Professional OVAL Repository
[Eng]
[Rus]
[Sign-In]
OVAL
Search
Categories
RedCheck
About
OVAL Definitions
OVAL Items
FSTEC Data Bank Information Security Threats
NKCKI
EOL (End Of Life)
Linux Security Advisories
Mozilla Foundation Security Advisory
IBM
VMware
Cisco
Check Point Software Technologies
Apache
Solaris
FreeBSD
Development
GitHub Enterprise
Google Chrome Security Advisories
Oracle Security Advisories
Adobe Security Advisories
OpenSSL Security Advisories
Microsoft
CVE
CWE
CPE
Latest Updates
OS ROSA
ALT Linux
Astra Linux
RED OS
DSA (Debian Security Advisory) Patсh Statistics
DSA (Debian Security Advisory) Patсh Feed
DSA (Debian Security Advisory) Vulnerability Feed
DLA (Debian Security Advisory) Patсh Statistics
DLA (Debian Security Advisory) Patсh Feed
DLA (Debian Security Advisory) Vulnerability Feed
ALT Linux (Security Bulletins) Patсh Statistics
ALT Linux (Security Bulletins) Patсh Feed
ALT Linux (Security Bulletins) Vulnerability Feed
RED OS (Security Bulletins) Patсh Statistics
RED OS (Security Bulletins) Patсh Feed
RED OS (Security Bulletins) Vulnerability Feed
USN (Ubuntu Security Notice) Patсh Statistics
USN (Ubuntu Security Notice) Patсh Feed
USN (Ubuntu Security Notice) Vulnerability Feed
RHSA (RedHat Security Advisory) Patсh Statistics
RHSA (RedHat Security Advisory) Patсh Feed
RHSA (RedHat Security Advisory) Vulnerability Feed
ELSA (Oracle Linux Security Advisory) Patсh Statistics
ELSA (Oracle Linux Security Advisory) Patсh Feed
ELSA (Oracle Linux Security Advisory) Vulnerability Feed
SUSE (SUSE Security Advisories) Patсh Statistics
SUSE (SUSE Security Advisories) Patсh Feed
SUSE (SUSE Security Advisories) Vulnerability Feed
openSUSE (openSUSE Security Advisories) Patсh Statistics
openSUSE (openSUSE Security Advisories) Patсh Feed
openSUSE (openSUSE Security Advisories) Vulnerability Feed
Amazon Linux AMI (Security Bulletins) Patсh Statistics
Amazon Linux AMI (Security Bulletins) Patсh Feed
Amazon Linux AMI (Security Bulletins) Vulnerability Feed
Mageia Linux (Security Bulletins) Patсh Statistics
Mageia Linux (Security Bulletins) Patсh Feed
Mageia Linux (Security Bulletins) Vulnerability Feed
OS ROSA SX COBALT 1.0
OS ROSA DX COBALT 1.0
ROSA 7.3 (Security Advisories) Patсh Statistics
ROSA 7.3 (Security Advisories) Patсh Feed
ROSA 7.3 (Security Advisories) Vulnerability Feed
ALT Linux SPT 6.0
ALT Linux SPT 7.0
ALT 8 SP
ALT 9
Astra Linux SE 1.5
Astra Linux SE 1.6
Astra Linux SE 1.7
Astra Linux SE 1.8
RED OS Murom 7.1
RED OS Murom 7.2
IBM DB2
VMware Vulnerabilities Advisory (VMSA)
VMware vCenter Patch Advisories
VMware ESXi Patch Advisories
VMware NSX Patches
VMware NSX Vulnerabilities
VMware Photon OS 1.0 Patches
VMware Photon OS 1.0 Vulnerabilities
VMware Photon OS 2.0 Patches
VMware Photon OS 2.0 Vulnerabilities
Cisco ASA
Cisco IOS/NX-OS Advisory
Cisco NX-OS Vulnerabilities
Check Point Gaia
Apache Tomcat Advisories
Apache Tomcat Server
Apache HTTP Server
Python
Node.js
RubyGems
Qt
Microsoft Security Bulletin
Microsoft Knowledge Base Article
Microsoft SharePoint
Microsoft SharePoint Foundation 2013
Microsoft SharePoint Server 2013
Microsoft SharePoint Server 2016
About OVALdb
User manual
Pricing
Contact us
OVAL Definitions
>
OVAL Definition Details
Id
oval:ru.altx-soft.nix:def:1691
[Eng]
Version
9
Class
patch
ALTXid
40209
Language
Russian
Severity
Critical
Title
Обновление RHSA-2010:0338: устранение уязвимостей в java-1.5.0-sun
Description
The java-1.5.0-sun packages are vulnerable to a number of security flaws
and should no longer be used.
This update removes the java-1.5.0-sun packages as they have reached their
End of Service Life.
Family
unix
Platform
Red Hat Enterprise Linux 5
Product
java-1.5.0-sun
Reference
VENDOR: RHSA-2010:0338-02
VENDOR: RHSA-2010:0338-02
Id:
RHSA-2010:0338-02
Reference:
https://rhn.redhat.com/errata/RHSA-2010-0338.html
CVE: CVE-2009-3555
CVE: CVE-2009-3555
Id:
CVE-2009-3555
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555
Comment
: The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
CVSSv2 Score:
5.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:P
CWE:
295 (Certificate Issues)
References:
http://www.tombom.co.uk/blog/?p=85 (MISC)
[tls] 20091104 TLS renegotiation issue (MLIST)
37292 (SECUNIA)
https://bugzilla.mozilla.org/show_bug.cgi?id=526689 (MISC)
http://extendedsubset.com/?p=8 (MISC)
[tls] 20091104 MITM attack on delayed TLS-client auth through renegotiation (MLIST)
ADV-2009-3165 (VUPEN)
[cryptography] 20091105 OpenSSL 0.9.8l released (MLIST)
http://blogs.sun.com/security/entry/vulnerability_in_tls_protocol_during (CONFIRM)
ADV-2009-3164 (VUPEN)
[announce] 20091107 CVE-2009-3555 - apache/mod_ssl vulnerability and mitigation (MLIST)
http://kbase.redhat.com/faq/docs/DOC-20491 (CONFIRM)
https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt (MISC)
[gnutls-devel] 20091105 Re: TLS renegotiation MITM (MLIST)
36935 (BID)
http://www.betanews.com/article/1257452450 (MISC)
[oss-security] 20091107 Re: CVE-2009-3555 for TLS renegotiation MITM attacks (MLIST)
[oss-security] 20091105 CVE-2009-3555 for TLS renegotiation MITM attacks (MLIST)
https://bugzilla.redhat.com/show_bug.cgi?id=533125 (CONFIRM)
http://www.links.org/?p=780 (MISC)
http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html (MISC)
37291 (SECUNIA)
[oss-security] 20091105 Re: CVE-2009-3555 for TLS renegotiation MITM attacks (MLIST)
[oss-security] 20091107 Re: [TLS] CVE-2009-3555 for TLS renegotiation MITM attacks (MLIST)
http://extendedsubset.com/Renegotiating_TLS.pdf (MISC)
20091109 Transport Layer Security Renegotiation Vulnerability (CISCO)
1023163 (SECTRACK)
VU#120541 (CERT-VN)
http://www.links.org/?p=789 (MISC)
20091111 Re: SSL/TLS MiTM PoC (FULLDISC)
http://blogs.iss.net/archive/sslmitmiscsrf.html (MISC)
http://www.links.org/?p=786 (MISC)
ADV-2009-3220 (VUPEN)
http://support.citrix.com/article/CTX123359 (CONFIRM)
37320 (SECUNIA)
ADV-2009-3205 (VUPEN)
http://www.securegoose.org/2009/11/tls-renegotiation-vulnerability-cve.html (MISC)
1023148 (SECTRACK)
273029 (SUNALERT)
DSA-1934 (DEBIAN)
SUSE-SA:2009:057 (SUSE)
http://sysoev.ru/nginx/patch.cve-2009-3555.txt (CONFIRM)
[oss-security] 20091120 CVEs for nginx (MLIST)
[oss-security] 20091123 Re: CVEs for nginx (MLIST)
http://wiki.rpath.com/Advisories:rPSA-2009-0155 (CONFIRM)
FEDORA-2009-12775 (FEDORA)
1023272 (SECTRACK)
FEDORA-2009-12750 (FEDORA)
1023271 (SECTRACK)
[4.5] 010: SECURITY FIX: November 26, 2009 (OPENBSD)
1023207 (SECTRACK)
37656 (SECUNIA)
1023211 (SECTRACK)
1023218 (SECTRACK)
ADV-2009-3353 (VUPEN)
1023209 (SECTRACK)
1023273 (SECTRACK)
GLSA-200912-01 (GENTOO)
1023215 (SECTRACK)
http://www.ingate.com/Relnote.php?ver=481 (CONFIRM)
FEDORA-2009-12782 (FEDORA)
37504 (SECUNIA)
1023208 (SECTRACK)
1023212 (SECTRACK)
1023243 (SECTRACK)
https://support.f5.com/kb/en-us/solutions/public/10000/700/sol10737.html (MISC)
http://clicky.me/tlsvuln (MISC)
FEDORA-2009-12968 (FEDORA)
1023204 (SECTRACK)
37501 (SECUNIA)
1023217 (SECTRACK)
1023210 (SECTRACK)
1023274 (SECTRACK)
37675 (SECUNIA)
1023205 (SECTRACK)
SSRT090249 (HP)
1023275 (SECTRACK)
1023216 (SECTRACK)
[4.6] 004: SECURITY FIX: November 26, 2009 (OPENBSD)
1023270 (SECTRACK)
http://blog.g-sec.lu/2009/11/tls-sslv3-renegotiation-vulnerability.html (MISC)
1023206 (SECTRACK)
60521 (OSVDB)
1023219 (SECTRACK)
ADV-2009-3354 (VUPEN)
37604 (SECUNIA)
37859 (SECUNIA)
ADV-2009-3484 (VUPEN)
ADV-2009-3587 (VUPEN)
FEDORA-2009-12604 (FEDORA)
FEDORA-2009-12606 (FEDORA)
http://www-01.ibm.com/support/docview.wss?uid=swg24025312 (CONFIRM)
FEDORA-2009-12229 (FEDORA)
FEDORA-2009-12305 (FEDORA)
37640 (SECUNIA)
60972 (OSVDB)
PM00675 (AIXAPAR)
http://www.proftpd.org/docs/RELEASE_NOTES-1.3.2c (CONFIRM)
ADV-2009-3521 (VUPEN)
http://tomcat.apache.org/native-doc/miscellaneous/changelog-1.1.x.html (CONFIRM)
APPLE-SA-2010-01-19-1 (APPLE)
38056 (SECUNIA)
http://support.zeus.com/zws/media/docs/4.3/RELEASE_NOTES (CONFIRM)
http://support.zeus.com/zws/news/2010/01/13/zws_4_3r5_released (CONFIRM)
http://support.apple.com/kb/HT4004 (CONFIRM)
38241 (SECUNIA)
ADV-2010-0173 (VUPEN)
38484 (SECUNIA)
62210 (OSVDB)
http://www.arubanetworks.com/support/alerts/aid-020810.txt (CONFIRM)
ADV-2010-0086 (VUPEN)
38003 (SECUNIA)
http://support.avaya.com/css/P8/documents/100070150 (CONFIRM)
1023428 (SECTRACK)
1023427 (SECTRACK)
1023411 (SECTRACK)
1023426 (SECTRACK)
RHSA-2010:0119 (REDHAT)
38687 (SECUNIA)
38020 (SECUNIA)
274990 (SUNALERT)
273350 (SUNALERT)
RHSA-2010:0167 (REDHAT)
RHSA-2010:0155 (REDHAT)
ADV-2010-0748 (VUPEN)
39243 (SECUNIA)
39136 (SECUNIA)
https://bugzilla.mozilla.org/show_bug.cgi?id=545755 (CONFIRM)
http://www.mozilla.org/security/announce/2010/mfsa2010-22.html (CONFIRM)
39242 (SECUNIA)
RHSA-2010:0338 (REDHAT)
RHSA-2010:0339 (REDHAT)
SUSE-SR:2010:008 (SUSE)
RHSA-2010:0337 (REDHAT)
39317 (SECUNIA)
USN-923-1 (UBUNTU)
39292 (SECUNIA)
37453 (SECUNIA)
1023224 (SECTRACK)
37383 (SECUNIA)
37399 (SECUNIA)
ADV-2009-3310 (VUPEN)
ADV-2009-3313 (VUPEN)
1023214 (SECTRACK)
1023213 (SECTRACK)
SSA:2009-320-01 (SLACKWARE)
ADV-2010-0848 (VUPEN)
38781 (SECUNIA)
39278 (SECUNIA)
RHSA-2010:0130 (REDHAT)
USN-927-1 (UBUNTU)
39500 (SECUNIA)
IC67848 (AIXAPAR)
ADV-2010-0982 (VUPEN)
http://www-01.ibm.com/support/docview.wss?uid=swg21426108 (CONFIRM)
MDVSA-2010:076 (MANDRIVA)
ADV-2010-0933 (VUPEN)
MDVSA-2010:084 (MANDRIVA)
39628 (SECUNIA)
PM12247 (AIXAPAR)
FEDORA-2010-5357 (FEDORA)
39461 (SECUNIA)
ADV-2010-0916 (VUPEN)
MDVSA-2010:089 (MANDRIVA)
ADV-2010-1054 (VUPEN)
FEDORA-2010-5942 (FEDORA)
http://support.avaya.com/css/P8/documents/100081611 (CONFIRM)
RHSA-2010:0165 (REDHAT)
FEDORA-2010-6131 (FEDORA)
39632 (SECUNIA)
39713 (SECUNIA)
ADV-2010-0994 (VUPEN)
SSRT090180 (HP)
SUSE-SR:2010:011 (SUSE)
ADV-2010-1107 (VUPEN)
APPLE-SA-2010-05-18-2 (APPLE)
39819 (SECUNIA)
APPLE-SA-2010-05-18-1 (APPLE)
http://support.apple.com/kb/HT4170 (CONFIRM)
1021752 (SUNALERT)
http://support.apple.com/kb/HT4171 (CONFIRM)
ADV-2010-1191 (VUPEN)
SUSE-SR:2010:012 (SUSE)
ADV-2010-1350 (VUPEN)
40070 (SECUNIA)
65202 (OSVDB)
http://www.openoffice.org/security/cves/CVE-2009-3555.html (CONFIRM)
SUSE-SR:2010:013 (SUSE)
1021653 (SUNALERT)
39127 (SECUNIA)
ADV-2010-1639 (VUPEN)
http://www.opera.com/support/search/view/944/ (CONFIRM)
USN-927-5 (UBUNTU)
ADV-2010-1673 (VUPEN)
http://www.opera.com/docs/changelogs/unix/1060/ (CONFIRM)
USN-927-4 (UBUNTU)
ADV-2010-1793 (VUPEN)
SSRT100179 (HP)
40545 (SECUNIA)
40747 (SECUNIA)
HPSBGN02562 (HP)
ADV-2010-2010 (VUPEN)
40866 (SECUNIA)
IC68054 (AIXAPAR)
http://www-01.ibm.com/support/docview.wss?uid=swg21432298 (CONFIRM)
IC68055 (AIXAPAR)
TA10-222A (CERT)
41490 (SECUNIA)
41480 (SECUNIA)
HPSBMA02568 (HP)
ADV-2010-2745 (VUPEN)
http://support.avaya.com/css/P8/documents/100114315 (CONFIRM)
http://support.avaya.com/css/P8/documents/100114327 (CONFIRM)
RHSA-2010:0770 (REDHAT)
FEDORA-2010-16294 (FEDORA)
TA10-287A (CERT)
USN-1010-1 (UBUNTU)
RHSA-2010:0786 (REDHAT)
41972 (SECUNIA)
FEDORA-2010-16240 (FEDORA)
RHSA-2010:0807 (REDHAT)
41967 (SECUNIA)
http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html (CONFIRM)
FEDORA-2010-16312 (FEDORA)
RHSA-2010:0865 (REDHAT)
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html (CONFIRM)
RHSA-2010:0768 (REDHAT)
ADV-2010-3086 (VUPEN)
http://www-01.ibm.com/support/docview.wss?uid=swg24006386 (CONFIRM)
42379 (SECUNIA)
42377 (SECUNIA)
1024789 (SECTRACK)
42467 (SECUNIA)
ADV-2010-3126 (VUPEN)
http://www.vmware.com/security/advisories/VMSA-2010-0019.html (CONFIRM)
ADV-2010-3069 (VUPEN)
42811 (SECUNIA)
ADV-2011-0032 (VUPEN)
DSA-2141 (DEBIAN)
SUSE-SA:2010:061 (SUSE)
RHSA-2010:0986 (REDHAT)
RHSA-2010:0987 (REDHAT)
SUSE-SR:2010:019 (SUSE)
42724 (SECUNIA)
42816 (SECUNIA)
42808 (SECUNIA)
42733 (SECUNIA)
https://kb.bluecoat.com/index?page=content&id=SA50 (CONFIRM)
ADV-2011-0033 (VUPEN)
ADV-2011-0086 (VUPEN)
SUSE-SR:2010:024 (SUSE)
http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html (CONFIRM)
43308 (SECUNIA)
http://www.vmware.com/security/advisories/VMSA-2011-0003.html (CONFIRM)
http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html (CONFIRM)
44183 (SECUNIA)
RHSA-2011:0880 (REDHAT)
SSRT090208 (HP)
openSUSE-SU-2011:0845 (SUSE)
SUSE-SU-2011:0847 (SUSE)
HPSBHF02706 (HP)
44954 (SECUNIA)
http://xss.cx/examples/plesk-reports/plesk-parallels-controlpanel-psa.v.10.3.1_build1013110726.09%20os_redhat.el6-billing-system-plugin-javascript-injection-example-poc-report.html (MISC)
SSRT100817 (HP)
GLSA-201203-22 (GENTOO)
48577 (SECUNIA)
http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html (CONFIRM)
20131121 ESA-2013-077: RSA Data Protection Manager Appliance Multiple Vulnerabilities (BUGTRAQ)
GLSA-201406-32 (GENTOO)
http://www.openssl.org/news/secadv_20091111.txt (CONFIRM)
41818 (SECUNIA)
SSRT101846 (HP)
DSA-3253 (DEBIAN)
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888 (CONFIRM)
HPSBUX02517 (HP)
HPSBMU02799 (HP)
SSRT100089 (HP)
HPSBUX02498 (HP)
HPSBOV02762 (HP)
tls-renegotiation-weak-security(54158) (XF)
oval:org.mitre.oval:def:8535 (OVAL)
oval:org.mitre.oval:def:8366 (OVAL)
oval:org.mitre.oval:def:7973 (OVAL)
oval:org.mitre.oval:def:7478 (OVAL)
oval:org.mitre.oval:def:7315 (OVAL)
oval:org.mitre.oval:def:11617 (OVAL)
oval:org.mitre.oval:def:11578 (OVAL)
oval:org.mitre.oval:def:10088 (OVAL)
20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX (BUGTRAQ)
20101207 VMSA-2010-0019 VMware ESX third party updates for Service Console (BUGTRAQ)
20091130 TLS / SSLv3 vulnerability explained (New ways to leverage the vulnerability) (BUGTRAQ)
20091124 rPSA-2009-0155-1 httpd mod_ssl (BUGTRAQ)
20091118 TLS / SSLv3 vulnerability explained (DRAFT) (BUGTRAQ)
MS10-049 (MS)
https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E (MISC)
https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220%40%3Cdev.tomcat.apache.org%3E (MISC)
https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2%40%3Cdev.tomcat.apache.org%3E (MISC)
https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E (MISC)
CVE: CVE-2010-0082
CVE: CVE-2010-0082
Id:
CVE-2010-0082
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0082
Comment
: Unspecified vulnerability in the HotSpot Server component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
CVSSv2 Score:
5.1
Access vector:
NETWORK
Access complexity:
HIGH
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:H/Au:N/C:P/I:P/A:P
References:
RHSA-2010:0338 (REDHAT)
SUSE-SR:2010:008 (SUSE)
RHSA-2010:0337 (REDHAT)
RHSA-2010:0339 (REDHAT)
USN-923-1 (UBUNTU)
39292 (SECUNIA)
39317 (SECUNIA)
MDVSA-2010:084 (MANDRIVA)
SUSE-SR:2010:011 (SUSE)
ADV-2010-1107 (VUPEN)
ADV-2010-1191 (VUPEN)
APPLE-SA-2010-05-18-1 (APPLE)
APPLE-SA-2010-05-18-2 (APPLE)
39819 (SECUNIA)
http://support.apple.com/kb/HT4170 (CONFIRM)
http://support.apple.com/kb/HT4171 (CONFIRM)
40545 (SECUNIA)
ADV-2010-1793 (VUPEN)
SSRT100179 (HP)
http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html (CONFIRM)
http://www.vmware.com/security/advisories/VMSA-2011-0003.html (CONFIRM)
43308 (SECUNIA)
http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html (CONFIRM)
HPSBMU02799 (HP)
SSRT100089 (HP)
oval:org.mitre.oval:def:13934 (OVAL)
oval:org.mitre.oval:def:11576 (OVAL)
20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX (BUGTRAQ)
CVE: CVE-2010-0084
CVE: CVE-2010-0084
Id:
CVE-2010-0084
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0084
Comment
: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2010-0091.
CVSSv2 Score:
5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N
References:
63482 (OSVDB)
RHSA-2010:0339 (REDHAT)
RHSA-2010:0338 (REDHAT)
SUSE-SR:2010:008 (SUSE)
RHSA-2010:0337 (REDHAT)
39317 (SECUNIA)
39292 (SECUNIA)
USN-923-1 (UBUNTU)
MDVSA-2010:084 (MANDRIVA)
39659 (SECUNIA)
RHSA-2010:0383 (REDHAT)
SUSE-SR:2010:011 (SUSE)
ADV-2010-1107 (VUPEN)
39819 (SECUNIA)
ADV-2010-1191 (VUPEN)
http://support.apple.com/kb/HT4171 (CONFIRM)
APPLE-SA-2010-05-18-1 (APPLE)
APPLE-SA-2010-05-18-2 (APPLE)
http://support.apple.com/kb/HT4170 (CONFIRM)
RHSA-2010:0471 (REDHAT)
ADV-2010-1454 (VUPEN)
ADV-2010-1793 (VUPEN)
40545 (SECUNIA)
SSRT100179 (HP)
SUSE-SR:2010:017 (SUSE)
http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html (CONFIRM)
43308 (SECUNIA)
http://www.vmware.com/security/advisories/VMSA-2011-0003.html (CONFIRM)
http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html (CONFIRM)
http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html (CONFIRM)
HPSBMU02799 (HP)
SSRT100089 (HP)
oval:org.mitre.oval:def:14061 (OVAL)
oval:org.mitre.oval:def:11120 (OVAL)
20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX (BUGTRAQ)
CVE: CVE-2010-0085
CVE: CVE-2010-0085
Id:
CVE-2010-0085
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0085
Comment
: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-0088.
CVSSv2 Score:
5.1
Access vector:
NETWORK
Access complexity:
HIGH
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:H/Au:N/C:P/I:P/A:P
References:
RHSA-2010:0338 (REDHAT)
SUSE-SR:2010:008 (SUSE)
RHSA-2010:0339 (REDHAT)
RHSA-2010:0337 (REDHAT)
39317 (SECUNIA)
39292 (SECUNIA)
USN-923-1 (UBUNTU)
MDVSA-2010:084 (MANDRIVA)
RHSA-2010:0383 (REDHAT)
39659 (SECUNIA)
SUSE-SR:2010:011 (SUSE)
ADV-2010-1107 (VUPEN)
APPLE-SA-2010-05-18-2 (APPLE)
http://support.apple.com/kb/HT4171 (CONFIRM)
39819 (SECUNIA)
ADV-2010-1191 (VUPEN)
APPLE-SA-2010-05-18-1 (APPLE)
http://support.apple.com/kb/HT4170 (CONFIRM)
RHSA-2010:0471 (REDHAT)
ADV-2010-1454 (VUPEN)
40545 (SECUNIA)
SSRT100179 (HP)
ADV-2010-1793 (VUPEN)
SUSE-SR:2010:017 (SUSE)
http://www.vmware.com/security/advisories/VMSA-2011-0003.html (CONFIRM)
43308 (SECUNIA)
http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html (CONFIRM)
http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html (CONFIRM)
http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html (CONFIRM)
HPSBMU02799 (HP)
SSRT100089 (HP)
oval:org.mitre.oval:def:13803 (OVAL)
oval:org.mitre.oval:def:10474 (OVAL)
20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX (BUGTRAQ)
CVE: CVE-2010-0087
CVE: CVE-2010-0087
Id:
CVE-2010-0087
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0087
Comment
: Unspecified vulnerability in the Java Web Start, Java Plug-in component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
CVSSv2 Score:
7.5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
SUSE-SR:2010:008 (SUSE)
RHSA-2010:0338 (REDHAT)
RHSA-2010:0337 (REDHAT)
39317 (SECUNIA)
39659 (SECUNIA)
RHSA-2010:0383 (REDHAT)
APPLE-SA-2010-05-18-1 (APPLE)
APPLE-SA-2010-05-18-2 (APPLE)
ADV-2010-1191 (VUPEN)
http://support.apple.com/kb/HT4170 (CONFIRM)
39819 (SECUNIA)
http://support.apple.com/kb/HT4171 (CONFIRM)
RHSA-2010:0471 (REDHAT)
ADV-2010-1454 (VUPEN)
ADV-2010-1793 (VUPEN)
40545 (SECUNIA)
SSRT100179 (HP)
SUSE-SR:2010:017 (SUSE)
43308 (SECUNIA)
http://www.vmware.com/security/advisories/VMSA-2011-0003.html (CONFIRM)
http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html (CONFIRM)
http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html (CONFIRM)
http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html (CONFIRM)
HPSBMU02799 (HP)
SSRT100089 (HP)
oval:org.mitre.oval:def:13959 (OVAL)
20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX (BUGTRAQ)
CVE: CVE-2010-0088
CVE: CVE-2010-0088
Id:
CVE-2010-0088
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0088
Comment
: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-0085.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
References:
RHSA-2010:0338 (REDHAT)
RHSA-2010:0339 (REDHAT)
SUSE-SR:2010:008 (SUSE)
RHSA-2010:0337 (REDHAT)
39317 (SECUNIA)
USN-923-1 (UBUNTU)
39292 (SECUNIA)
MDVSA-2010:084 (MANDRIVA)
39659 (SECUNIA)
RHSA-2010:0383 (REDHAT)
ADV-2010-1107 (VUPEN)
SUSE-SR:2010:011 (SUSE)
39819 (SECUNIA)
http://support.apple.com/kb/HT4171 (CONFIRM)
http://support.apple.com/kb/HT4170 (CONFIRM)
APPLE-SA-2010-05-18-1 (APPLE)
APPLE-SA-2010-05-18-2 (APPLE)
ADV-2010-1191 (VUPEN)
RHSA-2010:0471 (REDHAT)
ADV-2010-1454 (VUPEN)
40545 (SECUNIA)
ADV-2010-1793 (VUPEN)
SSRT100179 (HP)
SUSE-SR:2010:017 (SUSE)
43308 (SECUNIA)
http://www.vmware.com/security/advisories/VMSA-2011-0003.html (CONFIRM)
http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html (CONFIRM)
http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html (CONFIRM)
http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html (CONFIRM)
HPSBMU02799 (HP)
SSRT100089 (HP)
oval:org.mitre.oval:def:14321 (OVAL)
oval:org.mitre.oval:def:11173 (OVAL)
20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX (BUGTRAQ)
CVE: CVE-2010-0089
CVE: CVE-2010-0089
Id:
CVE-2010-0089
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0089
Comment
: Unspecified vulnerability in the Java Web Start, Java Plug-in component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect availability via unknown vectors.
CVSSv2 Score:
5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
References:
RHSA-2010:0337 (REDHAT)
SUSE-SR:2010:008 (SUSE)
RHSA-2010:0338 (REDHAT)
39317 (SECUNIA)
RHSA-2010:0383 (REDHAT)
39659 (SECUNIA)
39819 (SECUNIA)
ADV-2010-1191 (VUPEN)
APPLE-SA-2010-05-18-1 (APPLE)
http://support.apple.com/kb/HT4170 (CONFIRM)
http://support.apple.com/kb/HT4171 (CONFIRM)
APPLE-SA-2010-05-18-2 (APPLE)
ADV-2010-1454 (VUPEN)
RHSA-2010:0471 (REDHAT)
40545 (SECUNIA)
SSRT100179 (HP)
ADV-2010-1793 (VUPEN)
SUSE-SR:2010:017 (SUSE)
http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html (CONFIRM)
43308 (SECUNIA)
http://www.vmware.com/security/advisories/VMSA-2011-0003.html (CONFIRM)
http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html (CONFIRM)
HPSBMU02799 (HP)
SSRT100089 (HP)
oval:org.mitre.oval:def:14208 (OVAL)
20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX (BUGTRAQ)
CVE: CVE-2010-0091
CVE: CVE-2010-0091
Id:
CVE-2010-0091
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0091
Comment
: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2010-0084.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:N
References:
63481 (OSVDB)
RHSA-2010:0338 (REDHAT)
RHSA-2010:0339 (REDHAT)
SUSE-SR:2010:008 (SUSE)
RHSA-2010:0337 (REDHAT)
39292 (SECUNIA)
USN-923-1 (UBUNTU)
39317 (SECUNIA)
MDVSA-2010:084 (MANDRIVA)
39659 (SECUNIA)
RHSA-2010:0383 (REDHAT)
SUSE-SR:2010:011 (SUSE)
ADV-2010-1107 (VUPEN)
ADV-2010-1191 (VUPEN)
APPLE-SA-2010-05-18-1 (APPLE)
39819 (SECUNIA)
APPLE-SA-2010-05-18-2 (APPLE)
http://support.apple.com/kb/HT4170 (CONFIRM)
http://support.apple.com/kb/HT4171 (CONFIRM)
ADV-2010-1454 (VUPEN)
RHSA-2010:0471 (REDHAT)
SSRT100179 (HP)
40545 (SECUNIA)
ADV-2010-1793 (VUPEN)
SUSE-SR:2010:017 (SUSE)
43308 (SECUNIA)
http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html (CONFIRM)
http://www.vmware.com/security/advisories/VMSA-2011-0003.html (CONFIRM)
http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html (CONFIRM)
http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html (CONFIRM)
HPSBMU02799 (HP)
SSRT100089 (HP)
oval:org.mitre.oval:def:9855 (OVAL)
oval:org.mitre.oval:def:13492 (OVAL)
20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX (BUGTRAQ)
CVE: CVE-2010-0092
CVE: CVE-2010-0092
Id:
CVE-2010-0092
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0092
Comment
: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, and 5.0 Update 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
CVSSv2 Score:
5.1
Access vector:
NETWORK
Access complexity:
HIGH
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:H/Au:N/C:P/I:P/A:P
References:
SUSE-SR:2010:008 (SUSE)
RHSA-2010:0338 (REDHAT)
RHSA-2010:0339 (REDHAT)
RHSA-2010:0337 (REDHAT)
39317 (SECUNIA)
USN-923-1 (UBUNTU)
39292 (SECUNIA)
MDVSA-2010:084 (MANDRIVA)
39659 (SECUNIA)
RHSA-2010:0383 (REDHAT)
ADV-2010-1107 (VUPEN)
SUSE-SR:2010:011 (SUSE)
APPLE-SA-2010-05-18-2 (APPLE)
APPLE-SA-2010-05-18-1 (APPLE)
39819 (SECUNIA)
ADV-2010-1191 (VUPEN)
http://support.apple.com/kb/HT4171 (CONFIRM)
http://support.apple.com/kb/HT4170 (CONFIRM)
RHSA-2010:0471 (REDHAT)
ADV-2010-1454 (VUPEN)
40545 (SECUNIA)
ADV-2010-1793 (VUPEN)
SSRT100179 (HP)
http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html (CONFIRM)
http://www.vmware.com/security/advisories/VMSA-2011-0003.html (CONFIRM)
43308 (SECUNIA)
http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html (CONFIRM)
HPSBMU02799 (HP)
SSRT100089 (HP)
oval:org.mitre.oval:def:14210 (OVAL)
oval:org.mitre.oval:def:10057 (OVAL)
20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX (BUGTRAQ)
CVE: CVE-2010-0093
CVE: CVE-2010-0093
Id:
CVE-2010-0093
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0093
Comment
: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-0095.
CVSSv2 Score:
5.1
Access vector:
NETWORK
Access complexity:
HIGH
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:H/Au:N/C:P/I:P/A:P
References:
63485 (OSVDB)
RHSA-2010:0337 (REDHAT)
RHSA-2010:0338 (REDHAT)
RHSA-2010:0339 (REDHAT)
SUSE-SR:2010:008 (SUSE)
39292 (SECUNIA)
USN-923-1 (UBUNTU)
39317 (SECUNIA)
MDVSA-2010:084 (MANDRIVA)
ADV-2010-1107 (VUPEN)
SUSE-SR:2010:011 (SUSE)
APPLE-SA-2010-05-18-2 (APPLE)
39819 (SECUNIA)
http://support.apple.com/kb/HT4171 (CONFIRM)
APPLE-SA-2010-05-18-1 (APPLE)
http://support.apple.com/kb/HT4170 (CONFIRM)
ADV-2010-1191 (VUPEN)
40545 (SECUNIA)
ADV-2010-1793 (VUPEN)
SSRT100179 (HP)
http://www.vmware.com/security/advisories/VMSA-2011-0003.html (CONFIRM)
http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html (CONFIRM)
43308 (SECUNIA)
http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html (CONFIRM)
HPSBMU02799 (HP)
SSRT100089 (HP)
oval:org.mitre.oval:def:9877 (OVAL)
oval:org.mitre.oval:def:14288 (OVAL)
20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX (BUGTRAQ)
CVE: CVE-2010-0094
CVE: CVE-2010-0094
Id:
CVE-2010-0094
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0094
Comment
: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18 and 5.0 Update 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is due to missing privilege checks during deserialization of RMIConnectionImpl objects, which allows remote attackers to call system-level Java functions via the ClassLoader of a constructor that is being deserialized.
CVSSv2 Score:
7.5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
RHSA-2010:0338 (REDHAT)
RHSA-2010:0337 (REDHAT)
SUSE-SR:2010:008 (SUSE)
RHSA-2010:0339 (REDHAT)
USN-923-1 (UBUNTU)
39292 (SECUNIA)
39317 (SECUNIA)
http://www.zerodayinitiative.com/advisories/ZDI-10-051 (MISC)
MDVSA-2010:084 (MANDRIVA)
RHSA-2010:0383 (REDHAT)
39659 (SECUNIA)
SUSE-SR:2010:011 (SUSE)
ADV-2010-1107 (VUPEN)
http://support.apple.com/kb/HT4170 (CONFIRM)
http://support.apple.com/kb/HT4171 (CONFIRM)
APPLE-SA-2010-05-18-2 (APPLE)
APPLE-SA-2010-05-18-1 (APPLE)
39819 (SECUNIA)
ADV-2010-1191 (VUPEN)
RHSA-2010:0471 (REDHAT)
ADV-2010-1454 (VUPEN)
40545 (SECUNIA)
ADV-2010-1793 (VUPEN)
SSRT100179 (HP)
http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html (CONFIRM)
43308 (SECUNIA)
http://www.vmware.com/security/advisories/VMSA-2011-0003.html (CONFIRM)
http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html (CONFIRM)
http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html (CONFIRM)
HPSBMU02799 (HP)
SSRT100089 (HP)
oval:org.mitre.oval:def:14351 (OVAL)
oval:org.mitre.oval:def:10851 (OVAL)
20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX (BUGTRAQ)
20100405 ZDI-10-051: Sun Java Runtime RMIConnectionImpl Privileged Context Remote Code Execution Vulnerability (BUGTRAQ)
CVE: CVE-2010-0095
CVE: CVE-2010-0095
Id:
CVE-2010-0095
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0095
Comment
: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-0093.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
References:
RHSA-2010:0337 (REDHAT)
SUSE-SR:2010:008 (SUSE)
RHSA-2010:0339 (REDHAT)
RHSA-2010:0338 (REDHAT)
39292 (SECUNIA)
39317 (SECUNIA)
USN-923-1 (UBUNTU)
MDVSA-2010:084 (MANDRIVA)
39659 (SECUNIA)
RHSA-2010:0383 (REDHAT)
SUSE-SR:2010:011 (SUSE)
ADV-2010-1107 (VUPEN)
http://support.apple.com/kb/HT4171 (CONFIRM)
http://support.apple.com/kb/HT4170 (CONFIRM)
ADV-2010-1191 (VUPEN)
39819 (SECUNIA)
APPLE-SA-2010-05-18-1 (APPLE)
APPLE-SA-2010-05-18-2 (APPLE)
ADV-2010-1454 (VUPEN)
RHSA-2010:0471 (REDHAT)
40545 (SECUNIA)
ADV-2010-1793 (VUPEN)
SSRT100179 (HP)
SUSE-SR:2010:017 (SUSE)
43308 (SECUNIA)
http://www.vmware.com/security/advisories/VMSA-2011-0003.html (CONFIRM)
http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html (CONFIRM)
http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html (CONFIRM)
http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html (CONFIRM)
HPSBMU02799 (HP)
SSRT100089 (HP)
oval:org.mitre.oval:def:14105 (OVAL)
oval:org.mitre.oval:def:11621 (OVAL)
20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX (BUGTRAQ)
CVE: CVE-2010-0837
CVE: CVE-2010-0837
Id:
CVE-2010-0837
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0837
Comment
: Unspecified vulnerability in the Pack200 component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
CVSSv2 Score:
7.5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
SUSE-SR:2010:008 (SUSE)
RHSA-2010:0337 (REDHAT)
RHSA-2010:0339 (REDHAT)
RHSA-2010:0338 (REDHAT)
39317 (SECUNIA)
USN-923-1 (UBUNTU)
39292 (SECUNIA)
MDVSA-2010:084 (MANDRIVA)
RHSA-2010:0383 (REDHAT)
39659 (SECUNIA)
ADV-2010-1107 (VUPEN)
SUSE-SR:2010:011 (SUSE)
APPLE-SA-2010-05-18-1 (APPLE)
http://support.apple.com/kb/HT4170 (CONFIRM)
39819 (SECUNIA)
http://support.apple.com/kb/HT4171 (CONFIRM)
APPLE-SA-2010-05-18-2 (APPLE)
ADV-2010-1191 (VUPEN)
RHSA-2010:0471 (REDHAT)
ADV-2010-1454 (VUPEN)
40545 (SECUNIA)
SSRT100179 (HP)
ADV-2010-1793 (VUPEN)
http://www.vmware.com/security/advisories/VMSA-2011-0003.html (CONFIRM)
http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html (CONFIRM)
43308 (SECUNIA)
http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html (CONFIRM)
http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html (CONFIRM)
HPSBMU02799 (HP)
SSRT100089 (HP)
oval:org.mitre.oval:def:14276 (OVAL)
oval:org.mitre.oval:def:10680 (OVAL)
20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX (BUGTRAQ)
CVE: CVE-2010-0838
CVE: CVE-2010-0838
Id:
CVE-2010-0838
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0838
Comment
: Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a stack-based buffer overflow using an untrusted size value in the readMabCurveData function in the CMM module in the JVM.
CVSSv2 Score:
7.5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
39069 (BID)
RHSA-2010:0339 (REDHAT)
SUSE-SR:2010:008 (SUSE)
RHSA-2010:0338 (REDHAT)
RHSA-2010:0337 (REDHAT)
39317 (SECUNIA)
USN-923-1 (UBUNTU)
39292 (SECUNIA)
http://www.zerodayinitiative.com/advisories/ZDI-10-061 (MISC)
MDVSA-2010:084 (MANDRIVA)
RHSA-2010:0383 (REDHAT)
39659 (SECUNIA)
SUSE-SR:2010:011 (SUSE)
ADV-2010-1107 (VUPEN)
APPLE-SA-2010-05-18-1 (APPLE)
http://support.apple.com/kb/HT4171 (CONFIRM)
APPLE-SA-2010-05-18-2 (APPLE)
39819 (SECUNIA)
http://support.apple.com/kb/HT4170 (CONFIRM)
ADV-2010-1191 (VUPEN)
ADV-2010-1454 (VUPEN)
RHSA-2010:0471 (REDHAT)
ADV-2010-1793 (VUPEN)
SSRT100179 (HP)
40545 (SECUNIA)
http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html (CONFIRM)
http://www.vmware.com/security/advisories/VMSA-2011-0003.html (CONFIRM)
43308 (SECUNIA)
http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html (CONFIRM)
http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html (CONFIRM)
HPSBMU02799 (HP)
SSRT100089 (HP)
javase-javab-java2d-unspecifed(57346) (XF)
oval:org.mitre.oval:def:13923 (OVAL)
oval:org.mitre.oval:def:10482 (OVAL)
20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX (BUGTRAQ)
20100405 ZDI-10-061: Sun Java Runtime CMM readMabCurveData Remote Code Execution Vulnerability (BUGTRAQ)
CVE: CVE-2010-0839
CVE: CVE-2010-0839
Id:
CVE-2010-0839
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0839
Comment
: Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
CVSSv2 Score:
7.5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
RHSA-2010:0338 (REDHAT)
RHSA-2010:0337 (REDHAT)
SUSE-SR:2010:008 (SUSE)
39317 (SECUNIA)
39659 (SECUNIA)
RHSA-2010:0383 (REDHAT)
RHSA-2010:0471 (REDHAT)
ADV-2010-1454 (VUPEN)
ADV-2010-1793 (VUPEN)
40545 (SECUNIA)
SSRT100179 (HP)
SUSE-SR:2010:017 (SUSE)
43308 (SECUNIA)
http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html (CONFIRM)
http://www.vmware.com/security/advisories/VMSA-2011-0003.html (CONFIRM)
http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html (CONFIRM)
http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html (CONFIRM)
HPSBMU02799 (HP)
SSRT100089 (HP)
oval:org.mitre.oval:def:13357 (OVAL)
20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX (BUGTRAQ)
CVE: CVE-2010-0840
CVE: CVE-2010-0840
Id:
CVE-2010-0840
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0840
Comment
: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to improper checks when executing privileged methods in the Java Runtime Environment (JRE), which allows attackers to execute arbitrary code via (1) an untrusted object that extends the trusted class but has not modified a certain method, or (2) "a similar trust issue with interfaces," aka "Trusted Methods Chaining Remote Code Execution Vulnerability."
CVSSv2 Score:
7.5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
RHSA-2010:0337 (REDHAT)
RHSA-2010:0338 (REDHAT)
RHSA-2010:0339 (REDHAT)
SUSE-SR:2010:008 (SUSE)
39317 (SECUNIA)
http://www.zerodayinitiative.com/advisories/ZDI-10-056 (MISC)
USN-923-1 (UBUNTU)
39292 (SECUNIA)
MDVSA-2010:084 (MANDRIVA)
RHSA-2010:0383 (REDHAT)
39659 (SECUNIA)
ADV-2010-1107 (VUPEN)
SUSE-SR:2010:011 (SUSE)
http://support.apple.com/kb/HT4170 (CONFIRM)
APPLE-SA-2010-05-18-1 (APPLE)
APPLE-SA-2010-05-18-2 (APPLE)
http://support.apple.com/kb/HT4171 (CONFIRM)
39819 (SECUNIA)
ADV-2010-1191 (VUPEN)
39065 (BID)
RHSA-2010:0471 (REDHAT)
ADV-2010-1454 (VUPEN)
40211 (SECUNIA)
RHSA-2010:0489 (REDHAT)
ADV-2010-1523 (VUPEN)
40545 (SECUNIA)
ADV-2010-1793 (VUPEN)
SSRT100179 (HP)
SUSE-SR:2010:017 (SUSE)
43308 (SECUNIA)
http://www.vmware.com/security/advisories/VMSA-2011-0003.html (CONFIRM)
http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html (CONFIRM)
http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html (CONFIRM)
http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html (CONFIRM)
HPSBMU02799 (HP)
SSRT100089 (HP)
oval:org.mitre.oval:def:9974 (OVAL)
oval:org.mitre.oval:def:13971 (OVAL)
20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX (BUGTRAQ)
20100405 ZDI-10-056: Sun Java Runtime Environment Trusted Methods Chaining Remote Code Execution Vulnerability (BUGTRAQ)
CVE: CVE-2010-0841
CVE: CVE-2010-0841
Id:
CVE-2010-0841
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0841
Comment
: Unspecified vulnerability in the ImageIO component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in the Java Runtime Environment that allows remote attackers to execute arbitrary code via a JPEG image that contains subsample dimensions with large values, related to JPEGImageReader and "stepX".
CVSSv2 Score:
7.5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
RHSA-2010:0337 (REDHAT)
SUSE-SR:2010:008 (SUSE)
RHSA-2010:0338 (REDHAT)
http://www.zerodayinitiative.com/advisories/ZDI-10-054/ (MISC)
39317 (SECUNIA)
39659 (SECUNIA)
RHSA-2010:0383 (REDHAT)
APPLE-SA-2010-05-18-2 (APPLE)
39067 (BID)
ADV-2010-1191 (VUPEN)
39819 (SECUNIA)
http://support.apple.com/kb/HT4171 (CONFIRM)
APPLE-SA-2010-05-18-1 (APPLE)
http://support.apple.com/kb/HT4170 (CONFIRM)
ADV-2010-1454 (VUPEN)
RHSA-2010:0471 (REDHAT)
40211 (SECUNIA)
RHSA-2010:0489 (REDHAT)
ADV-2010-1523 (VUPEN)
40545 (SECUNIA)
SSRT100179 (HP)
ADV-2010-1793 (VUPEN)
SUSE-SR:2010:017 (SUSE)
43308 (SECUNIA)
http://www.vmware.com/security/advisories/VMSA-2011-0003.html (CONFIRM)
http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html (CONFIRM)
http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html (CONFIRM)
http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html (CONFIRM)
HPSBMU02799 (HP)
SSRT100089 (HP)
oval:org.mitre.oval:def:14144 (OVAL)
20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX (BUGTRAQ)
20100405 ZDI-10-054: Sun Java Runtime Environment JPEGImageReader stepX Remote Code Execution Vulnerability (BUGTRAQ)
CVE: CVE-2010-0842
CVE: CVE-2010-0842
Id:
CVE-2010-0842
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0842
Comment
: Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an uncontrolled array index that allows remote attackers to execute arbitrary code via a MIDI file with a crafted MixerSequencer object, related to the GM_Song structure.
CVSSv2 Score:
7.5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
SUSE-SR:2010:008 (SUSE)
RHSA-2010:0338 (REDHAT)
RHSA-2010:0337 (REDHAT)
39317 (SECUNIA)
http://www.zerodayinitiative.com/advisories/ZDI-10-060 (MISC)
RHSA-2010:0383 (REDHAT)
39659 (SECUNIA)
ADV-2010-1191 (VUPEN)
APPLE-SA-2010-05-18-1 (APPLE)
39819 (SECUNIA)
39077 (BID)
http://support.apple.com/kb/HT4171 (CONFIRM)
APPLE-SA-2010-05-18-2 (APPLE)
http://support.apple.com/kb/HT4170 (CONFIRM)
RHSA-2010:0471 (REDHAT)
ADV-2010-1454 (VUPEN)
RHSA-2010:0489 (REDHAT)
40211 (SECUNIA)
ADV-2010-1523 (VUPEN)
40545 (SECUNIA)
ADV-2010-1793 (VUPEN)
SSRT100179 (HP)
SUSE-SR:2010:017 (SUSE)
http://www.vmware.com/security/advisories/VMSA-2011-0003.html (CONFIRM)
43308 (SECUNIA)
http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html (CONFIRM)
http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html (CONFIRM)
http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html (CONFIRM)
HPSBMU02799 (HP)
SSRT100089 (HP)
oval:org.mitre.oval:def:14101 (OVAL)
20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX (BUGTRAQ)
20100405 ZDI-10-060: Sun Java Runtime Environment MixerSequencer Invalid Array Index Remote Code Execution Vulnerability (BUGTRAQ)
CVE: CVE-2010-0843
CVE: CVE-2010-0843
Id:
CVE-2010-0843
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0843
Comment
: Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to XNewPtr and improper handling of an integer parameter when allocating heap memory in the com.sun.media.sound libraries, which allows remote attackers to execute arbitrary code.
CVSSv2 Score:
7.5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
20100405 ZDI-10-052: Sun Java Runtime Environment XNewPtr Remote Code Execution Vulnerability (BUGTRAQ)
63492 (OSVDB)
http://www.zerodayinitiative.com/advisories/ZDI-10-052/ (MISC)
SUSE-SR:2010:008 (SUSE)
RHSA-2010:0338 (REDHAT)
RHSA-2010:0337 (REDHAT)
39317 (SECUNIA)
39659 (SECUNIA)
RHSA-2010:0383 (REDHAT)
39083 (BID)
APPLE-SA-2010-05-18-2 (APPLE)
APPLE-SA-2010-05-18-1 (APPLE)
http://support.apple.com/kb/HT4170 (CONFIRM)
ADV-2010-1191 (VUPEN)
39819 (SECUNIA)
http://support.apple.com/kb/HT4171 (CONFIRM)
ADV-2010-1454 (VUPEN)
RHSA-2010:0471 (REDHAT)
RHSA-2010:0489 (REDHAT)
40211 (SECUNIA)
ADV-2010-1523 (VUPEN)
SSRT100179 (HP)
40545 (SECUNIA)
ADV-2010-1793 (VUPEN)
SUSE-SR:2010:017 (SUSE)
http://www.vmware.com/security/advisories/VMSA-2011-0003.html (CONFIRM)
43308 (SECUNIA)
http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html (CONFIRM)
http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html (CONFIRM)
http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html (CONFIRM)
HPSBMU02799 (HP)
SSRT100089 (HP)
oval:org.mitre.oval:def:14092 (OVAL)
20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX (BUGTRAQ)
CVE: CVE-2010-0844
CVE: CVE-2010-0844
Id:
CVE-2010-0844
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0844
Comment
: Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is for improper parsing of a crafted MIDI stream when creating a MixerSequencer object, which causes a pointer to be corrupted and allows a NULL byte to be written to arbitrary memory.
CVSSv2 Score:
7.5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
SUSE-SR:2010:008 (SUSE)
RHSA-2010:0338 (REDHAT)
RHSA-2010:0337 (REDHAT)
39317 (SECUNIA)
http://www.zerodayinitiative.com/advisories/ZDI-10-053 (MISC)
39659 (SECUNIA)
RHSA-2010:0383 (REDHAT)
http://support.apple.com/kb/HT4171 (CONFIRM)
APPLE-SA-2010-05-18-1 (APPLE)
39819 (SECUNIA)
APPLE-SA-2010-05-18-2 (APPLE)
http://support.apple.com/kb/HT4170 (CONFIRM)
ADV-2010-1191 (VUPEN)
ADV-2010-1454 (VUPEN)
RHSA-2010:0471 (REDHAT)
RHSA-2010:0489 (REDHAT)
40211 (SECUNIA)
ADV-2010-1523 (VUPEN)
ADV-2010-1793 (VUPEN)
40545 (SECUNIA)
SSRT100179 (HP)
SUSE-SR:2010:017 (SUSE)
http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html (CONFIRM)
43308 (SECUNIA)
http://www.vmware.com/security/advisories/VMSA-2011-0003.html (CONFIRM)
http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html (CONFIRM)
HPSBMU02799 (HP)
SSRT100089 (HP)
oval:org.mitre.oval:def:14282 (OVAL)
20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX (BUGTRAQ)
20100405 ZDI-10-053: Sun Java Runtime Environment MIDI File metaEvent Remote Code Execution Vulnerability (BUGTRAQ)
CVE: CVE-2010-0845
CVE: CVE-2010-0845
Id:
CVE-2010-0845
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0845
Comment
: Unspecified vulnerability in the HotSpot Server component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
CVSSv2 Score:
5.1
Access vector:
NETWORK
Access complexity:
HIGH
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:H/Au:N/C:P/I:P/A:P
References:
RHSA-2010:0339 (REDHAT)
SUSE-SR:2010:008 (SUSE)
RHSA-2010:0338 (REDHAT)
RHSA-2010:0337 (REDHAT)
39317 (SECUNIA)
USN-923-1 (UBUNTU)
39292 (SECUNIA)
MDVSA-2010:084 (MANDRIVA)
ADV-2010-1107 (VUPEN)
SUSE-SR:2010:011 (SUSE)
ADV-2010-1793 (VUPEN)
40545 (SECUNIA)
SSRT100179 (HP)
43308 (SECUNIA)
http://www.vmware.com/security/advisories/VMSA-2011-0003.html (CONFIRM)
http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html (CONFIRM)
http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html (CONFIRM)
HPSBMU02799 (HP)
SSRT100089 (HP)
oval:org.mitre.oval:def:9896 (OVAL)
oval:org.mitre.oval:def:14521 (OVAL)
20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX (BUGTRAQ)
CVE: CVE-2010-0846
CVE: CVE-2010-0846
Id:
CVE-2010-0846
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0846
Comment
: Unspecified vulnerability in the ImageIO component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a heap-based buffer overflow that allows remote attackers to execute arbitrary code, related to an "invalid assignment" and inconsistent length values in a JPEG image encoder (JPEGImageEncoderImpl).
CVSSv2 Score:
7.5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
RHSA-2010:0338 (REDHAT)
RHSA-2010:0337 (REDHAT)
SUSE-SR:2010:008 (SUSE)
39317 (SECUNIA)
http://www.zerodayinitiative.com/advisories/ZDI-10-059 (MISC)
39659 (SECUNIA)
RHSA-2010:0383 (REDHAT)
39819 (SECUNIA)
APPLE-SA-2010-05-18-2 (APPLE)
http://support.apple.com/kb/HT4170 (CONFIRM)
ADV-2010-1191 (VUPEN)
APPLE-SA-2010-05-18-1 (APPLE)
http://support.apple.com/kb/HT4171 (CONFIRM)
39062 (BID)
RHSA-2010:0471 (REDHAT)
ADV-2010-1454 (VUPEN)
RHSA-2010:0489 (REDHAT)
40211 (SECUNIA)
ADV-2010-1523 (VUPEN)
ADV-2010-1793 (VUPEN)
SSRT100179 (HP)
40545 (SECUNIA)
SUSE-SR:2010:017 (SUSE)
http://www.vmware.com/security/advisories/VMSA-2011-0003.html (CONFIRM)
http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html (CONFIRM)
43308 (SECUNIA)
http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html (CONFIRM)
http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html (CONFIRM)
HPSBMU02799 (HP)
SSRT100089 (HP)
oval:org.mitre.oval:def:14503 (OVAL)
20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX (BUGTRAQ)
20100405 ZDI-10-059: Sun Java Runtime Environment JPEGImageEncoderImpl Remote Code Execution Vulnerability (BUGTRAQ)
CVE: CVE-2010-0847
CVE: CVE-2010-0847
Id:
CVE-2010-0847
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0847
Comment
: Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a heap-based buffer overflow that allows arbitrary code execution via a crafted image.
CVSSv2 Score:
7.5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
RHSA-2010:0337 (REDHAT)
RHSA-2010:0338 (REDHAT)
SUSE-SR:2010:008 (SUSE)
RHSA-2010:0339 (REDHAT)
USN-923-1 (UBUNTU)
39292 (SECUNIA)
39317 (SECUNIA)
MDVSA-2010:084 (MANDRIVA)
SUSE-SR:2010:011 (SUSE)
ADV-2010-1107 (VUPEN)
APPLE-SA-2010-05-18-2 (APPLE)
ADV-2010-1191 (VUPEN)
http://support.apple.com/kb/HT4171 (CONFIRM)
http://support.apple.com/kb/HT4170 (CONFIRM)
39819 (SECUNIA)
39071 (BID)
APPLE-SA-2010-05-18-1 (APPLE)
20100330 Oracle Java Runtime Environment Image FIle Buffer Overflow Vulnerability (IDEFENSE)
40211 (SECUNIA)
RHSA-2010:0489 (REDHAT)
ADV-2010-1523 (VUPEN)
ADV-2010-1793 (VUPEN)
SSRT100179 (HP)
40545 (SECUNIA)
SUSE-SR:2010:017 (SUSE)
http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html (CONFIRM)
43308 (SECUNIA)
http://www.vmware.com/security/advisories/VMSA-2011-0003.html (CONFIRM)
http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html (CONFIRM)
http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html (CONFIRM)
HPSBMU02799 (HP)
SSRT100089 (HP)
oval:org.mitre.oval:def:14453 (OVAL)
oval:org.mitre.oval:def:10392 (OVAL)
20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX (BUGTRAQ)
CVE: CVE-2010-0848
CVE: CVE-2010-0848
Id:
CVE-2010-0848
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0848
Comment
: Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
CVSSv2 Score:
7.5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
39078 (BID)
RHSA-2010:0339 (REDHAT)
RHSA-2010:0337 (REDHAT)
SUSE-SR:2010:008 (SUSE)
RHSA-2010:0338 (REDHAT)
USN-923-1 (UBUNTU)
39317 (SECUNIA)
39292 (SECUNIA)
MDVSA-2010:084 (MANDRIVA)
RHSA-2010:0383 (REDHAT)
39659 (SECUNIA)
ADV-2010-1107 (VUPEN)
SUSE-SR:2010:011 (SUSE)
ADV-2010-1191 (VUPEN)
39819 (SECUNIA)
APPLE-SA-2010-05-18-2 (APPLE)
http://support.apple.com/kb/HT4170 (CONFIRM)
APPLE-SA-2010-05-18-1 (APPLE)
http://support.apple.com/kb/HT4171 (CONFIRM)
ADV-2010-1454 (VUPEN)
RHSA-2010:0471 (REDHAT)
40211 (SECUNIA)
RHSA-2010:0489 (REDHAT)
ADV-2010-1523 (VUPEN)
ADV-2010-1793 (VUPEN)
40545 (SECUNIA)
SSRT100179 (HP)
SUSE-SR:2010:017 (SUSE)
http://www.vmware.com/security/advisories/VMSA-2011-0003.html (CONFIRM)
http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html (CONFIRM)
43308 (SECUNIA)
http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html (CONFIRM)
http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html (CONFIRM)
HPSBMU02799 (HP)
SSRT100089 (HP)
oval:org.mitre.oval:def:9899 (OVAL)
oval:org.mitre.oval:def:14350 (OVAL)
20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX (BUGTRAQ)
CVE: CVE-2010-0849
CVE: CVE-2010-0849
Id:
CVE-2010-0849
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0849
Comment
: Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a heap-based buffer overflow in a decoding routine used by the JPEGImageDecoderImpl interface, which allows code execution via a crafted JPEG image.
CVSSv2 Score:
7.5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
http://www.zerodayinitiative.com/advisories/ZDI-10-057/ (MISC)
39073 (BID)
SUSE-SR:2010:008 (SUSE)
RHSA-2010:0337 (REDHAT)
RHSA-2010:0338 (REDHAT)
39317 (SECUNIA)
39659 (SECUNIA)
RHSA-2010:0383 (REDHAT)
ADV-2010-1191 (VUPEN)
http://support.apple.com/kb/HT4170 (CONFIRM)
APPLE-SA-2010-05-18-1 (APPLE)
39819 (SECUNIA)
APPLE-SA-2010-05-18-2 (APPLE)
http://support.apple.com/kb/HT4171 (CONFIRM)
RHSA-2010:0471 (REDHAT)
ADV-2010-1454 (VUPEN)
RHSA-2010:0489 (REDHAT)
40211 (SECUNIA)
ADV-2010-1523 (VUPEN)
ADV-2010-1793 (VUPEN)
40545 (SECUNIA)
SSRT100179 (HP)
SUSE-SR:2010:017 (SUSE)
43308 (SECUNIA)
http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html (CONFIRM)
http://www.vmware.com/security/advisories/VMSA-2011-0003.html (CONFIRM)
http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html (CONFIRM)
http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html (CONFIRM)
HPSBMU02799 (HP)
SSRT100089 (HP)
oval:org.mitre.oval:def:13795 (OVAL)
20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX (BUGTRAQ)
20100405 ZDI-10-057: Sun Java Runtime Environment JPEGImageDecoderImpl Remote Code Execution Vulnerability (BUGTRAQ)
Content available only for registered users!
ovaldb@altx-soft.com