cpe:/a:le-web:backintime:0.9.26 CVE-2009-3611 2009-10-26T12:30:00.890-04:00 2009-10-26T19:20:30.187-04:00 6.6 LOCAL LOW NONE COMPLETE COMPLETE NONE http://nvd.nist.gov 2009-10-26T19:01:00.000-04:00 CONFIRM http://ftp.debian.org/debian/pool/main/b/backintime/backintime_0.9.26-3.diff.gz CONFIRM http://bugs.gentoo.org/show_bug.cgi?id=289047 FEDORA FEDORA-2009-9298 FEDORA FEDORA-2009-9282 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=520210 CONFIRM https://bugs.launchpad.net/ubuntu/+source/backintime/+bug/434256 MLIST [oss-security] 20091014 Re: CVE Request - backintime MLIST [oss-security] 20091014 CVE Request - backintime CONFIRM http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=543785 common/snapshots.py in Back In Time (aka backintime) 0.9.26 changes certain permissions to 0777 before deleting the files in an old backup snapshot, which allows local users to obtain sensitive information by reading these files, or interfere with backup integrity by modifying files that are shared across snapshots. cpe:/a:sahana:sahana:0.6.2.2 CVE-2009-3625 2009-10-26T12:30:00.953-04:00 2009-10-31T02:23:29.390-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2009-10-26T19:29:00.000-04:00 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=530255 MLIST [oss-security] 20091022 Re: CVE Request -- Sahana MLIST [oss-security] 20091022 CVE Request -- Sahana CONFIRM http://sahana.cvs.sourceforge.net/viewvc/sahana/sahana-phase2/www/index.php?r1=1.83&r2=1.84 CONFIRM https://fedorahosted.org/rel-eng/ticket/2635 BID 36826 MLIST [sahana-maindev] 20091019 SEVERE Security Vulnerability in Sahana Identified and Patched Directory traversal vulnerability in www/index.php in Sahana 0.6.2.2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the mod parameter. cpe:/a:adam_gerson:moodle_courselist:6.x-1.2:beta2 cpe:/a:adam_gerson:moodle_courselist:6.x-1.2:beta1 CVE-2009-3778 2009-10-26T13:30:00.360-04:00 2009-10-27T00:00:00.000-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2009-10-27T10:57:00.000-04:00 VUPEN ADV-2009-3001 BID 36787 CONFIRM http://drupal.org/node/610986 XF moodle-course-unspecified-sql-injection(53895) SECUNIA 37126 OSVDB 59100 SQL injection vulnerability in Moodle Course List 6.x before 6.x-1.2, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via unspecified vectors. cpe:/a:stefan_auditor:vcard:5.x-1.0 cpe:/a:stefan_auditor:vcard:5.x-1.3 cpe:/a:stefan_auditor:vcard:5.x-1.2 cpe:/a:stefan_auditor:vcard:5.x-1.1 cpe:/a:stefan_auditor:vcard:6.x-1.x-dev cpe:/a:stefan_auditor:vcard:5.x-1.x-dev cpe:/a:stefan_auditor:vcard:6.x-1.2 cpe:/a:stefan_auditor:vcard:6.x-1.1 cpe:/a:stefan_auditor:vcard:6.x-1.0 CVE-2009-3779 2009-10-26T13:30:00.377-04:00 2009-10-27T16:16:29.843-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2009-10-27T16:04:00.000-04:00 VUPEN ADV-2009-3002 CONFIRM http://drupal.org/node/610996 CONFIRM http://drupal.org/node/610420 CONFIRM http://drupal.org/node/610416 XF vcard-themevcard-xss(53903) BID 36789 SECUNIA 37127 Cross-site scripting (XSS) vulnerability in vCard 5.x before 5.x-1.4 and 6.x before 6.x-1.3, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to the addition of the theme_vcard function to a theme and the use of default content. cpe:/a:ashok_modi:abuse:5.x-2.x-dev cpe:/a:ashok_modi:abuse:5.x-1.0:beta cpe:/a:ashok_modi:abuse:5.x-1.x-dev CVE-2009-3780 2009-10-26T13:30:00.407-04:00 2009-10-27T16:25:15.390-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2009-10-27T16:15:00.000-04:00 BID 36791 CONFIRM http://drupal.org/node/611078 CONFIRM http://drupal.org/node/610900 CONFIRM http://drupal.org/node/610784 XF abuse-unspecified-xss(53898) SECUNIA 37129 Cross-site scripting (XSS) vulnerability in Abuse 5.x before 5.x-2.1 and 6.x before 6.x-1.1-alpha1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. cpe:/a:quicksketch:filefield:6.x-3.1 CVE-2009-3781 2009-10-26T13:30:00.420-04:00 2009-10-27T16:35:15.967-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2009-10-27T16:25:00.000-04:00 ALLOWS_OTHER_ACCESS BID 36792 CONFIRM http://drupal.org/node/611128 CONFIRM http://drupal.org/node/609874 CONFIRM http://drupal.org/node/516104 CONFIRM http://drupal.org/files/issues/filefield-node-access-fix-516104-3.patch XF filefield-nodeaccess-security-bypass(53897) SECUNIA 37130 The filefield_file_download function in FileField 6.x-3.1, a module for Drupal, does not properly check node-access permissions for Drupal core private files, which allows remote attackers to access unauthorized files via unspecified vectors. cpe:/a:2bits:userpoints:6.x-1.0 cpe:/a:2bits:userpoints:6.x-1.x-dev CVE-2009-3782 2009-10-26T13:30:00.453-04:00 2009-10-27T16:44:40.203-04:00 3.5 NETWORK MEDIUM SINGLE_INSTANCE PARTIAL NONE NONE http://nvd.nist.gov 2009-10-27T16:36:00.000-04:00 VUPEN ADV-2009-2998 BID 36786 CONFIRM http://drupal.org/node/610828 CONFIRM http://drupal.org/node/610818 XF userpoints-userpoint-information-disclosure(53896) SECUNIA 37123 OSVDB 59124 Unspecified vulnerability in Userpoints 6.x before 6.x-1.1, a module for Drupal, allows remote authenticated users with "View own userpoints" permissions to read the userpoint data of arbitrary users via unknown attack vectors. cpe:/a:sjoerd_arendsen:simplenews_statistics:6.x-1.x-dev cpe:/a:sjoerd_arendsen:simplenews_statistics:6.x-1.2 cpe:/a:sjoerd_arendsen:simplenews_statistics:6.x-1.1 cpe:/a:sjoerd_arendsen:simplenews_statistics:6.x-1.0 CVE-2009-3783 2009-10-26T13:30:00.467-04:00 2009-10-27T16:53:47.280-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2009-10-27T16:43:00.000-04:00 BID 36790 CONFIRM http://drupal.org/node/611002 CONFIRM http://drupal.org/node/590098 XF simplenews-unspecified-xss(53905) SECUNIA 37128 Cross-site scripting (XSS) vulnerability in Simplenews Statistics 6.x before 6.x-2.0, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vector. cpe:/a:sjoerd_arendsen:simplenews_statistics:6.x-1.x-dev cpe:/a:sjoerd_arendsen:simplenews_statistics:6.x-1.2 cpe:/a:sjoerd_arendsen:simplenews_statistics:6.x-1.1 cpe:/a:sjoerd_arendsen:simplenews_statistics:6.x-1.0 CVE-2009-3784 2009-10-26T13:30:00.500-04:00 2009-10-27T00:00:00.000-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2009-10-27T16:53:00.000-04:00 ALLOWS_OTHER_ACCESS BID 36790 CONFIRM http://drupal.org/node/611002 CONFIRM http://drupal.org/node/590098 SECUNIA 37128 Open redirect vulnerability in Simplenews Statistics 6.x before 6.x-2.0, a module for Drupal, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. cpe:/a:sjoerd_arendsen:simplenews_statistics:6.x-1.x-dev cpe:/a:sjoerd_arendsen:simplenews_statistics:6.x-1.2 cpe:/a:sjoerd_arendsen:simplenews_statistics:6.x-1.1 cpe:/a:sjoerd_arendsen:simplenews_statistics:6.x-1.0 CVE-2009-3785 2009-10-26T13:30:00.517-04:00 2009-10-27T16:59:28.670-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2009-10-27T16:55:00.000-04:00 BID 36790 CONFIRM http://drupal.org/node/611002 CONFIRM http://drupal.org/node/590098 XF simplenews-unspecified-csrf(53906) SECUNIA 37128 Multiple cross-site request forgery (CSRF) vulnerabilities in Simplenews Statistics 6.x before 6.x-2.0, a module for Drupal, allow remote attackers to hijack the authentication of arbitrary users via unknown vectors. cpe:/a:moshe_weitzman:og_vocab:5.x-1.0 cpe:/a:moshe_weitzman:og_vocab:5.x-1.x-dev CVE-2009-3786 2009-10-26T13:30:00.547-04:00 2009-10-27T17:27:38.920-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2009-10-27T16:58:00.000-04:00 VUPEN ADV-2009-3000 BID 36784 CONFIRM http://drupal.org/node/610948 CONFIRM http://drupal.org/node/605094 XF ogvocabulary-title-xss(53902) SECUNIA 37125 OSVDB 59129 Cross-site scripting (XSS) vulnerability in Organic Groups (OG) Vocabulary 5.x before 5.x-1.1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via the group title. cpe:/a:vivvo:vivvo:4.1.5.1 CVE-2009-3787 2009-10-26T13:30:00.577-04:00 2009-10-27T17:34:36.407-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2009-10-27T17:28:00.000-04:00 MISC http://www.waraxe.us/advisory-75.html BID 36783 BUGTRAQ 20091021 [waraxe-2009-SA#075] - Remote File Disclosure in Vivvo CMS 4.1.5.1 SECUNIA 37117 files.php in Vivvo CMS 4.1.5.1 allows remote attackers to conduct directory traversal attacks and read arbitrary files via the file parameter with "logs/" in between two . (dot) characters, which is filtered into a "../" sequence. cpe:/a:opendocman:opendocman:1.2.5 CVE-2009-3788 2009-10-26T13:30:00.593-04:00 2009-10-31T02:23:42.937-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2009-10-27T17:33:00.000-04:00 ALLOWS_OTHER_ACCESS BID 36777 XF opendocman-user-sql-injection(53886) MISC http://www.packetstormsecurity.org/0910-exploits/opendocman-sqlxss.txt SECUNIA 30750 OSVDB 59301 SQL injection vulnerability in index.php in OpenDocMan 1.2.5 allows remote attackers to execute arbitrary SQL commands via the frmuser (aka Username) parameter. cpe:/a:opendocman:opendocman:1.2.5 CVE-2009-3789 2009-10-26T13:30:00.610-04:00 2009-10-31T02:23:43.063-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2009-10-27T17:36:00.000-04:00 BID 36777 XF opendocman-multiple-xss(53887) MISC http://www.packetstormsecurity.org/0910-exploits/opendocman-sqlxss.txt SECUNIA 30750 OSVDB 59312 OSVDB 59311 OSVDB 59310 OSVDB 59309 OSVDB 59308 OSVDB 59307 OSVDB 59306 OSVDB 59305 OSVDB 59304 OSVDB 59303 OSVDB 59302 Multiple cross-site scripting (XSS) vulnerabilities in OpenDocMan 1.2.5 allow remote attackers to inject arbitrary web script or HTML via the last_message parameter to (1) add.php, (2) toBePublished.php, (3) index.php, and (4) admin.php; the PATH_INFO to the default URI to (5) category.php, (6) department.php, (7) profile.php, (8) rejects.php, (9) search.php, (10) toBePublished.php, (11) user.php, and (12) view_file.php; and (13) the caller parameter in a Modify User action to user.php. cpe:/a:cutepdf:formmax:3.5 CVE-2009-3790 2009-10-26T13:30:00.640-04:00 2009-10-27T17:48:17.377-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2009-10-27T17:40:00.000-04:00 XF formmax-aim-bo(53890) SECUNIA 36943 OSVDB 59079 Heap-based buffer overflow in FormMax (formerly AcroForm) evaluation 3.5 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted FormMax import (.aim) file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. cpe:/a:opendocman:opendocman:1.2.5 CVE-2009-3801 2009-10-27T12:30:00.280-04:00 2009-10-28T00:00:00.000-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2009-10-28T07:59:00.000-04:00 SECUNIA 30750 SQL injection vulnerability in index.php in OpenDocMan 1.2.5 allows remote attackers to execute arbitrary SQL commands via the frmpass (aka Password) parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. cpe:/a:amirocms:amiro.cms:4.2.1.0 cpe:/a:amirocms:amiro.cms:4.0.8.0 cpe:/a:amirocms:amiro.cms:4.2.0.5 cpe:/a:amirocms:amiro.cms:4.2.4 cpe:/a:amirocms:amiro.cms:5.0.7 cpe:/a:amirocms:amiro.cms:4.2.5 cpe:/a:amirocms:amiro.cms:4.2.2.0 cpe:/a:amirocms:amiro.cms:5.2.2 cpe:/a:amirocms:amiro.cms:5.2.3 cpe:/a:amirocms:amiro.cms:5.4.0.0 cpe:/a:amirocms:amiro.cms:4.2.3.0 cpe:/a:amirocms:amiro.cms:5.2 CVE-2009-3802 2009-10-27T12:30:00.313-04:00 2009-10-28T00:00:00.000-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2009-10-28T08:06:00.000-04:00 XF amiro-index-path-disclosure(53894) VUPEN ADV-2009-2967 MISC http://www.onsec.ru/vuln?id=12 SECUNIA 37065 MISC http://packetstormsecurity.org/0910-exploits/ONSEC-09-005.txt Amiro.CMS 5.4.0.0 and earlier allows remote attackers to obtain sensitive information via an invalid loginname ("%%%") to _admin/index.php, which reveals the installation path and other information in an error message. cpe:/a:amirocms:amiro.cms:4.2.1.0 cpe:/a:amirocms:amiro.cms:4.0.8.0 cpe:/a:amirocms:amiro.cms:4.2.0.5 cpe:/a:amirocms:amiro.cms:4.2.4 cpe:/a:amirocms:amiro.cms:5.0.7 cpe:/a:amirocms:amiro.cms:4.2.5 cpe:/a:amirocms:amiro.cms:4.2.2.0 cpe:/a:amirocms:amiro.cms:5.2.2 cpe:/a:amirocms:amiro.cms:5.2.3 cpe:/a:amirocms:amiro.cms:5.4.0.0 cpe:/a:amirocms:amiro.cms:4.2.3.0 cpe:/a:amirocms:amiro.cms:5.2 CVE-2009-3803 2009-10-27T12:30:00.343-04:00 2009-10-28T00:00:00.000-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2009-10-28T08:17:00.000-04:00 XF amiro-loginname-xss(53893) XF amiro-statusmessage-xss(53892) VUPEN ADV-2009-2967 MISC http://www.onsec.ru/vuln?id=11 SECUNIA 37065 MISC http://packetstormsecurity.org/0910-exploits/ONSEC-09-004.txt Multiple cross-site scripting (XSS) vulnerabilities in Amiro.CMS 5.4.0.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the status_message parameter to (1) /news, (2) /comment, (3) /forum, (4) /blog, and (5) /tags; the status_message parameter to (6) forum.php, (7) discussion.php, (8) guestbook.php, (9) blog.php, (10) news.php, (11) srv_updates.php, (12) srv_backups.php, (13) srv_twist_prevention.php, (14) srv_tags.php, (15) srv_tags_reindex.php, (16) google_sitemap.php, (17) sitemap_history.php, (18) srv_options.php, (19) locales.php and (20) plugins_wizard.php in _admin/; a crafted IMG BBcode tag in the message body of a (21) forum, (22) guestbook, or (23) comment; (24) the content of an avatar file, which is not properly handled by Internet Explorer; and (25) the loginname parameter (aka username) in _admin/index.php. cpe:/a:runcms:runcms:2m1 CVE-2009-3804 2009-10-27T12:30:00.360-04:00 2009-10-28T00:00:00.000-04:00 6.5 NETWORK LOW SINGLE_INSTANCE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2009-10-28T08:30:00.000-04:00 SECUNIA 37137 MISC http://retrogod.altervista.org/9sg_runcms_store_sql.html Multiple SQL injection vulnerabilities in modules/forum/post.php in RunCMS 2M1 allow remote authenticated users to execute arbitrary SQL commands via (1) the pid parameter, which is not properly handled by the store function in modules/forum/class/class.forumposts.php, or (2) the topic_id parameter. cpe:/a:gpg4win:gpg4win:2.0.1 CVE-2009-3805 2009-10-27T12:30:00.407-04:00 2009-10-28T00:00:00.000-04:00 4.3 NETWORK MEDIUM NONE NONE NONE PARTIAL http://nvd.nist.gov 2009-10-28T08:35:00.000-04:00 XF gpg4win-gpg2-dos(53908) BID 36781 MISC http://www.packetstormsecurity.com/0910-exploits/gpg2kleo-dos.txt gpg2.exe in Gpg4win 2.0.1, as used in KDE Kleopatra 2.0.11, allows remote attackers to cause a denial of service (application crash) via a long certificate signature. cpe:/a:dedecms:dedecms:5.1 CVE-2009-3806 2009-10-27T12:30:00.420-04:00 2009-10-28T00:00:00.000-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2009-10-28T08:42:00.000-04:00 BUGTRAQ 20091012 DEDECMS v5.1 Sql Injection Vulnerability SQL injection vulnerability in feedback_js.php in DedeCMS 5.1 allows remote attackers to execute arbitrary SQL commands via the arcurl parameter. cpe:/a:mixvibes:mixvibes:7.043::pro CVE-2009-3807 2009-10-27T12:30:00.453-04:00 2009-10-28T00:00:00.000-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2009-10-28T08:48:00.000-04:00 XF mixvibes-vib-bo(51715) MILW0RM 9147 Stack-based buffer overflow in MixVibes 7.043 Pro allows remote attackers to cause a denial of service (crash) via a long string in a .vib file. cpe:/a:kramware:mixsense_dj_studio:1.0.0.1 CVE-2009-3808 2009-10-27T12:30:00.467-04:00 2009-10-28T00:00:00.000-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2009-10-28T08:55:00.000-04:00 XF djstudio-mp3-dos(51814) MILW0RM 9178 MixSense DJ Studio 1.0.0.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long string in an .mp3 playlist file. cpe:/a:acoustica:mp3_audio_mixer:1.0 cpe:/a:acoustica:mp3_audio_mixer:2.471 CVE-2009-3809 2009-10-27T12:30:00.500-04:00 2009-10-28T00:00:00.000-04:00 4.3 NETWORK MEDIUM NONE NONE NONE PARTIAL http://nvd.nist.gov 2009-10-28T09:22:00.000-04:00 XF acoustica-m3u-bo(51868) VUPEN ADV-2009-1958 MILW0RM 9212 Acoustica MP3 Audio Mixer 1.0 and possibly 2.471 allows remote attackers to cause a denial of service (crash) via a long string in a .sgp playlist file. cpe:/a:acoustica:mp3_audio_mixer:2.471 CVE-2009-3810 2009-10-27T12:30:00.517-04:00 2009-10-28T00:00:00.000-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2009-10-28T09:27:00.000-04:00 XF acoustica-m3u-bo(51868) VUPEN ADV-2009-1958 MILW0RM 9213 SECUNIA 35902 OSVDB 56033 Heap-based buffer overflow in Acoustica MP3 Audio Mixer 2.471 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long string in a .M3U playlist file. cpe:/a:assistanttools:music_tag_editor:1.61 CVE-2009-3811 2009-10-27T12:30:00.547-04:00 2009-10-28T00:00:00.000-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2009-10-28T09:43:00.000-04:00 XF musictageditor-mp3-bo(51724) MILW0RM 9167 SECUNIA 35828 OSVDB 55861 MISC http://liquidworm.blogspot.com/2009/07/music-tag-editor-161-build-212-remote.html Stack-based buffer overflow in Music Tag Editor 1.61 build 212 allows remote attackers to execute arbitrary code via an MP3 file with a long ID3 tag. NOTE: some of these details are obtained from third party information. cpe:/a:otslabs:otsav_tv:1.85.64.0:trial cpe:/a:otslabs:otsav_radio:1.85.64.0:trial cpe:/a:otslabs:otsav_dj:1.85.64.0:trial CVE-2009-3812 2009-10-27T12:30:00.563-04:00 2009-10-28T10:45:33.983-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2009-10-28T10:28:00.000-04:00 XF otsav-multiple-olf-bo(51628) VUPEN ADV-2009-1861 MILW0RM 9113 SECUNIA 35738 MISC http://packetstormsecurity.org/0907-exploits/otsav-overflow.txt OSVDB 55747 Heap-based buffer overflow in OtsAV DJ trial version 1.85.64.0, Radio trial version 1.85.64.0, TV trial version 1.85.64.0, and Free version 1.77.001 allows remote attackers to execute arbitrary code via a long playlist in an Ots File List (.ofl) file. cpe:/a:runcms:runcms:2m1 CVE-2009-3813 2009-10-27T12:30:00.593-04:00 2009-10-28T10:48:38.203-04:00 6.5 NETWORK LOW SINGLE_INSTANCE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2009-10-28T10:44:00.000-04:00 ALLOWS_OTHER_ACCESS SECUNIA 37137 MISC http://retrogod.altervista.org/9sg_runcms_forum_sql.html Multiple SQL injection vulnerabilities in RunCMS 2M1 allow remote authenticated users to execute arbitrary SQL commands via the (1) forum parameter to modules/forum/post.php and possibly (2) forum_id variable to modules/forum/class/class.permissions.php. cpe:/a:runcms:runcms:2m1 CVE-2009-3814 2009-10-27T12:30:00.610-04:00 2009-10-28T10:51:03.063-04:00 6.5 NETWORK LOW SINGLE_INSTANCE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2009-10-28T10:47:00.000-04:00 ALLOWS_OTHER_ACCESS MISC http://retrogod.altervista.org/9sg_runcms_forum_sql.html Static code injection vulnerability in RunCMS 2M1 allows remote authenticated administrators to execute arbitrary PHP code via the "Filter/Banning" feature, as demonstrated by modifying modules/system/cache/bademails.php using the "Prohibited: Emails" action, and other unspecified filters. cpe:/a:runcms:runcms:2m1 CVE-2009-3815 2009-10-27T12:30:00.640-04:00 2009-10-28T10:54:29.563-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2009-10-28T10:50:00.000-04:00 MISC http://retrogod.altervista.org/9sg_runcms_forum_sql.html RunCMS 2M1, when running with certain error_reporting levels, allows remote attackers to obtain sensitive information via (1) the op[] parameter to modules/contact/index.php or (2) uid[] parameter to userinfo.php, which leaks the installation path in an error message when these parameters are used in a call to the preg_match function. cpe:/a:ibm:lotus_connections:2.5.0.0 CVE-2009-3816 2009-10-28T06:30:00.610-04:00 2009-10-28T11:00:38.670-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2009-10-28T10:54:00.000-04:00 CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg24024303 SECUNIA 37106 Multiple cross-site scripting (XSS) vulnerabilities in Activities pages in the Mobile subsystem in IBM Lotus Connections 2.5.0.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. cpe:/a:ordasoft:com_booklibrary:1.0 CVE-2009-3817 2009-10-28T06:30:00.703-04:00 2009-10-28T11:09:44.827-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2009-10-28T10:58:00.000-04:00 ALLOWS_OTHER_ACCESS VUPEN ADV-2009-2969 MISC http://www.securityfocus.com/bid/36732/exploit BID 36732 PHP remote file inclusion vulnerability in doc/releasenote.php in the BookLibrary (com_booklibrary) component 1.0 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter, a different vector than CVE-2009-2637. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. cpe:/a:stanislas_rolland:sr_freecap:0.2.3 cpe:/a:stanislas_rolland:sr_freecap:0.1.0 cpe:/a:stanislas_rolland:sr_freecap:0.2.2 cpe:/a:stanislas_rolland:sr_freecap:0.4.0 cpe:/a:stanislas_rolland:sr_freecap:0.2.0 cpe:/a:stanislas_rolland:sr_freecap:0.4.2 cpe:/a:stanislas_rolland:sr_freecap:0.4.1 cpe:/a:stanislas_rolland:sr_freecap:1.1.1 cpe:/a:stanislas_rolland:sr_freecap:1.1.2 cpe:/a:stanislas_rolland:sr_freecap:1.1.0 cpe:/a:stanislas_rolland:sr_freecap:1.0.0 cpe:/a:stanislas_rolland:sr_freecap:1.2.0 cpe:/a:stanislas_rolland:sr_freecap:1.0.1 cpe:/a:stanislas_rolland:sr_freecap:1.0.2 cpe:/a:stanislas_rolland:sr_freecap:1.0.3 cpe:/a:stanislas_rolland:sr_freecap:1.0.4 cpe:/a:stanislas_rolland:sr_freecap:0.4.3 cpe:/a:stanislas_rolland:sr_freecap:0.4.4 cpe:/a:stanislas_rolland:sr_freecap:0.4.5 cpe:/a:stanislas_rolland:sr_freecap:0.4.6 cpe:/a:stanislas_rolland:sr_freecap:0.3.2 cpe:/a:stanislas_rolland:sr_freecap:0.3.3 cpe:/a:stanislas_rolland:sr_freecap:0.3.0 cpe:/a:stanislas_rolland:sr_freecap:0.3.1 CVE-2009-3818 2009-10-28T06:30:00.750-04:00 2009-10-28T11:29:25.907-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2009-10-28T11:11:00.000-04:00 CONFIRM http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-014/ SECUNIA 37094 Unspecified vulnerability in the session handling feature in freeCap CAPTCHA (sr_freecap) extension 1.2.0 and earlier for TYPO3 has unknown impact and attack vectors. cpe:/a:urs_maag:maag_randomimage:0.2.0 cpe:/a:urs_maag:maag_randomimage:1.0.0 cpe:/a:urs_maag:maag_randomimage:1.4.1 cpe:/a:urs_maag:maag_randomimage:1.4.0 cpe:/a:urs_maag:maag_randomimage:1.1.0 cpe:/a:urs_maag:maag_randomimage:1.3.1 cpe:/a:urs_maag:maag_randomimage:1.1.1 cpe:/a:urs_maag:maag_randomimage:1.3.0 cpe:/a:urs_maag:maag_randomimage:1.2.0 cpe:/a:urs_maag:maag_randomimage:1.1.5 cpe:/a:urs_maag:maag_randomimage:1.1.3 cpe:/a:urs_maag:maag_randomimage:1.5.6 cpe:/a:urs_maag:maag_randomimage:1.5.7 cpe:/a:urs_maag:maag_randomimage:1.5.8 cpe:/a:urs_maag:maag_randomimage:1.1.6 cpe:/a:urs_maag:maag_randomimage:1.2.9 cpe:/a:urs_maag:maag_randomimage:0.0.1 cpe:/a:urs_maag:maag_randomimage:1.2.8 cpe:/a:urs_maag:maag_randomimage:1.2.7 cpe:/a:urs_maag:maag_randomimage:1.5.3 cpe:/a:urs_maag:maag_randomimage:1.5.4 cpe:/a:urs_maag:maag_randomimage:1.2.6 cpe:/a:urs_maag:maag_randomimage:1.5.5 cpe:/a:urs_maag:maag_randomimage:1.2.5 cpe:/a:urs_maag:maag_randomimage:1.2.4 cpe:/a:urs_maag:maag_randomimage:1.2.3 cpe:/a:urs_maag:maag_randomimage:1.2.2 cpe:/a:urs_maag:maag_randomimage:1.5.0 cpe:/a:urs_maag:maag_randomimage:1.2.1 cpe:/a:urs_maag:maag_randomimage:1.6.0 cpe:/a:urs_maag:maag_randomimage:1.6.1 cpe:/a:urs_maag:maag_randomimage:1.6.2 cpe:/a:urs_maag:maag_randomimage:1.6.3 cpe:/a:urs_maag:maag_randomimage:1.6.4 cpe:/a:urs_maag:maag_randomimage:1.2.14 cpe:/a:urs_maag:maag_randomimage:1.2.10 cpe:/a:urs_maag:maag_randomimage:1.2.11 cpe:/a:urs_maag:maag_randomimage:1.2.12 cpe:/a:urs_maag:maag_randomimage:1.2.13 CVE-2009-3819 2009-10-28T06:30:00.797-04:00 2009-10-28T00:00:00.000-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2009-10-28T11:28:00.000-04:00 ALLOWS_ADMIN_ACCESS CONFIRM http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-014/ SECUNIA 37095 Unspecified vulnerability in the Random Images (maag_randomimage) extension 1.6.4 and earlier for TYPO3 allows remote attackers to execute arbitrary shell commands via unspecified vectors. cpe:/a:flagbit:fb_filebase:0.1.0 CVE-2009-3820 2009-10-28T06:30:00.827-04:00 2009-10-28T00:00:00.000-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2009-10-28T12:02:00.000-04:00 ALLOWS_OTHER_ACCESS CONFIRM http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-014/ SQL injection vulnerability in the Flagbit Filebase (fb_filebase) extension 0.1.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. cpe:/a:apache:solr:1.0.0 CVE-2009-3821 2009-10-28T06:30:00.843-04:00 2009-10-28T12:11:26.530-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2009-10-28T12:04:00.000-04:00 CONFIRM http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-014/ Cross-site scripting (XSS) vulnerability in the Apache Solr Search (solr) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. cpe:/a:fijiwebdesign:com_ajaxchat:1.0 CVE-2009-3822 2009-10-28T06:30:00.877-04:00 2009-10-28T12:30:58.703-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2009-10-28T12:13:00.000-04:00 ALLOWS_OTHER_ACCESS VUPEN ADV-2009-2968 BID 36731 MISC http://www.packetstormsecurity.org/0910-exploits/joomlaajaxchat-rfi.txt SECUNIA 37087 PHP remote file inclusion vulnerability in Fiji Web Design Ajax Chat (com_ajaxchat) component 1.0 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[mosConfig_absolute_path] parameter to tests/ajcuser.php. cpe:/a:ac4p:mobilelib_gold:3.0 CVE-2009-3823 2009-10-28T06:30:00.890-04:00 2009-10-28T00:00:00.000-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2009-10-28T12:30:00.000-04:00 XF mobilelib-myhtml-file-include(51713) MILW0RM 9144 Directory traversal vulnerability in myhtml.php in Mobilelib GOLD 3.0, when magic_quotes_gpc is enabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the GLOBALS[page] parameter. cpe:/a:michael_j_greenwood:php_content_manager:0.3.2 CVE-2009-3824 2009-10-28T06:30:00.907-04:00 2009-10-29T00:00:00.000-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2009-10-28T12:47:00.000-04:00 XF greenwood-processor-file-include(51737) MILW0RM 9156 Directory traversal vulnerability in include/processor.php in Greenwood PHP Content Manager 0.3.2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the content_path parameter. cpe:/a:thomas_graber:gencms:2006 CVE-2009-3825 2009-10-28T06:30:00.937-04:00 2009-10-28T00:00:00.000-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2009-10-28T12:37:00.000-04:00 ALLOWS_OTHER_ACCESS XF gencms-show-file-include(51653) MILW0RM 9103 Multiple directory traversal vulnerabilities in GenCMS 2006 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) p parameter to show.php and the (2) Template parameter to admin/pages/SiteNew.php. cpe:/a:proftpd:proftpd:1.3.2 cpe:/a:proftpd:proftpd:1.3.2:rc4 cpe:/a:proftpd:proftpd:1.3.1 cpe:/a:proftpd:proftpd:1.3.2:rc2 cpe:/a:proftpd:proftpd:1.3.2:rc1 cpe:/a:proftpd:proftpd:1.3.3:rc1 cpe:/a:proftpd:proftpd:1.3.2:a CVE-2009-3639 2009-10-28T10:30:00.217-04:00 2009-10-29T00:00:00.000-04:00 5.8 NETWORK MEDIUM NONE NONE PARTIAL PARTIAL http://nvd.nist.gov 2009-10-29T08:54:00.000-04:00 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=530719 BID 36804 XF proftpd-modtls-security-bypass(53936) MANDRIVA MDVSA-2009:288 SECUNIA 37131 MLIST [oss-security] 20091023 Re: proftpd - mod_tls - Improper SSL/TLS certificate subjectAltName verification MLIST [oss-security] 20091023 proftpd - mod_tls - Improper SSL/TLS certificate subjectAltName verification CONFIRM http://bugs.proftpd.org/show_bug.cgi?id=3275 The mod_tls module in ProFTPD before 1.3.2b, and 1.3.3 before 1.3.3rc2, when the dNSNameRequired TLS option is enabled, does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 client certificate, which allows remote attackers to bypass intended client-hostname restrictions via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. cpe:/a:snort:snort:1.8.4 cpe:/a:snort:snort:1.8.3 cpe:/a:snort:snort:1.8.2 cpe:/a:snort:snort:1.8.1 cpe:/a:snort:snort:1.8.7 cpe:/a:snort:snort:1.8.6 cpe:/a:snort:snort:1.8.5 cpe:/a:snort:snort:2.7_beta1 cpe:/a:snort:snort:2.6.2 cpe:/a:snort:snort:2.6.1 cpe:/a:snort:snort:2.0:beta cpe:/a:snort:snort:2.8.3.1 cpe:/a:snort:snort:2.8.3.2 cpe:/a:snort:snort:2.8.3.4 cpe:/a:snort:snort:2.8.2.2 cpe:/a:snort:snort:2.8.3.5 cpe:/a:snort:snort:1.8.0 cpe:/a:snort:snort:1.9.1 cpe:/a:snort:snort:1.9.0 cpe:/a:snort:snort:2.8.0 cpe:/a:snort:snort:2.8.3 cpe:/a:snort:snort:2.0:rc1 cpe:/a:snort:snort:1.6 cpe:/a:snort:snort:2.6.1.2 cpe:/a:snort:snort:2.6.1.1 cpe:/a:snort:snort:2.8.3.4.1 CVE-2009-3641 2009-10-28T10:30:00.250-04:00 2009-10-29T00:00:00.000-04:00 4.3 NETWORK MEDIUM NONE NONE NONE PARTIAL http://nvd.nist.gov 2009-10-29T09:27:00.000-04:00 BID 36795 CONFIRM http://vrt-sourcefire.blogspot.com/2009/10/snort-2851-release.html FULLDISC 20091022 Snort <= 2.8.5 IPV6 Remote DoS CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=530863 XF snort-ipv6-dos(53912) VUPEN ADV-2009-3014 OSVDB 59159 MLIST [oss-security] 20091025 SANS: Security Thought LeadersRe: CVE Request -- Snort - 2.8.5.1 SECTRACK 1023076 SECUNIA 37135 MLIST [oss-security] 20091025 CVE Request -- Snort - 2.8.5.1 CONFIRM http://dl.snort.org/snort-current/release_notes_2851.txt Snort before 2.8.5.1, when the -v option is enabled, allows remote attackers to cause a denial of service (application crash) via a crafted IPv6 packet that uses the (1) TCP or (2) ICMP protocol. cpe:/a:squidguard:squidguard:1.4 cpe:/a:squidguard:squidguard:1.3 CVE-2009-3700 2009-10-28T10:30:00.267-04:00 2009-10-29T00:00:00.000-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2009-10-29T10:07:00.000-04:00 VUPEN ADV-2009-3013 CONFIRM http://www.squidguard.org/Downloads/Patches/1.4/Readme.Patch-20091015 BID 36800 XF squidguard-sglog-security-bypass(53921) BUGTRAQ 20091026 squidGuard 1.3 & 1.4 : buffer overflow OSVDB 59163 SECTRACK 1023079 SECUNIA 37107 Buffer overflow in sgLog.c in squidGuard 1.3 and 1.4 allows remote attackers to cause a denial of service (application hang or loss of blocking functionality) via a long URL with many / (slash) characters, related to "emergency mode." cpe:/a:squidguard:squidguard:1.4 CVE-2009-3826 2009-10-28T10:30:00.297-04:00 2009-10-29T00:00:00.000-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2009-10-29T10:17:00.000-04:00 VUPEN ADV-2009-3013 BID 36800 XF squidguard-url-security-bypass(53922) CONFIRM http://www.squidguard.org/Downloads/Patches/1.4/Readme.Patch-20091019 BUGTRAQ 20091026 squidGuard 1.3 & 1.4 : buffer overflow OSVDB 59164 SECTRACK 1023079 SECUNIA 37107 Multiple buffer overflows in squidGuard 1.4 allow remote attackers to bypass intended URL blocking via a long URL, related to (1) the relationship between a certain buffer size in squidGuard and a certain buffer size in Squid and (2) a redirect URL that contains information about the originally requested URL. cpe:/a:mozilla:firefox:3.0.13 cpe:/a:mozilla:firefox:3.0.8 cpe:/a:mozilla:firefox:3.0:beta5 cpe:/a:mozilla:firefox:3.0.9 cpe:/a:mozilla:firefox:3.0.11 cpe:/a:mozilla:firefox:3.0.6 cpe:/a:mozilla:firefox:3.0.12 cpe:/a:mozilla:firefox:3.0.7 cpe:/a:mozilla:firefox:3.0.10 cpe:/a:mozilla:firefox:3.5.3 cpe:/a:mozilla:firefox:3.0.1 cpe:/a:mozilla:firefox:3.5.2 cpe:/a:mozilla:firefox:3.5.1 cpe:/a:mozilla:firefox:3.0.4 cpe:/a:mozilla:firefox:3.0.5 cpe:/a:mozilla:firefox:3.0.2 cpe:/a:mozilla:firefox:3.0.3 CVE-2009-1563 2009-10-29T10:30:00.687-04:00 2009-10-29T00:00:00.000-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2009-10-29T12:12:00.000-04:00 CONFIRM http://www.mozilla.org/security/announce/2009/mfsa2009-59.html CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=516862 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=516396 MISC http://secunia.com/secunia_research/2009-35/ Array index error in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 allows remote attackers to execute arbitrary code via a long string that triggers incorrect memory allocation and a heap-based buffer overflow during conversion to a floating-point number. cpe:/a:mozilla:firefox:3.0.13 cpe:/a:mozilla:firefox:3.0.8 cpe:/a:mozilla:firefox:3.0.14 cpe:/a:mozilla:firefox:3.0:beta5 cpe:/a:mozilla:firefox:3.0.9 cpe:/a:mozilla:firefox:3.0 cpe:/a:mozilla:firefox:3.0.11 cpe:/a:mozilla:firefox:3.0.6 cpe:/a:mozilla:firefox:3.0.12 cpe:/a:mozilla:firefox:3.0.7 cpe:/a:mozilla:firefox:3.0:alpha cpe:/a:mozilla:firefox:3.0.10 cpe:/a:mozilla:firefox:3.0:beta2 cpe:/a:mozilla:firefox:3.5.3 cpe:/a:mozilla:firefox:3.0.1 cpe:/a:mozilla:firefox:3.5.2 cpe:/a:mozilla:firefox:3.5.1 cpe:/a:mozilla:firefox:3.0.4 cpe:/a:mozilla:firefox:3.0.5 cpe:/a:mozilla:firefox:3.0.2 cpe:/a:mozilla:firefox:3.0.3 CVE-2009-3370 2009-10-29T10:30:00.767-04:00 2009-10-30T00:00:00.000-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2009-10-29T12:18:00.000-04:00 CONFIRM http://www.mozilla.org/security/announce/2009/mfsa2009-52.html CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=511615 Mozilla Firefox before 3.0.15, and 3.5.x before 3.5.4, allows remote attackers to read form history by forging mouse and keyboard events that leverage the auto-fill feature to populate form fields, in an attacker-readable form, with history entries. cpe:/a:mozilla:firefox:3.5.4 cpe:/a:mozilla:firefox:3.5.3 cpe:/a:mozilla:firefox:3.5.2 cpe:/a:mozilla:firefox:3.5.1 CVE-2009-3371 2009-10-29T10:30:00.860-04:00 2009-10-29T00:00:00.000-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2009-10-29T12:28:00.000-04:00 CONFIRM http://www.mozilla.org/security/announce/2009/mfsa2009-54.html CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=514554 Use-after-free vulnerability in Mozilla Firefox 3.5.x before 3.5.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by creating JavaScript web-workers recursively. cpe:/a:mozilla:firefox:3.0.13 cpe:/a:mozilla:firefox:3.0.8 cpe:/a:mozilla:firefox:3.0.9 cpe:/a:mozilla:firefox:3.0.11 cpe:/a:mozilla:firefox:3.0.6 cpe:/a:mozilla:firefox:3.0.12 cpe:/a:mozilla:firefox:3.0.7 cpe:/a:mozilla:firefox:3.0.10 cpe:/a:mozilla:firefox:3.0.1 cpe:/a:mozilla:firefox:3.0.4 cpe:/a:mozilla:firefox:3.0.5 cpe:/a:mozilla:firefox:3.0.2 cpe:/a:mozilla:firefox:3.0.3 cpe:/a:mozilla:firefox:3.0:beta5 cpe:/a:mozilla:seamonkey:1.0 cpe:/a:mozilla:seamonkey:1.1 cpe:/a:mozilla:seamonkey:1.1:alpha cpe:/a:mozilla:seamonkey:1.1.1 cpe:/a:mozilla:seamonkey:1.5.0.10 cpe:/a:mozilla:seamonkey:1.0:beta cpe:/a:mozilla:seamonkey:1.1::alpha cpe:/a:mozilla:seamonkey:1.1::beta cpe:/a:mozilla:seamonkey:1.1.5 cpe:/a:mozilla:seamonkey:1.1.4 cpe:/a:mozilla:seamonkey:1.1.3 cpe:/a:mozilla:seamonkey:1.1.2 cpe:/a:mozilla:seamonkey:1.1.9 cpe:/a:mozilla:seamonkey:1.0:alpha cpe:/a:mozilla:seamonkey:1.1.8 cpe:/a:mozilla:seamonkey:1.1.7 cpe:/a:mozilla:seamonkey:1.1.6 cpe:/a:mozilla:seamonkey:1.1.17 cpe:/a:mozilla:seamonkey:1.1:beta cpe:/a:mozilla:firefox:3.5.3 cpe:/a:mozilla:seamonkey:1.0.9 cpe:/a:mozilla:seamonkey:1.1.10 cpe:/a:mozilla:seamonkey:1.0.8 cpe:/a:mozilla:firefox:3.5.2 cpe:/a:mozilla:seamonkey:1.1.11 cpe:/a:mozilla:seamonkey:1.0.7 cpe:/a:mozilla:firefox:3.5.1 cpe:/a:mozilla:seamonkey:1.1.12 cpe:/a:mozilla:seamonkey:1.0.6 cpe:/a:mozilla:seamonkey:1.1.13 cpe:/a:mozilla:seamonkey:1.0.5 cpe:/a:mozilla:seamonkey:1.1.14 cpe:/a:mozilla:seamonkey:1.0.4 cpe:/a:mozilla:seamonkey:1.1.15 cpe:/a:mozilla:seamonkey:1.0.3 cpe:/a:mozilla:seamonkey:1.1.16 cpe:/a:mozilla:seamonkey:1.5.0.8 cpe:/a:mozilla:seamonkey:1.0.1 cpe:/a:mozilla:seamonkey:1.5.0.9 cpe:/a:mozilla:seamonkey:1.0.2 CVE-2009-3372 2009-10-29T10:30:00.890-04:00 2009-10-29T00:00:00.000-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2009-10-29T12:31:00.000-04:00 CONFIRM http://www.mozilla.org/security/announce/2009/mfsa2009-55.html CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=500644 Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary code via a crafted regular expression in a Proxy Auto-configuration (PAC) file. cpe:/a:mozilla:firefox:3.0.13 cpe:/a:mozilla:firefox:3.0.8 cpe:/a:mozilla:firefox:3.0.14 cpe:/a:mozilla:firefox:3.0.9 cpe:/a:mozilla:firefox:3.0.11 cpe:/a:mozilla:firefox:3.0.6 cpe:/a:mozilla:firefox:3.0.12 cpe:/a:mozilla:firefox:3.0.7 cpe:/a:mozilla:firefox:3.0.10 cpe:/a:mozilla:firefox:3.0.1 cpe:/a:mozilla:firefox:3.0.4 cpe:/a:mozilla:firefox:3.0.5 cpe:/a:mozilla:firefox:3.0.2 cpe:/a:mozilla:firefox:3.0.3 cpe:/a:mozilla:firefox:3.0:beta5 cpe:/a:mozilla:seamonkey:1.0 cpe:/a:mozilla:seamonkey:1.1 cpe:/a:mozilla:firefox:3.0:beta2 cpe:/a:mozilla:seamonkey:1.1:alpha cpe:/a:mozilla:seamonkey:1.1.1 cpe:/a:mozilla:seamonkey:1.5.0.10 cpe:/a:mozilla:seamonkey:1.0:beta cpe:/a:mozilla:seamonkey:1.1::alpha cpe:/a:mozilla:seamonkey:1.1::beta cpe:/a:mozilla:seamonkey:1.1.5 cpe:/a:mozilla:seamonkey:1.1.4 cpe:/a:mozilla:seamonkey:1.1.3 cpe:/a:mozilla:seamonkey:1.1.2 cpe:/a:mozilla:seamonkey:1.1.9 cpe:/a:mozilla:seamonkey:1.0:alpha cpe:/a:mozilla:seamonkey:1.1.8 cpe:/a:mozilla:seamonkey:1.1.7 cpe:/a:mozilla:seamonkey:1.1.6 cpe:/a:mozilla:seamonkey:1.1.17 cpe:/a:mozilla:firefox:3.0 cpe:/a:mozilla:firefox:3.0:alpha cpe:/a:mozilla:seamonkey:1.1:beta cpe:/a:mozilla:firefox:3.5.3 cpe:/a:mozilla:seamonkey:1.0.9 cpe:/a:mozilla:seamonkey:1.1.10 cpe:/a:mozilla:seamonkey:1.0.8 cpe:/a:mozilla:firefox:3.5.2 cpe:/a:mozilla:seamonkey:1.1.11 cpe:/a:mozilla:seamonkey:1.0.7 cpe:/a:mozilla:firefox:3.5.1 cpe:/a:mozilla:seamonkey:1.1.12 cpe:/a:mozilla:seamonkey:1.0.6 cpe:/a:mozilla:seamonkey:1.1.13 cpe:/a:mozilla:seamonkey:1.0.5 cpe:/a:mozilla:seamonkey:1.1.14 cpe:/a:mozilla:seamonkey:1.0.4 cpe:/a:mozilla:seamonkey:1.1.15 cpe:/a:mozilla:seamonkey:1.0.3 cpe:/a:mozilla:seamonkey:1.1.16 cpe:/a:mozilla:seamonkey:1.5.0.8 cpe:/a:mozilla:seamonkey:1.0.1 cpe:/a:mozilla:seamonkey:1.5.0.9 cpe:/a:mozilla:seamonkey:1.0.2 CVE-2009-3373 2009-10-29T10:30:00.907-04:00 2009-10-30T00:00:00.000-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2009-10-30T08:58:00.000-04:00 CONFIRM http://www.mozilla.org/security/announce/2009/mfsa2009-56.html CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=511689 Heap-based buffer overflow in the GIF image parser in Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary code via unspecified vectors. cpe:/a:mozilla:firefox:3.0.13 cpe:/a:mozilla:firefox:3.0.8 cpe:/a:mozilla:firefox:3.0:beta5 cpe:/a:mozilla:firefox:3.0.9 cpe:/a:mozilla:firefox:3.0.11 cpe:/a:mozilla:firefox:3.0.6 cpe:/a:mozilla:firefox:3.0.12 cpe:/a:mozilla:firefox:3.0.7 cpe:/a:mozilla:firefox:3.0.10 cpe:/a:mozilla:firefox:3.5.3 cpe:/a:mozilla:firefox:3.0.1 cpe:/a:mozilla:firefox:3.5.2 cpe:/a:mozilla:firefox:3.5.1 cpe:/a:mozilla:firefox:3.0.4 cpe:/a:mozilla:firefox:3.0.5 cpe:/a:mozilla:firefox:3.0.2 cpe:/a:mozilla:firefox:3.0.3 CVE-2009-3374 2009-10-29T10:30:00.937-04:00 2009-10-30T00:00:00.000-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2009-10-30T09:02:00.000-04:00 CONFIRM http://www.mozilla.org/security/announce/2009/mfsa2009-57.html CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=505988 The XPCVariant::VariantDataToJS function in the XPCOM implementation in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 does not enforce intended restrictions on interaction between chrome privileged code and objects obtained from remote web sites, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via unspecified method calls, related to "doubly-wrapped objects." cpe:/a:mozilla:firefox:3.0.13 cpe:/a:mozilla:firefox:3.0.8 cpe:/a:mozilla:firefox:3.0:beta5 cpe:/a:mozilla:firefox:3.0.9 cpe:/a:mozilla:firefox:3.0 cpe:/a:mozilla:firefox:3.0.11 cpe:/a:mozilla:firefox:3.0.6 cpe:/a:mozilla:firefox:3.0.12 cpe:/a:mozilla:firefox:3.0.7 cpe:/a:mozilla:firefox:3.0:alpha cpe:/a:mozilla:firefox:3.0.10 cpe:/a:mozilla:firefox:3.0:beta2 cpe:/a:mozilla:firefox:3.5 cpe:/a:mozilla:firefox:3.5.3 cpe:/a:mozilla:firefox:3.0.1 cpe:/a:mozilla:firefox:3.5.2 cpe:/a:mozilla:firefox:3.5.1 cpe:/a:mozilla:firefox:3.0.4 cpe:/a:mozilla:firefox:3.0.5 cpe:/a:mozilla:firefox:3.0.2 cpe:/a:mozilla:firefox:3.0.3 CVE-2009-3375 2009-10-29T10:30:00.953-04:00 2009-10-30T00:00:00.000-04:00 4.3 NETWORK MEDIUM NONE PARTIAL NONE NONE http://nvd.nist.gov 2009-10-30T09:05:00.000-04:00 CONFIRM http://www.mozilla.org/security/announce/2009/mfsa2009-61.html CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=503226 content/html/document/src/nsHTMLDocument.cpp in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 allows user-assisted remote attackers to bypass the Same Origin Policy and read an arbitrary content selection via the document.getSelection function. cpe:/a:mozilla:firefox:3.0.13 cpe:/a:mozilla:firefox:3.0.8 cpe:/a:mozilla:firefox:3.0.9 cpe:/a:mozilla:firefox:3.0.11 cpe:/a:mozilla:firefox:3.0.6 cpe:/a:mozilla:firefox:3.0.12 cpe:/a:mozilla:firefox:3.0.7 cpe:/a:mozilla:firefox:3.0.10 cpe:/a:mozilla:firefox:3.0.1 cpe:/a:mozilla:firefox:3.0.4 cpe:/a:mozilla:firefox:3.0.5 cpe:/a:mozilla:firefox:3.0.2 cpe:/a:mozilla:firefox:3.0.3 cpe:/a:mozilla:firefox:3.0:beta5 cpe:/a:mozilla:seamonkey:1.0 cpe:/a:mozilla:seamonkey:1.1 cpe:/a:mozilla:seamonkey:1.1:alpha cpe:/a:mozilla:seamonkey:1.1.1 cpe:/a:mozilla:seamonkey:1.5.0.10 cpe:/a:mozilla:seamonkey:1.0:beta cpe:/a:mozilla:seamonkey:1.1::alpha cpe:/a:mozilla:seamonkey:1.1::beta cpe:/a:mozilla:seamonkey:1.1.5 cpe:/a:mozilla:seamonkey:1.1.4 cpe:/a:mozilla:seamonkey:1.1.3 cpe:/a:mozilla:seamonkey:1.1.2 cpe:/a:mozilla:seamonkey:1.1.9 cpe:/a:mozilla:seamonkey:1.0:alpha cpe:/a:mozilla:seamonkey:1.1.8 cpe:/a:mozilla:seamonkey:1.1.7 cpe:/a:mozilla:seamonkey:1.1.6 cpe:/a:mozilla:seamonkey:1.1.17 cpe:/a:mozilla:seamonkey:1.1:beta cpe:/a:mozilla:firefox:3.5.3 cpe:/a:mozilla:seamonkey:1.0.9 cpe:/a:mozilla:seamonkey:1.1.10 cpe:/a:mozilla:seamonkey:1.0.8 cpe:/a:mozilla:firefox:3.5.2 cpe:/a:mozilla:seamonkey:1.1.11 cpe:/a:mozilla:seamonkey:1.0.7 cpe:/a:mozilla:firefox:3.5.1 cpe:/a:mozilla:seamonkey:1.1.12 cpe:/a:mozilla:seamonkey:1.0.6 cpe:/a:mozilla:seamonkey:1.1.13 cpe:/a:mozilla:seamonkey:1.0.5 cpe:/a:mozilla:seamonkey:1.1.14 cpe:/a:mozilla:seamonkey:1.0.4 cpe:/a:mozilla:seamonkey:1.1.15 cpe:/a:mozilla:seamonkey:1.0.3 cpe:/a:mozilla:seamonkey:1.1.16 cpe:/a:mozilla:seamonkey:1.5.0.8 cpe:/a:mozilla:seamonkey:1.0.1 cpe:/a:mozilla:seamonkey:1.5.0.9 cpe:/a:mozilla:seamonkey:1.0.2 CVE-2009-3376 2009-10-29T10:30:00.983-04:00 2009-10-30T09:21:57.467-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2009-10-30T09:17:00.000-04:00 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=511521 CONFIRM http://www.mozilla.org/security/announce/2009/mfsa2009-62.html Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, does not properly handle a right-to-left override (aka RLO or U+202E) Unicode character in a download filename, which allows remote attackers to spoof file extensions via a crafted filename, as demonstrated by displaying a non-executable extension for an executable file. cpe:/a:mozilla:firefox:3.5 cpe:/a:mozilla:firefox:3.5.3 cpe:/a:mozilla:firefox:3.5.2 cpe:/a:mozilla:firefox:3.5.1 CVE-2009-3377 2009-10-29T10:30:01.000-04:00 2009-10-30T00:00:00.000-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2009-10-30T09:29:00.000-04:00 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=512327 CONFIRM http://www.mozilla.org/security/announce/2009/mfsa2009-63.html CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=515376 Multiple unspecified vulnerabilities in liboggz before cf5feeaab69b05e24, as used in Mozilla Firefox 3.5.x before 3.5.4, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors. cpe:/a:mozilla:firefox:3.5.3 cpe:/a:mozilla:firefox:3.5.2 cpe:/a:mozilla:firefox:3.5.1 CVE-2009-3378 2009-10-29T10:30:01.017-04:00 2009-10-30T00:00:00.000-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2009-10-30T09:34:00.000-04:00 CONFIRM http://www.mozilla.org/security/announce/2009/mfsa2009-63.html CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=500311 The oggplay_data_handle_theora_frame function in media/liboggplay/src/liboggplay/oggplay_data.c in liboggplay, as used in Mozilla Firefox 3.5.x before 3.5.4, attempts to reuse an earlier frame data structure upon encountering a decoding error for the first frame, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via a crafted .ogg video file. cpe:/a:mozilla:firefox:3.5.3 cpe:/a:mozilla:firefox:3.5.2 cpe:/a:mozilla:firefox:3.5.1 CVE-2009-3379 2009-10-29T10:30:01.047-04:00 2009-10-30T00:00:00.000-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2009-10-30T09:44:00.000-04:00 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=500254 CONFIRM http://www.mozilla.org/security/announce/2009/mfsa2009-63.html CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=515889 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=507167 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=501279 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=499512 Multiple unspecified vulnerabilities in libvorbis, as used in Mozilla Firefox 3.5.x before 3.5.4, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors. NOTE: this might overlap CVE-2009-2663. cpe:/a:mozilla:firefox:3.0.8 cpe:/a:mozilla:firefox:3.0.13 cpe:/a:mozilla:firefox:3.0.9 cpe:/a:mozilla:firefox:3.0.14 cpe:/a:mozilla:firefox:3.0.6 cpe:/a:mozilla:firefox:3.0.11 cpe:/a:mozilla:firefox:3.0.7 cpe:/a:mozilla:firefox:3.0.12 cpe:/a:mozilla:firefox:3.0.10 cpe:/a:mozilla:firefox:3.5.3 cpe:/a:mozilla:firefox:3.0.1 cpe:/a:mozilla:firefox:3.5.2 cpe:/a:mozilla:firefox:3.5.1 cpe:/a:mozilla:firefox:3.0.4 cpe:/a:mozilla:firefox:3.0.5 cpe:/a:mozilla:firefox:3.0.2 cpe:/a:mozilla:firefox:3.0.3 CVE-2009-3380 2009-10-29T10:30:01.077-04:00 2009-10-30T00:00:00.000-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2009-10-30T09:51:00.000-04:00 CONFIRM http://www.mozilla.org/security/announce/2009/mfsa2009-64.html CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=522030 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=514776 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=509602 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=509244 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=508927 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=497013 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=489925 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=454872 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. cpe:/a:mozilla:firefox:3.5.3 cpe:/a:mozilla:firefox:3.5.2 cpe:/a:mozilla:firefox:3.5.1 CVE-2009-3381 2009-10-29T10:30:01.093-04:00 2009-10-30T00:00:00.000-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2009-10-30T10:01:00.000-04:00 CONFIRM http://www.mozilla.org/security/announce/2009/mfsa2009-64.html CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=516709 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=513394 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=508057 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=503196 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=502168 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. cpe:/a:mozilla:firefox:3.0.13 cpe:/a:mozilla:firefox:3.0.8 cpe:/a:mozilla:firefox:3.0.9 cpe:/a:mozilla:firefox:3.0.14 cpe:/a:mozilla:firefox:3.0.11 cpe:/a:mozilla:firefox:3.0.6 cpe:/a:mozilla:firefox:3.0.12 cpe:/a:mozilla:firefox:3.0.7 cpe:/a:mozilla:firefox:3.0.10 cpe:/a:mozilla:firefox:3.0.1 cpe:/a:mozilla:firefox:3.0.4 cpe:/a:mozilla:firefox:3.0.5 cpe:/a:mozilla:firefox:3.0.2 cpe:/a:mozilla:firefox:3.0.3 CVE-2009-3382 2009-10-29T10:30:01.127-04:00 2009-10-30T00:00:00.000-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2009-10-30T10:07:00.000-04:00 CONFIRM http://www.mozilla.org/security/announce/2009/mfsa2009-64.html CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=514960 layout/base/nsCSSFrameConstructor.cpp in the browser engine in Mozilla Firefox 3.0.x before 3.0.15 does not properly handle first-letter frames, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. cpe:/a:mozilla:firefox:3.5.3 cpe:/a:mozilla:firefox:3.5.2 cpe:/a:mozilla:firefox:3.5.1 CVE-2009-3383 2009-10-29T10:30:01.140-04:00 2009-10-30T00:00:00.000-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2009-10-30T10:15:00.000-04:00 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=518675 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=510987 CONFIRM http://www.mozilla.org/security/announce/2009/mfsa2009-64.html Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. cpe:/a:perl:perl:5.10.1 CVE-2009-3626 2009-10-29T10:30:01.170-04:00 2009-10-30T00:00:00.000-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2009-10-30T10:44:00.000-04:00 VUPEN ADV-2009-3023 CONFIRM http://perl5.git.perl.org/perl.git/commit/0abd0d78a73da1c4d13b1c700526b7e5d03b32d4 CONFIRM https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6225 XF perl-utf8-expressions-dos(53939) BID 36812 OSVDB 59283 MLIST [oss-security] 20091023 CVE-2009-3626 assigment notification - Perl - perl-5.10.1 SECTRACK 1023077 SECUNIA 37144 MISC http://rt.perl.org/rt3/Ticket/Attachment/617489/295383/ CONFIRM http://rt.perl.org/rt3/Public/Bug/Display.html?id=69973 Perl 5.10.1 allows context-dependent attackers to cause a denial of service (application crash) via a UTF-8 character with a large, invalid codepoint, which is not properly handled during a regular-expression match. cpe:/a:derrick_oswald:html-parser:1.2 cpe:/a:derrick_oswald:html-parser:1.1 cpe:/a:derrick_oswald:html-parser:1.00 cpe:/a:derrick_oswald:html-parser:1.4 cpe:/a:derrick_oswald:html-parser:3.54 cpe:/a:derrick_oswald:html-parser:1.3 cpe:/a:derrick_oswald:html-parser:1.6 cpe:/a:derrick_oswald:html-parser:1.42 cpe:/a:derrick_oswald:html-parser:1.5 cpe:/a:derrick_oswald:html-parser:1.41 CVE-2009-3627 2009-10-29T10:30:01.203-04:00 2009-10-30T00:00:00.000-04:00 4.3 NETWORK MEDIUM NONE NONE NONE PARTIAL http://nvd.nist.gov 2009-10-30T10:25:00.000-04:00 CONFIRM https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6225 VUPEN ADV-2009-3022 BID 36807 MLIST [oss-security] 20091023 CVE-2009-3627 assignment notification - HTML-Parser-3.63 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=530604 XF htmlparser-decodeentities-dos(53941) SECUNIA 37155 CONFIRM http://github.com/gisle/html-parser/commit/b9aae1e43eb2c8e989510187cff0ba3e996f9a4c The decode_entities function in util.c in HTML-Parser before 3.63 allows context-dependent attackers to cause a denial of service (infinite loop) via an incomplete SGML numeric character reference, which triggers generation of an invalid UTF-8 character. cpe:/o:linux:kernel:2.4.19::-pre1 cpe:/o:linux:kernel:2.4.19::-pre2 cpe:/o:linux:kernel:2.4.19::-pre5 cpe:/o:linux:kernel:2.6.8.1 cpe:/o:linux:kernel:2.4.19::-pre6 cpe:/o:linux:kernel:2.4.19::-pre3 cpe:/o:linux:kernel:2.4.19::-pre4 cpe:/o:linux:kernel:2.4.23::-ow2 cpe:/o:linux:kernel:2.4.33.2 cpe:/o:linux:kernel:2.4.33.1 cpe:/o:linux:kernel:2.4.33.4 cpe:/o:linux:kernel:2.4.33.3 cpe:/o:linux:kernel:2.4.33.5 cpe:/o:linux:kernel:2.4.33.7 cpe:/o:linux:kernel:2.6.25::x86_64 cpe:/o:linux:kernel:2.6.22.1 cpe:/o:linux:kernel:2.6.22.2 cpe:/o:linux:kernel:2.6.22.3 cpe:/o:linux:kernel:2.6.22.4 cpe:/o:linux:kernel:2.6.23.8 cpe:/o:linux:kernel:2.6.22.5 cpe:/o:linux:kernel:2.6.23.9 cpe:/o:linux:kernel:2.6.22.6 cpe:/o:linux:kernel:2.6.22.7 cpe:/o:linux:kernel:2.6.22.8 cpe:/o:linux:kernel:2.6.23.4 cpe:/o:linux:kernel:2.6.22.9 cpe:/o:linux:kernel:2.6.23.5 cpe:/o:linux:kernel:2.6.23.6 cpe:/o:linux:kernel:2.6.23.7 cpe:/o:linux:kernel:2.6.23.1 cpe:/o:linux:kernel:2.6.23.2 cpe:/o:linux:kernel:2.6.23.3 cpe:/o:linux:kernel:2.4.21::-pre1 cpe:/o:linux:kernel:2.4.21::-pre4 cpe:/o:linux:kernel:2.4.21::-pre7 cpe:/o:linux:kernel:2.6.29:git1 cpe:/o:linux:kernel:2.6.25.6::x86_64 cpe:/o:linux:kernel:2.6.28:git7 cpe:/o:linux:kernel:2.4.18::x86 cpe:/o:linux:kernel:2.6.25.1::x86_64 cpe:/o:linux:kernel:2.6.11.10 cpe:/o:linux:kernel:2.6.11.11 cpe:/o:linux:kernel:2.6.11.12 cpe:/o:linux:kernel:2.4.34.6 cpe:/o:linux:kernel:2.4.34.3 cpe:/o:linux:kernel:2.4.34.2 cpe:/o:linux:kernel:2.4.34.5 cpe:/o:linux:kernel:2.4.34.4 cpe:/o:linux:kernel:2.4.34.1 cpe:/o:linux:kernel:2.6.27.1 cpe:/o:linux:kernel:2.6.27.3 cpe:/o:linux:kernel:2.6.27.2 cpe:/o:linux:kernel:2.6.27.9 cpe:/o:linux:kernel:2.6.27.8 cpe:/o:linux:kernel:2.6.27.5 cpe:/o:linux:kernel:2.6.27.4 cpe:/o:linux:kernel:2.6.27.7 cpe:/o:linux:kernel:2.6.27.6 cpe:/o:linux:kernel:2.6.30.2 cpe:/o:linux:kernel:2.6.30.3 cpe:/o:linux:kernel:2.6.30.1 cpe:/o:linux:kernel:2.6.30.7 cpe:/o:linux:kernel:2.6.17.3 cpe:/o:linux:kernel:2.6.30.6 cpe:/o:linux:kernel:2.6.17.4 cpe:/o:linux:kernel:2.6.30.5 cpe:/o:linux:kernel:2.6.17.5 cpe:/o:linux:kernel:2.6.30.4 cpe:/o:linux:kernel:2.6.17.6 cpe:/o:linux:kernel:2.6.17.7 cpe:/o:linux:kernel:2.6.25.5::x86_64 cpe:/o:linux:kernel:2.6.17.8 cpe:/o:linux:kernel:2.6.30.9 cpe:/o:linux:kernel:2.6.17.9 cpe:/o:linux:kernel:2.6.30.8 cpe:/o:linux:kernel:2.6.17.1 cpe:/o:linux:kernel:2.6.17.2 cpe:/o:linux:kernel:2.4.30:rc3 cpe:/o:linux:kernel:2.4.30:rc2 cpe:/o:linux:kernel:2.6.28.10 cpe:/o:linux:kernel:2.6.25.20 cpe:/o:linux:kernel:2.4.35.5 cpe:/o:linux:kernel:2.4.35.3 cpe:/o:linux:kernel:2.4.35.4 cpe:/o:linux:kernel:2.4.35.1 cpe:/o:linux:kernel:2.4.35.2 cpe:/o:linux:kernel:2.6.18.1 cpe:/o:linux:kernel:2.6.28.1 cpe:/o:linux:kernel:2.6.28.2 cpe:/a:linux:kernel:2.6.24.7 cpe:/o:linux:kernel:2.6.28.5 cpe:/o:linux:kernel:2.6.18.7 cpe:/o:linux:kernel:2.6.28.6 cpe:/o:linux:kernel:2.6.18.6 cpe:/o:linux:kernel:2.6.28.3 cpe:/o:linux:kernel:2.6.28.4 cpe:/o:linux:kernel:2.6.18.8 cpe:/o:linux:kernel:2.6.28.9 cpe:/o:linux:kernel:2.6.27.12 cpe:/o:linux:kernel:2.6.18.3 cpe:/o:linux:kernel:2.6.27.11 cpe:/o:linux:kernel:2.6.18.2 cpe:/o:linux:kernel:2.6.28.7 cpe:/o:linux:kernel:2.6.27.10 cpe:/o:linux:kernel:2.6.18.5 cpe:/o:linux:kernel:2.6.28.8 cpe:/o:linux:kernel:2.6.18.4 cpe:/o:linux:kernel:2.6.27.15 cpe:/o:linux:kernel:2.6.27.16 cpe:/o:linux:kernel:2.6.27.13 cpe:/o:linux:kernel:2.6.27.14 cpe:/o:linux:kernel:2.6.27.19 cpe:/o:linux:kernel:2.6.27.17 cpe:/o:linux:kernel:2.6.27.18 cpe:/o:linux:kernel:2.6.16.9 cpe:/o:linux:kernel:2.6.16.8 cpe:/o:linux:kernel:2.6.16.7 cpe:/o:linux:kernel:2.6.16.6 cpe:/o:linux:kernel:2.6.16.5 cpe:/o:linux:kernel:2.6.20.2 cpe:/o:linux:kernel:2.6.16.4 cpe:/o:linux:kernel:2.6.20.1 cpe:/o:linux:kernel:2.6.25.19 cpe:/o:linux:kernel:2.6.16.3 cpe:/o:linux:kernel:2.6.25.18 cpe:/o:linux:kernel:2.6.16.2 cpe:/o:linux:kernel:2.6.25.17 cpe:/o:linux:kernel:2.6.16.1 cpe:/o:linux:kernel:2.6.21.1 cpe:/o:linux:kernel:2.6.25.16 cpe:/o:linux:kernel:2.6.25.15 cpe:/o:linux:kernel:2.6.25.14 cpe:/o:linux:kernel:2.6 cpe:/o:linux:kernel:2.6.25.13 cpe:/o:linux:kernel:2.6.25.9::x86_64 cpe:/o:linux:kernel:2.6.25.12 cpe:/o:linux:kernel:2.6.25.11 cpe:/o:linux:kernel:2.6.14.4 cpe:/o:linux:kernel:2.6.21.6 cpe:/o:linux:kernel:2.6.14.5 cpe:/o:linux:kernel:2.6.21.7 cpe:/o:linux:kernel:2.6.25.10 cpe:/o:linux:kernel:2.6.14.2 cpe:/o:linux:kernel:2.6.14.3 cpe:/o:linux:kernel:2.6.21.2 cpe:/o:linux:kernel:2.6.14.1 cpe:/o:linux:kernel:2.6.2.27.13 cpe:/o:linux:kernel:2.6.21.3 cpe:/o:linux:kernel:2.6.21.4 cpe:/o:linux:kernel:2.6.21.5 cpe:/o:linux:kernel:2.6.20.3 cpe:/o:linux:kernel:2.6.20.4 cpe:/o:linux:kernel:2.6.20.5 cpe:/o:linux:kernel:2.6.20.6 cpe:/o:linux:kernel:2.6.20.7 cpe:/o:linux:kernel:2.6.20.8 cpe:/o:linux:kernel:2.6.14.6 cpe:/o:linux:kernel:2.6.20.9 cpe:/o:linux:kernel:2.6.14.7 cpe:/o:linux:kernel:2.6.27.33 cpe:/o:linux:kernel:2.6.27.34 cpe:/o:linux:kernel:2.6.27.31 cpe:/o:linux:kernel:2.6.25.11::x86_64 cpe:/o:linux:kernel:2.6.27.32 cpe:/o:linux:kernel:2.6.27.30 cpe:/o:linux:kernel:2.6.19 cpe:/o:linux:kernel:2.6.18 cpe:/o:linux:kernel:2.6.17 cpe:/o:linux:kernel:2.6.16 cpe:/o:linux:kernel:2.6.15 cpe:/o:linux:kernel:2.6.14 cpe:/o:linux:kernel:2.6.12 cpe:/o:linux:kernel:2.6.13 cpe:/o:linux:kernel:2.6.10 cpe:/o:linux:kernel:2.6.11 cpe:/o:linux:kernel:2.6.27.37 cpe:/o:linux:kernel:2.6.27.36 cpe:/o:linux:kernel:2.6.25.4::x86_64 cpe:/o:linux:kernel:2.6.27.35 cpe:/o:linux:kernel:2.6.27.20 cpe:/o:linux:kernel:2.6.27.21 cpe:/o:linux:kernel:2.6.27.22 cpe:/o:linux:kernel:2.6.27.23 cpe:/o:linux:kernel:2.6.29 cpe:/o:linux:kernel:2.6.26 cpe:/o:linux:kernel:2.6.25 cpe:/o:linux:kernel:2.6.28 cpe:/o:linux:kernel:2.6.27 cpe:/o:linux:kernel:2.6.25.12::x86_64 cpe:/o:linux:kernel:2.6.25.2::x86_64 cpe:/o:linux:kernel:2.6.21 cpe:/o:linux:kernel:2.6.22 cpe:/o:linux:kernel:2.6.23 cpe:/o:linux:kernel:2.6.24 cpe:/o:linux:kernel:2.6.20 cpe:/o:linux:kernel:2.6.27.29 cpe:/o:linux:kernel:2.6.27.28 cpe:/o:linux:kernel:2.6.27.25 cpe:/o:linux:kernel:2.6.27.24 cpe:/o:linux:kernel:2.6.27.27 cpe:/o:linux:kernel:2.6.27.26 cpe:/o:linux:kernel:2.6.19.1 cpe:/o:linux:kernel:2.6.16.61 cpe:/o:linux:kernel:2.6.19.2 cpe:/o:linux:kernel:2.6.16.60 cpe:/o:linux:kernel:2.6.19.3 cpe:/o:linux:kernel:2.6.19.4 cpe:/o:linux:kernel:2.6.16.62 cpe:/o:linux:kernel:2.6.19.5 cpe:/o:linux:kernel:2.6.19.6 cpe:/o:linux:kernel:2.6.19.7 cpe:/o:linux:kernel:2.6.30 cpe:/o:linux:kernel:2.6.31 cpe:/o:linux:kernel:2.6.29.6 cpe:/o:linux:kernel:2.6.29.4 cpe:/o:linux:kernel:2.6.29.5 cpe:/o:linux:kernel:2.6.29.2 cpe:/o:linux:kernel:2.6.29.3 cpe:/o:linux:kernel:2.6.29.1 cpe:/o:linux:kernel:2.4.18::pre-2 cpe:/o:linux:kernel:2.4.18::pre-3 cpe:/o:linux:kernel:2.4.18::pre-1 cpe:/o:linux:kernel:2.6.16.52 cpe:/o:linux:kernel:2.6.16.51 cpe:/o:linux:kernel:2.6.16.50 cpe:/o:linux:kernel:2.6.16.56 cpe:/o:linux:kernel:2.6.16.55 cpe:/o:linux:kernel:2.6.16.54 cpe:/o:linux:kernel:2.6.16.53 cpe:/o:linux:kernel:2.6.12.6 cpe:/o:linux:kernel:2.6.16.59 cpe:/o:linux:kernel:2.6.11.9 cpe:/o:linux:kernel:2.6.12.4 cpe:/o:linux:kernel:2.6.16.57 cpe:/o:linux:kernel:2.6.12.5 cpe:/o:linux:kernel:2.6.16.58 cpe:/o:linux:kernel:2.6.12.2 cpe:/o:linux:kernel:2.6.15.4 cpe:/o:linux:kernel:2.6.12.3 cpe:/o:linux:kernel:2.6.15.3 cpe:/o:linux:kernel:2.6.15.2 cpe:/o:linux:kernel:2.6.12.1 cpe:/o:linux:kernel:2.6.15.1 cpe:/o:linux:kernel:2.6.11.3 cpe:/o:linux:kernel:2.4.18::pre-7 cpe:/o:linux:kernel:2.6.11.4 cpe:/o:linux:kernel:2.6.15.7 cpe:/o:linux:kernel:2.4.18::pre-6 cpe:/o:linux:kernel:2.6.11.1 cpe:/o:linux:kernel:2.6.15.6 cpe:/o:linux:kernel:2.4.18::pre-5 cpe:/o:linux:kernel:2.6.11.2 cpe:/o:linux:kernel:2.6.15.5 cpe:/o:linux:kernel:2.4.18::pre-4 cpe:/o:linux:kernel:2.6.11.7 cpe:/o:linux:kernel:2.6.11.8 cpe:/o:linux:kernel:2.6.11.5 cpe:/o:linux:kernel:2.6.11.6 cpe:/o:linux:kernel:2.4.18::pre-8 cpe:/o:linux:kernel:2.6.16.36 cpe:/o:linux:kernel:2.6.13.4 cpe:/o:linux:kernel:2.6.30:rc3 cpe:/o:linux:kernel:2.6.16.35 cpe:/o:linux:kernel:2.6.13.3 cpe:/o:linux:kernel:2.6.30:rc6 cpe:/o:linux:kernel:2.6.16.38 cpe:/o:linux:kernel:2.6.30:rc5 cpe:/o:linux:kernel:2.6.16.37 cpe:/o:linux:kernel:2.6.13.5 cpe:/o:linux:kernel:2.6.16.39 cpe:/o:linux:kernel:2.6.25.8::x86_64 cpe:/o:linux:kernel:2.6.30:rc2 cpe:/o:linux:kernel:2.6.13.2 cpe:/o:linux:kernel:2.6.30:rc1 cpe:/o:linux:kernel:2.6.13.1 cpe:/o:linux:kernel:2.6.16.30 cpe:/o:linux:kernel:2.6.16.31 cpe:/o:linux:kernel:2.6.16.32 cpe:/o:linux:kernel:2.6.16.33 cpe:/o:linux:kernel:2.6.16.34 cpe:/o:linux:kernel:2.4.27::-pre1 cpe:/o:linux:kernel:2.6.16.49 cpe:/o:linux:kernel:2.6.16.48 cpe:/o:linux:kernel:2.6.16.47 cpe:/o:linux:kernel:2.6.16.46 cpe:/o:linux:kernel:2.6.16.40 cpe:/o:linux:kernel:2.6.16.41 cpe:/o:linux:kernel:2.6.26:rc4 cpe:/o:linux:kernel:2.6.30:rc7-git6 cpe:/o:linux:kernel:2.6.16.44 cpe:/o:linux:kernel:2.6.16.45 cpe:/o:linux:kernel:2.6.16.42 cpe:/o:linux:kernel:2.6.16.43 cpe:/o:linux:kernel:2.4.27::-pre2 cpe:/o:linux:kernel:2.4.27::-pre3 cpe:/o:linux:kernel:2.4.27::-pre4 cpe:/o:linux:kernel:2.4.27::-pre5 cpe:/o:linux:kernel:2.6.2 cpe:/o:linux:kernel:2.6.1 cpe:/o:linux:kernel:2.6.0 cpe:/o:linux:kernel:2.6.18:rc2 cpe:/o:linux:kernel:2.6.18:rc1 cpe:/o:linux:kernel:2.6.18:rc4 cpe:/o:linux:kernel:2.6.18:rc3 cpe:/o:linux:kernel:2.6.16.18 cpe:/o:linux:kernel:2.6.18:rc6 cpe:/o:linux:kernel:2.6.9 cpe:/o:linux:kernel:2.6.16.17 cpe:/o:linux:kernel:2.6.18:rc5 cpe:/o:linux:kernel:2.6.8 cpe:/o:linux:kernel:2.6.7 cpe:/o:linux:kernel:2.6.16.19 cpe:/o:linux:kernel:2.6.18:rc7 cpe:/o:linux:kernel:2.6.6 cpe:/o:linux:kernel:2.6.16.14 cpe:/o:linux:kernel:2.6.5 cpe:/o:linux:kernel:2.6.16.13 cpe:/o:linux:kernel:2.6.4 cpe:/o:linux:kernel:2.6.16.16 cpe:/o:linux:kernel:2.6.3 cpe:/o:linux:kernel:2.6.16.15 cpe:/o:linux:kernel:2.6.27:rc3 cpe:/o:linux:kernel:2.6.27:rc4 cpe:/o:linux:kernel:2.6.16.10 cpe:/o:linux:kernel:2.6.27:rc5 cpe:/o:linux:kernel:2.6.16.11 cpe:/o:linux:kernel:2.6.27:rc6 cpe:/o:linux:kernel:2.6.16.12 cpe:/o:linux:kernel:2.6.27:rc1 cpe:/o:linux:kernel:2.6.27:rc2 cpe:/o:linux:kernel:2.6.16.29 cpe:/o:linux:kernel:2.6.16.28 cpe:/o:linux:kernel:2.6.16.27 cpe:/o:linux:kernel:2.6.27:rc9 cpe:/o:linux:kernel:2.6.16.26 cpe:/o:linux:kernel:2.6.27:rc8 cpe:/o:linux:kernel:2.6.16.25 cpe:/o:linux:kernel:2.6.27:rc7 cpe:/o:linux:kernel:2.6.16.24 cpe:/o:linux:kernel:2.6.16.22 cpe:/o:linux:kernel:2.6.28:rc1 cpe:/o:linux:kernel:2.6.16.23 cpe:/o:linux:kernel:2.6.16.20 cpe:/o:linux:kernel:2.6.16.21 cpe:/o:linux:kernel:2.6.17.10 cpe:/o:linux:kernel:2.6.17.11 cpe:/o:linux:kernel:2.6.17.12 cpe:/o:linux:kernel:2.6.29:rc2_git7 cpe:/o:linux:kernel:2.6.17.13 cpe:/o:linux:kernel:2.6.22.18 cpe:/o:linux:kernel:2.6.22.19 cpe:/o:linux:kernel:2.6.22.16 cpe:/o:linux:kernel:2.6.22.17 cpe:/o:linux:kernel:2.6.22.14 cpe:/o:linux:kernel:2.6.22.15 cpe:/o:linux:kernel:2.6.29.rc1 cpe:/o:linux:kernel:2.6.22.12 cpe:/o:linux:kernel:2.6.29.rc2 cpe:/o:linux:kernel:2.6.22.13 cpe:/o:linux:kernel:2.6.22.10 cpe:/o:linux:kernel:2.6.22.11 cpe:/o:linux:kernel:2.6.17.14 cpe:/o:linux:kernel:2.6.25.3::x86_64 cpe:/o:linux:kernel:2.4.36 cpe:/o:linux:kernel:2.4.37 cpe:/o:linux:kernel:2.4.34 cpe:/o:linux:kernel:2.6.22.20 cpe:/o:linux:kernel:2.6.22.21 cpe:/o:linux:kernel:2.6.22.22 cpe:/o:linux:kernel:2.4.33 cpe:/o:linux:kernel:2.4.32 cpe:/o:linux:kernel:2.4.31 cpe:/o:linux:kernel:2.4.30 cpe:/o:linux:kernel:2.6.23:rc1 cpe:/o:linux:kernel:2.6.23:rc2 cpe:/o:linux:kernel:2.4.37:-rc1 cpe:/o:linux:kernel:2.4.23::-pre9 cpe:/o:linux:kernel:2.4.29:-rc2 cpe:/o:linux:kernel:2.4.29:-rc1 cpe:/a:linux:kernel:2.6.25.15 cpe:/o:linux:kernel:2.6.24:rc4 cpe:/o:linux:kernel:2.6.24:rc5 cpe:/o:linux:kernel:2.6.24:rc2 cpe:/o:linux:kernel:2.6.24:rc3 cpe:/o:linux:kernel:2.6.24:rc1 cpe:/o:linux:kernel:2.6.31.3 cpe:/o:linux:kernel:2.6.20.17 cpe:/o:linux:kernel:2.6.20.16 cpe:/o:linux:kernel:2.6.31.2 cpe:/o:linux:kernel:2.6.20.15 cpe:/o:linux:kernel:2.6.31.1 cpe:/o:linux:kernel:2.6.20.14 cpe:/o:linux:kernel:2.6.20.19 cpe:/o:linux:kernel:2.6.20.18 cpe:/o:linux:kernel:2.6.20.13 cpe:/o:linux:kernel:2.6.20.12 cpe:/o:linux:kernel:2.6.20.11 cpe:/o:linux:kernel:2.6.20.10 cpe:/o:linux:kernel:2.6.25.9 cpe:/o:linux:kernel:2.6.25.8 cpe:/o:linux:kernel:2.6.25.7 cpe:/o:linux:kernel:2.6.25.6 cpe:/o:linux:kernel:2.6.25.1 cpe:/o:linux:kernel:2.6.25.5 cpe:/o:linux:kernel:2.6.25.4 cpe:/o:linux:kernel:2.6.25.3 cpe:/o:linux:kernel:2.6.25.2 cpe:/o:linux:kernel:2.6.23.17 cpe:/o:linux:kernel:2.6.23.10 cpe:/o:linux:kernel:2.6.20.20 cpe:/o:linux:kernel:2.6.23.11 cpe:/o:linux:kernel:2.6.23.12 cpe:/o:linux:kernel:2.6.23.13 cpe:/o:linux:kernel:2.6.20.21 cpe:/o:linux:kernel:2.6.23.14 cpe:/o:linux:kernel:2.6.23.15 cpe:/o:linux:kernel:2.6.23.16 cpe:/o:linux:kernel:2.4.21 cpe:/o:linux:kernel:2.4.22 cpe:/o:linux:kernel:2.4.20 cpe:/o:linux:kernel:2.6.25.10::x86_64 cpe:/o:linux:kernel:2.4.36.5 cpe:/o:linux:kernel:2.4.36.4 cpe:/o:linux:kernel:2.4.36.7 cpe:/o:linux:kernel:2.4.36.6 cpe:/o:linux:kernel:2.4.36.9 cpe:/o:linux:kernel:2.4.36.8 cpe:/o:linux:kernel:2.4.26 cpe:/o:linux:kernel:2.4.25 cpe:/o:linux:kernel:2.4.24 cpe:/o:linux:kernel:2.4.23 cpe:/o:linux:kernel:2.4.36.1 cpe:/o:linux:kernel:2.4.29 cpe:/o:linux:kernel:2.4.28 cpe:/o:linux:kernel:2.4.36.3 cpe:/o:linux:kernel:2.4.24::-ow1 cpe:/o:linux:kernel:2.4.36.2 cpe:/o:linux:kernel:2.4.27 cpe:/o:linux:kernel:2.6.16.31:-rc1 cpe:/o:linux:kernel:2.6.25.7::x86_64 cpe:/o:linux:kernel:2.4.10 cpe:/o:linux:kernel:2.4.11 cpe:/o:linux:kernel:2.4.9 cpe:/o:linux:kernel:2.4.8 cpe:/o:linux:kernel:2.4.7 cpe:/o:linux:kernel:2.4.6 cpe:/o:linux:kernel:2.4.5 cpe:/o:linux:kernel:2.4.4 cpe:/o:linux:kernel:2.6.16.31:-rc5 cpe:/o:linux:kernel:2.4.13 cpe:/o:linux:kernel:2.6.16.31:-rc4 cpe:/o:linux:kernel:2.4.12 cpe:/o:linux:kernel:2.4.3 cpe:/o:linux:kernel:2.6.16.31:-rc3 cpe:/o:linux:kernel:2.4.15 cpe:/o:linux:kernel:2.4.2 cpe:/o:linux:kernel:2.6.30:rc4:x86_32 cpe:/o:linux:kernel:2.6.16.31:-rc2 cpe:/o:linux:kernel:2.4.14 cpe:/o:linux:kernel:2.4.1 cpe:/o:linux:kernel:2.4.17 cpe:/o:linux:kernel:2.4.16 cpe:/o:linux:kernel:2.4.19 cpe:/o:linux:kernel:2.4.18 cpe:/o:linux:kernel:2.6.28:rc4 cpe:/o:linux:kernel:2.6.28:rc5 cpe:/o:linux:kernel:2.6.28:rc2 cpe:/o:linux:kernel:2.6.28:rc3 cpe:/o:linux:kernel:2.6.28:rc6 cpe:/o:linux:kernel:2.6.28:rc7 cpe:/o:linux:kernel:2.6.26.7 cpe:/o:linux:kernel:2.6.26.8 cpe:/o:linux:kernel:2.6.26.5 cpe:/o:linux:kernel:2.6.26.6 cpe:/o:linux:kernel:2.6.26.3 cpe:/o:linux:kernel:2.6.26.4 cpe:/o:linux:kernel:2.6.26.1 cpe:/o:linux:kernel:2.6.26.2 cpe:/o:linux:kernel:2.6.24.6 cpe:/o:linux:kernel:2.2.27 cpe:/o:linux:kernel:2.6.24.5 cpe:/o:linux:kernel:2.6.24.4 cpe:/o:linux:kernel:2.6.24.3 cpe:/o:linux:kernel:2.6.29:rc1 cpe:/o:linux:kernel:2.6.24.2 cpe:/o:linux:kernel:2.6.29:rc2 cpe:/o:linux:kernel:2.6.24.1 cpe:/o:linux:kernel:2.6.24.7 cpe:/o:linux:kernel:2.6.29:rc8-kk cpe:/o:linux:kernel:2.4.37.3 cpe:/o:linux:kernel:2.4.37.4 cpe:/o:linux:kernel:2.4.37.5 cpe:/o:linux:kernel:2.4.37.6 cpe:/o:linux:kernel:2.4.37.1 cpe:/o:linux:kernel:2.4.37.2 CVE-2009-3638 2009-10-29T10:30:01.233-04:00 2009-10-30T11:20:35.953-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2009-10-30T11:05:00.000-04:00 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=530515 XF linux-kernel-supportedcpuid-code-execution(53934) BID 36803 CONFIRM http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.32-rc4 CONFIRM http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.31.4 MLIST [oss-security] 20091023 Re: CVE request: kvm: integer overflow in kvm_dev_ioctl_get_supported_cpuid() MLIST [oss-security] 20091023 CVE request: kvm: integer overflow in kvm_dev_ioctl_get_supported_cpuid() CONFIRM http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6a54435560efdab1a08f429a954df4d6c740bddf Integer overflow in the kvm_dev_ioctl_get_supported_cpuid function in arch/x86/kvm/x86.c in the KVM subsystem in the Linux kernel before 2.6.31.4 allows local users to have an unspecified impact via a KVM_GET_SUPPORTED_CPUID request to the kvm_arch_dev_ioctl function. cpe:/o:linux:kernel:2.4.19::-pre1 cpe:/o:linux:kernel:2.4.19::-pre2 cpe:/o:linux:kernel:2.4.19::-pre5 cpe:/o:linux:kernel:2.6.8.1 cpe:/o:linux:kernel:2.4.19::-pre6 cpe:/o:linux:kernel:2.4.19::-pre3 cpe:/o:linux:kernel:2.4.19::-pre4 cpe:/o:linux:kernel:2.4.23::-ow2 cpe:/o:linux:kernel:2.4.33.2 cpe:/o:linux:kernel:2.4.33.1 cpe:/o:linux:kernel:2.4.33.4 cpe:/o:linux:kernel:2.4.33.3 cpe:/o:linux:kernel:2.4.33.5 cpe:/o:linux:kernel:2.4.33.7 cpe:/o:linux:kernel:2.6.25::x86_64 cpe:/o:linux:kernel:2.6.22.1 cpe:/o:linux:kernel:2.6.22.2 cpe:/o:linux:kernel:2.6.22.3 cpe:/o:linux:kernel:2.6.22.4 cpe:/o:linux:kernel:2.6.23.8 cpe:/o:linux:kernel:2.6.22.5 cpe:/o:linux:kernel:2.6.23.9 cpe:/o:linux:kernel:2.6.22.6 cpe:/o:linux:kernel:2.6.22.7 cpe:/o:linux:kernel:2.6.22.8 cpe:/o:linux:kernel:2.6.23.4 cpe:/o:linux:kernel:2.6.22.9 cpe:/o:linux:kernel:2.6.23.5 cpe:/o:linux:kernel:2.6.23.6 cpe:/o:linux:kernel:2.6.23.7 cpe:/o:linux:kernel:2.6.23.1 cpe:/o:linux:kernel:2.6.23.2 cpe:/o:linux:kernel:2.6.23.3 cpe:/o:linux:kernel:2.4.21::-pre1 cpe:/o:linux:kernel:2.4.21::-pre4 cpe:/o:linux:kernel:2.4.21::-pre7 cpe:/o:linux:kernel:2.6.29:git1 cpe:/o:linux:kernel:2.6.25.6::x86_64 cpe:/o:linux:kernel:2.6.28:git7 cpe:/o:linux:kernel:2.4.18::x86 cpe:/o:linux:kernel:2.6.25.1::x86_64 cpe:/o:linux:kernel:2.6.11.10 cpe:/o:linux:kernel:2.6.11.11 cpe:/o:linux:kernel:2.6.11.12 cpe:/o:linux:kernel:2.4.34.6 cpe:/o:linux:kernel:2.4.34.3 cpe:/o:linux:kernel:2.4.34.2 cpe:/o:linux:kernel:2.4.34.5 cpe:/o:linux:kernel:2.4.34.4 cpe:/o:linux:kernel:2.4.34.1 cpe:/o:linux:kernel:2.6.27.1 cpe:/o:linux:kernel:2.6.27.3 cpe:/o:linux:kernel:2.6.27.2 cpe:/o:linux:kernel:2.6.27.9 cpe:/o:linux:kernel:2.6.27.8 cpe:/o:linux:kernel:2.6.27.5 cpe:/o:linux:kernel:2.6.27.4 cpe:/o:linux:kernel:2.6.27.7 cpe:/o:linux:kernel:2.6.27.6 cpe:/o:linux:kernel:2.6.30.2 cpe:/o:linux:kernel:2.6.30.3 cpe:/o:linux:kernel:2.6.30.1 cpe:/o:linux:kernel:2.6.30.7 cpe:/o:linux:kernel:2.6.17.3 cpe:/o:linux:kernel:2.6.30.6 cpe:/o:linux:kernel:2.6.17.4 cpe:/o:linux:kernel:2.6.30.5 cpe:/o:linux:kernel:2.6.17.5 cpe:/o:linux:kernel:2.6.30.4 cpe:/o:linux:kernel:2.6.17.6 cpe:/o:linux:kernel:2.6.17.7 cpe:/o:linux:kernel:2.6.25.5::x86_64 cpe:/o:linux:kernel:2.6.17.8 cpe:/o:linux:kernel:2.6.30.9 cpe:/o:linux:kernel:2.6.17.9 cpe:/o:linux:kernel:2.6.30.8 cpe:/o:linux:kernel:2.6.17.1 cpe:/o:linux:kernel:2.6.17.2 cpe:/o:linux:kernel:2.4.30:rc3 cpe:/o:linux:kernel:2.4.30:rc2 cpe:/o:linux:kernel:2.6.28.10 cpe:/o:linux:kernel:2.6.25.20 cpe:/o:linux:kernel:2.4.35.5 cpe:/o:linux:kernel:2.4.35.3 cpe:/o:linux:kernel:2.4.35.4 cpe:/o:linux:kernel:2.4.35.1 cpe:/o:linux:kernel:2.4.35.2 cpe:/o:linux:kernel:2.6.18.1 cpe:/o:linux:kernel:2.6.28.1 cpe:/o:linux:kernel:2.6.28.2 cpe:/a:linux:kernel:2.6.24.7 cpe:/o:linux:kernel:2.6.28.5 cpe:/o:linux:kernel:2.6.18.7 cpe:/o:linux:kernel:2.6.28.6 cpe:/o:linux:kernel:2.6.18.6 cpe:/o:linux:kernel:2.6.28.3 cpe:/o:linux:kernel:2.6.28.4 cpe:/o:linux:kernel:2.6.18.8 cpe:/o:linux:kernel:2.6.28.9 cpe:/o:linux:kernel:2.6.27.12 cpe:/o:linux:kernel:2.6.18.3 cpe:/o:linux:kernel:2.6.27.11 cpe:/o:linux:kernel:2.6.18.2 cpe:/o:linux:kernel:2.6.28.7 cpe:/o:linux:kernel:2.6.27.10 cpe:/o:linux:kernel:2.6.18.5 cpe:/o:linux:kernel:2.6.28.8 cpe:/o:linux:kernel:2.6.18.4 cpe:/o:linux:kernel:2.6.27.15 cpe:/o:linux:kernel:2.6.27.16 cpe:/o:linux:kernel:2.6.27.13 cpe:/o:linux:kernel:2.6.27.14 cpe:/o:linux:kernel:2.6.27.19 cpe:/o:linux:kernel:2.6.27.17 cpe:/o:linux:kernel:2.6.27.18 cpe:/o:linux:kernel:2.6.16.9 cpe:/o:linux:kernel:2.6.16.8 cpe:/o:linux:kernel:2.6.16.7 cpe:/o:linux:kernel:2.6.16.6 cpe:/o:linux:kernel:2.6.16.5 cpe:/o:linux:kernel:2.6.20.2 cpe:/o:linux:kernel:2.6.16.4 cpe:/o:linux:kernel:2.6.20.1 cpe:/o:linux:kernel:2.6.25.19 cpe:/o:linux:kernel:2.6.16.3 cpe:/o:linux:kernel:2.6.25.18 cpe:/o:linux:kernel:2.6.16.2 cpe:/o:linux:kernel:2.6.25.17 cpe:/o:linux:kernel:2.6.16.1 cpe:/o:linux:kernel:2.6.21.1 cpe:/o:linux:kernel:2.6.25.16 cpe:/o:linux:kernel:2.6.25.15 cpe:/o:linux:kernel:2.6.25.14 cpe:/o:linux:kernel:2.6 cpe:/o:linux:kernel:2.6.25.13 cpe:/o:linux:kernel:2.6.25.9::x86_64 cpe:/o:linux:kernel:2.6.25.12 cpe:/o:linux:kernel:2.6.25.11 cpe:/o:linux:kernel:2.6.14.4 cpe:/o:linux:kernel:2.6.21.6 cpe:/o:linux:kernel:2.6.14.5 cpe:/o:linux:kernel:2.6.21.7 cpe:/o:linux:kernel:2.6.25.10 cpe:/o:linux:kernel:2.6.14.2 cpe:/o:linux:kernel:2.6.14.3 cpe:/o:linux:kernel:2.6.21.2 cpe:/o:linux:kernel:2.6.14.1 cpe:/o:linux:kernel:2.6.2.27.13 cpe:/o:linux:kernel:2.6.21.3 cpe:/o:linux:kernel:2.6.21.4 cpe:/o:linux:kernel:2.6.21.5 cpe:/o:linux:kernel:2.6.20.3 cpe:/o:linux:kernel:2.6.20.4 cpe:/o:linux:kernel:2.6.20.5 cpe:/o:linux:kernel:2.6.20.6 cpe:/o:linux:kernel:2.6.20.7 cpe:/o:linux:kernel:2.6.20.8 cpe:/o:linux:kernel:2.6.14.6 cpe:/o:linux:kernel:2.6.20.9 cpe:/o:linux:kernel:2.6.14.7 cpe:/o:linux:kernel:2.6.27.33 cpe:/o:linux:kernel:2.6.27.34 cpe:/o:linux:kernel:2.6.27.31 cpe:/o:linux:kernel:2.6.25.11::x86_64 cpe:/o:linux:kernel:2.6.27.32 cpe:/o:linux:kernel:2.6.27.30 cpe:/o:linux:kernel:2.6.19 cpe:/o:linux:kernel:2.6.18 cpe:/o:linux:kernel:2.6.17 cpe:/o:linux:kernel:2.6.16 cpe:/o:linux:kernel:2.6.15 cpe:/o:linux:kernel:2.6.14 cpe:/o:linux:kernel:2.6.12 cpe:/o:linux:kernel:2.6.13 cpe:/o:linux:kernel:2.6.10 cpe:/o:linux:kernel:2.6.11 cpe:/o:linux:kernel:2.6.27.37 cpe:/o:linux:kernel:2.6.27.36 cpe:/o:linux:kernel:2.6.25.4::x86_64 cpe:/o:linux:kernel:2.6.27.35 cpe:/o:linux:kernel:2.6.27.20 cpe:/o:linux:kernel:2.6.27.21 cpe:/o:linux:kernel:2.6.27.22 cpe:/o:linux:kernel:2.6.27.23 cpe:/o:linux:kernel:2.6.29 cpe:/o:linux:kernel:2.6.26 cpe:/o:linux:kernel:2.6.25 cpe:/o:linux:kernel:2.6.28 cpe:/o:linux:kernel:2.6.27 cpe:/o:linux:kernel:2.6.25.12::x86_64 cpe:/o:linux:kernel:2.6.25.2::x86_64 cpe:/o:linux:kernel:2.6.21 cpe:/o:linux:kernel:2.6.22 cpe:/o:linux:kernel:2.6.23 cpe:/o:linux:kernel:2.6.24 cpe:/o:linux:kernel:2.6.20 cpe:/o:linux:kernel:2.6.27.29 cpe:/o:linux:kernel:2.6.27.28 cpe:/o:linux:kernel:2.6.27.25 cpe:/o:linux:kernel:2.6.27.24 cpe:/o:linux:kernel:2.6.27.27 cpe:/o:linux:kernel:2.6.27.26 cpe:/o:linux:kernel:2.6.19.1 cpe:/o:linux:kernel:2.6.16.61 cpe:/o:linux:kernel:2.6.19.2 cpe:/o:linux:kernel:2.6.16.60 cpe:/o:linux:kernel:2.6.19.3 cpe:/o:linux:kernel:2.6.19.4 cpe:/o:linux:kernel:2.6.16.62 cpe:/o:linux:kernel:2.6.19.5 cpe:/o:linux:kernel:2.6.19.6 cpe:/o:linux:kernel:2.6.19.7 cpe:/o:linux:kernel:2.6.30 cpe:/o:linux:kernel:2.6.31 cpe:/o:linux:kernel:2.6.29.6 cpe:/o:linux:kernel:2.6.29.4 cpe:/o:linux:kernel:2.6.29.5 cpe:/o:linux:kernel:2.6.29.2 cpe:/o:linux:kernel:2.6.29.3 cpe:/o:linux:kernel:2.6.29.1 cpe:/o:linux:kernel:2.4.18::pre-2 cpe:/o:linux:kernel:2.4.18::pre-3 cpe:/o:linux:kernel:2.4.18::pre-1 cpe:/o:linux:kernel:2.6.16.52 cpe:/o:linux:kernel:2.6.16.51 cpe:/o:linux:kernel:2.6.16.50 cpe:/o:linux:kernel:2.6.16.56 cpe:/o:linux:kernel:2.6.16.55 cpe:/o:linux:kernel:2.6.16.54 cpe:/o:linux:kernel:2.6.16.53 cpe:/o:linux:kernel:2.6.12.6 cpe:/o:linux:kernel:2.6.16.59 cpe:/o:linux:kernel:2.6.11.9 cpe:/o:linux:kernel:2.6.12.4 cpe:/o:linux:kernel:2.6.16.57 cpe:/o:linux:kernel:2.6.12.5 cpe:/o:linux:kernel:2.6.16.58 cpe:/o:linux:kernel:2.6.12.2 cpe:/o:linux:kernel:2.6.15.4 cpe:/o:linux:kernel:2.6.12.3 cpe:/o:linux:kernel:2.6.15.3 cpe:/o:linux:kernel:2.6.15.2 cpe:/o:linux:kernel:2.6.12.1 cpe:/o:linux:kernel:2.6.15.1 cpe:/o:linux:kernel:2.6.11.3 cpe:/o:linux:kernel:2.4.18::pre-7 cpe:/o:linux:kernel:2.6.11.4 cpe:/o:linux:kernel:2.6.15.7 cpe:/o:linux:kernel:2.4.18::pre-6 cpe:/o:linux:kernel:2.6.11.1 cpe:/o:linux:kernel:2.6.15.6 cpe:/o:linux:kernel:2.4.18::pre-5 cpe:/o:linux:kernel:2.6.11.2 cpe:/o:linux:kernel:2.6.15.5 cpe:/o:linux:kernel:2.4.18::pre-4 cpe:/o:linux:kernel:2.6.11.7 cpe:/o:linux:kernel:2.6.11.8 cpe:/o:linux:kernel:2.6.11.5 cpe:/o:linux:kernel:2.6.11.6 cpe:/o:linux:kernel:2.4.18::pre-8 cpe:/o:linux:kernel:2.6.16.36 cpe:/o:linux:kernel:2.6.13.4 cpe:/o:linux:kernel:2.6.30:rc3 cpe:/o:linux:kernel:2.6.16.35 cpe:/o:linux:kernel:2.6.13.3 cpe:/o:linux:kernel:2.6.30:rc6 cpe:/o:linux:kernel:2.6.16.38 cpe:/o:linux:kernel:2.6.30:rc5 cpe:/o:linux:kernel:2.6.16.37 cpe:/o:linux:kernel:2.6.13.5 cpe:/o:linux:kernel:2.6.16.39 cpe:/o:linux:kernel:2.6.25.8::x86_64 cpe:/o:linux:kernel:2.6.30:rc2 cpe:/o:linux:kernel:2.6.13.2 cpe:/o:linux:kernel:2.6.30:rc1 cpe:/o:linux:kernel:2.6.13.1 cpe:/o:linux:kernel:2.6.16.30 cpe:/o:linux:kernel:2.6.16.31 cpe:/o:linux:kernel:2.6.16.32 cpe:/o:linux:kernel:2.6.16.33 cpe:/o:linux:kernel:2.6.16.34 cpe:/o:linux:kernel:2.6.31:rc8 cpe:/o:linux:kernel:2.6.31:rc7 cpe:/o:linux:kernel:2.6.31:rc5 cpe:/o:linux:kernel:2.6.31:rc4 cpe:/o:linux:kernel:2.6.31:rc3 cpe:/o:linux:kernel:2.4.27::-pre1 cpe:/o:linux:kernel:2.6.31:rc2 cpe:/o:linux:kernel:2.6.31:rc1 cpe:/o:linux:kernel:2.6.16.49 cpe:/o:linux:kernel:2.6.16.48 cpe:/o:linux:kernel:2.6.16.47 cpe:/o:linux:kernel:2.6.16.46 cpe:/o:linux:kernel:2.6.16.40 cpe:/o:linux:kernel:2.6.16.41 cpe:/o:linux:kernel:2.6.26:rc4 cpe:/o:linux:kernel:2.6.30:rc7-git6 cpe:/o:linux:kernel:2.6.16.44 cpe:/o:linux:kernel:2.6.16.45 cpe:/o:linux:kernel:2.6.16.42 cpe:/o:linux:kernel:2.6.16.43 cpe:/o:linux:kernel:2.4.27::-pre2 cpe:/o:linux:kernel:2.4.27::-pre3 cpe:/o:linux:kernel:2.4.27::-pre4 cpe:/o:linux:kernel:2.4.27::-pre5 cpe:/o:linux:kernel:2.6.2 cpe:/o:linux:kernel:2.6.1 cpe:/o:linux:kernel:2.6.0 cpe:/o:linux:kernel:2.6.18:rc2 cpe:/o:linux:kernel:2.6.18:rc1 cpe:/o:linux:kernel:2.6.18:rc4 cpe:/o:linux:kernel:2.6.18:rc3 cpe:/o:linux:kernel:2.6.16.18 cpe:/o:linux:kernel:2.6.18:rc6 cpe:/o:linux:kernel:2.6.9 cpe:/o:linux:kernel:2.6.16.17 cpe:/o:linux:kernel:2.6.18:rc5 cpe:/o:linux:kernel:2.6.8 cpe:/o:linux:kernel:2.6.7 cpe:/o:linux:kernel:2.6.16.19 cpe:/o:linux:kernel:2.6.18:rc7 cpe:/o:linux:kernel:2.6.6 cpe:/o:linux:kernel:2.6.16.14 cpe:/o:linux:kernel:2.6.5 cpe:/o:linux:kernel:2.6.16.13 cpe:/o:linux:kernel:2.6.4 cpe:/o:linux:kernel:2.6.16.16 cpe:/o:linux:kernel:2.6.3 cpe:/o:linux:kernel:2.6.16.15 cpe:/o:linux:kernel:2.6.27:rc3 cpe:/o:linux:kernel:2.6.27:rc4 cpe:/o:linux:kernel:2.6.16.10 cpe:/o:linux:kernel:2.6.27:rc5 cpe:/o:linux:kernel:2.6.16.11 cpe:/o:linux:kernel:2.6.27:rc6 cpe:/o:linux:kernel:2.6.16.12 cpe:/o:linux:kernel:2.6.27:rc1 cpe:/o:linux:kernel:2.6.27:rc2 cpe:/o:linux:kernel:2.6.16.29 cpe:/o:linux:kernel:2.6.16.28 cpe:/o:linux:kernel:2.6.16.27 cpe:/o:linux:kernel:2.6.27:rc9 cpe:/o:linux:kernel:2.6.16.26 cpe:/o:linux:kernel:2.6.27:rc8 cpe:/o:linux:kernel:2.6.16.25 cpe:/o:linux:kernel:2.6.27:rc7 cpe:/o:linux:kernel:2.6.16.24 cpe:/o:linux:kernel:2.6.16.22 cpe:/o:linux:kernel:2.6.28:rc1 cpe:/o:linux:kernel:2.6.16.23 cpe:/o:linux:kernel:2.6.16.20 cpe:/o:linux:kernel:2.6.16.21 cpe:/o:linux:kernel:2.6.17.10 cpe:/o:linux:kernel:2.6.17.11 cpe:/o:linux:kernel:2.6.17.12 cpe:/o:linux:kernel:2.6.29:rc2_git7 cpe:/o:linux:kernel:2.6.17.13 cpe:/o:linux:kernel:2.6.22.18 cpe:/o:linux:kernel:2.6.22.19 cpe:/o:linux:kernel:2.6.22.16 cpe:/o:linux:kernel:2.6.22.17 cpe:/o:linux:kernel:2.6.22.14 cpe:/o:linux:kernel:2.6.22.15 cpe:/o:linux:kernel:2.6.29.rc1 cpe:/o:linux:kernel:2.6.22.12 cpe:/o:linux:kernel:2.6.29.rc2 cpe:/o:linux:kernel:2.6.22.13 cpe:/o:linux:kernel:2.6.22.10 cpe:/o:linux:kernel:2.6.22.11 cpe:/o:linux:kernel:2.6.17.14 cpe:/o:linux:kernel:2.6.25.3::x86_64 cpe:/o:linux:kernel:2.4.36 cpe:/o:linux:kernel:2.4.37 cpe:/o:linux:kernel:2.4.34 cpe:/o:linux:kernel:2.6.22.20 cpe:/o:linux:kernel:2.6.22.21 cpe:/o:linux:kernel:2.6.22.22 cpe:/o:linux:kernel:2.4.33 cpe:/o:linux:kernel:2.4.32 cpe:/o:linux:kernel:2.4.31 cpe:/o:linux:kernel:2.4.30 cpe:/o:linux:kernel:2.6.23:rc1 cpe:/o:linux:kernel:2.6.23:rc2 cpe:/o:linux:kernel:2.4.37:-rc1 cpe:/o:linux:kernel:2.4.23::-pre9 cpe:/o:linux:kernel:2.4.29:-rc2 cpe:/o:linux:kernel:2.4.29:-rc1 cpe:/a:linux:kernel:2.6.25.15 cpe:/o:linux:kernel:2.6.24:rc4 cpe:/o:linux:kernel:2.6.24:rc5 cpe:/o:linux:kernel:2.6.24:rc2 cpe:/o:linux:kernel:2.6.24:rc3 cpe:/o:linux:kernel:2.6.24:rc1 cpe:/o:linux:kernel:2.6.31.3 cpe:/o:linux:kernel:2.6.31.4 cpe:/o:linux:kernel:2.6.31.5 cpe:/o:linux:kernel:2.6.20.17 cpe:/o:linux:kernel:2.6.20.16 cpe:/o:linux:kernel:2.6.31.2 cpe:/o:linux:kernel:2.6.20.15 cpe:/o:linux:kernel:2.6.31.1 cpe:/o:linux:kernel:2.6.20.14 cpe:/o:linux:kernel:2.6.20.19 cpe:/o:linux:kernel:2.6.20.18 cpe:/o:linux:kernel:2.6.20.13 cpe:/o:linux:kernel:2.6.20.12 cpe:/o:linux:kernel:2.6.20.11 cpe:/o:linux:kernel:2.6.20.10 cpe:/o:linux:kernel:2.6.25.9 cpe:/o:linux:kernel:2.6.25.8 cpe:/o:linux:kernel:2.6.25.7 cpe:/o:linux:kernel:2.6.25.6 cpe:/o:linux:kernel:2.6.25.1 cpe:/o:linux:kernel:2.6.25.5 cpe:/o:linux:kernel:2.6.25.4 cpe:/o:linux:kernel:2.6.25.3 cpe:/o:linux:kernel:2.6.25.2 cpe:/o:linux:kernel:2.6.23.17 cpe:/o:linux:kernel:2.6.23.10 cpe:/o:linux:kernel:2.6.20.20 cpe:/o:linux:kernel:2.6.23.11 cpe:/o:linux:kernel:2.6.23.12 cpe:/o:linux:kernel:2.6.23.13 cpe:/o:linux:kernel:2.6.20.21 cpe:/o:linux:kernel:2.6.23.14 cpe:/o:linux:kernel:2.6.23.15 cpe:/o:linux:kernel:2.6.23.16 cpe:/o:linux:kernel:2.4.21 cpe:/o:linux:kernel:2.4.22 cpe:/o:linux:kernel:2.4.20 cpe:/o:linux:kernel:2.6.25.10::x86_64 cpe:/o:linux:kernel:2.4.36.5 cpe:/o:linux:kernel:2.4.36.4 cpe:/o:linux:kernel:2.4.36.7 cpe:/o:linux:kernel:2.4.36.6 cpe:/o:linux:kernel:2.4.36.9 cpe:/o:linux:kernel:2.4.36.8 cpe:/o:linux:kernel:2.4.26 cpe:/o:linux:kernel:2.4.25 cpe:/o:linux:kernel:2.4.24 cpe:/o:linux:kernel:2.4.23 cpe:/o:linux:kernel:2.4.36.1 cpe:/o:linux:kernel:2.4.29 cpe:/o:linux:kernel:2.4.28 cpe:/o:linux:kernel:2.4.36.3 cpe:/o:linux:kernel:2.4.24::-ow1 cpe:/o:linux:kernel:2.4.36.2 cpe:/o:linux:kernel:2.4.27 cpe:/o:linux:kernel:2.6.16.31:-rc1 cpe:/o:linux:kernel:2.6.25.7::x86_64 cpe:/o:linux:kernel:2.4.10 cpe:/o:linux:kernel:2.4.11 cpe:/o:linux:kernel:2.4.9 cpe:/o:linux:kernel:2.4.8 cpe:/o:linux:kernel:2.4.7 cpe:/o:linux:kernel:2.4.6 cpe:/o:linux:kernel:2.4.5 cpe:/o:linux:kernel:2.4.4 cpe:/o:linux:kernel:2.6.16.31:-rc5 cpe:/o:linux:kernel:2.4.13 cpe:/o:linux:kernel:2.6.16.31:-rc4 cpe:/o:linux:kernel:2.4.12 cpe:/o:linux:kernel:2.4.3 cpe:/o:linux:kernel:2.6.16.31:-rc3 cpe:/o:linux:kernel:2.4.15 cpe:/o:linux:kernel:2.4.2 cpe:/o:linux:kernel:2.6.30:rc4:x86_32 cpe:/o:linux:kernel:2.6.16.31:-rc2 cpe:/o:linux:kernel:2.4.14 cpe:/o:linux:kernel:2.4.1 cpe:/o:linux:kernel:2.4.17 cpe:/o:linux:kernel:2.4.16 cpe:/o:linux:kernel:2.4.19 cpe:/o:linux:kernel:2.4.18 cpe:/o:linux:kernel:2.6.28:rc4 cpe:/o:linux:kernel:2.6.28:rc5 cpe:/o:linux:kernel:2.6.28:rc2 cpe:/o:linux:kernel:2.6.28:rc3 cpe:/o:linux:kernel:2.6.28:rc6 cpe:/o:linux:kernel:2.6.28:rc7 cpe:/o:linux:kernel:2.6.26.7 cpe:/o:linux:kernel:2.6.26.8 cpe:/o:linux:kernel:2.6.26.5 cpe:/o:linux:kernel:2.6.26.6 cpe:/o:linux:kernel:2.6.26.3 cpe:/o:linux:kernel:2.6.26.4 cpe:/o:linux:kernel:2.6.26.1 cpe:/o:linux:kernel:2.6.26.2 cpe:/o:linux:kernel:2.6.24.6 cpe:/o:linux:kernel:2.2.27 cpe:/o:linux:kernel:2.6.24.5 cpe:/o:linux:kernel:2.6.24.4 cpe:/o:linux:kernel:2.6.24.3 cpe:/o:linux:kernel:2.6.29:rc1 cpe:/o:linux:kernel:2.6.24.2 cpe:/o:linux:kernel:2.6.29:rc2 cpe:/o:linux:kernel:2.6.24.1 cpe:/o:linux:kernel:2.6.24.7 cpe:/o:linux:kernel:2.6.29:rc8-kk cpe:/o:linux:kernel:2.4.37.3 cpe:/o:linux:kernel:2.4.37.4 cpe:/o:linux:kernel:2.4.37.5 cpe:/o:linux:kernel:2.4.37.6 cpe:/o:linux:kernel:2.4.37.1 cpe:/o:linux:kernel:2.4.37.2 CVE-2009-3640 2009-10-29T10:30:01.250-04:00 2009-10-30T00:00:00.000-04:00 2.1 LOCAL LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2009-10-30T11:21:00.000-04:00 XF kernel-updatecr8intercept-dos(53947) BID 36805 CONFIRM http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.32-rc1 MLIST [oss-security] 20091024 Re: CVE request: kvm: update_cr8_intercept() NULL pointer dereference MLIST [oss-security] 20091023 CVE request: kvm: update_cr8_intercept() NULL pointer dereference CONFIRM http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=88c808fd42b53a7e01a2ac3253ef31fef74cb5af The update_cr8_intercept function in arch/x86/kvm/x86.c in the KVM subsystem in the Linux kernel before 2.6.32-rc1 does not properly handle the absence of an Advanced Programmable Interrupt Controller (APIC), which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly gain privileges via a call to the kvm_vcpu_ioctl function. cpe:/h:everfocus:edr1600_dvr CVE-2009-3828 2009-10-30T15:30:00.217-04:00 2009-11-02T07:43:06.233-05:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2009-11-02T07:38:00.000-05:00 XF everfocus-authentication-sec-bypass(53909) BUGTRAQ 20091022 Everfocus EDR1600 remote authentication bypass OSVDB 59139 SECUNIA 37108 FULLDISC 20091022 Everfocus EDR1600 remote authentication bypass The web interface for Everfocus EDR1600 DVR allows remote attackers to bypass authentication and access live cams via certain vectors. cpe:/a:wireshark:wireshark:1.2.0 cpe:/a:wireshark:wireshark:1.2 cpe:/a:wireshark:wireshark:1.2.1 CVE-2009-3549 2009-10-30T16:30:00.250-04:00 2009-11-02T00:00:00.000-05:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2009-11-02T07:41:00.000-05:00 CONFIRM http://www.wireshark.org/docs/relnotes/wireshark-1.2.3.html VUPEN ADV-2009-3061 BID 36846 CONFIRM https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3689 XF wireshark-dissectpaltalk-dos(54016) CONFIRM http://www.wireshark.org/security/wnpa-sec-2009-07.html SECUNIA 37175 packet-paltalk.c in the Paltalk dissector in Wireshark 1.2.0 through 1.2.2, on SPARC and certain other platforms, allows remote attackers to cause a denial of service (application crash) via a file that records a malformed packet trace. cpe:/a:wireshark:wireshark:1.2 cpe:/a:wireshark:wireshark:1.0 cpe:/a:wireshark:wireshark:0.10.5 cpe:/a:wireshark:wireshark:0.10.6 cpe:/a:wireshark:wireshark:0.10.3 cpe:/a:wireshark:wireshark:0.10.4 cpe:/a:wireshark:wireshark:0.10.9 cpe:/a:wireshark:wireshark:0.10.7 cpe:/a:wireshark:wireshark:0.10.8 cpe:/a:wireshark:wireshark:1.0.7 cpe:/a:wireshark:wireshark:1.0.8 cpe:/a:wireshark:wireshark:1.2.0 cpe:/a:wireshark:wireshark:1.0.5 cpe:/a:wireshark:wireshark:1.2.1 cpe:/a:wireshark:wireshark:1.0.6 cpe:/a:wireshark:wireshark:1.0.9 cpe:/a:wireshark:wireshark:1.0.0 cpe:/a:wireshark:wireshark:0.10.13 cpe:/a:wireshark:wireshark:1.0.3 cpe:/a:wireshark:wireshark:0.10.12 cpe:/a:wireshark:wireshark:1.0.4 cpe:/a:wireshark:wireshark:0.10.2 cpe:/a:wireshark:wireshark:1.0.1 cpe:/a:wireshark:wireshark:0.10.14 cpe:/a:wireshark:wireshark:1.0.2 cpe:/a:wireshark:wireshark:0.10.10 cpe:/a:wireshark:wireshark:0.10.11 CVE-2009-3550 2009-10-30T16:30:00.280-04:00 2009-11-02T00:00:00.000-05:00 4.3 NETWORK MEDIUM NONE NONE NONE PARTIAL http://nvd.nist.gov 2009-11-02T09:41:00.000-05:00 CONFIRM http://www.wireshark.org/docs/relnotes/wireshark-1.2.3.html CONFIRM http://www.wireshark.org/docs/relnotes/wireshark-1.0.10.html XF wireshark-dcerpcnt-dos(54017) CONFIRM http://www.wireshark.org/security/wnpa-sec-2009-08.html CONFIRM http://www.wireshark.org/security/wnpa-sec-2009-07.html VUPEN ADV-2009-3061 BID 36846 SECUNIA 37175 The DCERPC/NT dissector in Wireshark 0.10.10 through 1.0.9 and 1.2.0 through 1.2.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a file that records a malformed packet trace. NOTE: some of these details are obtained from third party information. cpe:/a:wireshark:wireshark:1.2.0 cpe:/a:wireshark:wireshark:1.2 cpe:/a:wireshark:wireshark:1.2.1 CVE-2009-3551 2009-10-30T16:30:00.313-04:00 2009-11-02T07:49:31.377-05:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2009-11-02T07:45:00.000-05:00 CONFIRM http://www.wireshark.org/docs/relnotes/wireshark-1.2.3.html VUPEN ADV-2009-3061 BID 36846 XF wireshark-negprotresponse-dos(54018) CONFIRM http://www.wireshark.org/security/wnpa-sec-2009-07.html SECUNIA 37175 Off-by-one error in the dissect_negprot_response function in packet-smb.c in the SMB dissector in Wireshark 1.2.0 through 1.2.2 allows remote attackers to cause a denial of service (application crash) via a file that records a malformed packet trace. NOTE: some of these details are obtained from third party information. cpe:/o:linux:kernel:2.4.19::-pre1 cpe:/o:linux:kernel:2.4.19::-pre2 cpe:/o:linux:kernel:2.4.19::-pre5 cpe:/o:linux:kernel:2.6.8.1 cpe:/o:linux:kernel:2.4.19::-pre6 cpe:/o:linux:kernel:2.4.19::-pre3 cpe:/o:linux:kernel:2.4.19::-pre4 cpe:/o:linux:kernel:2.4.23::-ow2 cpe:/o:linux:kernel:2.4.33.2 cpe:/o:linux:kernel:2.4.33.1 cpe:/o:linux:kernel:2.4.33.4 cpe:/o:linux:kernel:2.4.33.3 cpe:/o:linux:kernel:2.4.33.5 cpe:/o:linux:kernel:2.4.33.7 cpe:/o:linux:kernel:2.6.25::x86_64 cpe:/o:linux:kernel:2.6.22.1 cpe:/o:linux:kernel:2.6.22.2 cpe:/o:linux:kernel:2.6.22.3 cpe:/o:linux:kernel:2.6.22.4 cpe:/o:linux:kernel:2.6.23.8 cpe:/o:linux:kernel:2.6.22.5 cpe:/o:linux:kernel:2.6.23.9 cpe:/o:linux:kernel:2.6.22.6 cpe:/o:linux:kernel:2.6.22.7 cpe:/o:linux:kernel:2.6.22.8 cpe:/o:linux:kernel:2.6.23.4 cpe:/o:linux:kernel:2.6.22.9 cpe:/o:linux:kernel:2.6.23.5 cpe:/o:linux:kernel:2.6.23.6 cpe:/o:linux:kernel:2.6.23.7 cpe:/o:linux:kernel:2.6.23.1 cpe:/o:linux:kernel:2.6.23.2 cpe:/o:linux:kernel:2.6.23.3 cpe:/o:linux:kernel:2.4.21::-pre1 cpe:/o:linux:kernel:2.4.21::-pre4 cpe:/o:linux:kernel:2.4.21::-pre7 cpe:/o:linux:kernel:2.6.29:git1 cpe:/o:linux:kernel:2.6.25.6::x86_64 cpe:/o:linux:kernel:2.6.28:git7 cpe:/o:linux:kernel:2.4.18::x86 cpe:/o:linux:kernel:2.6.25.1::x86_64 cpe:/o:linux:kernel:2.6.11.10 cpe:/o:linux:kernel:2.6.11.11 cpe:/o:linux:kernel:2.6.11.12 cpe:/o:linux:kernel:2.4.34.6 cpe:/o:linux:kernel:2.4.34.3 cpe:/o:linux:kernel:2.4.34.2 cpe:/o:linux:kernel:2.4.34.5 cpe:/o:linux:kernel:2.4.34.4 cpe:/o:linux:kernel:2.4.34.1 cpe:/o:linux:kernel:2.6.27.1 cpe:/o:linux:kernel:2.6.27.3 cpe:/o:linux:kernel:2.6.27.2 cpe:/o:linux:kernel:2.6.27.9 cpe:/o:linux:kernel:2.6.27.8 cpe:/o:linux:kernel:2.6.27.5 cpe:/o:linux:kernel:2.6.27.4 cpe:/o:linux:kernel:2.6.27.7 cpe:/o:linux:kernel:2.6.27.6 cpe:/o:linux:kernel:2.6.30.2 cpe:/o:linux:kernel:2.6.30.3 cpe:/o:linux:kernel:2.6.30.1 cpe:/o:linux:kernel:2.6.30.7 cpe:/o:linux:kernel:2.6.17.3 cpe:/o:linux:kernel:2.6.30.6 cpe:/o:linux:kernel:2.6.17.4 cpe:/o:linux:kernel:2.6.30.5 cpe:/o:linux:kernel:2.6.17.5 cpe:/o:linux:kernel:2.6.30.4 cpe:/o:linux:kernel:2.6.17.6 cpe:/o:linux:kernel:2.6.17.7 cpe:/o:linux:kernel:2.6.25.5::x86_64 cpe:/o:linux:kernel:2.6.17.8 cpe:/o:linux:kernel:2.6.30.9 cpe:/o:linux:kernel:2.6.17.9 cpe:/o:linux:kernel:2.6.30.8 cpe:/o:linux:kernel:2.6.17.1 cpe:/o:linux:kernel:2.6.17.2 cpe:/o:linux:kernel:2.4.30:rc3 cpe:/o:linux:kernel:2.4.30:rc2 cpe:/o:linux:kernel:2.6.28.10 cpe:/o:linux:kernel:2.6.25.20 cpe:/o:linux:kernel:2.4.35.5 cpe:/o:linux:kernel:2.4.35.3 cpe:/o:linux:kernel:2.4.35.4 cpe:/o:linux:kernel:2.4.35.1 cpe:/o:linux:kernel:2.4.35.2 cpe:/o:linux:kernel:2.6.18.1 cpe:/o:linux:kernel:2.6.28.1 cpe:/o:linux:kernel:2.6.28.2 cpe:/a:linux:kernel:2.6.24.7 cpe:/o:linux:kernel:2.6.28.5 cpe:/o:linux:kernel:2.6.18.7 cpe:/o:linux:kernel:2.6.28.6 cpe:/o:linux:kernel:2.6.18.6 cpe:/o:linux:kernel:2.6.28.3 cpe:/o:linux:kernel:2.6.28.4 cpe:/o:linux:kernel:2.6.18.8 cpe:/o:linux:kernel:2.6.28.9 cpe:/o:linux:kernel:2.6.27.12 cpe:/o:linux:kernel:2.6.18.3 cpe:/o:linux:kernel:2.6.27.11 cpe:/o:linux:kernel:2.6.18.2 cpe:/o:linux:kernel:2.6.28.7 cpe:/o:linux:kernel:2.6.27.10 cpe:/o:linux:kernel:2.6.18.5 cpe:/o:linux:kernel:2.6.28.8 cpe:/o:linux:kernel:2.6.18.4 cpe:/o:linux:kernel:2.6.27.15 cpe:/o:linux:kernel:2.6.27.16 cpe:/o:linux:kernel:2.6.27.13 cpe:/o:linux:kernel:2.6.27.14 cpe:/o:linux:kernel:2.6.27.19 cpe:/o:linux:kernel:2.6.27.17 cpe:/o:linux:kernel:2.6.27.18 cpe:/o:linux:kernel:2.6.16.9 cpe:/o:linux:kernel:2.6.16.8 cpe:/o:linux:kernel:2.6.16.7 cpe:/o:linux:kernel:2.6.16.6 cpe:/o:linux:kernel:2.6.16.5 cpe:/o:linux:kernel:2.6.20.2 cpe:/o:linux:kernel:2.6.16.4 cpe:/o:linux:kernel:2.6.20.1 cpe:/o:linux:kernel:2.6.25.19 cpe:/o:linux:kernel:2.6.16.3 cpe:/o:linux:kernel:2.6.25.18 cpe:/o:linux:kernel:2.6.16.2 cpe:/o:linux:kernel:2.6.25.17 cpe:/o:linux:kernel:2.6.16.1 cpe:/o:linux:kernel:2.6.21.1 cpe:/o:linux:kernel:2.6.25.16 cpe:/o:linux:kernel:2.6.25.15 cpe:/o:linux:kernel:2.6.25.14 cpe:/o:linux:kernel:2.6 cpe:/o:linux:kernel:2.6.25.13 cpe:/o:linux:kernel:2.6.25.9::x86_64 cpe:/o:linux:kernel:2.6.25.12 cpe:/o:linux:kernel:2.6.25.11 cpe:/o:linux:kernel:2.6.14.4 cpe:/o:linux:kernel:2.6.21.6 cpe:/o:linux:kernel:2.6.14.5 cpe:/o:linux:kernel:2.6.21.7 cpe:/o:linux:kernel:2.6.25.10 cpe:/o:linux:kernel:2.6.14.2 cpe:/o:linux:kernel:2.6.14.3 cpe:/o:linux:kernel:2.6.21.2 cpe:/o:linux:kernel:2.6.14.1 cpe:/o:linux:kernel:2.6.2.27.13 cpe:/o:linux:kernel:2.6.21.3 cpe:/o:linux:kernel:2.6.21.4 cpe:/o:linux:kernel:2.6.21.5 cpe:/o:linux:kernel:2.6.20.3 cpe:/o:linux:kernel:2.6.20.4 cpe:/o:linux:kernel:2.6.20.5 cpe:/o:linux:kernel:2.6.20.6 cpe:/o:linux:kernel:2.6.20.7 cpe:/o:linux:kernel:2.6.20.8 cpe:/o:linux:kernel:2.6.14.6 cpe:/o:linux:kernel:2.6.20.9 cpe:/o:linux:kernel:2.6.14.7 cpe:/o:linux:kernel:2.6.27.33 cpe:/o:linux:kernel:2.6.27.34 cpe:/o:linux:kernel:2.6.27.31 cpe:/o:linux:kernel:2.6.25.11::x86_64 cpe:/o:linux:kernel:2.6.27.32 cpe:/o:linux:kernel:2.6.27.30 cpe:/o:linux:kernel:2.6.19 cpe:/o:linux:kernel:2.6.18 cpe:/o:linux:kernel:2.6.17 cpe:/o:linux:kernel:2.6.16 cpe:/o:linux:kernel:2.6.15 cpe:/o:linux:kernel:2.6.14 cpe:/o:linux:kernel:2.6.12 cpe:/o:linux:kernel:2.6.13 cpe:/o:linux:kernel:2.6.10 cpe:/o:linux:kernel:2.6.11 cpe:/o:linux:kernel:2.6.27.37 cpe:/o:linux:kernel:2.6.27.36 cpe:/o:linux:kernel:2.6.25.4::x86_64 cpe:/o:linux:kernel:2.6.27.35 cpe:/o:linux:kernel:2.6.27.20 cpe:/o:linux:kernel:2.6.27.21 cpe:/o:linux:kernel:2.6.27.22 cpe:/o:linux:kernel:2.6.27.23 cpe:/o:linux:kernel:2.6.29 cpe:/o:linux:kernel:2.6.26 cpe:/o:linux:kernel:2.6.25 cpe:/o:linux:kernel:2.6.28 cpe:/o:linux:kernel:2.6.27 cpe:/o:linux:kernel:2.6.25.12::x86_64 cpe:/o:linux:kernel:2.6.25.2::x86_64 cpe:/o:linux:kernel:2.6.21 cpe:/o:linux:kernel:2.6.22 cpe:/o:linux:kernel:2.6.23 cpe:/o:linux:kernel:2.6.24 cpe:/o:linux:kernel:2.6.20 cpe:/o:linux:kernel:2.6.27.29 cpe:/o:linux:kernel:2.6.27.28 cpe:/o:linux:kernel:2.6.27.25 cpe:/o:linux:kernel:2.6.27.24 cpe:/o:linux:kernel:2.6.27.27 cpe:/o:linux:kernel:2.6.27.26 cpe:/o:linux:kernel:2.6.19.1 cpe:/o:linux:kernel:2.6.16.61 cpe:/o:linux:kernel:2.6.19.2 cpe:/o:linux:kernel:2.6.16.60 cpe:/o:linux:kernel:2.6.19.3 cpe:/o:linux:kernel:2.6.19.4 cpe:/o:linux:kernel:2.6.16.62 cpe:/o:linux:kernel:2.6.19.5 cpe:/o:linux:kernel:2.6.19.6 cpe:/o:linux:kernel:2.6.19.7 cpe:/o:linux:kernel:2.6.30 cpe:/o:linux:kernel:2.6.31 cpe:/o:linux:kernel:2.6.29.6 cpe:/o:linux:kernel:2.6.29.4 cpe:/o:linux:kernel:2.6.29.5 cpe:/o:linux:kernel:2.6.29.2 cpe:/o:linux:kernel:2.6.29.3 cpe:/o:linux:kernel:2.6.29.1 cpe:/o:linux:kernel:2.4.18::pre-2 cpe:/o:linux:kernel:2.4.18::pre-3 cpe:/o:linux:kernel:2.4.18::pre-1 cpe:/o:linux:kernel:2.6.16.52 cpe:/o:linux:kernel:2.6.16.51 cpe:/o:linux:kernel:2.6.16.50 cpe:/o:linux:kernel:2.6.16.56 cpe:/o:linux:kernel:2.6.16.55 cpe:/o:linux:kernel:2.6.16.54 cpe:/o:linux:kernel:2.6.16.53 cpe:/o:linux:kernel:2.6.12.6 cpe:/o:linux:kernel:2.6.16.59 cpe:/o:linux:kernel:2.6.11.9 cpe:/o:linux:kernel:2.6.12.4 cpe:/o:linux:kernel:2.6.16.57 cpe:/o:linux:kernel:2.6.12.5 cpe:/o:linux:kernel:2.6.16.58 cpe:/o:linux:kernel:2.6.12.2 cpe:/o:linux:kernel:2.6.15.4 cpe:/o:linux:kernel:2.6.12.3 cpe:/o:linux:kernel:2.6.15.3 cpe:/o:linux:kernel:2.6.15.2 cpe:/o:linux:kernel:2.6.12.1 cpe:/o:linux:kernel:2.6.15.1 cpe:/o:linux:kernel:2.6.11.3 cpe:/o:linux:kernel:2.4.18::pre-7 cpe:/o:linux:kernel:2.6.11.4 cpe:/o:linux:kernel:2.6.15.7 cpe:/o:linux:kernel:2.4.18::pre-6 cpe:/o:linux:kernel:2.6.11.1 cpe:/o:linux:kernel:2.6.15.6 cpe:/o:linux:kernel:2.4.18::pre-5 cpe:/o:linux:kernel:2.6.11.2 cpe:/o:linux:kernel:2.6.15.5 cpe:/o:linux:kernel:2.4.18::pre-4 cpe:/o:linux:kernel:2.6.11.7 cpe:/o:linux:kernel:2.6.11.8 cpe:/o:linux:kernel:2.6.11.5 cpe:/o:linux:kernel:2.6.11.6 cpe:/o:linux:kernel:2.4.18::pre-8 cpe:/o:linux:kernel:2.6.16.36 cpe:/o:linux:kernel:2.6.13.4 cpe:/o:linux:kernel:2.6.30:rc3 cpe:/o:linux:kernel:2.6.16.35 cpe:/o:linux:kernel:2.6.13.3 cpe:/o:linux:kernel:2.6.30:rc6 cpe:/o:linux:kernel:2.6.16.38 cpe:/o:linux:kernel:2.6.30:rc5 cpe:/o:linux:kernel:2.6.16.37 cpe:/o:linux:kernel:2.6.13.5 cpe:/o:linux:kernel:2.6.16.39 cpe:/o:linux:kernel:2.6.25.8::x86_64 cpe:/o:linux:kernel:2.6.30:rc2 cpe:/o:linux:kernel:2.6.13.2 cpe:/o:linux:kernel:2.6.30:rc1 cpe:/o:linux:kernel:2.6.13.1 cpe:/o:linux:kernel:2.6.16.30 cpe:/o:linux:kernel:2.6.16.31 cpe:/o:linux:kernel:2.6.16.32 cpe:/o:linux:kernel:2.6.16.33 cpe:/o:linux:kernel:2.6.16.34 cpe:/o:linux:kernel:2.4.27::-pre1 cpe:/o:linux:kernel:2.6.16.49 cpe:/o:linux:kernel:2.6.16.48 cpe:/o:linux:kernel:2.6.16.47 cpe:/o:linux:kernel:2.6.16.46 cpe:/o:linux:kernel:2.6.16.40 cpe:/o:linux:kernel:2.6.16.41 cpe:/o:linux:kernel:2.6.26:rc4 cpe:/o:linux:kernel:2.6.30:rc7-git6 cpe:/o:linux:kernel:2.6.16.44 cpe:/o:linux:kernel:2.6.16.45 cpe:/o:linux:kernel:2.6.16.42 cpe:/o:linux:kernel:2.6.16.43 cpe:/o:linux:kernel:2.4.27::-pre2 cpe:/o:linux:kernel:2.4.27::-pre3 cpe:/o:linux:kernel:2.4.27::-pre4 cpe:/o:linux:kernel:2.4.27::-pre5 cpe:/o:linux:kernel:2.6.2 cpe:/o:linux:kernel:2.6.1 cpe:/o:linux:kernel:2.6.0 cpe:/o:linux:kernel:2.6.18:rc2 cpe:/o:linux:kernel:2.6.18:rc1 cpe:/o:linux:kernel:2.6.18:rc4 cpe:/o:linux:kernel:2.6.18:rc3 cpe:/o:linux:kernel:2.6.16.18 cpe:/o:linux:kernel:2.6.18:rc6 cpe:/o:linux:kernel:2.6.9 cpe:/o:linux:kernel:2.6.16.17 cpe:/o:linux:kernel:2.6.18:rc5 cpe:/o:linux:kernel:2.6.8 cpe:/o:linux:kernel:2.6.7 cpe:/o:linux:kernel:2.6.16.19 cpe:/o:linux:kernel:2.6.18:rc7 cpe:/o:linux:kernel:2.6.6 cpe:/o:linux:kernel:2.6.16.14 cpe:/o:linux:kernel:2.6.5 cpe:/o:linux:kernel:2.6.16.13 cpe:/o:linux:kernel:2.6.4 cpe:/o:linux:kernel:2.6.16.16 cpe:/o:linux:kernel:2.6.3 cpe:/o:linux:kernel:2.6.16.15 cpe:/o:linux:kernel:2.6.27:rc3 cpe:/o:linux:kernel:2.6.27:rc4 cpe:/o:linux:kernel:2.6.16.10 cpe:/o:linux:kernel:2.6.27:rc5 cpe:/o:linux:kernel:2.6.16.11 cpe:/o:linux:kernel:2.6.27:rc6 cpe:/o:linux:kernel:2.6.16.12 cpe:/o:linux:kernel:2.6.27:rc1 cpe:/o:linux:kernel:2.6.27:rc2 cpe:/o:linux:kernel:2.6.16.29 cpe:/o:linux:kernel:2.6.16.28 cpe:/o:linux:kernel:2.6.16.27 cpe:/o:linux:kernel:2.6.27:rc9 cpe:/o:linux:kernel:2.6.16.26 cpe:/o:linux:kernel:2.6.27:rc8 cpe:/o:linux:kernel:2.6.16.25 cpe:/o:linux:kernel:2.6.27:rc7 cpe:/o:linux:kernel:2.6.16.24 cpe:/o:linux:kernel:2.6.16.22 cpe:/o:linux:kernel:2.6.28:rc1 cpe:/o:linux:kernel:2.6.16.23 cpe:/o:linux:kernel:2.6.16.20 cpe:/o:linux:kernel:2.6.16.21 cpe:/o:linux:kernel:2.6.17.10 cpe:/o:linux:kernel:2.6.17.11 cpe:/o:linux:kernel:2.6.17.12 cpe:/o:linux:kernel:2.6.29:rc2_git7 cpe:/o:linux:kernel:2.6.17.13 cpe:/o:linux:kernel:2.6.22.18 cpe:/o:linux:kernel:2.6.22.19 cpe:/o:linux:kernel:2.6.22.16 cpe:/o:linux:kernel:2.6.22.17 cpe:/o:linux:kernel:2.6.22.14 cpe:/o:linux:kernel:2.6.22.15 cpe:/o:linux:kernel:2.6.29.rc1 cpe:/o:linux:kernel:2.6.22.12 cpe:/o:linux:kernel:2.6.29.rc2 cpe:/o:linux:kernel:2.6.22.13 cpe:/o:linux:kernel:2.6.22.10 cpe:/o:linux:kernel:2.6.22.11 cpe:/o:linux:kernel:2.6.17.14 cpe:/o:linux:kernel:2.6.25.3::x86_64 cpe:/o:linux:kernel:2.4.36 cpe:/o:linux:kernel:2.4.37 cpe:/o:linux:kernel:2.4.34 cpe:/o:linux:kernel:2.6.22.20 cpe:/o:linux:kernel:2.6.22.21 cpe:/o:linux:kernel:2.6.22.22 cpe:/o:linux:kernel:2.4.33 cpe:/o:linux:kernel:2.4.32 cpe:/o:linux:kernel:2.4.31 cpe:/o:linux:kernel:2.4.30 cpe:/o:linux:kernel:2.6.23:rc1 cpe:/o:linux:kernel:2.6.23:rc2 cpe:/o:linux:kernel:2.4.37:-rc1 cpe:/o:linux:kernel:2.4.23::-pre9 cpe:/o:linux:kernel:2.4.29:-rc2 cpe:/o:linux:kernel:2.4.29:-rc1 cpe:/a:linux:kernel:2.6.25.15 cpe:/o:linux:kernel:2.6.24:rc4 cpe:/o:linux:kernel:2.6.24:rc5 cpe:/o:linux:kernel:2.6.24:rc2 cpe:/o:linux:kernel:2.6.24:rc3 cpe:/o:linux:kernel:2.6.24:rc1 cpe:/o:linux:kernel:2.6.20.17 cpe:/o:linux:kernel:2.6.20.16 cpe:/o:linux:kernel:2.6.20.15 cpe:/o:linux:kernel:2.6.31.1 cpe:/o:linux:kernel:2.6.20.14 cpe:/o:linux:kernel:2.6.20.19 cpe:/o:linux:kernel:2.6.20.18 cpe:/o:linux:kernel:2.6.20.13 cpe:/o:linux:kernel:2.6.20.12 cpe:/o:linux:kernel:2.6.20.11 cpe:/o:linux:kernel:2.6.20.10 cpe:/o:linux:kernel:2.6.25.9 cpe:/o:linux:kernel:2.6.25.8 cpe:/o:linux:kernel:2.6.25.7 cpe:/o:linux:kernel:2.6.25.6 cpe:/o:linux:kernel:2.6.25.1 cpe:/o:linux:kernel:2.6.25.5 cpe:/o:linux:kernel:2.6.25.4 cpe:/o:linux:kernel:2.6.25.3 cpe:/o:linux:kernel:2.6.25.2 cpe:/o:linux:kernel:2.6.23.17 cpe:/o:linux:kernel:2.6.23.10 cpe:/o:linux:kernel:2.6.20.20 cpe:/o:linux:kernel:2.6.23.11 cpe:/o:linux:kernel:2.6.23.12 cpe:/o:linux:kernel:2.6.23.13 cpe:/o:linux:kernel:2.6.20.21 cpe:/o:linux:kernel:2.6.23.14 cpe:/o:linux:kernel:2.6.23.15 cpe:/o:linux:kernel:2.6.23.16 cpe:/o:linux:kernel:2.4.21 cpe:/o:linux:kernel:2.4.22 cpe:/o:linux:kernel:2.4.20 cpe:/o:linux:kernel:2.6.25.10::x86_64 cpe:/o:linux:kernel:2.4.36.5 cpe:/o:linux:kernel:2.4.36.4 cpe:/o:linux:kernel:2.4.36.7 cpe:/o:linux:kernel:2.4.36.6 cpe:/o:linux:kernel:2.4.36.9 cpe:/o:linux:kernel:2.4.36.8 cpe:/o:linux:kernel:2.4.26 cpe:/o:linux:kernel:2.4.25 cpe:/o:linux:kernel:2.4.24 cpe:/o:linux:kernel:2.4.23 cpe:/o:linux:kernel:2.4.36.1 cpe:/o:linux:kernel:2.4.29 cpe:/o:linux:kernel:2.4.28 cpe:/o:linux:kernel:2.4.36.3 cpe:/o:linux:kernel:2.4.24::-ow1 cpe:/o:linux:kernel:2.4.36.2 cpe:/o:linux:kernel:2.4.27 cpe:/o:linux:kernel:2.6.16.31:-rc1 cpe:/o:linux:kernel:2.6.25.7::x86_64 cpe:/o:linux:kernel:2.4.10 cpe:/o:linux:kernel:2.4.11 cpe:/o:linux:kernel:2.4.9 cpe:/o:linux:kernel:2.4.8 cpe:/o:linux:kernel:2.4.7 cpe:/o:linux:kernel:2.4.6 cpe:/o:linux:kernel:2.4.5 cpe:/o:linux:kernel:2.4.4 cpe:/o:linux:kernel:2.6.16.31:-rc5 cpe:/o:linux:kernel:2.4.13 cpe:/o:linux:kernel:2.6.16.31:-rc4 cpe:/o:linux:kernel:2.4.12 cpe:/o:linux:kernel:2.4.3 cpe:/o:linux:kernel:2.6.16.31:-rc3 cpe:/o:linux:kernel:2.4.15 cpe:/o:linux:kernel:2.4.2 cpe:/o:linux:kernel:2.6.30:rc4:x86_32 cpe:/o:linux:kernel:2.6.16.31:-rc2 cpe:/o:linux:kernel:2.4.14 cpe:/o:linux:kernel:2.4.1 cpe:/o:linux:kernel:2.4.17 cpe:/o:linux:kernel:2.4.16 cpe:/o:linux:kernel:2.4.19 cpe:/o:linux:kernel:2.4.18 cpe:/o:linux:kernel:2.6.28:rc4 cpe:/o:linux:kernel:2.6.28:rc5 cpe:/o:linux:kernel:2.6.28:rc2 cpe:/o:linux:kernel:2.6.28:rc3 cpe:/o:linux:kernel:2.6.28:rc6 cpe:/o:linux:kernel:2.6.28:rc7 cpe:/o:linux:kernel:2.6.26.7 cpe:/o:linux:kernel:2.6.26.8 cpe:/o:linux:kernel:2.6.26.5 cpe:/o:linux:kernel:2.6.26.6 cpe:/o:linux:kernel:2.6.26.3 cpe:/o:linux:kernel:2.6.26.4 cpe:/o:linux:kernel:2.6.26.1 cpe:/o:linux:kernel:2.6.26.2 cpe:/o:linux:kernel:2.6.24.6 cpe:/o:linux:kernel:2.2.27 cpe:/o:linux:kernel:2.6.24.5 cpe:/o:linux:kernel:2.6.24.4 cpe:/o:linux:kernel:2.6.24.3 cpe:/o:linux:kernel:2.6.29:rc1 cpe:/o:linux:kernel:2.6.24.2 cpe:/o:linux:kernel:2.6.29:rc2 cpe:/o:linux:kernel:2.6.24.1 cpe:/o:linux:kernel:2.6.24.7 cpe:/o:linux:kernel:2.6.29:rc8-kk cpe:/o:linux:kernel:2.4.37.3 cpe:/o:linux:kernel:2.4.37.4 cpe:/o:linux:kernel:2.4.37.5 cpe:/o:linux:kernel:2.4.37.6 cpe:/o:linux:kernel:2.4.37.1 cpe:/o:linux:kernel:2.4.37.2 CVE-2009-3623 2009-10-30T16:30:00.343-04:00 2009-11-02T00:00:00.000-05:00 7.8 NETWORK LOW NONE NONE NONE COMPLETE http://nvd.nist.gov 2009-11-02T09:56:00.000-05:00 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=530269 CONFIRM http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.32-rc1 CONFIRM http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.31.2 MLIST [oss-security] 20091022 Re: CVE request: kernel: nfsd4: fix null dereference creating nfsv4 callback client MLIST [oss-security] 20091022 CVE request: kernel: nfsd4: fix null dereference creating nfsv4 callback client CONFIRM http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=886e3b7fe6054230c89ae078a09565ed183ecc73 CONFIRM http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=80fc015bdfe1f5b870c1e1ee02d78e709523fee7 The lookup_cb_cred function in fs/nfsd/nfs4callback.c in the nfsd4 subsystem in the Linux kernel before 2.6.31.2 attempts to access a credentials cache even when a client specifies the AUTH_NULL authentication flavor, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via an NFSv4 mount request.