: | ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta handles out-of-bailiwick data accompanying a secure response without re-fetching from the original source, which allows remote attackers to have an unspecified impact via a crafted response, aka Bug 20819. NOTE: this vulnerability exists because of a regression during the fix for CVE-2009-4022. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-0382 | Version: | 6 |
| Platform(s): | IBM AIX 6.1 IBM AIX 7.1 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21237 | |||
| Oval ID: | oval:org.mitre.oval:def:21237 | ||
| Title: | RHSA-2010:0258: pam_krb5 security and bug fix update (Low) | ||
| Description: | pam_krb5 2.2.14 through 2.3.4, as used in Red Hat Enterprise Linux (RHEL) 5, generates different password prompts depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2010:0258-04 CVE-2009-1384 | Version: | 4 |
| Platform(s): | Red Hat Enterprise Linux 5 | Product(s): | pam_krb5 |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:21755 | |||
| Oval ID: | oval:org.mitre.oval:def:21755 | ||
| Title: | RHSA-2010:0029: krb5 security update (Critical) | ||
| Description: | Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by providing ciphertext with a length that is too short to be valid. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2010:0029-02 CESA-2010:0029 CVE-2009-4212 | Version: | 4 |
| Platform(s): | Red Hat Enterprise Linux 3 Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | krb5 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21777 | |||
| Oval ID: | oval:org.mitre.oval:def:21777 | ||
| Title: | RHSA-2010:0046: kernel security and bug fix update (Important) | ||
| Description: | A certain Red Hat patch for net/ipv4/route.c in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5 allows remote attackers to cause a denial of service (deadlock) via crafted packets that force collisions in the IPv4 routing hash table, and trigger a routing "emergency" in which a hash chain is too long. NOTE: this is related to an issue in the Linux kernel before 2.6.31, when the kernel routing cache is disabled, involving an uninitialized pointer and a panic. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2010:0046-01 CESA-2010:0046 CVE-2006-6304 CVE-2009-2910 CVE-2009-3080 CVE-2009-3556 CVE-2009-3889 CVE-2009-3939 CVE-2009-4020 CVE-2009-4021 CVE-2009-4138 CVE-2009-4141 CVE-2009-4272 | Version: | 146 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | kernel |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21795 | |||
| Oval ID: | oval:org.mitre.oval:def:21795 | ||
| Title: | RHSA-2010:0054: openssl security update (Moderate) | ||
| Description: | Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2010:0054-01 CESA-2010:0054 CVE-2009-2409 CVE-2009-4355 | Version: | 29 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | openssl |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21912 | |||
| Oval ID: | oval:org.mitre.oval:def:21912 | ||
| Title: | RHSA-2010:0062: bind security update (Moderate) | ||
| Description: | ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta handles out-of-bailiwick data accompanying a secure response without re-fetching from the original source, which allows remote attackers to have an unspecified impact via a crafted response, aka Bug 20819. NOTE: this vulnerability exists because of a regression during the fix for CVE-2009-4022. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2010:0062-02 CESA-2010:0062 CVE-2010-0097 CVE-2010-0290 CVE-2010-0382 | Version: | 42 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | bind |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22119 | |||
| Oval ID: | oval:org.mitre.oval:def:22119 | ||
| Title: | RHSA-2010:0122: sudo security update (Important) | ||
| Description: | sudo 1.6.x before 1.6.9p21, when the runas_default option is used, does not properly set group memberships, which allows local users to gain privileges via a sudo command. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2010:0122-01 CESA-2010:0122 CVE-2010-0426 CVE-2010-0427 | Version: | 29 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | sudo |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:22121 | |||
| Oval ID: | oval:org.mitre.oval:def:22121 | ||
| Title: | RHSA-2010:0061: gzip security update (Moderate) | ||
| Description: | Integer underflow in the unlzw function in unlzw.c in gzip before 1.4 on 64-bit platforms, as used in ncompress and probably others, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted archive that uses LZW compression, leading to an array index error. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2010:0061-02 CESA-2010:0061 CVE-2010-0001 | Version: | 4 |
| Platform(s): | Red Hat Enterprise Linux 3 Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | gzip |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:22412 | |||
| Oval ID: | oval:org.mitre.oval:def:22412 | ||
| Title: | ELSA-2009:1186: nspr and nss security, bug fix, and enhancement update (Critical) | ||
| Description: | The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2009:1186-01 CVE-2009-2404 CVE-2009-2408 CVE-2009-2409 | Version: | 17 |
| Platform(s): | Oracle Linux 5 | Product(s): | nspr nss |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22749 | |||
| Oval ID: | oval:org.mitre.oval:def:22749 | ||
| Title: | ELSA-2010:0062: bind security update (Moderate) | ||
| Description: | ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta handles out-of-bailiwick data accompanying a secure response without re-fetching from the original source, which allows remote attackers to have an unspecified impact via a crafted response, aka Bug 20819. NOTE: this vulnerability exists because of a regression during the fix for CVE-2009-4022. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2010:0062-02 CVE-2010-0097 CVE-2010-0290 CVE-2010-0382 | Version: | 17 |
| Platform(s): | Oracle Linux 5 | Product(s): | bind |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22755 | |||
| Oval ID: | oval:org.mitre.oval:def:22755 | ||
| Title: | ELSA-2009:1335: openssl security, bug fix, and enhancement update (Moderate) | ||
| Description: | The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL before 1.0.0 Beta 2 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence DTLS handshake message, related to a "fragment bug." | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2009:1335-02 CVE-2006-7250 CVE-2009-0590 CVE-2009-1377 CVE-2009-1378 CVE-2009-1379 CVE-2009-1386 CVE-2009-1387 | Version: | 33 |
| Platform(s): | Oracle Linux 5 | Product(s): | openssl |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:22869 | |||
| Oval ID: | oval:org.mitre.oval:def:22869 | ||
| Title: | ELSA-2010:0029: krb5 security update (Critical) | ||
| Description: | Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by providing ciphertext with a length that is too short to be valid. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2010:0029-02 CVE-2009-4212 | Version: | 6 |
| Platform(s): | Oracle Linux 5 | Product(s): | krb5 |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:22987 | |||
| Oval ID: | oval:org.mitre.oval:def:22987 | ||
| Title: | ELSA-2010:0054: openssl security update (Moderate) | ||
| Description: | Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2010:0054-01 CVE-2009-2409 CVE-2009-4355 | Version: | 13 |
| Platform(s): | Oracle Linux 5 | Product(s): | openssl |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:23003 | |||
| Oval ID: | oval:org.mitre.oval:def:23003 | ||
| Title: | ELSA-2010:0061: gzip security update (Moderate) | ||
| Description: | Integer underflow in the unlzw function in unlzw.c in gzip before 1.4 on 64-bit platforms, as used in ncompress and probably others, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted archive that uses LZW compression, leading to an array index error. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2010:0061-02 CVE-2010-0001 | Version: | 6 |
| Platform(s): | Oracle Linux 5 | Product(s): | gzip |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:23008 | |||
| Oval ID: | oval:org.mitre.oval:def:23008 | ||
| Title: | ELSA-2009:1646: libtool security update (Moderate) | ||
| Description: | ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2009:1646-01 CVE-2009-3736 | Version: | 6 |
| Platform(s): | Oracle Linux 5 | Product(s): | libtool |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:23033 | |||
| Oval ID: | oval:org.mitre.oval:def:23033 | ||
| Title: | ELSA-2009:1648: ntp security update (Moderate) | ||
| Description: | ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2009:1648-01 CVE-2009-3563 | Version: | 6 |
| Platform(s): | Oracle Linux 5 | Product(s): | ntp |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:23055 | |||
| Oval ID: | oval:org.mitre.oval:def:23055 | ||
| Title: | ELSA-2010:0258: pam_krb5 security and bug fix update (Low) | ||
| Description: | pam_krb5 2.2.14 through 2.3.4, as used in Red Hat Enterprise Linux (RHEL) 5, generates different password prompts depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2010:0258-04 CVE-2009-1384 | Version: | 6 |
| Platform(s): | Oracle Linux 5 | Product(s): | pam_krb5 |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:23056 | |||
| Oval ID: | oval:org.mitre.oval:def:23056 | ||
| Title: | ELSA-2010:0122: sudo security update (Important) | ||
| Description: | sudo 1.6.x before 1.6.9p21, when the runas_default option is used, does not properly set group memberships, which allows local users to gain privileges via a sudo command. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2010:0122-01 CVE-2010-0426 CVE-2010-0427 | Version: | 13 |
| Platform(s): | Oracle Linux 5 | Product(s): | sudo |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:24227 | |||
| Oval ID: | oval:org.mitre.oval:def:24227 | ||
| Title: | Vulnerability in OpenSSL 0.9.8k and earlier 0.9.8 versions, allows remote attackers to cause a denial of service (memory consumption) | ||
| Description: | The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allows remote attackers to cause a denial of service (memory consumption) via a large series of "future epoch" DTLS records that are buffered in a queue, aka "DTLS record buffer limitation bug." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-1377 | Version: | 3 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | OpenSSL |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24700 | |||
| Oval ID: | oval:org.mitre.oval:def:24700 | ||
| Title: | Vulnerability in OpenSSL before 1.0.0 Beta 2, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) | ||
| Description: | The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL before 1.0.0 Beta 2 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence DTLS handshake message, related to a "fragment bug." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-1387 | Version: | 3 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | OpenSSL |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:25108 | |||
| Oval ID: | oval:org.mitre.oval:def:25108 | ||
| Title: | Vulnerability in OpenSSL before 0.9.8i, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) | ||
| Description: | ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a DTLS ChangeCipherSpec packet that occurs before ClientHello. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-1386 | Version: | 3 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | OpenSSL |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:25119 | |||
| Oval ID: | oval:org.mitre.oval:def:25119 | ||
| Title: | Vulnerability in OpenSSL 1.0.0 Beta 2, allows remote attackers to cause a denial of service (openssl s_client crash) | ||
| Description: | Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote attackers to cause a denial of service (openssl s_client crash) and possibly have unspecified other impact via a DTLS packet, as demonstrated by a packet from a server that uses a crafted server certificate. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-1379 | Version: | 3 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | OpenSSL |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:25124 | |||
| Oval ID: | oval:org.mitre.oval:def:25124 | ||
| Title: | Vulnerability in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4, allows remote attackers to cause a denial of service (memory consumption) | ||
| Description: | Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-4355 | Version: | 3 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | OpenSSL |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:25180 | |||
| Oval ID: | oval:org.mitre.oval:def:25180 | ||
| Title: | Vulnerability in OpenSSL 0.9.8 through 0.9.8k, might allow remote attackers to spoof certificates | ||
| Description: | The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-2409 | Version: | 4 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | OpenSSL |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:25196 | |||
| Oval ID: | oval:org.mitre.oval:def:25196 | ||
| Title: | Vulnerability in OpenSSL before 0.9.8k, allows remote attackers to cause a denial of service (invalid memory access and application crash) | ||
| Description: | The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1) BMPString or (2) UniversalString with an invalid encoded length. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-0590 | Version: | 3 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | OpenSSL |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:27558 | |||
| Oval ID: | oval:org.mitre.oval:def:27558 | ||
| Title: | DEPRECATED: ELSA-2010-0258 -- pam_krb5 security and bug fix update (low) | ||
| Description: | [2.2.14-15] - update backport for selecting which key to use for validation so that it prefers services with the local host name as the instance, from HEAD (more of #450776) [2.2.14-14] - backport the 'multiple_ccaches' option from HEAD, requiring that it be enabled to not immediately remove an old ccache when asked to create a new one (#463417) [2.2.14-13] - add patch to add the 'chpw_prompt' option, to allow the older behavior of attempting a password-change during authentication if libkrb5 detects an expired password, based on patch from Olivier Fourdan (#509092) [2.2.14-12] - dont vary the password prompt depending on whether or not the user exists or is known to the KDC (CVE-2009-1384, #505265) - prefer using the 'host' service when verifying that a TGT isnt forged, from HEAD (#450776) [2.2.14-11] - dont enforce minimum_uid when no_user_check is also used, from HEAD (#490404) - dont try to get password-changing creds with all of the flags set that we would request for a TGT (#489015) | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2010-0258 CVE-2009-1384 | Version: | 4 |
| Platform(s): | Oracle Linux 5 | Product(s): | pam_krb5 |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:27615 | |||
| Oval ID: | oval:org.mitre.oval:def:27615 | ||
| Title: | DEPRECATED: ELSA-2010-0046 -- kernel security and bug fix update (important) | ||
| Description: | [2.6.18-164.11.1.0.1.el5] - [xen] check to see if hypervisor supports memory reservation change (Chuck Anderson) [orabug 7556514] - Add entropy support to igb ( John Sobecki) [orabug 7607479] - [nfs] convert ENETUNREACH to ENOTCONN [orabug 7689332] - [NET] Add xen pv/bonding netconsole support (Tina yang) [orabug 6993043] [bz 7258] - [MM] shrink zone patch (John Sobecki,Chris Mason) [orabug 6086839] - fix aacraid not to reset during kexec (Joe Jin) [orabug 8516042] - [nfsd] fix failure of file creation from hpux client (Wen gang Wang) [orabug 7579314] - FP register state is corrupted during the handling a SIGSEGV (Chuck Anderson) [orabug 7708133] [2.6.18-164.11.1.el5] - [firewire] ohci: handle receive packets with zero data (Jay Fenlason) [547241 547242] {CVE-2009-4138} - [x86] sanity check for AMD northbridges (Andrew Jones) [549905 547518] - [x86_64] disable vsyscall in kvm guests (Glauber Costa) [550968 542612] - [fs] ext3: replace lock_super with explicit resize lock (Eric Sandeen) [549908 525100] - [fs] respect flag in do_coredump (Danny Feng) [544188 544189] {CVE-2009-4036} - [gfs2] make O_APPEND behave as expected (Steven Whitehouse) [547521 544342] - [fs] hfs: fix a potential buffer overflow (Amerigo Wang) [540740 540741] {CVE-2009-4020} - [fuse] prevent fuse_put_request on invalid pointer (Danny Feng) [538736 538737] {CVE-2009-4021} - [mm] call vfs_check_frozen after unlocking the spinlock (Amerigo Wang) [548370 541956] - [infiniband] init neigh->dgid.raw on bonding events (Doug Ledford) [543448 538067] - [scsi] gdth: prevent negative offsets in ioctl (Amerigo Wang) [539420 539421] {CVE-2009-3080} - [fs] gfs2: fix glock ref count issues (Steven Whitehouse) [544978 539240] - [net] call cond_resched in rt_run_flush (Amerigo Wang) [547530 517588] - [scsi] megaraid: fix sas permissions in sysfs (Casey Dahlin) [537312 537313] {CVE-2009-3889 CVE-2009-3939} - [ia64] kdump: restore registers in the stack on init (Takao Indoh ) [542582 515753] - [x86] kvm: don't ask HV for tsc khz if not using kvmclock (Glauber Costa ) [537027 531268] - [net] sched: fix panic in bnx2_poll_work (John Feeney ) [539686 526481] - [x86_64] fix 32-bit process register leak (Amerigo Wang ) [526797 526798] - [cpufreq] add option to avoid smi while calibrating (Matthew Garrett ) [537343 513649] - [kvm] use upstream kvm_get_tsc_khz (Glauber Costa ) [540896 531025] - [net] fix unbalance rtnl locking in rt_secret_reschedule (Neil Horman ) [549907 510067] - [net] r8169: imporved rx length check errors (Neil Horman ) [552913 552438] - [scsi] lpfc: fix FC ports offlined during target controller faults (Rob Evers ) [549906 516541] - [net] emergency route cache flushing fixes (Thomas Graf ) [545662 545663] {CVE-2009-4272} - [fs] fasync: split 'fasync_helper()' into separate add/remove functions (Danny Feng ) [548656 548657] {CVE-2009-4141} - [scsi] qla2xxx: NPIV vport management pseudofiles are world writable (Tom Coughlan ) [537317 537318] {CVE-2009-3556} | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2010-0046 CVE-2009-3889 CVE-2009-3939 CVE-2009-4020 CVE-2009-4021 CVE-2009-4138 CVE-2009-4141 CVE-2009-4272 CVE-2009-2910 CVE-2009-3080 CVE-2009-3556 CVE-2006-6304 | Version: | 4 |
| Platform(s): | Oracle Linux 5 | Product(s): | kernel |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:28008 | |||
| Oval ID: | oval:org.mitre.oval:def:28008 | ||
| Title: | DEPRECATED: ELSA-2010-0062 -- bind security update (moderate) | ||
| Description: | [30:9.3.6-4.P1.2] - NSEC validation code could cause wrong NXDOMAIN responses (#554851, CVE-2010-0097) - improve fix for CVE-2009-4022 (#538744) - {C,D}NAMEs could be returned to clients without proper DNSSEC validation - don't validate + cache out-of-bailiwick data returned with a secure answer. Refetch it instead. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2010-0062 CVE-2010-0097 CVE-2010-0290 CVE-2010-0382 | Version: | 4 |
| Platform(s): | Oracle Linux 5 | Product(s): | bind |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:28253 | |||
| Oval ID: | oval:org.mitre.oval:def:28253 | ||
| Title: | DEPRECATED: ELSA-2010-0054 -- openssl security update (moderate) | ||
| Description: | [0.9.8e-12.1] - fix CVE-2009-2409 - drop MD2 algorithm from EVP tables (#510197) - fix CVE-2009-4355 - do not leak memory when CRYPTO_cleanup_all_ex_data() is called prematurely by application (#546707) | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2010-0054 CVE-2009-4355 CVE-2009-2409 | Version: | 4 |
| Platform(s): | Oracle Linux 5 | Product(s): | openssl |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:28255 | |||
| Oval ID: | oval:org.mitre.oval:def:28255 | ||
| Title: | DEPRECATED: ELSA-2010-0019 -- kernel security update (important) | ||
| Description: | [2.6.18-164.10.1.0.1.el5] - [xen] check to see if hypervisor supports memory reservation change (Chuck Anderson) [orabug 7556514] - Add entropy support to igb ( John Sobecki) [orabug 7607479] - [nfs] convert ENETUNREACH to ENOTCONN [orabug 7689332] - [NET] Add xen pv/bonding netconsole support (Tina yang) [orabug 6993043] [bz 7258] - [MM] shrink zone patch (John Sobecki,Chris Mason) [orabug 6086839] - fix aacraid not to reset during kexec (Joe Jin) [orabug 8516042] - [nfsd] fix failure of file creation from hpux client (Wen gang Wang) [orabug 7579314] - FP register state is corrupted during the handling a SIGSEGV (Chuck Anderson) [orabug 7708133] [2.6.18-164.10.1.el5] - [net] e1000, r9169: fix rx length check errors (Cong Wang ) [550914 550915] - [net] e1000e: fix rx length check errors (Amerigo Wang ) [551222 551223] - [net] ipv6: fix ipv6_hop_jumbo remote system crash (Amerigo Wang ) [548642 548643] {CVE-2007-4567} | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2010-0019 CVE-2007-4567 CVE-2009-4536 CVE-2009-4537 CVE-2009-4538 | Version: | 4 |
| Platform(s): | Oracle Linux 5 | Product(s): | kernel |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:28287 | |||
| Oval ID: | oval:org.mitre.oval:def:28287 | ||
| Title: | DEPRECATED: ELSA-2010-0122 -- sudo security update (important) | ||
| Description: | [1.6.9p17-6] - added patches for CVE-2010-0426 and CVE-2010-0427 Resolves: #567689 | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2010-0122 CVE-2010-0426 CVE-2010-0427 | Version: | 4 |
| Platform(s): | Oracle Linux 5 | Product(s): | sudo |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:28749 | |||
| Oval ID: | oval:org.mitre.oval:def:28749 | ||
| Title: | RHSA-2009:1335 -- openssl security, bug fix, and enhancement update (Moderate) | ||
| Description: | Updated openssl packages that fix several security issues, various bugs, and add enhancements are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength general purpose cryptography library. Datagram TLS (DTLS) is a protocol based on TLS that is capable of securing datagram transport (for example, UDP). | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2009:1335 CESA-2009:1335-CentOS 5 CVE-2006-7250 CVE-2009-0590 CVE-2009-1377 CVE-2009-1378 CVE-2009-1379 CVE-2009-1386 CVE-2009-1387 | Version: | 3 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | openssl |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:28862 | |||
| Oval ID: | oval:org.mitre.oval:def:28862 | ||
| Title: | RHSA-2009:1670 -- kernel security and bug fix update (Important) | ||
| Description: | Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2009:1670 CESA-2009:1670-CentOS 5 CVE-2009-3612 CVE-2009-3620 CVE-2009-3621 CVE-2009-3726 | Version: | 3 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | kernel |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:29071 | |||
| Oval ID: | oval:org.mitre.oval:def:29071 | ||
| Title: | USN-810-3 -- NSS regression | ||
| Description: | USN-810-1 fixed vulnerabilities in NSS. Jozsef Kadlecsik noticed that the new libraries on amd64 did not correctly set stack memory flags, and caused applications using NSS (e.g. Firefox) to have an executable stack. This reduced the effectiveness of some defensive security protections. This update fixes the problem. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-810-3 CVE-2009-2404 CVE-2009-2408 CVE-2009-2409 | Version: | 3 |
| Platform(s): | Ubuntu 9.04 Ubuntu 8.10 Ubuntu 8.04 | Product(s): | nss |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:29169 | |||
| Oval ID: | oval:org.mitre.oval:def:29169 | ||
| Title: | RHSA-2009:1186 -- nspr and nss security, bug fix, and enhancement update (Critical) | ||
| Description: | Updated nspr and nss packages that fix security issues, bugs, and add an enhancement are now available for Red Hat Enterprise Linux 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2009:1186 CVE-2009-2404 CVE-2009-2408 CVE-2009-2409 | Version: | 3 |
| Platform(s): | Red Hat Enterprise Linux 5 | Product(s): | nspr nss |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:29266 | |||
| Oval ID: | oval:org.mitre.oval:def:29266 | ||
| Title: | RHSA-2009:1648 -- ntp security update (Moderate) | ||
| Description: | An updated ntp package that fixes a security issue is now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2009:1648 CESA-2009:1648-CentOS 5 CVE-2009-3563 | Version: | 3 |
| Platform(s): | Red Hat Enterprise Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | ntp |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:29269 | |||
| Oval ID: | oval:org.mitre.oval:def:29269 | ||
| Title: | RHSA-2009:1548 -- kernel security and bug fix update (Important) | ||
| Description: | Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2009:1548 CESA-2009:1548-CentOS 5 CVE-2009-2695 CVE-2009-2908 CVE-2009-3228 CVE-2009-3286 CVE-2009-3547 CVE-2009-3613 | Version: | 3 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | kernel |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:29283 | |||
| Oval ID: | oval:org.mitre.oval:def:29283 | ||
| Title: | RHSA-2009:1646 -- libtool security update (Moderate) | ||
| Description: | Updated libtool packages that fix one security issue are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2009:1646 CESA-2009:1646-CentOS 3 CESA-2009:1646-CentOS 5 CVE-2009-3736 | Version: | 3 |
| Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 3 CentOS Linux 5 | Product(s): | libtool |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:6631 | |||
| Oval ID: | oval:org.mitre.oval:def:6631 | ||
| Title: | Network Security Services Library Supports Certificates With Weak MD2 Hash Signatures | ||
| Description: | The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-2409 | Version: | 5 |
| Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:6636 | |||
| Oval ID: | oval:org.mitre.oval:def:6636 | ||
| Title: | Linux Kernel 'nfs4_proc_lock()' Local Denial of Service Vulnerability | ||
| Description: | The nfs4_proc_lock function in fs/nfs/nfs4proc.c in the NFSv4 client in the Linux kernel before 2.6.31-rc4 allows remote NFS servers to cause a denial of service (NULL pointer dereference and panic) by sending a certain response containing incorrect file attributes, which trigger attempted use of an open file that lacks NFSv4 state. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-3726 | Version: | 5 |
| Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:6665 | |||
| Oval ID: | oval:org.mitre.oval:def:6665 | ||
| Title: | HP-UX Running BIND, Remote Denial of Service (DoS), Unauthorized Disclosure of Information | ||
| Description: | ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta handles out-of-bailiwick data accompanying a secure response without re-fetching from the original source, which allows remote attackers to have an unspecified impact via a crafted response, aka Bug 20819. NOTE: this vulnerability exists because of a regression during the fix for CVE-2009-4022. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-0382 | Version: | 6 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:6678 | |||
| Oval ID: | oval:org.mitre.oval:def:6678 | ||
| Title: | OpenSSL 'zlib' Compression Memory Leak Remote Denial of Service Vulnerability | ||
| Description: | Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-4355 | Version: | 5 |
| Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:6683 | |||
| Oval ID: | oval:org.mitre.oval:def:6683 | ||
| Title: | OpenSSL DTLS Packets Multiple Denial of Service Vulnerabilities | ||
| Description: | The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allows remote attackers to cause a denial of service (memory consumption) via a large series of "future epoch" DTLS records that are buffered in a queue, aka "DTLS record buffer limitation bug." | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-1377 | Version: | 5 |
| Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:6744 | |||
| Oval ID: | oval:org.mitre.oval:def:6744 | ||
| Title: | Red Hat Linux Kernel 'qla2xxx' DriverSecurity Bypass Vulnerability | ||
| Description: | A certain Red Hat configuration step for the qla2xxx driver in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5, when N_Port ID Virtualization (NPIV) hardware is used, sets world-writable permissions for the (1) vport_create and (2) vport_delete files under /sys/class/scsi_host/, which allows local users to make arbitrary changes to SCSI host attributes by modifying these files. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-3556 | Version: | 5 |
| Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:6750 | |||
| Oval ID: | oval:org.mitre.oval:def:6750 | ||
| Title: | hfs Subsystem Stack-based Buffer Overflow Vulnerability | ||
| Description: | Stack-based buffer overflow in the hfs subsystem in the Linux kernel 2.6.32 allows remote attackers to have an unspecified impact via a crafted Hierarchical File System (HFS) filesystem, related to the hfs_readdir function in fs/hfs/dir.c. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-4020 | Version: | 5 |
| Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:6757 | |||
| Oval ID: | oval:org.mitre.oval:def:6757 | ||
| Title: | Linux Kernel 2.4 and 2.6 Multiple Local Information Disclosure Vulnerabilities | ||
| Description: | The tc_fill_tclass function in net/sched/sch_api.c in the tc subsystem in the Linux kernel 2.4.x before 2.4.37.6 and 2.6.x before 2.6.31-rc9 does not initialize certain (1) tcm__pad1 and (2) tcm__pad2 structure members, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-3228 | Version: | 5 |
| Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:6763 | |||
| Oval ID: | oval:org.mitre.oval:def:6763 | ||
| Title: | Linux Kernel r128 Driver CCE Initialization NULL Pointer Dereference Denial of Service Vulnerability | ||
| Description: | The ATI Rage 128 (aka r128) driver in the Linux kernel before 2.6.31-git11 does not properly verify Concurrent Command Engine (CCE) state initialization, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly gain privileges via unspecified ioctl calls. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-3620 | Version: | 5 |
| Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:6815 | |||
| Oval ID: | oval:org.mitre.oval:def:6815 | ||
| Title: | HP-UX Running BIND, Remote Denial of Service (DoS), Unauthorized Disclosure of Information | ||
| Description: | Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains (1) CNAME or (2) DNAME records, which do not have the intended validation before caching, aka Bug 20737. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-4022. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-0290 | Version: | 6 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:6848 | |||
| Oval ID: | oval:org.mitre.oval:def:6848 | ||
| Title: | OpenSSL 'dtls1_retrieve_buffered_fragment()' DTLS Packet Denial of Service Vulnerability | ||
| Description: | Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote attackers to cause a denial of service (openssl s_client crash) and possibly have unspecified other impact via a DTLS packet, as demonstrated by a packet from a server that uses a crafted server certificate. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-1379 | Version: | 5 |
| Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:6895 | |||
| Oval ID: | oval:org.mitre.oval:def:6895 | ||
| Title: | Linux Kernel 'unix_stream_connect()' Local Denial of Service Vulnerability | ||
| Description: | net/unix/af_unix.c in the Linux kernel 2.6.31.4 and earlier allows local users to cause a denial of service (system hang) by creating an abstract-namespace AF_UNIX listening socket, performing a shutdown operation on this socket, and then performing a series of connect operations to this socket. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-3621 | Version: | 5 |
| Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:6951 | |||
| Oval ID: | oval:org.mitre.oval:def:6951 | ||
| Title: | GNU Libtool 'libltdl' Library Search Path Local Privilege Escalation Vulnerability | ||
| Description: | ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-3736 | Version: | 6 |
| Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:6955 | |||
| Oval ID: | oval:org.mitre.oval:def:6955 | ||
| Title: | Linux Kernel 'fuse_direct_io()' Invalid Pointer Dereference Local Denial of Service Vulnerability | ||
| Description: | The fuse_direct_io function in fs/fuse/file.c in the fuse subsystem in the Linux kernel before 2.6.32-rc7 might allow attackers to cause a denial of service (invalid pointer dereference and OOPS) via vectors possibly related to a memory-consumption attack. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-4021 | Version: | 5 |
| Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:6964 | |||
| Oval ID: | oval:org.mitre.oval:def:6964 | ||
| Title: | DSA-1970 openssl -- denial of service | ||
| Description: | It was discovered that a significant memory leak could occur in OpenSSL, related to the reinitialisation of zlib. This could result in a remotely exploitable denial of service vulnerability when using the Apache httpd server in a configuration where mod_ssl, mod_php5, and the php5-curl extension are loaded. The old stable distribution is not affected by this issue. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1970 CVE-2009-4355 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 5.0 | Product(s): | openssl |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:6992 | |||
| Oval ID: | oval:org.mitre.oval:def:6992 | ||
| Title: | Linux Kernel eCryptfs Lower Dentry Null Pointer Dereference Local Denial of Service Vulnerability | ||
| Description: | The d_delete function in fs/ecryptfs/inode.c in eCryptfs in the Linux kernel 2.6.31 allows local users to cause a denial of service (kernel OOPS) and possibly execute arbitrary code via unspecified vectors that cause a "negative dentry" and trigger a NULL pointer dereference, as demonstrated via a Mutt temporary directory in an eCryptfs mount. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-2908 | Version: | 5 |
| Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:6996 | |||
| Oval ID: | oval:org.mitre.oval:def:6996 | ||
| Title: | OpenSSL Multiple Vulnerabilities | ||
| Description: | The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1) BMPString or (2) UniversalString with an invalid encoded length. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-0590 | Version: | 5 |
| Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:7016 | |||
| Oval ID: | oval:org.mitre.oval:def:7016 | ||
| Title: | Linux e1000e Driver 'Jumbo Frame' Handling Remote Security Bypass Vulnerability | ||
| Description: | drivers/net/e1000e/netdev.c in the e1000e driver in the Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to have an unspecified impact via crafted packets, a related issue to CVE-2009-4537. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-4538 | Version: | 5 |
| Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:7026 | |||
| Oval ID: | oval:org.mitre.oval:def:7026 | ||
| Title: | Red Hat Linux Kernel Routing Implementation Multiple Remote Denial of Service Vulnerabilities | ||
| Description: | A certain Red Hat patch for net/ipv4/route.c in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5 allows remote attackers to cause a denial of service (deadlock) via crafted packets that force collisions in the IPv4 routing hash table, and trigger a routing "emergency" in which a hash chain is too long. NOTE: this is related to an issue in the Linux kernel before 2.6.31, when the kernel routing cache is disabled, involving an uninitialized pointer and a panic. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-4272 | Version: | 5 |
| Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:7054 | |||
| Oval ID: | oval:org.mitre.oval:def:7054 | ||
| Title: | Linux Kernel 'fasync_helper()' Local Privilege Escalation Vulnerability | ||
| Description: | Use-after-free vulnerability in the fasync_helper function in fs/fcntl.c in the Linux kernel before 2.6.33-rc4-git1 allows local users to gain privileges via vectors that include enabling O_ASYNC (aka FASYNC or FIOASYNC) on a locked file, and then closing this file. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-4141 | Version: | 5 |
| Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:7076 | |||
| Oval ID: | oval:org.mitre.oval:def:7076 | ||
| Title: | NTP mode 7 MODE_PRIVATE Packet Remote Denial of Service Vulnerability | ||
| Description: | ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-3563 | Version: | 5 |
| Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:7081 | |||
| Oval ID: | oval:org.mitre.oval:def:7081 | ||
| Title: | pam_krb5 Existing/Non-Existing Username Enumeration Weakness | ||
| Description: | pam_krb5 2.2.14 through 2.3.4, as used in Red Hat Enterprise Linux (RHEL) 5, generates different password prompts depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-1384 | Version: | 5 |
| Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:7086 | |||
| Oval ID: | oval:org.mitre.oval:def:7086 | ||
| Title: | ISC BIND 9 Cache Poisoning Vulnerability | ||
| Description: | ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta handles out-of-bailiwick data accompanying a secure response without re-fetching from the original source, which allows remote attackers to have an unspecified impact via a crafted response, aka Bug 20819. NOTE: this vulnerability exists because of a regression during the fix for CVE-2009-4022. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-0382 | Version: | 5 |
| Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:7101 | |||
| Oval ID: | oval:org.mitre.oval:def:7101 | ||
| Title: | Linux Kernel 'drivers/scsi/gdth.c' Local Privilege Escalation Vulnerability | ||
| Description: | Array index error in the gdth_read_event function in drivers/scsi/gdth.c in the Linux kernel before 2.6.32-rc8 allows local users to cause a denial of service or possibly gain privileges via a negative event index in an IOCTL request. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-3080 | Version: | 5 |
| Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:7144 | |||
| Oval ID: | oval:org.mitre.oval:def:7144 | ||
| Title: | Linux Kernel with SELinux 'mmap_min_addr' Low Memory NULL Pointer Dereference Vulnerability | ||
| Description: | The Linux kernel before 2.6.31-rc7 does not properly prevent mmap operations that target page zero and other low memory addresses, which allows local users to gain privileges by exploiting NULL pointer dereference vulnerabilities, related to (1) the default configuration of the allow_unconfined_mmap_low boolean in SELinux on Red Hat Enterprise Linux (RHEL) 5, (2) an error that causes allow_unconfined_mmap_low to be ignored in the unconfined_t domain, (3) lack of a requirement for the CAP_SYS_RAWIO capability for these mmap operations, and (4) interaction between the mmap_min_addr protection mechanism and certain application programs. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-2695 | Version: | 5 |
| Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:7155 | |||
| Oval ID: | oval:org.mitre.oval:def:7155 | ||
| Title: | VMware ESX, Service Console update for OpenSSL, GnuTLS, NSS and NSPR. | ||
| Description: | The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-2409 | Version: | 5 |
| Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:7163 | |||
| Oval ID: | oval:org.mitre.oval:def:7163 | ||
| Title: | Linux Kernel 'megaraid_sas' Driver Insecure File Permission Local Privilege Escalation Vulnerability | ||
| Description: | The dbg_lvl file for the megaraid_sas driver in the Linux kernel before 2.6.27 has world-writable permissions, which allows local users to change the (1) behavior and (2) logging level of the driver by modifying this file. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-3889 | Version: | 5 |
| Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:7212 | |||
| Oval ID: | oval:org.mitre.oval:def:7212 | ||
| Title: | ISC BIND 9 DNSSEC Bogus NXDOMAIN Response Remote Cache Poisoning Vulnerability | ||
| Description: | ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta does not properly validate DNSSEC (1) NSEC and (2) NSEC3 records, which allows remote attackers to add the Authenticated Data (AD) flag to a forged NXDOMAIN response for an existing domain. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-0097 | Version: | 5 |
| Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:7216 | |||
| Oval ID: | oval:org.mitre.oval:def:7216 | ||
| Title: | Sudo 'runas_default' Local Privilege Escalation Vulnerability | ||
| Description: | sudo 1.6.x before 1.6.9p21, when the runas_default option is used, does not properly set group memberships, which allows local users to gain privileges via a sudo command. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-0427 | Version: | 5 |
| Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:7229 | |||
| Oval ID: | oval:org.mitre.oval:def:7229 | ||
| Title: | OpenSSL DTLS Packets Multiple Denial of Service Vulnerabilities | ||
| Description: | Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consumption) via DTLS records that (1) are duplicates or (2) have sequence numbers much greater than current sequence numbers, aka "DTLS fragment handling memory leak." | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-1378 | Version: | 5 |
| Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:7238 | |||
| Oval ID: | oval:org.mitre.oval:def:7238 | ||
| Title: | Sudo 'sudoedit' Local Privilege Escalation Vulnerability | ||
| Description: | sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a pseudo-command is enabled, permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileges via a crafted executable file, as demonstrated by a file named sudoedit in a user's home directory. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-0426 | Version: | 5 |
| Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:7310 | |||
| Oval ID: | oval:org.mitre.oval:def:7310 | ||
| Title: | DSA-1992 chrony -- several vulnerabilities | ||
| Description: | Several vulnerabilities have been discovered in chrony, a pair of programs which are used to maintain the accuracy of the system clock on a computer. This issues are similar to the NTP security flaw CVE-2009-3563. The Common Vulnerabilities and Exposures project identifies the following problems: chronyd replies to all cmdmon packets with NOHOSTACCESS messages even for unauthorised hosts. An attacker can abuse this behaviour to force two chronyd instances to play packet ping-pong by sending such a packet with spoofed source address and port. This results in high CPU and network usage and thus denial of service conditions. The client logging facility of chronyd doesn’t limit memory that is used to store client information. An attacker can cause chronyd to allocate large amounts of memory by sending NTP or cmdmon packets with spoofed source addresses resulting in memory exhaustion. chronyd lacks of a rate limit control to the syslog facility when logging received packets from unauthorised hosts. This allows an attacker to cause denial of service conditions via filling up the logs and thus disk space by repeatedly sending invalid cmdmon packets. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1992 CVE-2010-0292 CVE-2010-0293 CVE-2010-0294 CVE-2009-3563 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 4.0 | Product(s): | chrony |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:7357 | |||
| Oval ID: | oval:org.mitre.oval:def:7357 | ||
| Title: | MIT Kerberos AES and RC4 Decryption Integer Underflow Vulnerabilities | ||
| Description: | Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by providing ciphertext with a length that is too short to be valid. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-4212 | Version: | 5 |
| Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:7359 | |||
| Oval ID: | oval:org.mitre.oval:def:7359 | ||
| Title: | Linux Kernel 64-bit Kernel Register Memory Leak Local Information Disclosure Vulnerability | ||
| Description: | arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.31.4 on the x86_64 platform does not clear certain kernel registers before a return to user mode, which allows local users to read register values from an earlier process by switching an ia32 process to 64-bit mode. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-2910 | Version: | 5 |
| Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:7376 | |||
| Oval ID: | oval:org.mitre.oval:def:7376 | ||
| Title: | Linux Kernel 'drivers/firewire/ohci.c' NULL Pointer Dereference Denial of Service Vulnerability | ||
| Description: | drivers/firewire/ohci.c in the Linux kernel before 2.6.32-git9, when packet-per-buffer mode is used, allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unknown other impact via an unspecified ioctl associated with receiving an ISO packet that contains zero in the payload-length field. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-4138 | Version: | 5 |
| Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:7377 | |||
| Oval ID: | oval:org.mitre.oval:def:7377 | ||
| Title: | Linux Kernel '/drivers/net/r8169.c' Out-of-IOMMU Error Local Denial of Service Vulnerability | ||
| Description: | The swiotlb functionality in the r8169 driver in drivers/net/r8169.c in the Linux kernel before 2.6.27.22 allows remote attackers to cause a denial of service (IOMMU space exhaustion and system crash) by using jumbo frames for a large amount of network traffic, as demonstrated by a flood ping. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-3613 | Version: | 5 |
| Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:7379 | |||
| Oval ID: | oval:org.mitre.oval:def:7379 | ||
| Title: | DSA-1948 ntp -- denial of service | ||
| Description: | Robin Park and Dmitri Vinokurov discovered that the daemon component of the ntp package, a reference implementation of the NTP protocol, is not properly reacting to certain incoming packets. An unexpected NTP mode 7 packet with spoofed IP data can lead ntpd to reply with a mode 7 response to the spoofed address. This may result in the service playing packet ping-pong with other ntp servers or even itself which causes CPU usage and excessive disk use due to logging. An attacker can use this to conduct denial of service attacks. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1948 CVE-2009-3563 | Version: | 7 |
| Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 4.0 | Product(s): | ntp |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:7430 | |||
| Oval ID: | oval:org.mitre.oval:def:7430 | ||
| Title: | A vulnerability in the way named(1M) handles recursive client queries may allow a remote unprivileged user to cause named(1M) to return NXDOMAIN (Non-Existent Domain) for Internet hosts thus causing a Denial of Service (DoS) for those hosts to end users | ||
| Description: | ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta does not properly validate DNSSEC (1) NSEC and (2) NSEC3 records, which allows remote attackers to add the Authenticated Data (AD) flag to a forged NXDOMAIN response for an existing domain. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-0097 | Version: | 3 |
| Platform(s): | Sun Solaris 9 Sun Solaris 10 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:7443 | |||
| Oval ID: | oval:org.mitre.oval:def:7443 | ||
| Title: | Linux Kernel RTL8169 NIC 'RxMaxSize' Frame Size Remote Denial of Service Vulnerability | ||
| Description: | drivers/net/r8169.c in the r8169 driver in the Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to (1) cause a denial of service (temporary network outage) via a packet with a crafted size, in conjunction with certain packets containing A characters and certain packets containing E characters; or (2) cause a denial of service (system crash) via a packet with a crafted size, in conjunction with certain packets containing '\0' characters, related to the value of the status register and erroneous behavior associated with the RxMaxSize register. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-1389. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-4537 | Version: | 5 |
| Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:7446 | |||
| Oval ID: | oval:org.mitre.oval:def:7446 | ||
| Title: | Linux Kernel Do_Coredump Security Bypass Vulnerability | ||
| Description: | The do_coredump function in fs/exec.c in the Linux kernel 2.6.19 sets the flag variable to O_EXCL but does not use it, which allows context-dependent attackers to modify arbitrary files via a rewrite attack during a core dump. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2006-6304 | Version: | 5 |
| Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:7453 | |||
| Oval ID: | oval:org.mitre.oval:def:7453 | ||
| Title: | Linux e1000 Driver 'Jumbo Frame' Handling Remote Security Bypass Vulnerability | ||
| Description: | drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel 2.6.32.3 and earlier handles Ethernet frames that exceed the MTU by processing certain trailing payload data as if it were a complete frame, which allows remote attackers to bypass packet filters via a large packet with a crafted payload. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-1385. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-4536 | Version: | 5 |
| Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:7469 | |||
| Oval ID: | oval:org.mitre.oval:def:7469 | ||
| Title: | OpenSSL 'ChangeCipherSpec' DTLS Packet Denial of Service Vulnerability | ||
| Description: | ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a DTLS ChangeCipherSpec packet that occurs before ClientHello. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-1386 | Version: | 5 |
| Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:7474 | |||
| Oval ID: | oval:org.mitre.oval:def:7474 | ||
| Title: | Linux Kernel IPv6 Hop-By-Hop Header Remote Denial of Service Vulnerability | ||
| Description: | The ipv6_hop_jumbo function in net/ipv6/exthdrs.c in the Linux kernel before 2.6.22 does not properly validate the hop-by-hop IPv6 extended header, which allows remote attackers to cause a denial of service (NULL pointer dereference and kernel panic) via a crafted IPv6 packet. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2007-4567 | Version: | 5 |
| Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:7481 | |||
| Oval ID: | oval:org.mitre.oval:def:7481 | ||
| Title: | DSA-1958 libtool -- privilege escalation | ||
| Description: | It was discovered that ltdl, a system-independent dlopen wrapper for GNU libtool, can be tricked to load and run modules from an arbitrary directory, which might be used to execute arbitrary code with the privileges of the user running an application that uses libltdl. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1958 CVE-2009-3736 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 4.0 | Product(s): | libtool |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:7511 | |||
| Oval ID: | oval:org.mitre.oval:def:7511 | ||
| Title: | gzip Integer Overflow Vulnerability | ||
| Description: | Integer underflow in the unlzw function in unlzw.c in gzip before 1.4 on 64-bit platforms, as used in ncompress and probably others, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted archive that uses LZW compression, leading to an array index error. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-0001 | Version: | 5 |
| Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:7512 | |||
| Oval ID: | oval:org.mitre.oval:def:7512 | ||
| Title: | ISC BIND 9 DNSSEC Query Response Additional Section Remote Cache Poisoning Vulnerability | ||
| Description: | Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains (1) CNAME or (2) DNAME records, which do not have the intended validation before caching, aka Bug 20737. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-4022. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-0290 | Version: | 5 |
| Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:7527 | |||
| Oval ID: | oval:org.mitre.oval:def:7527 | ||
| Title: | Linux kernel 'O_EXCL' NFSv4 Privilege Escalation Vulnerability | ||
| Description: | NFSv4 in the Linux kernel 2.6.18, and possibly other versions, does not properly clean up an inode when an O_EXCL create fails, which causes files to be created with insecure settings such as setuid bits, and possibly allows local users to gain privileges, related to the execution of the do_open_permission function even when a create fails. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-3286 | Version: | 5 |
| Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:7540 | |||
| Oval ID: | oval:org.mitre.oval:def:7540 | ||
| Title: | Linux Kernel 'megaraid_sas' Driver Insecure File Permission Local Privilege Escalation Vulnerability | ||
| Description: | The poll_mode_io file for the megaraid_sas driver in the Linux kernel 2.6.31.6 and earlier has world-writable permissions, which allows local users to change the I/O mode of the driver by modifying this file. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-3939 | Version: | 5 |
| Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:7557 | |||
| Oval ID: | oval:org.mitre.oval:def:7557 | ||
| Title: | Linux Kernel 2.4 and 2.6 Local Information Disclosure Vulnerability | ||
| Description: | The tcf_fill_node function in net/sched/cls_api.c in the netlink subsystem in the Linux kernel 2.6.x before 2.6.32-rc5, and 2.4.37.6 and earlier, does not initialize a certain tcm__pad2 structure member, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors. NOTE: this issue exists because of an incomplete fix for CVE-2005-4881. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-3612 | Version: | 5 |
| Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:7592 | |||
| Oval ID: | oval:org.mitre.oval:def:7592 | ||
| Title: | OpenSSL 'dtls1_retrieve_buffered_fragment()' DTLS Remote Denial of Service Vulnerability | ||
| Description: | The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL before 1.0.0 Beta 2 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence DTLS handshake message, related to a "fragment bug." | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-1387 | Version: | 5 |
| Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:7608 | |||
| Oval ID: | oval:org.mitre.oval:def:7608 | ||
| Title: | Linux Kernel 'pipe.c' Local Privilege Escalation Vulnerability | ||
| Description: | Multiple race conditions in fs/pipe.c in the Linux kernel before 2.6.32-rc6 allow local users to cause a denial of service (NULL pointer dereference and system crash) or gain privileges by attempting to open an anonymous pipe via a /proc/*/fd/ pathname. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-3547 | Version: | 5 |
| Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:7937 | |||
| Oval ID: | oval:org.mitre.oval:def:7937 | ||
| Title: | DSA-1928 linux-2.6.24 -- privilege escalation/denial of service/sensitive memory leak | ||
| Description: | Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, sensitive memory leak or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems: Michael Buesch noticed a typing issue in the eisa-eeprom driver for the hppa architecture. Local users could exploit this issue to gain access to restricted memory. Ulrich Drepper noticed an issue in the do_sigalstack routine on 64-bit systems. This issue allows local users to gain access to potentially sensitive memory on the kernel stack. Eric Dumazet discovered an issue in the execve path, where the clear_child_tid variable was not being properly cleared. Local users could exploit this issue to cause a denial of service (memory corruption). Neil Brown discovered an issue in the sysfs interface to md devices. When md arrays are not active, local users can exploit this vulnerability to cause a denial of service (oops). Mark Smith discovered a memory leak in the appletalk implementation. When the appletalk and ipddp modules are loaded, but no ipddp"N" device is found, remote attackers can cause a denial of service by consuming large amounts of system memory. Loic Minier discovered an issue in the eCryptfs filesystem. A local user can cause a denial of service (kernel oops) by causing a dentry value to go negative. Arjan van de Ven discovered an issue in the AX.25 protocol implementation. A specially crafted call to setsockopt() can result in a denial of service (kernel oops). Jan Beulich discovered the existence of a sensitive kernel memory leak. Systems running the "amd64" kernel do not properly sanitise registers for 32-bit processes. Jiri Slaby fixed a sensitive memory leak issue in the ANSI/IEEE 802.2 LLC implementation. This is not exploitable in the Debian lenny kernel as root privileges are required to exploit this issue. Eric Dumazet fixed several sensitive memory leaks in the IrDA, X.25 PLP (Rose), NET/ROM, Acorn Econet/AUN, and Controller Area Network (CAN) implementations. Local users can exploit these issues to gain access to kernel memory. Eric Dumazet reported an instance of uninitialised kernel memory in the network packet scheduler. Local users may be able to exploit this issue to read the contents of sensitive kernel memory. CVE-2009-3238 Linus Torvalds provided a change to the get_random_int() function to increase its randomness. Eric Paris discovered an issue with the NFSv4 server implementation. When an O_EXCL create fails, files may be left with corrupted permissions, possibly granting unintentional privileges to other local users. Earl Chew discovered a NULL pointer dereference issue in the pipe_rdwr_open function which can be used by local users to gain elevated privileges. Jiri Pirko discovered a typo in the initialisation of a structure in the netlink subsystem that may allow local users to gain access to sensitive kernel memory. Alistair Strachan reported an issue in the r8169 driver. Remote users can cause a denial of service (IOMMU space exhaustion and system crash) by transmitting a large amount of jumbo frames. Ben Hutchings discovered an issue in the DRM manager for ATI Rage 128 graphics adapters. Local users may be able to exploit this vulnerability to cause a denial of service (NULL pointer dereference). Tomoki Sekiyama discovered a deadlock condition in the UNIX domain socket implementation. Local users can exploit this vulnerability to cause a denial of service (system hang). | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1928 CVE-2009-2846 CVE-2009-2847 CVE-2009-2848 CVE-2009-2849 CVE-2009-2903 CVE-2009-2908 CVE-2009-2909 CVE-2009-2910 CVE-2009-3001 CVE-2009-3002 CVE-2009-3228 CVE-2009-3238 CVE-2009-3286 CVE-2009-3547 CVE-2009-3612 CVE-2009-3613 CVE-2009-3620 CVE-2009-3621 | Version: | 3 |
| Platform(s): | Debian GNU/Linux 4.0 | Product(s): | linux-2.6.24 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:8038 | |||
| Oval ID: | oval:org.mitre.oval:def:8038 | ||
| Title: | DSA-1763 openssl -- programming error | ||
| Description: | It was discovered that insufficient length validations in the ASN.1 handling of the OpenSSL crypto library may lead to denial of service when processing a manipulated certificate. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1763 CVE-2009-0590 | Version: | 3 |
| Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 4.0 | Product(s): | openssl |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:8111 | |||
| Oval ID: | oval:org.mitre.oval:def:8111 | ||
| Title: | DSA-1874 nss -- several vulnerabilities | ||
| Description: | Several vulnerabilities have been discovered in the Network Security Service libraries. The Common Vulnerabilities and Exposures project identifies the following problems: Moxie Marlinspike discovered that a buffer overflow in the regular expression parser could lead to the execution of arbitrary code. Dan Kaminsky discovered that NULL characters in certificate names could lead to man-in-the-middle attacks by tricking the user into accepting a rogue certificate. Certificates with MD2 hash signatures are no longer accepted since they're no longer considered cryptographically secure. The old stable distribution (etch) doesn't contain nss. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1874 CVE-2009-2404 CVE-2009-2408 CVE-2009-2409 | Version: | 3 |
| Platform(s): | Debian GNU/Linux 5.0 | Product(s): | nss |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:8192 | |||
| Oval ID: | oval:org.mitre.oval:def:8192 | ||
| Title: | Integer Overflow Security Vulnerability in AES and RC4 Decryption in the Solaris Kerberos Crypto Library May Lead to Execution of Arbitrary Code or a Denial of Service (DoS) | ||
| Description: | Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by providing ciphertext with a length that is too short to be valid. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-4212 | Version: | 2 |
| Platform(s): | Sun Solaris 10 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:8594 | |||
| Oval ID: | oval:org.mitre.oval:def:8594 | ||
| Title: | VMware Network Security Services (NSS) certificate spoofing vulnerability by using MD2 design flaw | ||
| Description: | The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-2409 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:8884 | |||
| Oval ID: | oval:org.mitre.oval:def:8884 | ||
| Title: | Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains (1) CNAME or (2) DNAME records, which do not have the intended validation before caching, aka Bug 20737. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-4022. | ||
| Description: | Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains (1) CNAME or (2) DNAME records, which do not have the intended validation before caching, aka Bug 20737. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-4022. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-0290 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:9201 | |||
| Oval ID: | oval:org.mitre.oval:def:9201 | ||
| Title: | Use-after-free vulnerability in the fasync_helper function in fs/fcntl.c in the Linux kernel before 2.6.33-rc4-git1 allows local users to gain privileges via vectors that include enabling O_ASYNC (aka FASYNC or FIOASYNC) on a locked file, and then closing this file. | ||
| Description: | Use-after-free vulnerability in the fasync_helper function in fs/fcntl.c in the Linux kernel before 2.6.33-rc4-git1 allows local users to gain privileges via vectors that include enabling O_ASYNC (aka FASYNC or FIOASYNC) on a locked file, and then closing this file. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-4141 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:9357 | |||
| Oval ID: | oval:org.mitre.oval:def:9357 | ||
| Title: | ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta does not properly validate DNSSEC (1) NSEC and (2) NSEC3 records, which allows remote attackers to add the Authenticated Data (AD) flag to a forged NXDOMAIN response for an existing domain. | ||
| Description: | ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta does not properly validate DNSSEC (1) NSEC and (2) NSEC3 records, which allows remote attackers to add the Authenticated Data (AD) flag to a forged NXDOMAIN response for an existing domain. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-0097 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:9439 | |||
| Oval ID: | oval:org.mitre.oval:def:9439 | ||
| Title: | drivers/net/r8169.c in the r8169 driver in the Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to (1) cause a denial of service (temporary network outage) via a packet with a crafted size, in conjunction with certain packets containing A characters and certain packets containing E characters; or (2) cause a denial of service (system crash) via a packet with a crafted size, in conjunction with certain packets containing '\0' characters, related to the value of the status register and erroneous behavior associated with the RxMaxSize register. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-1389. | ||
| Description: | drivers/net/r8169.c in the r8169 driver in the Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to (1) cause a denial of service (temporary network outage) via a packet with a crafted size, in conjunction with certain packets containing A characters and certain packets containing E characters; or (2) cause a denial of service (system crash) via a packet with a crafted size, in conjunction with certain packets containing '\0' characters, related to the value of the status register and erroneous behavior associated with the RxMaxSize register. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-1389. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-4537 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:9527 | |||
| Oval ID: | oval:org.mitre.oval:def:9527 | ||
| Title: | drivers/firewire/ohci.c in the Linux kernel before 2.6.32-git9, when packet-per-buffer mode is used, allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unknown other impact via an unspecified ioctl associated with receiving an ISO packet that contains zero in the payload-length field. | ||
| Description: | drivers/firewire/ohci.c in the Linux kernel before 2.6.32-git9, when packet-per-buffer mode is used, allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unknown other impact via an unspecified ioctl associated with receiving an ISO packet that contains zero in the payload-length field. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-4138 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:9652 | |||
| Oval ID: | oval:org.mitre.oval:def:9652 | ||
| Title: | pam_krb5 2.2.14 through 2.3.4, as used in Red Hat Enterprise Linux (RHEL) 5, generates different password prompts depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. | ||
| Description: | pam_krb5 2.2.14 through 2.3.4, as used in Red Hat Enterprise Linux (RHEL) 5, generates different password prompts depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-1384 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:9663 | |||
| Oval ID: | oval:org.mitre.oval:def:9663 | ||
| Title: | The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allows remote attackers to cause a denial of service (memory consumption) via a large series of "future epoch" DTLS records that are buffered in a queue, aka "DTLS record buffer limitation bug." | ||
| Description: | The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allows remote attackers to cause a denial of service (memory consumption) via a large series of "future epoch" DTLS records that are buffered in a queue, aka "DTLS record buffer limitation bug." | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-1377 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:9738 | |||
| Oval ID: | oval:org.mitre.oval:def:9738 | ||
| Title: | A certain Red Hat configuration step for the qla2xxx driver in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5, when N_Port ID Virtualization (NPIV) hardware is used, sets world-writable permissions for the (1) vport_create and (2) vport_delete files under /sys/class/scsi_host/, which allows local users to make arbitrary changes to SCSI host attributes by modifying these files. | ||
| Description: | A certain Red Hat configuration step for the qla2xxx driver in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5, when N_Port ID Virtualization (NPIV) hardware is used, sets world-writable permissions for the (1) vport_create and (2) vport_delete files under /sys/class/scsi_host/, which allows local users to make arbitrary changes to SCSI host attributes by modifying these files. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-3556 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:9744 | |||
| Oval ID: | oval:org.mitre.oval:def:9744 | ||
| Title: | Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote attackers to cause a denial of service (openssl s_client crash) and possibly have unspecified other impact via a DTLS packet, as demonstrated by a packet from a server that uses a crafted server certificate. | ||
| Description: | Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote attackers to cause a denial of service (openssl s_client crash) and possibly have unspecified other impact via a DTLS packet, as demonstrated by a packet from a server that uses a crafted server certificate. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-1379 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:9757 | |||
| Oval ID: | oval:org.mitre.oval:def:9757 | ||
| Title: | NFSv4 in the Linux kernel 2.6.18, and possibly other versions, does not properly clean up an inode when an O_EXCL create fails, which causes files to be created with insecure settings such as setuid bits, and possibly allows local users to gain privileges, related to the execution of the do_open_permission function even when a create fails. | ||
| Description: | NFSv4 in the Linux kernel 2.6.18, and possibly other versions, does not properly clean up an inode when an O_EXCL create fails, which causes files to be created with insecure settings such as setuid bits, and possibly allows local users to gain privileges, related to the execution of the do_open_permission function even when a create fails. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-3286 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:9882 | |||
| Oval ID: | oval:org.mitre.oval:def:9882 | ||
| Title: | The Linux kernel before 2.6.31-rc7 does not properly prevent mmap operations that target page zero and other low memory addresses, which allows local users to gain privileges by exploiting NULL pointer dereference vulnerabilities, related to (1) the default configuration of the allow_unconfined_mmap_low boolean in SELinux on Red Hat Enterprise Linux (RHEL) 5, (2) an error that causes allow_unconfined_mmap_low to be ignored in the unconfined_t domain, (3) lack of a requirement for the CAP_SYS_RAWIO capability for these mmap operations, and (4) interaction between the mmap_min_addr protection mechanism and certain application programs. | ||
| Description: | The Linux kernel before 2.6.31-rc7 does not properly prevent mmap operations that target page zero and other low memory addresses, which allows local users to gain privileges by exploiting NULL pointer dereference vulnerabilities, related to (1) the default configuration of the allow_unconfined_mmap_low boolean in SELinux on Red Hat Enterprise Linux (RHEL) 5, (2) an error that causes allow_unconfined_mmap_low to be ignored in the unconfined_t domain, (3) lack of a requirement for the CAP_SYS_RAWIO capability for these mmap operations, and (4) interaction between the mmap_min_addr protection mechanism and certain application programs. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-2695 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
ExploitDB Exploits
| id | Description |
|---|---|
| 2009-06-04 | OpenSSL < 0.9.8i DTLS ChangeCipherSpec Remote DoS Exploit |
| 2009-05-18 | OpenSSL <= 0.9.8k, 1.0.0-beta2 DTLS Remote Memory Exhaustion DoS |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2012-10-05 | Name : CentOS Update for kernel CESA-2012:1323 centos5 File : nvt/gb_CESA-2012_1323_kernel_centos5.nasl |
| 2012-10-03 | Name : RedHat Update for kernel RHSA-2012:1323-01 File : nvt/gb_RHSA-2012_1323-01_kernel.nasl |
| 2012-04-16 | Name : VMSA-2010-0009: ESXi utilities and ESX Service Console third party updates File : nvt/gb_VMSA-2010-0009.nasl |
| 2012-03-16 | Name : VMSA-2011-0003.2 Third party component updates for VMware vCenter Server, vCe... File : nvt/gb_VMSA-2011-0003.nasl |
| 2012-03-16 | Name : VMSA-2011-0009.3 VMware hosted product updates, ESX patches and VI Client upd... File : nvt/gb_VMSA-2011-0009.nasl |
| 2012-03-15 | Name : VMSA-2010-0016 VMware ESXi and ESX third party updates for Service Console an... File : nvt/gb_VMSA-2010-0016.nasl |
| 2012-02-12 | Name : Gentoo Security Advisory GLSA 201110-01 (openssl) File : nvt/glsa_201110_01.nasl |
| 2012-02-12 | Name : Gentoo Security Advisory GLSA 201201-13 (mit-krb5) File : nvt/glsa_201201_13.nasl |
| 2011-10-21 | Name : Mandriva Update for ncompress MDVSA-2011:152 (ncompress) File : nvt/gb_mandriva_MDVSA_2011_152.nasl |
| 2011-10-20 | Name : Mac OS X v10.6.8 Multiple Vulnerabilities (2011-006) File : nvt/gb_macosx_su11-006.nasl |
| 2011-09-07 | Name : Mac OS X v10.6.4 Multiple Vulnerabilities (2010-007) File : nvt/gb_macosx_su10-007.nasl |
| 2011-08-09 | Name : CentOS Update for openssl CESA-2009:1335 centos5 i386 File : nvt/gb_CESA-2009_1335_openssl_centos5_i386.nasl |
| 2011-08-09 | Name : CentOS Update for seamonkey CESA-2009:1432 centos3 i386 File : nvt/gb_CESA-2009_1432_seamonkey_centos3_i386.nasl |
| 2011-08-09 | Name : CentOS Update for kernel CESA-2009:1522 centos4 i386 File : nvt/gb_CESA-2009_1522_kernel_centos4_i386.nasl |
| 2011-08-09 | Name : CentOS Update for kernel CESA-2009:1541 centos4 i386 File : nvt/gb_CESA-2009_1541_kernel_centos4_i386.nasl |
| 2011-08-09 | Name : CentOS Update for kernel CESA-2009:1548 centos5 i386 File : nvt/gb_CESA-2009_1548_kernel_centos5_i386.nasl |
| 2011-08-09 | Name : CentOS Update for kernel CESA-2009:1550 centos3 i386 File : nvt/gb_CESA-2009_1550_kernel_centos3_i386.nasl |
| 2011-08-09 | Name : CentOS Update for java CESA-2009:1584 centos5 i386 File : nvt/gb_CESA-2009_1584_java_centos5_i386.nasl |
| 2011-08-09 | Name : CentOS Update for libtool CESA-2009:1646 centos3 i386 File : nvt/gb_CESA-2009_1646_libtool_centos3_i386.nasl |
| 2011-08-09 | Name : CentOS Update for libtool CESA-2009:1646 centos4 i386 File : nvt/gb_CESA-2009_1646_libtool_centos4_i386.nasl |
| 2011-08-09 | Name : CentOS Update for libtool CESA-2009:1646 centos5 i386 File : nvt/gb_CESA-2009_1646_libtool_centos5_i386.nasl |
| 2011-08-09 | Name : CentOS Update for ntp CESA-2009:1648 centos4 i386 File : nvt/gb_CESA-2009_1648_ntp_centos4_i386.nasl |
| 2011-08-09 | Name : CentOS Update for ntp CESA-2009:1648 centos5 i386 File : nvt/gb_CESA-2009_1648_ntp_centos5_i386.nasl |
| 2011-08-09 | Name : CentOS Update for ntp CESA-2009:1651 centos3 i386 File : nvt/gb_CESA-2009_1651_ntp_centos3_i386.nasl |
| 2011-08-09 | Name : CentOS Update for kernel CESA-2009:1670 centos5 i386 File : nvt/gb_CESA-2009_1670_kernel_centos5_i386.nasl |
| 2011-08-09 | Name : CentOS Update for kernel CESA-2009:1671 centos4 i386 File : nvt/gb_CESA-2009_1671_kernel_centos4_i386.nasl |
| 2011-08-09 | Name : CentOS Update for kernel CESA-2010:0019 centos5 i386 File : nvt/gb_CESA-2010_0019_kernel_centos5_i386.nasl |
| 2011-08-09 | Name : CentOS Update for krb5-devel CESA-2010:0029 centos5 i386 File : nvt/gb_CESA-2010_0029_krb5-devel_centos5_i386.nasl |
| 2011-08-09 | Name : CentOS Update for cpp CESA-2010:0039 centos5 i386 File : nvt/gb_CESA-2010_0039_cpp_centos5_i386.nasl |
| 2011-08-09 | Name : CentOS Update for kernel CESA-2010:0046 centos5 i386 File : nvt/gb_CESA-2010_0046_kernel_centos5_i386.nasl |
| 2011-08-09 | Name : CentOS Update for openssl CESA-2010:0054 centos5 i386 File : nvt/gb_CESA-2010_0054_openssl_centos5_i386.nasl |
| 2011-08-09 | Name : CentOS Update for gzip CESA-2010:0061 centos5 i386 File : nvt/gb_CESA-2010_0061_gzip_centos5_i386.nasl |
| 2011-08-09 | Name : CentOS Update for bind CESA-2010:0062 centos5 i386 File : nvt/gb_CESA-2010_0062_bind_centos5_i386.nasl |
| 2011-08-09 | Name : CentOS Update for sudo CESA-2010:0122 centos5 i386 File : nvt/gb_CESA-2010_0122_sudo_centos5_i386.nasl |
| 2011-08-09 | Name : CentOS Update for gnutls CESA-2010:0166 centos5 i386 File : nvt/gb_CESA-2010_0166_gnutls_centos5_i386.nasl |
| 2011-08-09 | Name : CentOS Update for sudo CESA-2010:0361 centos5 i386 File : nvt/gb_CESA-2010_0361_sudo_centos5_i386.nasl |
| 2011-06-06 | Name : HP-UX Update for XNTP HPSBUX02639 File : nvt/gb_hp_ux_HPSBUX02639.nasl |
| 2011-03-09 | Name : Gentoo Security Advisory GLSA 201006-11 (BIND) File : nvt/glsa_201006_11.nasl |
| 2011-03-07 | Name : Fedora Update for q FEDORA-2011-1958 File : nvt/gb_fedora_2011_1958_q_fc13.nasl |
| 2011-03-07 | Name : Fedora Update for q FEDORA-2011-1967 File : nvt/gb_fedora_2011_1967_q_fc14.nasl |
| 2010-12-09 | Name : Fedora Update for kernel FEDORA-2010-18432 File : nvt/gb_fedora_2010_18432_kernel_fc12.nasl |
| 2010-11-23 | Name : Fedora Update for openssl FEDORA-2010-17826 File : nvt/gb_fedora_2010_17826_openssl_fc12.nasl |
| 2010-10-19 | Name : Mandriva Update for kernel MDVSA-2010:198 (kernel) File : nvt/gb_mandriva_MDVSA_2010_198.nasl |
| 2010-10-01 | Name : HP-UX Update for BIND HPSBUX02546 File : nvt/gb_hp_ux_HPSBUX02546.nasl |
| 2010-10-01 | Name : SuSE Update for kernel SUSE-SA:2010:046 File : nvt/gb_suse_2010_046.nasl |
| 2010-09-27 | Name : Mandriva Update for kernel MDVSA-2010:188 (kernel) File : nvt/gb_mandriva_MDVSA_2010_188.nasl |
| 2010-09-22 | Name : Fedora Update for kernel FEDORA-2010-14878 File : nvt/gb_fedora_2010_14878_kernel_fc12.nasl |
| 2010-09-10 | Name : SuSE Update for kernel SUSE-SA:2010:036 File : nvt/gb_suse_2010_036.nasl |
| 2010-09-07 | Name : Fedora Update for kernel FEDORA-2010-13903 File : nvt/gb_fedora_2010_13903_kernel_fc12.nasl |
| 2010-08-30 | Name : CentOS Update for kernel CESA-2010:0474 centos4 i386 File : nvt/gb_CESA-2010_0474_kernel_centos4_i386.nasl |
| 2010-08-30 | Name : Fedora Update for kernel FEDORA-2010-13110 File : nvt/gb_fedora_2010_13110_kernel_fc12.nasl |
| 2010-08-21 | Name : Debian Security Advisory DSA 2074-1 (ncompress) File : nvt/deb_2074_1.nasl |
| 2010-08-06 | Name : Fedora Update for kernel FEDORA-2010-11412 File : nvt/gb_fedora_2010_11412_kernel_fc12.nasl |
| 2010-07-23 | Name : SuSE Update for kernel SUSE-SA:2010:031 File : nvt/gb_suse_2010_031.nasl |
| 2010-07-16 | Name : Fedora Update for kernel FEDORA-2010-10880 File : nvt/gb_fedora_2010_10880_kernel_fc12.nasl |
| 2010-07-12 | Name : Fedora Update for gcc FEDORA-2010-10640 File : nvt/gb_fedora_2010_10640_gcc_fc12.nasl |
| 2010-07-12 | Name : Fedora Update for libtool FEDORA-2010-10640 File : nvt/gb_fedora_2010_10640_libtool_fc12.nasl |
| 2010-07-06 | Name : Debian Security Advisory DSA 2054-2 (bind9) File : nvt/deb_2054_2.nasl |
| 2010-06-25 | Name : Fedora Update for openssl FEDORA-2010-9421 File : nvt/gb_fedora_2010_9421_openssl_fc11.nasl |
| 2010-06-18 | Name : RedHat Update for kernel RHSA-2010:0474-01 File : nvt/gb_RHSA-2010_0474-01_kernel.nasl |
| 2010-06-18 | Name : Fedora Update for kernel FEDORA-2010-9209 File : nvt/gb_fedora_2010_9209_kernel_fc12.nasl |
| 2010-06-18 | Name : Fedora Update for openssl FEDORA-2010-9639 File : nvt/gb_fedora_2010_9639_openssl_fc12.nasl |
| 2010-06-10 | Name : Debian Security Advisory DSA 2054-1 (bind9) File : nvt/deb_2054_1.nasl |
| 2010-06-07 | Name : Ubuntu Update for Linux kernel vulnerabilities USN-947-1 File : nvt/gb_ubuntu_USN_947_1.nasl |
| 2010-06-07 | Name : Ubuntu Update for linux regression USN-947-2 File : nvt/gb_ubuntu_USN_947_2.nasl |
| 2010-06-03 | Name : Debian Security Advisory DSA 2053-1 (linux-2.6) File : nvt/deb_2053_1.nasl |
| 2010-05-28 | Name : Fedora Update for kernel FEDORA-2010-7779 File : nvt/gb_fedora_2010_7779_kernel_fc12.nasl |
| 2010-05-28 | Name : Fedora Update for openssl FEDORA-2010-8742 File : nvt/gb_fedora_2010_8742_openssl_fc12.nasl |
| 2010-05-28 | Name : Fedora Update for libprelude FEDORA-2010-8756 File : nvt/gb_fedora_2010_8756_libprelude_fc12.nasl |
| 2010-05-28 | Name : Fedora Update for krb5 FEDORA-2010-8796 File : nvt/gb_fedora_2010_8796_krb5_fc11.nasl |
| 2010-05-28 | Name : Fedora Update for krb5 FEDORA-2010-8805 File : nvt/gb_fedora_2010_8805_krb5_fc12.nasl |
| 2010-05-28 | Name : Mandriva Update for openoffice.org MDVSA-2010:105 (openoffice.org) File : nvt/gb_mandriva_MDVSA_2010_105.nasl |
| 2010-05-12 | Name : Mac OS X 10.6.2 Update / Mac OS X Security Update 2009-006 File : nvt/macosx_upd_10_6_2_secupd_2009-006.nasl |
| 2010-05-07 | Name : Fedora Update for sudo FEDORA-2010-6701 File : nvt/gb_fedora_2010_6701_sudo_fc12.nasl |
| 2010-05-07 | Name : Fedora Update for sudo FEDORA-2010-6749 File : nvt/gb_fedora_2010_6749_sudo_fc11.nasl |
| 2010-05-07 | Name : Mandriva Update for openoffice.org MDVSA-2010:091 (openoffice.org) File : nvt/gb_mandriva_MDVSA_2010_091.nasl |
| 2010-05-04 | Name : Mandriva Update for kernel MDVSA-2010:088 (kernel) File : nvt/gb_mandriva_MDVSA_2010_088.nasl |
| 2010-04-30 | Name : HP-UX Update for OpenSSL HPSBUX02517 File : nvt/gb_hp_ux_HPSBUX02517.nasl |
| 2010-04-30 | Name : HP-UX Update for BIND HPSBUX02519 File : nvt/gb_hp_ux_HPSBUX02519.nasl |
| 2010-04-30 | Name : Mandriva Update for sudo MDVSA-2010:078-1 (sudo) File : nvt/gb_mandriva_MDVSA_2010_078_1.nasl |
| 2010-04-30 | Name : Mandriva Update for java-1.6.0-openjdk MDVSA-2010:084 (java-1.6.0-openjdk) File : nvt/gb_mandriva_MDVSA_2010_084.nasl |
| 2010-04-29 | Name : RedHat Update for sudo RHSA-2010:0361-01 File : nvt/gb_RHSA-2010_0361-01_sudo.nasl |
| 2010-04-29 | Name : Fedora Update for krb5 FEDORA-2010-7130 File : nvt/gb_fedora_2010_7130_krb5_fc12.nasl |
| 2010-04-21 | Name : FreeBSD Ports: sudo File : nvt/freebsd_sudo6.nasl |
| 2010-04-19 | Name : Fedora Update for openssl FEDORA-2010-5357 File : nvt/gb_fedora_2010_5357_openssl_fc11.nasl |
| 2010-04-19 | Name : Mandriva Update for sudo MDVSA-2010:078 (sudo) File : nvt/gb_mandriva_MDVSA_2010_078.nasl |
| 2010-04-16 | Name : Mandriva Update for openoffice.org MDVSA-2010:075 (openoffice.org) File : nvt/gb_mandriva_MDVSA_2010_075.nasl |
| 2010-04-16 | Name : Ubuntu Update for sudo vulnerability USN-928-1 File : nvt/gb_ubuntu_USN_928_1.nasl |
| 2010-04-09 | Name : Fedora Update for krb5 FEDORA-2010-6108 File : nvt/gb_fedora_2010_6108_krb5_fc11.nasl |
| 2010-04-06 | Name : RedHat Update for pam_krb5 RHSA-2010:0258-04 File : nvt/gb_RHSA-2010_0258-04_pam_krb5.nasl |
| 2010-04-06 | Name : Fedora Update for hamlib FEDORA-2010-4352 File : nvt/gb_fedora_2010_4352_hamlib_fc11.nasl |
| 2010-04-06 | Name : Fedora Update for hamlib FEDORA-2010-4407 File : nvt/gb_fedora_2010_4407_hamlib_fc12.nasl |
| 2010-03-31 | Name : CentOS Update for openssl CESA-2010:0163 centos3 i386 File : nvt/gb_CESA-2010_0163_openssl_centos3_i386.nasl |
| 2010-03-31 | Name : CentOS Update for openssl CESA-2010:0163 centos4 i386 File : nvt/gb_CESA-2010_0163_openssl_centos4_i386.nasl |
| 2010-03-31 | Name : RedHat Update for openssl RHSA-2010:0163-01 File : nvt/gb_RHSA-2010_0163-01_openssl.nasl |
| 2010-03-31 | Name : RedHat Update for gnutls RHSA-2010:0166-01 File : nvt/gb_RHSA-2010_0166-01_gnutls.nasl |
| 2010-03-31 | Name : Fedora Update for krb5 FEDORA-2010-4677 File : nvt/gb_fedora_2010_4677_krb5_fc12.nasl |
| 2010-03-31 | Name : Mandriva Update for kernel MDVSA-2010:066 (kernel) File : nvt/gb_mandriva_MDVSA_2010_066.nasl |
| 2010-03-22 | Name : RedHat Update for kernel RHSA-2010:0146-01 File : nvt/gb_RHSA-2010_0146-01_kernel.nasl |
| 2010-03-22 | Name : Fedora Update for esorex FEDORA-2010-3216 File : nvt/gb_fedora_2010_3216_esorex_fc12.nasl |
| 2010-03-22 | Name : Fedora Update for esorex FEDORA-2010-3314 File : nvt/gb_fedora_2010_3314_esorex_fc11.nasl |
| 2010-03-22 | Name : Fedora Update for gnu-smalltalk FEDORA-2010-4339 File : nvt/gb_fedora_2010_4339_gnu-smalltalk_fc12.nasl |
| 2010-03-22 | Name : Fedora Update for gnu-smalltalk FEDORA-2010-4392 File : nvt/gb_fedora_2010_4392_gnu-smalltalk_fc11.nasl |
| 2010-03-22 | Name : Mandriva Update for lvm2 MDVA-2010:105 (lvm2) File : nvt/gb_mandriva_MDVA_2010_105.nasl |
| 2010-03-22 | Name : SuSE Update for kernel SUSE-SA:2010:016 File : nvt/gb_suse_2010_016.nasl |
| 2010-03-16 | Name : FreeBSD Ports: sudo File : nvt/freebsd_sudo5.nasl |
| 2010-03-16 | Name : Gentoo Security Advisory GLSA 201003-01 (sudo) File : nvt/glsa_201003_01.nasl |
| 2010-03-12 | Name : Fedora Update for sudo FEDORA-2010-3359 File : nvt/gb_fedora_2010_3359_sudo_fc12.nasl |
| 2010-03-12 | Name : Fedora Update for sudo FEDORA-2010-3415 File : nvt/gb_fedora_2010_3415_sudo_fc11.nasl |
| 2010-03-12 | Name : Mandriva Update for rsnapshot MDVA-2010:088 (rsnapshot) File : nvt/gb_mandriva_MDVA_2010_088.nasl |
| 2010-03-12 | Name : Mandriva Update for slib MDVA-2010:091 (slib) File : nvt/gb_mandriva_MDVA_2010_091.nasl |
| 2010-03-12 | Name : Mandriva Update for sudo MDVSA-2010:052 (sudo) File : nvt/gb_mandriva_MDVSA_2010_052.nasl |
| 2010-03-12 | Name : Mandriva Update for pam_krb5 MDVSA-2010:054 (pam_krb5) File : nvt/gb_mandriva_MDVSA_2010_054.nasl |
| 2010-03-12 | Name : Mandriva Update for openoffice.org MDVSA-2010:056 (openoffice.org) File : nvt/gb_mandriva_MDVSA_2010_056.nasl |
| 2010-03-05 | Name : SuSE Update for kernel SUSE-SA:2010:014 File : nvt/gb_suse_2010_014.nasl |
| 2010-03-02 | Name : RedHat Update for sudo RHSA-2010:0122-01 File : nvt/gb_RHSA-2010_0122-01_sudo.nasl |
| 2010-03-02 | Name : Fedora Update for krb5 FEDORA-2010-0503 File : nvt/gb_fedora_2010_0503_krb5_fc12.nasl |
| 2010-03-02 | Name : Fedora Update for krb5 FEDORA-2010-0515 File : nvt/gb_fedora_2010_0515_krb5_fc11.nasl |
| 2010-03-02 | Name : Fedora Update for bind FEDORA-2010-0861 File : nvt/gb_fedora_2010_0861_bind_fc11.nasl |
| 2010-03-02 | Name : Fedora Update for bind FEDORA-2010-0868 File : nvt/gb_fedora_2010_0868_bind_fc12.nasl |
| 2010-03-02 | Name : Fedora Update for gzip FEDORA-2010-0884 File : nvt/gb_fedora_2010_0884_gzip_fc12.nasl |
| 2010-03-02 | Name : Fedora Update for kernel FEDORA-2010-0919 File : nvt/gb_fedora_2010_0919_kernel_fc11.nasl |
| 2010-03-02 | Name : Fedora Update for gzip FEDORA-2010-0964 File : nvt/gb_fedora_2010_0964_gzip_fc11.nasl |
| 2010-03-02 | Name : Fedora Update for kernel FEDORA-2010-1500 File : nvt/gb_fedora_2010_1500_kernel_fc11.nasl |
| 2010-03-02 | Name : Fedora Update for krb5 FEDORA-2010-1722 File : nvt/gb_fedora_2010_1722_krb5_fc12.nasl |
| 2010-03-02 | Name : Fedora Update for kernel FEDORA-2010-1787 File : nvt/gb_fedora_2010_1787_kernel_fc12.nasl |
| 2010-03-02 | Name : Fedora Update for kernel FEDORA-2010-1804 File : nvt/gb_fedora_2010_1804_kernel_fc11.nasl |
| 2010-03-02 | Name : Fedora Update for gnash FEDORA-2010-1820 File : nvt/gb_fedora_2010_1820_gnash_fc12.nasl |
| 2010-03-02 | Name : Fedora Update for gnash FEDORA-2010-1833 File : nvt/gb_fedora_2010_1833_gnash_fc11.nasl |
| 2010-03-02 | Name : Fedora Update for gambas FEDORA-2010-1872 File : nvt/gb_fedora_2010_1872_gambas_fc12.nasl |
| 2010-03-02 | Name : Fedora Update for gambas FEDORA-2010-1924 File : nvt/gb_fedora_2010_1924_gambas_fc11.nasl |
| 2010-03-02 | Name : Fedora Update for mingw32-libltdl FEDORA-2010-2341 File : nvt/gb_fedora_2010_2341_mingw32-libltdl_fc12.nasl |
| 2010-03-02 | Name : Fedora Update for mingw32-libltdl FEDORA-2010-2943 File : nvt/gb_fedora_2010_2943_mingw32-libltdl_fc11.nasl |
| 2010-03-02 | Name : Mandriva Update for phpmyadmin MDVA-2010:075 (phpmyadmin) File : nvt/gb_mandriva_MDVA_2010_075.nasl |
| 2010-03-02 | Name : Mandriva Update for x11-driver-video-ati MDVA-2010:084 (x11-driver-video-ati) File : nvt/gb_mandriva_MDVA_2010_084.nasl |
| 2010-03-02 | Name : Mandriva Update for sudo MDVSA-2010:049 (sudo) File : nvt/gb_mandriva_MDVSA_2010_049.nasl |
| 2010-03-02 | Name : Ubuntu Update for sudo vulnerabilities USN-905-1 File : nvt/gb_ubuntu_USN_905_1.nasl |
| 2010-02-25 | Name : Debian Security Advisory DSA 2003-1 (linux-2.6) File : nvt/deb_2003_1.nasl |
| 2010-02-19 | Name : Mandriva Update for drakxtools MDVA-2010:066 (drakxtools) File : nvt/gb_mandriva_MDVA_2010_066.nasl |
| 2010-02-19 | Name : Mandriva Update for kernel MDVSA-2010:034-1 (kernel) File : nvt/gb_mandriva_MDVSA_2010_034_1.nasl |
| 2010-02-19 | Name : SuSE Update for kernel SUSE-SA:2010:010 File : nvt/gb_suse_2010_010.nasl |
| 2010-02-19 | Name : SuSE Update for kernel SUSE-SA:2010:012 File : nvt/gb_suse_2010_012.nasl |
| 2010-02-15 | Name : Mandriva Update for microcode_ctl MDVA-2010:052 (microcode_ctl) File : nvt/gb_mandriva_MDVA_2010_052.nasl |
| 2010-02-15 | Name : Mandriva Update for cacti MDVA-2010:054 (cacti) File : nvt/gb_mandriva_MDVA_2010_054.nasl |
| 2010-02-15 | Name : Mandriva Update for samba MDVA-2010:056 (samba) File : nvt/gb_mandriva_MDVA_2010_056.nasl |
| 2010-02-15 | Name : Mandriva Update for kernel MDVSA-2010:034 (kernel) File : nvt/gb_mandriva_MDVSA_2010_034.nasl |
| 2010-02-15 | Name : Mandriva Update for openoffice.org MDVSA-2010:035 (openoffice.org) File : nvt/gb_mandriva_MDVSA_2010_035.nasl |
| 2010-02-10 | Name : Debian Security Advisory DSA 1992-1 (chrony) File : nvt/deb_1992_1.nasl |
| 2010-02-08 | Name : RedHat Update for kernel RHSA-2010:0076-01 File : nvt/gb_RHSA-2010_0076-01_kernel.nasl |
| 2010-02-08 | Name : Mandriva Update for mailcap MDVA-2010:049 (mailcap) File : nvt/gb_mandriva_MDVA_2010_049.nasl |
| 2010-02-08 | Name : Mandriva Update for kernel MDVSA-2010:030 (kernel) File : nvt/gb_mandriva_MDVSA_2010_030.nasl |
| 2010-02-08 | Name : Ubuntu Update for Linux kernel vulnerabilities USN-894-1 File : nvt/gb_ubuntu_USN_894_1.nasl |
| 2010-02-01 | Name : Debian Security Advisory DSA 1974-1 (gzip) File : nvt/deb_1974_1.nasl |
| 2010-01-29 | Name : SuSE Update for acroread SUSE-SA:2010:008 File : nvt/gb_suse_2010_008.nasl |
| 2010-01-25 | Name : RedHat Update for gzip RHSA-2010:0061-02 File : nvt/gb_RHSA-2010_0061-02_gzip.nasl |
| 2010-01-25 | Name : RedHat Update for bind RHSA-2010:0062-02 File : nvt/gb_RHSA-2010_0062-02_bind.nasl |
| 2010-01-25 | Name : SuSE Update for krb5 SUSE-SA:2010:006 File : nvt/gb_suse_2010_006.nasl |
| 2010-01-22 | Name : CentOS Update for gzip CESA-2010:0061 centos3 i386 File : nvt/gb_CESA-2010_0061_gzip_centos3_i386.nasl |
| 2010-01-22 | Name : CentOS Update for gzip CESA-2010:0061 centos3 x86_64 File : nvt/gb_CESA-2010_0061_gzip_centos3_x86_64.nasl |
| 2010-01-22 | Name : Mandriva Update for gzip MDVSA-2010:020 (gzip) File : nvt/gb_mandriva_MDVSA_2010_020.nasl |
| 2010-01-22 | Name : Mandriva Update for bind MDVSA-2010:021 (bind) File : nvt/gb_mandriva_MDVSA_2010_021.nasl |
| 2010-01-22 | Name : Mandriva Update for openssl MDVSA-2010:022 (openssl) File : nvt/gb_mandriva_MDVSA_2010_022.nasl |
| 2010-01-22 | Name : Ubuntu Update for bind9 vulnerabilities USN-888-1 File : nvt/gb_ubuntu_USN_888_1.nasl |
| 2010-01-22 | Name : Ubuntu Update for gzip vulnerabilities USN-889-1 File : nvt/gb_ubuntu_USN_889_1.nasl |
| 2010-01-20 | Name : ISC BIND 9 DNSSEC Bogus NXDOMAIN Response Remote Cache Poisoning Vulnerability File : nvt/bind_37865.nasl |
| 2010-01-20 | Name : RedHat Update for kernel RHSA-2010:0046-01 File : nvt/gb_RHSA-2010_0046-01_kernel.nasl |
| 2010-01-20 | Name : RedHat Update for openssl RHSA-2010:0054-01 File : nvt/gb_RHSA-2010_0054-01_openssl.nasl |
| 2010-01-20 | Name : Kerberos5 Multiple Integer Underflow Vulnerabilities File : nvt/gb_kerberos5_mult_int_underflow_vuln.nasl |
| 2010-01-20 | Name : SuSE Update for kernel SUSE-SA:2010:005 File : nvt/gb_suse_2010_005.nasl |
| 2010-01-19 | Name : CentOS Update for kernel CESA-2010:0020 centos4 i386 File : nvt/gb_CESA-2010_0020_kernel_centos4_i386.nasl |
| 2010-01-19 | Name : CentOS Update for kernel CESA-2010:0020 centos4 x86_64 File : nvt/gb_CESA-2010_0020_kernel_centos4_x86_64.nasl |
| 2010-01-19 | Name : CentOS Update for krb5-devel CESA-2010:0029 centos3 i386 File : nvt/gb_CESA-2010_0029_krb5-devel_centos3_i386.nasl |
| 2010-01-19 | Name : CentOS Update for krb5-devel CESA-2010:0029 centos3 x86_64 File : nvt/gb_CESA-2010_0029_krb5-devel_centos3_x86_64.nasl |
| 2010-01-19 | Name : CentOS Update for krb5-devel CESA-2010:0029 centos4 i386 File : nvt/gb_CESA-2010_0029_krb5-devel_centos4_i386.nasl |
| 2010-01-19 | Name : CentOS Update for krb5-devel CESA-2010:0029 centos4 x86_64 File : nvt/gb_CESA-2010_0029_krb5-devel_centos4_x86_64.nasl |
| 2010-01-19 | Name : CentOS Update for cpp CESA-2010:0039 centos3 i386 File : nvt/gb_CESA-2010_0039_cpp_centos3_i386.nasl |
| 2010-01-19 | Name : CentOS Update for cpp CESA-2010:0039 centos3 x86_64 File : nvt/gb_CESA-2010_0039_cpp_centos3_x86_64.nasl |
| 2010-01-19 | Name : CentOS Update for cpp CESA-2010:0039 centos4 i386 File : nvt/gb_CESA-2010_0039_cpp_centos4_i386.nasl |
| 2010-01-19 | Name : CentOS Update for cpp CESA-2010:0039 centos4 x86_64 File : nvt/gb_CESA-2010_0039_cpp_centos4_x86_64.nasl |
| 2010-01-19 | Name : RedHat Update for krb5 RHSA-2010:0029-01 File : nvt/gb_RHSA-2010_0029-01_krb5.nasl |
| 2010-01-19 | Name : RedHat Update for gcc and gcc4 RHSA-2010:0039-01 File : nvt/gb_RHSA-2010_0039-01_gcc_and_gcc4.nasl |
| 2010-01-19 | Name : Mandriva Update for krb5 MDVSA-2010:006 (krb5) File : nvt/gb_mandriva_MDVSA_2010_006.nasl |
| 2010-01-19 | Name : Ubuntu Update for krb5 vulnerability USN-881-1 File : nvt/gb_ubuntu_USN_881_1.nasl |
| 2010-01-19 | Name : Ubuntu Update for openssl vulnerability USN-884-1 File : nvt/gb_ubuntu_USN_884_1.nasl |
| 2010-01-15 | Name : RedHat Update for kernel RHSA-2010:0019-01 File : nvt/gb_RHSA-2010_0019-01_kernel.nasl |
| 2010-01-15 | Name : RedHat Update for kernel RHSA-2010:0020-01 File : nvt/gb_RHSA-2010_0020-01_kernel.nasl |
| 2010-01-15 | Name : SuSE Update for kernel SUSE-SA:2010:001 File : nvt/gb_suse_2010_001.nasl |
| 2010-01-11 | Name : FreeBSD Security Advisory (FreeBSD-SA-10:02.ntpd.asc) File : nvt/freebsdsa_ntpd2.nasl |
| 2010-01-07 | Name : Gentoo Security Advisory GLSA 201001-01 (ntp) File : nvt/glsa_201001_01.nasl |
| 2009-12-30 | Name : RedHat Security Advisory RHSA-2009:1670 File : nvt/RHSA_2009_1670.nasl |
| 2009-12-30 | Name : RedHat Security Advisory RHSA-2009:1671 File : nvt/RHSA_2009_1671.nasl |
| 2009-12-30 | Name : Debian Security Advisory DSA 1958-1 (libtool) File : nvt/deb_1958_1.nasl |
| 2009-12-30 | Name : Fedora Core 12 FEDORA-2009-12562 (libtool) File : nvt/fcore_2009_12562.nasl |
| 2009-12-30 | Name : Fedora Core 11 FEDORA-2009-12725 (libtool) File : nvt/fcore_2009_12725.nasl |
| 2009-12-30 | Name : Fedora Core 12 FEDORA-2009-12813 (gcc) File : nvt/fcore_2009_12813.nasl |
| 2009-12-30 | Name : Fedora Core 11 FEDORA-2009-13694 (kernel) File : nvt/fcore_2009_13694.nasl |
| 2009-12-30 | Name : CentOS Security Advisory CESA-2009:1670 (kernel) File : nvt/ovcesa2009_1670.nasl |
| 2009-12-30 | Name : CentOS Security Advisory CESA-2009:1671 (kernel) File : nvt/ovcesa2009_1671.nasl |
| 2009-12-15 | Name : NTP mode 7 MODE_PRIVATE Packet Remote Denial of Service Vulnerability File : nvt/ntp_37255.nasl |
| 2009-12-14 | Name : RedHat Security Advisory RHSA-2009:1646 File : nvt/RHSA_2009_1646.nasl |
| 2009-12-14 | Name : RedHat Security Advisory RHSA-2009:1648 File : nvt/RHSA_2009_1648.nasl |
| 2009-12-14 | Name : RedHat Security Advisory RHSA-2009:1651 File : nvt/RHSA_2009_1651.nasl |
| 2009-12-14 | Name : Debian Security Advisory DSA 1948-1 (ntp) File : nvt/deb_1948_1.nasl |
| 2009-12-14 | Name : Fedora Core 12 FEDORA-2009-13046 (ntp) File : nvt/fcore_2009_13046.nasl |
| 2009-12-14 | Name : Fedora Core 11 FEDORA-2009-13090 (ntp) File : nvt/fcore_2009_13090.nasl |
| 2009-12-14 | Name : Fedora Core 10 FEDORA-2009-13098 (kernel) File : nvt/fcore_2009_13098.nasl |
| 2009-12-14 | Name : Fedora Core 10 FEDORA-2009-13121 (ntp) File : nvt/fcore_2009_13121.nasl |
| 2009-12-14 | Name : Gentoo Security Advisory GLSA 200912-01 (openssl) File : nvt/glsa_200912_01.nasl |
| 2009-12-14 | Name : CentOS Security Advisory CESA-2009:1646 (libtool) File : nvt/ovcesa2009_1646.nasl |
| 2009-12-14 | Name : CentOS Security Advisory CESA-2009:1648 (ntp) File : nvt/ovcesa2009_1648.nasl |
| 2009-12-14 | Name : CentOS Security Advisory CESA-2009:1651 (ntp) File : nvt/ovcesa2009_1651.nasl |
| 2009-12-10 | Name : RedHat Security Advisory RHSA-2009:1635 File : nvt/RHSA_2009_1635.nasl |
| 2009-12-10 | Name : Fedora Core 11 FEDORA-2009-12786 (kernel) File : nvt/fcore_2009_12786.nasl |
| 2009-12-10 | Name : Mandriva Security Advisory MDVSA-2009:197-3 (nss) File : nvt/mdksa_2009_197_3.nasl |
| 2009-12-10 | Name : Mandriva Security Advisory MDVSA-2009:307-1 (libtool) File : nvt/mdksa_2009_307_1.nasl |
| 2009-12-10 | Name : Mandriva Security Advisory MDVSA-2009:310 (openssl) File : nvt/mdksa_2009_310.nasl |
| 2009-12-10 | Name : Mandriva Security Advisory MDVSA-2009:318 (xmlsec1) File : nvt/mdksa_2009_318.nasl |
| 2009-12-10 | Name : SuSE Security Advisory SUSE-SA:2009:060 (kernel) File : nvt/suse_sa_2009_060.nasl |
| 2009-12-03 | Name : FreeBSD Ports: libtool File : nvt/freebsd_libtool0.nasl |
| 2009-12-03 | Name : SLES11: Security update for Linux kernel File : nvt/sles11_ext4dev-kmp-def4.nasl |
| 2009-11-23 | Name : Debian Security Advisory DSA 1935-1 (gnutls13 gnutls26) File : nvt/deb_1935_1.nasl |
| 2009-11-23 | Name : Mandriva Security Advisory MDVSA-2009:301 (kernel) File : nvt/mdksa_2009_301.nasl |
| 2009-11-23 | Name : CentOS Security Advisory CESA-2009:1584 (java-1.6.0-openjdk) File : nvt/ovcesa2009_1584.nasl |
| 2009-11-17 | Name : RedHat Security Advisory RHSA-2009:1571 File : nvt/RHSA_2009_1571.nasl |
| 2009-11-17 | Name : RedHat Security Advisory RHSA-2009:1584 File : nvt/RHSA_2009_1584.nasl |
| 2009-11-17 | Name : Fedora Core 11 FEDORA-2009-11486 (java-1.6.0-openjdk) File : nvt/fcore_2009_11486.nasl |
| 2009-11-17 | Name : Fedora Core 12 FEDORA-2009-11489 (java-1.6.0-openjdk) File : nvt/fcore_2009_11489.nasl |
| 2009-11-17 | Name : Fedora Core 10 FEDORA-2009-11490 (java-1.6.0-openjdk) File : nvt/fcore_2009_11490.nasl |
| 2009-11-17 | Name : SLES10: Security update for Linux kernel File : nvt/sles10_kernel9.nasl |
| 2009-11-17 | Name : SLES9: Security update for Linux kernel File : nvt/sles9p5062456.nasl |
| 2009-11-11 | Name : RedHat Security Advisory RHSA-2009:1540 File : nvt/RHSA_2009_1540.nasl |
| 2009-11-11 | Name : RedHat Security Advisory RHSA-2009:1541 File : nvt/RHSA_2009_1541.nasl |
| 2009-11-11 | Name : RedHat Security Advisory RHSA-2009:1548 File : nvt/RHSA_2009_1548.nasl |
| 2009-11-11 | Name : RedHat Security Advisory RHSA-2009:1550 File : nvt/RHSA_2009_1550.nasl |
| 2009-11-11 | Name : RedHat Security Advisory RHSA-2009:1560 File : nvt/RHSA_2009_1560.nasl |
| 2009-11-11 | Name : Debian Security Advisory DSA 1927-1 (linux-2.6) File : nvt/deb_1927_1.nasl |
| 2009-11-11 | Name : Debian Security Advisory DSA 1928-1 (linux-2.6.24) File : nvt/deb_1928_1.nasl |
| 2009-11-11 | Name : Debian Security Advisory DSA 1929-1 (linux-2.6) File : nvt/deb_1929_1.nasl |
| 2009-11-11 | Name : Fedora Core 11 FEDORA-2009-10639 (kernel) File : nvt/fcore_2009_10639.nasl |
| 2009-11-11 | Name : Fedora Core 11 FEDORA-2009-11032 (kernel) File : nvt/fcore_2009_11032.nasl |
| 2009-11-11 | Name : Fedora Core 10 FEDORA-2009-11038 (kernel) File : nvt/fcore_2009_11038.nasl |
| 2009-11-11 | Name : Mandriva Security Advisory MDVSA-2009:289 (kernel) File : nvt/mdksa_2009_289.nasl |
| 2009-11-11 | Name : CentOS Security Advisory CESA-2009:1541 (kernel) File : nvt/ovcesa2009_1541.nasl |
| 2009-11-11 | Name : CentOS Security Advisory CESA-2009:1548 (kernel) File : nvt/ovcesa2009_1548.nasl |
| 2009-11-11 | Name : CentOS Security Advisory CESA-2009:1550 (kernel) File : nvt/ovcesa2009_1550.nasl |
| 2009-11-11 | Name : SLES11: Security update for Linux kernel File : nvt/sles11_ext4dev-kmp-def3.nasl |
| 2009-11-11 | Name : SuSE Security Advisory SUSE-SA:2009:051 (kernel) File : nvt/suse_sa_2009_051.nasl |
| 2009-10-27 | Name : RedHat Security Advisory RHSA-2009:1522 File : nvt/RHSA_2009_1522.nasl |
| 2009-10-27 | Name : Debian Security Advisory DSA 1915-1 (linux-2.6) File : nvt/deb_1915_1.nasl |
| 2009-10-27 | Name : CentOS Security Advisory CESA-2009:1522 (kernel) File : nvt/ovcesa2009_1522.nasl |
| 2009-10-19 | Name : Fedora Core 10 FEDORA-2009-10525 (kernel) File : nvt/fcore_2009_10525.nasl |
| 2009-10-13 | Name : Solaris Update for sshd 140119-11 File : nvt/gb_solaris_140119_11.nasl |
| 2009-10-13 | Name : Solaris Update for sshd 141742-04 File : nvt/gb_solaris_141742_04.nasl |
| 2009-10-13 | Name : Mandrake Security Advisory MDVSA-2009:258 (openssl) File : nvt/mdksa_2009_258.nasl |
| 2009-10-13 | Name : SLES10: Security update for compat-openssl097g File : nvt/sles10_compat-openssl0.nasl |
| 2009-10-13 | Name : SLES10: Security update for OpenSSL File : nvt/sles10_openssl0.nasl |
| 2009-10-13 | Name : SLES10: Security update for OpenSSL File : nvt/sles10_openssl1.nasl |
| 2009-10-13 | Name : SLES10: Security update for OpenSSL File : nvt/sles10_openssl2.nasl |
| 2009-10-11 | Name : SLES11: Security update for OpenSSL File : nvt/sles11_libopenssl0_9_8.nasl |
| 2009-10-11 | Name : SLES11: Security update for OpenSSL File : nvt/sles11_libopenssl0_9_80.nasl |
| 2009-10-11 | Name : SLES11: Security update for OpenSSL File : nvt/sles11_libopenssl0_9_81.nasl |
| 2009-10-10 | Name : SLES9: Security update for OpenSSL File : nvt/sles9p5048397.nasl |
| 2009-09-28 | Name : Mandrake Security Advisory MDVSA-2009:237 (openssl) File : nvt/mdksa_2009_237.nasl |
| 2009-09-28 | Name : Mandrake Security Advisory MDVSA-2009:238 (openssl) File : nvt/mdksa_2009_238.nasl |
| 2009-09-28 | Name : Mandrake Security Advisory MDVSA-2009:239 (openssl) File : nvt/mdksa_2009_239.nasl |
| 2009-09-23 | Name : Solaris Update for sshd 140119-07 File : nvt/gb_solaris_140119_07.nasl |
| 2009-09-23 | Name : Solaris Update for sshd 140119-09 File : nvt/gb_solaris_140119_09.nasl |
| 2009-09-23 | Name : Solaris Update for sshd 141742-02 File : nvt/gb_solaris_141742_02.nasl |
| 2009-09-21 | Name : Debian Security Advisory DSA 1888-1 (openssl, openssl097) File : nvt/deb_1888_1.nasl |
| 2009-09-21 | Name : CentOS Security Advisory CESA-2009:1335 (openssl) File : nvt/ovcesa2009_1335.nasl |
| 2009-09-15 | Name : RedHat Security Advisory RHSA-2009:1432 File : nvt/RHSA_2009_1432.nasl |
| 2009-09-15 | Name : Mandrake Security Advisory MDVSA-2009:197-2 (nss) File : nvt/mdksa_2009_197_2.nasl |
| 2009-09-15 | Name : CentOS Security Advisory CESA-2009:1432 (seamonkey) File : nvt/ovcesa2009_1432.nasl |
| 2009-09-15 | Name : Ubuntu USN-830-1 (openssl) File : nvt/ubuntu_830_1.nasl |
| 2009-09-09 | Name : RedHat Security Advisory RHSA-2009:1335 File : nvt/RHSA_2009_1335.nasl |
| 2009-09-02 | Name : Debian Security Advisory DSA 1874-1 (nss) File : nvt/deb_1874_1.nasl |
| 2009-09-02 | Name : Fedora Core 11 FEDORA-2009-9044 (kernel) File : nvt/fcore_2009_9044.nasl |
| 2009-09-02 | Name : Mandrake Security Advisory MDVSA-2009:216 (mozilla-thunderbird) File : nvt/mdksa_2009_216.nasl |
| 2009-09-02 | Name : Ubuntu USN-809-1 (gnutls26) File : nvt/ubuntu_809_1.nasl |
| 2009-08-17 | Name : RedHat Security Advisory RHSA-2009:1184 File : nvt/RHSA_2009_1184.nasl |
| 2009-08-17 | Name : RedHat Security Advisory RHSA-2009:1186 File : nvt/RHSA_2009_1186.nasl |
| 2009-08-17 | Name : RedHat Security Advisory RHSA-2009:1190 File : nvt/RHSA_2009_1190.nasl |
| 2009-08-17 | Name : RedHat Security Advisory RHSA-2009:1207 File : nvt/RHSA_2009_1207.nasl |
| 2009-08-17 | Name : Mandrake Security Advisory MDVSA-2009:197 (nss) File : nvt/mdksa_2009_197.nasl |
| 2009-08-17 | Name : Ubuntu USN-810-1 (nss) File : nvt/ubuntu_810_1.nasl |
| 2009-08-17 | Name : Ubuntu USN-810-2 (fixed) File : nvt/ubuntu_810_2.nasl |
| 2009-08-05 | Name : Firefox SSL Server Spoofing Vulnerability (Win) File : nvt/gb_firefox_ssl_spoof_vuln_win.nasl |
| 2009-08-05 | Name : OpenSSL/GnuTLS SSL Server Spoofing Vulnerability (Win) File : nvt/gb_openssl_n_gnutls_ssl_spoof_vuln_win.nasl |
| 2009-07-17 | Name : HP-UX Update for OpenSSL HPSBUX02435 File : nvt/gb_hp_ux_HPSBUX02435.nasl |
| 2009-07-06 | Name : SuSE Security Summary SUSE-SR:2009:012 File : nvt/suse_sr_2009_012.nasl |
| 2009-06-30 | Name : Fedora Core 11 FEDORA-2009-5983 (pam_krb5) File : nvt/fcore_2009_5983.nasl |
| 2009-06-30 | Name : Fedora Core 10 FEDORA-2009-6255 (pam_krb5) File : nvt/fcore_2009_6255.nasl |
| 2009-06-30 | Name : Fedora Core 9 FEDORA-2009-6279 (pam_krb5) File : nvt/fcore_2009_6279.nasl |
| 2009-06-30 | Name : Ubuntu USN-792-1 (openssl) File : nvt/ubuntu_792_1.nasl |
| 2009-06-23 | Name : Fedora Core 10 FEDORA-2009-5412 (openssl) File : nvt/fcore_2009_5412.nasl |
| 2009-06-23 | Name : Fedora Core 9 FEDORA-2009-5423 (openssl) File : nvt/fcore_2009_5423.nasl |
| 2009-06-23 | Name : Fedora Core 11 FEDORA-2009-5452 (openssl) File : nvt/fcore_2009_5452.nasl |
| 2009-06-15 | Name : SuSE Security Summary SUSE-SR:2009:011 File : nvt/suse_sr_2009_011.nasl |
| 2009-06-12 | Name : Denial Of Service Vulnerability in OpenSSL June-09 (Linux) File : nvt/gb_openssl_dos_vuln_lin_jun09.nasl |
| 2009-06-05 | Name : FreeBSD Ports: opensll File : nvt/freebsd_opensll.nasl |
| 2009-06-05 | Name : Mandrake Security Advisory MDVSA-2009:120 (openssl) File : nvt/mdksa_2009_120.nasl |
| 2009-05-28 | Name : OpenSSL DTLS Packets Multiple Denial of Service Vulnerabilities (Linux) File : nvt/secpod_openssl_mult_dos_vuln_lin.nasl |
| 2009-05-28 | Name : OpenSSL DTLS Packets Multiple DOS Vulnerabilities (win) File : nvt/secpod_openssl_mult_dos_vuln_win.nasl |
| 2009-05-20 | Name : SuSE Security Summary SUSE-SR:2009:010 File : nvt/suse_sr_2009_010.nasl |
| 2009-05-11 | Name : FreeBSD Ports: FreeBSD File : nvt/freebsd_FreeBSD.nasl |
| 2009-04-28 | Name : FreeBSD Security Advisory (FreeBSD-SA-09:08.openssl.asc) File : nvt/freebsdsa_openssl7.nasl |
| 2009-04-15 | Name : Debian Security Advisory DSA 1763-1 (openssl) File : nvt/deb_1763_1.nasl |
| 2009-04-15 | Name : Gentoo Security Advisory GLSA 200904-08 (openssl) File : nvt/glsa_200904_08.nasl |
| 2009-04-06 | Name : Mandrake Security Advisory MDVSA-2009:087 (openssl) File : nvt/mdksa_2009_087.nasl |
| 2009-04-06 | Name : Ubuntu USN-749-1 (libsndfile) File : nvt/ubuntu_749_1.nasl |
| 2009-04-06 | Name : Ubuntu USN-750-1 (openssl) File : nvt/ubuntu_750_1.nasl |
| 2009-04-02 | Name : OpenSSL Multiple Vulnerabilities (Linux) File : nvt/gb_openssl_mult_vuln_lin.nasl |
| 2009-04-02 | Name : OpenSSL Multiple Vulnerabilities (Win) File : nvt/gb_openssl_mult_vuln_win.nasl |
| 2009-03-23 | Name : Ubuntu Update for linux-source-2.6.17/20/22 vulnerabilities USN-558-1 File : nvt/gb_ubuntu_USN_558_1.nasl |
| 2009-03-23 | Name : Ubuntu Update for linux-source-2.6.17/20/22 vulnerabilities USN-574-1 File : nvt/gb_ubuntu_USN_574_1.nasl |
| 0000-00-00 | Name : Slackware Advisory SSA:2009-098-01 openssl File : nvt/esoft_slk_ssa_2009_098_01.nasl |
| 0000-00-00 | Name : Slackware Advisory SSA:2009-343-01 ntp File : nvt/esoft_slk_ssa_2009_343_01.nasl |
| 0000-00-00 | Name : Slackware Advisory SSA:2010-060-02 openssl File : nvt/esoft_slk_ssa_2010_060_02.nasl |
| 0000-00-00 | Name : Slackware Advisory SSA:2010-110-01 sudo File : nvt/esoft_slk_ssa_2010_110_01.nasl |
| 0000-00-00 | Name : Slackware Advisory SSA:2010-176-01 bind File : nvt/esoft_slk_ssa_2010_176_01.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 62881 | SSH Tectia Audit Player ASN1_STRING_print_ex() Function BMPString / Universal... |
| 62657 | sudo runas_default Option Group Membership Local Privilege Escalation |
| 62515 | sudo sudoedit Command Handling Local Privilege Escalation |
| 62122 | Linux Kernel on Red Hat net/ipv4/route.c IPv4 Routing Hash Table Packet Colli... |
| 62058 | Linux Kernel on Red Hat qla2xxx Driver SCSI Host Local Modification |
| 62008 | ISC BIND Secure Response Refetch Weakness Unspecified Issue |
| 62007 | ISC BIND Recursive Client Query CNAME / DNAME Response DNS Cache Poisoning |
| 61869 | GNU gzip unlzw.c unlzw() Function LZW File Handling Underflow |
| 61853 | ISC BIND DNSSEC Validation Crafted NXDOMAIN Request Cache Poisoning |
| 61795 | MIT Kerberos 5 (krb5) Crypto Library AES / RC4 Decryption Functionality Malfo... |
| 61788 | Linux Kernel drivers/net/e1000e/netdev.c Ethernet Frame MTU Check Weakness Cr... |
| 61787 | Linux Kernel drivers/net/r8169.c Ethernet Frame MTU Check Weakness Crafted Pa... |
| 61769 | Linux Kernel e1000 Driver drivers/net/e1000/e1000_main.c MTU Trailing Payload... |
| 61687 | Linux Kernel fs/fcntl.c fasync_helper Function Use-after-free Local Privilege... |
| 61684 | OpenSSL CRYPTO_free_all_ex_data() Function Memory Exhaustion DoS |
| 61309 | Linux Kernel drivers/firewire/ohci.c ISO Packet IOCTL Handling Local DoS |
| 60847 | NTP ntpd Mode 7 Request Crafted Packet Reply Loop Remote DoS NTP contains a flaw that may allow a remote denial of service. The issue is triggered when ntpd processes specially crafted MODE_PRIVATE packets, and will result in loss of availability for the service. |
| 60795 | Linux Kernel hfs Subsystem fs/hfs/dir.c hfs_readdir Function Remote Overflow |
| 60558 | Linux Kernel fuse Subsystem fs/fuse/file.c fuse_direct_io Function Local DoS |
| 60522 | libtool libltdl ltdl.c Library Search Path Subversion Local Privilege Escalation |
| 60311 | Linux Kernel drivers/scsi/gdth.c gdth_read_event() Function IOCTL Handling Lo... |
| 60202 | Linux Kernel megaraid_sas Driver dbg_lvl Permission Weakness I/O Multiple Lev... |
| 60201 | Linux Kernel megaraid_sas Driver poll_mode_io Permission Weakness I/O Mode Lo... |
| 59877 | Linux Kernel NFSv4 Client fs/nfs/nfs4proc.c nfs4_proc_lock Function Remote DoS |
| 59654 | Linux Kernel fs/pipe.c Multiple Function Locking Error NULL Dereference Local... Linux Kernel 2.6.x contains a flaw that may allow a local denial of service or privilege escalation. The issue is triggered within the "pipe_rdwr_open()", "pipe_write_open()", and "pipe_read_open()" functions in "fs/pipe.c". This can be exploited to cause a NULL pointer deference by performing certain pipe operations. |
| 59222 | Linux Kernel Netlink Subsystem net/sched/cls_api.c tcf_fill_node Function Loc... |
| 59211 | Linux Kernel ATI Rage 128 Driver CCE NULL Dereference Local Privilege Escalation |
| 59210 | Linux Kernel net/unix/af_unix.c AF_UNIX Socket Reconnect Local DoS |
| 59082 | Linux Kernel on x86_64 arch/x86/ia32/ia32entry.S 64-bit Mode ia32 Process Loc... |
| 59070 | Linux Kernel tc Subsystem net/sched/sch_api.c tc_fill_tclass Function Local M... |
| 59068 | Linux Kernel drivers/net/r8169.c r8169 Driver swiotlb Functionality Jumbo Fra... Linux Kernel Driver r8169 contains a flaw that may allow a remote denial of service. The issue is triggered when an error in the 'swiotlb' functionality in the r8169 driver in drivers/net/r8169.c in the Linux kernel occurs and will allow remote and local attackers to cause a denial or service attack that results in IOMMU space exhaustion and system crash by using jumbo frames for a large amount of network traffic, and will result in loss of availability for the platform. |
| 58880 | Linux Kernel eCryptfs fs/ecryptfs/inode.c d_delete Function NULL Dereference ... |
| 58753 | Linux Kernel IPv6 Extended Header Packet Handling Remote DoS |
| 58323 | Linux Kernel NFSv4 o_EXCL inode Creation Failure Local Privilege Escalation |
| 57821 | Linux Kernel net/sched/sch_api.c tc_fill_tclass() Function Kernel Memory Disc... |
| 57757 | Linux Kernel Multiple mmap Operations Local Privilege Escalation |
| 56752 | Network Security Services (NSS) Library X.509 Certificate MD2 Hash Collision ... |
| 55073 | OpenSSL ssl/s3_pkt.c DTLS ChangeCipherSpec Packet Handling Remote DoS |
| 55072 | OpenSSL ssl/d1_both.cdtls1_retrieve_buffered_fragment Function DTLS Handshake... |
| 54791 | pam_krb5 Login Prompt Remote Username Enumeration |
| 54614 | OpenSSL ssl/d1_both.c dtls1_retrieve_buffered_fragment Function DTLS Packet H... |
| 54613 | OpenSSL ssl/d1_both.c dtls1_process_out_of_seq_message Function DTLS Record H... |
| 54612 | OpenSSL ssl/d1_pkt.c dtls1_buffer_record Function Buffered DTLS Record Handli... |
| 52864 | OpenSSL ASN1_STRING_print_ex() Function BMPString / UniversalString Handling DoS |
| 31466 | Linux Kernel fs/exec.c do_coredump() Function File Overwrite |
Information Assurance Vulnerability Management (IAVM)
| Date | Description |
|---|---|
| 2015-07-16 | IAVM : 2015-A-0150 - Multiple Security Vulnerabilities in Juniper Networks CTPView Severity : Category I - VMSKEY : V0061073 |
| 2015-05-21 | IAVM : 2015-A-0113 - Multiple Vulnerabilities in Juniper Networks CTPOS Severity : Category I - VMSKEY : V0060737 |
| 2011-06-09 | IAVM : 2011-A-0075 - Multiple Vulnerabilities in VMware Products Severity : Category I - VMSKEY : V0028311 |
| 2011-05-12 | IAVM : 2011-A-0066 - Multiple Vulnerabilities in VMware Products Severity : Category I - VMSKEY : V0027158 |
| 2010-01-28 | IAVM : 2010-A-0015 - Multiple Vulnerabilities in Red Hat Linux Kernel Severity : Category I - VMSKEY : V0022631 |
| 2010-01-07 | IAVM : 2010-A-0001 - Multiple Vulnerabilities in Linux Kernel Severity : Category I - VMSKEY : V0022180 |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-01-10 | ntp mode 7 denial of service attempt RuleID : 16350 - Revision : 7 - Type : SERVER-OTHER |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2017-04-21 | Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2017-0066.nasl - Type : ACT_GATHER_INFO |
| 2016-03-08 | Name : The remote VMware ESX host is missing a security-related patch. File : vmware_VMSA-2010-0001_remote.nasl - Type : ACT_GATHER_INFO |
| 2016-03-08 | Name : The remote VMware ESX host is missing a security-related patch. File : vmware_VMSA-2010-0004_remote.nasl - Type : ACT_GATHER_INFO |
| 2016-03-08 | Name : The remote VMware ESX / ESXi host is missing a security-related patch. File : vmware_VMSA-2010-0009_remote.nasl - Type : ACT_GATHER_INFO |
| 2016-03-08 | Name : The remote VMware ESX host is missing a security-related patch. File : vmware_VMSA-2010-0015_remote.nasl - Type : ACT_GATHER_INFO |
| 2016-03-08 | Name : The remote VMware ESX host is missing a security-related patch. File : vmware_VMSA-2010-0019_remote.nasl - Type : ACT_GATHER_INFO |
| 2016-03-04 | Name : The remote VMware ESX / ESXi host is missing a security-related patch. File : vmware_VMSA-2011-0003_remote.nasl - Type : ACT_GATHER_INFO |
| 2016-03-04 | Name : The remote VMware ESX / ESXi host is missing a security-related patch. File : vmware_VMSA-2011-0009_remote.nasl - Type : ACT_GATHER_INFO |
| 2016-01-28 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL10905.nasl - Type : ACT_GATHER_INFO |
| 2015-07-31 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL17025.nasl - Type : ACT_GATHER_INFO |
| 2015-05-20 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2013-1832-1.nasl - Type : ACT_GATHER_INFO |
| 2015-05-20 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2015-0812-1.nasl - Type : ACT_GATHER_INFO |
| 2015-04-23 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL16479.nasl - Type : ACT_GATHER_INFO |
| 2015-01-07 | Name : The remote OracleVM host is missing a security update. File : oraclevm_OVMSA-2015-0001.nasl - Type : ACT_GATHER_INFO |
| 2015-01-07 | Name : The remote OracleVM host is missing a security update. File : oraclevm_OVMSA-2015-0002.nasl - Type : ACT_GATHER_INFO |
| 2014-12-15 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201412-08.nasl - Type : ACT_GATHER_INFO |
| 2014-11-26 | Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2009-0033.nasl - Type : ACT_GATHER_INFO |
| 2014-11-26 | Name : The remote OracleVM host is missing a security update. File : oraclevm_OVMSA-2009-0036.nasl - Type : ACT_GATHER_INFO |
| 2014-11-26 | Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2011-0015.nasl - Type : ACT_GATHER_INFO |
| 2014-11-26 | Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2013-0039.nasl - Type : ACT_GATHER_INFO |
| 2014-11-26 | Name : The remote OracleVM host is missing a security update. File : oraclevm_OVMSA-2014-0007.nasl - Type : ACT_GATHER_INFO |
| 2014-11-26 | Name : The remote OracleVM host is missing a security update. File : oraclevm_OVMSA-2014-0008.nasl - Type : ACT_GATHER_INFO |
| 2014-11-17 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0476.nasl - Type : ACT_GATHER_INFO |
| 2014-11-04 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL15787.nasl - Type : ACT_GATHER_INFO |
| 2014-10-28 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL15748.nasl - Type : ACT_GATHER_INFO |
| 2014-10-10 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL15348.nasl - Type : ACT_GATHER_INFO |
| 2014-10-10 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL15663.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-342.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-357.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-756.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_compat-openssl097g-110721.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_compat-openssl097g-110721.nasl - Type : ACT_GATHER_INFO |
| 2013-11-19 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201311-10.nasl - Type : ACT_GATHER_INFO |
| 2013-11-13 | Name : The remote VMware ESXi 5.0 host is affected by multiple security vulnerabilit... File : vmware_esxi_5_0_build_515841_remote.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1184.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1431.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1432.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1522.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1541.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1548.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1550.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1584.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1646.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2009-1648.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2009-1651.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1670.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1671.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0019.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0020.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0029.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0039.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0046.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0054.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2010-0061.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0062.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0076.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2010-0122.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0146.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0163.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0166.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2010-0361.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0474.nasl - Type : ACT_GATHER_INFO |
| 2013-06-29 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1541.nasl - Type : ACT_GATHER_INFO |
| 2013-06-29 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1548.nasl - Type : ACT_GATHER_INFO |
| 2013-06-29 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1550.nasl - Type : ACT_GATHER_INFO |
| 2013-06-29 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1584.nasl - Type : ACT_GATHER_INFO |
| 2013-05-19 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHNE_42470.nasl - Type : ACT_GATHER_INFO |
| 2013-03-09 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-810-3.nasl - Type : ACT_GATHER_INFO |
| 2013-03-06 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20091103_kernel_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2013-01-24 | Name : The remote AIX host is missing a security patch. File : aix_IV09491.nasl - Type : ACT_GATHER_INFO |
| 2013-01-24 | Name : The remote AIX host is missing a security patch. File : aix_IV09978.nasl - Type : ACT_GATHER_INFO |
| 2013-01-24 | Name : The remote AIX host is missing a security patch. File : aix_IV10049.nasl - Type : ACT_GATHER_INFO |
| 2013-01-24 | Name : The remote AIX host is missing a security patch. File : aix_IV11742.nasl - Type : ACT_GATHER_INFO |
| 2013-01-24 | Name : The remote AIX host is missing a security patch. File : aix_IV11743.nasl - Type : ACT_GATHER_INFO |
| 2013-01-24 | Name : The remote AIX host is missing a security patch. File : aix_IV11744.nasl - Type : ACT_GATHER_INFO |
| 2013-01-24 | Name : The remote AIX host is missing a security patch. File : aix_IZ68659.nasl - Type : ACT_GATHER_INFO |
| 2013-01-24 | Name : The remote AIX host is missing a security patch. File : aix_IZ71071.nasl - Type : ACT_GATHER_INFO |
| 2013-01-24 | Name : The remote AIX host is missing a security patch. File : aix_IZ71093.nasl - Type : ACT_GATHER_INFO |
| 2013-01-24 | Name : The remote AIX host is missing a security patch. File : aix_IZ71608.nasl - Type : ACT_GATHER_INFO |
| 2013-01-24 | Name : The remote AIX host is missing a security patch. File : aix_IZ71610.nasl - Type : ACT_GATHER_INFO |
| 2013-01-24 | Name : The remote AIX host is missing a security patch. File : aix_IZ71611.nasl - Type : ACT_GATHER_INFO |
| 2013-01-24 | Name : The remote AIX host is missing a security patch. File : aix_IZ71613.nasl - Type : ACT_GATHER_INFO |
| 2013-01-24 | Name : The remote AIX host is missing a security patch. File : aix_IZ71614.nasl - Type : ACT_GATHER_INFO |
| 2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1190.nasl - Type : ACT_GATHER_INFO |
| 2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1207.nasl - Type : ACT_GATHER_INFO |
| 2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1335.nasl - Type : ACT_GATHER_INFO |
| 2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1587.nasl - Type : ACT_GATHER_INFO |
| 2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1588.nasl - Type : ACT_GATHER_INFO |
| 2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1672.nasl - Type : ACT_GATHER_INFO |
| 2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0053.nasl - Type : ACT_GATHER_INFO |
| 2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0079.nasl - Type : ACT_GATHER_INFO |
| 2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0111.nasl - Type : ACT_GATHER_INFO |
| 2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0148.nasl - Type : ACT_GATHER_INFO |
| 2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0149.nasl - Type : ACT_GATHER_INFO |
| 2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0342.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090731_nspr_and_nss_for_SL_4_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090731_nspr_and_nss_for_SL_5_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090902_openssl_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090909_seamonkey_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20091022_kernel_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20091103_kernel_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20091103_kernel_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20091109_java__jdk_1_6_0__on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20091208_libtool_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20091208_ntp_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20091215_kernel_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20091215_kernel_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100107_kernel_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100107_kernel_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100112_krb5_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100113_gcc_and_gcc4_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100119_openssl_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100120_bind_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20100120_gzip_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100202_kernel_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20100226_sudo_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100316_kernel_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100325_gnutls_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100325_openssl_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20100330_pam_krb5_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100615_kernel_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2012-05-17 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kernel-6636.nasl - Type : ACT_GATHER_INFO |
| 2012-05-17 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kernel-6697.nasl - Type : ACT_GATHER_INFO |
| 2012-05-17 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kernel-6730.nasl - Type : ACT_GATHER_INFO |
| 2012-05-17 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kernel-6778.nasl - Type : ACT_GATHER_INFO |
| 2012-05-17 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kernel-6810.nasl - Type : ACT_GATHER_INFO |
| 2012-05-17 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kernel-6929.nasl - Type : ACT_GATHER_INFO |
| 2012-05-17 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kernel-6986.nasl - Type : ACT_GATHER_INFO |
| 2012-05-17 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kernel-7015.nasl - Type : ACT_GATHER_INFO |
| 2012-05-17 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kernel-7063.nasl - Type : ACT_GATHER_INFO |
| 2012-01-24 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201201-13.nasl - Type : ACT_GATHER_INFO |
| 2012-01-04 | Name : The remote server is affected by a denial of service vulnerability. File : openssl_0_9_8i.nasl - Type : ACT_GATHER_INFO |
| 2012-01-04 | Name : The remote server is affected by multiple vulnerabilities. File : openssl_0_9_8k.nasl - Type : ACT_GATHER_INFO |
| 2012-01-04 | Name : The remote server is affected by multiple vulnerabilities. File : openssl_0_9_8l.nasl - Type : ACT_GATHER_INFO |
| 2012-01-04 | Name : The remote server is affected by a denial of service vulnerability. File : openssl_1_0_0.nasl - Type : ACT_GATHER_INFO |
| 2011-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_compat-openssl097g-7645.nasl - Type : ACT_GATHER_INFO |
| 2011-10-18 | Name : The remote Mandriva Linux host is missing a security update. File : mandriva_MDVSA-2011-152.nasl - Type : ACT_GATHER_INFO |
| 2011-10-13 | Name : The remote host is missing a Mac OS X update that fixes several security issues. File : macosx_SecUpd2011-006.nasl - Type : ACT_GATHER_INFO |
| 2011-10-10 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201110-01.nasl - Type : ACT_GATHER_INFO |
| 2011-07-28 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_compat-openssl097g-110721.nasl - Type : ACT_GATHER_INFO |
| 2011-07-28 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_compat-openssl097g-7644.nasl - Type : ACT_GATHER_INFO |
| 2011-06-30 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kernel-7568.nasl - Type : ACT_GATHER_INFO |
| 2011-06-06 | Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2011-0009.nasl - Type : ACT_GATHER_INFO |
| 2011-05-28 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2010-176-01.nasl - Type : ACT_GATHER_INFO |
| 2011-04-23 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1662.nasl - Type : ACT_GATHER_INFO |
| 2011-04-04 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHNE_41177.nasl - Type : ACT_GATHER_INFO |
| 2011-04-04 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHNE_41907.nasl - Type : ACT_GATHER_INFO |
| 2011-04-04 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHNE_41908.nasl - Type : ACT_GATHER_INFO |
| 2011-03-17 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_kernel-100109.nasl - Type : ACT_GATHER_INFO |
| 2011-03-04 | Name : The remote Fedora host is missing a security update. File : fedora_2011-1958.nasl - Type : ACT_GATHER_INFO |
| 2011-03-04 | Name : The remote Fedora host is missing a security update. File : fedora_2011-1967.nasl - Type : ACT_GATHER_INFO |
| 2011-03-03 | Name : The remote Fedora host is missing a security update. File : fedora_2011-1990.nasl - Type : ACT_GATHER_INFO |
| 2011-02-14 | Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2011-0003.nasl - Type : ACT_GATHER_INFO |
| 2010-12-08 | Name : The remote VMware ESX host is missing one or more security-related patches. File : vmware_VMSA-2010-0019.nasl - Type : ACT_GATHER_INFO |
| 2010-12-02 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_kernel-100709.nasl - Type : ACT_GATHER_INFO |
| 2010-11-16 | Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2010-0016.nasl - Type : ACT_GATHER_INFO |
| 2010-11-10 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_10_6_5.nasl - Type : ACT_GATHER_INFO |
| 2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_gzip-6793.nasl - Type : ACT_GATHER_INFO |
| 2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kernel-6694.nasl - Type : ACT_GATHER_INFO |
| 2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kernel-6779.nasl - Type : ACT_GATHER_INFO |
| 2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kernel-6925.nasl - Type : ACT_GATHER_INFO |
| 2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kernel-7059.nasl - Type : ACT_GATHER_INFO |
| 2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_krb5-6776.nasl - Type : ACT_GATHER_INFO |
| 2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_libtool-6683.nasl - Type : ACT_GATHER_INFO |
| 2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_openssl-CVE-2009-4355.patch-6783.nasl - Type : ACT_GATHER_INFO |
| 2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_sudo-6892.nasl - Type : ACT_GATHER_INFO |
| 2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_xntp-6718.nasl - Type : ACT_GATHER_INFO |
| 2010-10-08 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-198.nasl - Type : ACT_GATHER_INFO |
| 2010-10-04 | Name : The remote VMware ESX host is missing one or more security-related patches. File : vmware_VMSA-2010-0015.nasl - Type : ACT_GATHER_INFO |
| 2010-09-24 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-188.nasl - Type : ACT_GATHER_INFO |
| 2010-09-24 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_kernel-100921.nasl - Type : ACT_GATHER_INFO |
| 2010-08-27 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12636.nasl - Type : ACT_GATHER_INFO |
| 2010-08-24 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0474.nasl - Type : ACT_GATHER_INFO |
| 2010-07-30 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-239.nasl - Type : ACT_GATHER_INFO |
| 2010-07-30 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-329.nasl - Type : ACT_GATHER_INFO |
| 2010-07-30 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-035.nasl - Type : ACT_GATHER_INFO |
| 2010-07-30 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-066.nasl - Type : ACT_GATHER_INFO |
| 2010-07-30 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-075.nasl - Type : ACT_GATHER_INFO |
| 2010-07-30 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-088.nasl - Type : ACT_GATHER_INFO |
| 2010-07-22 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2074.nasl - Type : ACT_GATHER_INFO |
| 2010-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_kernel-100709.nasl - Type : ACT_GATHER_INFO |
| 2010-07-07 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2010-10640.nasl - Type : ACT_GATHER_INFO |
| 2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-0503.nasl - Type : ACT_GATHER_INFO |
| 2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-0515.nasl - Type : ACT_GATHER_INFO |
| 2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-0861.nasl - Type : ACT_GATHER_INFO |
| 2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-0868.nasl - Type : ACT_GATHER_INFO |
| 2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-0884.nasl - Type : ACT_GATHER_INFO |
| 2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-0964.nasl - Type : ACT_GATHER_INFO |
| 2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-1500.nasl - Type : ACT_GATHER_INFO |
| 2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-1787.nasl - Type : ACT_GATHER_INFO |
| 2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-1820.nasl - Type : ACT_GATHER_INFO |
| 2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-1833.nasl - Type : ACT_GATHER_INFO |
| 2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-1872.nasl - Type : ACT_GATHER_INFO |
| 2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-1924.nasl - Type : ACT_GATHER_INFO |
| 2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-2341.nasl - Type : ACT_GATHER_INFO |
| 2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-2943.nasl - Type : ACT_GATHER_INFO |
| 2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-3216.nasl - Type : ACT_GATHER_INFO |
| 2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-3314.nasl - Type : ACT_GATHER_INFO |
| 2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-3352.nasl - Type : ACT_GATHER_INFO |
| 2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-3359.nasl - Type : ACT_GATHER_INFO |
| 2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-3415.nasl - Type : ACT_GATHER_INFO |
| 2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-4098.nasl - Type : ACT_GATHER_INFO |
| 2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-4339.nasl - Type : ACT_GATHER_INFO |
| 2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-4340.nasl - Type : ACT_GATHER_INFO |
| 2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-4352.nasl - Type : ACT_GATHER_INFO |
| 2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-4392.nasl - Type : ACT_GATHER_INFO |
| 2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-4407.nasl - Type : ACT_GATHER_INFO |
| 2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-5357.nasl - Type : ACT_GATHER_INFO |
| 2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-5744.nasl - Type : ACT_GATHER_INFO |
| 2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-6701.nasl - Type : ACT_GATHER_INFO |
| 2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-6749.nasl - Type : ACT_GATHER_INFO |
| 2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-6756.nasl - Type : ACT_GATHER_INFO |
| 2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-8756.nasl - Type : ACT_GATHER_INFO |
| 2010-06-28 | Name : The remote VMware ESX host is missing a security-related patch. File : vmware_VMSA-2010-0010.nasl - Type : ACT_GATHER_INFO |
| 2010-06-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0474.nasl - Type : ACT_GATHER_INFO |
| 2010-06-15 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_10_6_4.nasl - Type : ACT_GATHER_INFO |
| 2010-06-15 | Name : The remote host is missing a Mac OS X update that fixes a security issue. File : macosx_SecUpd2010-004.nasl - Type : ACT_GATHER_INFO |
| 2010-06-08 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2054.nasl - Type : ACT_GATHER_INFO |
| 2010-06-07 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHNE_40339.nasl - Type : ACT_GATHER_INFO |
| 2010-06-04 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-947-1.nasl - Type : ACT_GATHER_INFO |
| 2010-06-04 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-947-2.nasl - Type : ACT_GATHER_INFO |
| 2010-06-02 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201006-11.nasl - Type : ACT_GATHER_INFO |
| 2010-06-01 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2010-0361.nasl - Type : ACT_GATHER_INFO |
| 2010-06-01 | Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2010-0009.nasl - Type : ACT_GATHER_INFO |
| 2010-05-26 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2053.nasl - Type : ACT_GATHER_INFO |
| 2010-05-24 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-105.nasl - Type : ACT_GATHER_INFO |
| 2010-05-19 | Name : The remote AIX host is missing a vendor-supplied security patch. File : aix_U832257.nasl - Type : ACT_GATHER_INFO |
| 2010-05-11 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0146.nasl - Type : ACT_GATHER_INFO |
| 2010-05-11 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0163.nasl - Type : ACT_GATHER_INFO |
| 2010-05-11 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0166.nasl - Type : ACT_GATHER_INFO |
| 2010-05-11 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2010-0258.nasl - Type : ACT_GATHER_INFO |
| 2010-05-11 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2010-0361.nasl - Type : ACT_GATHER_INFO |
| 2010-05-07 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kernel-7011.nasl - Type : ACT_GATHER_INFO |
| 2010-04-29 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-084.nasl - Type : ACT_GATHER_INFO |
| 2010-04-27 | Name : The remote web server has multiple vulnerabilities. File : hpsmh_6_0_0_95.nasl - Type : ACT_GATHER_INFO |
| 2010-04-21 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2010-110-01.nasl - Type : ACT_GATHER_INFO |
| 2010-04-19 | Name : The remote Mandriva Linux host is missing a security update. File : mandriva_MDVSA-2010-078.nasl - Type : ACT_GATHER_INFO |
| 2010-04-16 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-928-1.nasl - Type : ACT_GATHER_INFO |
| 2010-03-29 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0166.nasl - Type : ACT_GATHER_INFO |
| 2010-03-26 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0163.nasl - Type : ACT_GATHER_INFO |
| 2010-03-19 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0146.nasl - Type : ACT_GATHER_INFO |
| 2010-03-11 | Name : The remote web server has multiple SSL-related vulnerabilities. File : openssl_0_9_8m.nasl - Type : ACT_GATHER_INFO |
| 2010-03-09 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_kernel-100301.nasl - Type : ACT_GATHER_INFO |
| 2010-03-09 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_sudo-100301.nasl - Type : ACT_GATHER_INFO |
| 2010-03-09 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_sudo-100301.nasl - Type : ACT_GATHER_INFO |
| 2010-03-09 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_sudo-100301.nasl - Type : ACT_GATHER_INFO |
| 2010-03-09 | Name : The remote SuSE 11 host is missing a security update. File : suse_11_sudo-100301.nasl - Type : ACT_GATHER_INFO |
| 2010-03-09 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_sudo-6891.nasl - Type : ACT_GATHER_INFO |
| 2010-03-08 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-056.nasl - Type : ACT_GATHER_INFO |
| 2010-03-05 | Name : The remote Mandriva Linux host is missing a security update. File : mandriva_MDVSA-2010-054.nasl - Type : ACT_GATHER_INFO |
| 2010-03-05 | Name : The remote VMware ESX host is missing one or more security-related patches. File : vmware_VMSA-2010-0004.nasl - Type : ACT_GATHER_INFO |
| 2010-03-04 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2006.nasl - Type : ACT_GATHER_INFO |
| 2010-03-04 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201003-01.nasl - Type : ACT_GATHER_INFO |
| 2010-03-03 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_kernel-100223.nasl - Type : ACT_GATHER_INFO |
| 2010-03-03 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_kernel-100223.nasl - Type : ACT_GATHER_INFO |
| 2010-03-02 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2010-060-02.nasl - Type : ACT_GATHER_INFO |
| 2010-03-02 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2010-060-03.nasl - Type : ACT_GATHER_INFO |
| 2010-03-02 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2010-0122.nasl - Type : ACT_GATHER_INFO |
| 2010-03-02 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2005.nasl - Type : ACT_GATHER_INFO |
| 2010-03-02 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_018a84d0254811dfb4a300e0815b8da8.nasl - Type : ACT_GATHER_INFO |
| 2010-03-02 | Name : The remote Mandriva Linux host is missing a security update. File : mandriva_MDVSA-2010-052.nasl - Type : ACT_GATHER_INFO |
| 2010-03-01 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2010-0122.nasl - Type : ACT_GATHER_INFO |
| 2010-03-01 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12554.nasl - Type : ACT_GATHER_INFO |
| 2010-03-01 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-905-1.nasl - Type : ACT_GATHER_INFO |
| 2010-02-26 | Name : The remote Mandriva Linux host is missing a security update. File : mandriva_MDVSA-2010-049.nasl - Type : ACT_GATHER_INFO |
| 2010-02-25 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201001-01.nasl - Type : ACT_GATHER_INFO |
| 2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1874.nasl - Type : ACT_GATHER_INFO |
| 2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1888.nasl - Type : ACT_GATHER_INFO |
| 2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1915.nasl - Type : ACT_GATHER_INFO |
| 2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1927.nasl - Type : ACT_GATHER_INFO |
| 2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1928.nasl - Type : ACT_GATHER_INFO |
| 2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1929.nasl - Type : ACT_GATHER_INFO |
| 2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1935.nasl - Type : ACT_GATHER_INFO |
| 2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1948.nasl - Type : ACT_GATHER_INFO |
| 2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1958.nasl - Type : ACT_GATHER_INFO |
| 2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1969.nasl - Type : ACT_GATHER_INFO |
| 2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1970.nasl - Type : ACT_GATHER_INFO |
| 2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1974.nasl - Type : ACT_GATHER_INFO |
| 2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1992.nasl - Type : ACT_GATHER_INFO |
| 2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1996.nasl - Type : ACT_GATHER_INFO |
| 2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2003.nasl - Type : ACT_GATHER_INFO |
| 2010-02-18 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12578.nasl - Type : ACT_GATHER_INFO |
| 2010-02-16 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_kernel-100203.nasl - Type : ACT_GATHER_INFO |
| 2010-02-09 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-034.nasl - Type : ACT_GATHER_INFO |
| 2010-02-09 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_kernel-100128.nasl - Type : ACT_GATHER_INFO |
| 2010-02-05 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0076.nasl - Type : ACT_GATHER_INFO |
| 2010-02-05 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kernel-6806.nasl - Type : ACT_GATHER_INFO |
| 2010-02-05 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-894-1.nasl - Type : ACT_GATHER_INFO |
| 2010-02-03 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0076.nasl - Type : ACT_GATHER_INFO |
| 2010-02-02 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-030.nasl - Type : ACT_GATHER_INFO |
| 2010-01-26 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12573.nasl - Type : ACT_GATHER_INFO |
| 2010-01-26 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_bind-100121.nasl - Type : ACT_GATHER_INFO |
| 2010-01-26 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_gzip-100120.nasl - Type : ACT_GATHER_INFO |
| 2010-01-26 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_bind-100121.nasl - Type : ACT_GATHER_INFO |
| 2010-01-26 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_gzip-100120.nasl - Type : ACT_GATHER_INFO |
| 2010-01-26 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_bind-100121.nasl - Type : ACT_GATHER_INFO |
| 2010-01-26 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_gzip-100120.nasl - Type : ACT_GATHER_INFO |
| 2010-01-26 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_bind-100121.nasl - Type : ACT_GATHER_INFO |
| 2010-01-26 | Name : The remote SuSE 11 host is missing a security update. File : suse_11_gzip-100120.nasl - Type : ACT_GATHER_INFO |
| 2010-01-26 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_gzip-6792.nasl - Type : ACT_GATHER_INFO |
| 2010-01-25 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_openssl-CVE-2009-4355_patch-100115.nasl - Type : ACT_GATHER_INFO |
| 2010-01-25 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_openssl-CVE-2009-4355_patch-100120.nasl - Type : ACT_GATHER_INFO |
| 2010-01-25 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_openssl-CVE-2009-4355_patch-100115.nasl - Type : ACT_GATHER_INFO |
| 2010-01-25 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_openssl-CVE-2009-4355_patch-100115.nasl - Type : ACT_GATHER_INFO |
| 2010-01-25 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_openssl-CVE-2009-4355.patch-6784.nasl - Type : ACT_GATHER_INFO |
| 2010-01-22 | Name : The remote name server is affected by a cache poisoning vulnerability. File : bind9_bogus_nxdomain_caching.nasl - Type : ACT_GATHER_INFO |
| 2010-01-21 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0046.nasl - Type : ACT_GATHER_INFO |
| 2010-01-21 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0054.nasl - Type : ACT_GATHER_INFO |
| 2010-01-21 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2010-0061.nasl - Type : ACT_GATHER_INFO |
| 2010-01-21 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0062.nasl - Type : ACT_GATHER_INFO |
| 2010-01-21 | Name : The remote Mandriva Linux host is missing a security update. File : mandriva_MDVSA-2010-020.nasl - Type : ACT_GATHER_INFO |
| 2010-01-21 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-021.nasl - Type : ACT_GATHER_INFO |
| 2010-01-21 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-022.nasl - Type : ACT_GATHER_INFO |
| 2010-01-21 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2010-0061.nasl - Type : ACT_GATHER_INFO |
| 2010-01-21 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0062.nasl - Type : ACT_GATHER_INFO |
| 2010-01-21 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-888-1.nasl - Type : ACT_GATHER_INFO |
| 2010-01-21 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-889-1.nasl - Type : ACT_GATHER_INFO |
| 2010-01-20 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0046.nasl - Type : ACT_GATHER_INFO |
| 2010-01-20 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0054.nasl - Type : ACT_GATHER_INFO |
| 2010-01-20 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_krb5-100113.nasl - Type : ACT_GATHER_INFO |
| 2010-01-20 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_krb5-100113.nasl - Type : ACT_GATHER_INFO |
| 2010-01-20 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_krb5-100113.nasl - Type : ACT_GATHER_INFO |
| 2010-01-20 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_krb5-100113.nasl - Type : ACT_GATHER_INFO |
| 2010-01-20 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_krb5-6775.nasl - Type : ACT_GATHER_INFO |
| 2010-01-15 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0020.nasl - Type : ACT_GATHER_INFO |
| 2010-01-15 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0039.nasl - Type : ACT_GATHER_INFO |
| 2010-01-15 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_kernel-100107.nasl - Type : ACT_GATHER_INFO |
| 2010-01-15 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_kernel-100108.nasl - Type : ACT_GATHER_INFO |
| 2010-01-14 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-006.nasl - Type : ACT_GATHER_INFO |
| 2010-01-14 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0039.nasl - Type : ACT_GATHER_INFO |
| 2010-01-14 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-884-1.nasl - Type : ACT_GATHER_INFO |
| 2010-01-13 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0029.nasl - Type : ACT_GATHER_INFO |
| 2010-01-13 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0029.nasl - Type : ACT_GATHER_INFO |
| 2010-01-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_ntp-091211.nasl - Type : ACT_GATHER_INFO |
| 2010-01-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_ntp-091221.nasl - Type : ACT_GATHER_INFO |
| 2010-01-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_ntp-091215.nasl - Type : ACT_GATHER_INFO |
| 2010-01-13 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_ntp-091211.nasl - Type : ACT_GATHER_INFO |
| 2010-01-13 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-881-1.nasl - Type : ACT_GATHER_INFO |
| 2010-01-10 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0019.nasl - Type : ACT_GATHER_INFO |
| 2010-01-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0019.nasl - Type : ACT_GATHER_INFO |
| 2010-01-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0020.nasl - Type : ACT_GATHER_INFO |
| 2010-01-08 | Name : The remote VMware ESX host is missing a security-related patch. File : vmware_VMSA-2010-0001.nasl - Type : ACT_GATHER_INFO |
| 2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1335.nasl - Type : ACT_GATHER_INFO |
| 2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1670.nasl - Type : ACT_GATHER_INFO |
| 2010-01-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_libltdl-3-091201.nasl - Type : ACT_GATHER_INFO |
| 2010-01-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_libltdl-3-091201.nasl - Type : ACT_GATHER_INFO |
| 2010-01-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_kernel-091218.nasl - Type : ACT_GATHER_INFO |
| 2010-01-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_libltdl-3-091202.nasl - Type : ACT_GATHER_INFO |
| 2010-01-05 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libltdl7-091201.nasl - Type : ACT_GATHER_INFO |
| 2010-01-05 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_libtool-6678.nasl - Type : ACT_GATHER_INFO |
| 2009-12-30 | Name : The remote Fedora host is missing a security update. File : fedora_2009-12562.nasl - Type : ACT_GATHER_INFO |
| 2009-12-30 | Name : The remote Fedora host is missing a security update. File : fedora_2009-12813.nasl - Type : ACT_GATHER_INFO |
| 2009-12-23 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kernel-6726.nasl - Type : ACT_GATHER_INFO |
| 2009-12-22 | Name : The remote Fedora host is missing a security update. File : fedora_2009-12725.nasl - Type : ACT_GATHER_INFO |
| 2009-12-21 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1671.nasl - Type : ACT_GATHER_INFO |
| 2009-12-21 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12559.nasl - Type : ACT_GATHER_INFO |
| 2009-12-21 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_xntp-6719.nasl - Type : ACT_GATHER_INFO |
| 2009-12-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1670.nasl - Type : ACT_GATHER_INFO |
| 2009-12-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1671.nasl - Type : ACT_GATHER_INFO |
| 2009-12-14 | Name : The remote Fedora host is missing a security update. File : fedora_2009-13046.nasl - Type : ACT_GATHER_INFO |
| 2009-12-14 | Name : The remote Fedora host is missing a security update. File : fedora_2009-13090.nasl - Type : ACT_GATHER_INFO |
| 2009-12-14 | Name : The remote Fedora host is missing a security update. File : fedora_2009-13098.nasl - Type : ACT_GATHER_INFO |
| 2009-12-14 | Name : The remote Fedora host is missing a security update. File : fedora_2009-13121.nasl - Type : ACT_GATHER_INFO |
| 2009-12-14 | Name : The remote network time service has a denial of service vulnerability. File : ntpd_mode7_ping_pong_dos.nasl - Type : ACT_GATHER_INFO |
| 2009-12-11 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2009-343-01.nasl - Type : ACT_GATHER_INFO |
| 2009-12-09 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1646.nasl - Type : ACT_GATHER_INFO |
| 2009-12-09 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2009-1648.nasl - Type : ACT_GATHER_INFO |
| 2009-12-09 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2009-1651.nasl - Type : ACT_GATHER_INFO |
| 2009-12-09 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-328.nasl - Type : ACT_GATHER_INFO |
| 2009-12-09 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1646.nasl - Type : ACT_GATHER_INFO |
| 2009-12-09 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2009-1648.nasl - Type : ACT_GATHER_INFO |
| 2009-12-09 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2009-1651.nasl - Type : ACT_GATHER_INFO |
| 2009-12-09 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-867-1.nasl - Type : ACT_GATHER_INFO |
| 2009-12-07 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-318.nasl - Type : ACT_GATHER_INFO |
| 2009-12-07 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-864-1.nasl - Type : ACT_GATHER_INFO |
| 2009-12-04 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-310.nasl - Type : ACT_GATHER_INFO |
| 2009-12-03 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_kernel-091123.nasl - Type : ACT_GATHER_INFO |
| 2009-12-02 | Name : The remote name server is affected by a cache poisoning vulnerability. File : bind9_dnssec_cache_poisoning.nasl - Type : ACT_GATHER_INFO |
| 2009-12-02 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200912-01.nasl - Type : ACT_GATHER_INFO |
| 2009-12-01 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-307.nasl - Type : ACT_GATHER_INFO |
| 2009-12-01 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_kernel-091123.nasl - Type : ACT_GATHER_INFO |
| 2009-11-30 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_77c14729dc5e11de92ae02e0184b8d35.nasl - Type : ACT_GATHER_INFO |
| 2009-11-30 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_java-1_6_0-openjdk-091125.nasl - Type : ACT_GATHER_INFO |
| 2009-11-30 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_java-1_6_0-openjdk-091125.nasl - Type : ACT_GATHER_INFO |
| 2009-11-30 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_java-1_6_0-openjdk-091127.nasl - Type : ACT_GATHER_INFO |
| 2009-11-18 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200911-02.nasl - Type : ACT_GATHER_INFO |
| 2009-11-17 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1584.nasl - Type : ACT_GATHER_INFO |
| 2009-11-16 | Name : The remote Fedora host is missing a security update. File : fedora_2009-11486.nasl - Type : ACT_GATHER_INFO |
| 2009-11-16 | Name : The remote Fedora host is missing a security update. File : fedora_2009-11489.nasl - Type : ACT_GATHER_INFO |
| 2009-11-16 | Name : The remote Fedora host is missing a security update. File : fedora_2009-11490.nasl - Type : ACT_GATHER_INFO |
| 2009-11-16 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12541.nasl - Type : ACT_GATHER_INFO |
| 2009-11-16 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-859-1.nasl - Type : ACT_GATHER_INFO |
| 2009-11-11 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1571.nasl - Type : ACT_GATHER_INFO |
| 2009-11-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kernel-6632.nasl - Type : ACT_GATHER_INFO |
| 2009-11-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1560.nasl - Type : ACT_GATHER_INFO |
| 2009-11-09 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_10_6_2.nasl - Type : ACT_GATHER_INFO |
| 2009-11-09 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2009-006.nasl - Type : ACT_GATHER_INFO |
| 2009-11-06 | Name : The remote Fedora host is missing a security update. File : fedora_2009-11032.nasl - Type : ACT_GATHER_INFO |
| 2009-11-06 | Name : The remote Fedora host is missing a security update. File : fedora_2009-11038.nasl - Type : ACT_GATHER_INFO |
| 2009-11-04 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1541.nasl - Type : ACT_GATHER_INFO |
| 2009-11-04 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1548.nasl - Type : ACT_GATHER_INFO |
| 2009-11-04 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1550.nasl - Type : ACT_GATHER_INFO |
| 2009-11-03 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_kernel-091015.nasl - Type : ACT_GATHER_INFO |
| 2009-11-02 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_kernel-091016.nasl - Type : ACT_GATHER_INFO |
| 2009-10-28 | Name : The remote Fedora host is missing a security update. File : fedora_2009-10639.nasl - Type : ACT_GATHER_INFO |
| 2009-10-28 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-289.nasl - Type : ACT_GATHER_INFO |
| 2009-10-27 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1522.nasl - Type : ACT_GATHER_INFO |
| 2009-10-23 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1522.nasl - Type : ACT_GATHER_INFO |
| 2009-10-22 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-852-1.nasl - Type : ACT_GATHER_INFO |
| 2009-10-16 | Name : The remote Fedora host is missing a security update. File : fedora_2009-10525.nasl - Type : ACT_GATHER_INFO |
| 2009-10-08 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-258.nasl - Type : ACT_GATHER_INFO |
| 2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12397.nasl - Type : ACT_GATHER_INFO |
| 2009-09-24 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_compat-openssl097g-090416.nasl - Type : ACT_GATHER_INFO |
| 2009-09-24 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libopenssl-devel-090415.nasl - Type : ACT_GATHER_INFO |
| 2009-09-24 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libopenssl-devel-090522.nasl - Type : ACT_GATHER_INFO |
| 2009-09-24 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_openssl-090610.nasl - Type : ACT_GATHER_INFO |
| 2009-09-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_compat-openssl097g-6170.nasl - Type : ACT_GATHER_INFO |
| 2009-09-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_openssl-6179.nasl - Type : ACT_GATHER_INFO |
| 2009-09-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_openssl-6267.nasl - Type : ACT_GATHER_INFO |
| 2009-09-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_openssl-6296.nasl - Type : ACT_GATHER_INFO |
| 2009-09-22 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-238.nasl - Type : ACT_GATHER_INFO |
| 2009-09-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-830-1.nasl - Type : ACT_GATHER_INFO |
| 2009-09-11 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1431.nasl - Type : ACT_GATHER_INFO |
| 2009-09-11 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1432.nasl - Type : ACT_GATHER_INFO |
| 2009-09-11 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2009-005.nasl - Type : ACT_GATHER_INFO |
| 2009-09-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1431.nasl - Type : ACT_GATHER_INFO |
| 2009-09-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1432.nasl - Type : ACT_GATHER_INFO |
| 2009-08-27 | Name : The remote Fedora host is missing a security update. File : fedora_2009-9044.nasl - Type : ACT_GATHER_INFO |
| 2009-08-20 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-809-1.nasl - Type : ACT_GATHER_INFO |
| 2009-08-10 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-197.nasl - Type : ACT_GATHER_INFO |
| 2009-08-05 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-810-1.nasl - Type : ACT_GATHER_INFO |
| 2009-08-05 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-810-2.nasl - Type : ACT_GATHER_INFO |
| 2009-07-31 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1184.nasl - Type : ACT_GATHER_INFO |
| 2009-07-31 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1186.nasl - Type : ACT_GATHER_INFO |
| 2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_compat-openssl097g-090416.nasl - Type : ACT_GATHER_INFO |
| 2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_libopenssl-devel-090415.nasl - Type : ACT_GATHER_INFO |
| 2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_libopenssl-devel-090522.nasl - Type : ACT_GATHER_INFO |
| 2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_libopenssl-devel-090609.nasl - Type : ACT_GATHER_INFO |
| 2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_compat-openssl097g-090416.nasl - Type : ACT_GATHER_INFO |
| 2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_libopenssl-devel-090415.nasl - Type : ACT_GATHER_INFO |
| 2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_libopenssl-devel-090522.nasl - Type : ACT_GATHER_INFO |
| 2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_libopenssl-devel-090609.nasl - Type : ACT_GATHER_INFO |
| 2009-06-28 | Name : The remote Fedora host is missing a security update. File : fedora_2009-5983.nasl - Type : ACT_GATHER_INFO |
| 2009-06-28 | Name : The remote Fedora host is missing a security update. File : fedora_2009-6255.nasl - Type : ACT_GATHER_INFO |
| 2009-06-28 | Name : The remote Fedora host is missing a security update. File : fedora_2009-6279.nasl - Type : ACT_GATHER_INFO |
| 2009-06-26 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-792-1.nasl - Type : ACT_GATHER_INFO |
| 2009-06-21 | Name : The remote Fedora host is missing a security update. File : fedora_2009-5412.nasl - Type : ACT_GATHER_INFO |
| 2009-06-21 | Name : The remote Fedora host is missing a security update. File : fedora_2009-5423.nasl - Type : ACT_GATHER_INFO |
| 2009-06-21 | Name : The remote Fedora host is missing a security update. File : fedora_2009-5452.nasl - Type : ACT_GATHER_INFO |
| 2009-06-18 | Name : The remote openSUSE host is missing a security update. File : suse_libopenssl-devel-6291.nasl - Type : ACT_GATHER_INFO |
| 2009-06-01 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_82b55df84d5a11de88110030843d3802.nasl - Type : ACT_GATHER_INFO |
| 2009-05-27 | Name : The remote openSUSE host is missing a security update. File : suse_libopenssl-devel-6268.nasl - Type : ACT_GATHER_INFO |
| 2009-05-22 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-120.nasl - Type : ACT_GATHER_INFO |
| 2009-05-08 | Name : The remote host is missing a security update File : freebsd_pkg_fbc8413f2f7a11de9a3f001b77d09812.nasl - Type : ACT_GATHER_INFO |
| 2009-04-30 | Name : The remote openSUSE host is missing a security update. File : suse_compat-openssl097g-6175.nasl - Type : ACT_GATHER_INFO |
| 2009-04-30 | Name : The remote openSUSE host is missing a security update. File : suse_libopenssl-devel-6173.nasl - Type : ACT_GATHER_INFO |
| 2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-087.nasl - Type : ACT_GATHER_INFO |
| 2009-04-23 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-750-1.nasl - Type : ACT_GATHER_INFO |
| 2009-04-08 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2009-098-01.nasl - Type : ACT_GATHER_INFO |
| 2009-04-07 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1763.nasl - Type : ACT_GATHER_INFO |
| 2009-04-07 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200904-08.nasl - Type : ACT_GATHER_INFO |
| 2008-02-05 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-574-1.nasl - Type : ACT_GATHER_INFO |
| 2007-12-19 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-558-1.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2016-03-09 13:25:54 |
|
| 2014-02-17 12:07:16 |
|
