cpe:/a:gnu:gzip:1.3.13 cpe:/a:gnu:gzip:1.3.1 cpe:/a:gnu:gzip:1.3.12 cpe:/a:gnu:gzip:1.3.8 cpe:/a:gnu:gzip:1.3.4 cpe:/a:gnu:gzip:1.3.3 cpe:/a:gnu:gzip:1.3.7 cpe:/a:gnu:gzip:1.3.5 cpe:/a:gnu:gzip:1.3.9 cpe:/a:gnu:gzip:1.2.4 cpe:/a:gnu:gzip:1.3 cpe:/a:gnu:gzip:1.3.2 cpe:/a:gnu:gzip:1.2.4a cpe:/a:gnu:gzip:1.3.11 cpe:/a:gnu:gzip:1.3.6 cpe:/a:gnu:gzip:1.3.10 CVE-2010-0001 2010-01-29T13:30:00.947-05:00 2011-10-25T22:45:05.373-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2010-01-31T20:09:00.000-05:00 REDHAT RHSA-2010:0095 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=554418 VUPEN ADV-2010-1872 VUPEN ADV-2010-1796 VUPEN ADV-2010-0185 UBUNTU USN-889-1 REDHAT RHSA-2010:0061 OSVDB 61869 MANDRIVA MDVSA-2011:152 MANDRIVA MDVSA-2010:020 MANDRIVA MDVSA-2010:019 DEBIAN DSA-2074 DEBIAN DSA-1974 CONFIRM http://support.apple.com/kb/HT4435 SECTRACK 1023490 SECUNIA 40689 SECUNIA 40655 SECUNIA 40551 SECUNIA 38232 SECUNIA 38225 SECUNIA 38223 SECUNIA 38220 CONFIRM http://savannah.gnu.org/forum/forum.php?forum_id=6153 CONFIRM http://ncompress.sourceforge.net/#status SUSE SUSE-SA:2010:008 APPLE APPLE-SA-2010-11-10-1 HP HPSBMA02554 HP HPSBMA02554 CONFIRM http://git.savannah.gnu.org/cgit/gzip.git/commit/?id=a3db5806d012082b9e25cc36d09f19cd736a468f Integer underflow in the unlzw function in unlzw.c in gzip before 1.4 on 64-bit platforms, as used in ncompress and probably others, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted archive that uses LZW compression, leading to an array index error. cpe:/a:gnu:bash:3.2 cpe:/a:gnu:bash:4.0 cpe:/a:gnu:bash:2.05:b cpe:/a:gnu:bash:3.0 cpe:/a:gnu:bash:3.2.48 CVE-2010-0002 2010-01-14T13:30:00.467-05:00 2011-08-08T00:00:00.000-04:00 2.1 LOCAL LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2010-01-15T09:31:00.000-05:00 MANDRIVA MDVSA-2010:004 CONFIRM https://qa.mandriva.com/show_bug.cgi?id=56882 The /etc/profile.d/60alias.sh script in the Mandriva bash package for Bash 2.05b, 3.0, 3.2, 3.2.48, and 4.0 enables the --show-control-chars option in LS_OPTIONS, which allows local users to send escape sequences to terminal emulators, or hide the existence of a file, via a crafted filename. cpe:/o:linux:linux_kernel:2.6.23.12 cpe:/o:linux:linux_kernel:2.6.22.10 cpe:/a:intel:e1000:7.1.9 cpe:/a:intel:e1000:7.3.15 cpe:/o:linux:linux_kernel:2.6.26 cpe:/o:linux:linux_kernel:2.6.20.17 cpe:/o:linux:linux_kernel:2.6.23.10 cpe:/o:linux:linux_kernel:2.6.24.6 cpe:/o:linux:linux_kernel:2.6.21.7 cpe:/o:linux:linux_kernel:2.6.30:rc2 cpe:/o:linux:linux_kernel:2.6.29.rc1 cpe:/a:intel:e1000:6.3.9 cpe:/o:linux:linux_kernel:2.4.36.3 cpe:/o:linux:linux_kernel:2.6.24.2 cpe:/o:linux:linux_kernel:2.6.22.11 cpe:/a:intel:e1000:6.0.60 cpe:/o:linux:linux_kernel:2.4.36.5 cpe:/o:linux:linux_kernel:2.6.32:rc4 cpe:/o:linux:linux_kernel:2.6.18:rc7 cpe:/o:linux:linux_kernel:2.6.25.13 cpe:/a:intel:e1000:7.3.20 cpe:/a:intel:e1000:6.0.54 cpe:/o:linux:linux_kernel:2.6.25.5::x86_64 cpe:/o:linux:linux_kernel:2.6.22 cpe:/o:linux:linux_kernel:2.6.22.22 cpe:/o:linux:linux_kernel:2.6.25.6::x86_64 cpe:/o:linux:linux_kernel:2.6.25.14 cpe:/o:linux:linux_kernel:2.6.20.19 cpe:/a:linux:kernel:2.6.25.15 cpe:/o:linux:linux_kernel:2.6.29.rc2-git1 cpe:/o:linux:linux_kernel:2.6.25.9::x86_64 cpe:/a:intel:e1000:5.3.19 cpe:/o:linux:linux_kernel:2.6.25.4 cpe:/o:linux:linux_kernel:2.6.24.3 cpe:/o:linux:linux_kernel:2.6.22.9 cpe:/o:linux:linux_kernel:2.4.36.6 cpe:/a:intel:e1000:6.2.15 cpe:/o:linux:linux_kernel:2.6.22.2 cpe:/o:linux:linux_kernel:2.6.30:rc7-git6 cpe:/a:intel:e1000:7.4.35 cpe:/o:linux:linux_kernel:2.6.18 cpe:/o:linux:linux_kernel:2.6.22.18 cpe:/o:linux:linux_kernel:2.6.20.18 cpe:/o:linux:linux_kernel:2.6.25.3::x86_64 cpe:/o:linux:linux_kernel:2.6.18:rc4 cpe:/o:linux:linux_kernel:2.6.24.5 cpe:/a:intel:e1000:6.1.16 cpe:/o:linux:linux_kernel:2.6.25.7::x86_64 cpe:/a:intel:e1000:5.2.52 cpe:/o:linux:linux_kernel:2.6.23.13 cpe:/o:linux:linux_kernel:2.6.30:rc3 cpe:/o:linux:linux_kernel:2.6.32:rc5 cpe:/o:linux:linux_kernel:2.6.24_rc4 cpe:/o:linux:linux_kernel:2.6.25.1 cpe:/o:linux:linux_kernel:2.6.25 cpe:/o:linux:linux_kernel:2.6.25.2::x86_64 cpe:/o:linux:linux_kernel:2.6.27 cpe:/o:linux:linux_kernel:2.6.25.10::x86_64 cpe:/o:linux:linux_kernel:2.6.25.6 cpe:/o:linux:linux_kernel:2.6.26.2 cpe:/o:linux:linux_kernel:2.6.32:rc3 cpe:/o:linux:linux_kernel:2.6.18:rc6 cpe:/a:intel:e1000:5.2.30.1 cpe:/o:linux:linux_kernel:2.6.25.5 cpe:/o:linux:linux_kernel:2.6.22.15 cpe:/o:linux:linux_kernel:2.6.32:rc6 cpe:/o:linux:linux_kernel:2.6.20.20 cpe:/a:intel:e1000:5.2.22 cpe:/o:linux:linux_kernel:2.6.25.16 cpe:/a:intel:e1000:5.4.11 cpe:/o:linux:linux_kernel:2.6.25.8::x86_64 cpe:/o:linux:linux_kernel:2.6.29:rc2 cpe:/o:linux:linux_kernel:2.6.26.1 cpe:/a:intel:e1000:7.2.7 cpe:/o:linux:linux_kernel:2.6.22_rc7 cpe:/o:linux:linux_kernel:2.4.36.2 cpe:/o:linux:linux_kernel:2.6.23.9 cpe:/o:linux:linux_kernel:2.6.25.7 cpe:/o:linux:linux_kernel:2.6.23.11 cpe:/o:linux:linux_kernel:2.4.36.1 cpe:/o:linux:linux_kernel:2.6.22.12 cpe:/o:linux:linux_kernel:2.6.23.15 cpe:/o:linux:linux_kernel:2.6.18:rc1 cpe:/o:linux:linux_kernel:2.6.25.12 cpe:/o:linux:linux_kernel:2.6.25.2 cpe:/o:linux:linux_kernel:2.6.23 cpe:/o:linux:linux_kernel:2.6.25.10 cpe:/o:linux:linux_kernel:2.6.22.17 cpe:/o:linux:linux_kernel:2.4.36.4 cpe:/o:linux:linux_kernel:2.6.29 cpe:/o:linux:linux_kernel:2.6.32:rc1 cpe:/o:linux:linux_kernel:2.6.25.11::x86_64 cpe:/o:linux:linux_kernel:2.6.21.6 cpe:/o:linux:linux_kernel:2.6.18:rc5 cpe:/o:linux:linux_kernel:2.6.22.13 cpe:/a:intel:e1000:5.6.10 cpe:/o:linux:linux_kernel:2.6.29:rc8-kk cpe:/o:linux:linux_kernel:2.6.24 cpe:/o:linux:linux_kernel:2.6.25::x86_64 cpe:/o:linux:linux_kernel:2.6.25.12::x86_64 cpe:/o:linux:linux_kernel:2.6.22.21 cpe:/o:linux:linux_kernel:2.6.29.3 cpe:/o:linux:linux_kernel:2.6.23.8 cpe:/o:linux:linux_kernel:2.6.22_rc1 cpe:/o:linux:linux_kernel:2.6.22.8 cpe:/o:linux:linux_kernel:2.6.32.2 cpe:/o:linux:linux_kernel:2.6.29:rc2_git7 cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel:2.6.19.6 cpe:/o:linux:linux_kernel:2.6.25.17 cpe:/o:linux:linux_kernel:2.6.22.20 cpe:/o:linux:linux_kernel:2.6.25.4::x86_64 cpe:/o:linux:linux_kernel:2.6.32 cpe:/o:linux:linux_kernel:2.6.32.3 cpe:/o:linux:linux_kernel:2.2.27 cpe:/a:intel:e1000:7.4.27 cpe:/o:linux:linux_kernel:2.6.20.21 cpe:/o:linux:linux_kernel:2.6.26.5 cpe:/o:linux:linux_kernel:2.6.32:git-6 cpe:/o:linux:linux_kernel:2.6.23_rc1 cpe:/a:intel:e1000:5.6.10.1 cpe:/o:linux:linux_kernel:2.6.19.4 cpe:/a:intel:e1000:5.7.6 cpe:/o:linux:linux_kernel:2.6.23.17 cpe:/o:linux:linux_kernel:2.6.29:git1 cpe:/o:linux:linux_kernel:2.6.25.3 cpe:/o:linux:linux_kernel:2.6.18:rc2 cpe:/o:linux:linux_kernel:2.6.24.4 cpe:/o:linux:linux_kernel:2.6.18:rc3 cpe:/o:linux:linux_kernel:2.6.32.1 cpe:/o:linux:linux_kernel:2.6.24_rc1 cpe:/o:linux:linux_kernel:2.6.20.16 cpe:/a:intel:e1000:7.0.33 cpe:/o:linux:linux_kernel:2.6.22.14 cpe:/a:linux:kernel:2.6.24.7 cpe:/o:linux:linux_kernel:2.6.24_rc5 cpe:/o:linux:linux_kernel:2.6.25.1::x86_64 cpe:/o:linux:linux_kernel:2.6.32:rc8 cpe:/o:linux:linux_kernel:2.6.26.3 cpe:/o:linux:linux_kernel:2.6.19.5 cpe:/o:linux:linux_kernel:2.6.19.7 cpe:/a:intel:e1000:7.2.9 cpe:/o:linux:linux_kernel:2.6.21.5 cpe:/o:linux:linux_kernel:2.6.30:rc1 cpe:/o:linux:linux_kernel:2.6.25.11 cpe:/o:linux:linux_kernel:2.6.22.19 cpe:/o:linux:linux_kernel:2.6.23.16 cpe:/o:linux:linux_kernel:2.4.36 cpe:/a:intel:e1000:5.5.4 cpe:/o:linux:linux_kernel:2.6.25.8 cpe:/o:linux:linux_kernel:2.6.29:rc1 cpe:/o:linux:linux_kernel:2.6.25.9 cpe:/a:intel:e1000:7.0.41 cpe:/o:linux:linux_kernel:2.6.26.4 cpe:/o:linux:linux_kernel:2.6.28 cpe:/o:linux:linux_kernel:2.6.32:rc7 cpe:/o:linux:linux_kernel:2.6.22.1 cpe:/o:linux:linux_kernel:2.6.24.1 CVE-2010-0003 2010-01-26T13:30:01.010-05:00 2012-03-19T00:00:00.000-04:00 5.4 LOCAL MEDIUM NONE PARTIAL NONE COMPLETE http://nvd.nist.gov 2010-01-27T07:59:00.000-05:00 REDHAT RHSA-2010:0146 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=554578 CONFIRM http://www.vmware.com/security/advisories/VMSA-2011-0003.html BID 37724 BUGTRAQ 20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX REDHAT RHSA-2010:0161 REDHAT RHSA-2010:0147 MLIST [oss-security] 20100113 Re: CVE request - kernel: infoleak if print-fatal-signals=1 MLIST [oss-security] 20100112 CVE request - kernel: infoleak if print-fatal-signals=1 CONFIRM http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.32.4 DEBIAN DSA-2005 DEBIAN DSA-1996 SECUNIA 43315 SECUNIA 39033 SECUNIA 38779 SECUNIA 38492 SECUNIA 38333 CONFIRM http://patchwork.kernel.org/patch/69752/ SUSE SUSE-SA:2010:014 SUSE SUSE-SA:2010:012 SUSE SUSE-SA:2010:010 FEDORA FEDORA-2010-0919 CONFIRM http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=b45c6e76bc2c72f6426c14bed64fdcbc9bf37cb0 The print_fatal_signal function in kernel/signal.c in the Linux kernel before 2.6.32.4 on the i386 platform, when print-fatal-signals is enabled, allows local users to discover the contents of arbitrary memory locations by jumping to an address and then reading a log file, and might allow local users to cause a denial of service (system slowdown or crash) by jumping to an address. cpe:/a:viewvc:viewvc:1.0.1 cpe:/a:viewvc:viewvc:1.0.4 cpe:/a:viewvc:viewvc:1.0.7 cpe:/a:viewvc:viewvc:1.1.1 cpe:/a:viewvc:viewvc:1.0.3 cpe:/a:viewvc:viewvc:1.0.5 cpe:/a:viewvc:viewvc:1.0.2 cpe:/a:viewvc:viewvc:1.0.6 cpe:/a:viewvc:viewvc:1.1.0 cpe:/a:viewvc:viewvc:1.0.8 cpe:/a:viewvc:viewvc:1.1.2 CVE-2010-0004 2010-01-29T13:30:00.997-05:00 2010-02-02T00:00:00.000-05:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2010-02-01T09:07:00.000-05:00 FEDORA FEDORA-2009-13634 FEDORA FEDORA-2009-13610 MLIST [oss-security] 20100114 Re: CVE Request: viewvc MLIST [oss-security] 20100113 Re: CVE Request: viewvc MLIST [oss-security] 20100111 CVE Request: viewvc CONFIRM http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2300 CONFIRM http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?r1=2242&r2=2313&pathrev=HEAD CONFIRM http://viewvc.tigris.org/source/browse/*checkout*/viewvc/trunk/docs/release-notes/1.1.0.html?revision=2222 SUSE SUSE-SA:2010:008 ViewVC before 1.1.3 composes the root listing view without using the authorizer for each root, which might allow remote attackers to discover private root names by reading this view. cpe:/a:viewvc:viewvc:1.0.1 cpe:/a:viewvc:viewvc:1.0.4 cpe:/a:viewvc:viewvc:1.0.7 cpe:/a:viewvc:viewvc:1.1.1 cpe:/a:viewvc:viewvc:1.0.3 cpe:/a:viewvc:viewvc:1.0.5 cpe:/a:viewvc:viewvc:1.0.2 cpe:/a:viewvc:viewvc:1.0.6 cpe:/a:viewvc:viewvc:1.1.0 cpe:/a:viewvc:viewvc:1.0.8 cpe:/a:viewvc:viewvc:1.1.2 CVE-2010-0005 2010-01-29T13:30:01.057-05:00 2010-02-02T00:00:00.000-05:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2010-02-01T09:25:00.000-05:00 CONFIRM http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?r1=2242&r2=2313&pathrev=HEAD FEDORA FEDORA-2009-13634 FEDORA FEDORA-2009-13610 MLIST [oss-security] 20100113 Re: CVE Request: viewvc MLIST [oss-security] 20100111 CVE Request: viewvc CONFIRM http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2300 SUSE SUSE-SA:2010:008 query.py in the query interface in ViewVC before 1.1.3 does not reject configurations that specify an unsupported authorizer for a root, which might allow remote attackers to bypass intended access restrictions via a query. cpe:/o:linux:linux_kernel:2.6.23.12 cpe:/o:linux:linux_kernel:2.6.22.10 cpe:/a:intel:e1000:7.1.9 cpe:/a:intel:e1000:7.3.15 cpe:/o:linux:linux_kernel:2.6.26 cpe:/o:linux:linux_kernel:2.6.20.17 cpe:/o:linux:linux_kernel:2.6.23.10 cpe:/o:linux:linux_kernel:2.6.24.6 cpe:/o:linux:linux_kernel:2.6.21.7 cpe:/o:linux:linux_kernel:2.6.30:rc2 cpe:/o:linux:linux_kernel:2.6.29.rc1 cpe:/a:intel:e1000:6.3.9 cpe:/o:linux:linux_kernel:2.4.36.3 cpe:/o:linux:linux_kernel:2.6.24.2 cpe:/o:linux:linux_kernel:2.6.22.11 cpe:/a:intel:e1000:6.0.60 cpe:/o:linux:linux_kernel:2.6.32.4 cpe:/o:linux:linux_kernel:2.4.36.5 cpe:/o:linux:linux_kernel:2.6.32:rc4 cpe:/o:linux:linux_kernel:2.6.18:rc7 cpe:/o:linux:linux_kernel:2.6.25.13 cpe:/a:intel:e1000:7.3.20 cpe:/a:intel:e1000:6.0.54 cpe:/o:linux:linux_kernel:2.6.25.5::x86_64 cpe:/o:linux:linux_kernel:2.6.22 cpe:/o:linux:linux_kernel:2.6.22.22 cpe:/o:linux:linux_kernel:2.6.25.6::x86_64 cpe:/o:linux:linux_kernel:2.6.25.14 cpe:/o:linux:linux_kernel:2.6.20.19 cpe:/a:linux:kernel:2.6.25.15 cpe:/o:linux:linux_kernel:2.6.29.rc2-git1 cpe:/o:linux:linux_kernel:2.6.25.9::x86_64 cpe:/a:intel:e1000:5.3.19 cpe:/o:linux:linux_kernel:2.6.25.4 cpe:/o:linux:linux_kernel:2.6.24.3 cpe:/o:linux:linux_kernel:2.6.22.9 cpe:/o:linux:linux_kernel:2.4.36.6 cpe:/a:intel:e1000:6.2.15 cpe:/o:linux:linux_kernel:2.6.22.2 cpe:/o:linux:linux_kernel:2.6.30:rc7-git6 cpe:/a:intel:e1000:7.4.35 cpe:/o:linux:linux_kernel:2.6.18 cpe:/o:linux:linux_kernel:2.6.22.18 cpe:/o:linux:linux_kernel:2.6.20.18 cpe:/o:linux:linux_kernel:2.6.25.3::x86_64 cpe:/o:linux:linux_kernel:2.6.18:rc4 cpe:/o:linux:linux_kernel:2.6.24.5 cpe:/a:intel:e1000:6.1.16 cpe:/o:linux:linux_kernel:2.6.25.7::x86_64 cpe:/a:intel:e1000:5.2.52 cpe:/o:linux:linux_kernel:2.6.23.13 cpe:/o:linux:linux_kernel:2.6.30:rc3 cpe:/o:linux:linux_kernel:2.6.32:rc5 cpe:/o:linux:linux_kernel:2.6.24_rc4 cpe:/o:linux:linux_kernel:2.6.25.1 cpe:/o:linux:linux_kernel:2.6.25 cpe:/o:linux:linux_kernel:2.6.25.2::x86_64 cpe:/o:linux:linux_kernel:2.6.27 cpe:/o:linux:linux_kernel:2.6.25.10::x86_64 cpe:/o:linux:linux_kernel:2.6.25.6 cpe:/o:linux:linux_kernel:2.6.26.2 cpe:/o:linux:linux_kernel:2.6.32:rc3 cpe:/o:linux:linux_kernel:2.6.18:rc6 cpe:/a:intel:e1000:5.2.30.1 cpe:/o:linux:linux_kernel:2.6.25.5 cpe:/o:linux:linux_kernel:2.6.22.15 cpe:/o:linux:linux_kernel:2.6.32:rc6 cpe:/o:linux:linux_kernel:2.6.20.20 cpe:/a:intel:e1000:5.2.22 cpe:/o:linux:linux_kernel:2.6.25.16 cpe:/a:intel:e1000:5.4.11 cpe:/o:linux:linux_kernel:2.6.25.8::x86_64 cpe:/o:linux:linux_kernel:2.6.29:rc2 cpe:/o:linux:linux_kernel:2.6.26.1 cpe:/a:intel:e1000:7.2.7 cpe:/o:linux:linux_kernel:2.6.22_rc7 cpe:/o:linux:linux_kernel:2.4.36.2 cpe:/o:linux:linux_kernel:2.6.23.9 cpe:/o:linux:linux_kernel:2.6.25.7 cpe:/o:linux:linux_kernel:2.6.23.11 cpe:/o:linux:linux_kernel:2.4.36.1 cpe:/o:linux:linux_kernel:2.6.22.12 cpe:/o:linux:linux_kernel:2.6.23.15 cpe:/o:linux:linux_kernel:2.6.18:rc1 cpe:/o:linux:linux_kernel:2.6.25.12 cpe:/o:linux:linux_kernel:2.6.25.2 cpe:/o:linux:linux_kernel:2.6.23 cpe:/o:linux:linux_kernel:2.6.25.10 cpe:/o:linux:linux_kernel:2.6.22.17 cpe:/o:linux:linux_kernel:2.4.36.4 cpe:/o:linux:linux_kernel:2.6.29 cpe:/o:linux:linux_kernel:2.6.32:rc1 cpe:/o:linux:linux_kernel:2.6.25.11::x86_64 cpe:/o:linux:linux_kernel:2.6.21.6 cpe:/o:linux:linux_kernel:2.6.18:rc5 cpe:/o:linux:linux_kernel:2.6.22.13 cpe:/a:intel:e1000:5.6.10 cpe:/o:linux:linux_kernel:2.6.29:rc8-kk cpe:/o:linux:linux_kernel:2.6.24 cpe:/o:linux:linux_kernel:2.6.25::x86_64 cpe:/o:linux:linux_kernel:2.6.25.12::x86_64 cpe:/o:linux:linux_kernel:2.6.22.21 cpe:/o:linux:linux_kernel:2.6.29.3 cpe:/o:linux:linux_kernel:2.6.23.8 cpe:/o:linux:linux_kernel:2.6.22_rc1 cpe:/o:linux:linux_kernel:2.6.22.8 cpe:/o:linux:linux_kernel:2.6.32.2 cpe:/o:linux:linux_kernel:2.6.29:rc2_git7 cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel:2.6.19.6 cpe:/o:linux:linux_kernel:2.6.25.17 cpe:/o:linux:linux_kernel:2.6.22.20 cpe:/o:linux:linux_kernel:2.6.25.4::x86_64 cpe:/o:linux:linux_kernel:2.6.32 cpe:/o:linux:linux_kernel:2.6.32.3 cpe:/o:linux:linux_kernel:2.2.27 cpe:/a:intel:e1000:7.4.27 cpe:/o:linux:linux_kernel:2.6.20.21 cpe:/o:linux:linux_kernel:2.6.26.5 cpe:/o:linux:linux_kernel:2.6.32:git-6 cpe:/o:linux:linux_kernel:2.6.23_rc1 cpe:/a:intel:e1000:5.6.10.1 cpe:/o:linux:linux_kernel:2.6.19.4 cpe:/a:intel:e1000:5.7.6 cpe:/o:linux:linux_kernel:2.6.23.17 cpe:/o:linux:linux_kernel:2.6.29:git1 cpe:/o:linux:linux_kernel:2.6.25.3 cpe:/o:linux:linux_kernel:2.6.18:rc2 cpe:/o:linux:linux_kernel:2.6.24.4 cpe:/o:linux:linux_kernel:2.6.18:rc3 cpe:/o:linux:linux_kernel:2.6.32.1 cpe:/o:linux:linux_kernel:2.6.24_rc1 cpe:/o:linux:linux_kernel:2.6.20.16 cpe:/a:intel:e1000:7.0.33 cpe:/o:linux:linux_kernel:2.6.22.14 cpe:/a:linux:kernel:2.6.24.7 cpe:/o:linux:linux_kernel:2.6.24_rc5 cpe:/o:linux:linux_kernel:2.6.25.1::x86_64 cpe:/o:linux:linux_kernel:2.6.32:rc8 cpe:/o:linux:linux_kernel:2.6.26.3 cpe:/o:linux:linux_kernel:2.6.19.5 cpe:/o:linux:linux_kernel:2.6.19.7 cpe:/a:intel:e1000:7.2.9 cpe:/o:linux:linux_kernel:2.6.21.5 cpe:/o:linux:linux_kernel:2.6.30:rc1 cpe:/o:linux:linux_kernel:2.6.25.11 cpe:/o:linux:linux_kernel:2.6.22.19 cpe:/o:linux:linux_kernel:2.6.23.16 cpe:/o:linux:linux_kernel:2.4.36 cpe:/a:intel:e1000:5.5.4 cpe:/o:linux:linux_kernel:2.6.25.8 cpe:/o:linux:linux_kernel:2.6.29:rc1 cpe:/o:linux:linux_kernel:2.6.25.9 cpe:/a:intel:e1000:7.0.41 cpe:/o:linux:linux_kernel:2.6.26.4 cpe:/o:linux:linux_kernel:2.6.28 cpe:/o:linux:linux_kernel:2.6.32:rc7 cpe:/o:linux:linux_kernel:2.6.22.1 cpe:/o:linux:linux_kernel:2.6.24.1 CVE-2010-0006 2010-01-26T13:30:01.057-05:00 2012-03-19T00:00:00.000-04:00 7.1 NETWORK MEDIUM NONE NONE NONE COMPLETE http://nvd.nist.gov 2010-01-27T09:19:00.000-05:00 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=555217 BID 37810 OSVDB 61876 MLIST [oss-security] 20100114 CVE-2010-0006 - kernel: ipv6: skb_dst() can be NULL in ipv6_hop_jumbo() CONFIRM http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.32.4 CONFIRM http://security-tracker.debian.org/tracker/CVE-2010-0006 SECUNIA 38333 SECUNIA 38168 MLIST [linux-netdev] 20100114 [PATCH]: ipv6: skb_dst() can be NULL in ipv6_hop_jumbo(). SUSE SUSE-SA:2010:010 FEDORA FEDORA-2010-0919 CONFIRM http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=2570a4f5428bcdb1077622342181755741e7fa60 MISC http://cert.fi/en/reports/2010/vulnerability341748.html CONFIRM http://bugs.gentoo.org/show_bug.cgi?id=300951 The ipv6_hop_jumbo function in net/ipv6/exthdrs.c in the Linux kernel before 2.6.32.4, when network namespaces are enabled, allows remote attackers to cause a denial of service (NULL pointer dereference) via an invalid IPv6 jumbogram, a related issue to CVE-2007-4567. cpe:/o:linux:linux_kernel:2.6.12.2 cpe:/o:linux:linux_kernel:2.6.1 cpe:/o:linux:linux_kernel:2.6.22.7 cpe:/o:linux:linux_kernel:2.6.16.27 cpe:/o:linux:linux_kernel:2.6.23.2 cpe:/o:linux:linux_kernel:2.6.17.13 cpe:/o:linux:linux_kernel:2.6.11.6 cpe:/o:linux:linux_kernel:2.6.16.13 cpe:/o:linux:linux_kernel:2.6.24:rc4 cpe:/o:linux:linux_kernel:2.6.16.14 cpe:/o:linux:linux_kernel:2.6.16.24 cpe:/o:linux:linux_kernel:2.6.24:rc5 cpe:/o:linux:linux_kernel:2.6.17.5 cpe:/o:linux:linux_kernel:2.6.16.15 cpe:/o:linux:linux_kernel:2.6.11 cpe:/o:linux:linux_kernel:2.6.16.8 cpe:/o:linux:linux_kernel:2.6.32.4 cpe:/o:linux:linux_kernel:2.6.16 cpe:/o:linux:linux_kernel:2.6.22 cpe:/o:linux:linux_kernel:2.6.16.3 cpe:/o:linux:linux_kernel:2.6.16.11 cpe:/o:linux:linux_kernel:2.6.15 cpe:/o:linux:linux_kernel:2.6.17.4 cpe:/o:linux:linux_kernel:2.6.17.1 cpe:/o:linux:linux_kernel:2.6.18.1 cpe:/o:linux:linux_kernel:2.6.23:rc1 cpe:/o:linux:linux_kernel:2.6.15.3 cpe:/o:linux:linux_kernel:2.6.11.3 cpe:/o:linux:linux_kernel:2.6.24:rc1 cpe:/o:linux:linux_kernel:2.6.23.5 cpe:/o:linux:linux_kernel:2.6.22.4 cpe:/o:linux:linux_kernel:2.6.22.2 cpe:/o:linux:linux_kernel:2.6.15.7 cpe:/o:linux:linux_kernel:2.6.11.9 cpe:/o:linux:linux_kernel:2.6.12.1 cpe:/o:linux:linux_kernel:2.6.18.4 cpe:/o:linux:linux_kernel:2.6.23.6 cpe:/o:linux:linux_kernel:2.6.16.7 cpe:/o:linux:linux_kernel:2.6.24:rc2 cpe:/o:linux:linux_kernel:2.6.14.4 cpe:/o:linux:linux_kernel:2.6.14.6 cpe:/o:linux:linux_kernel:2.6.22.5 cpe:/o:linux:linux_kernel:2.6.16.31 cpe:/o:linux:linux_kernel:2.6.11.2 cpe:/o:linux:linux_kernel:2.6.17.7 cpe:/o:linux:linux_kernel:2.6.16.22 cpe:/o:linux:linux_kernel:2.6.0 cpe:/o:linux:linux_kernel:2.6.16.12 cpe:/o:linux:linux_kernel:2.6.12.3 cpe:/o:linux:linux_kernel:2.6.11.4 cpe:/o:linux:linux_kernel:2.6.16.26 cpe:/o:linux:linux_kernel:2.6.3 cpe:/o:linux:linux_kernel:2.6.11.12 cpe:/o:linux:linux_kernel:2.6.15.2 cpe:/o:linux:linux_kernel:2.6.17.11 cpe:/o:linux:linux_kernel:2.6.18.6 cpe:/o:linux:linux_kernel:2.6.9 cpe:/o:linux:linux_kernel:2.6.16.17 cpe:/o:linux:linux_kernel:2.6.18.8 cpe:/o:linux:linux_kernel:2.6.16.1 cpe:/o:linux:linux_kernel:2.6.17.6 cpe:/o:linux:linux_kernel:2.6.16.28 cpe:/o:linux:linux_kernel:2.6.16.30 cpe:/o:linux:linux_kernel:2.6.16.18 cpe:/o:linux:linux_kernel:2.6.17.10 cpe:/o:linux:linux_kernel:2.6.13.3 cpe:/o:linux:linux_kernel:2.6.16.4 cpe:/o:linux:linux_kernel:2.6.15.1 cpe:/o:linux:linux_kernel:2.6.17.9 cpe:/o:linux:linux_kernel:2.6.23 cpe:/o:linux:linux_kernel:2.6.16.19 cpe:/o:linux:linux_kernel:2.6.13.5 cpe:/o:linux:linux_kernel:2.6.14.7 cpe:/o:linux:linux_kernel:2.6.17.12 cpe:/o:linux:linux_kernel:2.6.33:rc1 cpe:/o:linux:linux_kernel:2.6.16.25 cpe:/o:linux:linux_kernel:2.6.13.2 cpe:/o:linux:linux_kernel:2.6.16.2 cpe:/o:linux:linux_kernel:2.6.8.1 cpe:/o:linux:linux_kernel:2.6.15.6 cpe:/o:linux:linux_kernel:2.6.12 cpe:/o:linux:linux_kernel:2.6.17.14 cpe:/o:linux:linux_kernel:2.6.23.3 cpe:/o:linux:linux_kernel:2.6.24:rc3 cpe:/o:linux:linux_kernel:2.6.23:rc2 cpe:/o:linux:linux_kernel:2.6.18.7 cpe:/o:linux:linux_kernel:2.6.13.1 cpe:/o:linux:linux_kernel:2.6.32.2 cpe:/o:linux:linux_kernel:2.6.17.8 cpe:/o:linux:linux_kernel:2.6.33:rc3 cpe:/o:linux:linux_kernel:2.6.16.20 cpe:/o:linux:linux_kernel:2.6.18.2 cpe:/o:linux:linux_kernel:2.6.12.5 cpe:/o:linux:linux_kernel:2.6.18.3 cpe:/o:linux:linux_kernel:2.6.15.5 cpe:/o:linux:linux_kernel:2.6.32 cpe:/o:linux:linux_kernel:2.6.32.3 cpe:/o:linux:linux_kernel:2.6.17.3 cpe:/o:linux:linux_kernel:2.6.23.4 cpe:/o:linux:linux_kernel:2.6.13.4 cpe:/o:linux:linux_kernel:2.6.5 cpe:/o:linux:linux_kernel:2.6.7 cpe:/o:linux:linux_kernel:2.6.16.16 cpe:/o:linux:linux_kernel:2.6.33:rc2 cpe:/o:linux:linux_kernel:2.6.14.5 cpe:/o:linux:linux_kernel:2.6.12.6 cpe:/o:linux:linux_kernel:2.6.16.9 cpe:/o:linux:linux_kernel:2.6.23.7 cpe:/o:linux:linux_kernel:2.6.12.4 cpe:/o:linux:linux_kernel:2.6.23.1 cpe:/o:linux:linux_kernel:2.6.11.8 cpe:/o:linux:linux_kernel:2.6.16.5 cpe:/o:linux:linux_kernel:2.6.22.6 cpe:/o:linux:linux_kernel:2.6.4 cpe:/o:linux:linux_kernel:2.6.13 cpe:/o:linux:linux_kernel:2.6.22.3 cpe:/o:linux:linux_kernel:2.6.16.23 cpe:/o:linux:linux_kernel:2.6.32.1 cpe:/o:linux:linux_kernel:2.6.11.5 cpe:/o:linux:linux_kernel:2.6.16.10 cpe:/o:linux:linux_kernel:2.6.16.29 cpe:/o:linux:linux_kernel:2.6.17 cpe:/o:linux:linux_kernel:2.6.17.2 cpe:/o:linux:linux_kernel:2.6.2 cpe:/o:linux:linux_kernel:2.6.15.4 cpe:/o:linux:linux_kernel:2.6.11.11 cpe:/o:linux:linux_kernel:2.6.11.7 cpe:/o:linux:linux_kernel:2.6.18.5 cpe:/o:linux:linux_kernel:2.6.10 cpe:/o:linux:linux_kernel:2.6.16.6 cpe:/o:linux:linux_kernel:2.6.14 cpe:/o:linux:linux_kernel:2.6.8 cpe:/o:linux:linux_kernel:2.6.11.1 cpe:/o:linux:linux_kernel:2.6.14.1 cpe:/o:linux:linux_kernel:2.6.14.3 cpe:/o:linux:linux_kernel:2.6.6 cpe:/o:linux:linux_kernel:2.6.16.21 cpe:/o:linux:linux_kernel:2.6.11.10 CVE-2010-0007 2010-01-19T11:30:01.057-05:00 2012-03-19T00:00:00.000-04:00 2.1 LOCAL LOW NONE NONE PARTIAL NONE http://nvd.nist.gov 2010-01-20T11:48:00.000-05:00 VUPEN ADV-2010-0109 REDHAT RHSA-2010:0146 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=555238 XF kernel-ebtables-security-bypass(55602) CONFIRM http://www.vmware.com/security/advisories/VMSA-2011-0003.html BID 37762 BUGTRAQ 20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX REDHAT RHSA-2010:0161 REDHAT RHSA-2010:0147 MLIST [oss-security] 20100114 Re: CVE Request: kernel ebtables perm check MLIST [oss-security] 20100113 CVE Request: kernel ebtables perm check MANDRIVA MDVSA-2011:051 CONFIRM http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.33-rc4 DEBIAN DSA-2005 DEBIAN DSA-1996 SECUNIA 43315 SECUNIA 39033 SECUNIA 38779 SECUNIA 38492 SECUNIA 38333 SECUNIA 38296 SECUNIA 38133 SUSE SUSE-SA:2010:014 SUSE SUSE-SA:2010:013 SUSE SUSE-SA:2010:012 SUSE SUSE-SA:2010:010 SUSE SUSE-SA:2010:007 FEDORA FEDORA-2010-0919 CONFIRM http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=dce766af541f6605fa9889892c0280bab31c66ab net/bridge/netfilter/ebtables.c in the ebtables module in the netfilter framework in the Linux kernel before 2.6.33-rc4 does not require the CAP_NET_ADMIN capability for setting or modifying rules, which allows local users to bypass intended access restrictions and configure arbitrary network-traffic filtering via a modified ebtables application. cpe:/o:linux:linux_kernel:2.6.16.40 cpe:/o:linux:linux_kernel:2.6.20.17 cpe:/o:linux:linux_kernel:2.6.11.6 cpe:/o:linux:linux_kernel:2.6.16.14 cpe:/o:linux:linux_kernel:2.6.17.5 cpe:/o:linux:linux_kernel:2.6.16.15 cpe:/o:linux:linux_kernel:2.6.14.2 cpe:/o:linux:linux_kernel:2.6.11 cpe:/o:linux:linux_kernel:2.6.22.11 cpe:/o:linux:linux_kernel:2.6.16.52 cpe:/o:linux:linux_kernel:2.6.18:rc7 cpe:/o:linux:linux_kernel:2.6.16 cpe:/o:linux:linux_kernel:2.6.19 cpe:/o:linux:linux_kernel:2.6.22 cpe:/o:linux:linux_kernel:2.6.16.11 cpe:/o:linux:linux_kernel:2.6.15 cpe:/o:linux:linux_kernel:2.6.17.4 cpe:/o:linux:linux_kernel:2.6.17.1 cpe:/o:linux:linux_kernel:2.6.20.19 cpe:/o:linux:linux_kernel:2.6.20.4 cpe:/o:linux:linux_kernel:2.6.11.3 cpe:/o:linux:linux_kernel:2.6.16.47 cpe:/o:linux:linux_kernel:2.6.20.10 cpe:/o:linux:linux_kernel:2.6.22.4 cpe:/o:linux:linux_kernel:2.6.11.9 cpe:/o:linux:linux_kernel:2.6.12.1 cpe:/o:linux:linux_kernel:2.6.18 cpe:/o:linux:linux_kernel:2.6.22.18 cpe:/o:linux:linux_kernel:2.6.20.18 cpe:/o:linux:linux_kernel:2.6.18.4 cpe:/o:linux:linux_kernel:2.6.18:rc4 cpe:/o:linux:linux_kernel:2.6.16.7 cpe:/o:linux:linux_kernel:2.6.14.4 cpe:/o:linux:linux_kernel:2.6.22.5 cpe:/o:linux:linux_kernel:2.6.16.31 cpe:/o:linux:linux_kernel:2.6.16.53 cpe:/o:linux:linux_kernel:2.6.16.22 cpe:/o:linux:linux_kernel:2.6.22.15 cpe:/o:linux:linux_kernel:2.6.0 cpe:/o:linux:linux_kernel:2.6.16.26 cpe:/o:linux:linux_kernel:2.6.12.3 cpe:/o:linux:linux_kernel:2.6.18.6 cpe:/o:linux:linux_kernel:2.6.16.17 cpe:/o:linux:linux_kernel:2.6.16.1 cpe:/o:linux:linux_kernel:2.6.16.61 cpe:/o:linux:linux_kernel:2.6.22.12 cpe:/o:linux:linux_kernel:2.6.16.30 cpe:/o:linux:linux_kernel:2.6.18:rc1 cpe:/o:linux:linux_kernel:2.6.16.4 cpe:/o:linux:linux_kernel:2.6.16.35 cpe:/o:linux:linux_kernel:2.6.13.3 cpe:/o:linux:linux_kernel:2.6.15.1 cpe:/o:linux:linux_kernel:2.6.17.9 cpe:/o:linux:linux_kernel:2.6.16.19 cpe:/o:linux:linux_kernel:2.6.13.5 cpe:/o:linux:linux_kernel:2.6.16.62 cpe:/o:linux:linux_kernel:2.6.22.17 cpe:/o:linux:linux_kernel:2.6.17.12 cpe:/o:linux:linux_kernel:2.6.16.46 cpe:/o:linux:linux_kernel:2.6.22.13 cpe:/o:linux:linux_kernel:2.6.15.6 cpe:/o:linux:linux_kernel:2.6.17.14 cpe:/o:linux:linux_kernel:2.6.16.50 cpe:/o:linux:linux_kernel:2.6.13.1 cpe:/o:linux:linux_kernel:2.6.16.33 cpe:/o:linux:linux_kernel:2.6.16.20 cpe:/o:linux:linux_kernel:2.6.12.5 cpe:/o:linux:linux_kernel:2.6.16.54 cpe:/o:linux:linux_kernel:2.6.17.3 cpe:/o:linux:linux_kernel:2.6.13.4 cpe:/o:linux:linux_kernel:2.6.19.2 cpe:/o:linux:linux_kernel:2.6.16.16 cpe:/o:linux:linux_kernel:2.6.20.9 cpe:/o:linux:linux_kernel:2.6.20.14 cpe:/o:linux:linux_kernel:2.6.16.9 cpe:/o:linux:linux_kernel:2.6.20.21 cpe:/o:linux:linux_kernel:2.6.19.4 cpe:/o:linux:linux_kernel:2.6.21.3 cpe:/o:linux:linux_kernel:2.6.18:rc2 cpe:/o:linux:linux_kernel:2.6.22.3 cpe:/o:linux:linux_kernel:2.6.20.16 cpe:/o:linux:linux_kernel:2.6.11.5 cpe:/o:linux:linux_kernel:2.6.17.2 cpe:/o:linux:linux_kernel:2.6.19.5 cpe:/o:linux:linux_kernel:2.6.2 cpe:/o:linux:linux_kernel:2.6.20.15 cpe:/o:linux:linux_kernel:2.6.20.6 cpe:/o:linux:linux_kernel:2.6.21.5 cpe:/o:linux:linux_kernel:2.6.10 cpe:/o:linux:linux_kernel:2.6.16.6 cpe:/o:linux:linux_kernel:2.6.18.5 cpe:/o:linux:linux_kernel:2.6.14.1 cpe:/o:linux:linux_kernel:2.6.22.16 cpe:/o:linux:linux_kernel:2.6.16.21 cpe:/o:linux:linux_kernel:2.6.21.1 cpe:/o:linux:linux_kernel:2.6.22.1 cpe:/o:linux:linux_kernel:2.6.12.2 cpe:/o:linux:linux_kernel:2.6.1 cpe:/o:linux:linux_kernel:2.6.22.10 cpe:/o:linux:linux_kernel:2.6.22.7 cpe:/o:linux:linux_kernel:2.6.16.42 cpe:/o:linux:linux_kernel:2.6.16.27 cpe:/o:linux:linux_kernel:2.6.16.56 cpe:/o:linux:linux_kernel:2.6.16.38 cpe:/o:linux:linux_kernel:2.6.17.13 cpe:/o:linux:linux_kernel:2.6.16.13 cpe:/o:linux:linux_kernel:2.6.21.7 cpe:/o:linux:linux_kernel:2.6.19.3 cpe:/o:linux:linux_kernel:2.6.16.24 cpe:/o:linux:linux_kernel:2.6.16.55 cpe:/o:linux:linux_kernel:2.6.16.32 cpe:/o:linux:linux_kernel:2.6.16.8 cpe:/o:linux:linux_kernel:2.6.16.34 cpe:/o:linux:linux_kernel:2.6.19.1 cpe:/o:linux:linux_kernel:2.6.16.3 cpe:/o:linux:linux_kernel:2.6.18.1 cpe:/o:linux:linux_kernel:2.6.15.3 cpe:/o:linux:linux_kernel:2.6.20 cpe:/o:linux:linux_kernel:2.6.22.9 cpe:/o:linux:linux_kernel:2.6.22.2 cpe:/o:linux:linux_kernel:2.6.15.7 cpe:/o:linux:linux_kernel:2.6.16.44 cpe:/o:linux:linux_kernel:2.6.20.8 cpe:/o:linux:linux_kernel:2.6.16.59 cpe:/o:linux:linux_kernel:2.6.14.6 cpe:/o:linux:linux_kernel:2.6.16.37 cpe:/o:linux:linux_kernel:2.6.11.2 cpe:/o:linux:linux_kernel:2.6.17.7 cpe:/o:linux:linux_kernel:2.6.18:rc6 cpe:/o:linux:linux_kernel:2.6.20.3 cpe:/o:linux:linux_kernel:2.6.16.12 cpe:/o:linux:linux_kernel:2.6.20.20 cpe:/o:linux:linux_kernel:2.6.16.51 cpe:/o:linux:linux_kernel:2.6.16.41 cpe:/o:linux:linux_kernel:2.6.11.4 cpe:/o:linux:linux_kernel:2.6.11.12 cpe:/o:linux:linux_kernel:2.6.15.2 cpe:/o:linux:linux_kernel:2.6.17.11 cpe:/o:linux:linux_kernel:2.6.18.8 cpe:/o:linux:linux_kernel:2.6.17.6 cpe:/o:linux:linux_kernel:2.6.16.57 cpe:/o:linux:linux_kernel:2.6.16.28 cpe:/o:linux:linux_kernel:2.6.16.18 cpe:/o:linux:linux_kernel:2.6.17.10 cpe:/o:linux:linux_kernel:2.6.16.58 cpe:/o:linux:linux_kernel:2.6.14.7 cpe:/o:linux:linux_kernel:2.6.21.4 cpe:/o:linux:linux_kernel:2.6.16.25 cpe:/o:linux:linux_kernel:2.6.20.1 cpe:/o:linux:linux_kernel:2.6.21.2 cpe:/o:linux:linux_kernel:2.6.13.2 cpe:/o:linux:linux_kernel:2.6.18:rc5 cpe:/o:linux:linux_kernel:2.6.21.6 cpe:/o:linux:linux_kernel:2.6.16.2 cpe:/o:linux:linux_kernel:2.6.12 cpe:/o:linux:linux_kernel:2.6.16.45 cpe:/o:linux:linux_kernel:2.6.20.2 cpe:/o:linux:linux_kernel:2.6.20.5 cpe:/o:linux:linux_kernel:2.6.16.49 cpe:/o:linux:linux_kernel:2.6.22.8 cpe:/o:linux:linux_kernel:2.6.18.7 cpe:/o:linux:linux_kernel:2.6.17.8 cpe:/o:linux:linux_kernel:2.6.21 cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel:2.6.18.2 cpe:/o:linux:linux_kernel:2.6.19.6 cpe:/o:linux:linux_kernel:2.6.18.3 cpe:/o:linux:linux_kernel:2.6.15.5 cpe:/o:linux:linux_kernel:2.6.16.36 cpe:/o:linux:linux_kernel:2.6.14.5 cpe:/o:linux:linux_kernel:2.6.12.6 cpe:/o:linux:linux_kernel:2.6.12.4 cpe:/o:linux:linux_kernel:2.6.11.8 cpe:/o:linux:linux_kernel:2.6.16.5 cpe:/o:linux:linux_kernel:2.6.16.39 cpe:/o:linux:linux_kernel:2.6.22.6 cpe:/o:linux:linux_kernel:2.6.13 cpe:/o:linux:linux_kernel:2.6.18:rc3 cpe:/o:linux:linux_kernel:2.6.16.23 cpe:/o:linux:linux_kernel:2.6.16.43 cpe:/o:linux:linux_kernel:2.6.20.7 cpe:/o:linux:linux_kernel:2.6.22.14 cpe:/o:linux:linux_kernel:2.6.16.10 cpe:/o:linux:linux_kernel:2.6.16.29 cpe:/o:linux:linux_kernel:2.6.17 cpe:/o:linux:linux_kernel:2.6.19.7 cpe:/o:linux:linux_kernel:2.6.20.11 cpe:/o:linux:linux_kernel:2.6.20.13 cpe:/o:linux:linux_kernel:2.6.15.4 cpe:/o:linux:linux_kernel:2.6.11.11 cpe:/o:linux:linux_kernel:2.6.22.19 cpe:/o:linux:linux_kernel:2.6.16.48 cpe:/o:linux:linux_kernel:2.6.11.7 cpe:/o:linux:linux_kernel:2.6.14 cpe:/o:linux:linux_kernel:2.6.16.60 cpe:/o:linux:linux_kernel:2.6.11.1 cpe:/o:linux:linux_kernel:2.6.14.3 cpe:/o:linux:linux_kernel:2.6.11.10 cpe:/o:linux:linux_kernel:2.6.20.12 CVE-2010-0008 2010-03-19T15:30:00.360-04:00 2012-03-19T00:00:00.000-04:00 7.8 NETWORK LOW NONE NONE NONE COMPLETE http://nvd.nist.gov 2010-03-22T15:44:00.000-04:00 MLIST [oss-security] 20100317 CVE-2010-0008 kernel: sctp remote denial of service CONFIRM http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ece25dfa0991f65c4e1d26beb1c3c45bda4239b8 REDHAT RHSA-2010:0146 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=555658 CONFIRM http://www.vmware.com/security/advisories/VMSA-2011-0003.html BUGTRAQ 20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX REDHAT RHSA-2010:0342 REDHAT RHSA-2010:0147 CONFIRM http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.23 SECUNIA 43315 SECUNIA 39295 The sctp_rcv_ootb function in the SCTP implementation in the Linux kernel before 2.6.23 allows remote attackers to cause a denial of service (infinite loop) via (1) an Out Of The Blue (OOTB) chunk or (2) a chunk of zero length. cpe:/a:apache:couchdb:0.9.0 cpe:/a:apache:couchdb:0.8.0 cpe:/a:apache:couchdb:0.9.1 cpe:/a:apache:couchdb:0.9.2 cpe:/a:apache:couchdb:0.8.1 cpe:/a:apache:couchdb:0.10.0 cpe:/a:apache:couchdb:0.10.1 CVE-2010-0009 2010-04-05T12:30:00.547-04:00 2010-06-07T00:00:00.000-04:00 4.3 NETWORK MEDIUM NONE PARTIAL NONE NONE http://nvd.nist.gov 2010-04-06T15:16:00.000-04:00 CONFIRM http://couchdb.apache.org/security.html CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=578572 BID 39116 BUGTRAQ 20100331 [SECURITY] CVE-2008-2370: Apache CouchDB Timing Attack Vulnerability OSVDB 63350 SECUNIA 39146 BUGTRAQ 20100331 [SECURITY] CVE-2008-2370: Apache CouchDB Timing Attack Vulnerability Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain sensitive information by measuring the completion time of operations that verify (1) hashes or (2) passwords. cpe:/a:apache:http_server:1.3.31 cpe:/a:apache:http_server:1.2.4 cpe:/a:apache:http_server:1.3.10 cpe:/a:apache:http_server:1.3.33 cpe:/a:apache:http_server:1.3.15 cpe:/a:apache:http_server:1.3 cpe:/a:apache:http_server:1.3.11 cpe:/a:apache:http_server:1.3.19 cpe:/a:apache:http_server:1.3.41 cpe:/a:apache:http_server:1.3.2 cpe:/a:apache:http_server:0.8.11 cpe:/a:apache:http_server:1.3.30 cpe:/a:apache:http_server:1.3.34 cpe:/a:apache:http_server:1.3.24 cpe:/a:apache:http_server:1.3.28 cpe:/a:apache:http_server:1.0 cpe:/a:apache:http_server:1.2.5 cpe:/a:apache:http_server:1.3.0 cpe:/a:apache:http_server:1.3.13 cpe:/a:apache:http_server:1.3.12 cpe:/a:apache:http_server:1.3.26 cpe:/a:apache:http_server:1.3.27 cpe:/a:apache:http_server:1.2 cpe:/a:apache:http_server:1.3.14 cpe:/a:apache:http_server:1.3.1 cpe:/a:apache:http_server:1.3.29 cpe:/a:apache:http_server:1.3.35 cpe:/a:apache:http_server:1.3.4 cpe:/a:apache:http_server:1.3.32 cpe:/a:apache:http_server:1.3.17 cpe:/a:apache:http_server:1.3.18 cpe:/a:apache:http_server:1.3.36 cpe:/a:apache:http_server:1.2.6 cpe:/a:apache:http_server:1.3.22 cpe:/a:apache:http_server:1.0.3 cpe:/a:apache:http_server:1.3.20 cpe:/a:apache:http_server:1.3.38 cpe:/a:apache:http_server:1.3.40 cpe:/a:apache:http_server:1.3.37 cpe:/a:apache:http_server:1.3.25 cpe:/a:apache:http_server:1.3.3 cpe:/a:apache:http_server:1.3.39 cpe:/a:apache:http_server:1.0.5 cpe:/a:apache:http_server:1.1 cpe:/a:apache:http_server:0.8.14 cpe:/a:apache:http_server:1.3.23 CVE-2010-0010 2010-02-02T11:30:02.437-05:00 2011-09-06T23:05:17.817-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2010-02-03T10:30:00.000-05:00 XF modproxy-approxysendfb-bo(55941) VUPEN ADV-2010-1001 VUPEN ADV-2010-0240 SECTRACK 1023533 BID 37966 BUGTRAQ 20100127 Mod_proxy from apache 1.3 - Integer overflow which causes heap overflow. MISC http://site.pi3.com.pl/adv/mod_proxy.txt SECUNIA 39656 SECUNIA 38319 MISC http://packetstormsecurity.org/1001-exploits/modproxy-overflow.txt HP SSRT090208 HP HPSBOV02683 SUSE SUSE-SR:2010:010 CONFIRM http://httpd.apache.org/dev/dist/CHANGES_1.3.42 MISC http://blog.pi3.com.pl/?p=69 FULLDISC 20100127 Mod_proxy from apache 1.3 - Integer overflow which causes heap overflow. Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow. cpe:/a:uzbl:uzbl:2009.12.22 CVE-2010-0011 2010-02-25T14:30:00.437-05:00 2010-04-28T01:44:55.297-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2010-02-26T12:50:00.000-05:00 CONFIRM http://github.com/Dieterbe/uzbl/downloads XF uzbl-evaljs-command-execution(56612) CONFIRM http://www.uzbl.org/news.php?id=22 MLIST [oss-security] 20100106 Re: CVE request - uzbl remote code execution MLIST [oss-security] 20100106 CVE request - uzbl remote code execution MLIST [uzbl-dev] 20100102 Fw: Uzbl: security issue CONFIRM http://github.com/Dieterbe/uzbl/commit/1958b52d41cba96956dc1995660de49525ed1047 The eval_js function in uzbl-core.c in Uzbl before 2010.01.05 exposes the run method of the Uzbl object, which allows remote attackers to execute arbitrary commands via JavaScript code. cpe:/a:transmissionbt:transmission:1.75 cpe:/a:transmissionbt:transmission:1.34 cpe:/a:transmissionbt:transmission:1.22 cpe:/a:transmissionbt:transmission:1.76 CVE-2010-0012 2010-01-08T12:30:02.317-05:00 2010-03-26T01:36:34.233-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2010-01-11T07:42:00.000-05:00 CONFIRM https://launchpad.net/bugs/500625 XF transmission-name-directory-traversal(55454) VUPEN ADV-2010-0071 MLIST [oss-security] 20100106 Re: CVE Request: Transmission MLIST [oss-security] 20100106 CVE Request: Transmission MLIST [debian-devel-changes] 20100105 Accepted transmission 1.77-1 (source all amd64) DEBIAN DSA-1967 CONFIRM http://trac.transmissionbt.com/wiki/Changes#version-1.77 CONFIRM http://trac.transmissionbt.com/changeset/9829/ CONFIRM http://security.debian.org/pool/updates/main/t/transmission/transmission_1.22-1+lenny2.diff.gz SECUNIA 38005 SECUNIA 37993 SUSE SUSE-SA:2010:008 Directory traversal vulnerability in libtransmission/metainfo.c in Transmission 1.22, 1.34, 1.75, and 1.76 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a pathname within a .torrent file. cpe:/a:adium:adium:1.3.8 cpe:/a:pidgin:pidgin:2.6.4 CVE-2010-0013 2010-01-09T13:30:01.697-05:00 2013-01-04T00:00:00.000-05:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2010-01-11T09:45:00.000-05:00 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=552483 VUPEN ADV-2010-1020 VUPEN ADV-2009-3663 VUPEN ADV-2009-3662 MLIST [oss-security] 20100107 Re: CVE request - pidgin MSN arbitrary file upload MLIST [oss-security] 20100107 Re: CVE request - pidgin MSN arbitrary file upload MLIST [oss-security] 20100102 CVE request - pidgin MSN arbitrary file upload MANDRIVA MDVSA-2010:085 SUNALERT 1022203 SUNALERT 277450 SECUNIA 38915 SECUNIA 37961 SECUNIA 37954 SECUNIA 37953 SUSE SUSE-SR:2010:006 FEDORA FEDORA-2010-0429 FEDORA FEDORA-2010-0368 MISC http://events.ccc.de/congress/2009/Fahrplan/events/3596.en.html CONFIRM http://developer.pidgin.im/viewmtn/revision/diff/3d02401cf232459fc80c0837d31e05fae7ae5467/with/c64a1adc8bda2b4aeaae1f273541afbc4f71b810/libpurple/protocols/msn/slp.c CONFIRM http://d.pidgin.im/viewmtn/revision/info/c64a1adc8bda2b4aeaae1f273541afbc4f71b810 MISC http://d.pidgin.im/viewmtn/revision/info/4be2df4f72bd8a55cdae7f2554b73342a497c92f MISC http://d.pidgin.im/viewmtn/revision/info/3d02401cf232459fc80c0837d31e05fae7ae5467 Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in an application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request, a related issue to CVE-2004-0122. NOTE: it could be argued that this is resultant from a vulnerability in which an emoticon download request is processed even without a preceding text/x-mms-emoticon message that announced availability of the emoticon. cpe:/a:fedoraproject:sssd:1.0.0 cpe:/a:fedoraproject:sssd:0.6.1 cpe:/a:fedoraproject:sssd:0.3.3 cpe:/a:fedoraproject:sssd:0.3.1 cpe:/a:fedoraproject:sssd:0.4.1 cpe:/a:fedoraproject:sssd:0.6.0 cpe:/a:fedoraproject:sssd:0.99.0 cpe:/a:fedoraproject:sssd:0.3.2 cpe:/a:fedoraproject:sssd:0.2.1 cpe:/a:fedoraproject:sssd:0.99.1 cpe:/a:fedoraproject:sssd:0.7.0 cpe:/a:fedoraproject:sssd:0.7.1 cpe:/a:fedoraproject:sssd:0.5.0 cpe:/a:fedoraproject:sssd:0.4.0 cpe:/a:fedoraproject:sssd:0.3.0 CVE-2010-0014 2010-01-14T13:30:00.513-05:00 2010-01-15T00:00:00.000-05:00 3.7 LOCAL HIGH NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2010-01-15T09:43:00.000-05:00 CONFIRM https://fedorahosted.org/sssd/wiki/Releases/Notes-1.0.1 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=553233 BID 37747 SECUNIA 38160 System Security Services Daemon (SSSD) before 1.0.1, when the krb5 auth_provider is configured but the KDC is unreachable, allows physically proximate attackers to authenticate, via an arbitrary password, to the screen-locking program on a workstation that has any user's Kerberos ticket-granting ticket (TGT); and might allow remote attackers to bypass intended access restrictions via vectors involving an arbitrary password in conjunction with a valid TGT. cpe:/a:gnu:glibc:2.10.2 cpe:/a:gnu:glibc:2.7 CVE-2010-0015 2010-01-14T13:30:00.577-05:00 2010-06-17T01:37:14.547-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2010-01-15T09:55:00.000-05:00 MLIST [oss-security] 20100111 Re: CVE id request: GNU libc: NIS shadow password leakage MLIST [oss-security] 20100109 Re: CVE id request: GNU libc: NIS shadow password leakage MLIST [oss-security] 20100108 Re: CVE id request: GNU libc: NIS shadow password leakage MLIST [oss-security] 20100107 CVE id request: GNU libc: NIS shadow password leakage MANDRIVA MDVSA-2010:112 MANDRIVA MDVSA-2010:111 CONFIRM http://svn.debian.org/viewsvn/pkg-glibc/glibc-package/trunk/debian/patches/any/submitted-nis-shadow.diff?revision=4062&view=markup MISC http://sourceware.org/bugzilla/show_bug.cgi?id=11134 MLIST [oss-security] 20100111 Re: CVE id request: GNU libc: NIS shadow password leakage MLIST [oss-security] 20100111 Re: CVE id request: GNU libc: NIS shadow password leakage CONFIRM http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560333 nis/nss_nis/nis-pwd.c in the GNU C Library (aka glibc or libc6) 2.7 and Embedded GLIBC (EGLIBC) 2.10.2 adds information from the passwd.adjunct.byname map to entries in the passwd map, which allows remote attackers to obtain the encrypted passwords of NIS accounts by calling the getpwnam function. cpe:/o:microsoft:windows_xp::sp3 cpe:/o:microsoft:windows_server_2003::sp2:itanium cpe:/o:microsoft:windows_xp:-:sp3:home cpe:/o:microsoft:windows_xp:-:sp2:home cpe:/o:microsoft:windows_xp::sp2:professional_x64 cpe:/o:microsoft:windows_server_2003::sp2:x64 cpe:/o:microsoft:windows_server_2003::sp2 cpe:/o:microsoft:windows_2000:-:sp4 CVE-2010-0016 2010-02-10T13:30:00.877-05:00 2010-08-21T01:38:44.480-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2010-02-11T11:12:00.000-05:00 ALLOWS_ADMIN_ACCESS CERT TA10-040A MS MS10-006 The SMB client implementation in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly validate response fields, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted response, aka "SMB Client Pool Corruption Vulnerability." cpe:/o:microsoft:windows_vista::sp2:x64 cpe:/o:microsoft:windows_server_2008:-:r2 cpe:/o:microsoft:windows_server_2008:::itanium cpe:/o:microsoft:windows_server_2008:::x64 cpe:/o:microsoft:windows_server_2008:-:sp2:itanium cpe:/o:microsoft:windows_7:-:-:x32 cpe:/o:microsoft:windows_vista:-:-:x64 cpe:/o:microsoft:windows_vista::sp1:x64 cpe:/o:microsoft:windows_7:-:-:x64 cpe:/o:microsoft:windows_server_2008:-:sp2:x64 cpe:/o:microsoft:windows_vista cpe:/o:microsoft:windows_server_2008:::x32 CVE-2010-0017 2010-02-10T13:30:00.923-05:00 2010-08-21T01:38:44.607-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2010-02-11T11:45:00.000-05:00 ALLOWS_ADMIN_ACCESS CERT TA10-040A MS MS10-006 Race condition in the SMB client implementation in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code, and in the SMB client implementation in Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows local users to gain privileges, via a crafted SMB Negotiate response, aka "SMB Client Race Condition Vulnerability." cpe:/o:microsoft:windows_vista::sp2:x64 cpe:/o:microsoft:windows_xp::sp3 cpe:/o:microsoft:windows_2003_server::sp2 cpe:/o:microsoft:windows_server_2008::r2:x64 cpe:/o:microsoft:windows_server_2008::sp2:x64 cpe:/o:microsoft:windows_vista:::x64 cpe:/o:microsoft:windows_vista::sp1:x64 cpe:/o:microsoft:windows_server_2008::sp2:x32 cpe:/o:microsoft:windows_vista cpe:/o:microsoft:windows_xp:-:sp2:x64 cpe:/o:microsoft:windows_vista::sp1 cpe:/o:microsoft:windows_xp::sp2 cpe:/o:microsoft:windows_2003_server::sp2:itanium cpe:/o:microsoft:windows_server_2008:::itanium cpe:/o:microsoft:windows_server_2008:::x64 cpe:/o:microsoft:windows_server_2008:-:sp2:itanium cpe:/o:microsoft:windows_2000::sp4 cpe:/o:microsoft:windows_7:-:-:x32 cpe:/o:microsoft:windows_server_2008::r2:itanium cpe:/o:microsoft:windows_7:-:-:x64 cpe:/o:microsoft:windows_vista::sp2 cpe:/o:microsoft:windows_2003_server::sp2:x64 cpe:/o:microsoft:windows_server_2008:::x32 CVE-2010-0018 2010-01-13T14:30:00.640-05:00 2010-08-21T00:00:00.000-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2010-01-14T08:41:00.000-05:00 ALLOWS_ADMIN_ACCESS CERT TA10-012B MS MS10-001 VUPEN ADV-2010-0095 SECTRACK 1023432 BID 37671 SECUNIA 35457 OSVDB 61651 MISC http://blogs.technet.com/srd/archive/2010/01/12/ms10-001-font-file-decompression-vulnerability.aspx Integer overflow in the Embedded OpenType (EOT) Font Engine (t2embed.dll) in Microsoft Windows 2000 SP4; Windows XP SP2 and SP3; Windows Server 2003 SP2; Windows Vista Gold, SP1, and SP2; Windows Server 2008 Gold, SP2, and R2; and Windows 7 allows remote attackers to execute arbitrary code via compressed data that represents a crafted EOT font, aka "Microtype Express Compressed Fonts Integer Flaw in the LZCOMP Decompressor Vulnerability." cpe:/a:microsoft:silverlight:3.0.40624.00 cpe:/a:microsoft:silverlight:3.0.40723.0 cpe:/a:microsoft:silverlight:3.0.50106.0 cpe:/a:microsoft:silverlight:3.0.40818.0 CVE-2010-0019 2010-08-11T14:47:49.813-04:00 2010-09-17T01:44:08.637-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2010-08-12T11:54:00.000-04:00 ALLOWS_ADMIN_ACCESS CERT TA10-222A MS MS10-060 Microsoft Silverlight 3 before 3.0.50611.0 on Windows, and before 3.0.41130.0 on Mac OS X, does not properly handle pointers, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and framework outage) via a crafted web site, aka "Microsoft Silverlight Memory Corruption Vulnerability." cpe:/o:microsoft:windows_2003_server:-:sp2:x64 cpe:/o:microsoft:windows_vista::sp2:x64 cpe:/o:microsoft:windows_xp::sp3 cpe:/o:microsoft:windows_2003_server::sp2 cpe:/o:microsoft:windows_server_2008::r2:x64 cpe:/o:microsoft:windows_server_2008::sp2:x64 cpe:/o:microsoft:windows_xp::sp2:pro_x64 cpe:/o:microsoft:windows_vista::sp1:x64 cpe:/o:microsoft:windows_vista:::x64 cpe:/o:microsoft:windows_server_2008::sp2:x32 cpe:/o:microsoft:windows_vista cpe:/o:microsoft:windows_xp:-:sp2:x64 cpe:/o:microsoft:windows_vista::sp1 cpe:/o:microsoft:windows_xp::sp2 cpe:/o:microsoft:windows_2003_server::sp2:itanium cpe:/o:microsoft:windows_server_2008:::itanium cpe:/o:microsoft:windows_server_2008:::x64 cpe:/o:microsoft:windows_server_2008:-:sp2:itanium cpe:/o:microsoft:windows_2000::sp4 cpe:/o:microsoft:windows_7:-:-:x32 cpe:/o:microsoft:windows_server_2008::r2:itanium cpe:/o:microsoft:windows_7:-:-:x64 cpe:/o:microsoft:windows_vista::sp2 cpe:/o:microsoft:windows_server_2008:::x32 CVE-2010-0020 2010-02-10T13:30:00.957-05:00 2010-08-21T01:38:44.963-04:00 9.0 NETWORK LOW SINGLE_INSTANCE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2010-02-11T12:15:00.000-05:00 ALLOWS_ADMIN_ACCESS CERT TA10-040A MS MS10-012 The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate request fields, which allows remote authenticated users to execute arbitrary code via a malformed request, aka "SMB Pathname Overflow Vulnerability." cpe:/o:microsoft:windows_2003_server:-:sp2:x64 cpe:/o:microsoft:windows_vista::sp2:x64 cpe:/o:microsoft:windows_xp::sp3 cpe:/o:microsoft:windows_2003_server::sp2 cpe:/o:microsoft:windows_server_2008::r2:x64 cpe:/o:microsoft:windows_server_2008::sp2:x64 cpe:/o:microsoft:windows_xp::sp2:pro_x64 cpe:/o:microsoft:windows_vista::sp1:x64 cpe:/o:microsoft:windows_vista:::x64 cpe:/o:microsoft:windows_server_2008::sp2:x32 cpe:/o:microsoft:windows_vista cpe:/o:microsoft:windows_xp:-:sp2:x64 cpe:/o:microsoft:windows_vista::sp1 cpe:/o:microsoft:windows_xp::sp2 cpe:/o:microsoft:windows_2003_server::sp2:itanium cpe:/o:microsoft:windows_server_2008:::itanium cpe:/o:microsoft:windows_server_2008:::x64 cpe:/o:microsoft:windows_server_2008:-:sp2:itanium cpe:/o:microsoft:windows_2000::sp4 cpe:/o:microsoft:windows_7:-:-:x32 cpe:/o:microsoft:windows_server_2008::r2:itanium cpe:/o:microsoft:windows_7:-:-:x64 cpe:/o:microsoft:windows_vista::sp2 cpe:/o:microsoft:windows_server_2008:::x32 CVE-2010-0021 2010-02-10T13:30:00.987-05:00 2010-08-21T01:38:45.090-04:00 7.1 NETWORK MEDIUM NONE NONE NONE COMPLETE http://nvd.nist.gov 2010-02-11T12:40:00.000-05:00 CERT TA10-040A MS MS10-012 Multiple race conditions in the SMB implementation in the Server service in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allow remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 Negotiate packet, aka "SMB Memory Corruption Vulnerability." cpe:/o:microsoft:windows_2003_server:-:sp2:x64 cpe:/o:microsoft:windows_vista::sp2:x64 cpe:/o:microsoft:windows_xp::sp3 cpe:/o:microsoft:windows_2003_server::sp2 cpe:/o:microsoft:windows_server_2008::r2:x64 cpe:/o:microsoft:windows_server_2008::sp2:x64 cpe:/o:microsoft:windows_xp::sp2:pro_x64 cpe:/o:microsoft:windows_vista::sp1:x64 cpe:/o:microsoft:windows_vista:::x64 cpe:/o:microsoft:windows_server_2008::sp2:x32 cpe:/o:microsoft:windows_vista cpe:/o:microsoft:windows_xp:-:sp2:x64 cpe:/o:microsoft:windows_vista::sp1 cpe:/o:microsoft:windows_xp::sp2 cpe:/o:microsoft:windows_2003_server::sp2:itanium cpe:/o:microsoft:windows_server_2008:::itanium cpe:/o:microsoft:windows_server_2008:::x64 cpe:/o:microsoft:windows_server_2008:-:sp2:itanium cpe:/o:microsoft:windows_2000::sp4 cpe:/o:microsoft:windows_7:-:-:x32 cpe:/o:microsoft:windows_server_2008::r2:itanium cpe:/o:microsoft:windows_7:-:-:x64 cpe:/o:microsoft:windows_vista::sp2 cpe:/o:microsoft:windows_server_2008:::x32 CVE-2010-0022 2010-02-10T13:30:01.017-05:00 2010-08-21T01:38:45.213-04:00 7.8 NETWORK LOW NONE NONE NONE COMPLETE http://nvd.nist.gov 2010-02-11T12:42:00.000-05:00 CERT TA10-040A MS MS10-012 The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate the share and servername fields in SMB packets, which allows remote attackers to cause a denial of service (system hang) via a crafted packet, aka "SMB Null Pointer Vulnerability." cpe:/o:microsoft:windows_2003_server::sp2:itanium cpe:/o:microsoft:windows_2003_server::sp2 cpe:/o:microsoft:windows_xp::sp3 cpe:/o:microsoft:windows_2000::sp4 cpe:/o:microsoft:windows_2003_server::sp2:x64 cpe:/o:microsoft:windows_xp:-:sp2:x64 cpe:/o:microsoft:windows_xp::sp2 CVE-2010-0023 2010-02-10T13:30:01.050-05:00 2010-08-21T00:00:00.000-04:00 6.9 LOCAL MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2010-02-11T13:21:00.000-05:00 ALLOWS_ADMIN_ACCESS CERT TA10-040A MS MS10-011 SECUNIA 38509 The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly kill processes after a logout, which allows local users to obtain sensitive information or gain privileges via a crafted application that continues to execute throughout the logout of one user and the login session of the next user, aka "CSRSS Local Privilege Elevation Vulnerability." cpe:/o:microsoft:windows_xp::sp3 cpe:/o:microsoft:windows_2003_server::sp2 cpe:/a:microsoft:exchange_server:2007:sp1:x64 cpe:/o:microsoft:windows_server_2008::r2:x64 cpe:/a:microsoft:exchange_server:2000:sp3 cpe:/o:microsoft:windows_server_2008:-:sp2:x64 cpe:/o:microsoft:windows_xp:-:sp2:x64 cpe:/o:microsoft:windows_server_2008:-:sp2 cpe:/o:microsoft:windows_server_2008:-:sp2:x32 cpe:/a:microsoft:exchange_server:2007:sp2:x64 cpe:/o:microsoft:windows_xp::sp2 cpe:/o:microsoft:windows_2003_server::sp2:itanium cpe:/a:microsoft:exchange_server:2003:sp2 cpe:/o:microsoft:windows_server_2008:::x64 cpe:/o:microsoft:windows_2000::sp4 cpe:/o:microsoft:windows_server_2003::sp2:x64 cpe:/a:microsoft:exchange_server:2010:-:x64 CVE-2010-0024 2010-04-14T12:00:00.587-04:00 2010-08-21T01:38:45.463-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2010-04-15T09:09:00.000-04:00 CERT TA10-103A MS MS10-024 The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2003 SP2, does not properly parse MX records, which allows remote DNS servers to cause a denial of service (service outage) via a crafted response to a DNS MX record query, aka "SMTP Server MX Record Vulnerability." cpe:/o:microsoft:windows_xp::sp3 cpe:/o:microsoft:windows_2003_server::sp2 cpe:/a:microsoft:exchange_server:2007:sp1:x64 cpe:/o:microsoft:windows_server_2008::r2:x64 cpe:/a:microsoft:exchange_server:2000:sp3 cpe:/o:microsoft:windows_server_2008:-:sp2:x64 cpe:/o:microsoft:windows_xp:-:sp2:x64 cpe:/o:microsoft:windows_server_2008:-:sp2 cpe:/o:microsoft:windows_server_2008:-:sp2:x32 cpe:/a:microsoft:exchange_server:2007:sp2:x64 cpe:/o:microsoft:windows_xp::sp2 cpe:/o:microsoft:windows_2003_server::sp2:itanium cpe:/a:microsoft:exchange_server:2003:sp2 cpe:/o:microsoft:windows_server_2008:::x64 cpe:/o:microsoft:windows_2000::sp4 cpe:/o:microsoft:windows_server_2003::sp2:x64 cpe:/a:microsoft:exchange_server:2010:-:x64 CVE-2010-0025 2010-04-14T12:00:00.633-04:00 2011-07-18T22:33:49.890-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2010-04-15T10:24:00.000-04:00 CERT TA10-103A MS MS10-024 SECUNIA 39253 The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2000 SP3, does not properly allocate memory for SMTP command replies, which allows remote attackers to read fragments of e-mail messages by sending a series of invalid commands and then sending a STARTTLS command, aka "SMTP Memory Allocation Vulnerability." cpe:/o:microsoft:windows_server_2008::r2:x64 cpe:/o:microsoft:windows_server_2008:::x64 cpe:/o:microsoft:windows_server_2008::sp2:x64 CVE-2010-0026 2010-02-10T13:30:01.063-05:00 2010-08-21T01:38:45.683-04:00 4.0 LOCAL HIGH NONE NONE NONE COMPLETE http://nvd.nist.gov 2010-02-11T13:33:00.000-05:00 CERT TA10-040A MS MS10-010 The Hyper-V server implementation in Microsoft Windows Server 2008 Gold, SP2, and R2 on the x64 platform allows guest OS users to cause a denial of service (host OS hang) via a crafted application that executes a malformed series of machine instructions, aka "Hyper-V Instruction Set Validation Vulnerability." cpe:/o:microsoft:windows_2003_server::sp2 cpe:/o:microsoft:windows_xp::sp3 cpe:/a:microsoft:ie:6 cpe:/o:microsoft:windows_server_2008::r2:x64 cpe:/o:microsoft:windows_server_2008::sp2:x64 cpe:/o:microsoft:windows_vista::sp1:x64 cpe:/o:microsoft:windows_vista:::x64 cpe:/a:microsoft:ie:7.0 cpe:/a:microsoft:ie:5.01:sp4 cpe:/a:microsoft:ie:7.00.5730.1100 cpe:/o:microsoft:windows_vista::sp1 cpe:/o:microsoft:windows_xp:-:sp2:x64 cpe:/a:microsoft:ie:7.0.5730:unknown:gold cpe:/a:microsoft:ie:8 cpe:/a:microsoft:ie:7 cpe:/o:microsoft:windows_server_2003::sp2:itanium cpe:/a:microsoft:ie:7.00.6000.16441 cpe:/o:microsoft:windows_server_2008:::x32 cpe:/a:microsoft:ie:7.00.6000.16386 cpe:/o:microsoft:windows_vista::sp2:x64 cpe:/a:microsoft:ie:6:sp1 cpe:/a:microsoft:ie:7.0.5730.11 cpe:/o:microsoft:windows_server_2008::sp2:x32 cpe:/o:microsoft:windows_vista cpe:/o:microsoft:windows_xp::sp2 cpe:/o:microsoft:windows_2003_server::sp2:itanium cpe:/o:microsoft:windows_server_2008:::x64 cpe:/o:microsoft:windows_2000::sp4 cpe:/o:microsoft:windows_server_2003::sp2:x64 cpe:/o:microsoft:windows_7:-:-:x32 cpe:/o:microsoft:windows_vista::sp2 cpe:/o:microsoft:windows_7:-:-:x64 cpe:/o:microsoft:windows_server_2008::r2:itanium cpe:/a:microsoft:ie:8.0.6001 CVE-2010-0027 2010-01-22T17:00:00.350-05:00 2010-08-21T00:00:00.000-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2010-01-25T07:27:00.000-05:00 CERT TA10-040A MS MS10-007 MS MS10-002 XF ie-url-code-execution(55773) MISC http://www.zerodayinitiative.com/advisories/ZDI-10-016/ BUGTRAQ 20100209 ZDI-10-016: Microsoft Windows ShellExecute Improper Sanitization Code Execution Vulnerability The URL validation functionality in Microsoft Internet Explorer 5.01, 6, 6 SP1, 7 and 8, and the ShellExecute API function in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, does not properly process input parameters, which allows remote attackers to execute arbitrary local programs via a crafted URL, aka "URL Validation Vulnerability." cpe:/o:microsoft:windows_xp::sp3 cpe:/o:microsoft:windows_server_2003::sp2:itanium cpe:/o:microsoft:windows_2000::sp4 cpe:/o:microsoft:windows_server_2003::sp2:x64 cpe:/o:microsoft:windows_server_2003::sp2 cpe:/o:microsoft:windows_xp:-:sp2:x64 cpe:/o:microsoft:windows_xp::sp2 CVE-2010-0028 2010-02-10T13:30:01.097-05:00 2010-08-21T01:38:45.950-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2010-02-11T13:45:00.000-05:00 ALLOWS_ADMIN_ACCESS CERT TA10-040A MS MS10-005 SECUNIA 36634 Integer overflow in Microsoft Paint in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted JPEG (.JPG) file, aka "MS Paint Integer Overflow Vulnerability." cpe:/a:microsoft:powerpoint:2002:sp3 CVE-2010-0029 2010-02-10T13:30:01.127-05:00 2010-08-21T01:38:46.073-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2010-02-11T13:50:00.000-05:00 ALLOWS_ADMIN_ACCESS CERT TA10-040A MS MS10-004 SECTRACK 1023563 Buffer overflow in Microsoft Office PowerPoint 2002 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint File Path Handling Buffer Overflow Vulnerability." cpe:/a:microsoft:powerpoint:2002:sp3 cpe:/a:microsoft:powerpoint:2003:sp3 CVE-2010-0030 2010-02-10T13:30:01.157-05:00 2010-08-21T01:38:46.200-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2010-02-11T13:59:00.000-05:00 ALLOWS_ADMIN_ACCESS CERT TA10-040A MS MS10-004 SECTRACK 1023563 Heap-based buffer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint LinkedSlideAtom Heap Overflow Vulnerability." cpe:/a:microsoft:powerpoint:2002:sp3 cpe:/a:microsoft:powerpoint:2003:sp3 cpe:/a:microsoft:office:2004::mac CVE-2010-0031 2010-02-10T13:30:01.173-05:00 2010-08-21T01:38:46.340-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2010-02-11T14:04:00.000-05:00 ALLOWS_ADMIN_ACCESS CERT TA10-040A MS MS10-004 SECTRACK 1023563 Array index error in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3, and PowerPoint in Office 2004 for Mac, allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint OEPlaceholderAtom 'placementId' Invalid Array Indexing Vulnerability." cpe:/a:microsoft:powerpoint:2002:sp3 cpe:/a:microsoft:powerpoint:2003:sp3 CVE-2010-0032 2010-02-10T13:30:01.267-05:00 2010-08-21T01:38:46.480-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2010-02-11T14:22:00.000-05:00 ALLOWS_ADMIN_ACCESS CERT TA10-040A MS MS10-004 SECTRACK 1023563 Use-after-free vulnerability in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "OEPlaceholderAtom Use After Free Vulnerability." cpe:/a:microsoft:powerpoint:2003:sp3 CVE-2010-0033 2010-02-10T13:30:01.300-05:00 2010-08-21T01:38:46.607-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2010-02-11T14:28:00.000-05:00 ALLOWS_ADMIN_ACCESS CERT TA10-040A MS MS10-004 SECTRACK 1023563 Stack-based buffer overflow in Microsoft Office PowerPoint 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint Viewer TextBytesAtom Record Stack Overflow Vulnerability." cpe:/a:microsoft:powerpoint:2003:sp3 CVE-2010-0034 2010-02-10T13:30:01.330-05:00 2010-08-21T01:38:46.730-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2010-02-11T14:29:00.000-05:00 ALLOWS_ADMIN_ACCESS CERT TA10-040A MS MS10-004 SECTRACK 1023563 Stack-based buffer overflow in Microsoft Office PowerPoint 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "Office PowerPoint Viewer TextCharsAtom Record Stack Overflow Vulnerability." cpe:/o:microsoft:windows_server_2003::sp2:itanium cpe:/o:microsoft:windows_server_2008:::x64 cpe:/o:microsoft:windows_server_2008::sp2:x64 cpe:/o:microsoft:windows_server_2003::sp2:x64 cpe:/o:microsoft:windows_2000::sp4:server cpe:/o:microsoft:windows_server_2003::sp2 CVE-2010-0035 2010-02-10T13:30:01.347-05:00 2010-08-21T01:38:46.870-04:00 6.3 NETWORK MEDIUM SINGLE_INSTANCE NONE NONE COMPLETE http://nvd.nist.gov 2010-02-11T14:56:00.000-05:00 CERT TA10-040A MS MS10-014 The Key Distribution Center (KDC) in Kerberos in Microsoft Windows 2000 SP4, Server 2003 SP2, and Server 2008 Gold and SP2, when a trust relationship with a non-Windows Kerberos realm exists, allows remote authenticated users to cause a denial of service (NULL pointer dereference and domain controller outage) via a crafted Ticket Granting Ticket (TGT) renewal request, aka "Kerberos Null Pointer Dereference Vulnerability." cpe:/o:apple:mac_os_x:10.6.2 cpe:/o:apple:mac_os_x_server:10.6.2 cpe:/o:apple:mac_os_x_server:10.5.8 cpe:/o:apple:mac_os_x:10.5.8 CVE-2010-0036 2010-01-20T11:30:00.367-05:00 2010-02-05T02:13:27.627-05:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2010-01-21T07:03:00.000-05:00 BID 37868 XF macos-coreaudio-mp4-bo(55746) VUPEN ADV-2010-0173 SECTRACK 1023472 CONFIRM http://support.apple.com/kb/HT4013 CONFIRM http://support.apple.com/kb/HT4004 SECUNIA 38241 APPLE APPLE-SA-2010-01-19-1 APPLE APPLE-SA-2010-02-02-1 Buffer overflow in CoreAudio in Apple Mac OS X 10.5.8 and 10.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MP4 audio file. cpe:/o:apple:mac_os_x:10.6.2 cpe:/o:apple:mac_os_x_server:10.6.2 cpe:/o:apple:mac_os_x_server:10.5.8 cpe:/o:apple:mac_os_x:10.5.8 CVE-2010-0037 2010-01-20T11:30:00.413-05:00 2010-01-23T02:14:06.267-05:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2010-01-21T07:12:00.000-05:00 XF macos-imageraw-dng-bo(55747) VUPEN ADV-2010-0173 SECTRACK 1023473 BID 37869 CONFIRM http://support.apple.com/kb/HT4004 SECUNIA 38241 APPLE APPLE-SA-2010-01-19-1 Buffer overflow in Image RAW in Apple Mac OS X 10.5.8 and 10.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted DNG image. cpe:/o:apple:iphone_os:2.1.1 cpe:/o:apple:iphone_os:1.1.3:-:iphone cpe:/o:apple:iphone_os:3.0 cpe:/o:apple:iphone_os:2.2.1:-:iphone cpe:/o:apple:iphone_os:1.0.2 cpe:/o:apple:iphone_os:1.1.0 cpe:/o:apple:iphone_os:2.0.0 cpe:/o:apple:iphone_os:1.1 cpe:/o:apple:iphone_os:1.1.1 cpe:/o:apple:iphone_os:2.0 cpe:/o:apple:iphone_os:1.1.4:-:ipodtouch cpe:/o:apple:iphone_os:1.1.4:-:iphone cpe:/o:apple:iphone_os:3.0.1 cpe:/o:apple:iphone_os:1.0 cpe:/o:apple:iphone_os:1.1.3 cpe:/o:apple:iphone_os:2.1 cpe:/o:apple:iphone_os:2.2 cpe:/o:apple:iphone_os:1.1.2 cpe:/o:apple:iphone_os:2.1:-:ipodtouch cpe:/o:apple:iphone_os:2.2.1:-:ipodtouch cpe:/o:apple:iphone_os:1.1.3:-:ipodtouch cpe:/o:apple:iphone_os:1.1.5:-:iphone cpe:/o:apple:iphone_os:2.0.1 cpe:/o:apple:iphone_os:2.0.0:-:iphone cpe:/o:apple:iphone_os:2.2:-:iphone cpe:/o:apple:iphone_os:2.1:-:iphone cpe:/o:apple:iphone_os:1.1.5:-:ipodtouch cpe:/o:apple:iphone_os:1.0.0 cpe:/o:apple:iphone_os:2.0.2:-:iphone cpe:/o:apple:iphone_os:2.2:-:ipodtouch cpe:/o:apple:iphone_os:1.1.0:-:ipodtouch cpe:/o:apple:iphone_os:2.0.2 cpe:/o:apple:iphone_os:1.0.1 cpe:/o:apple:iphone_os:2.0.1:-:ipodtouch cpe:/o:apple:iphone_os:1.0.1:-:iphone cpe:/o:apple:iphone_os:1.1.2:-:ipodtouch cpe:/o:apple:iphone_os:1.1.4 cpe:/o:apple:iphone_os:2.0.1:-:iphone cpe:/o:apple:iphone_os:3.1.2 cpe:/o:apple:iphone_os:1.0.0:-:iphone cpe:/o:apple:iphone_os:1.1.1:-:ipodtouch cpe:/o:apple:iphone_os:2.0.0:-:ipodtouch cpe:/o:apple:iphone_os:3.0.1:-:iphone cpe:/o:apple:iphone_os:1.1.1:-:iphone cpe:/o:apple:iphone_os:1.1.2:-:iphone cpe:/o:apple:iphone_os:1.1.0:-:iphone cpe:/o:apple:iphone_os:2.0.2:-:ipodtouch cpe:/o:apple:iphone_os:2.2.1 cpe:/o:apple:iphone_os:3.1.2:-:ipodtouch cpe:/o:apple:iphone_os:3.0:-:ipodtouch cpe:/o:apple:iphone_os:1.1.5 cpe:/o:apple:iphone_os:1.0.2:-:iphone CVE-2010-0038 2010-02-03T14:30:00.437-05:00 2010-03-26T01:36:36.547-04:00 4.6 LOCAL LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2010-02-04T12:43:00.000-05:00 BID 38040 CONFIRM http://support.apple.com/kb/HT4013 OSVDB 62128 APPLE APPLE-SA-2010-02-02-1 Recovery Mode in Apple iPhone OS 1.0 through 3.1.2, and iPhone OS for iPod touch 1.1 through 3.1.2, allows physically proximate attackers to bypass device locking, and read or modify arbitrary data, via a USB control message that triggers memory corruption. cpe:/h:apple:airport_express_base_station_firmware:6.3 cpe:/h:apple:airport_express_base_station_firmware:7.4.2 cpe:/h:apple:airport_extreme cpe:/h:apple:airport_express_base_station_firmware:4.0.9 cpe:/h:apple:airport_express cpe:/h:apple:time_capsule cpe:/h:apple:airport_extreme_base_station_firmware:5.7 cpe:/h:apple:airport_express_base_station_firmware:7.3.2 cpe:/h:apple:airport_extreme_base_station_firmware:5.5 cpe:/h:apple:airport_express_base_station_firmware:6.1 cpe:/h:apple:airport_express_base_station_firmware:7.4.1 cpe:/h:apple:airport_express_base_station_firmware:3.84 CVE-2010-0039 2010-12-21T22:00:01.390-05:00 2011-01-19T01:53:52.307-05:00 2.6 NETWORK HIGH NONE PARTIAL NONE NONE http://nvd.nist.gov 2010-12-22T11:56:00.000-05:00 CONFIRM http://support.apple.com/kb/HT4298 APPLE APPLE-SA-2010-12-16-1 SECTRACK 1024907 The Application-Level Gateway (ALG) on the Apple Time Capsule, AirPort Extreme Base Station, and AirPort Express Base Station with firmware before 7.5.2 modifies PORT commands in incoming FTP traffic, which allows remote attackers to use the device's IP address for arbitrary intranet TCP traffic by leveraging write access to an intranet FTP server. cpe:/a:apple:safari:4.0 cpe:/a:apple:safari:4.0.3 cpe:/a:apple:safari:4.0.0b cpe:/a:apple:safari:4.0.2 cpe:/a:apple:safari:4.0.4 cpe:/a:apple:safari:4.0.1 CVE-2010-0040 2010-03-15T09:28:25.277-04:00 2010-08-24T01:42:29.820-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2010-03-15T10:29:00.000-04:00 BID 38674 BID 38671 XF safari-colorsync-bo(56826) SECTRACK 1023706 CONFIRM http://support.apple.com/kb/HT4105 CONFIRM http://support.apple.com/kb/HT4070 SECUNIA 39135 APPLE APPLE-SA-2010-03-11-1 APPLE APPLE-SA-2010-03-30-2 Integer overflow in ColorSync in Apple Safari before 4.0.5 on Windows, and iTunes before 9.1, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image with a crafted color profile that triggers a heap-based buffer overflow. cpe:/a:apple:safari:4.0 cpe:/a:apple:safari:4.0.3 cpe:/a:apple:safari:4.0.0b cpe:/a:apple:safari:4.0.2 cpe:/a:apple:safari:4.0.4 cpe:/a:apple:safari:4.0.1 CVE-2010-0041 2010-03-15T09:28:25.370-04:00 2010-08-24T01:42:29.960-04:00 4.3 NETWORK MEDIUM NONE PARTIAL NONE NONE http://nvd.nist.gov 2010-03-15T10:41:00.000-04:00 BID 38676 BID 38671 SECTRACK 1023706 CONFIRM http://support.apple.com/kb/HT4225 CONFIRM http://support.apple.com/kb/HT4105 CONFIRM http://support.apple.com/kb/HT4077 CONFIRM http://support.apple.com/kb/HT4070 SECUNIA 39135 APPLE APPLE-SA-2010-03-11-1 APPLE APPLE-SA-2010-06-21-1 APPLE APPLE-SA-2010-03-30-2 APPLE APPLE-SA-2010-03-29-1 ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows does not ensure that memory access is associated with initialized memory, which allows remote attackers to obtain potentially sensitive information from process memory via a crafted BMP image. cpe:/a:apple:safari:4.0 cpe:/a:apple:safari:4.0.3 cpe:/a:apple:safari:4.0.0b cpe:/a:apple:safari:4.0.2 cpe:/a:apple:safari:4.0.4 cpe:/a:apple:safari:4.0.1 CVE-2010-0042 2010-03-15T09:28:25.403-04:00 2010-12-10T01:37:13.297-05:00 4.3 NETWORK MEDIUM NONE PARTIAL NONE NONE http://nvd.nist.gov 2010-03-15T11:11:00.000-04:00 BID 38677 BID 38671 SECTRACK 1023706 CONFIRM http://support.apple.com/kb/HT4456 CONFIRM http://support.apple.com/kb/HT4225 CONFIRM http://support.apple.com/kb/HT4105 CONFIRM http://support.apple.com/kb/HT4077 CONFIRM http://support.apple.com/kb/HT4070 SECUNIA 42314 SECUNIA 39135 APPLE APPLE-SA-2010-03-11-1 APPLE APPLE-SA-2010-06-21-1 APPLE APPLE-SA-2010-11-22-1 APPLE APPLE-SA-2010-03-30-2 APPLE APPLE-SA-2010-03-29-1 ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows does not ensure that memory access is associated with initialized memory, which allows remote attackers to obtain potentially sensitive information from process memory via a crafted TIFF image. cpe:/a:apple:safari:4.0 cpe:/a:apple:safari:4.0.3 cpe:/a:apple:safari:4.0.0b cpe:/a:apple:safari:4.0.2 cpe:/a:apple:safari:4.0.4 cpe:/a:apple:safari:4.0.1 CVE-2010-0043 2010-03-15T09:28:25.433-04:00 2010-08-24T01:42:30.243-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2010-03-15T11:21:00.000-04:00 BID 38673 BID 38671 SECTRACK 1023706 CONFIRM http://support.apple.com/kb/HT4225 CONFIRM http://support.apple.com/kb/HT4105 CONFIRM http://support.apple.com/kb/HT4077 CONFIRM http://support.apple.com/kb/HT4070 SECUNIA 39135 APPLE APPLE-SA-2010-03-11-1 APPLE APPLE-SA-2010-06-21-1 APPLE APPLE-SA-2010-03-30-2 APPLE APPLE-SA-2010-03-29-1 ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF image. cpe:/a:apple:safari:4.0 cpe:/a:apple:safari:4.0.3 cpe:/a:apple:safari:4.0.0b cpe:/a:apple:safari:4.0.2 cpe:/a:apple:safari:4.0.4 cpe:/a:apple:safari:4.0.1 CVE-2010-0044 2010-03-15T09:28:25.467-04:00 2010-08-21T01:38:47.793-04:00 4.3 NETWORK MEDIUM NONE PARTIAL NONE NONE http://nvd.nist.gov 2010-03-15T11:29:00.000-04:00 BID 38675 BID 38671 XF safari-pubsub-security-bypass(56830) CONFIRM http://support.apple.com/kb/HT4070 OSVDB 62937 APPLE APPLE-SA-2010-03-11-1 PubSub in Apple Safari before 4.0.5 does not properly implement use of the Accept Cookies preference to block cookies, which makes it easier for remote web servers to track users by setting a cookie in a (1) RSS or (2) Atom feed. cpe:/a:apple:safari:4.0 cpe:/a:apple:safari:4.0:beta cpe:/a:apple:safari:4.0.3 cpe:/a:apple:safari:4.0.2 cpe:/a:apple:safari:4.0.4 cpe:/a:apple:safari:4.0.1 CVE-2010-0045 2010-03-15T09:28:25.497-04:00 2010-08-21T01:38:47.917-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2010-03-15T11:45:00.000-04:00 BID 38671 SECTRACK 1023706 CONFIRM http://support.apple.com/kb/HT4070 APPLE APPLE-SA-2010-03-11-1 Apple Safari before 4.0.5 on Windows does not properly validate external URL schemes, which allows remote attackers to open local files and execute arbitrary code via a crafted HTML document. cpe:/a:apple:safari:4.0 cpe:/a:apple:safari:4.0.3 cpe:/a:apple:safari:4.0.0b cpe:/a:apple:safari:4.0.2 cpe:/a:apple:safari:4.0.4 cpe:/a:apple:safari:4.0.1 CVE-2010-0046 2010-03-15T09:28:25.527-04:00 2011-03-17T22:45:34.953-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2010-03-15T11:39:00.000-04:00 BID 38671 VUPEN ADV-2011-0552 VUPEN ADV-2011-0212 VUPEN ADV-2010-2722 UBUNTU USN-1006-1 SECTRACK 1023708 MANDRIVA MDVSA-2011:039 CONFIRM http://support.apple.com/kb/HT4225 CONFIRM http://support.apple.com/kb/HT4070 SECUNIA 43068 SECUNIA 41856 SUSE SUSE-SR:2011:002 FEDORA FEDORA-2010-8423 FEDORA FEDORA-2010-8379 FEDORA FEDORA-2010-8360 APPLE APPLE-SA-2010-03-11-1 APPLE APPLE-SA-2010-06-21-1 The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted format arguments. cpe:/a:apple:safari:4.0 cpe:/a:apple:safari:4.0.3 cpe:/a:apple:safari:4.0.0b cpe:/a:apple:safari:4.0.2 cpe:/a:apple:safari:4.0.4 cpe:/a:apple:safari:4.0.1 CVE-2010-0047 2010-03-15T09:28:25.560-04:00 2011-03-17T22:45:35.097-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2010-03-15T12:06:00.000-04:00 BID 38671 VUPEN ADV-2011-0552 VUPEN ADV-2011-0212 VUPEN ADV-2010-2722 UBUNTU USN-1006-1 SECTRACK 1023708 MANDRIVA MDVSA-2011:039 CONFIRM http://support.apple.com/kb/HT4225 CONFIRM http://support.apple.com/kb/HT4070 SECUNIA 43068 SECUNIA 41856 SUSE SUSE-SR:2011:002 FEDORA FEDORA-2010-8423 FEDORA FEDORA-2010-8379 FEDORA FEDORA-2010-8360 APPLE APPLE-SA-2010-03-11-1 APPLE APPLE-SA-2010-06-21-1 Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to "HTML object element fallback content." cpe:/a:apple:safari:4.0 cpe:/a:apple:safari:4.0:beta cpe:/a:apple:safari:4.0.3 cpe:/a:apple:safari:4.0.2 cpe:/a:apple:safari:4.0.4 cpe:/a:apple:safari:4.0.1 CVE-2010-0048 2010-03-15T09:28:25.590-04:00 2011-03-17T22:45:35.237-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2010-03-15T12:24:00.000-04:00 VUPEN ADV-2011-0552 VUPEN ADV-2011-0212 VUPEN ADV-2010-2722 UBUNTU USN-1006-1 SECTRACK 1023708 BID 38671 MANDRIVA MDVSA-2011:039 CONFIRM http://support.apple.com/kb/HT4225 CONFIRM http://support.apple.com/kb/HT4070 SECUNIA 43068 SECUNIA 41856 SUSE SUSE-SR:2011:002 FEDORA FEDORA-2010-8423 FEDORA FEDORA-2010-8379 FEDORA FEDORA-2010-8360 APPLE APPLE-SA-2010-03-11-1 APPLE APPLE-SA-2010-06-21-1 Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted XML document. cpe:/a:apple:safari:4.0 cpe:/a:apple:safari:4.0:beta cpe:/a:apple:safari:4.0.3 cpe:/a:apple:safari:4.0.0b cpe:/a:apple:safari:4.0.2 cpe:/a:apple:safari:4.0.4 cpe:/a:apple:safari:4.0.1 CVE-2010-0049 2010-03-15T10:15:32.043-04:00 2011-03-17T22:45:35.487-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2010-03-15T14:35:00.000-04:00 BID 38671 VUPEN ADV-2011-0552 VUPEN ADV-2011-0212 VUPEN ADV-2010-2722 UBUNTU USN-1006-1 SECTRACK 1023708 MANDRIVA MDVSA-2011:039 CONFIRM http://support.apple.com/kb/HT4225 CONFIRM http://support.apple.com/kb/HT4070 SECUNIA 43068 SECUNIA 41856 OSVDB 62942 SUSE SUSE-SR:2011:002 FEDORA FEDORA-2010-8423 FEDORA FEDORA-2010-8379 FEDORA FEDORA-2010-8360 APPLE APPLE-SA-2010-03-11-1 APPLE APPLE-SA-2010-06-21-1 IDEFENSE 20100311 Multiple Vendor WebKit HTML Element Use After Free Vulnerability Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via HTML elements with right-to-left (RTL) text directionality. cpe:/a:apple:safari:4.0 cpe:/a:apple:safari:4.0.3 cpe:/a:apple:safari:4.0.0b cpe:/a:apple:safari:4.0.2 cpe:/a:apple:safari:4.0.4 cpe:/a:apple:safari:4.0.1 CVE-2010-0050 2010-03-15T10:15:32.073-04:00 2011-03-17T22:45:35.643-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2010-03-15T14:40:00.000-04:00 BID 38671 XF safari-nested-html-code-exec(56836) VUPEN ADV-2011-0552 VUPEN ADV-2011-0212 VUPEN ADV-2010-2722 UBUNTU USN-1006-1 SECTRACK 1023708 MANDRIVA MDVSA-2011:039 CONFIRM http://support.apple.com/kb/HT4225 CONFIRM http://support.apple.com/kb/HT4070 SECUNIA 43068 SECUNIA 41856 SUSE SUSE-SR:2011:002 FEDORA FEDORA-2010-8423 FEDORA FEDORA-2010-8379 FEDORA FEDORA-2010-8360 APPLE APPLE-SA-2010-03-11-1 APPLE APPLE-SA-2010-06-21-1 Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an HTML document with improperly nested tags. cpe:/a:apple:safari:4.0 cpe:/a:apple:safari:4.0.3 cpe:/a:apple:safari:4.0.0b cpe:/a:apple:safari:4.0.2 cpe:/a:apple:safari:4.0.4 cpe:/a:apple:safari:4.0.1 CVE-2010-0051 2010-03-15T10:15:32.120-04:00 2011-03-17T22:45:35.970-04:00 4.3 NETWORK MEDIUM NONE PARTIAL NONE NONE http://nvd.nist.gov 2010-03-15T14:48:00.000-04:00 BID 38671 XF safari-stylesheet-info-disclosure(56837) VUPEN ADV-2011-0552 VUPEN ADV-2011-0212 VUPEN ADV-2010-2722 UBUNTU USN-1006-1 SECTRACK 1023708 MANDRIVA MDVSA-2011:039 MISC http://websec.sv.cmu.edu/css/css.pdf CONFIRM http://support.apple.com/kb/HT4456 CONFIRM http://support.apple.com/kb/HT4225 CONFIRM http://support.apple.com/kb/HT4070 SECUNIA 43068 SECUNIA 42314 SECUNIA 41856 MISC http://scarybeastsecurity.blogspot.com/2009/12/generic-cross-browser-cross-domain.html OSVDB 62944 SUSE SUSE-SR:2011:002 APPLE APPLE-SA-2010-03-11-1 APPLE APPLE-SA-2010-06-21-1 APPLE APPLE-SA-2010-11-22-1 MISC http://code.google.com/p/chromium/issues/detail?id=9877 WebKit in Apple Safari before 4.0.5 does not properly validate the cross-origin loading of stylesheets, which allows remote attackers to obtain sensitive information via a crafted HTML document. NOTE: this might overlap CVE-2010-0651. cpe:/a:apple:safari:4.0 cpe:/a:apple:safari:4.0:beta cpe:/a:apple:safari:4.0.3 cpe:/a:apple:safari:4.0.0b cpe:/a:apple:safari:4.0.2 cpe:/a:apple:safari:4.0.4 cpe:/a:apple:safari:4.0.1 CVE-2010-0052 2010-03-15T10:15:32.153-04:00 2011-03-17T22:45:36.347-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2010-03-15T14:46:00.000-04:00 BID 38671 VUPEN ADV-2011-0552 VUPEN ADV-2011-0212 VUPEN ADV-2010-2722 UBUNTU USN-1006-1 SECTRACK 1023708 MANDRIVA MDVSA-2011:039 CONFIRM http://support.apple.com/kb/HT4225 CONFIRM http://support.apple.com/kb/HT4070 SECUNIA 43068 SECUNIA 41856 SUSE SUSE-SR:2011:002 FEDORA FEDORA-2010-8423 FEDORA FEDORA-2010-8379 FEDORA FEDORA-2010-8360 APPLE APPLE-SA-2010-03-11-1 APPLE APPLE-SA-2010-06-21-1 Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to "callbacks for HTML elements." cpe:/a:apple:safari:4.0 cpe:/a:apple:safari:4.0:beta cpe:/a:apple:safari:4.0.3 cpe:/a:apple:safari:4.0.0b cpe:/a:apple:safari:4.0.2 cpe:/a:apple:safari:4.0.4 cpe:/a:apple:safari:4.0.1 CVE-2010-0053 2010-03-15T10:15:32.167-04:00 2011-03-17T22:45:36.533-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2010-03-15T14:54:00.000-04:00 VUPEN ADV-2011-0552 VUPEN ADV-2011-0212 VUPEN ADV-2010-2722 UBUNTU USN-1006-1 SECTRACK 1023708 BID 38671 MANDRIVA MDVSA-2011:039 CONFIRM http://support.apple.com/kb/HT4225 CONFIRM http://support.apple.com/kb/HT4070 SECUNIA 43068 SECUNIA 41856 OSVDB 62948 SUSE SUSE-SR:2011:002 FEDORA FEDORA-2010-8423 FEDORA FEDORA-2010-8379 FEDORA FEDORA-2010-8360 APPLE APPLE-SA-2010-03-11-1 APPLE APPLE-SA-2010-06-21-1 Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the run-in Cascading Style Sheets (CSS) display property. cpe:/a:apple:safari:4.0 cpe:/a:apple:safari:4.0.3 cpe:/a:apple:safari:4.0.0b cpe:/a:apple:safari:4.0.2 cpe:/a:apple:safari:4.0.4 cpe:/a:apple:safari:4.0.1 CVE-2010-0054 2010-03-15T10:15:32.200-04:00 2011-03-17T00:00:00.000-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2010-03-15T14:54:00.000-04:00 BID 38671 VUPEN ADV-2011-0552 VUPEN ADV-2011-0212 VUPEN ADV-2010-2722 UBUNTU USN-1006-1 SECTRACK 1023708 MANDRIVA MDVSA-2011:039 CONFIRM http://support.apple.com/kb/HT4225 CONFIRM http://support.apple.com/kb/HT4070 SECUNIA 43068 SECUNIA 41856 OSVDB 62949 SUSE SUSE-SR:2011:002 FEDORA FEDORA-2010-8423 FEDORA FEDORA-2010-8379 FEDORA FEDORA-2010-8360 APPLE APPLE-SA-2010-03-11-1 APPLE APPLE-SA-2010-06-21-1 Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving HTML IMG elements. cpe:/o:apple:mac_os_x_server:10.5.8 cpe:/o:apple:mac_os_x:10.5.8 CVE-2010-0055 2010-03-30T14:30:00.327-04:00 2010-03-31T00:00:00.000-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2010-03-31T10:44:00.000-04:00 CONFIRM http://support.apple.com/kb/HT4077 APPLE APPLE-SA-2010-03-29-1 xar in Apple Mac OS X 10.5.8 does not properly validate package signatures, which allows attackers to have an unspecified impact via a modified package. cpe:/o:apple:mac_os_x_server:10.5.8 cpe:/o:apple:mac_os_x:10.5.8 CVE-2010-0056 2010-03-30T13:30:00.407-04:00 2010-03-31T00:00:00.000-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2010-03-31T09:17:00.000-04:00 APPLE APPLE-SA-2010-03-29-1 Buffer overflow in Cocoa spell checking in AppKit in Apple Mac OS X 10.5.8 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted document. cpe:/o:apple:mac_os_x:10.5.7 cpe:/o:apple:mac_os_x:10.5.1 cpe:/o:apple:mac_os_x_server:10.6.1 cpe:/o:apple:mac_os_x_server:10.5.4 cpe:/o:apple:mac_os_x_server:10.5.6 cpe:/o:apple:mac_os_x:10.5.3 cpe:/o:apple:mac_os_x:10.5.4 cpe:/o:apple:mac_os_x:10.5.6 cpe:/o:apple:mac_os_x:10.6.2 cpe:/o:apple:mac_os_x_server:10.5.8 cpe:/o:apple:mac_os_x:10.5.2 cpe:/o:apple:mac_os_x:10.5.0 cpe:/o:apple:mac_os_x_server:10.5.7 cpe:/o:apple:mac_os_x_server:10.5.1 cpe:/o:apple:mac_os_x_server:10.6.2 cpe:/o:apple:mac_os_x_server:10.5.5 cpe:/o:apple:mac_os_x_server:10.5.0 cpe:/o:apple:mac_os_x:10.5.5 cpe:/o:apple:mac_os_x:10.5 cpe:/o:apple:mac_os_x_server:10.5.3 cpe:/o:apple:mac_os_x:10.6.0 cpe:/o:apple:mac_os_x_server:10.6.0 cpe:/o:apple:mac_os_x_server:10.5.2 cpe:/o:apple:mac_os_x:10.5.8 cpe:/o:apple:mac_os_x_server:10.5 cpe:/o:apple:mac_os_x:10.6.1 CVE-2010-0057 2010-03-30T13:30:00.483-04:00 2010-03-31T00:00:00.000-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2010-03-31T09:39:00.000-04:00 APPLE APPLE-SA-2010-03-29-1 AFP Server in Apple Mac OS X before 10.6.3 does not prevent guest use of AFP shares when guest access is disabled, which allows remote attackers to bypass intended access restrictions via a mount request. cpe:/o:apple:mac_os_x_server:10.5.8 cpe:/o:apple:mac_os_x:10.5.8 CVE-2010-0058 2010-03-30T13:30:00.517-04:00 2010-03-31T00:00:00.000-04:00 6.4 NETWORK LOW NONE NONE PARTIAL PARTIAL http://nvd.nist.gov 2010-03-31T10:02:00.000-04:00 CONFIRM http://support.apple.com/kb/HT4077 APPLE APPLE-SA-2010-03-29-1 freshclam in ClamAV in Apple Mac OS X 10.5.8 with Security Update 2009-005 has an incorrect launchd.plist ProgramArguments key and consequently does not run, which might allow remote attackers to introduce viruses into the system. cpe:/o:apple:mac_os_x:10.6.2 cpe:/o:apple:mac_os_x:10.6.0 cpe:/o:apple:mac_os_x_server:10.6.1 cpe:/o:apple:mac_os_x_server:10.6.2 cpe:/o:apple:mac_os_x_server:10.6.0 cpe:/o:apple:mac_os_x:10.6.1 CVE-2010-0059 2010-03-30T13:30:00.563-04:00 2010-08-21T01:38:49.573-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2010-03-31T10:13:00.000-04:00 CONFIRM http://support.apple.com/kb/HT4077 APPLE APPLE-SA-2010-03-29-1 MISC http://www.zerodayinitiative.com/advisories/ZDI-10-041 BUGTRAQ 20100402 ZDI-10-041: Apple QuickTime QDM2/QDCA Atom Remote Code Execution Vulnerability APPLE APPLE-SA-2010-03-30-1 CoreAudio in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted audio content with QDM2 encoding, which triggers a buffer overflow due to inconsistent length fields, related to QDCA. cpe:/o:apple:mac_os_x:10.6.2 cpe:/o:apple:mac_os_x:10.6.0 cpe:/o:apple:mac_os_x_server:10.6.1 cpe:/o:apple:mac_os_x_server:10.6.2 cpe:/o:apple:mac_os_x_server:10.6.0 cpe:/o:apple:mac_os_x:10.6.1 CVE-2010-0060 2010-03-30T14:30:00.360-04:00 2010-08-21T01:38:49.713-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2010-03-31T10:48:00.000-04:00 CONFIRM http://support.apple.com/kb/HT4077 APPLE APPLE-SA-2010-03-29-1 APPLE APPLE-SA-2010-03-30-1 CoreAudio in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted audio content with QDMC encoding. cpe:/o:apple:mac_os_x:10.6.2 cpe:/o:apple:mac_os_x:10.6.0 cpe:/o:apple:mac_os_x_server:10.6.1 cpe:/o:apple:mac_os_x_server:10.6.2 cpe:/o:apple:mac_os_x_server:10.6.0 cpe:/o:apple:mac_os_x:10.6.1 CVE-2010-0062 2010-03-30T14:30:00.390-04:00 2010-08-21T01:38:49.840-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2010-03-31T10:52:00.000-04:00 CONFIRM http://support.apple.com/kb/HT4077 APPLE APPLE-SA-2010-03-29-1 MISC http://www.zerodayinitiative.com/advisories/ZDI-10-036 BUGTRAQ 20100402 ZDI-10-036: Apple QuickTime H.263 PictureHeader Remote Code Execution Vulnerability APPLE APPLE-SA-2010-03-30-1 Heap-based buffer overflow in quicktime.qts in CoreMedia and QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a malformed .3g2 movie file with H.263 encoding that triggers an incorrect buffer length calculation. cpe:/o:apple:mac_os_x:10.5.7 cpe:/o:apple:mac_os_x:10.5.1 cpe:/o:apple:mac_os_x_server:10.6.1 cpe:/o:apple:mac_os_x_server:10.5.4 cpe:/o:apple:mac_os_x_server:10.5.6 cpe:/o:apple:mac_os_x:10.5.3 cpe:/o:apple:mac_os_x:10.5.4 cpe:/o:apple:mac_os_x:10.5.6 cpe:/o:apple:mac_os_x:10.6.2 cpe:/o:apple:mac_os_x_server:10.5.8 cpe:/o:apple:mac_os_x:10.5.2 cpe:/o:apple:mac_os_x:10.5.0 cpe:/o:apple:mac_os_x_server:10.5.7 cpe:/o:apple:mac_os_x_server:10.5.1 cpe:/o:apple:mac_os_x_server:10.6.2 cpe:/o:apple:mac_os_x_server:10.5.5 cpe:/o:apple:mac_os_x_server:10.5.0 cpe:/o:apple:mac_os_x:10.5.5 cpe:/o:apple:mac_os_x:10.5 cpe:/o:apple:mac_os_x_server:10.5.3 cpe:/o:apple:mac_os_x:10.6.0 cpe:/o:apple:mac_os_x_server:10.6.0 cpe:/o:apple:mac_os_x_server:10.5.2 cpe:/o:apple:mac_os_x:10.5.8 cpe:/o:apple:mac_os_x_server:10.5 cpe:/o:apple:mac_os_x:10.6.1 CVE-2010-0063 2010-03-30T14:30:00.420-04:00 2010-03-31T00:00:00.000-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2010-03-31T11:05:00.000-04:00 CONFIRM http://support.apple.com/kb/HT4077 APPLE APPLE-SA-2010-03-29-1 Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X before 10.6.3 makes it easier for user-assisted remote attackers to execute arbitrary JavaScript via a web page that offers a download with a Content-Type value that is not on the list of possibly unsafe content types for Safari, as demonstrated by the values for the (1) .ibplugin and (2) .url extensions. cpe:/o:apple:mac_os_x:10.6.2 cpe:/o:apple:mac_os_x:10.6.0 cpe:/o:apple:mac_os_x_server:10.6.1 cpe:/o:apple:mac_os_x_server:10.6.2 cpe:/o:apple:mac_os_x_server:10.6.0 cpe:/o:apple:mac_os_x:10.6.1 CVE-2010-0064 2010-03-30T14:30:00.453-04:00 2010-03-31T00:00:00.000-04:00 6.9 LOCAL MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2010-03-31T11:16:00.000-04:00 CONFIRM http://support.apple.com/kb/HT4077 APPLE APPLE-SA-2010-03-29-1 DesktopServices in Apple Mac OS X 10.6 before 10.6.3 preserves file ownership during an authenticated Finder copy, which might allow local users to bypass intended disk-quota restrictions and have unspecified other impact by copying files owned by other users. cpe:/o:apple:mac_os_x:10.5.7 cpe:/o:apple:mac_os_x:10.5.1 cpe:/o:apple:mac_os_x_server:10.6.1 cpe:/o:apple:mac_os_x_server:10.5.4 cpe:/o:apple:mac_os_x_server:10.5.6 cpe:/o:apple:mac_os_x:10.5.3 cpe:/o:apple:mac_os_x:10.5.4 cpe:/o:apple:mac_os_x:10.5.6 cpe:/o:apple:mac_os_x:10.6.2 cpe:/o:apple:mac_os_x_server:10.5.8 cpe:/o:apple:mac_os_x:10.5.2 cpe:/o:apple:mac_os_x:10.5.0 cpe:/o:apple:mac_os_x_server:10.5.7 cpe:/o:apple:mac_os_x_server:10.5.1 cpe:/o:apple:mac_os_x_server:10.6.2 cpe:/o:apple:mac_os_x_server:10.5.5 cpe:/o:apple:mac_os_x_server:10.5.0 cpe:/o:apple:mac_os_x:10.5.5 cpe:/o:apple:mac_os_x:10.5 cpe:/o:apple:mac_os_x_server:10.5.3 cpe:/o:apple:mac_os_x:10.6.0 cpe:/o:apple:mac_os_x_server:10.6.0 cpe:/o:apple:mac_os_x_server:10.5.2 cpe:/o:apple:mac_os_x:10.5.8 cpe:/o:apple:mac_os_x_server:10.5 cpe:/o:apple:mac_os_x:10.6.1 CVE-2010-0065 2010-03-30T14:30:00.483-04:00 2010-03-31T00:00:00.000-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2010-03-31T11:21:00.000-04:00 CONFIRM http://support.apple.com/kb/HT4077 APPLE APPLE-SA-2010-03-29-1 Disk Images in Apple Mac OS X before 10.6.3 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted disk image with bzip2 compression. cpe:/a:oracle:application_server:10.1.4.2 cpe:/a:oracle:application_server:7.0.4.3 CVE-2010-0066 2010-01-12T20:30:00.937-05:00 2012-10-22T23:17:02.383-04:00 5.0 NETWORK LOW NONE NONE PARTIAL NONE http://nvd.nist.gov 2010-01-13T09:30:00.000-05:00 CERT TA10-012A SECTRACK 1023438 CONFIRM http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html Unspecified vulnerability in the Access Manager Identity Server component in Oracle Application Server 7.0.4.3 and 10.1.4.2 allows remote attackers to affect integrity via unknown vectors. cpe:/a:oracle:application_server:10.1.3.4 cpe:/a:oracle:application_server:10.1.2.3 CVE-2010-0067 2010-01-12T20:30:00.953-05:00 2012-10-22T23:17:03.647-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2010-01-13T09:24:00.000-05:00 CERT TA10-012A SECTRACK 1023438 CONFIRM http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Application Server 10.1.2.3 and 10.1.3.4 allows remote attackers to affect confidentiality via unknown vectors. cpe:/a:oracle:bea_product_suite:9.2:mp2 cpe:/a:oracle:bea_product_suite:9.1 cpe:/a:oracle:bea_product_suite:10.0 cpe:/a:oracle:bea_product_suite:9.0 CVE-2010-0068 2010-01-12T20:30:00.983-05:00 2012-10-22T23:17:03.883-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2010-01-13T09:41:00.000-05:00 CERT TA10-012A CONFIRM http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 9.0, 9.1, 9.2MP2, and 10.0 allows remote attackers to affect confidentiality via unknown vectors. cpe:/a:oracle:bea_product_suite:8.1:sp6 cpe:/a:oracle:bea_product_suite:10.3.0 cpe:/a:oracle:bea_product_suite:9.1 cpe:/a:oracle:bea_product_suite:7.0 cpe:/a:oracle:bea_product_suite:9.2:mp3 cpe:/a:oracle:bea_product_suite:10.0:mp1 cpe:/a:oracle:bea_product_suite:9.0 cpe:/a:oracle:bea_product_suite:7.0:sp7 CVE-2010-0069 2010-01-12T20:30:01.013-05:00 2012-10-22T23:17:04.100-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2010-01-13T09:43:00.000-05:00 CERT TA10-012A CONFIRM http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 7.0, SP7, 8.1SP6, 9.0, 9.1, 9.2MP3, 10.0MP1, and 10.3.0 allows remote attackers to affect integrity via unknown vectors. cpe:/a:oracle:application_server:10.1.3.4 cpe:/a:oracle:application_server:10.1.2.3 CVE-2010-0070 2010-01-12T20:30:01.047-05:00 2012-10-22T23:17:04.273-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2010-01-13T09:53:00.000-05:00 CERT TA10-012A SECTRACK 1023438 CONFIRM http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Application Server 10.1.2.3 and 10.1.3.4 allows remote attackers to affect integrity via unknown vectors. cpe:/a:oracle:database_server:11.1.0.7 cpe:/a:oracle:database_server:9.2.0.8dv cpe:/a:oracle:database_server:10.1.0.5 cpe:/a:oracle:database_server:9.2.0.8 cpe:/a:oracle:database_server:10.2.0.4 CVE-2010-0071 2010-01-12T20:30:01.077-05:00 2012-10-22T23:17:04.477-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2010-01-13T09:56:00.000-05:00 CERT TA10-012A CONFIRM http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html Unspecified vulnerability in the Listener component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. cpe:/a:oracle:secure_backup:10.2.0.3 CVE-2010-0072 2010-01-12T20:30:01.107-05:00 2012-10-22T23:17:04.633-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2010-01-13T10:04:00.000-05:00 CERT TA10-012A CONFIRM http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the January 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a buffer overflow in observiced.exe that allows remote attackers to execute arbitrary code via vectors related to a "reverse lookup of connections" to TCP port 10000. cpe:/a:oracle:weblogic_server_component:8.1 cpe:/a:oracle:weblogic_server_component:10.0 cpe:/a:oracle:weblogic_server_component:10.3 cpe:/a:oracle:weblogic_server cpe:/a:oracle:weblogic_server_component:10.0:mp1 cpe:/a:oracle:weblogic_server_component:9.2:mp3 cpe:/a:oracle:weblogic_server_component:9.0 cpe:/a:oracle:weblogic_server_component:9.2 cpe:/a:oracle:weblogic_server_component:7.0 cpe:/a:oracle:weblogic_server_component:6.1:sp7 cpe:/a:oracle:weblogic_server_component cpe:/a:oracle:weblogic_server_component:8.1:sp6 cpe:/a:oracle:weblogic_server_component:6.1 cpe:/a:oracle:weblogic_server_component:9.1 cpe:/a:oracle:weblogic_server:10.3 cpe:/a:oracle:weblogic_server_component:7.0:sp7 CVE-2010-0073 2010-04-14T13:30:00.367-04:00 2010-04-17T01:40:31.780-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2010-04-15T19:47:00.000-04:00 CERT TA10-103B VUPEN ADV-2010-0216 CONFIRM http://www.oracle.com/technology/deploy/security/alerts/alert-cve-2010-0073.html SECUNIA 39439 Unspecified vulnerability in the WebLogic Server in Oracle WebLogic Server 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, and 10.3.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. cpe:/a:oracle:bea_product_suite:8.1:sp6 cpe:/a:oracle:bea_product_suite:10.3.1 cpe:/a:oracle:bea_product_suite:10.0:mp2 cpe:/a:oracle:bea_product_suite:9.1 cpe:/a:oracle:bea_product_suite:9.2:mp3 cpe:/a:oracle:bea_product_suite:9.0 cpe:/a:oracle:bea_product_suite:7.0:sp7 CVE-2010-0074 2010-01-12T20:30:01.140-05:00 2012-10-22T23:17:04.930-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2010-01-13T10:01:00.000-05:00 CERT TA10-012A CONFIRM http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 7.0SP7, 8.1SP6, 9.0, 9.1, 9.2MP3, 10.0MP2, and 10.3.1 allows remote attackers to affect availability via unknown vectors. cpe:/a:oracle:e-business_suite:12.1.1 cpe:/a:oracle:e-business_suite:12.0.6 cpe:/a:oracle:e-business_suite:11.5.10.2 CVE-2010-0075 2010-01-12T20:30:01.170-05:00 2012-10-22T23:17:05.147-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2010-01-13T10:12:00.000-05:00 CERT TA10-012A CONFIRM http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html Unspecified vulnerability in the Oracle HRMS (Self Service) component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.1 allows remote attackers to affect confidentiality via unknown vectors. cpe:/a:oracle:database:3.2.1.00.10 CVE-2010-0076 2010-01-12T20:30:01.187-05:00 2012-10-22T23:17:05.320-04:00 6.0 NETWORK MEDIUM SINGLE_INSTANCE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2010-01-13T10:21:00.000-05:00 CERT TA10-012A CONFIRM http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html Unspecified vulnerability in the Application Express Application Builder component in Oracle Database 3.2.1.00.10 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. cpe:/a:oracle:e-business_suite:12.1.2 cpe:/a:oracle:e-business_suite:12.0.6 cpe:/a:oracle:e-business_suite:11.5.10.2 CVE-2010-0077 2010-01-12T20:30:01.217-05:00 2012-10-22T23:17:05.490-04:00 6.4 NETWORK LOW NONE PARTIAL PARTIAL NONE http://nvd.nist.gov 2010-01-13T10:46:00.000-05:00 CERT TA10-012A CONFIRM http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html Unspecified vulnerability in the CRM Technical Foundation (mobile) component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.2 allows remote attackers to affect confidentiality and integrity via unknown vectors. cpe:/a:oracle:bea_product_suite:10.3.1 cpe:/a:oracle:bea_product_suite:10.0:mp2 cpe:/a:oracle:bea_product_suite:9.1 cpe:/a:oracle:bea_product_suite:9.2:mp3 cpe:/a:oracle:bea_product_suite:9.0 CVE-2010-0078 2010-01-12T20:30:01.250-05:00 2012-10-22T23:17:05.693-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2010-01-13T10:10:00.000-05:00 CERT TA10-012A CONFIRM http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 9.0, 9.1, 9.2MP3, 10.0MP2, and 10.3.1 allows remote attackers to affect availability via unknown vectors. cpe:/a:oracle:bea_product_suite:r27.6.5 CVE-2010-0079 2010-01-12T20:30:01.280-05:00 2012-10-22T23:17:05.943-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2010-01-13T10:38:00.000-05:00 CERT TA10-012A CONFIRM http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html Multiple vulnerabilities in the JRockit component in BEA Product Suite R27.6.5 using JRE/JDK 1.4.2, 5, and 6 allow remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: this CVE identifier overlaps CVE-2009-3867, CVE-2009-3868, CVE-2009-3869, CVE-2009-3871, CVE-2009-3872, CVE-2009-3873, CVE-2009-3874, CVE-2009-3875, CVE-2009-3876, and CVE-2009-3877. cpe:/a:oracle:jd_edwards_enterpriseone:8.9:bundle21 cpe:/a:oracle:jd_edwards_enterpriseone:9.0:bundle11 cpe:/a:oracle:peoplesoft_enterprise CVE-2010-0080 2010-01-12T20:30:01.310-05:00 2012-10-22T23:17:06.133-04:00 4.9 NETWORK MEDIUM SINGLE_INSTANCE PARTIAL PARTIAL NONE http://nvd.nist.gov 2010-01-13T10:47:00.000-05:00 CERT TA10-012A CONFIRM http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html Unspecified vulnerability in the PeopleSoft Enterprise HCM - eProfile component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.9 Bundle, #21 and 9.0 Bundle #11 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. cpe:/a:oracle:fusion_middleware:10.1.4.0.1 cpe:/a:oracle:fusion_middleware:10.1.2.3 CVE-2010-0081 2010-07-13T17:30:00.920-04:00 2012-10-22T23:17:06.337-04:00 3.5 NETWORK MEDIUM SINGLE_INSTANCE NONE PARTIAL NONE http://nvd.nist.gov 2010-07-14T10:12:00.000-04:00 CONFIRM http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html Unspecified vulnerability in the Application Server Control component in Oracle Fusion Middleware 10.1.2.3 and 10.1.4.0.1 allows remote authenticated users to affect integrity via unknown vectors. cpe:/a:sun:jre:1.3.0:update5 cpe:/a:sun:sdk:1.3.1_14 cpe:/a:sun:sdk:1.3.0_02 cpe:/a:sun:jdk:1.5.0:update10 cpe:/a:sun:jre:1.5.0:update17 cpe:/a:sun:jdk:1.6.0 cpe:/a:sun:jdk:1.5.0:update7 cpe:/a:sun:jdk:1.5.0:update6 cpe:/a:sun:jre:1.5.0:update15 cpe:/a:sun:jre:1.6.0:update_10 cpe:/a:sun:jdk:1.3.1_18 cpe:/a:sun:jre:1.5.0:update12 cpe:/a:sun:sdk:1.4.2_9 cpe:/a:sun:jre:1.3.1 cpe:/a:sun:jdk:1.5.0:update4 cpe:/a:sun:jre:1.4.2_25 cpe:/a:sun:jdk:1.3.1_04 cpe:/a:sun:sdk:1.3.0_05 cpe:/a:sun:jre:1.6.0:update_13 cpe:/a:sun:jdk:1.5.0:update15 cpe:/a:sun:jdk:1.5.0:update2 cpe:/a:sun:sdk:1.4.2_1 cpe:/a:sun:jdk:1.5.0:update12 cpe:/a:sun:jre:1.4.2_23 cpe:/a:sun:sdk:1.4.2_21 cpe:/a:sun:jdk:1.6.0:update_6 cpe:/a:sun:jre:1.6.0:update_1 cpe:/a:sun:jre:1.4.2:update9 cpe:/a:sun:sdk:1.3.1_11 cpe:/a:sun:jre:1.5.0:update11 cpe:/a:sun:jdk:1.5.0:update18 cpe:/a:sun:jdk:1.5.0:update11 cpe:/a:sun:jre:1.4.2:update5 cpe:/a:sun:jre:1.5.0:update18 cpe:/a:sun:sdk:1.4.2_13 cpe:/a:sun:jdk:1.6.0:update_5 cpe:/a:sun:sdk:1.4.2_5 cpe:/a:sun:jre:1.4.2_18 cpe:/a:sun:jre:1.3.1_03 cpe:/a:sun:jre:1.5.0:update1 cpe:/a:sun:jdk:1.3.1_03 cpe:/a:sun:jdk:1.3.1_12 cpe:/a:sun:jre:1.3.0:update4 cpe:/a:sun:jre:1.3.1_12 cpe:/a:sun:jre:1.4.2:update3 cpe:/a:sun:jre:1.5.0:update20 cpe:/a:sun:sdk:1.3.0 cpe:/a:sun:jdk:1.3.1_14 cpe:/a:sun:jre:1.3.1:update2 cpe:/a:sun:jre:1.4.2_11 cpe:/a:sun:jre:1.6.0:update_3 cpe:/a:sun:jre:1.5.0:update4 cpe:/a:sun:jdk:1.3.0_02 cpe:/a:sun:jre:1.3.1_06 cpe:/a:sun:jre:1.5.0:update5 cpe:/a:sun:jre:1.4.2_1 cpe:/a:sun:sdk:1.4.2_11 cpe:/a:sun:jdk:1.6.0:update_12 cpe:/a:sun:sdk:1.3.1_04 cpe:/a:sun:jre:1.4.2:update1 cpe:/a:sun:jdk:1.5.0:update14 cpe:/a:sun:jre:1.5.0:update23 cpe:/a:sun:jre:1.3.1_14 cpe:/a:sun:sdk:1.4.2_4 cpe:/a:sun:sdk:1.3.1_19 cpe:/a:sun:jdk:1.3.0_01 cpe:/a:sun:sdk:1.4.2_25 cpe:/a:sun:jre:1.3.1_07 cpe:/a:sun:sdk:1.4.2 cpe:/a:sun:jre:1.3.1_08 cpe:/a:sun:jdk:1.6.0:update1_b06 cpe:/a:sun:jre:1.6.0:update_14 cpe:/a:sun:jdk:1.6.0:update2 cpe:/a:sun:jre:1.4.2_22 cpe:/a:sun:sdk:1.3.1_27 cpe:/a:sun:jdk:1.3.1_13 cpe:/a:sun:jre:1.4.2:update2 cpe:/a:sun:jre:1.3.1_27 cpe:/a:sun:sdk:1.4.2_12 cpe:/a:sun:sdk:1.3.0_01 cpe:/a:sun:jre:1.4.2_14 cpe:/a:sun:jre:1.3.1_11 cpe:/a:sun:sdk:1.4.2_02 cpe:/a:sun:jdk:1.5.0:update16 cpe:/a:sun:jre:1.3.1_24 cpe:/a:sun:jre:1.3.1_20 cpe:/a:sun:jre:1.6.0:update_11 cpe:/a:sun:jdk:1.6.0:update_10 cpe:/a:sun:jdk:1.3.1_10 cpe:/a:sun:jdk:1.3.0_05 cpe:/a:sun:jdk:1.6.0:update_7 cpe:/a:sun:sdk:1.3.1_01a cpe:/a:sun:jre:1.5.0:update13 cpe:/a:sun:jdk:1.5.0:update21 cpe:/a:sun:sdk:1.3.1_17 cpe:/a:sun:sdk:1.4.2_16 cpe:/a:sun:jdk:1.5.0:update23 cpe:/a:sun:jdk:1.6.0:update_13 cpe:/a:sun:jre:1.5.0 cpe:/a:sun:jdk:1.3.1_05 cpe:/a:sun:jdk:1.3.1_11 cpe:/a:sun:jre:1.3.1_13 cpe:/a:sun:jre:1.3.1_10 cpe:/a:sun:jre:1.4.2_16 cpe:/a:sun:jre:1.6.0 cpe:/a:sun:jre:1.6.0:update_17 cpe:/a:sun:jre:1.6.0:update_7 cpe:/a:sun:jre:1.4.2_10 cpe:/a:sun:jdk:1.3.0_04 cpe:/a:sun:jdk:1.3.1_02 cpe:/a:sun:jre:1.4.2_15 cpe:/a:sun:jre:1.3.0 cpe:/a:sun:jre:1.6.0:update_12 cpe:/a:sun:jre:1.4.2 cpe:/a:sun:sdk:1.4.2_6 cpe:/a:sun:jre:1.3.0:update1 cpe:/a:sun:sdk:1.3.1_08 cpe:/a:sun:jre:1.6.0:update_15 cpe:/a:sun:sdk:1.3.1_01 cpe:/a:sun:sdk:1.4.2_22 cpe:/a:sun:sdk:1.3.1_23 cpe:/a:sun:jdk:1.3.0_03 cpe:/a:sun:sdk:1.3.0_04 cpe:/a:sun:sdk:1.3.1_05 cpe:/a:sun:jdk:1.6.0:update_11 cpe:/a:sun:jre:1.4.2:update7 cpe:/a:sun:jre:1.3.1_09 cpe:/a:sun:jdk:1.3.1_27 cpe:/a:sun:sdk:1.3.1_10 cpe:/a:sun:jdk:1.5.0:update13 cpe:/a:sun:jdk:1.5.0:update1 cpe:/a:sun:jre:1.4.2:update6 cpe:/a:sun:jre:1.5.0:update16 cpe:/a:sun:jre:1.6.0:update_4 cpe:/a:sun:jdk:1.5.0:update5 cpe:/a:sun:sdk:1.3.1_16 cpe:/a:sun:sdk:1.4.2_8 cpe:/a:sun:jre:1.6.0:update_16 cpe:/a:sun:sdk:1.3.1_25 cpe:/a:sun:sdk:1.4.2_14 cpe:/a:sun:jre:1.4.2_19 cpe:/a:sun:jre:1.3.1_15 cpe:/a:sun:sdk:1.3.1 cpe:/a:sun:jre:1.6.0:update_18 cpe:/a:sun:jre:1.5.0:update10 cpe:/a:sun:sdk:1.3.1_02 cpe:/a:sun:jdk:1.5.0:update9 cpe:/a:sun:jre:1.6.0:update_6 cpe:/a:sun:sdk:1.4.2_15 cpe:/a:sun:jre:1.4.2:update4 cpe:/a:sun:jre:1.3.1_18 cpe:/a:sun:sdk:1.3.1_21 cpe:/a:sun:jdk:1.5.0:update8 cpe:/a:sun:sdk:1.3.1_06 cpe:/a:sun:sdk:1.3.1_24 cpe:/a:sun:sdk:1.4.2_3 cpe:/a:sun:jdk:1.3.1_21 cpe:/a:sun:jdk:1.5.0:update20 cpe:/a:sun:jdk:1.3.1_24 cpe:/a:sun:jdk:1.3.1_07 cpe:/a:sun:jre:1.3.1_22 cpe:/a:sun:jre:1.3.1_21 cpe:/a:sun:jre:1.5.0:update9 cpe:/a:sun:jre:1.5.0:update21 cpe:/a:sun:jre:1.3.1_26 cpe:/a:sun:sdk:1.3.1_26 cpe:/a:sun:jre:1.5.0:update3 cpe:/a:sun:jdk:1.6.0:update_3 cpe:/a:sun:jdk:1.3.1_06 cpe:/a:sun:jdk:1.3.1_25 cpe:/a:sun:jre:1.6.0:update_2 cpe:/a:sun:jdk:1.6.0:update_15 cpe:/a:sun:jre:1.5.0:update2 cpe:/a:sun:jre:1.5.0:update7 cpe:/a:sun:jre:1.4.2_20 cpe:/a:sun:jre:1.3.0:update3 cpe:/a:sun:jdk:1.3.1_15 cpe:/a:sun:jre:1.3.0:update2 cpe:/a:sun:jre:1.3.1_2 cpe:/a:sun:sdk:1.4.2_10 cpe:/a:sun:jdk:1.6.0:update_4 cpe:/a:sun:jdk:1.6.0:update_18 cpe:/a:sun:jre:1.3.1_25 cpe:/a:sun:jre:1.4.2_24 cpe:/a:sun:sdk:1.4.2_19 cpe:/a:sun:jdk:1.6.0:update1 cpe:/a:sun:jre:1.3.1_19 cpe:/a:sun:jdk:1.3.1_08 cpe:/a:sun:jdk:1.5.0:update3 cpe:/a:sun:jdk:1.3.0 cpe:/a:sun:sdk:1.4.2_18 cpe:/a:sun:jdk:1.6.0:update_14 cpe:/a:sun:sdk:1.4.2_24 cpe:/a:sun:jdk:1.3.1_19 cpe:/a:sun:jre:1.3.1_16 cpe:/a:sun:jre:1.5.0:update6 cpe:/a:sun:jdk:1.6.0:update_17 cpe:/a:sun:jdk:1.3.1_20 cpe:/a:sun:jdk:1.5.0:update17 cpe:/a:sun:jre:1.4.2_21 cpe:/a:sun:jdk:1.5.0:update19 cpe:/a:sun:sdk:1.3.1_07 cpe:/a:sun:sdk:1.3.1_20 cpe:/a:sun:jre:1.4.2:update8 cpe:/a:sun:jre:1.3.1_23 cpe:/a:sun:jre:1.5.0:update14 cpe:/a:sun:sdk:1.4.2_17 cpe:/a:sun:jdk:1.3.1_26 cpe:/a:sun:jdk:1.3.1 cpe:/a:sun:sdk:1.4.2_23 cpe:/a:sun:sdk:1.3.0_03 cpe:/a:sun:jre:1.3.1_05 cpe:/a:sun:jdk:1.3.1_22 cpe:/a:sun:jre:1.5.0:update8 cpe:/a:sun:jdk:1.3.1_16 cpe:/a:sun:sdk:1.3.1_13 cpe:/a:sun:jdk:1.6.0:update_16 cpe:/a:sun:jdk:1.3.1_01 cpe:/a:sun:sdk:1.3.1_18 cpe:/a:sun:sdk:1.3.1_09 cpe:/a:sun:jdk:1.3.1_17 cpe:/a:sun:jdk:1.3.1_01a cpe:/a:sun:jdk:1.3.1_23 cpe:/a:sun:sdk:1.3.1_22 cpe:/a:sun:sdk:1.3.1_12 cpe:/a:sun:jre:1.3.1_17 cpe:/a:sun:jre:1.3.1:update1 cpe:/a:sun:jre:1.5.0:update19 cpe:/a:sun:sdk:1.3.1_15 cpe:/a:sun:jdk:1.5.0 cpe:/a:sun:jre:1.3.1_04 cpe:/a:sun:jre:1.4.2_12 cpe:/a:sun:sdk:1.3.1_03 cpe:/a:sun:jre:1.4.2_17 cpe:/a:sun:jdk:1.3.1_09 cpe:/a:sun:sdk:1.4.2_7 cpe:/a:sun:jre:1.6.0:update_5 cpe:/a:sun:jre:1.4.2_13 cpe:/a:sun:sdk:1.4.2_20 CVE-2010-0082 2010-04-01T12:30:00.343-04:00 2012-10-22T23:17:06.727-04:00 5.1 NETWORK HIGH NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2010-04-01T20:50:00.000-04:00 VUPEN ADV-2010-1793 VUPEN ADV-2010-1191 VUPEN ADV-2010-1107 CONFIRM http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html CONFIRM http://www.vmware.com/security/advisories/VMSA-2011-0003.html BUGTRAQ 20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX REDHAT RHSA-2010:0339 REDHAT RHSA-2010:0338 REDHAT RHSA-2010:0337 CONFIRM http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html MANDRIVA MDVSA-2010:084 UBUNTU USN-923-1 CONFIRM http://support.apple.com/kb/HT4171 CONFIRM http://support.apple.com/kb/HT4170 SECUNIA 43308 SECUNIA 40545 SECUNIA 39819 SECUNIA 39317 SECUNIA 39292 SUSE SUSE-SR:2010:011 SUSE SUSE-SR:2010:008 APPLE APPLE-SA-2010-05-18-2 APPLE APPLE-SA-2010-05-18-1 HP HPSBMA02547 HP HPSBMA02547 Unspecified vulnerability in the HotSpot Server component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. cpe:/o:oracle:opensolaris:10 cpe:/o:oracle:opensolaris:9 cpe:/o:oracle:opensolaris:8 CVE-2010-0083 2010-07-13T18:30:01.547-04:00 2012-10-22T23:17:06.897-04:00 7.6 NETWORK HIGH NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2010-07-14T10:19:00.000-04:00 CONFIRM http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html Unspecified vulnerability in Oracle OpenSolaris 8, 9, and 10 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. cpe:/a:sun:jre:1.5.0:update16 cpe:/a:sun:jre:1.6.0:update_4 cpe:/a:sun:jre:1.5.0:update17 cpe:/a:sun:jdk:1.5.0:update10 cpe:/a:sun:jdk:1.5.0:update7 cpe:/a:sun:jdk:1.5.0:update5 cpe:/a:sun:jdk:1.6.0 cpe:/a:sun:jre:1.6.0:update_16 cpe:/a:sun:sdk:1.4.2_8 cpe:/a:sun:jdk:1.5.0:update6 cpe:/a:sun:jre:1.5.0:update15 cpe:/a:sun:jre:1.6.0:update_10 cpe:/a:sun:sdk:1.4.2_14 cpe:/a:sun:jre:1.5.0:update12 cpe:/a:sun:jre:1.4.2_19 cpe:/a:sun:jre:1.6.0:update_18 cpe:/a:sun:sdk:1.4.2_9 cpe:/a:sun:jre:1.5.0:update10 cpe:/a:sun:jre:1.4.2_25 cpe:/a:sun:jdk:1.5.0:update4 cpe:/a:sun:jre:1.6.0:update_13 cpe:/a:sun:jdk:1.5.0:update9 cpe:/a:sun:jre:1.6.0:update_6 cpe:/a:sun:jdk:1.5.0:update15 cpe:/a:sun:jdk:1.5.0:update2 cpe:/a:sun:sdk:1.4.2_15 cpe:/a:sun:jre:1.4.2:update4 cpe:/a:sun:sdk:1.4.2_1 cpe:/a:sun:jre:1.4.2_23 cpe:/a:sun:jdk:1.5.0:update12 cpe:/a:sun:sdk:1.4.2_21 cpe:/a:sun:jdk:1.5.0:update8 cpe:/a:sun:jdk:1.6.0:update_6 cpe:/a:sun:jre:1.6.0:update_1 cpe:/a:sun:jre:1.4.2:update9 cpe:/a:sun:jdk:1.5.0:update18 cpe:/a:sun:jre:1.5.0:update11 cpe:/a:sun:jre:1.4.2:update5 cpe:/a:sun:jdk:1.5.0:update11 cpe:/a:sun:jre:1.5.0:update18 cpe:/a:sun:sdk:1.4.2_3 cpe:/a:sun:jdk:1.6.0:update_5 cpe:/a:sun:sdk:1.4.2_13 cpe:/a:sun:jre:1.4.2_18 cpe:/a:sun:sdk:1.4.2_5 cpe:/a:sun:jre:1.5.0:update1 cpe:/a:sun:jdk:1.5.0:update20 cpe:/a:sun:jre:1.5.0:update9 cpe:/a:sun:jre:1.4.2:update3 cpe:/a:sun:jre:1.5.0:update21 cpe:/a:sun:jre:1.5.0:update20 cpe:/a:sun:jre:1.5.0:update3 cpe:/a:sun:jre:1.4.2_11 cpe:/a:sun:jre:1.6.0:update_3 cpe:/a:sun:jdk:1.6.0:update_3 cpe:/a:sun:jre:1.6.0:update_2 cpe:/a:sun:jre:1.5.0:update4 cpe:/a:sun:jdk:1.6.0:update_15 cpe:/a:sun:jre:1.5.0:update2 cpe:/a:sun:jre:1.5.0:update5 cpe:/a:sun:jre:1.5.0:update7 cpe:/a:sun:jre:1.4.2_1 cpe:/a:sun:sdk:1.4.2_11 cpe:/a:sun:jre:1.4.2_20 cpe:/a:sun:jdk:1.6.0:update_12 cpe:/a:sun:jre:1.4.2:update1 cpe:/a:sun:jdk:1.5.0:update14 cpe:/a:sun:jre:1.5.0:update23 cpe:/a:sun:sdk:1.4.2_4 cpe:/a:sun:sdk:1.4.2_10 cpe:/a:sun:sdk:1.4.2_25 cpe:/a:sun:jdk:1.6.0:update_18 cpe:/a:sun:jdk:1.6.0:update_4 cpe:/a:sun:jre:1.4.2_24 cpe:/a:sun:sdk:1.4.2 cpe:/a:sun:sdk:1.4.2_19 cpe:/a:sun:jdk:1.6.0:update1_b06 cpe:/a:sun:jdk:1.6.0:update1 cpe:/a:sun:jre:1.6.0:update_14 cpe:/a:sun:jdk:1.6.0:update2 cpe:/a:sun:jdk:1.5.0:update3 cpe:/a:sun:jre:1.4.2_22 cpe:/a:sun:sdk:1.4.2_18 cpe:/a:sun:jdk:1.6.0:update_14 cpe:/a:sun:jre:1.4.2:update2 cpe:/a:sun:sdk:1.4.2_12 cpe:/a:sun:jre:1.4.2_14 cpe:/a:sun:sdk:1.4.2_02 cpe:/a:sun:jdk:1.5.0:update16 cpe:/a:sun:sdk:1.4.2_24 cpe:/a:sun:jdk:1.6.0:update_10 cpe:/a:sun:jre:1.6.0:update_11 cpe:/a:sun:jre:1.5.0:update6 cpe:/a:sun:jdk:1.6.0:update_7 cpe:/a:sun:jdk:1.6.0:update_17 cpe:/a:sun:jdk:1.5.0:update17 cpe:/a:sun:jre:1.4.2_21 cpe:/a:sun:jdk:1.5.0:update19 cpe:/a:sun:jre:1.5.0:update13 cpe:/a:sun:jdk:1.5.0:update21 cpe:/a:sun:jre:1.4.2:update8 cpe:/a:sun:sdk:1.4.2_16 cpe:/a:sun:jre:1.5.0:update14 cpe:/a:sun:jdk:1.5.0:update23 cpe:/a:sun:sdk:1.4.2_17 cpe:/a:sun:jdk:1.6.0:update_13 cpe:/a:sun:sdk:1.4.2_23 cpe:/a:sun:jre:1.5.0 cpe:/a:sun:jre:1.4.2_16 cpe:/a:sun:jre:1.6.0 cpe:/a:sun:jre:1.5.0:update8 cpe:/a:sun:jre:1.6.0:update_7 cpe:/a:sun:jre:1.6.0:update_17 cpe:/a:sun:jre:1.4.2_10 cpe:/a:sun:jdk:1.6.0:update_16 cpe:/a:sun:jre:1.4.2_15 cpe:/a:sun:jre:1.4.2 cpe:/a:sun:jre:1.6.0:update_12 cpe:/a:sun:sdk:1.4.2_6 cpe:/a:sun:jre:1.6.0:update_15 cpe:/a:sun:sdk:1.4.2_22 cpe:/a:sun:jdk:1.6.0:update_11 cpe:/a:sun:jre:1.4.2:update7 cpe:/a:sun:jre:1.5.0:update19 cpe:/a:sun:jdk:1.5.0 cpe:/a:sun:jdk:1.5.0:update13 cpe:/a:sun:jre:1.4.2_12 cpe:/a:sun:jre:1.4.2_17 cpe:/a:sun:jdk:1.5.0:update1 cpe:/a:sun:jre:1.6.0:update_5 cpe:/a:sun:sdk:1.4.2_7 cpe:/a:sun:jre:1.4.2_13 cpe:/a:sun:jre:1.4.2:update6 cpe:/a:sun:sdk:1.4.2_20 CVE-2010-0084 2010-04-01T12:30:00.437-04:00 2012-10-22T23:17:07.070-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2010-04-02T08:16:00.000-04:00 VUPEN ADV-2010-1793 VUPEN ADV-2010-1454 VUPEN ADV-2010-1191 VUPEN ADV-2010-1107 CONFIRM http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html CONFIRM http://www.vmware.com/security/advisories/VMSA-2011-0003.html BUGTRAQ 20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX REDHAT RHSA-2010:0471 REDHAT RHSA-2010:0383 REDHAT RHSA-2010:0339 REDHAT RHSA-2010:0338 REDHAT RHSA-2010:0337 CONFIRM http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html CONFIRM http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html MANDRIVA MDVSA-2010:084 UBUNTU USN-923-1 CONFIRM http://support.apple.com/kb/HT4171 CONFIRM http://support.apple.com/kb/HT4170 SECUNIA 43308 SECUNIA 40545 SECUNIA 39819 SECUNIA 39659 SECUNIA 39317 SECUNIA 39292 OSVDB 63482 SUSE SUSE-SR:2010:017 SUSE SUSE-SR:2010:011 SUSE SUSE-SR:2010:008 APPLE APPLE-SA-2010-05-18-2 APPLE APPLE-SA-2010-05-18-1 HP HPSBMA02547 HP HPSBMA02547 Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality via unknown vectors. cpe:/a:sun:jre:1.3.0:update5 cpe:/a:sun:sdk:1.3.1_14 cpe:/a:sun:sdk:1.3.0_02 cpe:/a:sun:jdk:1.5.0:update10 cpe:/a:sun:jre:1.5.0:update17 cpe:/a:sun:jdk:1.6.0 cpe:/a:sun:jdk:1.5.0:update7 cpe:/a:sun:jdk:1.5.0:update6 cpe:/a:sun:jre:1.5.0:update15 cpe:/a:sun:jre:1.6.0:update_10 cpe:/a:sun:jdk:1.3.1_18 cpe:/a:sun:jre:1.5.0:update12 cpe:/a:sun:sdk:1.4.2_9 cpe:/a:sun:jre:1.3.1 cpe:/a:sun:jdk:1.5.0:update4 cpe:/a:sun:jre:1.4.2_25 cpe:/a:sun:jdk:1.3.1_04 cpe:/a:sun:sdk:1.3.0_05 cpe:/a:sun:jre:1.6.0:update_13 cpe:/a:sun:jdk:1.5.0:update15 cpe:/a:sun:jdk:1.5.0:update2 cpe:/a:sun:sdk:1.4.2_1 cpe:/a:sun:jdk:1.5.0:update12 cpe:/a:sun:jre:1.4.2_23 cpe:/a:sun:sdk:1.4.2_21 cpe:/a:sun:jdk:1.6.0:update_6 cpe:/a:sun:jre:1.6.0:update_1 cpe:/a:sun:jre:1.4.2:update9 cpe:/a:sun:sdk:1.3.1_11 cpe:/a:sun:jre:1.5.0:update11 cpe:/a:sun:jdk:1.5.0:update18 cpe:/a:sun:jdk:1.5.0:update11 cpe:/a:sun:jre:1.4.2:update5 cpe:/a:sun:jre:1.5.0:update18 cpe:/a:sun:sdk:1.4.2_13 cpe:/a:sun:jdk:1.6.0:update_5 cpe:/a:sun:sdk:1.4.2_5 cpe:/a:sun:jre:1.4.2_18 cpe:/a:sun:jre:1.3.1_03 cpe:/a:sun:jre:1.5.0:update1 cpe:/a:sun:jdk:1.3.1_03 cpe:/a:sun:jdk:1.3.1_12 cpe:/a:sun:jre:1.3.0:update4 cpe:/a:sun:jre:1.3.1_12 cpe:/a:sun:jre:1.4.2:update3 cpe:/a:sun:jre:1.5.0:update20 cpe:/a:sun:sdk:1.3.0 cpe:/a:sun:jdk:1.3.1_14 cpe:/a:sun:jre:1.3.1:update2 cpe:/a:sun:jre:1.4.2_11 cpe:/a:sun:jre:1.6.0:update_3 cpe:/a:sun:jre:1.5.0:update4 cpe:/a:sun:jdk:1.3.0_02 cpe:/a:sun:jre:1.3.1_06 cpe:/a:sun:jre:1.5.0:update5 cpe:/a:sun:jre:1.4.2_1 cpe:/a:sun:sdk:1.4.2_11 cpe:/a:sun:jdk:1.6.0:update_12 cpe:/a:sun:sdk:1.3.1_04 cpe:/a:sun:jre:1.4.2:update1 cpe:/a:sun:jdk:1.5.0:update14 cpe:/a:sun:jre:1.5.0:update23 cpe:/a:sun:jre:1.3.1_14 cpe:/a:sun:sdk:1.4.2_4 cpe:/a:sun:sdk:1.3.1_19 cpe:/a:sun:jdk:1.3.0_01 cpe:/a:sun:sdk:1.4.2_25 cpe:/a:sun:jre:1.3.1_07 cpe:/a:sun:sdk:1.4.2 cpe:/a:sun:jre:1.3.1_08 cpe:/a:sun:jdk:1.6.0:update1_b06 cpe:/a:sun:jre:1.6.0:update_14 cpe:/a:sun:jdk:1.6.0:update2 cpe:/a:sun:jre:1.4.2_22 cpe:/a:sun:sdk:1.3.1_27 cpe:/a:sun:jdk:1.3.1_13 cpe:/a:sun:jre:1.4.2:update2 cpe:/a:sun:jre:1.3.1_27 cpe:/a:sun:sdk:1.4.2_12 cpe:/a:sun:sdk:1.3.0_01 cpe:/a:sun:jre:1.4.2_14 cpe:/a:sun:jre:1.3.1_11 cpe:/a:sun:sdk:1.4.2_02 cpe:/a:sun:jdk:1.5.0:update16 cpe:/a:sun:jre:1.3.1_24 cpe:/a:sun:jre:1.3.1_20 cpe:/a:sun:jre:1.6.0:update_11 cpe:/a:sun:jdk:1.6.0:update_10 cpe:/a:sun:jdk:1.3.1_10 cpe:/a:sun:jdk:1.3.0_05 cpe:/a:sun:jdk:1.6.0:update_7 cpe:/a:sun:sdk:1.3.1_01a cpe:/a:sun:jre:1.5.0:update13 cpe:/a:sun:jdk:1.5.0:update21 cpe:/a:sun:sdk:1.3.1_17 cpe:/a:sun:sdk:1.4.2_16 cpe:/a:sun:jdk:1.5.0:update23 cpe:/a:sun:jdk:1.6.0:update_13 cpe:/a:sun:jre:1.5.0 cpe:/a:sun:jdk:1.3.1_05 cpe:/a:sun:jdk:1.3.1_11 cpe:/a:sun:jre:1.3.1_13 cpe:/a:sun:jre:1.3.1_10 cpe:/a:sun:jre:1.4.2_16 cpe:/a:sun:jre:1.6.0 cpe:/a:sun:jre:1.6.0:update_17 cpe:/a:sun:jre:1.6.0:update_7 cpe:/a:sun:jre:1.4.2_10 cpe:/a:sun:jdk:1.3.0_04 cpe:/a:sun:jdk:1.3.1_02 cpe:/a:sun:jre:1.4.2_15 cpe:/a:sun:jre:1.3.0 cpe:/a:sun:jre:1.6.0:update_12 cpe:/a:sun:jre:1.4.2 cpe:/a:sun:sdk:1.4.2_6 cpe:/a:sun:jre:1.3.0:update1 cpe:/a:sun:sdk:1.3.1_08 cpe:/a:sun:jre:1.6.0:update_15 cpe:/a:sun:sdk:1.3.1_01 cpe:/a:sun:sdk:1.4.2_22 cpe:/a:sun:sdk:1.3.1_23 cpe:/a:sun:jdk:1.3.0_03 cpe:/a:sun:sdk:1.3.0_04 cpe:/a:sun:sdk:1.3.1_05 cpe:/a:sun:jdk:1.6.0:update_11 cpe:/a:sun:jre:1.4.2:update7 cpe:/a:sun:jre:1.3.1_09 cpe:/a:sun:jdk:1.3.1_27 cpe:/a:sun:sdk:1.3.1_10 cpe:/a:sun:jdk:1.5.0:update13 cpe:/a:sun:jdk:1.5.0:update1 cpe:/a:sun:jre:1.4.2:update6 cpe:/a:sun:jre:1.5.0:update16 cpe:/a:sun:jre:1.6.0:update_4 cpe:/a:sun:jdk:1.5.0:update5 cpe:/a:sun:sdk:1.3.1_16 cpe:/a:sun:sdk:1.4.2_8 cpe:/a:sun:jre:1.6.0:update_16 cpe:/a:sun:sdk:1.3.1_25 cpe:/a:sun:sdk:1.4.2_14 cpe:/a:sun:jre:1.4.2_19 cpe:/a:sun:jre:1.3.1_15 cpe:/a:sun:sdk:1.3.1 cpe:/a:sun:jre:1.6.0:update_18 cpe:/a:sun:jre:1.5.0:update10 cpe:/a:sun:sdk:1.3.1_02 cpe:/a:sun:jdk:1.5.0:update9 cpe:/a:sun:jre:1.6.0:update_6 cpe:/a:sun:sdk:1.4.2_15 cpe:/a:sun:jre:1.4.2:update4 cpe:/a:sun:jre:1.3.1_18 cpe:/a:sun:sdk:1.3.1_21 cpe:/a:sun:jdk:1.5.0:update8 cpe:/a:sun:sdk:1.3.1_06 cpe:/a:sun:sdk:1.3.1_24 cpe:/a:sun:sdk:1.4.2_3 cpe:/a:sun:jdk:1.3.1_21 cpe:/a:sun:jdk:1.5.0:update20 cpe:/a:sun:jdk:1.3.1_24 cpe:/a:sun:jdk:1.3.1_07 cpe:/a:sun:jre:1.3.1_22 cpe:/a:sun:jre:1.3.1_21 cpe:/a:sun:jre:1.5.0:update9 cpe:/a:sun:jre:1.5.0:update21 cpe:/a:sun:jre:1.3.1_26 cpe:/a:sun:sdk:1.3.1_26 cpe:/a:sun:jre:1.5.0:update3 cpe:/a:sun:jdk:1.6.0:update_3 cpe:/a:sun:jdk:1.3.1_06 cpe:/a:sun:jdk:1.3.1_25 cpe:/a:sun:jre:1.6.0:update_2 cpe:/a:sun:jdk:1.6.0:update_15 cpe:/a:sun:jre:1.5.0:update2 cpe:/a:sun:jre:1.5.0:update7 cpe:/a:sun:jre:1.4.2_20 cpe:/a:sun:jre:1.3.0:update3 cpe:/a:sun:jdk:1.3.1_15 cpe:/a:sun:jre:1.3.0:update2 cpe:/a:sun:jre:1.3.1_2 cpe:/a:sun:sdk:1.4.2_10 cpe:/a:sun:jdk:1.6.0:update_4 cpe:/a:sun:jdk:1.6.0:update_18 cpe:/a:sun:jre:1.3.1_25 cpe:/a:sun:jre:1.4.2_24 cpe:/a:sun:sdk:1.4.2_19 cpe:/a:sun:jdk:1.6.0:update1 cpe:/a:sun:jre:1.3.1_19 cpe:/a:sun:jdk:1.3.1_08 cpe:/a:sun:jdk:1.5.0:update3 cpe:/a:sun:jdk:1.3.0 cpe:/a:sun:sdk:1.4.2_18 cpe:/a:sun:jdk:1.6.0:update_14 cpe:/a:sun:sdk:1.4.2_24 cpe:/a:sun:jdk:1.3.1_19 cpe:/a:sun:jre:1.3.1_16 cpe:/a:sun:jre:1.5.0:update6 cpe:/a:sun:jdk:1.6.0:update_17 cpe:/a:sun:jdk:1.3.1_20 cpe:/a:sun:jdk:1.5.0:update17 cpe:/a:sun:jre:1.4.2_21 cpe:/a:sun:jdk:1.5.0:update19 cpe:/a:sun:sdk:1.3.1_07 cpe:/a:sun:sdk:1.3.1_20 cpe:/a:sun:jre:1.4.2:update8 cpe:/a:sun:jre:1.3.1_23 cpe:/a:sun:jre:1.5.0:update14 cpe:/a:sun:sdk:1.4.2_17 cpe:/a:sun:jdk:1.3.1_26 cpe:/a:sun:jdk:1.3.1 cpe:/a:sun:sdk:1.4.2_23 cpe:/a:sun:sdk:1.3.0_03 cpe:/a:sun:jre:1.3.1_05 cpe:/a:sun:jdk:1.3.1_22 cpe:/a:sun:jre:1.5.0:update8 cpe:/a:sun:jdk:1.3.1_16 cpe:/a:sun:sdk:1.3.1_13 cpe:/a:sun:jdk:1.6.0:update_16 cpe:/a:sun:jdk:1.3.1_01 cpe:/a:sun:sdk:1.3.1_18 cpe:/a:sun:sdk:1.3.1_09 cpe:/a:sun:jdk:1.3.1_17 cpe:/a:sun:jdk:1.3.1_01a cpe:/a:sun:jdk:1.3.1_23 cpe:/a:sun:sdk:1.3.1_22 cpe:/a:sun:sdk:1.3.1_12 cpe:/a:sun:jre:1.3.1_17 cpe:/a:sun:jre:1.3.1:update1 cpe:/a:sun:jre:1.5.0:update19 cpe:/a:sun:sdk:1.3.1_15 cpe:/a:sun:jdk:1.5.0 cpe:/a:sun:jre:1.3.1_04 cpe:/a:sun:jre:1.4.2_12 cpe:/a:sun:sdk:1.3.1_03 cpe:/a:sun:jre:1.4.2_17 cpe:/a:sun:jdk:1.3.1_09 cpe:/a:sun:sdk:1.4.2_7 cpe:/a:sun:jre:1.6.0:update_5 cpe:/a:sun:jre:1.4.2_13 cpe:/a:sun:sdk:1.4.2_20 CVE-2010-0085 2010-04-01T12:30:00.530-04:00 2012-10-22T23:17:07.337-04:00 5.1 NETWORK HIGH NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2010-04-02T10:14:00.000-04:00 VUPEN ADV-2010-1793 VUPEN ADV-2010-1454 VUPEN ADV-2010-1191 VUPEN ADV-2010-1107 CONFIRM http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html CONFIRM http://www.vmware.com/security/advisories/VMSA-2011-0003.html BUGTRAQ 20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX REDHAT RHSA-2010:0471 REDHAT RHSA-2010:0383 REDHAT RHSA-2010:0339 REDHAT RHSA-2010:0338 REDHAT RHSA-2010:0337 CONFIRM http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html CONFIRM http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html MANDRIVA MDVSA-2010:084 UBUNTU USN-923-1 CONFIRM http://support.apple.com/kb/HT4171 CONFIRM http://support.apple.com/kb/HT4170 SECUNIA 43308 SECUNIA 40545 SECUNIA 39819 SECUNIA 39659 SECUNIA 39317 SECUNIA 39292 SUSE SUSE-SR:2010:017 SUSE SUSE-SR:2010:011 SUSE SUSE-SR:2010:008 APPLE APPLE-SA-2010-05-18-2 APPLE APPLE-SA-2010-05-18-1 HP HPSBMA02547 HP HPSBMA02547 Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. cpe:/a:oracle:fusion_middleware:10.1.2.3 CVE-2010-0086 2010-04-13T18:30:00.337-04:00 2012-10-22T23:17:07.507-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2010-04-14T10:19:00.000-04:00 CERT TA10-103B SECTRACK 1023869 CONFIRM http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html SECUNIA 39439 Unspecified vulnerability in the Portal component in Oracle Fusion Middleware 10.1.2.3 allows remote attackers to affect integrity via unknown vectors. cpe:/a:sun:jre:1.3.0:update5 cpe:/a:sun:sdk:1.3.1_14 cpe:/a:sun:sdk:1.3.0_02 cpe:/a:sun:jdk:1.5.0:update10 cpe:/a:sun:jre:1.5.0:update17 cpe:/a:sun:jdk:1.6.0 cpe:/a:sun:jdk:1.5.0:update7 cpe:/a:sun:jdk:1.5.0:update6 cpe:/a:sun:jre:1.5.0:update15 cpe:/a:sun:jre:1.6.0:update_10 cpe:/a:sun:jdk:1.3.1_18 cpe:/a:sun:jre:1.5.0:update12 cpe:/a:sun:sdk:1.4.2_9 cpe:/a:sun:jre:1.3.1 cpe:/a:sun:jdk:1.5.0:update4 cpe:/a:sun:jre:1.4.2_25 cpe:/a:sun:jdk:1.3.1_04 cpe:/a:sun:sdk:1.3.0_05 cpe:/a:sun:jre:1.6.0:update_13 cpe:/a:sun:jdk:1.5.0:update15 cpe:/a:sun:jdk:1.5.0:update2 cpe:/a:sun:sdk:1.4.2_1 cpe:/a:sun:jdk:1.5.0:update12 cpe:/a:sun:jre:1.4.2_23 cpe:/a:sun:sdk:1.4.2_21 cpe:/a:sun:jdk:1.6.0:update_6 cpe:/a:sun:jre:1.6.0:update_1 cpe:/a:sun:jre:1.4.2:update9 cpe:/a:sun:sdk:1.3.1_11 cpe:/a:sun:jre:1.5.0:update11 cpe:/a:sun:jdk:1.5.0:update18 cpe:/a:sun:jdk:1.5.0:update11 cpe:/a:sun:jre:1.4.2:update5 cpe:/a:sun:jre:1.5.0:update18 cpe:/a:sun:sdk:1.4.2_13 cpe:/a:sun:jdk:1.6.0:update_5 cpe:/a:sun:sdk:1.4.2_5 cpe:/a:sun:jre:1.4.2_18 cpe:/a:sun:jre:1.3.1_03 cpe:/a:sun:jre:1.5.0:update1 cpe:/a:sun:jdk:1.3.1_03 cpe:/a:sun:jdk:1.3.1_12 cpe:/a:sun:jre:1.3.0:update4 cpe:/a:sun:jre:1.3.1_12 cpe:/a:sun:jre:1.4.2:update3 cpe:/a:sun:jre:1.5.0:update20 cpe:/a:sun:sdk:1.3.0 cpe:/a:sun:jdk:1.3.1_14 cpe:/a:sun:jre:1.3.1:update2 cpe:/a:sun:jre:1.4.2_11 cpe:/a:sun:jre:1.6.0:update_3 cpe:/a:sun:jre:1.5.0:update4 cpe:/a:sun:jdk:1.3.0_02 cpe:/a:sun:jre:1.3.1_06 cpe:/a:sun:jre:1.5.0:update5 cpe:/a:sun:jre:1.4.2_1 cpe:/a:sun:sdk:1.4.2_11 cpe:/a:sun:jdk:1.6.0:update_12 cpe:/a:sun:sdk:1.3.1_04 cpe:/a:sun:jre:1.4.2:update1 cpe:/a:sun:jdk:1.5.0:update14 cpe:/a:sun:jre:1.5.0:update23 cpe:/a:sun:jre:1.3.1_14 cpe:/a:sun:sdk:1.4.2_4 cpe:/a:sun:sdk:1.3.1_19 cpe:/a:sun:jdk:1.3.0_01 cpe:/a:sun:sdk:1.4.2_25 cpe:/a:sun:jre:1.3.1_07 cpe:/a:sun:sdk:1.4.2 cpe:/a:sun:jre:1.3.1_08 cpe:/a:sun:jdk:1.6.0:update1_b06 cpe:/a:sun:jre:1.6.0:update_14 cpe:/a:sun:jdk:1.6.0:update2 cpe:/a:sun:jre:1.4.2_22 cpe:/a:sun:sdk:1.3.1_27 cpe:/a:sun:jdk:1.3.1_13 cpe:/a:sun:jre:1.4.2:update2 cpe:/a:sun:jre:1.3.1_27 cpe:/a:sun:sdk:1.4.2_12 cpe:/a:sun:sdk:1.3.0_01 cpe:/a:sun:jre:1.4.2_14 cpe:/a:sun:jre:1.3.1_11 cpe:/a:sun:sdk:1.4.2_02 cpe:/a:sun:jdk:1.5.0:update16 cpe:/a:sun:jre:1.3.1_24 cpe:/a:sun:jre:1.3.1_20 cpe:/a:sun:jre:1.6.0:update_11 cpe:/a:sun:jdk:1.6.0:update_10 cpe:/a:sun:jdk:1.3.1_10 cpe:/a:sun:jdk:1.3.0_05 cpe:/a:sun:jdk:1.6.0:update_7 cpe:/a:sun:sdk:1.3.1_01a cpe:/a:sun:jre:1.5.0:update13 cpe:/a:sun:jdk:1.5.0:update21 cpe:/a:sun:sdk:1.3.1_17 cpe:/a:sun:sdk:1.4.2_16 cpe:/a:sun:jdk:1.5.0:update23 cpe:/a:sun:jdk:1.6.0:update_13 cpe:/a:sun:jre:1.5.0 cpe:/a:sun:jdk:1.3.1_05 cpe:/a:sun:jdk:1.3.1_11 cpe:/a:sun:jre:1.3.1_13 cpe:/a:sun:jre:1.3.1_10 cpe:/a:sun:jre:1.4.2_16 cpe:/a:sun:jre:1.6.0 cpe:/a:sun:jre:1.6.0:update_17 cpe:/a:sun:jre:1.6.0:update_7 cpe:/a:sun:jre:1.4.2_10 cpe:/a:sun:jdk:1.3.0_04 cpe:/a:sun:jdk:1.3.1_02 cpe:/a:sun:jre:1.4.2_15 cpe:/a:sun:jre:1.3.0 cpe:/a:sun:jre:1.6.0:update_12 cpe:/a:sun:jre:1.4.2 cpe:/a:sun:sdk:1.4.2_6 cpe:/a:sun:jre:1.3.0:update1 cpe:/a:sun:sdk:1.3.1_08 cpe:/a:sun:jre:1.6.0:update_15 cpe:/a:sun:sdk:1.3.1_01 cpe:/a:sun:sdk:1.4.2_22 cpe:/a:sun:sdk:1.3.1_23 cpe:/a:sun:jdk:1.3.0_03 cpe:/a:sun:sdk:1.3.0_04 cpe:/a:sun:sdk:1.3.1_05 cpe:/a:sun:jdk:1.6.0:update_11 cpe:/a:sun:jre:1.4.2:update7 cpe:/a:sun:jre:1.3.1_09 cpe:/a:sun:jdk:1.3.1_27 cpe:/a:sun:sdk:1.3.1_10 cpe:/a:sun:jdk:1.5.0:update13 cpe:/a:sun:jdk:1.5.0:update1 cpe:/a:sun:jre:1.4.2:update6 cpe:/a:sun:jre:1.5.0:update16 cpe:/a:sun:jre:1.6.0:update_4 cpe:/a:sun:jdk:1.5.0:update5 cpe:/a:sun:sdk:1.3.1_16 cpe:/a:sun:sdk:1.4.2_8 cpe:/a:sun:jre:1.6.0:update_16 cpe:/a:sun:sdk:1.3.1_25 cpe:/a:sun:sdk:1.4.2_14 cpe:/a:sun:jre:1.4.2_19 cpe:/a:sun:jre:1.3.1_15 cpe:/a:sun:sdk:1.3.1 cpe:/a:sun:jre:1.6.0:update_18 cpe:/a:sun:jre:1.5.0:update10 cpe:/a:sun:sdk:1.3.1_02 cpe:/a:sun:jdk:1.5.0:update9 cpe:/a:sun:jre:1.6.0:update_6 cpe:/a:sun:sdk:1.4.2_15 cpe:/a:sun:jre:1.4.2:update4 cpe:/a:sun:jre:1.3.1_18 cpe:/a:sun:sdk:1.3.1_21 cpe:/a:sun:jdk:1.5.0:update8 cpe:/a:sun:sdk:1.3.1_06 cpe:/a:sun:sdk:1.3.1_24 cpe:/a:sun:sdk:1.4.2_3 cpe:/a:sun:jdk:1.3.1_21 cpe:/a:sun:jdk:1.5.0:update20 cpe:/a:sun:jdk:1.3.1_24 cpe:/a:sun:jdk:1.3.1_07 cpe:/a:sun:jre:1.3.1_22 cpe:/a:sun:jre:1.3.1_21 cpe:/a:sun:jre:1.5.0:update9 cpe:/a:sun:jre:1.5.0:update21 cpe:/a:sun:jre:1.3.1_26 cpe:/a:sun:sdk:1.3.1_26 cpe:/a:sun:jre:1.5.0:update3 cpe:/a:sun:jdk:1.6.0:update_3 cpe:/a:sun:jdk:1.3.1_06 cpe:/a:sun:jdk:1.3.1_25 cpe:/a:sun:jre:1.6.0:update_2 cpe:/a:sun:jdk:1.6.0:update_15 cpe:/a:sun:jre:1.5.0:update2 cpe:/a:sun:jre:1.5.0:update7 cpe:/a:sun:jre:1.4.2_20 cpe:/a:sun:jre:1.3.0:update3 cpe:/a:sun:jdk:1.3.1_15 cpe:/a:sun:jre:1.3.0:update2 cpe:/a:sun:jre:1.3.1_2 cpe:/a:sun:sdk:1.4.2_10 cpe:/a:sun:jdk:1.6.0:update_4 cpe:/a:sun:jdk:1.6.0:update_18 cpe:/a:sun:jre:1.3.1_25 cpe:/a:sun:jre:1.4.2_24 cpe:/a:sun:sdk:1.4.2_19 cpe:/a:sun:jdk:1.6.0:update1 cpe:/a:sun:jre:1.3.1_19 cpe:/a:sun:jdk:1.3.1_08 cpe:/a:sun:jdk:1.5.0:update3 cpe:/a:sun:jdk:1.3.0 cpe:/a:sun:sdk:1.4.2_18 cpe:/a:sun:jdk:1.6.0:update_14 cpe:/a:sun:sdk:1.4.2_24 cpe:/a:sun:jdk:1.3.1_19 cpe:/a:sun:jre:1.3.1_16 cpe:/a:sun:jre:1.5.0:update6 cpe:/a:sun:jdk:1.6.0:update_17 cpe:/a:sun:jdk:1.3.1_20 cpe:/a:sun:jdk:1.5.0:update17 cpe:/a:sun:jre:1.4.2_21 cpe:/a:sun:jdk:1.5.0:update19 cpe:/a:sun:sdk:1.3.1_07 cpe:/a:sun:sdk:1.3.1_20 cpe:/a:sun:jre:1.4.2:update8 cpe:/a:sun:jre:1.3.1_23 cpe:/a:sun:jre:1.5.0:update14 cpe:/a:sun:sdk:1.4.2_17 cpe:/a:sun:jdk:1.3.1_26 cpe:/a:sun:jdk:1.3.1 cpe:/a:sun:sdk:1.4.2_23 cpe:/a:sun:sdk:1.3.0_03 cpe:/a:sun:jre:1.3.1_05 cpe:/a:sun:jdk:1.3.1_22 cpe:/a:sun:jre:1.5.0:update8 cpe:/a:sun:jdk:1.3.1_16 cpe:/a:sun:sdk:1.3.1_13 cpe:/a:sun:jdk:1.6.0:update_16 cpe:/a:sun:jdk:1.3.1_01 cpe:/a:sun:sdk:1.3.1_18 cpe:/a:sun:sdk:1.3.1_09 cpe:/a:sun:jdk:1.3.1_17 cpe:/a:sun:jdk:1.3.1_01a cpe:/a:sun:jdk:1.3.1_23 cpe:/a:sun:sdk:1.3.1_22 cpe:/a:sun:sdk:1.3.1_12 cpe:/a:sun:jre:1.3.1_17 cpe:/a:sun:jre:1.3.1:update1 cpe:/a:sun:jre:1.5.0:update19 cpe:/a:sun:sdk:1.3.1_15 cpe:/a:sun:jdk:1.5.0 cpe:/a:sun:jre:1.3.1_04 cpe:/a:sun:jre:1.4.2_12 cpe:/a:sun:sdk:1.3.1_03 cpe:/a:sun:jre:1.4.2_17 cpe:/a:sun:jdk:1.3.1_09 cpe:/a:sun:sdk:1.4.2_7 cpe:/a:sun:jre:1.6.0:update_5 cpe:/a:sun:jre:1.4.2_13 cpe:/a:sun:sdk:1.4.2_20 CVE-2010-0087 2010-04-01T12:30:00.563-04:00 2012-10-22T23:17:07.680-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2010-04-02T10:24:00.000-04:00 VUPEN ADV-2010-1793 VUPEN ADV-2010-1454 VUPEN ADV-2010-1191 CONFIRM http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html CONFIRM http://www.vmware.com/security/advisories/VMSA-2011-0003.html BUGTRAQ 20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX REDHAT RHSA-2010:0471 REDHAT RHSA-2010:0383 REDHAT RHSA-2010:0338 REDHAT RHSA-2010:0337 CONFIRM http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html CONFIRM http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html CONFIRM http://support.apple.com/kb/HT4171 CONFIRM http://support.apple.com/kb/HT4170 SECUNIA 43308 SECUNIA 40545 SECUNIA 39819 SECUNIA 39659 SECUNIA 39317 SUSE SUSE-SR:2010:017 SUSE SUSE-SR:2010:008 APPLE APPLE-SA-2010-05-18-2 APPLE APPLE-SA-2010-05-18-1 HP SSRT100179 HP SSRT100179 Unspecified vulnerability in the Java Web Start, Java Plug-in component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. cpe:/a:sun:jre:1.3.0:update5 cpe:/a:sun:sdk:1.3.1_14 cpe:/a:sun:sdk:1.3.0_02 cpe:/a:sun:jdk:1.5.0:update10 cpe:/a:sun:jre:1.5.0:update17 cpe:/a:sun:jdk:1.6.0 cpe:/a:sun:jdk:1.5.0:update7 cpe:/a:sun:jdk:1.5.0:update6 cpe:/a:sun:jre:1.5.0:update15 cpe:/a:sun:jre:1.6.0:update_10 cpe:/a:sun:jdk:1.3.1_18 cpe:/a:sun:jre:1.5.0:update12 cpe:/a:sun:sdk:1.4.2_9 cpe:/a:sun:jre:1.3.1 cpe:/a:sun:jdk:1.5.0:update4 cpe:/a:sun:jre:1.4.2_25 cpe:/a:sun:jdk:1.3.1_04 cpe:/a:sun:sdk:1.3.0_05 cpe:/a:sun:jre:1.6.0:update_13 cpe:/a:sun:jdk:1.5.0:update15 cpe:/a:sun:jdk:1.5.0:update2 cpe:/a:sun:sdk:1.4.2_1 cpe:/a:sun:jdk:1.5.0:update12 cpe:/a:sun:jre:1.4.2_23 cpe:/a:sun:sdk:1.4.2_21 cpe:/a:sun:jdk:1.6.0:update_6 cpe:/a:sun:jre:1.6.0:update_1 cpe:/a:sun:jre:1.4.2:update9 cpe:/a:sun:sdk:1.3.1_11 cpe:/a:sun:jre:1.5.0:update11 cpe:/a:sun:jdk:1.5.0:update18 cpe:/a:sun:jdk:1.5.0:update11 cpe:/a:sun:jre:1.4.2:update5 cpe:/a:sun:jre:1.5.0:update18 cpe:/a:sun:sdk:1.4.2_13 cpe:/a:sun:jdk:1.6.0:update_5 cpe:/a:sun:sdk:1.4.2_5 cpe:/a:sun:jre:1.4.2_18 cpe:/a:sun:jre:1.3.1_03 cpe:/a:sun:jre:1.5.0:update1 cpe:/a:sun:jdk:1.3.1_03 cpe:/a:sun:jdk:1.3.1_12 cpe:/a:sun:jre:1.3.0:update4 cpe:/a:sun:jre:1.3.1_12 cpe:/a:sun:jre:1.4.2:update3 cpe:/a:sun:jre:1.5.0:update20 cpe:/a:sun:sdk:1.3.0 cpe:/a:sun:jdk:1.3.1_14 cpe:/a:sun:jre:1.3.1:update2 cpe:/a:sun:jre:1.4.2_11 cpe:/a:sun:jre:1.6.0:update_3 cpe:/a:sun:jre:1.5.0:update4 cpe:/a:sun:jdk:1.3.0_02 cpe:/a:sun:jre:1.3.1_06 cpe:/a:sun:jre:1.5.0:update5 cpe:/a:sun:jre:1.4.2_1 cpe:/a:sun:sdk:1.4.2_11 cpe:/a:sun:jdk:1.6.0:update_12 cpe:/a:sun:sdk:1.3.1_04 cpe:/a:sun:jre:1.4.2:update1 cpe:/a:sun:jdk:1.5.0:update14 cpe:/a:sun:jre:1.5.0:update23 cpe:/a:sun:jre:1.3.1_14 cpe:/a:sun:sdk:1.4.2_4 cpe:/a:sun:sdk:1.3.1_19 cpe:/a:sun:jdk:1.3.0_01 cpe:/a:sun:sdk:1.4.2_25 cpe:/a:sun:jre:1.3.1_07 cpe:/a:sun:sdk:1.4.2 cpe:/a:sun:jre:1.3.1_08 cpe:/a:sun:jdk:1.6.0:update1_b06 cpe:/a:sun:jre:1.6.0:update_14 cpe:/a:sun:jdk:1.6.0:update2 cpe:/a:sun:jre:1.4.2_22 cpe:/a:sun:sdk:1.3.1_27 cpe:/a:sun:jdk:1.3.1_13 cpe:/a:sun:jre:1.4.2:update2 cpe:/a:sun:jre:1.3.1_27 cpe:/a:sun:sdk:1.4.2_12 cpe:/a:sun:sdk:1.3.0_01 cpe:/a:sun:jre:1.4.2_14 cpe:/a:sun:jre:1.3.1_11 cpe:/a:sun:sdk:1.4.2_02 cpe:/a:sun:jdk:1.5.0:update16 cpe:/a:sun:jre:1.3.1_24 cpe:/a:sun:jre:1.3.1_20 cpe:/a:sun:jre:1.6.0:update_11 cpe:/a:sun:jdk:1.6.0:update_10 cpe:/a:sun:jdk:1.3.1_10 cpe:/a:sun:jdk:1.3.0_05 cpe:/a:sun:jdk:1.6.0:update_7 cpe:/a:sun:sdk:1.3.1_01a cpe:/a:sun:jre:1.5.0:update13 cpe:/a:sun:jdk:1.5.0:update21 cpe:/a:sun:sdk:1.3.1_17 cpe:/a:sun:sdk:1.4.2_16 cpe:/a:sun:jdk:1.5.0:update23 cpe:/a:sun:jdk:1.6.0:update_13 cpe:/a:sun:jre:1.5.0 cpe:/a:sun:jdk:1.3.1_05 cpe:/a:sun:jdk:1.3.1_11 cpe:/a:sun:jre:1.3.1_13 cpe:/a:sun:jre:1.3.1_10 cpe:/a:sun:jre:1.4.2_16 cpe:/a:sun:jre:1.6.0 cpe:/a:sun:jre:1.6.0:update_17 cpe:/a:sun:jre:1.6.0:update_7 cpe:/a:sun:jre:1.4.2_10 cpe:/a:sun:jdk:1.3.0_04 cpe:/a:sun:jdk:1.3.1_02 cpe:/a:sun:jre:1.4.2_15 cpe:/a:sun:jre:1.3.0 cpe:/a:sun:jre:1.6.0:update_12 cpe:/a:sun:jre:1.4.2 cpe:/a:sun:sdk:1.4.2_6 cpe:/a:sun:jre:1.3.0:update1 cpe:/a:sun:sdk:1.3.1_08 cpe:/a:sun:jre:1.6.0:update_15 cpe:/a:sun:sdk:1.3.1_01 cpe:/a:sun:sdk:1.4.2_22 cpe:/a:sun:sdk:1.3.1_23 cpe:/a:sun:jdk:1.3.0_03 cpe:/a:sun:sdk:1.3.0_04 cpe:/a:sun:sdk:1.3.1_05 cpe:/a:sun:jdk:1.6.0:update_11 cpe:/a:sun:jre:1.4.2:update7 cpe:/a:sun:jre:1.3.1_09 cpe:/a:sun:jdk:1.3.1_27 cpe:/a:sun:sdk:1.3.1_10 cpe:/a:sun:jdk:1.5.0:update13 cpe:/a:sun:jdk:1.5.0:update1 cpe:/a:sun:jre:1.4.2:update6 cpe:/a:sun:jre:1.5.0:update16 cpe:/a:sun:jre:1.6.0:update_4 cpe:/a:sun:jdk:1.5.0:update5 cpe:/a:sun:sdk:1.3.1_16 cpe:/a:sun:sdk:1.4.2_8 cpe:/a:sun:jre:1.6.0:update_16 cpe:/a:sun:sdk:1.3.1_25 cpe:/a:sun:sdk:1.4.2_14 cpe:/a:sun:jre:1.4.2_19 cpe:/a:sun:jre:1.3.1_15 cpe:/a:sun:sdk:1.3.1 cpe:/a:sun:jre:1.6.0:update_18 cpe:/a:sun:jre:1.5.0:update10 cpe:/a:sun:sdk:1.3.1_02 cpe:/a:sun:jdk:1.5.0:update9 cpe:/a:sun:jre:1.6.0:update_6 cpe:/a:sun:sdk:1.4.2_15 cpe:/a:sun:jre:1.4.2:update4 cpe:/a:sun:jre:1.3.1_18 cpe:/a:sun:sdk:1.3.1_21 cpe:/a:sun:jdk:1.5.0:update8 cpe:/a:sun:sdk:1.3.1_06 cpe:/a:sun:sdk:1.3.1_24 cpe:/a:sun:sdk:1.4.2_3 cpe:/a:sun:jdk:1.3.1_21 cpe:/a:sun:jdk:1.5.0:update20 cpe:/a:sun:jdk:1.3.1_24 cpe:/a:sun:jdk:1.3.1_07 cpe:/a:sun:jre:1.3.1_22 cpe:/a:sun:jre:1.3.1_21 cpe:/a:sun:jre:1.5.0:update9 cpe:/a:sun:jre:1.5.0:update21 cpe:/a:sun:jre:1.3.1_26 cpe:/a:sun:sdk:1.3.1_26 cpe:/a:sun:jre:1.5.0:update3 cpe:/a:sun:jdk:1.6.0:update_3 cpe:/a:sun:jdk:1.3.1_06 cpe:/a:sun:jdk:1.3.1_25 cpe:/a:sun:jre:1.6.0:update_2 cpe:/a:sun:jdk:1.6.0:update_15 cpe:/a:sun:jre:1.5.0:update2 cpe:/a:sun:jre:1.5.0:update7 cpe:/a:sun:jre:1.4.2_20 cpe:/a:sun:jre:1.3.0:update3 cpe:/a:sun:jdk:1.3.1_15 cpe:/a:sun:jre:1.3.0:update2 cpe:/a:sun:jre:1.3.1_2 cpe:/a:sun:sdk:1.4.2_10 cpe:/a:sun:jdk:1.6.0:update_4 cpe:/a:sun:jdk:1.6.0:update_18 cpe:/a:sun:jre:1.3.1_25 cpe:/a:sun:jre:1.4.2_24 cpe:/a:sun:sdk:1.4.2_19 cpe:/a:sun:jdk:1.6.0:update1 cpe:/a:sun:jre:1.3.1_19 cpe:/a:sun:jdk:1.3.1_08 cpe:/a:sun:jdk:1.5.0:update3 cpe:/a:sun:jdk:1.3.0 cpe:/a:sun:sdk:1.4.2_18 cpe:/a:sun:jdk:1.6.0:update_14 cpe:/a:sun:sdk:1.4.2_24 cpe:/a:sun:jdk:1.3.1_19 cpe:/a:sun:jre:1.3.1_16 cpe:/a:sun:jre:1.5.0:update6 cpe:/a:sun:jdk:1.6.0:update_17 cpe:/a:sun:jdk:1.3.1_20 cpe:/a:sun:jdk:1.5.0:update17 cpe:/a:sun:jre:1.4.2_21 cpe:/a:sun:jdk:1.5.0:update19 cpe:/a:sun:sdk:1.3.1_07 cpe:/a:sun:sdk:1.3.1_20 cpe:/a:sun:jre:1.4.2:update8 cpe:/a:sun:jre:1.3.1_23 cpe:/a:sun:jre:1.5.0:update14 cpe:/a:sun:sdk:1.4.2_17 cpe:/a:sun:jdk:1.3.1_26 cpe:/a:sun:jdk:1.3.1 cpe:/a:sun:sdk:1.4.2_23 cpe:/a:sun:sdk:1.3.0_03 cpe:/a:sun:jre:1.3.1_05 cpe:/a:sun:jdk:1.3.1_22 cpe:/a:sun:jre:1.5.0:update8 cpe:/a:sun:jdk:1.3.1_16 cpe:/a:sun:sdk:1.3.1_13 cpe:/a:sun:jdk:1.6.0:update_16 cpe:/a:sun:jdk:1.3.1_01 cpe:/a:sun:sdk:1.3.1_18 cpe:/a:sun:sdk:1.3.1_09 cpe:/a:sun:jdk:1.3.1_17 cpe:/a:sun:jdk:1.3.1_01a cpe:/a:sun:jdk:1.3.1_23 cpe:/a:sun:sdk:1.3.1_22 cpe:/a:sun:sdk:1.3.1_12 cpe:/a:sun:jre:1.3.1_17 cpe:/a:sun:jre:1.3.1:update1 cpe:/a:sun:jre:1.5.0:update19 cpe:/a:sun:sdk:1.3.1_15 cpe:/a:sun:jdk:1.5.0 cpe:/a:sun:jre:1.3.1_04 cpe:/a:sun:jre:1.4.2_12 cpe:/a:sun:sdk:1.3.1_03 cpe:/a:sun:jre:1.4.2_17 cpe:/a:sun:jdk:1.3.1_09 cpe:/a:sun:sdk:1.4.2_7 cpe:/a:sun:jre:1.6.0:update_5 cpe:/a:sun:jre:1.4.2_13 cpe:/a:sun:sdk:1.4.2_20 CVE-2010-0088 2010-04-01T12:30:00.593-04:00 2012-10-22T23:17:07.897-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2010-04-02T10:32:00.000-04:00 VUPEN ADV-2010-1793 VUPEN ADV-2010-1454 VUPEN ADV-2010-1191 VUPEN ADV-2010-1107 CONFIRM http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html CONFIRM http://www.vmware.com/security/advisories/VMSA-2011-0003.html BUGTRAQ 20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX REDHAT RHSA-2010:0471 REDHAT RHSA-2010:0383 REDHAT RHSA-2010:0339 REDHAT RHSA-2010:0338 REDHAT RHSA-2010:0337 CONFIRM http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html CONFIRM http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html MANDRIVA MDVSA-2010:084 UBUNTU USN-923-1 CONFIRM http://support.apple.com/kb/HT4171 CONFIRM http://support.apple.com/kb/HT4170 SECUNIA 43308 SECUNIA 40545 SECUNIA 39819 SECUNIA 39659 SECUNIA 39317 SECUNIA 39292 SUSE SUSE-SR:2010:017 SUSE SUSE-SR:2010:011 SUSE SUSE-SR:2010:008 APPLE APPLE-SA-2010-05-18-2 APPLE APPLE-SA-2010-05-18-1 HP HPSBMA02547 HP HPSBMA02547 Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. cpe:/a:sun:jre:1.5.0:update16 cpe:/a:sun:jre:1.6.0:update_4 cpe:/a:sun:jre:1.5.0:update17 cpe:/a:sun:jdk:1.5.0:update10 cpe:/a:sun:jdk:1.5.0:update7 cpe:/a:sun:jdk:1.5.0:update5 cpe:/a:sun:jdk:1.6.0 cpe:/a:sun:jre:1.6.0:update_16 cpe:/a:sun:sdk:1.4.2_8 cpe:/a:sun:jdk:1.5.0:update6 cpe:/a:sun:jre:1.5.0:update15 cpe:/a:sun:jre:1.6.0:update_10 cpe:/a:sun:sdk:1.4.2_14 cpe:/a:sun:jre:1.5.0:update12 cpe:/a:sun:jre:1.4.2_19 cpe:/a:sun:jre:1.6.0:update_18 cpe:/a:sun:sdk:1.4.2_9 cpe:/a:sun:jre:1.5.0:update10 cpe:/a:sun:jre:1.4.2_25 cpe:/a:sun:jdk:1.5.0:update4 cpe:/a:sun:jre:1.6.0:update_13 cpe:/a:sun:jdk:1.5.0:update9 cpe:/a:sun:jre:1.6.0:update_6 cpe:/a:sun:jdk:1.5.0:update15 cpe:/a:sun:jdk:1.5.0:update2 cpe:/a:sun:sdk:1.4.2_15 cpe:/a:sun:jre:1.4.2:update4 cpe:/a:sun:sdk:1.4.2_1 cpe:/a:sun:jre:1.4.2_23 cpe:/a:sun:jdk:1.5.0:update12 cpe:/a:sun:sdk:1.4.2_21 cpe:/a:sun:jdk:1.5.0:update8 cpe:/a:sun:jdk:1.6.0:update_6 cpe:/a:sun:jre:1.6.0:update_1 cpe:/a:sun:jre:1.4.2:update9 cpe:/a:sun:jdk:1.5.0:update18 cpe:/a:sun:jre:1.5.0:update11 cpe:/a:sun:jre:1.4.2:update5 cpe:/a:sun:jdk:1.5.0:update11 cpe:/a:sun:jre:1.5.0:update18 cpe:/a:sun:sdk:1.4.2_3 cpe:/a:sun:jdk:1.6.0:update_5 cpe:/a:sun:sdk:1.4.2_13 cpe:/a:sun:jre:1.4.2_18 cpe:/a:sun:sdk:1.4.2_5 cpe:/a:sun:jre:1.5.0:update1 cpe:/a:sun:jdk:1.5.0:update20 cpe:/a:sun:jre:1.5.0:update9 cpe:/a:sun:jre:1.4.2:update3 cpe:/a:sun:jre:1.5.0:update21 cpe:/a:sun:jre:1.5.0:update20 cpe:/a:sun:jre:1.5.0:update3 cpe:/a:sun:jre:1.4.2_11 cpe:/a:sun:jre:1.6.0:update_3 cpe:/a:sun:jdk:1.6.0:update_3 cpe:/a:sun:jre:1.6.0:update_2 cpe:/a:sun:jre:1.5.0:update4 cpe:/a:sun:jdk:1.6.0:update_15 cpe:/a:sun:jre:1.5.0:update2 cpe:/a:sun:jre:1.5.0:update5 cpe:/a:sun:jre:1.5.0:update7 cpe:/a:sun:jre:1.4.2_1 cpe:/a:sun:sdk:1.4.2_11 cpe:/a:sun:jre:1.4.2_20 cpe:/a:sun:jdk:1.6.0:update_12 cpe:/a:sun:jre:1.4.2:update1 cpe:/a:sun:jdk:1.5.0:update14 cpe:/a:sun:jre:1.5.0:update23 cpe:/a:sun:sdk:1.4.2_4 cpe:/a:sun:sdk:1.4.2_10 cpe:/a:sun:sdk:1.4.2_25 cpe:/a:sun:jdk:1.6.0:update_18 cpe:/a:sun:jdk:1.6.0:update_4 cpe:/a:sun:jre:1.4.2_24 cpe:/a:sun:sdk:1.4.2 cpe:/a:sun:sdk:1.4.2_19 cpe:/a:sun:jdk:1.6.0:update1_b06 cpe:/a:sun:jdk:1.6.0:update1 cpe:/a:sun:jre:1.6.0:update_14 cpe:/a:sun:jdk:1.6.0:update2 cpe:/a:sun:jdk:1.5.0:update3 cpe:/a:sun:jre:1.4.2_22 cpe:/a:sun:sdk:1.4.2_18 cpe:/a:sun:jdk:1.6.0:update_14 cpe:/a:sun:jre:1.4.2:update2 cpe:/a:sun:sdk:1.4.2_12 cpe:/a:sun:jre:1.4.2_14 cpe:/a:sun:sdk:1.4.2_02 cpe:/a:sun:jdk:1.5.0:update16 cpe:/a:sun:sdk:1.4.2_24 cpe:/a:sun:jdk:1.6.0:update_10 cpe:/a:sun:jre:1.6.0:update_11 cpe:/a:sun:jre:1.5.0:update6 cpe:/a:sun:jdk:1.6.0:update_7 cpe:/a:sun:jdk:1.6.0:update_17 cpe:/a:sun:jdk:1.5.0:update17 cpe:/a:sun:jre:1.4.2_21 cpe:/a:sun:jdk:1.5.0:update19 cpe:/a:sun:jre:1.5.0:update13 cpe:/a:sun:jdk:1.5.0:update21 cpe:/a:sun:jre:1.4.2:update8 cpe:/a:sun:sdk:1.4.2_16 cpe:/a:sun:jre:1.5.0:update14 cpe:/a:sun:jdk:1.5.0:update23 cpe:/a:sun:sdk:1.4.2_17 cpe:/a:sun:jdk:1.6.0:update_13 cpe:/a:sun:sdk:1.4.2_23 cpe:/a:sun:jre:1.5.0 cpe:/a:sun:jre:1.4.2_16 cpe:/a:sun:jre:1.6.0 cpe:/a:sun:jre:1.5.0:update8 cpe:/a:sun:jre:1.6.0:update_7 cpe:/a:sun:jre:1.6.0:update_17 cpe:/a:sun:jre:1.4.2_10 cpe:/a:sun:jdk:1.6.0:update_16 cpe:/a:sun:jre:1.4.2_15 cpe:/a:sun:jre:1.4.2 cpe:/a:sun:jre:1.6.0:update_12 cpe:/a:sun:sdk:1.4.2_6 cpe:/a:sun:jre:1.6.0:update_15 cpe:/a:sun:sdk:1.4.2_22 cpe:/a:sun:jdk:1.6.0:update_11 cpe:/a:sun:jre:1.4.2:update7 cpe:/a:sun:jre:1.5.0:update19 cpe:/a:sun:jdk:1.5.0 cpe:/a:sun:jdk:1.5.0:update13 cpe:/a:sun:jre:1.4.2_12 cpe:/a:sun:jre:1.4.2_17 cpe:/a:sun:jdk:1.5.0:update1 cpe:/a:sun:jre:1.6.0:update_5 cpe:/a:sun:sdk:1.4.2_7 cpe:/a:sun:jre:1.4.2_13 cpe:/a:sun:jre:1.4.2:update6 cpe:/a:sun:sdk:1.4.2_20 CVE-2010-0089 2010-04-01T12:30:00.627-04:00 2012-10-22T23:17:08.070-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2010-04-02T10:45:00.000-04:00 VUPEN ADV-2010-1793 VUPEN ADV-2010-1454 VUPEN ADV-2010-1191 CONFIRM http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html CONFIRM http://www.vmware.com/security/advisories/VMSA-2011-0003.html BUGTRAQ 20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX REDHAT RHSA-2010:0471 REDHAT RHSA-2010:0383 REDHAT RHSA-2010:0338 REDHAT RHSA-2010:0337 CONFIRM http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html CONFIRM http://support.apple.com/kb/HT4171 CONFIRM http://support.apple.com/kb/HT4170 SECUNIA 43308 SECUNIA 40545 SECUNIA 39819 SECUNIA 39659 SECUNIA 39317 SUSE SUSE-SR:2010:017 SUSE SUSE-SR:2010:008 APPLE APPLE-SA-2010-05-18-2 APPLE APPLE-SA-2010-05-18-1 HP SSRT100179 HP SSRT100179 Unspecified vulnerability in the Java Web Start, Java Plug-in component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect availability via unknown vectors. cpe:/a:sun:jre:1.6.0:update_1 cpe:/a:sun:jre:1.6.0:update_4 cpe:/a:sun:jdk:1.6.0:update_18 cpe:/a:sun:jdk:1.6.0:update_4 cpe:/a:sun:jdk:1.6.0:update_5 cpe:/a:sun:jre:1.6.0 cpe:/a:sun:jdk:1.6.0 cpe:/a:sun:jdk:1.6.0:update1_b06 cpe:/a:sun:jdk:1.6.0:update1 cpe:/a:sun:jre:1.6.0:update_16 cpe:/a:sun:jre:1.6.0:update_7 cpe:/a:sun:jre:1.6.0:update_17 cpe:/a:sun:jre:1.6.0:update_14 cpe:/a:sun:jdk:1.6.0:update2 cpe:/a:sun:jre:1.6.0:update_10 cpe:/a:sun:jdk:1.6.0:update_16 cpe:/a:sun:jdk:1.6.0:update_14 cpe:/a:sun:jre:1.6.0:update_12 cpe:/a:sun:jre:1.6.0:update_15 cpe:/a:sun:jre:1.6.0:update_3 cpe:/a:sun:jdk:1.6.0:update_3 cpe:/a:sun:jre:1.6.0:update_2 cpe:/a:sun:jre:1.6.0:update_18 cpe:/a:sun:jdk:1.6.0:update_10 cpe:/a:sun:jre:1.6.0:update_11 cpe:/a:sun:jdk:1.6.0:update_15 cpe:/a:sun:jdk:1.6.0:update_7 cpe:/a:sun:jdk:1.6.0:update_17 cpe:/a:sun:jre:1.6.0:update_13 cpe:/a:sun:jdk:1.6.0:update_11 cpe:/a:sun:jdk:1.6.0:update_12 cpe:/a:sun:jre:1.6.0:update_6 cpe:/a:sun:jre:1.6.0:update_5 cpe:/a:sun:jdk:1.6.0:update_13 cpe:/a:sun:jdk:1.6.0:update_6 CVE-2010-0090 2010-04-01T12:30:00.640-04:00 2012-10-22T23:17:08.257-04:00 5.8 NETWORK MEDIUM NONE NONE PARTIAL PARTIAL http://nvd.nist.gov 2010-04-02T10:51:00.000-04:00 VUPEN ADV-2010-1793 VUPEN ADV-2010-1454 VUPEN ADV-2010-1191 CONFIRM http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html CONFIRM http://www.vmware.com/security/advisories/VMSA-2011-0003.html BUGTRAQ 20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX REDHAT RHSA-2010:0471 REDHAT RHSA-2010:0383 REDHAT RHSA-2010:0337 CONFIRM http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html CONFIRM http://support.apple.com/kb/HT4171 CONFIRM http://support.apple.com/kb/HT4170 SECUNIA 43308 SECUNIA 40545 SECUNIA 39819 SECUNIA 39659 SECUNIA 39317 SUSE SUSE-SR:2010:008 APPLE APPLE-SA-2010-05-18-2 APPLE APPLE-SA-2010-05-18-1 HP SSRT100179 HP SSRT100179 Unspecified vulnerability in the Java Web Start, Java Plug-in component in Oracle Java SE and Java for Business 6 Update 18 allows remote attackers to affect integrity and availability via unknown vectors. cpe:/a:sun:jre:1.5.0:update16 cpe:/a:sun:jre:1.6.0:update_4 cpe:/a:sun:jre:1.5.0:update17 cpe:/a:sun:jdk:1.5.0:update10 cpe:/a:sun:jdk:1.5.0:update7 cpe:/a:sun:jdk:1.5.0:update5 cpe:/a:sun:jdk:1.6.0 cpe:/a:sun:jre:1.6.0:update_16 cpe:/a:sun:sdk:1.4.2_8 cpe:/a:sun:jdk:1.5.0:update6 cpe:/a:sun:jre:1.5.0:update15 cpe:/a:sun:jre:1.6.0:update_10 cpe:/a:sun:sdk:1.4.2_14 cpe:/a:sun:jre:1.5.0:update12 cpe:/a:sun:jre:1.4.2_19 cpe:/a:sun:jre:1.6.0:update_18 cpe:/a:sun:sdk:1.4.2_9 cpe:/a:sun:jre:1.5.0:update10 cpe:/a:sun:jre:1.4.2_25 cpe:/a:sun:jdk:1.5.0:update4 cpe:/a:sun:jre:1.6.0:update_13 cpe:/a:sun:jdk:1.5.0:update9 cpe:/a:sun:jre:1.6.0:update_6 cpe:/a:sun:jdk:1.5.0:update15 cpe:/a:sun:jdk:1.5.0:update2 cpe:/a:sun:sdk:1.4.2_15 cpe:/a:sun:jre:1.4.2:update4 cpe:/a:sun:sdk:1.4.2_1 cpe:/a:sun:jre:1.4.2_23 cpe:/a:sun:jdk:1.5.0:update12 cpe:/a:sun:sdk:1.4.2_21 cpe:/a:sun:jdk:1.5.0:update8 cpe:/a:sun:jdk:1.6.0:update_6 cpe:/a:sun:jre:1.6.0:update_1 cpe:/a:sun:jre:1.4.2:update9 cpe:/a:sun:jdk:1.5.0:update18 cpe:/a:sun:jre:1.5.0:update11 cpe:/a:sun:jre:1.4.2:update5 cpe:/a:sun:jdk:1.5.0:update11 cpe:/a:sun:jre:1.5.0:update18 cpe:/a:sun:sdk:1.4.2_3 cpe:/a:sun:jdk:1.6.0:update_5 cpe:/a:sun:sdk:1.4.2_13 cpe:/a:sun:jre:1.4.2_18 cpe:/a:sun:sdk:1.4.2_5 cpe:/a:sun:jre:1.5.0:update1 cpe:/a:sun:jdk:1.5.0:update20 cpe:/a:sun:jre:1.5.0:update9 cpe:/a:sun:jre:1.4.2:update3 cpe:/a:sun:jre:1.5.0:update21 cpe:/a:sun:jre:1.5.0:update20 cpe:/a:sun:jre:1.5.0:update3 cpe:/a:sun:jre:1.4.2_11 cpe:/a:sun:jre:1.6.0:update_3 cpe:/a:sun:jdk:1.6.0:update_3 cpe:/a:sun:jre:1.6.0:update_2 cpe:/a:sun:jre:1.5.0:update4 cpe:/a:sun:jdk:1.6.0:update_15 cpe:/a:sun:jre:1.5.0:update2 cpe:/a:sun:jre:1.5.0:update5 cpe:/a:sun:jre:1.5.0:update7 cpe:/a:sun:jre:1.4.2_1 cpe:/a:sun:sdk:1.4.2_11 cpe:/a:sun:jre:1.4.2_20 cpe:/a:sun:jdk:1.6.0:update_12 cpe:/a:sun:jre:1.4.2:update1 cpe:/a:sun:jdk:1.5.0:update14 cpe:/a:sun:jre:1.5.0:update23 cpe:/a:sun:sdk:1.4.2_4 cpe:/a:sun:sdk:1.4.2_10 cpe:/a:sun:sdk:1.4.2_25 cpe:/a:sun:jdk:1.6.0:update_18 cpe:/a:sun:jdk:1.6.0:update_4 cpe:/a:sun:jre:1.4.2_24 cpe:/a:sun:sdk:1.4.2 cpe:/a:sun:sdk:1.4.2_19 cpe:/a:sun:jdk:1.6.0:update1_b06 cpe:/a:sun:jdk:1.6.0:update1 cpe:/a:sun:jre:1.6.0:update_14 cpe:/a:sun:jdk:1.6.0:update2 cpe:/a:sun:jdk:1.5.0:update3 cpe:/a:sun:jre:1.4.2_22 cpe:/a:sun:sdk:1.4.2_18 cpe:/a:sun:jdk:1.6.0:update_14 cpe:/a:sun:jre:1.4.2:update2 cpe:/a:sun:sdk:1.4.2_12 cpe:/a:sun:jre:1.4.2_14 cpe:/a:sun:sdk:1.4.2_02 cpe:/a:sun:jdk:1.5.0:update16 cpe:/a:sun:sdk:1.4.2_24 cpe:/a:sun:jdk:1.6.0:update_10 cpe:/a:sun:jre:1.6.0:update_11 cpe:/a:sun:jre:1.5.0:update6 cpe:/a:sun:jdk:1.6.0:update_7 cpe:/a:sun:jdk:1.6.0:update_17 cpe:/a:sun:jdk:1.5.0:update17 cpe:/a:sun:jre:1.4.2_21 cpe:/a:sun:jdk:1.5.0:update19 cpe:/a:sun:jre:1.5.0:update13 cpe:/a:sun:jdk:1.5.0:update21 cpe:/a:sun:jre:1.4.2:update8 cpe:/a:sun:sdk:1.4.2_16 cpe:/a:sun:jre:1.5.0:update14 cpe:/a:sun:jdk:1.5.0:update23 cpe:/a:sun:sdk:1.4.2_17 cpe:/a:sun:jdk:1.6.0:update_13 cpe:/a:sun:sdk:1.4.2_23 cpe:/a:sun:jre:1.5.0 cpe:/a:sun:jre:1.4.2_16 cpe:/a:sun:jre:1.6.0 cpe:/a:sun:jre:1.5.0:update8 cpe:/a:sun:jre:1.6.0:update_7 cpe:/a:sun:jre:1.6.0:update_17 cpe:/a:sun:jre:1.4.2_10 cpe:/a:sun:jdk:1.6.0:update_16 cpe:/a:sun:jre:1.4.2_15 cpe:/a:sun:jre:1.4.2 cpe:/a:sun:jre:1.6.0:update_12 cpe:/a:sun:sdk:1.4.2_6 cpe:/a:sun:jre:1.6.0:update_15 cpe:/a:sun:sdk:1.4.2_22 cpe:/a:sun:jdk:1.6.0:update_11 cpe:/a:sun:jre:1.4.2:update7 cpe:/a:sun:jre:1.5.0:update19 cpe:/a:sun:jdk:1.5.0 cpe:/a:sun:jdk:1.5.0:update13 cpe:/a:sun:jre:1.4.2_12 cpe:/a:sun:jre:1.4.2_17 cpe:/a:sun:jdk:1.5.0:update1 cpe:/a:sun:jre:1.6.0:update_5 cpe:/a:sun:sdk:1.4.2_7 cpe:/a:sun:jre:1.4.2_13 cpe:/a:sun:jre:1.4.2:update6 cpe:/a:sun:sdk:1.4.2_20 CVE-2010-0091 2010-04-01T12:30:00.687-04:00 2012-10-22T23:17:08.477-04:00 4.3 NETWORK MEDIUM NONE PARTIAL NONE NONE http://nvd.nist.gov 2010-04-02T11:02:00.000-04:00 VUPEN ADV-2010-1793 VUPEN ADV-2010-1454 VUPEN ADV-2010-1191 VUPEN ADV-2010-1107 CONFIRM http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html CONFIRM http://www.vmware.com/security/advisories/VMSA-2011-0003.html BUGTRAQ 20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX REDHAT RHSA-2010:0471 REDHAT RHSA-2010:0383 REDHAT RHSA-2010:0339 REDHAT RHSA-2010:0338 REDHAT RHSA-2010:0337 CONFIRM http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html CONFIRM http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html MANDRIVA MDVSA-2010:084 UBUNTU USN-923-1 CONFIRM http://support.apple.com/kb/HT4171 CONFIRM http://support.apple.com/kb/HT4170 SECUNIA 43308 SECUNIA 40545 SECUNIA 39819 SECUNIA 39659 SECUNIA 39317 SECUNIA 39292 OSVDB 63481 SUSE SUSE-SR:2010:017 SUSE SUSE-SR:2010:011 SUSE SUSE-SR:2010:008 APPLE APPLE-SA-2010-05-18-2 APPLE APPLE-SA-2010-05-18-1 HP SSRT100179 HP SSRT100179 Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality via unknown vectors. cpe:/a:sun:jre:1.5.0:update16 cpe:/a:sun:jre:1.6.0:update_4 cpe:/a:sun:jdk:1.6.0:update_4 cpe:/a:sun:jdk:1.6.0:update_18 cpe:/a:sun:jre:1.5.0:update17 cpe:/a:sun:jdk:1.5.0:update10 cpe:/a:sun:jdk:1.6.0 cpe:/a:sun:jdk:1.5.0:update5 cpe:/a:sun:jdk:1.5.0:update7 cpe:/a:sun:jre:1.6.0:update_16 cpe:/a:sun:jdk:1.6.0:update1 cpe:/a:sun:jdk:1.6.0:update1_b06 cpe:/a:sun:jdk:1.5.0:update6 cpe:/a:sun:jre:1.5.0:update15 cpe:/a:sun:jre:1.6.0:update_14 cpe:/a:sun:jre:1.6.0:update_10 cpe:/a:sun:jdk:1.6.0:update2 cpe:/a:sun:jdk:1.5.0:update3 cpe:/a:sun:jdk:1.6.0:update_14 cpe:/a:sun:jre:1.5.0:update12 cpe:/a:sun:jdk:1.5.0:update16 cpe:/a:sun:jre:1.6.0:update_18 cpe:/a:sun:jre:1.6.0:update_11 cpe:/a:sun:jdk:1.6.0:update_10 cpe:/a:sun:jre:1.5.0:update10 cpe:/a:sun:jre:1.5.0:update6 cpe:/a:sun:jdk:1.5.0:update4 cpe:/a:sun:jdk:1.6.0:update_7 cpe:/a:sun:jdk:1.6.0:update_17 cpe:/a:sun:jdk:1.5.0:update17 cpe:/a:sun:jre:1.6.0:update_13 cpe:/a:sun:jdk:1.5.0:update9 cpe:/a:sun:jdk:1.5.0:update19 cpe:/a:sun:jre:1.6.0:update_6 cpe:/a:sun:jre:1.5.0:update13 cpe:/a:sun:jdk:1.5.0:update15 cpe:/a:sun:jdk:1.5.0:update21 cpe:/a:sun:jdk:1.5.0:update2 cpe:/a:sun:jdk:1.5.0:update12 cpe:/a:sun:jre:1.5.0:update14 cpe:/a:sun:jdk:1.5.0:update23 cpe:/a:sun:jdk:1.6.0:update_13 cpe:/a:sun:jdk:1.6.0:update_6 cpe:/a:sun:jdk:1.5.0:update8 cpe:/a:sun:jre:1.6.0:update_1 cpe:/a:sun:jre:1.5.0 cpe:/a:sun:jre:1.5.0:update11 cpe:/a:sun:jdk:1.5.0:update18 cpe:/a:sun:jdk:1.5.0:update11 cpe:/a:sun:jre:1.5.0:update18 cpe:/a:sun:jre:1.6.0 cpe:/a:sun:jdk:1.6.0:update_5 cpe:/a:sun:jre:1.5.0:update8 cpe:/a:sun:jre:1.5.0:update1 cpe:/a:sun:jre:1.6.0:update_17 cpe:/a:sun:jre:1.6.0:update_7 cpe:/a:sun:jdk:1.5.0:update20 cpe:/a:sun:jdk:1.6.0:update_16 cpe:/a:sun:jre:1.5.0:update9 cpe:/a:sun:jre:1.5.0:update21 cpe:/a:sun:jre:1.5.0:update20 cpe:/a:sun:jre:1.6.0:update_12 cpe:/a:sun:jre:1.5.0:update3 cpe:/a:sun:jre:1.6.0:update_15 cpe:/a:sun:jre:1.6.0:update_3 cpe:/a:sun:jdk:1.6.0:update_3 cpe:/a:sun:jre:1.6.0:update_2 cpe:/a:sun:jre:1.5.0:update4 cpe:/a:sun:jdk:1.6.0:update_15 cpe:/a:sun:jre:1.5.0:update5 cpe:/a:sun:jre:1.5.0:update2 cpe:/a:sun:jre:1.5.0:update7 cpe:/a:sun:jdk:1.6.0:update_12 cpe:/a:sun:jdk:1.6.0:update_11 cpe:/a:sun:jdk:1.5.0:update14 cpe:/a:sun:jre:1.5.0:update23 cpe:/a:sun:jre:1.5.0:update19 cpe:/a:sun:jdk:1.5.0 cpe:/a:sun:jdk:1.5.0:update13 cpe:/a:sun:jdk:1.5.0:update1 cpe:/a:sun:jre:1.6.0:update_5 CVE-2010-0092 2010-04-01T12:30:00.703-04:00 2012-10-22T23:17:09.383-04:00 5.1 NETWORK HIGH NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2010-04-02T11:14:00.000-04:00 VUPEN ADV-2010-1793 VUPEN ADV-2010-1454 VUPEN ADV-2010-1191 VUPEN ADV-2010-1107 CONFIRM http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html CONFIRM http://www.vmware.com/security/advisories/VMSA-2011-0003.html BUGTRAQ 20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX REDHAT RHSA-2010:0471 REDHAT RHSA-2010:0383 REDHAT RHSA-2010:0339 REDHAT RHSA-2010:0338 REDHAT RHSA-2010:0337 CONFIRM http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html MANDRIVA MDVSA-2010:084 UBUNTU USN-923-1 CONFIRM http://support.apple.com/kb/HT4171 CONFIRM http://support.apple.com/kb/HT4170 SECUNIA 43308 SECUNIA 40545 SECUNIA 39819 SECUNIA 39659 SECUNIA 39317 SECUNIA 39292 SUSE SUSE-SR:2010:011 SUSE SUSE-SR:2010:008 APPLE APPLE-SA-2010-05-18-2 APPLE APPLE-SA-2010-05-18-1 HP SSRT100179 HP SSRT100179 Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, and 5.0 Update 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. cpe:/a:sun:jre:1.5.0:update16 cpe:/a:sun:jre:1.6.0:update_4 cpe:/a:sun:jre:1.5.0:update17 cpe:/a:sun:jdk:1.5.0:update10 cpe:/a:sun:jdk:1.5.0:update7 cpe:/a:sun:jdk:1.5.0:update5 cpe:/a:sun:jdk:1.6.0 cpe:/a:sun:jre:1.6.0:update_16 cpe:/a:sun:sdk:1.4.2_8 cpe:/a:sun:jdk:1.5.0:update6 cpe:/a:sun:jre:1.5.0:update15 cpe:/a:sun:jre:1.6.0:update_10 cpe:/a:sun:sdk:1.4.2_14 cpe:/a:sun:jre:1.5.0:update12 cpe:/a:sun:jre:1.4.2_19 cpe:/a:sun:jre:1.6.0:update_18 cpe:/a:sun:sdk:1.4.2_9 cpe:/a:sun:jre:1.5.0:update10 cpe:/a:sun:jre:1.4.2_25 cpe:/a:sun:jdk:1.5.0:update4 cpe:/a:sun:jre:1.6.0:update_13 cpe:/a:sun:jdk:1.5.0:update9 cpe:/a:sun:jre:1.6.0:update_6 cpe:/a:sun:jdk:1.5.0:update15 cpe:/a:sun:jdk:1.5.0:update2 cpe:/a:sun:sdk:1.4.2_15 cpe:/a:sun:jre:1.4.2:update4 cpe:/a:sun:sdk:1.4.2_1 cpe:/a:sun:jre:1.4.2_23 cpe:/a:sun:jdk:1.5.0:update12 cpe:/a:sun:sdk:1.4.2_21 cpe:/a:sun:jdk:1.5.0:update8 cpe:/a:sun:jdk:1.6.0:update_6 cpe:/a:sun:jre:1.6.0:update_1 cpe:/a:sun:jre:1.4.2:update9 cpe:/a:sun:jdk:1.5.0:update18 cpe:/a:sun:jre:1.5.0:update11 cpe:/a:sun:jre:1.4.2:update5 cpe:/a:sun:jdk:1.5.0:update11 cpe:/a:sun:jre:1.5.0:update18 cpe:/a:sun:sdk:1.4.2_3 cpe:/a:sun:jdk:1.6.0:update_5 cpe:/a:sun:sdk:1.4.2_13 cpe:/a:sun:jre:1.4.2_18 cpe:/a:sun:sdk:1.4.2_5 cpe:/a:sun:jre:1.5.0:update1 cpe:/a:sun:jdk:1.5.0:update20 cpe:/a:sun:jre:1.5.0:update9 cpe:/a:sun:jre:1.4.2:update3 cpe:/a:sun:jre:1.5.0:update21 cpe:/a:sun:jre:1.5.0:update20 cpe:/a:sun:jre:1.5.0:update3 cpe:/a:sun:jre:1.4.2_11 cpe:/a:sun:jre:1.6.0:update_3 cpe:/a:sun:jdk:1.6.0:update_3 cpe:/a:sun:jre:1.6.0:update_2 cpe:/a:sun:jre:1.5.0:update4 cpe:/a:sun:jdk:1.6.0:update_15 cpe:/a:sun:jre:1.5.0:update2 cpe:/a:sun:jre:1.5.0:update5 cpe:/a:sun:jre:1.5.0:update7 cpe:/a:sun:jre:1.4.2_1 cpe:/a:sun:sdk:1.4.2_11 cpe:/a:sun:jre:1.4.2_20 cpe:/a:sun:jdk:1.6.0:update_12 cpe:/a:sun:jre:1.4.2:update1 cpe:/a:sun:jdk:1.5.0:update14 cpe:/a:sun:jre:1.5.0:update23 cpe:/a:sun:sdk:1.4.2_4 cpe:/a:sun:sdk:1.4.2_10 cpe:/a:sun:sdk:1.4.2_25 cpe:/a:sun:jdk:1.6.0:update_18 cpe:/a:sun:jdk:1.6.0:update_4 cpe:/a:sun:jre:1.4.2_24 cpe:/a:sun:sdk:1.4.2 cpe:/a:sun:sdk:1.4.2_19 cpe:/a:sun:jdk:1.6.0:update1_b06 cpe:/a:sun:jdk:1.6.0:update1 cpe:/a:sun:jre:1.6.0:update_14 cpe:/a:sun:jdk:1.6.0:update2 cpe:/a:sun:jdk:1.5.0:update3 cpe:/a:sun:jre:1.4.2_22 cpe:/a:sun:sdk:1.4.2_18 cpe:/a:sun:jdk:1.6.0:update_14 cpe:/a:sun:jre:1.4.2:update2 cpe:/a:sun:sdk:1.4.2_12 cpe:/a:sun:jre:1.4.2_14 cpe:/a:sun:sdk:1.4.2_02 cpe:/a:sun:jdk:1.5.0:update16 cpe:/a:sun:sdk:1.4.2_24 cpe:/a:sun:jdk:1.6.0:update_10 cpe:/a:sun:jre:1.6.0:update_11 cpe:/a:sun:jre:1.5.0:update6 cpe:/a:sun:jdk:1.6.0:update_7 cpe:/a:sun:jdk:1.6.0:update_17 cpe:/a:sun:jdk:1.5.0:update17 cpe:/a:sun:jre:1.4.2_21 cpe:/a:sun:jdk:1.5.0:update19 cpe:/a:sun:jre:1.5.0:update13 cpe:/a:sun:jdk:1.5.0:update21 cpe:/a:sun:jre:1.4.2:update8 cpe:/a:sun:sdk:1.4.2_16 cpe:/a:sun:jre:1.5.0:update14 cpe:/a:sun:jdk:1.5.0:update23 cpe:/a:sun:sdk:1.4.2_17 cpe:/a:sun:jdk:1.6.0:update_13 cpe:/a:sun:sdk:1.4.2_23 cpe:/a:sun:jre:1.5.0 cpe:/a:sun:jre:1.4.2_16 cpe:/a:sun:jre:1.6.0 cpe:/a:sun:jre:1.5.0:update8 cpe:/a:sun:jre:1.6.0:update_7 cpe:/a:sun:jre:1.6.0:update_17 cpe:/a:sun:jre:1.4.2_10 cpe:/a:sun:jdk:1.6.0:update_16 cpe:/a:sun:jre:1.4.2_15 cpe:/a:sun:jre:1.4.2 cpe:/a:sun:jre:1.6.0:update_12 cpe:/a:sun:sdk:1.4.2_6 cpe:/a:sun:jre:1.6.0:update_15 cpe:/a:sun:sdk:1.4.2_22 cpe:/a:sun:jdk:1.6.0:update_11 cpe:/a:sun:jre:1.4.2:update7 cpe:/a:sun:jre:1.5.0:update19 cpe:/a:sun:jdk:1.5.0 cpe:/a:sun:jdk:1.5.0:update13 cpe:/a:sun:jre:1.4.2_12 cpe:/a:sun:jre:1.4.2_17 cpe:/a:sun:jdk:1.5.0:update1 cpe:/a:sun:jre:1.6.0:update_5 cpe:/a:sun:sdk:1.4.2_7 cpe:/a:sun:jre:1.4.2_13 cpe:/a:sun:jre:1.4.2:update6 cpe:/a:sun:sdk:1.4.2_20 CVE-2010-0093 2010-04-01T12:30:00.733-04:00 2012-10-22T23:17:09.617-04:00 5.1 NETWORK HIGH NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2010-04-02T11:37:00.000-04:00 VUPEN ADV-2010-1793 VUPEN ADV-2010-1191 VUPEN ADV-2010-1107 CONFIRM http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html CONFIRM http://www.vmware.com/security/advisories/VMSA-2011-0003.html BUGTRAQ 20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX REDHAT RHSA-2010:0339 REDHAT RHSA-2010:0338 REDHAT RHSA-2010:0337 CONFIRM http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html MANDRIVA MDVSA-2010:084 UBUNTU USN-923-1 CONFIRM http://support.apple.com/kb/HT4171 CONFIRM http://support.apple.com/kb/HT4170 SECUNIA 43308 SECUNIA 40545 SECUNIA 39819 SECUNIA 39317 SECUNIA 39292 OSVDB 63485 SUSE SUSE-SR:2010:011 SUSE SUSE-SR:2010:008 APPLE APPLE-SA-2010-05-18-2 APPLE APPLE-SA-2010-05-18-1 HP HPSBMA02547 HP HPSBMA02547 Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. cpe:/a:sun:jre:1.5.0:update16 cpe:/a:sun:jre:1.6.0:update_4 cpe:/a:sun:jdk:1.6.0:update_4 cpe:/a:sun:jdk:1.6.0:update_18 cpe:/a:sun:jre:1.5.0:update17 cpe:/a:sun:jdk:1.5.0:update10 cpe:/a:sun:jdk:1.6.0 cpe:/a:sun:jdk:1.5.0:update5 cpe:/a:sun:jdk:1.5.0:update7 cpe:/a:sun:jre:1.6.0:update_16 cpe:/a:sun:jdk:1.6.0:update1 cpe:/a:sun:jdk:1.6.0:update1_b06 cpe:/a:sun:jdk:1.5.0:update6 cpe:/a:sun:jre:1.5.0:update15 cpe:/a:sun:jre:1.6.0:update_14 cpe:/a:sun:jre:1.6.0:update_10 cpe:/a:sun:jdk:1.6.0:update2 cpe:/a:sun:jdk:1.5.0:update3 cpe:/a:sun:jdk:1.6.0:update_14 cpe:/a:sun:jre:1.5.0:update12 cpe:/a:sun:jdk:1.5.0:update16 cpe:/a:sun:jre:1.6.0:update_18 cpe:/a:sun:jre:1.6.0:update_11 cpe:/a:sun:jdk:1.6.0:update_10 cpe:/a:sun:jre:1.5.0:update10 cpe:/a:sun:jre:1.5.0:update6 cpe:/a:sun:jdk:1.5.0:update4 cpe:/a:sun:jdk:1.6.0:update_7 cpe:/a:sun:jdk:1.6.0:update_17 cpe:/a:sun:jdk:1.5.0:update17 cpe:/a:sun:jre:1.6.0:update_13 cpe:/a:sun:jdk:1.5.0:update9 cpe:/a:sun:jdk:1.5.0:update19 cpe:/a:sun:jre:1.6.0:update_6 cpe:/a:sun:jre:1.5.0:update13 cpe:/a:sun:jdk:1.5.0:update15 cpe:/a:sun:jdk:1.5.0:update21 cpe:/a:sun:jdk:1.5.0:update2 cpe:/a:sun:jdk:1.5.0:update12 cpe:/a:sun:jre:1.5.0:update14 cpe:/a:sun:jdk:1.5.0:update23 cpe:/a:sun:jdk:1.6.0:update_13 cpe:/a:sun:jdk:1.6.0:update_6 cpe:/a:sun:jdk:1.5.0:update8 cpe:/a:sun:jre:1.6.0:update_1 cpe:/a:sun:jre:1.5.0 cpe:/a:sun:jre:1.5.0:update11 cpe:/a:sun:jdk:1.5.0:update18 cpe:/a:sun:jdk:1.5.0:update11 cpe:/a:sun:jre:1.5.0:update18 cpe:/a:sun:jre:1.6.0 cpe:/a:sun:jdk:1.6.0:update_5 cpe:/a:sun:jre:1.5.0:update8 cpe:/a:sun:jre:1.5.0:update1 cpe:/a:sun:jre:1.6.0:update_17 cpe:/a:sun:jre:1.6.0:update_7 cpe:/a:sun:jdk:1.5.0:update20 cpe:/a:sun:jdk:1.6.0:update_16 cpe:/a:sun:jre:1.5.0:update9 cpe:/a:sun:jre:1.5.0:update21 cpe:/a:sun:jre:1.5.0:update20 cpe:/a:sun:jre:1.6.0:update_12 cpe:/a:sun:jre:1.5.0:update3 cpe:/a:sun:jre:1.6.0:update_15 cpe:/a:sun:jre:1.6.0:update_3 cpe:/a:sun:jdk:1.6.0:update_3 cpe:/a:sun:jre:1.6.0:update_2 cpe:/a:sun:jre:1.5.0:update4 cpe:/a:sun:jdk:1.6.0:update_15 cpe:/a:sun:jre:1.5.0:update5 cpe:/a:sun:jre:1.5.0:update2 cpe:/a:sun:jre:1.5.0:update7 cpe:/a:sun:jdk:1.6.0:update_12 cpe:/a:sun:jdk:1.6.0:update_11 cpe:/a:sun:jdk:1.5.0:update14 cpe:/a:sun:jre:1.5.0:update23 cpe:/a:sun:jre:1.5.0:update19 cpe:/a:sun:jdk:1.5.0 cpe:/a:sun:jdk:1.5.0:update13 cpe:/a:sun:jdk:1.5.0:update1 cpe:/a:sun:jre:1.6.0:update_5 CVE-2010-0094 2010-04-01T12:30:00.767-04:00 2012-10-22T23:17:09.803-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2010-04-02T11:39:00.000-04:00 MISC http://www.zerodayinitiative.com/advisories/ZDI-10-051 VUPEN ADV-2010-1793 VUPEN ADV-2010-1454 VUPEN ADV-2010-1191 VUPEN ADV-2010-1107 CONFIRM http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html CONFIRM http://www.vmware.com/security/advisories/VMSA-2011-0003.html BUGTRAQ 20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX BUGTRAQ 20100405 ZDI-10-051: Sun Java Runtime RMIConnectionImpl Privileged Context Remote Code Execution Vulnerability REDHAT RHSA-2010:0471 REDHAT RHSA-2010:0383 REDHAT RHSA-2010:0339 REDHAT RHSA-2010:0338 REDHAT RHSA-2010:0337 CONFIRM http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html CONFIRM http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html MANDRIVA MDVSA-2010:084 UBUNTU USN-923-1 CONFIRM http://support.apple.com/kb/HT4171 CONFIRM http://support.apple.com/kb/HT4170 SECUNIA 43308 SECUNIA 40545 SECUNIA 39819 SECUNIA 39659 SECUNIA 39317 SECUNIA 39292 SUSE SUSE-SR:2010:011 SUSE SUSE-SR:2010:008 APPLE APPLE-SA-2010-05-18-2 APPLE APPLE-SA-2010-05-18-1 HP SSRT100179 HP SSRT100179 Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18 and 5.0 Update 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is due to missing privilege checks during deserialization of RMIConnectionImpl objects, which allows remote attackers to call system-level Java functions via the ClassLoader of a constructor that is being deserialized. cpe:/a:sun:jre:1.5.0:update16 cpe:/a:sun:jre:1.6.0:update_4 cpe:/a:sun:jre:1.5.0:update17 cpe:/a:sun:jdk:1.5.0:update10 cpe:/a:sun:jdk:1.5.0:update7 cpe:/a:sun:jdk:1.5.0:update5 cpe:/a:sun:jdk:1.6.0 cpe:/a:sun:jre:1.6.0:update_16 cpe:/a:sun:sdk:1.4.2_8 cpe:/a:sun:jdk:1.5.0:update6 cpe:/a:sun:jre:1.5.0:update15 cpe:/a:sun:jre:1.6.0:update_10 cpe:/a:sun:sdk:1.4.2_14 cpe:/a:sun:jre:1.5.0:update12 cpe:/a:sun:jre:1.4.2_19 cpe:/a:sun:jre:1.6.0:update_18 cpe:/a:sun:sdk:1.4.2_9 cpe:/a:sun:jre:1.5.0:update10 cpe:/a:sun:jre:1.4.2_25 cpe:/a:sun:jdk:1.5.0:update4 cpe:/a:sun:jre:1.6.0:update_13 cpe:/a:sun:jdk:1.5.0:update9 cpe:/a:sun:jre:1.6.0:update_6 cpe:/a:sun:jdk:1.5.0:update15 cpe:/a:sun:jdk:1.5.0:update2 cpe:/a:sun:sdk:1.4.2_15 cpe:/a:sun:jre:1.4.2:update4 cpe:/a:sun:sdk:1.4.2_1 cpe:/a:sun:jre:1.4.2_23 cpe:/a:sun:jdk:1.5.0:update12 cpe:/a:sun:sdk:1.4.2_21 cpe:/a:sun:jdk:1.5.0:update8 cpe:/a:sun:jdk:1.6.0:update_6 cpe:/a:sun:jre:1.6.0:update_1 cpe:/a:sun:jre:1.4.2:update9 cpe:/a:sun:jdk:1.5.0:update18 cpe:/a:sun:jre:1.5.0:update11 cpe:/a:sun:jre:1.4.2:update5 cpe:/a:sun:jdk:1.5.0:update11 cpe:/a:sun:jre:1.5.0:update18 cpe:/a:sun:sdk:1.4.2_3 cpe:/a:sun:jdk:1.6.0:update_5 cpe:/a:sun:sdk:1.4.2_13 cpe:/a:sun:jre:1.4.2_18 cpe:/a:sun:sdk:1.4.2_5 cpe:/a:sun:jre:1.5.0:update1 cpe:/a:sun:jdk:1.5.0:update20 cpe:/a:sun:jre:1.5.0:update9 cpe:/a:sun:jre:1.4.2:update3 cpe:/a:sun:jre:1.5.0:update21 cpe:/a:sun:jre:1.5.0:update20 cpe:/a:sun:jre:1.5.0:update3 cpe:/a:sun:jre:1.4.2_11 cpe:/a:sun:jre:1.6.0:update_3 cpe:/a:sun:jdk:1.6.0:update_3 cpe:/a:sun:jre:1.6.0:update_2 cpe:/a:sun:jre:1.5.0:update4 cpe:/a:sun:jdk:1.6.0:update_15 cpe:/a:sun:jre:1.5.0:update2 cpe:/a:sun:jre:1.5.0:update5 cpe:/a:sun:jre:1.5.0:update7 cpe:/a:sun:jre:1.4.2_1 cpe:/a:sun:sdk:1.4.2_11 cpe:/a:sun:jre:1.4.2_20 cpe:/a:sun:jdk:1.6.0:update_12 cpe:/a:sun:jre:1.4.2:update1 cpe:/a:sun:jdk:1.5.0:update14 cpe:/a:sun:jre:1.5.0:update23 cpe:/a:sun:sdk:1.4.2_4 cpe:/a:sun:sdk:1.4.2_10 cpe:/a:sun:sdk:1.4.2_25 cpe:/a:sun:jdk:1.6.0:update_18 cpe:/a:sun:jdk:1.6.0:update_4 cpe:/a:sun:jre:1.4.2_24 cpe:/a:sun:sdk:1.4.2 cpe:/a:sun:sdk:1.4.2_19 cpe:/a:sun:jdk:1.6.0:update1_b06 cpe:/a:sun:jdk:1.6.0:update1 cpe:/a:sun:jre:1.6.0:update_14 cpe:/a:sun:jdk:1.6.0:update2 cpe:/a:sun:jdk:1.5.0:update3 cpe:/a:sun:jre:1.4.2_22 cpe:/a:sun:sdk:1.4.2_18 cpe:/a:sun:jdk:1.6.0:update_14 cpe:/a:sun:jre:1.4.2:update2 cpe:/a:sun:sdk:1.4.2_12 cpe:/a:sun:jre:1.4.2_14 cpe:/a:sun:sdk:1.4.2_02 cpe:/a:sun:jdk:1.5.0:update16 cpe:/a:sun:sdk:1.4.2_24 cpe:/a:sun:jdk:1.6.0:update_10 cpe:/a:sun:jre:1.6.0:update_11 cpe:/a:sun:jre:1.5.0:update6 cpe:/a:sun:jdk:1.6.0:update_7 cpe:/a:sun:jdk:1.6.0:update_17 cpe:/a:sun:jdk:1.5.0:update17 cpe:/a:sun:jre:1.4.2_21 cpe:/a:sun:jdk:1.5.0:update19 cpe:/a:sun:jre:1.5.0:update13 cpe:/a:sun:jdk:1.5.0:update21 cpe:/a:sun:jre:1.4.2:update8 cpe:/a:sun:sdk:1.4.2_16 cpe:/a:sun:jre:1.5.0:update14 cpe:/a:sun:jdk:1.5.0:update23 cpe:/a:sun:sdk:1.4.2_17 cpe:/a:sun:jdk:1.6.0:update_13 cpe:/a:sun:sdk:1.4.2_23 cpe:/a:sun:jre:1.5.0 cpe:/a:sun:jre:1.4.2_16 cpe:/a:sun:jre:1.6.0 cpe:/a:sun:jre:1.5.0:update8 cpe:/a:sun:jre:1.6.0:update_7 cpe:/a:sun:jre:1.6.0:update_17 cpe:/a:sun:jre:1.4.2_10 cpe:/a:sun:jdk:1.6.0:update_16 cpe:/a:sun:jre:1.4.2_15 cpe:/a:sun:jre:1.4.2 cpe:/a:sun:jre:1.6.0:update_12 cpe:/a:sun:sdk:1.4.2_6 cpe:/a:sun:jre:1.6.0:update_15 cpe:/a:sun:sdk:1.4.2_22 cpe:/a:sun:jdk:1.6.0:update_11 cpe:/a:sun:jre:1.4.2:update7 cpe:/a:sun:jre:1.5.0:update19 cpe:/a:sun:jdk:1.5.0 cpe:/a:sun:jdk:1.5.0:update13 cpe:/a:sun:jre:1.4.2_12 cpe:/a:sun:jre:1.4.2_17 cpe:/a:sun:jdk:1.5.0:update1 cpe:/a:sun:jre:1.6.0:update_5 cpe:/a:sun:sdk:1.4.2_7 cpe:/a:sun:jre:1.4.2_13 cpe:/a:sun:jre:1.4.2:update6 cpe:/a:sun:sdk:1.4.2_20 CVE-2010-0095 2010-04-01T12:30:00.797-04:00 2012-10-22T23:17:09.990-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2010-04-02T11:59:00.000-04:00 VUPEN ADV-2010-1793 VUPEN ADV-2010-1454 VUPEN ADV-2010-1191 VUPEN ADV-2010-1107 CONFIRM http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html CONFIRM http://www.vmware.com/security/advisories/VMSA-2011-0003.html BUGTRAQ 20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX REDHAT RHSA-2010:0471 REDHAT RHSA-2010:0383 REDHAT RHSA-2010:0339 REDHAT RHSA-2010:0338 REDHAT RHSA-2010:0337 CONFIRM http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html CONFIRM http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html MANDRIVA MDVSA-2010:084 UBUNTU USN-923-1 CONFIRM http://support.apple.com/kb/HT4171 CONFIRM http://support.apple.com/kb/HT4170 SECUNIA 43308 SECUNIA 40545 SECUNIA 39819 SECUNIA 39659 SECUNIA 39317 SECUNIA 39292 SUSE SUSE-SR:2010:017 SUSE SUSE-SR:2010:011 SUSE SUSE-SR:2010:008 APPLE APPLE-SA-2010-05-18-2 APPLE APPLE-SA-2010-05-18-1 HP HPSBMA02547 HP HPSBMA02547 Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. cpe:/a:isc:bind:9.2.4 cpe:/a:isc:bind:9.2.3 cpe:/a:isc:bind:9.5.0a6 cpe:/a:isc:bind:9.5.0a4 cpe:/a:isc:bind:9.2.2 cpe:/a:isc:bind:9.1.3 cpe:/a:isc:bind:9.1 cpe:/a:isc:bind:9.5.0a3 cpe:/a:isc:bind:9.4.0 cpe:/a:isc:bind:9.1.2 cpe:/a:isc:bind:9.6.0:p1 cpe:/a:isc:bind:9.5.2 cpe:/a:isc:bind:9.2.5 cpe:/a:isc:bind:9.6.1:p2 cpe:/a:isc:bind:9.5.0b1 cpe:/a:isc:bind:9.4.0a3 cpe:/a:isc:bind:9.4.3 cpe:/a:isc:bind:9.2.2:p3 cpe:/a:isc:bind:9.6.1:p1 cpe:/a:isc:bind:9.2 cpe:/a:isc:bind:9.4.0b4 cpe:/a:isc:bind:9.4.2 cpe:/a:isc:bind:9.3.3 cpe:/a:isc:bind:9.0 cpe:/a:isc:bind:9.5.0a5 cpe:/a:isc:bind:9.4.0b1 cpe:/a:isc:bind:9.5.0b3 cpe:/a:isc:bind:9.5.0a2 cpe:/a:isc:bind:9.4.3p4 cpe:/a:isc:bind:9.5.0-p1 cpe:/a:isc:bind:9.5.1b2 cpe:/a:isc:bind:9.2.7 cpe:/a:isc:bind:9.2.0 cpe:/a:isc:bind:9.6.0 cpe:/a:isc:bind:9.0.1 cpe:/a:isc:bind:9.2.1 cpe:/a:isc:bind:9.4.0:rc1 cpe:/a:isc:bind:9.4 cpe:/a:isc:bind:9.3.2 cpe:/a:isc:bind:9.5.0a1 cpe:/a:isc:bind:9.4.1 cpe:/a:isc:bind:9.5.0:rc1 cpe:/a:isc:bind:9.3.0 cpe:/a:isc:bind:9.4.0a5 cpe:/a:isc:bind:9.5.1b1 cpe:/a:isc:bind:9.5 cpe:/a:isc:bind:9.2.6 cpe:/a:isc:bind:9.5.1b3 cpe:/a:isc:bind:9.4.3p1 cpe:/a:isc:bind:9.5.1:rc1 cpe:/a:isc:bind:9.6.0:rc2 cpe:/a:isc:bind:9.6.1 cpe:/a:isc:bind:9.4.0a6 cpe:/a:isc:bind:9.4.3p3 cpe:/a:isc:bind:9.3.1 cpe:/a:isc:bind:9.2.9 cpe:/a:isc:bind:9.5.0b2 cpe:/a:isc:bind:9.5.1 cpe:/a:isc:bind:9.4.0a4 cpe:/a:isc:bind:9.3 cpe:/a:isc:bind:9.4.0a1 cpe:/a:isc:bind:9.4.3p2 cpe:/a:isc:bind:9.5.0 cpe:/a:isc:bind:9.6.0a1 cpe:/a:isc:bind:9.1.1 cpe:/a:isc:bind:9.4.0a2 cpe:/a:isc:bind:9.5.2p1 cpe:/a:isc:bind:9.4.0b2 cpe:/a:isc:bind:9.5.0-p2 CVE-2010-0097 2010-01-22T17:00:00.397-05:00 2011-10-20T22:41:19.147-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2010-01-25T07:35:00.000-05:00 CERT-VN VU#360341 CONFIRM https://www.isc.org/advisories/CVE-2010-0097 REDHAT RHSA-2010:0095 REDHAT RHSA-2010:0062 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=554851 XF bind-dnssecnsec-cache-poisoning(55753) VUPEN ADV-2010-1352 VUPEN ADV-2010-0981 VUPEN ADV-2010-0622 VUPEN ADV-2010-0176 UBUNTU USN-888-1 BID 37865 OSVDB 61853 MANDRIVA MDVSA-2010:021 DEBIAN DSA-2054 CONFIRM http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0018 CONFIRM http://support.apple.com/kb/HT5002 SUNALERT 1021798 SECTRACK 1023474 SECUNIA 40086 SECUNIA 39582 SECUNIA 39334 SECUNIA 38240 SECUNIA 38219 SECUNIA 38169 HP SSRT100004 HP SSRT100004 SUSE SUSE-SA:2010:008 FEDORA FEDORA-2010-0868 FEDORA FEDORA-2010-0861 APPLE APPLE-SA-2011-10-12-3 CONFIRM ftp://ftp.sco.com/pub/unixware7/714/security/p535243_uw7/p535243b.txt ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta does not properly validate DNSSEC (1) NSEC and (2) NSEC3 records, which allows remote attackers to add the Authenticated Data (AD) flag to a forged NXDOMAIN response for an existing domain. cpe:/a:clamav:clamav:0.90.1 cpe:/a:clamav:clamav:0.02 cpe:/a:clamav:clamav:0.93.2 cpe:/a:clamav:clamav:0.86.1 cpe:/a:clamav:clamav:0.91.1 cpe:/a:clamav:clamav:0.93.3 cpe:/a:clamav:clamav:0.95.3 cpe:/a:clamav:clamav:0.93.1 cpe:/a:clamav:clamav:0.3 cpe:/a:clamav:clamav:0.14 cpe:/a:clamav:clamav:0.96:rc2 cpe:/a:clamav:clamav:0.84 cpe:/a:clamav:clamav:0.90.2 cpe:/a:clamav:clamav:0.21 cpe:/a:clamav:clamav:0.86.2 cpe:/a:clamav:clamav:0.70 cpe:/a:clamav:clamav:0.80:rc2 cpe:/a:clamav:clamav:0.53 cpe:/a:clamav:clamav:0.68 cpe:/a:clamav:clamav:0.95 cpe:/a:clamav:clamav:0.68.1 cpe:/a:clamav:clamav:0.88.5 cpe:/a:clamav:clamav:0.14:pre cpe:/a:clamav:clamav:0.80 cpe:/a:clamav:clamav:0.71 cpe:/a:clamav:clamav:0.75.1 cpe:/a:clamav:clamav:0.13 cpe:/a:clamav:clamav:0.88.1 cpe:/a:clamav:clamav:0.20 cpe:/a:clamav:clamav:0.80:rc4 cpe:/a:clamav:clamav:0.54 cpe:/a:clamav:clamav:0.70:rc cpe:/a:clamav:clamav:0.86:rc1 cpe:/a:clamav:clamav:0.94.1 cpe:/a:clamav:clamav:0.90:rc3 cpe:/a:clamav:clamav:0.90.3 cpe:/a:clamav:clamav:0.88.7 cpe:/a:clamav:clamav:0.10 cpe:/a:clamav:clamav:0.95:rc1 cpe:/a:clamav:clamav:0.91.2 cpe:/a:clamav:clamav:0.75 cpe:/a:clamav:clamav:0.93 cpe:/a:clamav:clamav:0.88.2 cpe:/a:clamav:clamav:0.05 cpe:/a:clamav:clamav:0.94.2 cpe:/a:clamav:clamav:0.51 cpe:/a:clamav:clamav:0.85 cpe:/a:clamav:clamav:0.90:rc1.1 cpe:/a:clamav:clamav:0.86 cpe:/a:clamav:clamav:0.60p cpe:/a:clamav:clamav:0.67 cpe:/a:clamav:clamav:0.88.4 cpe:/a:clamav:clamav:0.12 cpe:/a:clamav:clamav:0.87.1 cpe:/a:clamav:clamav:0.95:rc2 cpe:/a:clamav:clamav:0.92 cpe:/a:clamav:clamav:0.91:rc1 cpe:/a:clamav:clamav:0.90 cpe:/a:clamav:clamav:0.03 cpe:/a:clamav:clamav:0.91 cpe:/a:clamav:clamav:0.65 cpe:/a:clamav:clamav:0.67-1 cpe:/a:clamav:clamav:0.60 cpe:/a:clamav:clamav:0.23 cpe:/a:clamav:clamav:0.80:rc3 cpe:/a:clamav:clamav:0.73 cpe:/a:clamav:clamav:0.74 cpe:/a:clamav:clamav:0.80:rc cpe:/a:clamav:clamav:0.85.1 cpe:/a:clamav:clamav:0.15 cpe:/a:clamav:clamav:0.95.1 cpe:/a:clamav:clamav:0.9:rc1 cpe:/a:clamav:clamav:0.88.6 cpe:/a:clamav:clamav:0.95.2 cpe:/a:clamav:clamav:0.92.1 cpe:/a:clamav:clamav:0.84:rc1 cpe:/a:clamav:clamav:0.22 cpe:/a:clamav:clamav:0.01 cpe:/a:clamav:clamav:0.91:rc2 cpe:/a:clamav:clamav:0.81 cpe:/a:clamavs:clamav:0.06 cpe:/a:clamav:clamav:0.84:rc2 cpe:/a:clamav:clamav:0.72 cpe:/a:clamav:clamav:0.94 cpe:/a:clamav:clamav:0.66 cpe:/a:clamav:clamav:0.90:rc1 cpe:/a:clamav:clamav:0.24 cpe:/a:clamav:clamav:0.52 cpe:/a:clamavs:clamav:0.04 cpe:/a:clamav:clamav:0.82 cpe:/a:clamav:clamav:0.96:rc1 cpe:/a:clamav:clamav:0.88.3 cpe:/a:clamav:clamav:0.88 cpe:/a:clamav:clamav:0.87 cpe:/a:clamav:clamav:0.90:rc2 cpe:/a:clamav:clamav:0.83 CVE-2010-0098 2010-04-08T13:30:00.313-04:00 2010-08-31T01:41:20.807-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2010-04-09T10:28:00.000-04:00 BID 39262 CONFIRM https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1826 VUPEN ADV-2010-1206 VUPEN ADV-2010-1001 VUPEN ADV-2010-0909 VUPEN ADV-2010-0832 VUPEN ADV-2010-0827 UBUNTU USN-926-1 MLIST [oss-security] 20100407 Re: ClamAV small issues MLIST [oss-security] 20100406 ClamAV small issues MANDRIVA MDVSA-2010:082 CONFIRM http://support.apple.com/kb/HT4312 SECUNIA 39656 SECUNIA 39329 SECUNIA 39293 SUSE SUSE-SR:2010:010 APPLE APPLE-SA-2010-08-24-1 CONFIRM http://git.clamav.net/gitweb?p=clamav-devel.git;a=blob_plain;f=ChangeLog;hb=clamav-0.96 ClamAV before 0.96 does not properly handle the (1) CAB and (2) 7z file formats, which allows remote attackers to bypass virus detection via a crafted archive that is compatible with standard archive utilities. CVE-2010-0099 2010-07-22T12:30:01.017-04:00 2010-07-22T12:30:01.297-04:00 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-0092. Reason: This candidate is a duplicate of CVE-2010-0092. Notes: All CVE users should reference CVE-2010-0092 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. cpe:/h:lexmark:c53x cpe:/h:lexmark:e350 cpe:/h:lexmark:n4000 cpe:/h:lexmark:e240n cpe:/h:lexmark:n8130 cpe:/h:lexmark:x646 cpe:/h:lexmark:e250 cpe:/h:lexmark:x65x cpe:/h:lexmark:e238 cpe:/h:lexmark:x94x cpe:/h:lexmark:x46x cpe:/h:lexmark:e240 cpe:/h:lexmark:c73x cpe:/h:lexmark:t654 cpe:/h:lexmark:x422 cpe:/h:lexmark:x34x cpe:/h:lexmark:c510 cpe:/h:lexmark:t650 cpe:/h:lexmark:c935dn cpe:/h:lexmark:c78x cpe:/h:lexmark:x73x cpe:/h:lexmark:n8120 cpe:/h:lexmark:w850 cpe:/h:lexmark:e33x cpe:/h:lexmark:c544 cpe:/h:lexmark:t652 cpe:/h:lexmark:x544 cpe:/h:lexmark:x782e cpe:/h:lexmark:c540 cpe:/h:lexmark:x86x cpe:/h:lexmark:x36x cpe:/h:lexmark:x546 cpe:/h:lexmark:n4050e cpe:/h:lexmark:c920 cpe:/h:lexmark:e360d cpe:/h:lexmark:x642 cpe:/h:lexmark:e120 cpe:/h:lexmark:x64xef cpe:/h:lexmark:w840 cpe:/h:lexmark:t64x cpe:/h:lexmark:x20x cpe:/h:lexmark:x543 cpe:/h:lexmark:x772e cpe:/h:lexmark:t430 cpe:/h:lexmark:n70xxe cpe:/h:lexmark:e360dn cpe:/h:lexmark:c77x cpe:/h:lexmark:x26x cpe:/h:lexmark:e450 cpe:/h:lexmark:c546 cpe:/h:lexmark:25xxn cpe:/h:lexmark:c543 cpe:/h:lexmark:x85x cpe:/h:lexmark:x644 cpe:/h:lexmark:e260 cpe:/h:lexmark:e460 cpe:/h:lexmark:e462 cpe:/h:lexmark:c52x cpe:/h:lexmark:e23x cpe:/h:lexmark:t656 cpe:/h:lexmark:e34x CVE-2010-0101 2010-05-04T12:00:35.230-04:00 2010-05-07T00:00:00.000-04:00 7.8 NETWORK LOW NONE NONE NONE COMPLETE http://nvd.nist.gov 2010-05-04T14:25:00.000-04:00 CONFIRM http://support.lexmark.com/index?page=content&id=TE87&locale=EN&userlocale=EN_US The embedded HTTP server in multiple Lexmark laser and inkjet printers and MarkNet devices, including X94x, W840, T656, N4000, E462, C935dn, 25xxN, and other models, allows remote attackers to cause a denial of service (operating system halt) via a malformed HTTP Authorization header. cpe:/a:energizer:duo_usb CVE-2010-0103 2010-03-10T15:13:02.667-05:00 2010-03-10T00:00:00.000-05:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2010-03-10T17:30:00.000-05:00 CERT-VN VU#154421 MISC http://www.symantec.com/connect/blogs/trojan-found-usb-battery-charger-software BID 38571 MISC http://www.marketwatch.com/story/energizer-announces-duo-charger-and-usb-charger-software-problem-2010-03-05 UsbCharger.dll in the Energizer DUO USB battery charger software contains a backdoor that is implemented through the Arucer.dll file in the %WINDIR%\system32 directory, which allows remote attackers to download arbitrary programs onto a Windows PC, and execute these programs, via a request to TCP port 7777. cpe:/h:broadcom:broadcom:integrated_nic_management_firmware:1.24.0.9 cpe:/h:broadcom:broadcom:integrated_nic_management_firmware:8.0.4 CVE-2010-0104 2010-03-18T13:30:00.383-04:00 2010-06-23T00:00:00.000-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2010-03-19T12:49:00.000-04:00 CERT-VN VU#512705 HP HPSBGN02511 VUPEN ADV-2010-0631 BID 38759 SECTRACK 1023710 SECUNIA 39003 HP HPSBGN02511 Unspecified vulnerability in the Broadcom Integrated NIC Management Firmware 1.x before 1.40.0.0 and 8.x before 8.08 on the HP Small Form Factor and Microtower platforms allows remote attackers to execute arbitrary code via unknown vectors. cpe:/o:apple:mac_os_x:10.6.2 cpe:/o:apple:mac_os_x:10.6.3 cpe:/o:apple:mac_os_x:10.6.0 cpe:/o:apple:mac_os_x:10.6.4 cpe:/o:apple:mac_os_x:10.5.8 cpe:/o:apple:mac_os_x:10.6.1 CVE-2010-0105 2010-04-27T11:30:01.217-04:00 2010-12-10T00:00:00.000-05:00 4.9 LOCAL LOW NONE NONE NONE COMPLETE http://nvd.nist.gov 2010-04-28T13:46:00.000-04:00 SECTRACK 1024723 BID 39658 CONFIRM http://support.apple.com/kb/HT4435 SREASONRES 20100423 MacOS X 10.6.3 filesystem hfs Denial of Service Vulnerability APPLE APPLE-SA-2010-11-10-1 The hfs implementation in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 supports hard links to directories and does not prevent certain deeply nested directory structures, which allows local users to cause a denial of service (filesystem corruption) via a crafted application that calls the mkdir and link functions, related to the fsck_hfs program in the diskdev_cmds component. cpe:/a:symantec:client_security:3.0:mr1 cpe:/a:symantec:antivirus:10.0.8 cpe:/a:symantec:client_security:3.1:mr4 cpe:/a:symantec:client_security:3.0:mr2 cpe:/a:symantec:antivirus:10.0 cpe:/a:symantec:antivirus:10.0.2.2 cpe:/a:symantec:client_security:3.0.1.1008 cpe:/a:symantec:antivirus:10.0.2 cpe:/a:symantec:antivirus:10.1.5.1::corporate cpe:/a:symantec:antivirus:10.1 cpe:/a:symantec:client_security:3.0.2 cpe:/a:symantec:antivirus:10.1:mr7:corporate cpe:/a:symantec:client_security:3.0.2.2010 cpe:/a:symantec:client_security:3.1 cpe:/a:symantec:antivirus:10.1.6.1::corporate cpe:/a:symantec:client_security:3.0.1.1000 cpe:/a:symantec:client_security:3.1:mr5 cpe:/a:symantec:antivirus:10.1::corporate cpe:/a:symantec:client_security:3.1.394 cpe:/a:symantec:antivirus:10.0.4 cpe:/a:symantec:antivirus:10.1:mr5:corporate cpe:/a:symantec:client_security:3.1.0.401 cpe:/a:symantec:antivirus:10.0.6 cpe:/a:symantec:client_security:3.0.2.2020 cpe:/a:symantec:client_security:3.0.2.2021 cpe:/a:symantec:antivirus:10.0.2.1 cpe:/a:symantec:client_security:3.0.2.2000 cpe:/a:symantec:client_security:3.0.0.359 cpe:/a:symantec:client_security:3.1.401 cpe:/a:symantec:endpoint_protection:11 cpe:/a:symantec:antivirus:10.0.9 cpe:/a:symantec:client_security:3.1:mr7 cpe:/a:symantec:antivirus:10.1.5::corporate cpe:/a:symantec:client_security:3.0.1.1007 cpe:/a:symantec:client_security:3.0.2.2001 cpe:/a:symantec:antivirus:10.0.1.1 cpe:/a:symantec:antivirus:10.2:mr2:corporate cpe:/a:symantec:antivirus:10.0.3 cpe:/a:symantec:antivirus:10.0.5 cpe:/a:symantec:antivirus:10.0.7 cpe:/a:symantec:antivirus:10.1.7::corporate cpe:/a:symantec:client_security:3.1.400 cpe:/a:symantec:antivirus:10.1.6::corporate cpe:/a:symantec:client_security:3.0.2.2011 cpe:/a:symantec:antivirus:10.1.0.1::corporate cpe:/a:symantec:antivirus:10.1.4.1::corporate cpe:/a:symantec:antivirus:10.1:mp1:corporate cpe:/a:symantec:antivirus:10.2:mr3:corporate cpe:/a:symantec:antivirus:10.2::corporate cpe:/a:symantec:antivirus:10.1:mr4:corporate cpe:/a:symantec:antivirus:10.1.4::corporate cpe:/a:symantec:client_security:3.1.0.396 cpe:/a:symantec:client_security:3.0 cpe:/a:symantec:antivirus:10.0.1 CVE-2010-0106 2010-02-19T12:30:00.660-05:00 2013-02-06T23:26:55.827-05:00 1.9 LOCAL MEDIUM NONE NONE NONE PARTIAL http://nvd.nist.gov 2010-02-22T08:40:00.000-05:00 XF symantec-ondemand-dos(56354) VUPEN ADV-2010-0410 CONFIRM http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100217_00 SECTRACK 1023621 BID 38219 SECUNIA 38653 OSVDB 62414 The on-demand scanning in Symantec AntiVirus 10.0.x and 10.1.x before MR9, AntiVirus 10.2.x, and Client Security 3.0.x and 3.1.x before MR9, when Tamper protection is disabled, allows remote attackers to cause a denial of service (prevention of on-demand scanning) via "specific events" that prevent the user from having read access to unspecified resources. cpe:/a:symantec:norton_360:2.0 cpe:/a:symantec:client_security:3.1.396 cpe:/a:symantec:norton_antivirus:2007 cpe:/a:symantec:norton_internet_security:2006 cpe:/a:symantec:client_security:3.1:mr4 cpe:/a:symantec:client_security:3.0.1.1007 cpe:/a:symantec:client_security:3.0.2.2001 cpe:/a:symantec:client_security:3.0.2.2002 cpe:/a:symantec:client_security:3.0.1.1008 cpe:/a:symantec:client_security:3.1:mr6 cpe:/a:symantec:client_security:3.0.2 cpe:/a:symantec:norton_antivirus:2006 cpe:/a:symantec:client_security:3.1.400 cpe:/a:symantec:client_security:3.0.2.2010 cpe:/a:symantec:client_security:3.1 cpe:/a:symantec:norton_internet_security:2008 cpe:/a:symantec:client_security:3.0.2.2011 cpe:/a:symantec:client_security:3.0.1.1000 cpe:/a:symantec:client_security:3.0.1.1009 cpe:/a:symantec:client_security:3.1:mr5 cpe:/a:symantec:client_security:3.1.0.401 cpe:/a:symantec:client_security:3.0.2.2020 cpe:/a:symantec:client_security:3.0.2.2021 cpe:/a:symantec:norton_360:1.0 cpe:/a:symantec:client_security:3.0.2.2000 cpe:/a:symantec:client_security:3.1.0.396 cpe:/a:symantec:client_security:3.1.401 cpe:/a:symantec:client_security:3.0 cpe:/a:symantec:norton_antivirus:2008 cpe:/a:symantec:norton_internet_security:2007 cpe:/a:symantec:client_security:3.0.1.1001 CVE-2010-0107 2010-02-23T15:30:00.467-05:00 2013-02-06T23:26:56.000-05:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2010-02-24T10:11:00.000-05:00 XF symantec-symltcom-activex-bo(56357) VUPEN ADV-2010-0411 CONFIRM http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100217_01 SECTRACK 1023631 SECTRACK 1023630 SECTRACK 1023629 SECTRACK 1023628 BID 38217 BUGTRAQ 20100224 VUPEN Security Research - Symantec Products "SYMLTCOM.dll" Buffer Overflow Vulnerability SECUNIA 38654 OSVDB 62412 Buffer overflow in an ActiveX control (SYMLTCOM.dll) in Symantec N360 1.0 and 2.0; Norton Internet Security, AntiVirus, SystemWorks, and Confidential 2006 through 2008; and Symantec Client Security 3.0.x before 3.1 MR9, and 3.1.x before MR9; allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors. NOTE: this is only a vulnerability if the attacker can "masquerade as an authorized site." cpe:/a:symantec:client_security:3.0:mr1 cpe:/a:symantec:antivirus:10.0.8 cpe:/a:symantec:client_security:3.1:mr4 cpe:/a:symantec:client_security:3.0:mr2 cpe:/a:symantec:antivirus:10.0 cpe:/a:symantec:antivirus:10.0.2.2 cpe:/a:symantec:client_security:3.0.1.1008 cpe:/a:symantec:antivirus:10.0.2 cpe:/a:symantec:antivirus:10.1.5.1::corporate cpe:/a:symantec:antivirus:10.1 cpe:/a:symantec:client_security:3.0.2 cpe:/a:symantec:antivirus:10.1:mr7:corporate cpe:/a:symantec:client_security:3.0.2.2010 cpe:/a:symantec:client_security:3.1 cpe:/a:symantec:antivirus:10.1.6.1::corporate cpe:/a:symantec:client_security:3.0.1.1000 cpe:/a:symantec:client_security:3.1:mr5 cpe:/a:symantec:antivirus:10.1::corporate cpe:/a:symantec:client_security:3.1.394 cpe:/a:symantec:antivirus:10.0.4 cpe:/a:symantec:antivirus:10.1:mr5:corporate cpe:/a:symantec:client_security:3.1.0.401 cpe:/a:symantec:antivirus:10.0.6 cpe:/a:symantec:client_security:3.0.2.2020 cpe:/a:symantec:client_security:3.0.2.2021 cpe:/a:symantec:antivirus:10.0.2.1 cpe:/a:symantec:client_security:3.0.2.2000 cpe:/a:symantec:client_security:3.0.0.359 cpe:/a:symantec:client_security:3.1.401 cpe:/a:symantec:endpoint_protection:11 cpe:/a:symantec:antivirus:10.0.9 cpe:/a:symantec:client_security:3.1:mr7 cpe:/a:symantec:antivirus:10.1.5::corporate cpe:/a:symantec:client_security:3.0.1.1007 cpe:/a:symantec:client_security:3.0.2.2001 cpe:/a:symantec:antivirus:10.0.1.1 cpe:/a:symantec:antivirus:10.2:mr2:corporate cpe:/a:symantec:antivirus:10.0.3 cpe:/a:symantec:antivirus:10.0.5 cpe:/a:symantec:antivirus:10.0.7 cpe:/a:symantec:antivirus:10.1.7::corporate cpe:/a:symantec:client_security:3.1.400 cpe:/a:symantec:antivirus:10.1.6::corporate cpe:/a:symantec:client_security:3.0.2.2011 cpe:/a:symantec:antivirus:10.1.0.1::corporate cpe:/a:symantec:antivirus:10.1.4.1::corporate cpe:/a:symantec:antivirus:10.1:mp1:corporate cpe:/a:symantec:antivirus:10.2:mr3:corporate cpe:/a:symantec:antivirus:10.2::corporate cpe:/a:symantec:antivirus:10.1:mr4:corporate cpe:/a:symantec:antivirus:10.1.4::corporate cpe:/a:symantec:client_security:3.1.0.396 cpe:/a:symantec:client_security:3.0 cpe:/a:symantec:antivirus:10.0.1 CVE-2010-0108 2010-02-19T12:30:00.690-05:00 2013-02-06T23:26:56.187-05:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2010-02-22T09:00:00.000-05:00 XF scp-cliproxy-activex-bo(56355) VUPEN ADV-2010-0412 CONFIRM http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100217_02 BID 38222 BUGTRAQ 20100219 [DSECRG-09-039] Symantec Antivirus 10.0 ActiveX - buffer Overflow. SECUNIA 38651 MISC http://dsecrg.com/pages/vul/show.php?id=139 Buffer overflow in the cliproxy.objects.1 ActiveX control in the Symantec Client Proxy (CLIproxy.dll) in Symantec AntiVirus 10.0.x, 10.1.x before MR9, and 10.2.x before MR4; and Symantec Client Security 3.0.x and 3.1.x before MR9 allows remote attackers to execute arbitrary code via a long argument to the SetRemoteComputerName function. cpe:/a:symantec:system_center:10.0 cpe:/a:symantec:antivirus:10.1.5::corporate cpe:/a:symantec:antivirus:10.0.1::corporate cpe:/a:symantec:antivirus_central_quarantine_server:3.6 cpe:/a:symantec:antivirus:10.1:mr6:corporate cpe:/a:symantec:antivirus:10.2:mr2:corporate cpe:/a:symantec:antivirus:10.1.5.1::corporate cpe:/a:symantec:antivirus:10.0.1.2::corporate cpe:/a:symantec:antivirus:10.0.2.1::corporate cpe:/a:symantec:antivirus:10.0.9::corporate cpe:/a:symantec:antivirus:10.0::corporate cpe:/a:symantec:antivirus:10.1.9::corporate cpe:/a:symantec:antivirus:10.1.7::corporate cpe:/a:symantec:antivirus:10.1:mr7:corporate cpe:/a:symantec:antivirus:10.0.8::corporate cpe:/a:symantec:antivirus:10.0:mr1:corporate cpe:/a:symantec:antivirus:10.0.7::corporate cpe:/a:symantec:antivirus:10.0:mr2:corporate cpe:/a:symantec:antivirus:10.1.6::corporate cpe:/a:symantec:antivirus:10.1.6.1::corporate cpe:/a:symantec:antivirus:10.1.0.1::corporate cpe:/a:symantec:system_center:10.1 cpe:/a:symantec:antivirus_central_quarantine_server:3.5 cpe:/a:symantec:antivirus:10.1.4.1::corporate cpe:/a:symantec:antivirus:10.0.5::corporate cpe:/a:symantec:antivirus:10.1::corporate cpe:/a:symantec:antivirus:10.1:mp1:corporate cpe:/a:symantec:antivirus:10.2:mr3:corporate cpe:/a:symantec:antivirus:10.1:mr5:corporate cpe:/a:symantec:antivirus:10.0.6::corporate cpe:/a:symantec:antivirus:10.2::corporate cpe:/a:symantec:antivirus:10.1:mr4:corporate cpe:/a:symantec:antivirus:10.1.4::corporate cpe:/a:symantec:antivirus:10.0.4::corporate cpe:/a:symantec:antivirus:10.0.2.2::corporate cpe:/a:symantec:antivirus:10.1.8::corporate cpe:/a:symantec:antivirus:10.0.2::corporate cpe:/a:symantec:antivirus:10.0.3::corporate cpe:/a:symantec:antivirus:10.0.1.1::corporate CVE-2010-0110 2011-01-31T16:00:01.610-05:00 2013-02-06T23:26:56.360-05:00 7.9 ADJACENT_NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2011-02-01T12:20:00.000-05:00 XF symantec-intel-ams2-bo(64940) MISC http://www.zerodayinitiative.com/advisories/ZDI-11-032 MISC http://www.zerodayinitiative.com/advisories/ZDI-11-031 MISC http://www.zerodayinitiative.com/advisories/ZDI-11-030 MISC http://www.zerodayinitiative.com/advisories/ZDI-11-028 VUPEN ADV-2011-0234 CONFIRM http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110126_00 BID 45936 SECTRACK 1024996 SECUNIA 43106 SECUNIA 43099 Multiple stack-based buffer overflows in Intel Alert Management System (aka AMS or AMS2), as used in Symantec AntiVirus Corporate Edition (SAVCE) 10.x before 10.1 MR10, Symantec System Center (SSC) 10.x, and Symantec Quarantine Server 3.5 and 3.6, allow remote attackers to execute arbitrary code via (1) a long string to msgsys.exe, related to the AMSSendAlertAct function in AMSLIB.dll in the Intel Alert Handler service (aka Symantec Intel Handler service); a long (2) modem string or (3) PIN number to msgsys.exe, related to pagehndl.dll in the Intel Alert Handler service; or (4) a message to msgsys.exe, related to iao.exe in the Intel Alert Originator service. cpe:/a:symantec:system_center:10.0 cpe:/a:symantec:antivirus:10.1.5::corporate cpe:/a:symantec:antivirus:10.0.1::corporate cpe:/a:symantec:antivirus_central_quarantine_server:3.6 cpe:/a:symantec:antivirus:10.1:mr6:corporate cpe:/a:symantec:antivirus:10.2:mr2:corporate cpe:/a:symantec:antivirus:10.1.5.1::corporate cpe:/a:symantec:antivirus:10.0.1.2::corporate cpe:/a:symantec:antivirus:10.0.2.1::corporate cpe:/a:symantec:antivirus:10.0.9::corporate cpe:/a:symantec:antivirus:10.0::corporate cpe:/a:symantec:antivirus:10.1.9::corporate cpe:/a:symantec:antivirus:10.1.7::corporate cpe:/a:symantec:antivirus:10.1:mr7:corporate cpe:/a:symantec:antivirus:10.0.8::corporate cpe:/a:symantec:antivirus:10.0:mr1:corporate cpe:/a:symantec:antivirus:10.0.7::corporate cpe:/a:symantec:antivirus:10.0:mr2:corporate cpe:/a:symantec:antivirus:10.1.6::corporate cpe:/a:symantec:antivirus:10.1.6.1::corporate cpe:/a:symantec:antivirus:10.1.0.1::corporate cpe:/a:symantec:system_center:10.1 cpe:/a:symantec:antivirus_central_quarantine_server:3.5 cpe:/a:symantec:antivirus:10.1.4.1::corporate cpe:/a:symantec:antivirus:10.0.5::corporate cpe:/a:symantec:antivirus:10.1::corporate cpe:/a:symantec:antivirus:10.1:mp1:corporate cpe:/a:symantec:antivirus:10.2:mr3:corporate cpe:/a:symantec:antivirus:10.1:mr5:corporate cpe:/a:symantec:antivirus:10.0.6::corporate cpe:/a:symantec:antivirus:10.2::corporate cpe:/a:symantec:antivirus:10.1:mr4:corporate cpe:/a:symantec:antivirus:10.1.4::corporate cpe:/a:symantec:antivirus:10.0.4::corporate cpe:/a:symantec:antivirus:10.0.2.2::corporate cpe:/a:symantec:antivirus:10.1.8::corporate cpe:/a:symantec:antivirus:10.0.2::corporate cpe:/a:symantec:antivirus:10.0.3::corporate cpe:/a:symantec:antivirus:10.0.1.1::corporate CVE-2010-0111 2011-01-31T16:00:03.190-05:00 2013-02-06T23:26:56.547-05:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2011-02-01T13:12:00.000-05:00 XF symantec-intelams2-dos(64943) XF symantec-intelams2-code-execution(64942) MISC http://www.zerodayinitiative.com/advisories/ZDI-11-029 VUPEN ADV-2011-0234 CONFIRM http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110126_01 BID 45935 SECTRACK 1024997 SECUNIA 43106 SECUNIA 43099 HDNLRSVC.EXE in the Intel Alert Handler service (aka Symantec Intel Handler service) in Intel Alert Management System (aka AMS or AMS2), as used in Symantec AntiVirus Corporate Edition (SAVCE) 10.x before 10.1 MR10, Symantec System Center (SSC) 10.x, and Symantec Quarantine Server 3.5 and 3.6, allows remote attackers to execute arbitrary programs by sending msgsys.exe a UNC share pathname, which is used directly in a CreateProcessA (aka CreateProcess) call. cpe:/a:symantec:im_manager:8.4.1 cpe:/a:symantec:im_manager:8.4.5 cpe:/a:symantec:im_manager:8.4.0 cpe:/a:symantec:im_manager:8.4.7 cpe:/a:symantec:im_manager:8.4.13 cpe:/a:symantec:im_manager:8.4.6 cpe:/a:symantec:im_manager:8.4.15 cpe:/a:symantec:im_manager:8.4.12 cpe:/a:symantec:im_manager:8.4.10 cpe:/a:symantec:im_manager:8.3 cpe:/a:symantec:im_manager:7.5 cpe:/a:symantec:im_manager:8.4.11 cpe:/a:symantec:im_manager:8.4.9 cpe:/a:symantec:im_manager:6.0 cpe:/a:symantec:im_manager:7.0 cpe:/a:symantec:im_manager:8.4.2 cpe:/a:symantec:im_manager:6.5 cpe:/a:symantec:im_manager:8.4.8 CVE-2010-0112 2010-10-28T16:00:02.483-04:00 2013-02-06T23:26:56.717-05:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2010-10-29T08:53:00.000-04:00 XF immanager-unspecified-sql-injection(62806) MISC http://www.zerodayinitiative.com/advisories/ZDI-10-226/ MISC http://www.zerodayinitiative.com/advisories/ZDI-10-225/ MISC http://www.zerodayinitiative.com/advisories/ZDI-10-224/ MISC http://www.zerodayinitiative.com/advisories/ZDI-10-223/ MISC http://www.zerodayinitiative.com/advisories/ZDI-10-222/ MISC http://www.zerodayinitiative.com/advisories/ZDI-10-221/ MISC http://www.zerodayinitiative.com/advisories/ZDI-10-220/ VUPEN ADV-2010-2789 CONFIRM http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20101027_01 SECTRACK 1024648 BID 44299 SECUNIA 41959 OSVDB 68903 OSVDB 68902 OSVDB 68901 Multiple SQL injection vulnerabilities in the Administrative Interface in the IIS extension in Symantec IM Manager before 8.4.16 allow remote attackers to execute arbitrary SQL commands via (1) the rdReport parameter to rdpageimlogic.aspx, related to the sGetDefinition function in rdServer.dll, and SQL statements contained within a certain report file; (2) unspecified parameters in a DetailReportGroup (aka DetailReportGroup.lgx) action to rdpageimlogic.aspx; the (3) selclause, (4) whereTrendTimeClause, (5) TrendTypeForReport, (6) whereProtocolClause, or (7) groupClause parameter in a SummaryReportGroup (aka SummaryReportGroup.lgx) action to rdpageimlogic.aspx; the (8) loginTimeStamp, (9) dbo, (10) dateDiffParam, or (11) whereClause parameter in a LoggedInUsers (aka LoggedInUSers.lgx) action to (a) rdpageimlogic.aspx or (b) rdPage.aspx; the (12) selclause, (13) whereTrendTimeClause, (14) TrendTypeForReport, (15) whereProtocolClause, or (16) groupClause parameter to rdpageimlogic.aspx; (17) the groupList parameter to IMAdminReportTrendFormRun.asp; or (18) the email parameter to IMAdminScheduleReport.asp. cpe:/a:symantec:mobile_security:1.0:beta CVE-2010-0113 2010-11-15T16:00:03.110-05:00 2013-02-06T23:26:56.890-05:00 4.3 NETWORK MEDIUM NONE PARTIAL NONE NONE http://nvd.nist.gov 2010-11-16T09:00:00.000-05:00 XF norton-mobile-setup-information-disclosure(63294) VUPEN ADV-2010-2982 CONFIRM http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20101111_00 BID 44767 OSVDB 69253 The Symantec Norton Mobile Security application 1.0 Beta for Android records setup details, possibly including wipe/lock credentials, in the device logs, which allows user-assisted remote attackers to obtain potentially sensitive information by leveraging the ability of a separate crafted application to read these logs. cpe:/a:symantec:endpoint_protection:11.0.1:mp1 cpe:/a:symantec:endpoint_protection:11.0.2:mp1 cpe:/a:symantec:endpoint_protection:11.0.4:mp2 cpe:/a:symantec:endpoint_protection:11.0:ru6 cpe:/a:symantec:endpoint_protection:11.0.4 cpe:/a:symantec:endpoint_protection:11.0.2 cpe:/a:symantec:endpoint_protection:11.0.1 cpe:/a:symantec:endpoint_protection:11 cpe:/a:symantec:endpoint_protection:11.0.3001 cpe:/a:symantec:endpoint_protection:11.0.2:mp2 cpe:/a:symantec:endpoint_protection:11.0:ru5 cpe:/a:symantec:endpoint_protection:11.0.4:mp1a cpe:/a:symantec:endpoint_protection:11.0:ru6mp1 CVE-2010-0114 2010-12-21T20:00:02.283-05:00 2013-02-06T23:26:57.077-05:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2010-12-22T08:53:00.000-05:00 XF symantec-endpoint-fwcharts-code-execution(64118) MISC http://www.zerodayinitiative.com/advisories/ZDI-10-291/ VUPEN ADV-2010-3252 CONFIRM http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20101215_00 BID 45372 SECTRACK 1024900 SECUNIA 42643 fw_charts.php in the reporting module in the Manager (aka SEPM) component in Symantec Endpoint Protection (SEP) 11.x before 11 RU6 MP2 allows remote attackers to bypass intended restrictions on report generation, overwrite arbitrary PHP scripts, and execute arbitrary code via a crafted request. cpe:/a:symantec:web_gateway:4.5 cpe:/a:symantec:web_gateway:4.5.0.327 cpe:/a:symantec:web_gateway:4.5.0.326 cpe:/a:symantec:web_gateway:4.5.0.325 CVE-2010-0115 2011-01-14T18:00:44.100-05:00 2013-02-06T23:26:57.250-05:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2011-01-17T14:01:00.000-05:00 XF symantec-web-username-sql-injection(64658) MISC http://www.zerodayinitiative.com/advisories/ZDI-11-013/ VUPEN ADV-2011-0088 CONFIRM http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110112_00 SECTRACK 1024958 BID 45742 SECUNIA 42878 OSVDB 70415 SQL injection vulnerability in login.php in the GUI management console in Symantec Web Gateway 4.5 before 4.5.0.376 allows remote attackers to execute arbitrary SQL commands via the USERNAME parameter. cpe:/a:realnetworks:realplayer:11.1 cpe:/a:realnetworks:realplayer_sp:1.1.3 cpe:/a:realnetworks:realplayer_sp:1.0.0 cpe:/a:realnetworks:realplayer_sp:1.1.1 cpe:/a:realnetworks:realplayer_sp:1.1.4 cpe:/a:realnetworks:realplayer_sp:1.0.5 cpe:/a:realnetworks:realplayer_sp:1.0.2 cpe:/a:realnetworks:realplayer:11.0 cpe:/a:realnetworks:realplayer_sp:1.1.2 cpe:/a:realnetworks:realplayer_sp:1.1 cpe:/a:realnetworks:realplayer_sp:1.0.1 CVE-2010-0116 2010-08-30T16:00:01.827-04:00 2011-07-18T22:33:58.907-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2010-08-31T09:09:00.000-04:00 XF realplayer-qcp-bo(61420) VUPEN ADV-2010-2216 SECTRACK 1024370 CONFIRM http://service.real.com/realplayer/security/08262010_player/en/ MISC http://secunia.com/secunia_research/2010-3/ SECUNIA 41154 SECUNIA 41096 Integer overflow in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows might allow remote attackers to execute arbitrary code via a crafted QCP file that triggers a heap-based buffer overflow. cpe:/a:realnetworks:realplayer:11.1 cpe:/a:realnetworks:realplayer_sp:1.1.3 cpe:/a:realnetworks:realplayer_sp:1.0.0 cpe:/a:realnetworks:realplayer_sp:1.1.1 cpe:/a:realnetworks:realplayer_sp:1.1.4 cpe:/a:realnetworks:realplayer_sp:1.0.5 cpe:/a:realnetworks:realplayer_sp:1.0.2 cpe:/a:realnetworks:realplayer:11.0 cpe:/a:realnetworks:realplayer_sp:1.1.2 cpe:/a:realnetworks:realplayer_sp:1.1 cpe:/a:realnetworks:realplayer_sp:1.0.1 CVE-2010-0117 2010-08-30T16:00:01.873-04:00 2011-07-18T22:33:59.063-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2010-08-31T09:31:00.000-04:00 XF realplayer-yuv420-code-execution(61421) VUPEN ADV-2010-2216 SECTRACK 1024370 CONFIRM http://service.real.com/realplayer/security/08262010_player/en/ MISC http://secunia.com/secunia_research/2010-5/ SECUNIA 41154 SECUNIA 41096 RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows do not properly handle dimensions during YUV420 transformations, which might allow remote attackers to execute arbitrary code via crafted MP4 content. cpe:/a:becauseinter:bournal:0.8 cpe:/a:becauseinter:bournal:0.4 cpe:/a:becauseinter:bournal:0.7 cpe:/a:becauseinter:bournal:1.1 cpe:/a:becauseinter:bournal:1.0 cpe:/a:becauseinter:bournal:0.1 cpe:/a:becauseinter:bournal:0.2 cpe:/a:becauseinter:bournal:0.9 cpe:/a:becauseinter:bournal:1.3 cpe:/a:becauseinter:bournal:0.4.5 cpe:/a:becauseinter:bournal:0.3 cpe:/a:becauseinter:bournal:1.4 cpe:/a:becauseinter:bournal:0.6 cpe:/a:becauseinter:bournal:1.2 CVE-2010-0118 2010-02-24T19:30:00.390-05:00 2010-03-12T01:37:49.293-05:00 3.3 LOCAL MEDIUM NONE NONE PARTIAL PARTIAL http://nvd.nist.gov 2010-02-25T10:43:00.000-05:00 BID 38353 BUGTRAQ 20100222 Secunia Research: Bournal Insecure Temporary Files Security Issue MISC http://secunia.com/secunia_research/2010-6/ SECUNIA 38814 SECUNIA 38554 FEDORA FEDORA-2010-3168 FEDORA FEDORA-2010-3221 FEDORA FEDORA-2010-3301 Bournal before 1.4.1 allows local users to overwrite arbitrary files via a symlink attack on unspecified temporary files associated with a --hack_the_gibson update check. cpe:/a:becauseinter:bournal:0.8 cpe:/a:becauseinter:bournal:0.4 cpe:/a:becauseinter:bournal:0.7 cpe:/a:becauseinter:bournal:1.1 cpe:/a:becauseinter:bournal:1.0 cpe:/a:becauseinter:bournal:0.1 cpe:/a:becauseinter:bournal:0.2 cpe:/a:becauseinter:bournal:0.9 cpe:/a:becauseinter:bournal:1.3 cpe:/a:becauseinter:bournal:0.3 cpe:/a:becauseinter:bournal:0.4.5 cpe:/a:becauseinter:bournal:1.4 cpe:/a:becauseinter:bournal:0.6 cpe:/a:becauseinter:bournal:1.2 CVE-2010-0119 2010-02-24T19:30:00.453-05:00 2010-03-12T01:37:49.417-05:00 2.1 LOCAL LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2010-02-25T11:31:00.000-05:00 BID 38352 BUGTRAQ 20100222 Secunia Research: Bournal ccrypt Information Disclosure Security Issue MISC http://secunia.com/secunia_research/2010-7/ SECUNIA 38814 SECUNIA 38723 FEDORA FEDORA-2010-3168 FEDORA FEDORA-2010-3221 FEDORA FEDORA-2010-3301 Bournal before 1.4.1 on FreeBSD 8.0, when the -K option is used, places a ccrypt key on the command line, which allows local users to obtain sensitive information by listing the process and its arguments, related to "echoing." cpe:/a:realnetworks:realplayer:11.1 cpe:/a:realnetworks:realplayer_sp:1.1.3 cpe:/a:realnetworks:realplayer_sp:1.0.0 cpe:/a:realnetworks:realplayer_sp:1.1.1 cpe:/a:realnetworks:realplayer_sp:1.1.4 cpe:/a:realnetworks:realplayer_sp:1.0.5 cpe:/a:realnetworks:realplayer_sp:1.0.2 cpe:/a:realnetworks:realplayer:11.0 cpe:/a:realnetworks:realplayer_sp:1.1.2 cpe:/a:realnetworks:realplayer_sp:1.1 cpe:/a:realnetworks:realplayer_sp:1.0.1 CVE-2010-0120 2010-08-30T16:00:01.920-04:00 2011-07-18T22:33:59.390-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2010-08-31T09:39:00.000-04:00 XF realplayer-qcp-audio-bo(61422) VUPEN ADV-2010-2216 SECTRACK 1024370 CONFIRM http://service.real.com/realplayer/security/08262010_player/en/ MISC http://secunia.com/secunia_research/2010-8/ SECUNIA 41154 SECUNIA 41096 Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows allows remote attackers to execute arbitrary code via large size values in QCP audio content. cpe:/a:realnetworks:realplayer:11.1 cpe:/a:realnetworks:realplayer:11.0.2.1744 cpe:/a:realnetworks:realplayer:11.0.3 cpe:/a:realnetworks:realplayer:11.0.4 cpe:/a:realnetworks:realplayer_sp:1.0.0 cpe:/a:realnetworks:realplayer_sp:1.1.1 cpe:/a:realnetworks:realplayer_sp:1.0.5 cpe:/a:realnetworks:realplayer_sp:1.1.2 cpe:/a:realnetworks:realplayer_sp:1.1 cpe:/a:realnetworks:realplayer_sp:1.0.1 cpe:/a:realnetworks:realplayer_sp:1.1.5 cpe:/a:realnetworks:realplayer:11.0.2 cpe:/a:realnetworks:realplayer:12.0.0.1444 cpe:/a:realnetworks:realplayer:11.0.1 cpe:/a:realnetworks:realplayer_sp:1.1.3 cpe:/a:realnetworks:realplayer:11.0.5 cpe:/a:realnetworks:realplayer_sp:1.1.4 cpe:/a:realnetworks:realplayer:11.0 cpe:/a:realnetworks:realplayer_sp:1.0.2 CVE-2010-0121 2010-12-14T11:00:02.773-05:00 2011-01-19T00:00:00.000-05:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2010-12-14T11:22:00.000-05:00 SECTRACK 1024861 CONFIRM http://service.real.com/realplayer/security/12102010_player/en/ The cook codec in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, Mac RealPlayer 11.0 through 12.0.0.1444, and Linux RealPlayer 11.0.2.1744 does not properly perform initialization, which has unspecified impact and attack vectors. cpe:/a:timeclock-software:employee_timeclock_software:0.99 CVE-2010-0122 2010-03-15T09:28:25.620-04:00 2010-03-15T13:06:30.113-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2010-03-15T13:05:00.000-04:00 XF timeclock-auth-sql-injection(56799) BID 38639 BUGTRAQ 20100310 Secunia Research: Employee Timeclock Software SQL Injection Vulnerabilities OSVDB 62832 OSVDB 62831 MISC http://secunia.com/secunia_research/2010-11/ SECUNIA 38739 Multiple SQL injection vulnerabilities in Employee Timeclock Software 0.99 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter to (a) auth.php or (b) login_action.php. cpe:/a:timeclock-software:employee_timeclock_software:0.99 CVE-2010-0123 2010-03-15T09:28:25.667-04:00 2010-03-15T14:05:37.013-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2010-03-15T14:05:00.000-04:00 XF timeclock-database-info-disclosure(56798) BUGTRAQ 20100310 Secunia Research: Employee Timeclock Software Backup Information Disclosure OSVDB 62833 MISC http://secunia.com/secunia_research/2010-10/ SECUNIA 38739 The database backup implementation in Employee Timeclock Software 0.99 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for a "semi-predictable file name." cpe:/a:timeclock-software:employee_timeclock_software:0.99 CVE-2010-0124 2010-03-15T09:28:25.700-04:00 2010-03-15T00:00:00.000-04:00 2.1 LOCAL LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2010-03-15T14:10:00.000-04:00 XF timeclock-mysqldump-info-disclosure(56800) BID 38642 BUGTRAQ 20100310 Secunia Research: Employee Timeclock Software "mysqldump" Password Disclosure OSVDB 62830 MISC http://secunia.com/secunia_research/2010-12/ SECUNIA 38739 Employee Timeclock Software 0.99 places the database password on the mysqldump command line, which allows local users to obtain sensitive information by listing the process. cpe:/a:realnetworks:realplayer:11.1 cpe:/a:realnetworks:realplayer:11.0.3 cpe:/a:realnetworks:realplayer:11.0.4 cpe:/a:realnetworks:realplayer_sp:1.0.0 cpe:/a:realnetworks:realplayer_sp:1.0.5 cpe:/a:realnetworks:realplayer_sp:1.1.1 cpe:/a:realnetworks:realplayer_sp:1.1.2 cpe:/a:realnetworks:realplayer_sp:1.1 cpe:/a:realnetworks:realplayer_sp:1.0.1 cpe:/a:realnetworks:realplayer:2.1.2::enterprise cpe:/a:realnetworks:realplayer:11.0.2 cpe:/a:realnetworks:realplayer:12.0.0.1444 cpe:/a:realnetworks:realplayer:11.0.1 cpe:/a:realnetworks:realplayer_sp:1.1.3 cpe:/a:realnetworks:realplayer:11.0.5 cpe:/a:realnetworks:realplayer_sp:1.1.4 cpe:/a:realnetworks:realplayer:11.0 cpe:/a:realnetworks:realplayer_sp:1.0.2 CVE-2010-0125 2010-12-14T11:00:02.820-05:00 2011-02-17T00:00:00.000-05:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2010-12-14T11:56:00.000-05:00 SECTRACK 1024861 CONFIRM http://service.real.com/realplayer/security/12102010_player/en/ RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, RealPlayer Enterprise 2.1.2, and Mac RealPlayer 11.0 through 12.0.0.1444 do not properly parse spectral data in AAC files, which has unspecified impact and remote attack vectors. cpe:/a:autonomy:keyview_export_sdk:10.4 cpe:/a:autonomy:keyview_filter_sdk:10.9 cpe:/a:autonomy:keyview_viewer_sdk:10.4 cpe:/a:autonomy:keyview_viewer_sdk:10.9 cpe:/a:autonomy:keyview_filter_sdk:10.4 cpe:/a:autonomy:keyview_export_sdk:10.9 CVE-2010-0126 2010-08-17T16:00:02.423-04:00 2013-02-06T23:26:58.547-05:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2010-08-18T09:28:00.000-04:00 CONFIRM http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100727_01 BID 41928 CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21440812 MISC http://secunia.com/secunia_research/2010-16/ Heap-based buffer overflow in an unspecified library in Autonomy KeyView 10.4 and 10.9, as used in multiple IBM, Symantec, and other products, allows remote attackers to execute arbitrary code via a crafted compound file, as demonstrated using a Quattro Pro file, which is not properly handled by the Quattro speed reader (qpssr.dll). cpe:/a:adobe:shockwave_p