Executive Summary
This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
| Summary | |
|---|---|
| Title | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX |
| Informations | |||
|---|---|---|---|
| Name | VMSA-2011-0013 | First vendor Publication | 2011-10-27 |
| Vendor | VMware | Last vendor Modification | 2012-03-29 |
| Severity (Vendor) | N/A | Revision | 3 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 10 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| a. ESX third party update for Service Console openssl RPM The Service Console openssl RPM is updated to openssl-0.9.8e.12.el5_5.7 resolving two security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2008-7270 and CVE-2010-4180 to these issues. b. ESX third party update for Service Console libuser RPM The Service Console libuser RPM is updated to version 0.54.7-2.1.el5_5.2 to resolve a security issue. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2011-0002 to this issue. c. ESX third party update for Service Console nss and nspr RPMs The Service Console Network Security Services (NSS) and Netscape Portable Runtime (NSPR) libraries are updated to nspr-4.8.6-1 and nss-3.12.8-4 resolving multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-3170 and CVE-2010-3173 to these issues. d. vCenter Server and ESX, Oracle (Sun) JRE update 1.6.0_24 Oracle (Sun) JRE is updated to version 1.6.0_24, which addresses multiple security issues that existed in earlier releases of Oracle (Sun) JRE. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.6.0_24: CVE-2010-4422, CVE-2010-4447, CVE-2010-4448, CVE-2010-4450, CVE-2010-4451, CVE-2010-4452, CVE-2010-4454, CVE-2010-4462, CVE-2010-4463, CVE-2010-4465, CVE-2010-4466, CVE-2010-4467, CVE-2010-4468, CVE-2010-4469, CVE-2010-4470, CVE-2010-4471, CVE-2010-4472, CVE-2010-4473, CVE-2010-4474, CVE-2010-4475 and CVE-2010-4476. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.6.0_22: CVE-2010-1321, CVE-2010-3541, CVE-2010-3548, CVE-2010-3549, CVE-2010-3550, CVE-2010-3551, CVE-2010-3552, CVE-2010-3553, CVE-2010-3554, CVE-2010-3555, CVE-2010-3556, CVE-2010-3557, CVE-2010-3558, CVE-2010-3559, CVE-2010-3560, CVE-2010-3561, CVE-2010-3562, CVE-2010-3563, CVE-2010-3565, CVE-2010-3566, CVE-2010-3567, CVE-2010-3568, CVE-2010-3569, CVE-2010-3570, CVE-2010-3571, CVE-2010-3572, CVE-2010-3573 and CVE-2010-3574. e. vCenter Update Manager Oracle (Sun) JRE update 1.5.0_30 Oracle (Sun) JRE is updated to version 1.5.0_30, which addresses multiple security issues that existed in earlier releases of Oracle (Sun) JRE. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Oracle (Sun) JRE 1.5.0_30: CVE-2011-0862, CVE-2011-0873, CVE-2011-0815, CVE-2011-0864, CVE-2011-0802, CVE-2011-0814, CVE-2011-0871, CVE-2011-0867 and CVE-2011-0865. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Oracle (Sun) JRE 1.5.0_28: CVE-2010-4447, CVE-2010-4448, CVE-2010-4450, CVE-2010-4454, CVE-2010-4462, CVE-2010-4465, CVE-2010-4466, CVE-2010-4468, CVE-2010-4469, CVE-2010-4473, CVE-2010-4475, CVE-2010-4476. f. Integer overflow in VMware third party component sfcb This release resolves an integer overflow issue present in the third party library SFCB when the httpMaxContentLength has been changed from its default value to 0 in in /etc/sfcb/sfcb.cfg. The integer overflow could allow remote attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code via a large integer in the Content-Length HTTP header. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-2054 to this issue. |
Original Source
| Url : http://www.vmware.com/security/advisories/VMSA-2011-0013.html |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 67 % | CWE-310 | Cryptographic Issues |
| 17 % | CWE-476 | NULL Pointer Dereference |
| 17 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:11268 | |||
| Oval ID: | oval:org.mitre.oval:def:11268 | ||
| Title: | Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions | ||
| Description: | Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to the modification of "behavior and state of certain JDK classes" and "mutable static." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3557 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11320 | |||
| Oval ID: | oval:org.mitre.oval:def:11320 | ||
| Title: | Unspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update and 21 and earlier versions | ||
| Description: | Unspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable third party coordinator that the ActiveX Plugin does not properly initialize an object field that is used as a window handle, which allows attackers to execute arbitrary code. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3555 | Version: | 8 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11330 | |||
| Oval ID: | oval:org.mitre.oval:def:11330 | ||
| Title: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 and earlier versions | ||
| Description: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3551 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11604 | |||
| Oval ID: | oval:org.mitre.oval:def:11604 | ||
| Title: | The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API library in MIT Kerberos 5 (aka krb5) through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an AP-REQ message in which the authenticator's checksum field is missing. | ||
| Description: | The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API library in MIT Kerberos 5 (aka krb5) through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an AP-REQ message in which the authenticator's checksum field is missing. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-1321 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11619 | |||
| Oval ID: | oval:org.mitre.oval:def:11619 | ||
| Title: | Unspecified vulnerability in the Java Web Start component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update and 25 and earlier versions | ||
| Description: | Unspecified vulnerability in the Java Web Start component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3550 | Version: | 8 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11649 | |||
| Oval ID: | oval:org.mitre.oval:def:11649 | ||
| Title: | DEPRECATED: Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions | ||
| Description: | Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to unsafe reflection involving the UIDefault.ProxyLazyValue class. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3553 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11662 | |||
| Oval ID: | oval:org.mitre.oval:def:11662 | ||
| Title: | DEPRECATED: Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions | ||
| Description: | Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this involves an incorrect sign extension in the HeadspaceSoundbank.nGetName function, which allows attackers to execute arbitrary code via a crafted BANK record that leads to a buffer overflow. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3559 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11714 | |||
| Oval ID: | oval:org.mitre.oval:def:11714 | ||
| Title: | Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, and 5.0 Update 25 and earlier versions | ||
| Description: | Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to a calculation error in right-to-left text character counts for the ICU OpenType font rendering implementation, which triggers an out-of-bounds memory access. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3567 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11798 | |||
| Oval ID: | oval:org.mitre.oval:def:11798 | ||
| Title: | Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions | ||
| Description: | Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to unsafe reflection involving the UIDefault.ProxyLazyValue class. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3553 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11815 | |||
| Oval ID: | oval:org.mitre.oval:def:11815 | ||
| Title: | Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions | ||
| Description: | Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3556 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11871 | |||
| Oval ID: | oval:org.mitre.oval:def:11871 | ||
| Title: | Unspecified vulnerability in the Java Web Start component in Oracle Java SE and Java for Business 6 Update and 21 and earlier versions | ||
| Description: | Unspecified vulnerability in the Java Web Start component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3558 | Version: | 8 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11876 | |||
| Oval ID: | oval:org.mitre.oval:def:11876 | ||
| Title: | DEPRECATED: Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, and 5.0 Update 25 and earlier versions | ||
| Description: | Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to a calculation error in right-to-left text character counts for the ICU OpenType font rendering implementation, which triggers an out-of-bounds memory access. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3567 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11880 | |||
| Oval ID: | oval:org.mitre.oval:def:11880 | ||
| Title: | Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions | ||
| Description: | Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this involves an incorrect sign extension in the HeadspaceSoundbank.nGetName function, which allows attackers to execute arbitrary code via a crafted BANK record that leads to a buffer overflow. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3559 | Version: | 8 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11893 | |||
| Oval ID: | oval:org.mitre.oval:def:11893 | ||
| Title: | Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions | ||
| Description: | Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is a double free vulnerability in IndexColorModel that allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3562 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11990 | |||
| Oval ID: | oval:org.mitre.oval:def:11990 | ||
| Title: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21 and earlier versions | ||
| Description: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to missing validation of request headers in the HttpURLConnection class when they are set by applets, which allows remote attackers to bypass the intended security policy. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3573 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12004 | |||
| Oval ID: | oval:org.mitre.oval:def:12004 | ||
| Title: | Unspecified vulnerability in the New Java Plug-in component in Oracle Java SE and Java for Business 6 Update and 21 and earlier versions | ||
| Description: | Unspecified vulnerability in the New Java Plug-in component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3552 | Version: | 8 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12005 | |||
| Oval ID: | oval:org.mitre.oval:def:12005 | ||
| Title: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update and 21 and earlier versions | ||
| Description: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3560 | Version: | 8 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12029 | |||
| Oval ID: | oval:org.mitre.oval:def:12029 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 and earlier versions | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is a race condition related to deserialization. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3568 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12040 | |||
| Oval ID: | oval:org.mitre.oval:def:12040 | ||
| Title: | DEPRECATED: Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update and 25 and earlier versions | ||
| Description: | Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update and 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow that leads to a buffer overflow via a crafted devs (device information) tag structure in a color profile. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3566 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12118 | |||
| Oval ID: | oval:org.mitre.oval:def:12118 | ||
| Title: | Vulnerability in SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 | ||
| Description: | The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly set the minimum key length for Diffie-Hellman Ephemeral (DHE) mode, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3173 | Version: | 25 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Mozilla Thunderbird Mozilla Firefox Mozilla Seamonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12173 | |||
| Oval ID: | oval:org.mitre.oval:def:12173 | ||
| Title: | Unspecified vulnerability in the Deployment Toolkit component in Oracle Java SE and Java for Business 6 Update 21 and earlier versions | ||
| Description: | Unspecified vulnerability in the Deployment Toolkit component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3570 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12177 | |||
| Oval ID: | oval:org.mitre.oval:def:12177 | ||
| Title: | Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions | ||
| Description: | Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in the color profile parser that allows remote attackers to execute arbitrary code via a crafted Tag structure in a color profile. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3571 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12180 | |||
| Oval ID: | oval:org.mitre.oval:def:12180 | ||
| Title: | Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 and earlier versions | ||
| Description: | Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow that triggers memory corruption via large values in a subsample of a JPEG image, related to JPEGImageWriter.writeImage in the imageio API. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3565 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12181 | |||
| Oval ID: | oval:org.mitre.oval:def:12181 | ||
| Title: | Unspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update and 21 and earlier versions | ||
| Description: | Unspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to "how Web Start retrieves security policies," BasicServiceImpl, and forged policies that bypass sandbox restrictions. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3563 | Version: | 8 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12189 | |||
| Oval ID: | oval:org.mitre.oval:def:12189 | ||
| Title: | Unspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions | ||
| Description: | Unspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to "permissions granted to certain system objects." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3554 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12200 | |||
| Oval ID: | oval:org.mitre.oval:def:12200 | ||
| Title: | Unspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update and 25 and earlier versions | ||
| Description: | Unspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this involves the use of the privileged accept method in the ServerSocket class, which does not limit which hosts can connect and allows remote attackers to bypass intended network access restrictions. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3561 | Version: | 8 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12225 | |||
| Oval ID: | oval:org.mitre.oval:def:12225 | ||
| Title: | Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update and 25 and earlier versions | ||
| Description: | Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update and 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow that leads to a buffer overflow via a crafted devs (device information) tag structure in a color profile. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3566 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12226 | |||
| Oval ID: | oval:org.mitre.oval:def:12226 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 and earlier versions | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this allows remote attackers to execute arbitrary code by causing the defaultReadObject method in the Serialization API to set a volatile field multiple times. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3569 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12229 | |||
| Oval ID: | oval:org.mitre.oval:def:12229 | ||
| Title: | DEPRECATED: Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions | ||
| Description: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3574 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12231 | |||
| Oval ID: | oval:org.mitre.oval:def:12231 | ||
| Title: | DEPRECATED: Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions | ||
| Description: | Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in the color profile parser that allows remote attackers to execute arbitrary code via a crafted Tag structure in a color profile. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3571 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12240 | |||
| Oval ID: | oval:org.mitre.oval:def:12240 | ||
| Title: | Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions | ||
| Description: | Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3572 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12254 | |||
| Oval ID: | oval:org.mitre.oval:def:12254 | ||
| Title: | SSL Server X.509 Certificate Spoofing Vulnerability in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 | ||
| Description: | Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 recognize a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3170 | Version: | 21 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Mozilla Firefox Mozilla Seamonkey Mozilla Thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12274 | |||
| Oval ID: | oval:org.mitre.oval:def:12274 | ||
| Title: | DEPRECATED: Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21 and earlier versions | ||
| Description: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to missing validation of request headers in the HttpURLConnection class when they are set by applets, which allows remote attackers to bypass the intended security policy. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3573 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12328 | |||
| Oval ID: | oval:org.mitre.oval:def:12328 | ||
| Title: | DEPRECATED: Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions | ||
| Description: | Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is a double free vulnerability in IndexColorModel that allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3562 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12367 | |||
| Oval ID: | oval:org.mitre.oval:def:12367 | ||
| Title: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions | ||
| Description: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3574 | Version: | 11 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12459 | |||
| Oval ID: | oval:org.mitre.oval:def:12459 | ||
| Title: | DEPRECATED: Unspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update and 25 and earlier versions | ||
| Description: | Unspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this involves the use of the privileged accept method in the ServerSocket class, which does not limit which hosts can connect and allows remote attackers to bypass intended network access restrictions. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3561 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12481 | |||
| Oval ID: | oval:org.mitre.oval:def:12481 | ||
| Title: | DSA-2141-4 lighttpd -- compatibility problem with updated openssl | ||
| Description: | The openssl update in DSA-2141-1 caused a regression in lighttpd. Due to a bug in lighttpd, the server fails to start in some configurations if using the updated openssl libraries. This update fixes this problem. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2141-4 CVE-2009-3555 CVE-2010-4180 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 5.0 | Product(s): | lighttpd |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:12484 | |||
| Oval ID: | oval:org.mitre.oval:def:12484 | ||
| Title: | DEPRECATED: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 and earlier versions | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this allows remote attackers to execute arbitrary code by causing the defaultReadObject method in the Serialization API to set a volatile field multiple times. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3569 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12488 | |||
| Oval ID: | oval:org.mitre.oval:def:12488 | ||
| Title: | DEPRECATED: Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 and earlier versions | ||
| Description: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3551 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12496 | |||
| Oval ID: | oval:org.mitre.oval:def:12496 | ||
| Title: | DEPRECATED: Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions | ||
| Description: | Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3556 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12502 | |||
| Oval ID: | oval:org.mitre.oval:def:12502 | ||
| Title: | DEPRECATED: Unspecified vulnerability in the Java Web Start component in Oracle Java SE and Java for Business 6 Update and 21 and earlier versions | ||
| Description: | Unspecified vulnerability in the Java Web Start component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3558 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12508 | |||
| Oval ID: | oval:org.mitre.oval:def:12508 | ||
| Title: | DEPRECATED: Unspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update and 21 and earlier versions | ||
| Description: | Unspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to "how Web Start retrieves security policies," BasicServiceImpl, and forged policies that bypass sandbox restrictions. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3563 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12518 | |||
| Oval ID: | oval:org.mitre.oval:def:12518 | ||
| Title: | DEPRECATED: Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions | ||
| Description: | Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to the modification of "behavior and state of certain JDK classes" and "mutable static." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3557 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12531 | |||
| Oval ID: | oval:org.mitre.oval:def:12531 | ||
| Title: | DEPRECATED: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 and earlier versions | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is a race condition related to deserialization. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3568 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12536 | |||
| Oval ID: | oval:org.mitre.oval:def:12536 | ||
| Title: | DEPRECATED: Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions | ||
| Description: | Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3572 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12552 | |||
| Oval ID: | oval:org.mitre.oval:def:12552 | ||
| Title: | DEPRECATED: Unspecified vulnerability in the New Java Plug-in component in Oracle Java SE and Java for Business 6 Update and 21 and earlier versions | ||
| Description: | Unspecified vulnerability in the New Java Plug-in component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3552 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12568 | |||
| Oval ID: | oval:org.mitre.oval:def:12568 | ||
| Title: | DSA-2123-1 nss -- several | ||
| Description: | Several vulnerabilities have been discovered in Mozilla's Network Security Services library. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-3170 NSS recognizes a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. CVE-2010-3173 NSS does not properly set the minimum key length for Diffie-Hellman Ephemeral mode, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. For the stable distribution, these problems have been fixed in version 3.12.3.1-0lenny2. For the unstable distribution and the upcoming stable distribution, these problems have been fixed in version 3.12.8-1. We recommend that you upgrade your NSS packages. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2123-1 CVE-2010-3170 CVE-2010-3173 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 5.0 | Product(s): | nss |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12571 | |||
| Oval ID: | oval:org.mitre.oval:def:12571 | ||
| Title: | DEPRECATED: Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 and earlier versions | ||
| Description: | Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow that triggers memory corruption via large values in a subsample of a JPEG image, related to JPEGImageWriter.writeImage in the imageio API. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3565 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12573 | |||
| Oval ID: | oval:org.mitre.oval:def:12573 | ||
| Title: | DSA-2141-3 apache2 -- backward compatibility option for SSL/TLS insecure | ||
| Description: | DSA-2141-1 changed the behaviour of the openssl libraries in a server environment to only allow SSL/TLS renegotiation for clients that support the RFC5746 renegotiation extension. This update to apache2 adds the new SSLInsecureRenegotiation configuration option that allows to restore support for insecure clients. More information can be found in the file /usr/share/doc/apache2.2-common/NEWS.Debian.gz . | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2141-3 CVE-2009-3555 CVE-2010-4180 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 5.0 | Product(s): | apache2 |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:12582 | |||
| Oval ID: | oval:org.mitre.oval:def:12582 | ||
| Title: | DEPRECATED: Unspecified vulnerability in the Deployment Toolkit component in Oracle Java SE and Java for Business 6 Update 21 and earlier versions | ||
| Description: | Unspecified vulnerability in the Deployment Toolkit component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3570 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12590 | |||
| Oval ID: | oval:org.mitre.oval:def:12590 | ||
| Title: | DEPRECATED: Unspecified vulnerability in the Java Web Start component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update and 25 and earlier versions | ||
| Description: | Unspecified vulnerability in the Java Web Start component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3550 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12597 | |||
| Oval ID: | oval:org.mitre.oval:def:12597 | ||
| Title: | DEPRECATED: Unspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions | ||
| Description: | Unspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to "permissions granted to certain system objects." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3554 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12614 | |||
| Oval ID: | oval:org.mitre.oval:def:12614 | ||
| Title: | DEPRECATED: Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update and 21 and earlier versions | ||
| Description: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3560 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12646 | |||
| Oval ID: | oval:org.mitre.oval:def:12646 | ||
| Title: | DEPRECATED: Unspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update and 21 and earlier versions | ||
| Description: | Unspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable third party coordinator that the ActiveX Plugin does not properly initialize an object field that is used as a window handle, which allows attackers to execute arbitrary code. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3555 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle Java SE |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12707 | |||
| Oval ID: | oval:org.mitre.oval:def:12707 | ||
| Title: | DSA-2141-1 openssl -- SSL/TLS insecure renegotiation protocol design flaw | ||
| Description: | CVE-2009-3555: Marsh Ray, Steve Dispensa, and Martin Rex discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user's session. This update adds backported support for the new RFC5746 renegotiation extension which fixes this issue. If openssl is used in a server application, it will by default no longer accept renegotiation from clients that do not support the RFC5746 secure renegotiation extension. A separate advisory will add RFC5746 support for nss, the security library used by the iceweasel web browser. For apache2, there will be an update which allows to re-enable insecure renegotiation. This version of openssl is not compatible with older versions of tor. You have to use at least tor version 0.2.1.26-1~lenny+1, which has been included in the point release 5.0.7 of Debian stable. Currently we are not aware of other software with similar compatibility problems. CVE-2010-4180: In addition, this update fixes a flaw that allowed a client to bypass restrictions configured in the server for the used cipher suite. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2141-1 CVE-2009-3555 CVE-2010-4180 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 5.0 | Product(s): | openssl |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:12801 | |||
| Oval ID: | oval:org.mitre.oval:def:12801 | ||
| Title: | DSA-2141-2 nss -- SSL/TLS insecure renegotiation protocol design flaw | ||
| Description: | CVE-2009-3555: Marsh Ray, Steve Dispensa, and Martin Rex discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user's session. This update adds backported support for the new RFC5746 renegotiation extension which fixes this issue. The updated libraries allow to use shell environment variables to configure if insecure renegotiation is still allowed. The syntax of these environment variables is described in the release notes to version 3.12.6 of nss: https://developer.mozilla.org/NSS_3.12.6_release_notes However, the default behaviour for nss in Debian 5.0 is NSS_SSL_ENABLE_RENEGOTIATION=3, which allows clients to continue to renegotiate with vulnerable servers. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2141-2 CVE-2009-3555 CVE-2010-4180 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 5.0 | Product(s): | nss |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:12879 | |||
| Oval ID: | oval:org.mitre.oval:def:12879 | ||
| Title: | DSA-2161-1 openjdk-6 -- denial of service | ||
| Description: | It was discovered that the floating point parser in OpenJDK, an implementation of the Java platform, can enter an infinite loop when processing certain input strings. Such input strings represent valid numbers and can be contained in data supplied by an attacker over the network, leading to a denial-of-service attack. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2161-1 CVE-2010-4476 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | openjdk-6 |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:13305 | |||
| Oval ID: | oval:org.mitre.oval:def:13305 | ||
| Title: | USN-1010-1 -- openjdk-6, openjdk-6b18 vulnerabilities | ||
| Description: | Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user�s session. USN-923-1 disabled SSL/TLS renegotiation by default; this update implements the TLS Renegotiation Indication Extension as defined in RFC 5746, and thus supports secure renegotiation between updated clients and servers. It was discovered that the HttpURLConnection class did not validate request headers set by java applets, which could allow an attacker to trigger actions otherwise not allowed to HTTP clients. It was discovered that JNDI could leak information that would allow an attacker to access information about otherwise-protected internal network names. It was discovered that HttpURLConnection improperly handled the "chunked" transfer encoding method, which could allow attackers to conduct HTTP response splitting attacks. It was discovered that the NetworkInterface class improperly checked the network "connect" permissions for local network addresses. This could allow an attacker to read local network addresses. It was discovered that UIDefault.ProxyLazyValue had unsafe reflection usage, allowing an attacker to create objects. It was discovered that multiple flaws in the CORBA reflection implementation could allow an attacker to execute arbitrary code by misusing permissions granted to certain system objects. It was discovered that unspecified flaws in the Swing library could allow untrusted applications to modify the behavior and state of certain JDK classes. It was discovered that the privileged accept method of the ServerSocket class in the CORBA implementation allowed it to receive connections from any host, instead of just the host of the current connection. An attacker could use this flaw to bypass restrictions defined by network permissions. It was discovered that there exists a double free in java�s indexColorModel that could allow an attacker to cause an applet or application to crash, or possibly execute arbitrary code with the privilege of the user running the java applet or application. It was discovered that the Kerberos implementation improperly checked AP-REQ requests, which could allow an attacker to cause a denial of service against the receiving JVM. It was discovered that improper checks of unspecified image metadata in JPEGImageWriter.writeImage of the imageio API could allow an attacker to execute arbitrary code with the privileges of the user running a java applet or application. It was discovered that an unspecified vulnerability in the ICC profile handling code could allow an attacker to execute arbitrary code with the privileges of the user running a java applet or application. It was discovered that a miscalculation in the OpenType font rendering implementation would allow out-of-bounds memory access. This could allow an attacker to execute arbitrary code with the privileges of the user running a java application. It was discovered that an unspecified race condition in the way objects were deserialized could allow an attacker to cause an applet or application to misuse the privileges of the user running the java applet or application. It was discovered that the defaultReadObject of the Serialization API could be tricked into setting a volatile field multiple times. This could allow an attacker to execute arbitrary code with the privileges of the user running a java applet or application. It was discovered that the HttpURLConnection class did not validate request headers set by java applets, which could allow an attacker to trigger actions otherwise not allowed to HTTP clients. It was discovered that the HttpURLConnection class improperly checked whether the calling code was granted the "allowHttpTrace" permission, allowing an attacker to create HTTP TRACE requests | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1010-1 CVE-2009-3555 CVE-2010-3541 CVE-2010-3548 CVE-2010-3549 CVE-2010-3551 CVE-2010-3553 CVE-2010-3554 CVE-2010-3557 CVE-2010-3561 CVE-2010-3562 CVE-2010-3564 CVE-2010-3565 CVE-2010-3566 CVE-2010-3567 CVE-2010-3568 CVE-2010-3569 CVE-2010-3573 CVE-2010-3574 | Version: | 5 |
| Platform(s): | Ubuntu 8.04 Ubuntu 10.10 Ubuntu 9.10 Ubuntu 10.04 | Product(s): | openjdk-6 openjdk-6b18 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13317 | |||
| Oval ID: | oval:org.mitre.oval:def:13317 | ||
| Title: | Multiple unspecified vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allow remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. | ||
| Description: | Multiple unspecified vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allow remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-0862 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13446 | |||
| Oval ID: | oval:org.mitre.oval:def:13446 | ||
| Title: | USN-1029-1 -- openssl vulnerabilities | ||
| Description: | It was discovered that an old bug workaround in the SSL/TLS server code allowed an attacker to modify the stored session cache ciphersuite. This could possibly allow an attacker to downgrade the ciphersuite to a weaker one on subsequent connections. It was discovered that an old bug workaround in the SSL/TLS server code allowed allowed an attacker to modify the stored session cache ciphersuite. An attacker could possibly take advantage of this to force the use of a disabled cipher. This vulnerability only affects the versions of OpenSSL in Ubuntu 6.06 LTS, Ubuntu 8.04 LTS, and Ubuntu 9.10 | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1029-1 CVE-2010-4180 CVE-2008-7270 | Version: | 5 |
| Platform(s): | Ubuntu 8.04 Ubuntu 10.10 Ubuntu 10.04 Ubuntu 9.10 Ubuntu 6.06 | Product(s): | openssl |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13546 | |||
| Oval ID: | oval:org.mitre.oval:def:13546 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound and unspecified APIs. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound and unspecified APIs. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-4454 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13552 | |||
| Oval ID: | oval:org.mitre.oval:def:13552 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, and 5.0 Update 27 and earlier, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and integrity via unknown vectors related to JDBC. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, and 5.0 Update 27 and earlier, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and integrity via unknown vectors related to JDBC. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-4468 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13639 | |||
| Oval ID: | oval:org.mitre.oval:def:13639 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to HotSpot. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is heap corruption related to the Verifier and "backward jsrs." | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to HotSpot. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is heap corruption related to the Verifier and "backward jsrs." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-4469 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13777 | |||
| Oval ID: | oval:org.mitre.oval:def:13777 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 21 through 6 Update 23 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 21 through 6 Update 23 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-4463 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13888 | |||
| Oval ID: | oval:org.mitre.oval:def:13888 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, and 5.0 Update 29 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, and 5.0 Update 29 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-0873 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13942 | |||
| Oval ID: | oval:org.mitre.oval:def:13942 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Windows, when using Java Update, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Windows, when using Java Update, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-4451 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14034 | |||
| Oval ID: | oval:org.mitre.oval:def:14034 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Swing. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is related to the lack of framework support by AWT event dispatch, and/or "clipboard access in Applets." | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Swing. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is related to the lack of framework support by AWT event dispatch, and/or "clipboard access in Applets." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-4465 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14039 | |||
| Oval ID: | oval:org.mitre.oval:def:14039 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound and unspecified APIs. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound and unspecified APIs. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-4462 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14045 | |||
| Oval ID: | oval:org.mitre.oval:def:14045 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to Networking. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue involves "DNS cache poisoning by untrusted applets." | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to Networking. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue involves "DNS cache poisoning by untrusted applets." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-4448 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14076 | |||
| Oval ID: | oval:org.mitre.oval:def:14076 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23, and, and earlier allows remote attackers to affect availability via unknown vectors related to JAXP and unspecified APIs. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is related to "Features set on SchemaFactory not inherited by Validator." | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23, and, and earlier allows remote attackers to affect availability via unknown vectors related to JAXP and unspecified APIs. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is related to "Features set on SchemaFactory not inherited by Validator." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-4470 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14081 | |||
| Oval ID: | oval:org.mitre.oval:def:14081 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to Deserialization. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to Deserialization. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-0865 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14112 | |||
| Oval ID: | oval:org.mitre.oval:def:14112 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Swing. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Swing. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-0871 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14118 | |||
| Oval ID: | oval:org.mitre.oval:def:14118 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote attackers to affect availability, related to XML Digital Signature and unspecified APIs. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue involves the replacement of the "XML DSig Transform or C14N algorithm implementations." | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote attackers to affect availability, related to XML Digital Signature and unspecified APIs. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue involves the replacement of the "XML DSig Transform or C14N algorithm implementations." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-4472 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14119 | |||
| Oval ID: | oval:org.mitre.oval:def:14119 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound and unspecified APIs. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound and unspecified APIs. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-4473 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14135 | |||
| Oval ID: | oval:org.mitre.oval:def:14135 | ||
| Title: | DEPRECATED: Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Solaris and Linux; 5.0 Update 27 and earlier for Solaris and Linux; and 1.4.2_29 and earlier for Solaris and Linux allows local standalone applications to affect confidentiality, integrity, and availability via unknown vectors related to Launcher. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is an untrusted search path vulnerability involving an empty LD_LIBRARY_PATH environment variable. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Solaris and Linux; 5.0 Update 27 and earlier for Solaris and Linux; and 1.4.2_29 and earlier for Solaris and Linux allows local standalone applications to affect confidentiality, integrity, and availability via unknown vectors related to Launcher. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is an untrusted search path vulnerability involving an empty LD_LIBRARY_PATH environment variable. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-4450 | Version: | 8 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14174 | |||
| Oval ID: | oval:org.mitre.oval:def:14174 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound, a different vulnerability than CVE-2011-0802. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound, a different vulnerability than CVE-2011-0802. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-0814 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14225 | |||
| Oval ID: | oval:org.mitre.oval:def:14225 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to HotSpot. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to HotSpot. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-0864 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14230 | |||
| Oval ID: | oval:org.mitre.oval:def:14230 | ||
| Title: | Unspecified vulnerability in the Deployment component in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors. | ||
| Description: | Unspecified vulnerability in the Deployment component in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-4452 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14233 | |||
| Oval ID: | oval:org.mitre.oval:def:14233 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Deployment. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Deployment. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-4475 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14240 | |||
| Oval ID: | oval:org.mitre.oval:def:14240 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Networking. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Networking. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-0867 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14271 | |||
| Oval ID: | oval:org.mitre.oval:def:14271 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Windows, Solaris, and, Linux; 5.0 Update 27 and earlier for Windows; and 1.4.2_29 and earlier for Windows allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Deployment. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Windows, Solaris, and, Linux; 5.0 Update 27 and earlier for Windows; and 1.4.2_29 and earlier for Windows allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Deployment. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-4466 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14290 | |||
| Oval ID: | oval:org.mitre.oval:def:14290 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-4422 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14328 | |||
| Oval ID: | oval:org.mitre.oval:def:14328 | ||
| Title: | The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308. | ||
| Description: | The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-4476 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14335 | |||
| Oval ID: | oval:org.mitre.oval:def:14335 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to AWT. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to AWT. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-0815 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14340 | |||
| Oval ID: | oval:org.mitre.oval:def:14340 | ||
| Title: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is an HTTP request splitting vulnerability involving the handling of the chunked transfer encoding method by the HttpURLConnection class. | ||
| Description: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is an HTTP request splitting vulnerability involving the handling of the chunked transfer encoding method by the HttpURLConnection class. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3549 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment Java Development Kit |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14354 | |||
| Oval ID: | oval:org.mitre.oval:def:14354 | ||
| Title: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to missing validation of request headers in the HttpURLConnection class when they are set by applets, which allows remote attackers to bypass the intended security policy. | ||
| Description: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to missing validation of request headers in the HttpURLConnection class when they are set by applets, which allows remote attackers to bypass the intended security policy. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3541 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment Java Development Kit |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14384 | |||
| Oval ID: | oval:org.mitre.oval:def:14384 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 10 through 6 Update 23 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 10 through 6 Update 23 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-4467 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14403 | |||
| Oval ID: | oval:org.mitre.oval:def:14403 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Deployment. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Deployment. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-4447 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14417 | |||
| Oval ID: | oval:org.mitre.oval:def:14417 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, and 5.0 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to 2D. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is related to the exposure of system properties via vectors related to Font.createFont and exception text. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, and 5.0 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to 2D. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is related to the exposure of system properties via vectors related to Font.createFont and exception text. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-4471 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14475 | |||
| Oval ID: | oval:org.mitre.oval:def:14475 | ||
| Title: | Unspecified vulnerability in the Java Naming and Directory Interface (JNDI) component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this allows remote attackers to determine internal IP addresses or "otherwise-protected internal network names." | ||
| Description: | Unspecified vulnerability in the Java Naming and Directory Interface (JNDI) component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this allows remote attackers to determine internal IP addresses or "otherwise-protected internal network names." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3548 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14477 | |||
| Oval ID: | oval:org.mitre.oval:def:14477 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound, a different vulnerability than CVE-2011-0814. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound, a different vulnerability than CVE-2011-0814. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-0802 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14534 | |||
| Oval ID: | oval:org.mitre.oval:def:14534 | ||
| Title: | Unspecified vulnerability in the Java DB component in Oracle Java SE and Java for Business 6 Update 23, and, and earlier allows local users to affect confidentiality via unknown vectors related to Security, a similar vulnerability to CVE-2009-4269. | ||
| Description: | Unspecified vulnerability in the Java DB component in Oracle Java SE and Java for Business 6 Update 23, and, and earlier allows local users to affect confidentiality via unknown vectors related to Security, a similar vulnerability to CVE-2009-4269. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-4474 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Development Kit Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14589 | |||
| Oval ID: | oval:org.mitre.oval:def:14589 | ||
| Title: | HP-UX Apache Running Tomcat Servlet Engine, Remote Information Disclosure, Authentication Bypass, Cross-Site Scripting (XSS), Unauthorized Access, Denial of Service (DoS) | ||
| Description: | The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-4476 | Version: | 11 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:15238 | |||
| Oval ID: | oval:org.mitre.oval:def:15238 | ||
| Title: | DSA-2311-1 openjdk-6 -- several | ||
| Description: | Several vulnerabilities have been discovered in OpenJDK, an implementation of the Java SE platform. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2011-0862 Integer overflow errors in the JPEG and font parser allow untrusted code to elevate its privileges. CVE-2011-0864 Hotspot, the just-in-time compiler in OpenJDK, mishandled certain byte code instructions, allowing untrusted code to crash the virtual machine. CVE-2011-0865 A race condition in signed object deserialization could allow untrusted code to modify signed content, apparently leaving its signature intact. CVE-2011-0867 Untrusted code could access information about network interfaces which was not intended to be public. CVE-2011-0868 A float-to-long conversion could overflow, allowing untrusted code to crash the virtual machine. CVE-2011-0869 Untrusted code could intercept HTTP requests by reconfiguring proxy settings through a SOAP connection. CVE-2011-0871 Untrusted code could elevate its privileges through the Swing MediaTracker code. In addition, this update removes support for the Zero/Shark and Cacao Hotspot variants from the i386 and amd64 due to stability issues. These Hotspot variants are included in the openjdk-6-jre-zero and icedtea-6-jre-cacao packages, and these packages must be removed during this update. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2311-1 CVE-2011-0862 CVE-2011-0864 CVE-2011-0865 CVE-2011-0867 CVE-2011-0868 CVE-2011-0869 CVE-2011-0871 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | openjdk-6 |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:18910 | |||
| Oval ID: | oval:org.mitre.oval:def:18910 | ||
| Title: | OpenSSL vulnerability before 0.9.8q, and 1.0.x before 1.0.0c in VisualSVN Server (CVE-2010-4180) | ||
| Description: | OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-4180 | Version: | 5 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | VisualSVN Server |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19493 | |||
| Oval ID: | oval:org.mitre.oval:def:19493 | ||
| Title: | HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other Vulnerabilities | ||
| Description: | The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-4476 | Version: | 11 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:19571 | |||
| Oval ID: | oval:org.mitre.oval:def:19571 | ||
| Title: | Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
| Description: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to missing validation of request headers in the HttpURLConnection class when they are set by applets, which allows remote attackers to bypass the intended security policy. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-3541 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.0 VMWare ESX Server 4.1 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19678 | |||
| Oval ID: | oval:org.mitre.oval:def:19678 | ||
| Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound and unspecified APIs. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-4454 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19749 | |||
| Oval ID: | oval:org.mitre.oval:def:19749 | ||
| Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 21 through 6 Update 23 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-4463 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.1 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19752 | |||
| Oval ID: | oval:org.mitre.oval:def:19752 | ||
| Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
| Description: | OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-4180 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19768 | |||
| Oval ID: | oval:org.mitre.oval:def:19768 | ||
| Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
| Description: | The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly set the minimum key length for Diffie-Hellman Ephemeral (DHE) mode, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-3173 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.1 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19776 | |||
| Oval ID: | oval:org.mitre.oval:def:19776 | ||
| Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Solaris and Linux; 5.0 Update 27 and earlier for Solaris and Linux; and 1.4.2_29 and earlier for Solaris and Linux allows local standalone applications to affect confidentiality, integrity, and availability via unknown vectors related to Launcher. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is an untrusted search path vulnerability involving an empty LD_LIBRARY_PATH environment variable. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-4450 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19857 | |||
| Oval ID: | oval:org.mitre.oval:def:19857 | ||
| Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to Networking. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue involves "DNS cache poisoning by untrusted applets." | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-4448 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19972 | |||
| Oval ID: | oval:org.mitre.oval:def:19972 | ||
| Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Windows, when using Java Update, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-4451 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.1 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19986 | |||
| Oval ID: | oval:org.mitre.oval:def:19986 | ||
| Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23, and, and earlier allows remote attackers to affect availability via unknown vectors related to JAXP and unspecified APIs. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is related to "Features set on SchemaFactory not inherited by Validator." | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-4470 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.1 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20014 | |||
| Oval ID: | oval:org.mitre.oval:def:20014 | ||
| Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Deployment. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-4447 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20077 | |||
| Oval ID: | oval:org.mitre.oval:def:20077 | ||
| Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
| Description: | Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow that triggers memory corruption via large values in a subsample of a JPEG image, related to JPEGImageWriter.writeImage in the imageio API. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-3565 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20186 | |||
| Oval ID: | oval:org.mitre.oval:def:20186 | ||
| Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
| Description: | Unspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to "how Web Start retrieves security policies," BasicServiceImpl, and forged policies that bypass sandbox restrictions. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-3563 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.1 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20190 | |||
| Oval ID: | oval:org.mitre.oval:def:20190 | ||
| Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
| Description: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to missing validation of request headers in the HttpURLConnection class when they are set by applets, which allows remote attackers to bypass the intended security policy. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-3573 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20195 | |||
| Oval ID: | oval:org.mitre.oval:def:20195 | ||
| Title: | Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
| Description: | Unspecified vulnerability in the Java Naming and Directory Interface (JNDI) component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this allows remote attackers to determine internal IP addresses or "otherwise-protected internal network names." | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-3548 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20205 | |||
| Oval ID: | oval:org.mitre.oval:def:20205 | ||
| Title: | Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
| Description: | Unspecified vulnerability in the Java Web Start component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-3550 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.0 VMWare ESX Server 4.1 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20226 | |||
| Oval ID: | oval:org.mitre.oval:def:20226 | ||
| Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
| Description: | Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 recognize a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-3170 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.1 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20242 | |||
| Oval ID: | oval:org.mitre.oval:def:20242 | ||
| Title: | Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
| Description: | Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-3556 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.0 VMWare ESX Server 4.1 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20243 | |||
| Oval ID: | oval:org.mitre.oval:def:20243 | ||
| Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, and 5.0 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to 2D. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is related to the exposure of system properties via vectors related to Font.createFont and exception text. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-4471 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.1 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20270 | |||
| Oval ID: | oval:org.mitre.oval:def:20270 | ||
| Title: | Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
| Description: | Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to unsafe reflection involving the UIDefault.ProxyLazyValue class. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-3553 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.0 VMWare ESX Server 4.1 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20272 | |||
| Oval ID: | oval:org.mitre.oval:def:20272 | ||
| Title: | Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
| Description: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality via unknown vectors. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-3551 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.0 VMWare ESX Server 4.1 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20301 | |||
| Oval ID: | oval:org.mitre.oval:def:20301 | ||
| Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
| Description: | Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in the color profile parser that allows remote attackers to execute arbitrary code via a crafted Tag structure in a color profile. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-3571 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20306 | |||
| Oval ID: | oval:org.mitre.oval:def:20306 | ||
| Title: | Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
| Description: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-3574 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.0 VMWare ESX Server 4.1 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20336 | |||
| Oval ID: | oval:org.mitre.oval:def:20336 | ||
| Title: | Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
| Description: | Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to the modification of "behavior and state of certain JDK classes" and "mutable static." | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-3557 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.0 VMWare ESX Server 4.1 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20365 | |||
| Oval ID: | oval:org.mitre.oval:def:20365 | ||
| Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, and 5.0 Update 27 and earlier, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and integrity via unknown vectors related to JDBC. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-4468 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20380 | |||
| Oval ID: | oval:org.mitre.oval:def:20380 | ||
| Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
| Description: | The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API library in MIT Kerberos 5 (aka krb5) through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an AP-REQ message in which the authenticator's checksum field is missing. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-1321 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20382 | |||
| Oval ID: | oval:org.mitre.oval:def:20382 | ||
| Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
| Description: | Integer overflow in httpAdapter.c in httpAdapter in SBLIM SFCB 1.3.4 through 1.3.7, when the configuration sets httpMaxContentLength to a zero value, allows remote attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code via a large integer in the Content-Length HTTP header, aka bug #3001915. NOTE: some of these details are obtained from third party information. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-2054 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.1 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20383 | |||
| Oval ID: | oval:org.mitre.oval:def:20383 | ||
| Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-4422 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.1 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20418 | |||
| Oval ID: | oval:org.mitre.oval:def:20418 | ||
| Title: | Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
| Description: | Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this involves an incorrect sign extension in the HeadspaceSoundbank.nGetName function, which allows attackers to execute arbitrary code via a crafted BANK record that leads to a buffer overflow. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-3559 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.0 VMWare ESX Server 4.1 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20443 | |||
| Oval ID: | oval:org.mitre.oval:def:20443 | ||
| Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this allows remote attackers to execute arbitrary code by causing the defaultReadObject method in the Serialization API to set a volatile field multiple times. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-3569 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20449 | |||
| Oval ID: | oval:org.mitre.oval:def:20449 | ||
| Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
| Description: | Unspecified vulnerability in the New Java Plug-in component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-3552 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.1 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20453 | |||
| Oval ID: | oval:org.mitre.oval:def:20453 | ||
| Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
| Description: | Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update and 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow that leads to a buffer overflow via a crafted devs (device information) tag structure in a color profile. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-3566 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20460 | |||
| Oval ID: | oval:org.mitre.oval:def:20460 | ||
| Title: | Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
| Description: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is an HTTP request splitting vulnerability involving the handling of the chunked transfer encoding method by the HttpURLConnection class. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-3549 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.0 VMWare ESX Server 4.1 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20466 | |||
| Oval ID: | oval:org.mitre.oval:def:20466 | ||
| Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Deployment. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-4475 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20492 | |||
| Oval ID: | oval:org.mitre.oval:def:20492 | ||
| Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
| Description: | Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is a double free vulnerability in IndexColorModel that allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-3562 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20504 | |||
| Oval ID: | oval:org.mitre.oval:def:20504 | ||
| Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to HotSpot. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2011-0864 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20505 | |||
| Oval ID: | oval:org.mitre.oval:def:20505 | ||
| Title: | Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
| Description: | Unspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to "permissions granted to certain system objects." | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-3554 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.0 VMWare ESX Server 4.1 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20513 | |||
| Oval ID: | oval:org.mitre.oval:def:20513 | ||
| Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Windows, Solaris, and, Linux; 5.0 Update 27 and earlier for Windows; and 1.4.2_29 and earlier for Windows allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Deployment. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-4466 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20519 | |||
| Oval ID: | oval:org.mitre.oval:def:20519 | ||
| Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound, a different vulnerability than CVE-2011-0814. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2011-0802 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20527 | |||
| Oval ID: | oval:org.mitre.oval:def:20527 | ||
| Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, and 5.0 Update 29 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2011-0873 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20534 | |||
| Oval ID: | oval:org.mitre.oval:def:20534 | ||
| Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
| Description: | Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to a calculation error in right-to-left text character counts for the ICU OpenType font rendering implementation, which triggers an out-of-bounds memory access. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-3567 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20543 | |||
| Oval ID: | oval:org.mitre.oval:def:20543 | ||
| Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to HotSpot. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is heap corruption related to the Verifier and "backward jsrs." | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-4469 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20544 | |||
| Oval ID: | oval:org.mitre.oval:def:20544 | ||
| Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to Deserialization. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2011-0865 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20557 | |||
| Oval ID: | oval:org.mitre.oval:def:20557 | ||
| Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is a race condition related to deserialization. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-3568 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20558 | |||
| Oval ID: | oval:org.mitre.oval:def:20558 | ||
| Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
| Description: | Unspecified vulnerability in the Java Naming and Directory Interface (JNDI) component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this allows remote attackers to determine internal IP addresses or "otherwise-protected internal network names." | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-3548 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.1 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20565 | |||
| Oval ID: | oval:org.mitre.oval:def:20565 | ||
| Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote attackers to affect availability, related to XML Digital Signature and unspecified APIs. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue involves the replacement of the "XML DSig Transform or C14N algorithm implementations." | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-4472 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.1 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20574 | |||
| Oval ID: | oval:org.mitre.oval:def:20574 | ||
| Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
| Description: | Unspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable third party coordinator that the ActiveX Plugin does not properly initialize an object field that is used as a window handle, which allows attackers to execute arbitrary code. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-3555 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.1 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20578 | |||
| Oval ID: | oval:org.mitre.oval:def:20578 | ||
| Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
| Description: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality via unknown vectors. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-3560 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.1 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20580 | |||
| Oval ID: | oval:org.mitre.oval:def:20580 | ||
| Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Swing. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is related to the lack of framework support by AWT event dispatch, and/or "clipboard access in Applets." | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-4465 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20587 | |||
| Oval ID: | oval:org.mitre.oval:def:20587 | ||
| Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound, a different vulnerability than CVE-2011-0802. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2011-0814 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20588 | |||
| Oval ID: | oval:org.mitre.oval:def:20588 | ||
| Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
| Description: | Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-3572 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20591 | |||
| Oval ID: | oval:org.mitre.oval:def:20591 | ||
| Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
| Description: | Unspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this involves the use of the privileged accept method in the ServerSocket class, which does not limit which hosts can connect and allows remote attackers to bypass intended network access restrictions. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-3561 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.1 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20596 | |||
| Oval ID: | oval:org.mitre.oval:def:20596 | ||
| Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 10 through 6 Update 23 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-4467 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.1 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20597 | |||
| Oval ID: | oval:org.mitre.oval:def:20597 | ||
| Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
| Description: | Multiple unspecified vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allow remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2011-0862 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20622 | |||
| Oval ID: | oval:org.mitre.oval:def:20622 | ||
| Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound and unspecified APIs. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-4473 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20629 | |||
| Oval ID: | oval:org.mitre.oval:def:20629 | ||
| Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
| Description: | OpenSSL before 0.9.8j, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the use of a disabled cipher via vectors involving sniffing network traffic to discover a session identifier, a different vulnerability than CVE-2010-4180. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2008-7270 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20639 | |||
| Oval ID: | oval:org.mitre.oval:def:20639 | ||
| Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
| Description: | Unspecified vulnerability in the Deployment component in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-4452 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.1 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20643 | |||
| Oval ID: | oval:org.mitre.oval:def:20643 | ||
| Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
| Description: | libuser before 0.57 uses a cleartext password value of (1) !! or (2) x for new LDAP user accounts, which makes it easier for remote attackers to obtain access by specifying one of these values. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2011-0002 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20646 | |||
| Oval ID: | oval:org.mitre.oval:def:20646 | ||
| Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Networking. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2011-0867 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20648 | |||
| Oval ID: | oval:org.mitre.oval:def:20648 | ||
| Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
| Description: | Unspecified vulnerability in the Java Web Start component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-3558 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.1 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20649 | |||
| Oval ID: | oval:org.mitre.oval:def:20649 | ||
| Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
| Description: | The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-4476 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20655 | |||
| Oval ID: | oval:org.mitre.oval:def:20655 | ||
| Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
| Description: | Unspecified vulnerability in the Java DB component in Oracle Java SE and Java for Business 6 Update 23, and, and earlier allows local users to affect confidentiality via unknown vectors related to Security, a similar vulnerability to CVE-2009-4269. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-4474 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.1 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20670 | |||
| Oval ID: | oval:org.mitre.oval:def:20670 | ||
| Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound and unspecified APIs. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-4462 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.0 VMWare ESX Server 4.1 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20679 | |||
| Oval ID: | oval:org.mitre.oval:def:20679 | ||
| Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Swing. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2011-0871 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20705 | |||
| Oval ID: | oval:org.mitre.oval:def:20705 | ||
| Title: | VMware vSphere and vCOps updates to third party libraries | ||
| Description: | OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-4180 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.1 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20828 | |||
| Oval ID: | oval:org.mitre.oval:def:20828 | ||
| Title: | Multiple OpenSSL vulnerabilities | ||
| Description: | OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-4180 | Version: | 4 |
| Platform(s): | IBM AIX 6.1 IBM AIX 7.1 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:21056 | |||
| Oval ID: | oval:org.mitre.oval:def:21056 | ||
| Title: | RHSA-2011:0857: java-1.6.0-openjdk security update (Important) | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Swing. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2011:0857-01 CESA-2011:0857 CVE-2011-0862 CVE-2011-0864 CVE-2011-0865 CVE-2011-0867 CVE-2011-0868 CVE-2011-0869 CVE-2011-0871 | Version: | 94 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | java-1.6.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21420 | |||
| Oval ID: | oval:org.mitre.oval:def:21420 | ||
| Title: | RHSA-2011:0336: tomcat5 security update (Important) | ||
| Description: | The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2011:0336-01 CESA-2011:0336 CVE-2010-4476 | Version: | 4 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | tomcat5 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21487 | |||
| Oval ID: | oval:org.mitre.oval:def:21487 | ||
| Title: | RHSA-2011:0856: java-1.6.0-openjdk security update (Critical) | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Swing. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2011:0856-01 CVE-2011-0862 CVE-2011-0864 CVE-2011-0865 CVE-2011-0867 CVE-2011-0868 CVE-2011-0869 CVE-2011-0871 | Version: | 94 |
| Platform(s): | Red Hat Enterprise Linux 6 | Product(s): | java-1.6.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21498 | |||
| Oval ID: | oval:org.mitre.oval:def:21498 | ||
| Title: | RHSA-2011:0152: java-1.4.2-ibm security update (Moderate) | ||
| Description: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2011:0152-01 CVE-2010-1321 CVE-2010-3574 | Version: | 29 |
| Platform(s): | Red Hat Enterprise Linux 5 | Product(s): | java-1.4.2-ibm |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21548 | |||
| Oval ID: | oval:org.mitre.oval:def:21548 | ||
| Title: | RHSA-2010:0423: krb5 security update (Important) | ||
| Description: | The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API library in MIT Kerberos 5 (aka krb5) through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an AP-REQ message in which the authenticator's checksum field is missing. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2010:0423-01 CESA-2010:0423 CVE-2010-1321 | Version: | 4 |
| Platform(s): | Red Hat Enterprise Linux 3 Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | krb5 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21713 | |||
| Oval ID: | oval:org.mitre.oval:def:21713 | ||
| Title: | RHSA-2011:0214: java-1.6.0-openjdk security update (Moderate) | ||
| Description: | The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2011:0214-01 CVE-2010-4476 CESA-2011:0214-CentOS 5 | Version: | 6 |
| Platform(s): | Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | java-1.6.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21716 | |||
| Oval ID: | oval:org.mitre.oval:def:21716 | ||
| Title: | RHSA-2010:0768: java-1.6.0-openjdk security and bug fix update (Important) | ||
| Description: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2010:0768-01 CESA-2010:0768 CVE-2009-3555 CVE-2010-3541 CVE-2010-3548 CVE-2010-3549 CVE-2010-3551 CVE-2010-3553 CVE-2010-3554 CVE-2010-3557 CVE-2010-3561 CVE-2010-3562 CVE-2010-3564 CVE-2010-3565 CVE-2010-3567 CVE-2010-3568 CVE-2010-3569 CVE-2010-3573 CVE-2010-3574 | Version: | 224 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | java-1.6.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21848 | |||
| Oval ID: | oval:org.mitre.oval:def:21848 | ||
| Title: | RHSA-2010:0862: nss security update (Low) | ||
| Description: | Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 recognize a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2010:0862-02 CVE-2010-3170 | Version: | 4 |
| Platform(s): | Red Hat Enterprise Linux 6 | Product(s): | nss nss-softokn nss-util |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21850 | |||
| Oval ID: | oval:org.mitre.oval:def:21850 | ||
| Title: | RHSA-2011:0170: libuser security update (Moderate) | ||
| Description: | libuser before 0.57 uses a cleartext password value of (1) !! or (2) x for new LDAP user accounts, which makes it easier for remote attackers to obtain access by specifying one of these values. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2011:0170-01 CESA-2011:0170 CVE-2011-0002 | Version: | 4 |
| Platform(s): | Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 5 CentOS Linux 5 CentOS Linux 6 | Product(s): | libuser |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21907 | |||
| Oval ID: | oval:org.mitre.oval:def:21907 | ||
| Title: | RHSA-2011:0292: java-1.4.2-ibm security update (Moderate) | ||
| Description: | The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2011:0292-01 CVE-2010-4476 | Version: | 4 |
| Platform(s): | Red Hat Enterprise Linux 5 | Product(s): | java-1.4.2-ibm |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21931 | |||
| Oval ID: | oval:org.mitre.oval:def:21931 | ||
| Title: | RHSA-2011:0281: java-1.6.0-openjdk security update (Important) | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote attackers to affect availability, related to XML Digital Signature and unspecified APIs. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue involves the replacement of the "XML DSig Transform or C14N algorithm implementations." | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2011:0281-01 CVE-2010-4448 CVE-2010-4450 CVE-2010-4465 CVE-2010-4469 CVE-2010-4470 CVE-2010-4472 CESA-2011:0281-CentOS 5 | Version: | 83 |
| Platform(s): | Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | java-1.6.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22038 | |||
| Oval ID: | oval:org.mitre.oval:def:22038 | ||
| Title: | RHSA-2010:0978: openssl security update (Moderate) | ||
| Description: | OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2010:0978-01 CESA-2010:0978 CVE-2008-7270 CVE-2010-4180 | Version: | 29 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | openssl |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22097 | |||
| Oval ID: | oval:org.mitre.oval:def:22097 | ||
| Title: | RHSA-2010:0979: openssl security update (Moderate) | ||
| Description: | OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2010:0979-01 CVE-2010-4180 | Version: | 4 |
| Platform(s): | Red Hat Enterprise Linux 6 | Product(s): | openssl |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:22124 | |||
| Oval ID: | oval:org.mitre.oval:def:22124 | ||
| Title: | RHSA-2010:0770: java-1.6.0-sun security update (Critical) | ||
| Description: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2010:0770-01 CVE-2009-3555 CVE-2010-1321 CVE-2010-3541 CVE-2010-3548 CVE-2010-3549 CVE-2010-3550 CVE-2010-3551 CVE-2010-3552 CVE-2010-3553 CVE-2010-3554 CVE-2010-3555 CVE-2010-3556 CVE-2010-3557 CVE-2010-3558 CVE-2010-3559 CVE-2010-3560 CVE-2010-3561 CVE-2010-3562 CVE-2010-3563 CVE-2010-3565 CVE-2010-3566 CVE-2010-3567 CVE-2010-3568 CVE-2010-3569 CVE-2010-3570 CVE-2010-3571 CVE-2010-3572 CVE-2010-3573 CVE-2010-3574 | Version: | 380 |
| Platform(s): | Red Hat Enterprise Linux 5 | Product(s): | java-1.6.0-sun |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22284 | |||
| Oval ID: | oval:org.mitre.oval:def:22284 | ||
| Title: | RHSA-2010:0935: java-1.4.2-ibm security update (Moderate) | ||
| Description: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2010:0935-01 CVE-2010-1321 CVE-2010-3574 | Version: | 29 |
| Platform(s): | Red Hat Enterprise Linux 5 | Product(s): | java-1.4.2-ibm |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22285 | |||
| Oval ID: | oval:org.mitre.oval:def:22285 | ||
| Title: | RHSA-2010:0865: java-1.6.0-openjdk security and bug fix update (Important) | ||
| Description: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2010:0865-02 CVE-2009-3555 CVE-2010-3541 CVE-2010-3548 CVE-2010-3549 CVE-2010-3551 CVE-2010-3553 CVE-2010-3554 CVE-2010-3557 CVE-2010-3561 CVE-2010-3562 CVE-2010-3564 CVE-2010-3565 CVE-2010-3567 CVE-2010-3568 CVE-2010-3569 CVE-2010-3573 CVE-2010-3574 | Version: | 224 |
| Platform(s): | Red Hat Enterprise Linux 6 | Product(s): | java-1.6.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22306 | |||
| Oval ID: | oval:org.mitre.oval:def:22306 | ||
| Title: | ELSA-2010:0978: openssl security update (Moderate) | ||
| Description: | OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2010:0978-01 CVE-2008-7270 CVE-2010-4180 | Version: | 13 |
| Platform(s): | Oracle Linux 5 | Product(s): | openssl |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:22342 | |||
| Oval ID: | oval:org.mitre.oval:def:22342 | ||
| Title: | RHSA-2010:0873: java-1.5.0-ibm security update (Critical) | ||
| Description: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2010:0873-02 CVE-2010-1321 CVE-2010-3541 CVE-2010-3548 CVE-2010-3549 CVE-2010-3550 CVE-2010-3551 CVE-2010-3556 CVE-2010-3559 CVE-2010-3562 CVE-2010-3565 CVE-2010-3566 CVE-2010-3568 CVE-2010-3569 CVE-2010-3572 CVE-2010-3573 CVE-2010-3574 | Version: | 211 |
| Platform(s): | Red Hat Enterprise Linux 6 | Product(s): | java-1.5.0-ibm |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22361 | |||
| Oval ID: | oval:org.mitre.oval:def:22361 | ||
| Title: | RHSA-2010:0807: java-1.5.0-ibm security update (Critical) | ||
| Description: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2010:0807-01 CVE-2009-3555 CVE-2010-1321 CVE-2010-3541 CVE-2010-3548 CVE-2010-3549 CVE-2010-3550 CVE-2010-3551 CVE-2010-3556 CVE-2010-3559 CVE-2010-3562 CVE-2010-3565 CVE-2010-3566 CVE-2010-3568 CVE-2010-3569 CVE-2010-3572 CVE-2010-3573 CVE-2010-3574 | Version: | 224 |
| Platform(s): | Red Hat Enterprise Linux 5 | Product(s): | java-1.5.0-ibm |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22780 | |||
| Oval ID: | oval:org.mitre.oval:def:22780 | ||
| Title: | ELSA-2010:0979: openssl security update (Moderate) | ||
| Description: | OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2010:0979-01 CVE-2010-4180 | Version: | 6 |
| Platform(s): | Oracle Linux 6 | Product(s): | openssl |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:22816 | |||
| Oval ID: | oval:org.mitre.oval:def:22816 | ||
| Title: | ELSA-2011:0152: java-1.4.2-ibm security update (Moderate) | ||
| Description: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2011:0152-01 CVE-2010-1321 CVE-2010-3574 | Version: | 13 |
| Platform(s): | Oracle Linux 5 | Product(s): | java-1.4.2-ibm |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22826 | |||
| Oval ID: | oval:org.mitre.oval:def:22826 | ||
| Title: | ELSA-2011:0292: java-1.4.2-ibm security update (Moderate) | ||
| Description: | The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2011:0292-01 CVE-2010-4476 | Version: | 6 |
| Platform(s): | Oracle Linux 5 | Product(s): | java-1.4.2-ibm |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22845 | |||
| Oval ID: | oval:org.mitre.oval:def:22845 | ||
| Title: | ELSA-2011:0281: java-1.6.0-openjdk security update (Important) | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote attackers to affect availability, related to XML Digital Signature and unspecified APIs. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue involves the replacement of the "XML DSig Transform or C14N algorithm implementations." | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2011:0281-01 CVE-2010-4448 CVE-2010-4450 CVE-2010-4465 CVE-2010-4469 CVE-2010-4470 CVE-2010-4472 | Version: | 29 |
| Platform(s): | Oracle Linux 6 | Product(s): | java-1.6.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22873 | |||
| Oval ID: | oval:org.mitre.oval:def:22873 | ||
| Title: | ELSA-2010:0807: java-1.5.0-ibm security update (Critical) | ||
| Description: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2010:0807-01 CVE-2009-3555 CVE-2010-1321 CVE-2010-3541 CVE-2010-3548 CVE-2010-3549 CVE-2010-3550 CVE-2010-3551 CVE-2010-3556 CVE-2010-3559 CVE-2010-3562 CVE-2010-3565 CVE-2010-3566 CVE-2010-3568 CVE-2010-3569 CVE-2010-3572 CVE-2010-3573 CVE-2010-3574 | Version: | 73 |
| Platform(s): | Oracle Linux 5 | Product(s): | java-1.5.0-ibm |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22894 | |||
| Oval ID: | oval:org.mitre.oval:def:22894 | ||
| Title: | ELSA-2011:0857: java-1.6.0-openjdk security update (Important) | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Swing. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2011:0857-01 CVE-2011-0862 CVE-2011-0864 CVE-2011-0865 CVE-2011-0867 CVE-2011-0868 CVE-2011-0869 CVE-2011-0871 | Version: | 33 |
| Platform(s): | Oracle Linux 5 | Product(s): | java-1.6.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22954 | |||
| Oval ID: | oval:org.mitre.oval:def:22954 | ||
| Title: | ELSA-2010:0770: java-1.6.0-sun security update (Critical) | ||
| Description: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2010:0770-01 CVE-2009-3555 CVE-2010-1321 CVE-2010-3541 CVE-2010-3548 CVE-2010-3549 CVE-2010-3550 CVE-2010-3551 CVE-2010-3552 CVE-2010-3553 CVE-2010-3554 CVE-2010-3555 CVE-2010-3556 CVE-2010-3557 CVE-2010-3558 CVE-2010-3559 CVE-2010-3560 CVE-2010-3561 CVE-2010-3562 CVE-2010-3563 CVE-2010-3565 CVE-2010-3566 CVE-2010-3567 CVE-2010-3568 CVE-2010-3569 CVE-2010-3570 CVE-2010-3571 CVE-2010-3572 CVE-2010-3573 CVE-2010-3574 | Version: | 121 |
| Platform(s): | Oracle Linux 5 | Product(s): | java-1.6.0-sun |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22962 | |||
| Oval ID: | oval:org.mitre.oval:def:22962 | ||
| Title: | ELSA-2010:0768: java-1.6.0-openjdk security and bug fix update (Important) | ||
| Description: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2010:0768-01 CVE-2009-3555 CVE-2010-3541 CVE-2010-3548 CVE-2010-3549 CVE-2010-3551 CVE-2010-3553 CVE-2010-3554 CVE-2010-3557 CVE-2010-3561 CVE-2010-3562 CVE-2010-3564 CVE-2010-3565 CVE-2010-3567 CVE-2010-3568 CVE-2010-3569 CVE-2010-3573 CVE-2010-3574 | Version: | 73 |
| Platform(s): | Oracle Linux 5 | Product(s): | java-1.6.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22977 | |||
| Oval ID: | oval:org.mitre.oval:def:22977 | ||
| Title: | ELSA-2011:0336: tomcat5 security update (Important) | ||
| Description: | The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2011:0336-01 CVE-2010-4476 | Version: | 6 |
| Platform(s): | Oracle Linux 5 | Product(s): | tomcat5 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:23034 | |||
| Oval ID: | oval:org.mitre.oval:def:23034 | ||
| Title: | ELSA-2010:0423: krb5 security update (Important) | ||
| Description: | The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API library in MIT Kerberos 5 (aka krb5) through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an AP-REQ message in which the authenticator's checksum field is missing. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2010:0423-01 CVE-2010-1321 | Version: | 6 |
| Platform(s): | Oracle Linux 5 | Product(s): | krb5 |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:23084 | |||
| Oval ID: | oval:org.mitre.oval:def:23084 | ||
| Title: | DEPRECATED: ELSA-2011:0170: libuser security update (Moderate) | ||
| Description: | libuser before 0.57 uses a cleartext password value of (1) !! or (2) x for new LDAP user accounts, which makes it easier for remote attackers to obtain access by specifying one of these values. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2011:0170-01 CVE-2011-0002 | Version: | 7 |
| Platform(s): | Oracle Linux 6 Oracle Linux 5 | Product(s): | libuser |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:23111 | |||
| Oval ID: | oval:org.mitre.oval:def:23111 | ||
| Title: | ELSA-2011:0490: java-1.4.2-ibm security update (Critical) | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Deployment. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2011:0490-01 CVE-2010-4447 CVE-2010-4448 CVE-2010-4454 CVE-2010-4462 CVE-2010-4465 CVE-2010-4466 CVE-2010-4473 CVE-2010-4475 | Version: | 30 |
| Platform(s): | Oracle Linux 5 | Product(s): | java-1.4.2-ibm |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:23245 | |||
| Oval ID: | oval:org.mitre.oval:def:23245 | ||
| Title: | ELSA-2010:0935: java-1.4.2-ibm security update (Moderate) | ||
| Description: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2010:0935-01 CVE-2010-1321 CVE-2010-3574 | Version: | 13 |
| Platform(s): | Oracle Linux 5 | Product(s): | java-1.4.2-ibm |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:23249 | |||
| Oval ID: | oval:org.mitre.oval:def:23249 | ||
| Title: | ELSA-2011:0856: java-1.6.0-openjdk security update (Critical) | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Swing. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2011:0856-01 CVE-2011-0862 CVE-2011-0864 CVE-2011-0865 CVE-2011-0867 CVE-2011-0868 CVE-2011-0869 CVE-2011-0871 | Version: | 33 |
| Platform(s): | Oracle Linux 6 | Product(s): | java-1.6.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:23275 | |||
| Oval ID: | oval:org.mitre.oval:def:23275 | ||
| Title: | ELSA-2010:0862: nss security update (Low) | ||
| Description: | Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 recognize a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2010:0862-02 CVE-2010-3170 | Version: | 6 |
| Platform(s): | Oracle Linux 6 | Product(s): | nss nss-softokn nss-util |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:23319 | |||
| Oval ID: | oval:org.mitre.oval:def:23319 | ||
| Title: | ELSA-2011:0214: java-1.6.0-openjdk security update (Moderate) | ||
| Description: | The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2011:0214-01 CVE-2010-4476 | Version: | 6 |
| Platform(s): | Oracle Linux 6 | Product(s): | java-1.6.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:23349 | |||
| Oval ID: | oval:org.mitre.oval:def:23349 | ||
| Title: | ELSA-2011:0170: libuser security update (Moderate) | ||
| Description: | libuser before 0.57 uses a cleartext password value of (1) !! or (2) x for new LDAP user accounts, which makes it easier for remote attackers to obtain access by specifying one of these values. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2011:0170-01 CVE-2011-0002 | Version: | 6 |
| Platform(s): | Oracle Linux 6 Oracle Linux 5 | Product(s): | libuser |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:23563 | |||
| Oval ID: | oval:org.mitre.oval:def:23563 | ||
| Title: | ELSA-2010:0865: java-1.6.0-openjdk security and bug fix update (Important) | ||
| Description: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2010:0865-02 CVE-2009-3555 CVE-2010-3541 CVE-2010-3548 CVE-2010-3549 CVE-2010-3551 CVE-2010-3553 CVE-2010-3554 CVE-2010-3557 CVE-2010-3561 CVE-2010-3562 CVE-2010-3564 CVE-2010-3565 CVE-2010-3567 CVE-2010-3568 CVE-2010-3569 CVE-2010-3573 CVE-2010-3574 | Version: | 73 |
| Platform(s): | Oracle Linux 6 | Product(s): | java-1.6.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:23606 | |||
| Oval ID: | oval:org.mitre.oval:def:23606 | ||
| Title: | ELSA-2010:0873: java-1.5.0-ibm security update (Critical) | ||
| Description: | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2010:0873-02 CVE-2010-1321 CVE-2010-3541 CVE-2010-3548 CVE-2010-3549 CVE-2010-3550 CVE-2010-3551 CVE-2010-3556 CVE-2010-3559 CVE-2010-3562 CVE-2010-3565 CVE-2010-3566 CVE-2010-3568 CVE-2010-3569 CVE-2010-3572 CVE-2010-3573 CVE-2010-3574 | Version: | 69 |
| Platform(s): | Oracle Linux 6 | Product(s): | java-1.5.0-ibm |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24969 | |||
| Oval ID: | oval:org.mitre.oval:def:24969 | ||
| Title: | Vulnerability in OpenSSL 0.9.8q, and 1.0.x before 1.0.0c, does not properly prevent modification of the ciphersuite in the session cache | ||
| Description: | OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-4180 | Version: | 3 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | OpenSSL |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:25193 | |||
| Oval ID: | oval:org.mitre.oval:def:25193 | ||
| Title: | SUSE-SU-2013:1165-1 -- Security update for libcurl4 | ||
| Description: | This update of curl fixes several security issues: * libcurl URL decode buffer boundary flaw (bnc#824517 / CVE-2013-2174) * cookie domain tailmatch (bnc#814655 / CVE-2013-1944) * curl sets SSL_OP_ALL (bnc#742306 / CVE-2011-3389) * When SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier (CVE-2010-4180) | ||
| Family: | unix | Class: | patch |
| Reference(s): | SUSE-SU-2013:1165-1 CVE-2013-2174 CVE-2013-1944 CVE-2011-3389 CVE-2010-4180 | Version: | 3 |
| Platform(s): | SUSE Linux Enterprise Desktop 10 | Product(s): | libcurl4 |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:27785 | |||
| Oval ID: | oval:org.mitre.oval:def:27785 | ||
| Title: | DEPRECATED: ELSA-2010-0978 -- openssl security update (moderate) | ||
| Description: | [0.9.8e-12.7] - fix CVE-2010-4180 - completely disable code for SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG (#659462) | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2010-0978 CVE-2010-4180 CVE-2008-7270 | Version: | 4 |
| Platform(s): | Oracle Linux 5 | Product(s): | openssl |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:27917 | |||
| Oval ID: | oval:org.mitre.oval:def:27917 | ||
| Title: | DEPRECATED: ELSA-2011-0856 -- java-1.6.0-openjdk security update (critical) | ||
| Description: | [1.6.0.0-1.39.1.9.8] - Resolves: rhbz#709375 - Bumped to IcedTea6 1.9.8 - Copy fontconfig files to match names for current and next release - RH706250, S6213702, CVE-2011-0872: (so) non-blocking sockets with TCP urgent disabled get still selected for read ops (win) - RH706106, S6618658, CVE-2011-0865: Vulnerability in deserialization - RH706111, S7012520, CVE-2011-0815: Heap overflow vulnerability in FileDialog.show() - RH706139, S7013519, CVE-2011-0822, CVE-2011-0862: Integer overflows in 2D code - RH706153, S7013969, CVE-2011-0867: NetworkInterface.toString can reveal bindings - RH706234, S7013971, CVE-2011-0869: Vulnerability in SAAJ - RH706239, S7016340, CVE-2011-0870: Vulnerability in SAAJ - RH706241, S7016495, CVE-2011-0868: Crash in Java 2D transforming an image with scale close to zero - RH706248, S7020198, CVE-2011-0871: ImageIcon creates Component with null acc - RH706245, S7020373, CVE-2011-0864: JSR rewriting can overflow memory address size variables | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2011-0856 CVE-2011-0862 CVE-2011-0864 CVE-2011-0865 CVE-2011-0867 CVE-2011-0868 CVE-2011-0869 CVE-2011-0871 | Version: | 4 |
| Platform(s): | Oracle Linux 6 | Product(s): | java-1.6.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:27951 | |||
| Oval ID: | oval:org.mitre.oval:def:27951 | ||
| Title: | DEPRECATED: ELSA-2010-0862 -- nss security update (low) | ||
| Description: | nss: [3.12.8-1.0.1.el6] - Update expired PayPalEE.cert to fix build failure - Use blank image instead of clean.gif in nss-3.12.8-stripped.tar.bz2 [3.12.8-1] - Update to 3.12.8 nss-softokn: [3.12.8-1] - Update to 3.12.8 nss-util: [3.12.7-1] - Update to 3.12.7 | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2010-0862 CVE-2010-3170 | Version: | 4 |
| Platform(s): | Oracle Linux 6 | Product(s): | nss nss-softokn nss-util |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:28054 | |||
| Oval ID: | oval:org.mitre.oval:def:28054 | ||
| Title: | DEPRECATED: ELSA-2011-0214 -- java-1.6.0-openjdk security update (moderate) | ||
| Description: | [1.6.0.0-1.36.b17] - removed plugin. How it comes in?! - Resolves: rhbz#676295 [1.6.0.0-1.33.b17] - bumped release number, it was accidentaly reduced, and now lower version then last one was released. - Resolves: rhbz#676295 [1.6.0.0-1.22.b17] - Updated to 1.7.9 tarball - removed patch6, fixed upstrream - Resolves: rhbz#676295 | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2011-0214 CVE-2010-4476 | Version: | 4 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | java-1.6.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:28113 | |||
| Oval ID: | oval:org.mitre.oval:def:28113 | ||
| Title: | DEPRECATED: ELSA-2011-0857 -- java-1.6.0-openjdk security update (important) | ||
| Description: | [1:1.6.0.0-1.22.1.9.8.0.1.el5_6] - Add oracle-enterprise.patch [1:1.6.0.0-1.22.1.9.8] - Resolves: rhbz#668488 - Bumped to IcedTea6 1.9.8 - RH706250, S6213702, CVE-2011-0872: (so) non-blocking sockets with TCP urgent disabled get still selected for read ops (win) - RH706106, S6618658, CVE-2011-0865: Vulnerability in deserialization - RH706111, S7012520, CVE-2011-0815: Heap overflow vulnerability in FileDialog.show() - RH706139, S7013519, CVE-2011-0822, CVE-2011-0862: Integer overflows in 2D code - RH706153, S7013969, CVE-2011-0867: NetworkInterface.toString can reveal bindings - RH706234, S7013971, CVE-2011-0869: Vulnerability in SAAJ - RH706239, S7016340, CVE-2011-0870: Vulnerability in SAAJ - RH706241, S7016495, CVE-2011-0868: Crash in Java 2D transforming an image with scale close to zero - RH706248, S7020198, CVE-2011-0871: ImageIcon creates Component with null acc - RH706245, S7020373, CVE-2011-0864: JSR rewriting can overflow memory address size variables [1:1.6.0.0-1.22.1.9.7] - Resolves bz690289 - Import from RHEL-5_6-Z - Updated to IcedTea6 1.9.7 - Removed all plugin/webstart related commented lines - Modified bz entry format in previous logs to get around cvs ack checking bug | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2011-0857 CVE-2011-0862 CVE-2011-0864 CVE-2011-0865 CVE-2011-0867 CVE-2011-0868 CVE-2011-0869 CVE-2011-0871 | Version: | 4 |
| Platform(s): | Oracle Linux 5 | Product(s): | java-1.6.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:28187 | |||
| Oval ID: | oval:org.mitre.oval:def:28187 | ||
| Title: | DEPRECATED: ELSA-2010-0979 -- openssl security update (moderate) | ||
| Description: | [1.0.0-4.2] - disable code for SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG - CVE-2010-3864 (#649304) [1.0.0-4.1] - fix race in extension parsing code - CVE-2010-3864 (#649304) | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2010-0979 CVE-2010-3864 CVE-2010-4180 | Version: | 4 |
| Platform(s): | Oracle Linux 6 | Product(s): | openssl |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:7198 | |||
| Oval ID: | oval:org.mitre.oval:def:7198 | ||
| Title: | VMware ESX,Service Console update for krb5. | ||
| Description: | The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API library in MIT Kerberos 5 (aka krb5) through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an AP-REQ message in which the authenticator's checksum field is missing. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-1321 | Version: | 5 |
| Platform(s): | VMWare ESX Server 3.5 VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:7450 | |||
| Oval ID: | oval:org.mitre.oval:def:7450 | ||
| Title: | HP-UX Running Kerberos, Remote Denial of Service (DoS), Execution of Arbitrary Code | ||
| Description: | The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API library in MIT Kerberos 5 (aka krb5) through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an AP-REQ message in which the authenticator's checksum field is missing. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-1321 | Version: | 11 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
SAINT Exploits
| Description | Link |
|---|---|
| Oracle Java IE Browser Plugin docbase Parameter Stack Buffer Overflow | More info here |
| Oracle Java Applet2ClassLoader Vulnerability | More info here |
ExploitDB Exploits
| id | Description |
|---|---|
| 2011-03-16 | Sun Java Applet2ClassLoader Remote Code Execution Exploit |
| 2011-01-22 | Sun Java Web Start BasicServiceImpl Remote Code Execution Exploit |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2012-08-31 | Name : VMSA-2012-0013 VMware vSphere and vCOps updates to third party libraries. File : nvt/gb_VMSA-2012-0013.nasl |
| 2012-07-30 | Name : CentOS Update for openssl CESA-2010:0977 centos4 x86_64 File : nvt/gb_CESA-2010_0977_openssl_centos4_x86_64.nasl |
| 2012-07-30 | Name : CentOS Update for libuser CESA-2011:0170 centos4 x86_64 File : nvt/gb_CESA-2011_0170_libuser_centos4_x86_64.nasl |
| 2012-07-30 | Name : CentOS Update for libuser CESA-2011:0170 centos5 x86_64 File : nvt/gb_CESA-2011_0170_libuser_centos5_x86_64.nasl |
| 2012-07-30 | Name : CentOS Update for java CESA-2011:0214 centos5 x86_64 File : nvt/gb_CESA-2011_0214_java_centos5_x86_64.nasl |
| 2012-07-30 | Name : CentOS Update for java CESA-2011:0281 centos5 x86_64 File : nvt/gb_CESA-2011_0281_java_centos5_x86_64.nasl |
| 2012-07-30 | Name : CentOS Update for tomcat5 CESA-2011:0336 centos5 x86_64 File : nvt/gb_CESA-2011_0336_tomcat5_centos5_x86_64.nasl |
| 2012-07-30 | Name : CentOS Update for java CESA-2011:0857 centos5 x86_64 File : nvt/gb_CESA-2011_0857_java_centos5_x86_64.nasl |
| 2012-06-19 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2012-9541 File : nvt/gb_fedora_2012_9541_java-1.6.0-openjdk_fc15.nasl |
| 2012-06-06 | Name : RedHat Update for tomcat6 RHSA-2011:0335-01 File : nvt/gb_RHSA-2011_0335-01_tomcat6.nasl |
| 2012-06-06 | Name : RedHat Update for java-1.6.0-openjdk RHSA-2011:0856-01 File : nvt/gb_RHSA-2011_0856-01_java-1.6.0-openjdk.nasl |
| 2012-03-16 | Name : VMSA-2011-0003.2 Third party component updates for VMware vCenter Server, vCe... File : nvt/gb_VMSA-2011-0003.nasl |
| 2012-03-15 | Name : VMSA-2010-0016 VMware ESXi and ESX third party updates for Service Console an... File : nvt/gb_VMSA-2010-0016.nasl |
| 2012-03-15 | Name : VMSA-2011-0013.2 VMware third party component updates for VMware vCenter Serv... File : nvt/gb_VMSA-2011-0013.nasl |
| 2012-03-09 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2012-1721 File : nvt/gb_fedora_2012_1721_java-1.6.0-openjdk_fc15.nasl |
| 2012-02-12 | Name : Gentoo Security Advisory GLSA 201110-01 (openssl) File : nvt/glsa_201110_01.nasl |
| 2012-02-12 | Name : Gentoo Security Advisory GLSA 201111-02 (sun-jre-bin sun-jdk emul-linux-x86-j... File : nvt/glsa_201111_02.nasl |
| 2012-02-12 | Name : Gentoo Security Advisory GLSA 201201-13 (mit-krb5) File : nvt/glsa_201201_13.nasl |
| 2012-02-11 | Name : Debian Security Advisory DSA 2358-1 (openjdk-6) File : nvt/deb_2358_1.nasl |
| 2011-10-21 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2011-14638 File : nvt/gb_fedora_2011_14638_java-1.6.0-openjdk_fc14.nasl |
| 2011-10-21 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2011-14648 File : nvt/gb_fedora_2011_14648_java-1.6.0-openjdk_fc15.nasl |
| 2011-10-16 | Name : Debian Security Advisory DSA 2311-1 (openjdk-6) File : nvt/deb_2311_1.nasl |
| 2011-09-12 | Name : Fedora Update for openssl FEDORA-2011-12281 File : nvt/gb_fedora_2011_12281_openssl_fc14.nasl |
| 2011-08-29 | Name : Java for Mac OS X 10.5 Update 9 File : nvt/secpod_macosx_java_10_5_upd_9.nasl |
| 2011-08-29 | Name : Java for Mac OS X 10.6 Update 4 File : nvt/secpod_macosx_java_10_6_upd_4.nasl |
| 2011-08-26 | Name : Java for Mac OS X 10.5 Update 10 File : nvt/secpod_macosx_java_10_5_upd_10.nasl |
| 2011-08-26 | Name : Java for Mac OS X 10.6 Update 5 File : nvt/secpod_macosx_java_10_6_upd_5.nasl |
| 2011-08-19 | Name : Mac OS X v10.6.8 Multiple Vulnerabilities (2011-004) File : nvt/secpod_macosx_su11-004.nasl |
| 2011-08-18 | Name : Mandriva Update for java-1.6.0-openjdk MDVSA-2011:126 (java-1.6.0-openjdk) File : nvt/gb_mandriva_MDVSA_2011_126.nasl |
| 2011-08-12 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2011-9523 File : nvt/gb_fedora_2011_9523_java-1.6.0-openjdk_fc14.nasl |
| 2011-08-09 | Name : CentOS Update for java CESA-2010:0768 centos5 i386 File : nvt/gb_CESA-2010_0768_java_centos5_i386.nasl |
| 2011-08-09 | Name : CentOS Update for firefox CESA-2010:0782 centos5 i386 File : nvt/gb_CESA-2010_0782_firefox_centos5_i386.nasl |
| 2011-08-09 | Name : CentOS Update for openssl CESA-2010:0978 centos5 i386 File : nvt/gb_CESA-2010_0978_openssl_centos5_i386.nasl |
| 2011-08-09 | Name : CentOS Update for libuser CESA-2011:0170 centos5 i386 File : nvt/gb_CESA-2011_0170_libuser_centos5_i386.nasl |
| 2011-08-09 | Name : CentOS Update for java CESA-2011:0214 centos5 i386 File : nvt/gb_CESA-2011_0214_java_centos5_i386.nasl |
| 2011-08-09 | Name : CentOS Update for java CESA-2011:0281 centos5 i386 File : nvt/gb_CESA-2011_0281_java_centos5_i386.nasl |
| 2011-08-09 | Name : CentOS Update for tomcat5 CESA-2011:0336 centos5 i386 File : nvt/gb_CESA-2011_0336_tomcat5_centos5_i386.nasl |
| 2011-08-09 | Name : CentOS Update for java CESA-2011:0857 centos5 i386 File : nvt/gb_CESA-2011_0857_java_centos5_i386.nasl |
| 2011-07-12 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2011-8028 File : nvt/gb_fedora_2011_8028_java-1.6.0-openjdk_fc15.nasl |
| 2011-06-24 | Name : Ubuntu Update for openjdk-6 USN-1154-1 File : nvt/gb_ubuntu_USN_1154_1.nasl |
| 2011-06-24 | Name : Oracle Java SE Multiple Unspecified Vulnerabilities - June11 (Windows) File : nvt/secpod_oracle_java_mult_unspecified_vuln_win_jun11.nasl |
| 2011-06-20 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2011-8003 File : nvt/gb_fedora_2011_8003_java-1.6.0-openjdk_fc14.nasl |
| 2011-06-20 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2011-8020 File : nvt/gb_fedora_2011_8020_java-1.6.0-openjdk_fc13.nasl |
| 2011-06-10 | Name : RedHat Update for java-1.6.0-openjdk RHSA-2011:0857-01 File : nvt/gb_RHSA-2011_0857-01_java-1.6.0-openjdk.nasl |
| 2011-06-06 | Name : HP-UX Update for Java HPSBUX02685 File : nvt/gb_hp_ux_HPSBUX02685.nasl |
| 2011-05-12 | Name : Debian Security Advisory DSA 2224-1 (openjdk-6) File : nvt/deb_2224_1.nasl |
| 2011-05-05 | Name : Fedora Update for krb5 FEDORA-2011-5343 File : nvt/gb_fedora_2011_5343_krb5_fc13.nasl |
| 2011-05-05 | Name : HP-UX Update for OpenSSL HPSBUX02638 File : nvt/gb_hp_ux_HPSBUX02638.nasl |
| 2011-05-05 | Name : HP-UX Update for Apache Web Server HPSBUX02645 File : nvt/gb_hp_ux_HPSBUX02645.nasl |
| 2011-04-01 | Name : Mandriva Update for java-1.6.0-openjdk MDVSA-2011:054 (java-1.6.0-openjdk) File : nvt/gb_mandriva_MDVSA_2011_054.nasl |
| 2011-03-25 | Name : Fedora Update for krb5 FEDORA-2011-3464 File : nvt/gb_fedora_2011_3464_krb5_fc13.nasl |
| 2011-03-24 | Name : Fedora Update for openssl FEDORA-2011-1255 File : nvt/gb_fedora_2011_1255_openssl_fc13.nasl |
| 2011-03-15 | Name : RedHat Update for tomcat5 RHSA-2011:0336-01 File : nvt/gb_RHSA-2011_0336-01_tomcat5.nasl |
| 2011-03-07 | Name : Debian Security Advisory DSA 2161-1 (openjdk-6) File : nvt/deb_2161_1.nasl |
| 2011-03-07 | Name : Debian Security Advisory DSA 2161-2 (openjdk-6) File : nvt/deb_2161_2.nasl |
| 2011-03-07 | Name : Ubuntu Update for openjdk-6 vulnerabilities USN-1079-1 File : nvt/gb_ubuntu_USN_1079_1.nasl |
| 2011-02-28 | Name : SuSE Update for java-1_6_0-sun SUSE-SA:2011:010 File : nvt/gb_suse_2011_010.nasl |
| 2011-02-28 | Name : Oracle Java SE Code Execution Vulnerability (Windows) File : nvt/secpod_oracle_java_code_exec_vuln_win.nasl |
| 2011-02-28 | Name : Oracle Java SE Code Execution Vulnerability (Windows-01) File : nvt/secpod_oracle_java_code_exec_vuln_win01.nasl |
| 2011-02-28 | Name : Oracle Java SE Code Execution Vulnerabilities (Windows) File : nvt/secpod_oracle_java_mult_code_exec_vuln_win.nasl |
| 2011-02-28 | Name : Oracle Java SE Multiple Unspecified Vulnerabilities (Windows) File : nvt/secpod_oracle_java_mult_unspecified_vuln_win.nasl |
| 2011-02-28 | Name : Oracle Java SE Multiple Unspecified Vulnerabilities (Windows) File : nvt/secpod_oracle_java_mult_unspecified_vuln_win_feb11.nasl |
| 2011-02-18 | Name : RedHat Update for java-1.6.0-openjdk RHSA-2011:0281-01 File : nvt/gb_RHSA-2011_0281-01_java-1.6.0-openjdk.nasl |
| 2011-02-18 | Name : Fedora Update for krb5 FEDORA-2011-1210 File : nvt/gb_fedora_2011_1210_krb5_fc13.nasl |
| 2011-02-18 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2011-1631 File : nvt/gb_fedora_2011_1631_java-1.6.0-openjdk_fc13.nasl |
| 2011-02-18 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2011-1645 File : nvt/gb_fedora_2011_1645_java-1.6.0-openjdk_fc14.nasl |
| 2011-02-16 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2011-1231 File : nvt/gb_fedora_2011_1231_java-1.6.0-openjdk_fc13.nasl |
| 2011-02-16 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2011-1263 File : nvt/gb_fedora_2011_1263_java-1.6.0-openjdk_fc14.nasl |
| 2011-02-16 | Name : Fedora Update for openssl FEDORA-2011-1273 File : nvt/gb_fedora_2011_1273_openssl_fc14.nasl |
| 2011-02-11 | Name : CentOS Update for libuser CESA-2011:0170 centos4 i386 File : nvt/gb_CESA-2011_0170_libuser_centos4_i386.nasl |
| 2011-02-11 | Name : RedHat Update for java-1.6.0-openjdk RHSA-2011:0214-01 File : nvt/gb_RHSA-2011_0214-01_java-1.6.0-openjdk.nasl |
| 2011-01-31 | Name : CentOS Update for openssl CESA-2010:0977 centos4 i386 File : nvt/gb_CESA-2010_0977_openssl_centos4_i386.nasl |
| 2011-01-31 | Name : Mandriva Update for libuser MDVSA-2011:019 (libuser) File : nvt/gb_mandriva_MDVSA_2011_019.nasl |
| 2011-01-24 | Name : Fedora Update for libuser FEDORA-2011-0316 File : nvt/gb_fedora_2011_0316_libuser_fc14.nasl |
| 2011-01-24 | Name : Fedora Update for libuser FEDORA-2011-0320 File : nvt/gb_fedora_2011_0320_libuser_fc13.nasl |
| 2011-01-21 | Name : RedHat Update for libuser RHSA-2011:0170-01 File : nvt/gb_RHSA-2011_0170-01_libuser.nasl |
| 2011-01-04 | Name : HP-UX Update for Java HPSBUX02608 File : nvt/gb_hp_ux_HPSBUX02608.nasl |
| 2010-12-28 | Name : RedHat Update for openssl RHSA-2010:0977-01 File : nvt/gb_RHSA-2010_0977-01_openssl.nasl |
| 2010-12-28 | Name : RedHat Update for openssl RHSA-2010:0978-01 File : nvt/gb_RHSA-2010_0978-01_openssl.nasl |
| 2010-12-28 | Name : Fedora Update for openssl FEDORA-2010-18736 File : nvt/gb_fedora_2010_18736_openssl_fc13.nasl |
| 2010-12-28 | Name : Fedora Update for openssl FEDORA-2010-18765 File : nvt/gb_fedora_2010_18765_openssl_fc14.nasl |
| 2010-12-23 | Name : Fedora Update for krb5 FEDORA-2010-18425 File : nvt/gb_fedora_2010_18425_krb5_fc13.nasl |
| 2010-12-23 | Name : Mandriva Update for openssl MDVSA-2010:248 (openssl) File : nvt/gb_mandriva_MDVSA_2010_248.nasl |
| 2010-12-23 | Name : Ubuntu Update for openssl vulnerabilities USN-1029-1 File : nvt/gb_ubuntu_USN_1029_1.nasl |
| 2010-12-02 | Name : Fedora Update for nss-softokn FEDORA-2010-15897 File : nvt/gb_fedora_2010_15897_nss-softokn_fc14.nasl |
| 2010-12-02 | Name : Fedora Update for nss-util FEDORA-2010-15897 File : nvt/gb_fedora_2010_15897_nss-util_fc14.nasl |
| 2010-12-02 | Name : Fedora Update for nss FEDORA-2010-15897 File : nvt/gb_fedora_2010_15897_nss_fc14.nasl |
| 2010-12-02 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2010-16312 File : nvt/gb_fedora_2010_16312_java-1.6.0-openjdk_fc14.nasl |
| 2010-11-17 | Name : Debian Security Advisory DSA 2123-1 (nss) File : nvt/deb_2123_1.nasl |
| 2010-11-17 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox52.nasl |
| 2010-11-16 | Name : Fedora Update for nss-softokn FEDORA-2010-15989 File : nvt/gb_fedora_2010_15989_nss-softokn_fc12.nasl |
| 2010-11-16 | Name : Fedora Update for nss-util FEDORA-2010-15989 File : nvt/gb_fedora_2010_15989_nss-util_fc12.nasl |
| 2010-11-16 | Name : Fedora Update for nss FEDORA-2010-15989 File : nvt/gb_fedora_2010_15989_nss_fc12.nasl |
| 2010-11-16 | Name : SuSE Update for MozillaFirefox,seamonkey,MozillaThunderbird SUSE-SA:2010:056 File : nvt/gb_suse_2010_056.nasl |
| 2010-11-04 | Name : CentOS Update for seamonkey CESA-2010:0781 centos3 i386 File : nvt/gb_CESA-2010_0781_seamonkey_centos3_i386.nasl |
| 2010-11-04 | Name : CentOS Update for seamonkey CESA-2010:0781 centos4 i386 File : nvt/gb_CESA-2010_0781_seamonkey_centos4_i386.nasl |
| 2010-11-04 | Name : CentOS Update for firefox CESA-2010:0782 centos4 i386 File : nvt/gb_CESA-2010_0782_firefox_centos4_i386.nasl |
| 2010-11-04 | Name : Fedora Update for nss-softokn FEDORA-2010-15520 File : nvt/gb_fedora_2010_15520_nss-softokn_fc13.nasl |
| 2010-11-04 | Name : Fedora Update for nss-util FEDORA-2010-15520 File : nvt/gb_fedora_2010_15520_nss-util_fc13.nasl |
| 2010-11-04 | Name : Fedora Update for nss FEDORA-2010-15520 File : nvt/gb_fedora_2010_15520_nss_fc13.nasl |
| 2010-11-04 | Name : Ubuntu Update for openjdk-6, openjdk-6b18 vulnerabilities USN-1010-1 File : nvt/gb_ubuntu_USN_1010_1.nasl |
| 2010-10-28 | Name : Mozilla Products Multiple Vulnerabilities October-10 (Windows) File : nvt/gb_mozilla_prdts_mult_vuln_win_oct10.nasl |
| 2010-10-28 | Name : Oracle Java SE Multiple Vulnerabilities (Windows) File : nvt/gb_sun_java_se_mult_vuln_oct10_win.nasl |
| 2010-10-26 | Name : Mandriva Update for firefox MDVSA-2010:210 (firefox) File : nvt/gb_mandriva_MDVSA_2010_210.nasl |
| 2010-10-26 | Name : Mandriva Update for mozilla-thunderbird MDVSA-2010:211 (mozilla-thunderbird) File : nvt/gb_mandriva_MDVSA_2010_211.nasl |
| 2010-10-22 | Name : RedHat Update for seamonkey RHSA-2010:0781-01 File : nvt/gb_RHSA-2010_0781-01_seamonkey.nasl |
| 2010-10-22 | Name : RedHat Update for firefox RHSA-2010:0782-01 File : nvt/gb_RHSA-2010_0782-01_firefox.nasl |
| 2010-10-22 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2010-16240 File : nvt/gb_fedora_2010_16240_java-1.6.0-openjdk_fc12.nasl |
| 2010-10-22 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2010-16294 File : nvt/gb_fedora_2010_16294_java-1.6.0-openjdk_fc13.nasl |
| 2010-10-22 | Name : Ubuntu Update for nss vulnerabilities USN-1007-1 File : nvt/gb_ubuntu_USN_1007_1.nasl |
| 2010-10-19 | Name : RedHat Update for java-1.6.0-openjdk RHSA-2010:0768-01 File : nvt/gb_RHSA-2010_0768-01_java-1.6.0-openjdk.nasl |
| 2010-09-10 | Name : Fedora Update for sblim-sfcb FEDORA-2010-10323 File : nvt/gb_fedora_2010_10323_sblim-sfcb_fc13.nasl |
| 2010-09-07 | Name : Fedora Update for sblim-sfcb FEDORA-2010-12847 File : nvt/gb_fedora_2010_12847_sblim-sfcb_fc12.nasl |
| 2010-07-23 | Name : Ubuntu Update for krb5 vulnerability USN-940-2 File : nvt/gb_ubuntu_USN_940_2.nasl |
| 2010-07-12 | Name : Mandriva Update for heimdal MDVSA-2010:130 (heimdal) File : nvt/gb_mandriva_MDVSA_2010_130.nasl |
| 2010-06-03 | Name : Debian Security Advisory DSA 2052-1 (krb5) File : nvt/deb_2052_1.nasl |
| 2010-05-28 | Name : CentOS Update for krb5-devel CESA-2010:0423 centos3 i386 File : nvt/gb_CESA-2010_0423_krb5-devel_centos3_i386.nasl |
| 2010-05-28 | Name : CentOS Update for krb5-devel CESA-2010:0423 centos4 i386 File : nvt/gb_CESA-2010_0423_krb5-devel_centos4_i386.nasl |
| 2010-05-28 | Name : RedHat Update for krb5 RHSA-2010:0423-01 File : nvt/gb_RHSA-2010_0423-01_krb5.nasl |
| 2010-05-28 | Name : Fedora Update for krb5 FEDORA-2010-8796 File : nvt/gb_fedora_2010_8796_krb5_fc11.nasl |
| 2010-05-28 | Name : Fedora Update for krb5 FEDORA-2010-8805 File : nvt/gb_fedora_2010_8805_krb5_fc12.nasl |
| 2010-05-28 | Name : Mandriva Update for krb5 MDVSA-2010:100 (krb5) File : nvt/gb_mandriva_MDVSA_2010_100.nasl |
| 2010-05-28 | Name : Ubuntu Update for krb5 vulnerabilities USN-940-1 File : nvt/gb_ubuntu_USN_940_1.nasl |
| 2010-04-30 | Name : Mandriva Update for netcdf MDVA-2010:129 (netcdf) File : nvt/gb_mandriva_MDVA_2010_129.nasl |
| 2010-04-30 | Name : Mandriva Update for rpm MDVA-2010:130 (rpm) File : nvt/gb_mandriva_MDVA_2010_130.nasl |
| 2010-03-22 | Name : Mandriva Update for rootcerts MDVA-2010:100 (rootcerts) File : nvt/gb_mandriva_MDVA_2010_100.nasl |
| 0000-00-00 | Name : Slackware Advisory SSA:2010-340-01 openssl File : nvt/esoft_slk_ssa_2010_340_01.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 73176 | Oracle Java SE / JRE AWT FileDialog.show() String Copy Overflow |
| 73085 | Oracle Java SE / JRE Deserialization Unspecified Remote Issue |
| 73083 | Oracle Java SE / JRE Networking Unspecified Remote Information Disclosure |
| 73077 | Oracle Java SE / JRE Swing Unspecified Remote Code Execution |
| 73076 | Oracle Java SE / JRE Soundbank Pointer Dereference Overflow |
| 73075 | Oracle Java SE / JRE Soundbank Compressed Data Handling Overflow |
| 73074 | Oracle Java SE / JRE Hotspot Unspecified Remote Code Execution |
| 73071 | Oracle Java SE / JRE AWT Unspecified Remote Code Execution |
| 73070 | Oracle Java SE / JRE 2D Unspecified Remote Code Execution |
| 73069 | Oracle Java SE / JRE ICC Profile Multiple Tag Parsing Memory Corruption |
| 71623 | Oracle Java SE / Java for Business DB Security Component Unspecified Local In... |
| 71622 | Oracle Java SE / Java for Business XML Digital Signature Unspecified Remote DoS |
| 71621 | Oracle Java SE / Java for Business Networking Unspecified Remote DoS |
| 71620 | Oracle Java SE / Java for Business Launcher Unspecified Local Issue |
| 71619 | Oracle Java SE / Java for Business JDBC Unspecified Remote Issue |
| 71618 | Oracle Java SE / Java for Business Deployment Unspecified Remote Information ... |
| 71617 | Oracle Java SE / Java for Business Deployment Unspecified Remote Information ... |
| 71616 | Oracle Java SE / Java for Business 2D Unspecified Remote Information Disclosure |
| 71615 | Oracle Java SE / Java for Business JAXP Unspecified Remote DoS |
| 71614 | Oracle Java SE / Java for Business Deployment Java Runtime WWW-Authenticate R... |
| 71613 | Oracle Java SE / Java for Business Install Unspecified Remote Compromise |
| 71612 | Oracle Java SE / Java for Business Deployment Unspecified Remote Compromise (... |
| 71611 | Oracle Java SE / Java for Business Sound Unspecified Remote Compromise (2010-... |
| 71610 | Oracle Java SE / Java for Business Hotspot Unspecified Remote Compromise |
| 71609 | Oracle Java SE / Java for Business Deployment Unspecified Remote Compromise (... |
| 71608 | Oracle Java SE / Java for Business Swing Clipboard Handle Arbitrary Command I... |
| 71607 | Oracle Java SE / Java for Business Deployment Java Webstart JNLP Extension Pe... |
| 71606 | Oracle Java SE / Java for Business Sound Component XGetSamplePtrFromSnd PV_Sw... |
| 71605 | Oracle Java SE / Java for Business Sound Unspecified Remote Compromise (2010-... |
| 71193 | Oracle Java SE / Java for Business sun.plugin2.applet.Applet2ClassLoader fin... Oracle Java contains a flaw related to the findClass method of the sun.plugin2.applet.Applet2ClassLoader class failing to properly validate URLS supplied by a trusted applet. This may allow a context-dependent attacker to use a crafted file or page to execute arbitrary code. |
| 70965 | Oracle Java SE / Java for Business Double.parseDouble Method Floating Point ... Oracle Java SE and Java for Business contain a flaw that may allow a remote denial of service. The issue is triggered when the 'Double.parseDouble' method in JRE allows remote attackers to trigger an infinite loop with a crafted string, resulting in a denial of service. |
| 70421 | libuser luseradd Default Password Weakness By default, luseradd assigns a default password when no password is specified. This allows attackers to trivially access new user accounts, or accounts that have never had a password change. |
| 70083 | Oracle Database MIT Kerberos 5 kg_accept_krb5 Remote Denial of Service Oracle Database contains a flaw that may allow a remote denial of service. The issue is triggered when 'kg_accept_krb5' function in 'krb5/accept_sec_context.c', the GSS-API library in MIT Kerberos 5 fails to properly check for invalid GSS-API tokens, allowing a remote authenticated attacker to use a crafted AP-REQ message with a missing checksum field to cause a denial of service. |
| 69655 | OpenSSL SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG Ciphersuite Disabled Cipher I... |
| 69565 | OpenSSL SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG Session Resume Ciphersuite Do... OpenSSL contains a flaw related to the SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG workaround in the SSL/TLS server code. The issue is triggered when a remote attacker downgrades the cached ciphersuite, leading to the client using a weaker ciphersuite. |
| 69059 | Oracle Java SE / Java for Business Networking Component HttpURLConnection App... Oracle Java SE and Java for Business contain a flaw related to the Networking component's HttpURLConnection class's failure to properly validate request headers set by applets. This may allow a remote attacker to trigger otherwise restricted actions. |
| 69058 | Oracle Java SE / Java for Business JNDI Internal Network Names Information Di... Oracle Java SE and Java for Business contain a flaw that may lead to an unauthorized information disclosure. Â The issue is triggered when an information leak in the JNDI component occurs, which will disclose confidential internal network names to a remote attacker. |
| 69057 | Oracle Java SE / Java for Business Networking Component HttpURLConnection chu... Oracle Java SE and Java for Business contains a flaw related to the Networking component's HttpURLConnection class's failure to properly handle the 'chunked' transfer encoding method. This may allow a remote attacker to conduct HTTP request splitting attacks. |
| 69056 | Oracle Java SE / Java for Business Web Start Component Unspecified Issue (201... Oracle Java SE and Java for Business contain an unspecified flaw related to the Web Start component. This may allow a remote attacker to affect confidentiality, integrity, and availability. No further details have been provided. |
| 69055 | Oracle Java SE / Java for Business Networking Component Network Address Infor... Oracle Java SE and Java for Business contains a flaw that may lead to an unauthorized information disclosure. Â The issue is triggered whentThe NetworkInterface class fails to properly check the network 'connect' permissions for local network addresses, which will disclose local network addresses to a remote attacker. |
| 69053 | Oracle Java SE / Java for Business Swing Component Unspecified Issue (2010-3553) Oracle Java SE and Java for Business contain an unspecified flaw related to the Swing component. This may allow a remote attacker to affect confidentiality, integrity, and availability. No further details have been provided. |
| 69052 | Oracle Java SE / Java for Business CORBA Component Remote Code Execution Oracle Java SE and Java for Business contain an unspecified flaw related to the CORBA component. This may allow a remote attacker to execute arbitrary code by misusing permissions granted to certain system objects. No further details have been provided |
| 69051 | Oracle Java SE / Java for Business ActiveX Plugin Uninitialized Window Handle... Oracle Java SE and Java for Business contain a flaw related to the ActiveX Plugin. The plugin does not properly initialize objects. When the plugin is in a particular state, the application will fail to properly initialize a window handle field. This may be exploited by a remote attacker to allow the execution of arbitrary code. |
| 69050 | Oracle Java SE / Java for Business 2D Component Unspecified Issue (2010-3556) Oracle Java SE and Java for Business contain an unspecified flaw related to the 2D component. This may allow a remote attacker to affect confidentiality, integrity, and availability. No further details have been provided. |
| 69049 | Oracle Java SE / Java for Business Swing Component Unspecified Issue (2010-3557) Oracle Java SE and Java for Business contain an unspecified flaw related to the Swing component. This may allow a remote attacker to affect confidentiality, integrity, and availability. This is related to the modification of the behavior and state of certain JDK classes. No further details have been provided. |
| 69048 | Oracle Java SE / Java for Business Web Start Component Unspecified Issue (201... Oracle Java SE and Java for Business contain an unspecified flaw related to the Web Start component. This may allow a remote attacker to affect confidentiality, integrity, and availability. No further details have been provided. |
| 69047 | Oracle Java SE / Java for Business HeadspaceSoundbank.nGetName BANK Record Si... A memory corruption flaw exists in Oracle Java SE and Java for Business. The 'HeadspaceSoundbank.nGetName' function fails to sanitize user-supplied input when parsing BANK records in SoundBank files, resulting in memory corruption. With a specially crafted BANK record, a context-dependent attacker can execute arbitrary code. |
| 69046 | Oracle Java SE / Java for Business Networking Component Unspecified Informati... Oracle Java SE and Java for Business contain an unspecified flaw related to the Networking component. This may allow disclose certain unspecified information to a remote attacker. No further details have been provided. |
| 69045 | Oracle Java SE / Java for Business CORBA Component ServerSocket Network Permi... Oracle Java SE and Java for Business contain a flaw related to the CORBA Component's ServerSocket class's privileged accept method allowing it to receive connections from any host. This may allow a remote attacker to bypass network permission restrictions. |
| 69044 | Oracle Java SE / Java for Business 2D Component IndexColorModel Double-free E... Oracle Java SE and Java for Business contain a flaw related to the 2D Component. IndexColorModel suffers from a double free error when running an untrusted applet or application, which may allow a remote attacker to potentially execute arbitrary code. |
| 69043 | Oracle Java SE / Java for Business Web Start BasicServiceImpl Class Arbitrary... Oracle Java SE and Java for Business contain a flaw related to the 'com.sun.jnlp.BasicServiceImpl' class. The issue is triggered when a remote attacker exploits Web Start's retrieval of security policies. This may allow an attacker to execute arbitrary code. |
| 69042 | Oracle Java SE / Java for Business JRE JPEGImageWriter.writeImage Overflow Oracle Java SE and Java for Business are prone to an overflow condition. The JPEGImageWriter.writeImage in the imageio API in the JRE component fails to properly sanitize user-supplied input resulting in an integer overflow. With a specially crafted JPEG image file, a context-dependent attacker can potentially execute arbitrary code. |
| 69041 | Oracle Java SE / Java for Business JRE ICC Profile devs Tag Structure Overflow Oracle Java SE and Java for Business are prone to an overflow condition. The color profile parser in the JRE component fails to properly sanitize user-supplied input resulting in an integer overflow. With a specially crafted 'devs' tag structure in a color profile, a context-dependent attacker can potentially execute arbitrary code. |
| 69040 | Oracle Java SE / Java for Business 2D Component ICU Opentype out-of-bounds Re... Oracle Java SE and Java for Business contains a flaw related to the 2D component. The issue is triggered when a crash in ICU Opentype layout engine is caused by a miscalculation in character counts for right-to-left text causing out-of-bounds memory access. This may allow a remote attacker to execute arbitrary code. |
| 69039 | Oracle Java SE / Java for Business JRE Component Unspecified Issue (2010-3568) Oracle Java SE and Java for Business contain an unspecified flaw related to the JRE component. This may allow a remote attacker to affect confidentiality, integrity, and availability. No further details have been provided. |
| 69038 | Oracle Java SE / Java for Business JRE Component Unspecified Issue (2010-3569) Oracle Java SE and Java for Business contain a flaw related to the JRE component. The 'defaultReadObject' method of the Serialization API. can be tricked into setting a volatile field repeatedly. This may allow a remote attacker to execute arbitrary code. |
| 69037 | Oracle Java SE / Java for Business Deployment Toolkit Component Unspecified I... Oracle Java SE and Java for Business contain an unspecified flaw related to the Deployment Toolkit component. This may allow a remote attacker to affect confidentiality, integrity, and availability. No further details have been provided. |
| 69036 | Oracle Java SE / Java for Business ICC Profile Unicode Description Tag Struc... Oracle Java SE and Java for Business is prone to an overflow condition. The color profile parser fails to properly sanitize user-supplied input resulting in an integer overflow. With a specially crafted Tag structure in a color profile, a context-dependent attacker can potentially execute arbitrary code. |
| 69035 | Oracle Java SE / Java for Business Sound Component Unspecified Issue (2010-3... Oracle Java SE and Java for Business contain a flaw related to the Sound component that may allow a remote attacker to affect confidentiality, integrity, and availability. No further details have been provided. |
| 69034 | Oracle Java SE / Java for Business java.net.URLConnection Same-of-origin Poli... Oracle Java SE and Java for Business contain a flaw related to the 'HttpURLConnection' class in the Networking component's failure to properly validate applet request headers. This may allow a remote attacker to trigger actions which are normally restricted to HTTP clients. |
| 69033 | Oracle Java SE / Java for Business Networking Component HttpURLConnection all... Oracle Java SE and Java for Business contain a flaw related to the 'Networking' component. The 'HttpURLConnection' class fails to properly check if the calling code had the 'allowHttpTrace' permission, allowing the creation of HTTP TRACE requests by untrusted code. |
| 68873 | Oracle Java New Plugin docbase Parameter Overflow Java is prone to an overflow condition. The new plugin component fails to properly sanitize user-supplied input resulting in a stack buffer overflow. With a specially crafted website, a context-dependent attacker can potentially cause arbitrary code execution. |
| 68844 | Mozilla Multiple Products SSL Implementation Diffie-Hellman Ephemeral Mode Mi... Mozilla Firefox, Thunderbird and SeaMonkey contain a flaw related to the SSL implementation's failure to properly set the minimum key length for Diffie-Hellman Ephemeral mode. This may allow a remote attacker to trivially brute-force the cryptographic protection. |
| 68079 | Mozilla Multiple Products SSL Certificate IP Address Wildcard Matching Weakness |
| 65157 | sblim-sfcb httpAdapter.c GetPayload Function Content-Length Header Multiple O... |
| 64744 | Kerberos GSS-API AP-REQ Authenticator NULL Dereference Remote DoS |
Information Assurance Vulnerability Management (IAVM)
| Date | Description |
|---|---|
| 2012-09-27 | IAVM : 2012-A-0153 - Multiple Vulnerabilities in VMware ESX 4.0 and ESXi 4.0 Severity : Category I - VMSKEY : V0033884 |
| 2012-09-13 | IAVM : 2012-A-0148 - Multiple Vulnerabilities in VMware ESXi 4.1 and ESX 4.1 Severity : Category I - VMSKEY : V0033794 |
| 2012-08-16 | IAVM : 2012-A-0136 - Multiple Vulnerabilities in Juniper Network Management Products Severity : Category I - VMSKEY : V0033662 |
| 2012-05-03 | IAVM : 2012-B-0048 - Multiple Vulnerabilities in HP Systems Insight Manager Severity : Category I - VMSKEY : V0032178 |
| 2012-04-05 | IAVM : 2012-B-0038 - Multiple Vulnerabilities in HP Onboard Administrator Severity : Category I - VMSKEY : V0031972 |
| 2011-12-15 | IAVM : 2011-A-0173 - Multiple Vulnerabilities in VMware ESX 4.0 Severity : Category I - VMSKEY : V0030824 |
| 2011-12-01 | IAVM : 2011-A-0160 - Multiple Vulnerabilities in VMware vCenter Server 4.0 and vCenter Update Mana... Severity : Category I - VMSKEY : V0030769 |
| 2011-05-12 | IAVM : 2011-A-0066 - Multiple Vulnerabilities in VMware Products Severity : Category I - VMSKEY : V0027158 |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-03-13 | Java FileDialog heap buffer overflow attempt RuleID : 29643 - Revision : 3 - Type : MALWARE-OTHER |
| 2014-03-13 | Java FileDialog heap buffer overflow attempt RuleID : 29642 - Revision : 3 - Type : MALWARE-OTHER |
| 2014-03-13 | Java FileDialog heap buffer overflow attempt RuleID : 29641 - Revision : 2 - Type : MALWARE-OTHER |
| 2014-03-13 | Java FileDialog heap buffer overflow attempt RuleID : 29640 - Revision : 2 - Type : MALWARE-OTHER |
| 2014-01-10 | Oracle Java XGetSamplePtrFromSnd memory corruption attempt RuleID : 24511 - Revision : 8 - Type : FILE-JAVA |
| 2014-01-10 | Oracle Java XGetSamplePtrFromSnd memory corruption attempt RuleID : 24510 - Revision : 6 - Type : FILE-JAVA |
| 2014-01-10 | Eleanore exploit kit post-exploit page request RuleID : 21071 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Eleanore exploit kit pdf exploit page request RuleID : 21070 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Eleanore exploit kit exploit fetch request RuleID : 21069 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Eleanore exploit kit landing page RuleID : 21068 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Oracle Java browser plugin docbase overflow attempt RuleID : 20444 - Revision : 7 - Type : FILE-JAVA |
| 2014-01-10 | Oracle Java Web Start BasicServiceImpl security policy bypass attempt RuleID : 20430 - Revision : 7 - Type : FILE-JAVA |
| 2014-01-10 | Oracle Java Applet2ClassLoader Remote Code Execution RuleID : 18679 - Revision : 10 - Type : SERVER-OTHER |
| 2014-01-10 | Java floating point number denial of service - via POST RuleID : 18471 - Revision : 8 - Type : SERVER-WEBAPP |
| 2014-01-10 | Java floating point number denial of service - via URI RuleID : 18470 - Revision : 9 - Type : SERVER-WEBAPP |
| 2014-01-10 | Oracle Java browser plugin docbase overflow attempt RuleID : 18245 - Revision : 14 - Type : BROWSER-PLUGINS |
| 2014-01-10 | Oracle Java browser plugin docbase overflow attempt RuleID : 18244 - Revision : 14 - Type : FILE-JAVA |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2016-03-08 | Name : The remote VMware ESX host is missing a security-related patch. File : vmware_VMSA-2010-0013_remote.nasl - Type : ACT_GATHER_INFO |
| 2016-03-04 | Name : The remote VMware ESX / ESXi host is missing a security-related patch. File : vmware_VMSA-2011-0003_remote.nasl - Type : ACT_GATHER_INFO |
| 2016-03-04 | Name : The remote VMware ESX / ESXi host is missing a security-related patch. File : vmware_VMSA-2011-0013_remote.nasl - Type : ACT_GATHER_INFO |
| 2016-02-29 | Name : The remote VMware ESX / ESXi host is missing a security-related patch. File : vmware_VMSA-2012-0013_remote.nasl - Type : ACT_GATHER_INFO |
| 2014-11-26 | Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2011-0015.nasl - Type : ACT_GATHER_INFO |
| 2014-11-26 | Name : The remote OracleVM host is missing a security update. File : oraclevm_OVMSA-2014-0007.nasl - Type : ACT_GATHER_INFO |
| 2014-11-26 | Name : The remote OracleVM host is missing a security update. File : oraclevm_OVMSA-2014-0008.nasl - Type : ACT_GATHER_INFO |
| 2014-11-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-1455.nasl - Type : ACT_GATHER_INFO |
| 2014-06-30 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201406-32.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-76.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_MozillaFirefox-101029.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_MozillaThunderbird-101021.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_compat-openssl097g-110721.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_icedtea-web-110627.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_java-1_6_0-openjdk-101103.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_java-1_6_0-openjdk-110228.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_java-1_6_0-sun-101019.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_java-1_6_0-sun-110217.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_java-1_6_0-sun-110608.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_libfreebl3-100930.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_libopenssl-devel-101207.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_mozilla-xulrunner191-101028.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_seamonkey-101021.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_compat-openssl097g-110721.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_curl-120124.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_icedtea-web-110627.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_java-1_6_0-sun-110314.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_java-1_6_0-sun-110608.nasl - Type : ACT_GATHER_INFO |
| 2014-04-16 | Name : The remote AIX host is running a vulnerable version of OpenSSL. File : aix_openssl_advisory2.nasl - Type : ACT_GATHER_INFO |
| 2013-11-13 | Name : The remote VMware ESXi 5.0 host is affected by multiple vulnerabilities. File : vmware_esxi_5_0_build_912577_remote.nasl - Type : ACT_GATHER_INFO |
| 2013-09-13 | Name : The remote host is affected by multiple vulnerabilities. File : juniper_nsm_psn_2012_08_689.nasl - Type : ACT_GATHER_INFO |
| 2013-08-14 | Name : The remote host is missing a vendor-supplied software update. File : hp_procurve_HPSBPV02891.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0423.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0768.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0781.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0782.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0862.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0977.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0978.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0979.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-0170.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-0214.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-0281.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-0335.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-0336.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-0856.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-0857.nasl - Type : ACT_GATHER_INFO |
| 2013-07-10 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_libcurl4-8618.nasl - Type : ACT_GATHER_INFO |
| 2013-03-09 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1079-2.nasl - Type : ACT_GATHER_INFO |
| 2013-03-09 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1079-3.nasl - Type : ACT_GATHER_INFO |
| 2013-02-22 | Name : The remote Unix host contains a programming platform that is affected by mult... File : oracle_java_cpu_feb_2011_unix.nasl - Type : ACT_GATHER_INFO |
| 2013-02-22 | Name : The remote Unix host contains a programming platform that is affected by mult... File : oracle_java_cpu_jun_2011_unix.nasl - Type : ACT_GATHER_INFO |
| 2013-02-22 | Name : The remote Unix host contains a programming platform that is affected by mult... File : oracle_java_cpu_oct_2010_unix.nasl - Type : ACT_GATHER_INFO |
| 2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0880.nasl - Type : ACT_GATHER_INFO |
| 2013-01-08 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201301-01.nasl - Type : ACT_GATHER_INFO |
| 2012-08-31 | Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2012-0013.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100518_krb5_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20101013_java_1_6_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20101014_java__jdk_1_6_0__on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20101019_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20101019_seamonkey_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20101110_java_1_6_0_openjdk_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20101110_nss_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20101213_openssl_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20101213_openssl_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110120_libuser_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110210_java_1_6_0_openjdk_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110217_java_1_6_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110217_java__jdk_1_6_0__on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110309_tomcat5_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110309_tomcat6_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110608_java_1_6_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110608_java_1_6_0_openjdk_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110621_java__jdk_1_6_0__on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2012-06-21 | Name : The remote database server is affected by multiple denial of service vulnerab... File : db2_9fp11.nasl - Type : ACT_GATHER_INFO |
| 2012-06-15 | Name : The remote Windows host contains software that is affected by multiple vulner... File : hp_systems_insight_manager_700_multiple_vulns.nasl - Type : ACT_GATHER_INFO |
| 2012-01-24 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201201-13.nasl - Type : ACT_GATHER_INFO |
| 2012-01-12 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2358.nasl - Type : ACT_GATHER_INFO |
| 2011-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_compat-openssl097g-7645.nasl - Type : ACT_GATHER_INFO |
| 2011-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_4_2-ibm-7440.nasl - Type : ACT_GATHER_INFO |
| 2011-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_4_2-ibm-7698.nasl - Type : ACT_GATHER_INFO |
| 2011-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_5_0-ibm-7650.nasl - Type : ACT_GATHER_INFO |
| 2011-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_6_0-ibm-7443.nasl - Type : ACT_GATHER_INFO |
| 2011-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_6_0-ibm-7627.nasl - Type : ACT_GATHER_INFO |
| 2011-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_openssl-7462.nasl - Type : ACT_GATHER_INFO |
| 2011-11-23 | Name : The remote database server is affected by multiple denial of service vulnerab... File : db2_97fp5.nasl - Type : ACT_GATHER_INFO |
| 2011-11-07 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201111-02.nasl - Type : ACT_GATHER_INFO |
| 2011-10-28 | Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2011-0013.nasl - Type : ACT_GATHER_INFO |
| 2011-10-10 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201110-01.nasl - Type : ACT_GATHER_INFO |
| 2011-09-28 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2311.nasl - Type : ACT_GATHER_INFO |
| 2011-08-30 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12819.nasl - Type : ACT_GATHER_INFO |
| 2011-08-30 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_4_2-ibm-110818.nasl - Type : ACT_GATHER_INFO |
| 2011-08-30 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_4_2-ibm-7697.nasl - Type : ACT_GATHER_INFO |
| 2011-08-16 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-126.nasl - Type : ACT_GATHER_INFO |
| 2011-08-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-1159.nasl - Type : ACT_GATHER_INFO |
| 2011-08-05 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12810.nasl - Type : ACT_GATHER_INFO |
| 2011-08-03 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_5_0-ibm-7649.nasl - Type : ACT_GATHER_INFO |
| 2011-07-28 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_compat-openssl097g-110721.nasl - Type : ACT_GATHER_INFO |
| 2011-07-28 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_compat-openssl097g-7644.nasl - Type : ACT_GATHER_INFO |
| 2011-07-25 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-1087.nasl - Type : ACT_GATHER_INFO |
| 2011-07-19 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-ibm-110713.nasl - Type : ACT_GATHER_INFO |
| 2011-07-19 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_6_0-ibm-7626.nasl - Type : ACT_GATHER_INFO |
| 2011-07-15 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0938.nasl - Type : ACT_GATHER_INFO |
| 2011-06-29 | Name : The remote host has a version of Java that is affected by multiple vulnerabil... File : macosx_java_10_5_update10.nasl - Type : ACT_GATHER_INFO |
| 2011-06-29 | Name : The remote host has a version of Java that is affected by multiple vulnerabil... File : macosx_java_10_6_update5.nasl - Type : ACT_GATHER_INFO |
| 2011-06-24 | Name : The remote host is missing a Mac OS X update that fixes several security issues. File : macosx_10_6_8.nasl - Type : ACT_GATHER_INFO |
| 2011-06-20 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1154-1.nasl - Type : ACT_GATHER_INFO |
| 2011-06-16 | Name : The remote Fedora host is missing a security update. File : fedora_2011-8020.nasl - Type : ACT_GATHER_INFO |
| 2011-06-16 | Name : The remote Fedora host is missing a security update. File : fedora_2011-8028.nasl - Type : ACT_GATHER_INFO |
| 2011-06-15 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-sun-110609.nasl - Type : ACT_GATHER_INFO |
| 2011-06-14 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2011-0857.nasl - Type : ACT_GATHER_INFO |
| 2011-06-12 | Name : The remote Fedora host is missing a security update. File : fedora_2011-8003.nasl - Type : ACT_GATHER_INFO |
| 2011-06-09 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0856.nasl - Type : ACT_GATHER_INFO |
| 2011-06-09 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0857.nasl - Type : ACT_GATHER_INFO |
| 2011-06-09 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0860.nasl - Type : ACT_GATHER_INFO |
| 2011-06-08 | Name : The remote Windows host contains a programming platform that is affected by m... File : oracle_java_cpu_jun_2011.nasl - Type : ACT_GATHER_INFO |
| 2011-05-13 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12706.nasl - Type : ACT_GATHER_INFO |
| 2011-05-13 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_4_2-ibm-110504.nasl - Type : ACT_GATHER_INFO |
| 2011-05-06 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0490.nasl - Type : ACT_GATHER_INFO |
| 2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_java-1_6_0-openjdk-101103.nasl - Type : ACT_GATHER_INFO |
| 2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_libopenssl-devel-101207.nasl - Type : ACT_GATHER_INFO |
| 2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_java-1_6_0-openjdk-101103.nasl - Type : ACT_GATHER_INFO |
| 2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_java-1_6_0-openjdk-110228.nasl - Type : ACT_GATHER_INFO |
| 2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_java-1_6_0-sun-110217.nasl - Type : ACT_GATHER_INFO |
| 2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_libopenssl-devel-101207.nasl - Type : ACT_GATHER_INFO |
| 2011-05-04 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12701.nasl - Type : ACT_GATHER_INFO |
| 2011-05-04 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_openssl-7463.nasl - Type : ACT_GATHER_INFO |
| 2011-04-21 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2224.nasl - Type : ACT_GATHER_INFO |
| 2011-04-15 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2011-0214.nasl - Type : ACT_GATHER_INFO |
| 2011-04-15 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2011-0281.nasl - Type : ACT_GATHER_INFO |
| 2011-04-15 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2011-0336.nasl - Type : ACT_GATHER_INFO |
| 2011-04-01 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12691.nasl - Type : ACT_GATHER_INFO |
| 2011-03-28 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-054.nasl - Type : ACT_GATHER_INFO |
| 2011-03-22 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-ibm-110307.nasl - Type : ACT_GATHER_INFO |
| 2011-03-22 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_6_0-ibm-7369.nasl - Type : ACT_GATHER_INFO |
| 2011-03-21 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_5_0-ibm-7350.nasl - Type : ACT_GATHER_INFO |
| 2011-03-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0364.nasl - Type : ACT_GATHER_INFO |
| 2011-03-17 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0357.nasl - Type : ACT_GATHER_INFO |
| 2011-03-17 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12683.nasl - Type : ACT_GATHER_INFO |
| 2011-03-11 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12682.nasl - Type : ACT_GATHER_INFO |
| 2011-03-11 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_4_2-ibm-110223.nasl - Type : ACT_GATHER_INFO |
| 2011-03-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_4_2-ibm-7348.nasl - Type : ACT_GATHER_INFO |
| 2011-03-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0335.nasl - Type : ACT_GATHER_INFO |
| 2011-03-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0336.nasl - Type : ACT_GATHER_INFO |
| 2011-03-09 | Name : The remote host has a version of Java that is affected by multiple vulnerabil... File : macosx_java_10_5_update9.nasl - Type : ACT_GATHER_INFO |
| 2011-03-09 | Name : The remote host has a version of Java that is affected by multiple vulnerabil... File : macosx_java_10_6_update4.nasl - Type : ACT_GATHER_INFO |
| 2011-03-02 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1079-1.nasl - Type : ACT_GATHER_INFO |
| 2011-02-23 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0290.nasl - Type : ACT_GATHER_INFO |
| 2011-02-23 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0291.nasl - Type : ACT_GATHER_INFO |
| 2011-02-23 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0292.nasl - Type : ACT_GATHER_INFO |
| 2011-02-23 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-sun-110217.nasl - Type : ACT_GATHER_INFO |
| 2011-02-23 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_6_0-sun-7342.nasl - Type : ACT_GATHER_INFO |
| 2011-02-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0281.nasl - Type : ACT_GATHER_INFO |
| 2011-02-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0282.nasl - Type : ACT_GATHER_INFO |
| 2011-02-17 | Name : The remote Fedora host is missing a security update. File : fedora_2011-1631.nasl - Type : ACT_GATHER_INFO |
| 2011-02-17 | Name : The remote Fedora host is missing a security update. File : fedora_2011-1645.nasl - Type : ACT_GATHER_INFO |
| 2011-02-16 | Name : The remote Windows host contains a programming platform that is affected by m... File : oracle_java_cpu_feb_2011.nasl - Type : ACT_GATHER_INFO |
| 2011-02-15 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2161.nasl - Type : ACT_GATHER_INFO |
| 2011-02-14 | Name : The remote Fedora host is missing a security update. File : fedora_2011-1231.nasl - Type : ACT_GATHER_INFO |
| 2011-02-14 | Name : The remote Fedora host is missing a security update. File : fedora_2011-1263.nasl - Type : ACT_GATHER_INFO |
| 2011-02-14 | Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2011-0003.nasl - Type : ACT_GATHER_INFO |
| 2011-02-11 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0214.nasl - Type : ACT_GATHER_INFO |
| 2011-02-07 | Name : The remote host allows resuming SSL sessions with a weaker cipher than the on... File : openssl_resume_different_cipher.nasl - Type : ACT_ATTACK |
| 2011-02-07 | Name : The remote host allows the resumption of SSL sessions with a disabled cipher. File : openssl_resume_disabled_cipher.nasl - Type : ACT_ATTACK |
| 2011-02-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2011-0170.nasl - Type : ACT_GATHER_INFO |
| 2011-01-28 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0977.nasl - Type : ACT_GATHER_INFO |
| 2011-01-28 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-019.nasl - Type : ACT_GATHER_INFO |
| 2011-01-27 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_6_0-sun-7204.nasl - Type : ACT_GATHER_INFO |
| 2011-01-25 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-ibm-101220.nasl - Type : ACT_GATHER_INFO |
| 2011-01-24 | Name : The remote Fedora host is missing a security update. File : fedora_2011-0316.nasl - Type : ACT_GATHER_INFO |
| 2011-01-24 | Name : The remote Fedora host is missing a security update. File : fedora_2011-0320.nasl - Type : ACT_GATHER_INFO |
| 2011-01-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12669.nasl - Type : ACT_GATHER_INFO |
| 2011-01-21 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0169.nasl - Type : ACT_GATHER_INFO |
| 2011-01-21 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0170.nasl - Type : ACT_GATHER_INFO |
| 2011-01-21 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_4_2-ibm-101112.nasl - Type : ACT_GATHER_INFO |
| 2011-01-21 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libopenssl-devel-101207.nasl - Type : ACT_GATHER_INFO |
| 2011-01-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0152.nasl - Type : ACT_GATHER_INFO |
| 2011-01-10 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2141.nasl - Type : ACT_GATHER_INFO |
| 2010-12-20 | Name : The remote Fedora host is missing a security update. File : fedora_2010-18736.nasl - Type : ACT_GATHER_INFO |
| 2010-12-17 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12658.nasl - Type : ACT_GATHER_INFO |
| 2010-12-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0987.nasl - Type : ACT_GATHER_INFO |
| 2010-12-14 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0978.nasl - Type : ACT_GATHER_INFO |
| 2010-12-14 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0977.nasl - Type : ACT_GATHER_INFO |
| 2010-12-14 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0978.nasl - Type : ACT_GATHER_INFO |
| 2010-12-14 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0979.nasl - Type : ACT_GATHER_INFO |
| 2010-12-12 | Name : The remote Fedora host is missing a security update. File : fedora_2010-18765.nasl - Type : ACT_GATHER_INFO |
| 2010-12-08 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2010-340-01.nasl - Type : ACT_GATHER_INFO |
| 2010-12-08 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-248.nasl - Type : ACT_GATHER_INFO |
| 2010-12-08 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1029-1.nasl - Type : ACT_GATHER_INFO |
| 2010-12-07 | Name : The remote web server is affected by multiple vulnerabilities. File : openssl_1_0_0c.nasl - Type : ACT_GATHER_INFO |
| 2010-12-02 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0935.nasl - Type : ACT_GATHER_INFO |
| 2010-12-02 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_MozillaFirefox-101103.nasl - Type : ACT_GATHER_INFO |
| 2010-12-02 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-sun-101019.nasl - Type : ACT_GATHER_INFO |
| 2010-12-02 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_krb5-100520.nasl - Type : ACT_GATHER_INFO |
| 2010-12-02 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libfreebl3-101018.nasl - Type : ACT_GATHER_INFO |
| 2010-12-02 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_mozilla-xulrunner191-101028.nasl - Type : ACT_GATHER_INFO |
| 2010-12-02 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_mozilla-xulrunner191-101118.nasl - Type : ACT_GATHER_INFO |
| 2010-12-02 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_5_0-ibm-7205.nasl - Type : ACT_GATHER_INFO |
| 2010-12-01 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12659.nasl - Type : ACT_GATHER_INFO |
| 2010-11-24 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0781.nasl - Type : ACT_GATHER_INFO |
| 2010-11-24 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0782.nasl - Type : ACT_GATHER_INFO |
| 2010-11-18 | Name : The remote database server is affected by multiple vulnerabilities. File : oracle_rdbms_cpu_oct_2010.nasl - Type : ACT_GATHER_INFO |
| 2010-11-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0862.nasl - Type : ACT_GATHER_INFO |
| 2010-11-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0865.nasl - Type : ACT_GATHER_INFO |
| 2010-11-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0873.nasl - Type : ACT_GATHER_INFO |
| 2010-11-16 | Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2010-0016.nasl - Type : ACT_GATHER_INFO |
| 2010-11-05 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2010-15989.nasl - Type : ACT_GATHER_INFO |
| 2010-11-05 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_MozillaFirefox-7208.nasl - Type : ACT_GATHER_INFO |
| 2010-11-05 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_mozilla-nspr-7196.nasl - Type : ACT_GATHER_INFO |
| 2010-11-03 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2123.nasl - Type : ACT_GATHER_INFO |
| 2010-11-03 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_MozillaFirefox-101028.nasl - Type : ACT_GATHER_INFO |
| 2010-11-03 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_mozilla-xulrunner191-101028.nasl - Type : ACT_GATHER_INFO |
| 2010-11-03 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_MozillaFirefox-101028.nasl - Type : ACT_GATHER_INFO |
| 2010-11-03 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_mozilla-xulrunner191-101028.nasl - Type : ACT_GATHER_INFO |
| 2010-10-29 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2010-15897.nasl - Type : ACT_GATHER_INFO |
| 2010-10-29 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1010-1.nasl - Type : ACT_GATHER_INFO |
| 2010-10-28 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2010-15520.nasl - Type : ACT_GATHER_INFO |
| 2010-10-28 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0807.nasl - Type : ACT_GATHER_INFO |
| 2010-10-28 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_MozillaThunderbird-101021.nasl - Type : ACT_GATHER_INFO |
| 2010-10-28 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_libfreebl3-100930.nasl - Type : ACT_GATHER_INFO |
| 2010-10-28 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_seamonkey-101021.nasl - Type : ACT_GATHER_INFO |
| 2010-10-28 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_MozillaThunderbird-101022.nasl - Type : ACT_GATHER_INFO |
| 2010-10-28 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_libfreebl3-100930.nasl - Type : ACT_GATHER_INFO |
| 2010-10-28 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_seamonkey-101021.nasl - Type : ACT_GATHER_INFO |
| 2010-10-24 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-210.nasl - Type : ACT_GATHER_INFO |
| 2010-10-24 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-211.nasl - Type : ACT_GATHER_INFO |
| 2010-10-22 | Name : The remote Fedora host is missing a security update. File : fedora_2010-16240.nasl - Type : ACT_GATHER_INFO |
| 2010-10-22 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_java-1_6_0-sun-101019.nasl - Type : ACT_GATHER_INFO |
| 2010-10-22 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_java-1_6_0-sun-101019.nasl - Type : ACT_GATHER_INFO |
| 2010-10-21 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_c4f067b9dc4a11df8e32000f20797ede.nasl - Type : ACT_GATHER_INFO |
| 2010-10-21 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_3514.nasl - Type : ACT_GATHER_INFO |
| 2010-10-21 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_3611.nasl - Type : ACT_GATHER_INFO |
| 2010-10-21 | Name : The remote Windows host contains a mail client that is affected by multiple v... File : mozilla_thunderbird_309.nasl - Type : ACT_GATHER_INFO |
| 2010-10-21 | Name : The remote Windows host contains a mail client that is affected by multiple v... File : mozilla_thunderbird_315.nasl - Type : ACT_GATHER_INFO |
| 2010-10-21 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0786.nasl - Type : ACT_GATHER_INFO |
| 2010-10-21 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : seamonkey_209.nasl - Type : ACT_GATHER_INFO |
| 2010-10-21 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1007-1.nasl - Type : ACT_GATHER_INFO |
| 2010-10-20 | Name : The remote Fedora host is missing a security update. File : fedora_2010-16294.nasl - Type : ACT_GATHER_INFO |
| 2010-10-20 | Name : The remote host has a version of Java that is affected by multiple vulnerabil... File : macosx_java_10_5_update8.nasl - Type : ACT_GATHER_INFO |
| 2010-10-20 | Name : The remote host has a version of Java that is affected by multiple vulnerabil... File : macosx_java_10_6_update3.nasl - Type : ACT_GATHER_INFO |
| 2010-10-20 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0781.nasl - Type : ACT_GATHER_INFO |
| 2010-10-20 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0782.nasl - Type : ACT_GATHER_INFO |
| 2010-10-18 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0768.nasl - Type : ACT_GATHER_INFO |
| 2010-10-18 | Name : The remote Fedora host is missing a security update. File : fedora_2010-16312.nasl - Type : ACT_GATHER_INFO |
| 2010-10-15 | Name : The remote Windows host contains a programming platform that is affected by m... File : oracle_java_cpu_oct_2010.nasl - Type : ACT_GATHER_INFO |
| 2010-10-15 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0770.nasl - Type : ACT_GATHER_INFO |
| 2010-10-14 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0768.nasl - Type : ACT_GATHER_INFO |
| 2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_krb5-7046.nasl - Type : ACT_GATHER_INFO |
| 2010-09-09 | Name : The remote Fedora host is missing a security update. File : fedora_2010-10323.nasl - Type : ACT_GATHER_INFO |
| 2010-09-04 | Name : The remote Fedora host is missing a security update. File : fedora_2010-12847.nasl - Type : ACT_GATHER_INFO |
| 2010-09-02 | Name : The remote VMware ESX host is missing one or more security-related patches. File : vmware_VMSA-2010-0013.nasl - Type : ACT_GATHER_INFO |
| 2010-07-22 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-940-2.nasl - Type : ACT_GATHER_INFO |
| 2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-8749.nasl - Type : ACT_GATHER_INFO |
| 2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-8796.nasl - Type : ACT_GATHER_INFO |
| 2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-8805.nasl - Type : ACT_GATHER_INFO |
| 2010-06-28 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHSS_41166.nasl - Type : ACT_GATHER_INFO |
| 2010-06-28 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHSS_41167.nasl - Type : ACT_GATHER_INFO |
| 2010-06-28 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHSS_41168.nasl - Type : ACT_GATHER_INFO |
| 2010-06-07 | Name : The application is affected by multiple buffer overflow vulnerabilities. File : sblim_sfcb_1_3_8.nasl - Type : ACT_ATTACK |
| 2010-05-26 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2052.nasl - Type : ACT_GATHER_INFO |
| 2010-05-26 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_krb5-100521.nasl - Type : ACT_GATHER_INFO |
| 2010-05-26 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_krb5-100521.nasl - Type : ACT_GATHER_INFO |
| 2010-05-26 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_krb5-100521.nasl - Type : ACT_GATHER_INFO |
| 2010-05-24 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0423.nasl - Type : ACT_GATHER_INFO |
| 2010-05-20 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-100.nasl - Type : ACT_GATHER_INFO |
| 2010-05-20 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-940-1.nasl - Type : ACT_GATHER_INFO |
| 2010-05-19 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0423.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2016-03-05 13:26:43 |
|
| 2014-02-17 12:07:21 |
|
| 2013-12-14 21:19:32 |
|
| 2013-11-11 12:41:40 |
|
