Search Results

Search found 169 results on 7 pages for 'cve'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 1/7 | 1 2 3 4 5 6 7  | Next Page >

  • Security Alert for CVE-2010-0886 and CVE-2010-0887 Released

    - by eric.maurice
    Hi, this is Eric Maurice again! Oracle just released a Security Alert to announce the availability of fixes for two vulnerabilities (CVE-2010-0886 and CVE-2010-0887) affecting Oracle Java SE and Oracle Java For Business. Both vulnerabilities only affect Java when running in a 32-bit web browser. These vulnerabilities are not present in Java running on servers or standalone Java desktop applications and do not impact any Oracle server based software. The first vulnerability (CVE-2010-0886) affects the Java Deployment Toolkit (version 6 update 10 through 19) on Windows only. The second vulnerability (CVE-2010-0887) affects the Java Plug-in (version 6 update 18 and 19) on Windows, Solaris and Linux. Both vulnerabilities may allow an attacker to run commands on the user's system with the privileges of the user, whose system may have become compromised by visiting a malicious web site. Oracle rated the severity of both vulnerabilities with a CVSS Base Score of 10.0 because many Windows users grant themselves administrative privileges. However, on other platforms, or for Windows users with limited privileges, the CVSS Base Score is only 7.5, because a successful exploitation of these vulnerabilities cannot result in a full compromise of the affected system. Users can quickly determine if they are running vulnerable versions of Java by pointing their browser to http://www.java.com/en/download/help/testvm.xml. Java SE users can visit http://www.java.com and download the most recent release of Java SE to address these vulnerabilities. Because of the criticality of these vulnerabilities, and the publicity they received as a result of their disclosure before the availability of a fix, Oracle recommends that all customers and Java users update their Java installation to the most recent version (6 update 20). For More Information: The advisory for the Security Alert for CVE-2010-0886 and CVE-2010-0887 is located at http://www.oracle.com/technology/deploy/security/alerts/alert-cve-2010-0886.html

    Read the article

  • CVE-2011-3192 and CVE-2011-0419 affect Oracle Secure Global Desktop

    - by chandan
    CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2011-0419 Resource Management Errors vulnerability 4.3 Apache HTTP Server Oracle Secure Global Desktop 4.62 CVE-2011-3192 Resource Management Errors vulnerability 7.8 This notification describes vulnerabilities fixed in third-party components that are included in Sun's product distribution.Information about vulnerabilities affecting Oracle Sun products can be found on Oracle Critical Patch Updates and Security Alerts page.

    Read the article

  • CVE-2010-2761, CVE-2010-4411 Vulnerabilities in CGI.pm Perl Module in Solaris 10

    - by chandan
    CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2010-2761 Failure to Control Generation of Code ('Code Injection') vulnerability 4.3 Perl 5.8 Solaris 10 SPARC: 141552-04 X86: 141553-04 CVE-2010-4411 Unspecified vulnerability in CGI.pm 4.3 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

    Read the article

  • Multiple vulnerabilities in Oracle Java Web Console

    - by RitwikGhoshal
    CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2007-5333 Information Exposure vulnerability 5.0 Apache Tomcat Solaris 10 SPARC: 147673-04 X86: 147674-04 CVE-2007-5342 Permissions, Privileges, and Access Controls vulnerability 6.4 CVE-2007-6286 Request handling vulnerability 4.3 CVE-2008-0002 Information disclosure vulnerability 5.8 CVE-2008-1232 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability 4.3 CVE-2008-1947 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability 4.3 CVE-2008-2370 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability 5.0 CVE-2008-2938 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability 4.3 CVE-2008-5515 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability 5.0 CVE-2009-0033 Improper Input Validation vulnerability 5.0 CVE-2009-0580 Information Exposure vulnerability 4.3 CVE-2009-0781 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability 4.3 CVE-2009-0783 Information Exposure vulnerability 4.6 CVE-2009-2693 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability 5.8 CVE-2009-2901 Permissions, Privileges, and Access Controls vulnerability 4.3 CVE-2009-2902 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability 4.3 CVE-2009-3548 Credentials Management vulnerability 7.5 CVE-2010-1157 Information Exposure vulnerability 2.6 CVE-2010-2227 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 6.4 CVE-2010-3718 Directory traversal vulnerability 1.2 CVE-2010-4172 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability 4.3 CVE-2010-4312 Configuration vulnerability 6.4 CVE-2011-0013 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability 4.3 CVE-2011-0534 Resource Management Errors vulnerability 5.0 CVE-2011-1184 Permissions, Privileges, and Access Controls vulnerability 5.0 CVE-2011-2204 Information Exposure vulnerability 1.9 CVE-2011-2526 Improper Input Validation vulnerability 4.4 CVE-2011-3190 Permissions, Privileges, and Access Controls vulnerability 7.5 CVE-2011-4858 Resource Management Errors vulnerability 5.0 CVE-2011-5062 Permissions, Privileges, and Access Controls vulnerability 5.0 CVE-2011-5063 Improper Authentication vulnerability 4.3 CVE-2011-5064 Cryptographic Issues vulnerability 4.3 CVE-2012-0022 Numeric Errors vulnerability 5.0 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

    Read the article

  • Multiple vulnerabilities in Firefox

    - by RitwikGhoshal
    CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2012-1960 Information Exposure vulnerability 5.0 Firefox Solaris 10 SPARC: 145080-12 X86: 145081-11 CVE-2012-1970 Denial of Service (DoS) vulnerability 10.0 CVE-2012-1971 Denial of Service (DoS) vulnerability 9.3 CVE-2012-1972 Resource Management Errors vulnerability 10.0 CVE-2012-1973 Resource Management Errors vulnerability 10.0 CVE-2012-1974 Resource Management Errors vulnerability 10.0 CVE-2012-1975 Resource Management Errors vulnerability 10.0 CVE-2012-1976 Resource Management Errors vulnerability 10.0 CVE-2012-3956 Resource Management Errors vulnerability 10.0 CVE-2012-3957 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 10.0 CVE-2012-3958 Resource Management Errors vulnerability 10.0 CVE-2012-3959 Resource Management Errors vulnerability 10.0 CVE-2012-3960 Resource Management Errors vulnerability 10.0 CVE-2012-3961 Resource Management Errors vulnerability 10.0 CVE-2012-3962 Arbitrary code execution vulnerability 9.3 CVE-2012-3963 Resource Management Errors vulnerability 10.0 CVE-2012-3964 Resource Management Errors vulnerability 10.0 CVE-2012-3966 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 10.0 CVE-2012-3967 Arbitrary code execution vulnerability 6.8 CVE-2012-3968 Resource Management Errors vulnerability 10.0 CVE-2012-3969 Numeric Errors vulnerability 9.3 CVE-2012-3970 Resource Management Errors vulnerability 10.0 CVE-2012-3972 Information Exposure vulnerability 5.0 CVE-2012-3974 Resource Management Errors vulnerability 6.9 CVE-2012-3976 Denial of Service (DoS) vulnerability 5.8 CVE-2012-3978 Permissions, Privileges, and Access Controls vulnerability 6.8 CVE-2012-3980 Improper Control of Generation of Code ('Code Injection') vulnerability 9.3 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

    Read the article

  • Multiple vulnerabilities in Thunderbird

    - by RitwikGhoshal
    CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2012-1948 Denial of service (DoS) vulnerability 9.3 Thunderbird Solaris 10 SPARC: 145200-12 X86: 145201-12 CVE-2012-1950 Address spoofing vulnerability 6.4 CVE-2012-1951 Resource Management Errors vulnerability 10.0 CVE-2012-1952 Resource Management Errors vulnerability 9.3 CVE-2012-1953 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 9.3 CVE-2012-1954 Resource Management Errors vulnerability 10.0 CVE-2012-1955 Address spoofing vulnerability 6.8 CVE-2012-1957 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability 4.3 CVE-2012-1958 Resource Management Errors vulnerability 9.3 CVE-2012-1959 Permissions, Privileges, and Access Controls vulnerability 5.0 CVE-2012-1961 Improper Input Validation vulnerability 4.3 CVE-2012-1962 Resource Management Errors vulnerability 10.0 CVE-2012-1963 Permissions, Privileges, and Access Controls vulnerability 4.3 CVE-2012-1964 Clickjacking vulnerability 4.0 CVE-2012-1965 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability 4.3 CVE-2012-1966 Permissions, Privileges, and Access Controls vulnerability 4.3 CVE-2012-1967 Arbitrary code execution vulnerability 10.0 CVE-2012-1970 Denial of service (DoS) vulnerability 10.0 CVE-2012-1973 Resource Management Errors vulnerability 10.0 CVE-2012-3966 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 10.0 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

    Read the article

  • Multiple vulnerabilities fixed in Java 7U9

    - by RitwikGhoshal
    CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2012-5086 10.0 Java 7 Solaris 11.1 10/12 SRU 2.5 CVE-2012-5083 10.0 CVE-2012-5087 10.0 CVE-2012-1533 10.0 CVE-2012-1532 10.0 CVE-2012-1531 10.0 CVE-2012-5076 10.0 CVE-2012-3143 10.0 CVE-2012-5088 10.0 CVE-2012-5089 7.6 CVE-2012-5084 7.6 CVE-2012-3159 7.5 CVE-2012-5068 7.5 CVE-2012-4416 6.4 CVE-2012-5074 6.4 CVE-2012-5071 6.4 CVE-2012-5069 5.8 CVE-2012-5067 5.0 CVE-2012-5070 5.0 CVE-2012-5075 5.0 CVE-2012-5073 5.0 CVE-2012-5079 5.0 CVE-2012-5072 5.0 CVE-2012-5081 5.0 CVE-2012-3216 2.6 CVE-2012-5077 2.6 CVE-2012-5085 0.0 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions. Information about each CVE can be found on Java SE Critical Patch Update - October 2012 Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

    Read the article

  • Multiple vulnerabilities fixed in Java 6U37

    - by RitwikGhoshal
    CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2012-5083 10.0 Java 6 Solaris 11.1 10/12 SRU 2.5 CVE-2012-1531 10.0 CVE-2012-5086 10.0 CVE-2012-1533 10.0 CVE-2012-1532 10.0 CVE-2012-3143 10.0 CVE-2012-5089 7.6 CVE-2012-5084 7.6 CVE-2012-3159 7.5 CVE-2012-5068 7.5 CVE-2012-4416 6.4 CVE-2012-5071 6.4 CVE-2012-5069 5.8 CVE-2012-5075 5.0 CVE-2012-5073 5.0 CVE-2012-5079 5.0 CVE-2012-5072 5.0 CVE-2012-5081 5.0 CVE-2012-3216 2.6 CVE-2012-5077 2.6 CVE-2012-5085 0.0 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions. Information about each CVE can be found on Java SE Critical Patch Update - October 2012 Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

    Read the article

  • Multiple vulnerabilities in Firefox

    - by Ritwik Ghoshal
    CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2012-3982 Denial of service (DoS) vulnerability 10.0 Firefox Solaris 10 SPARC: 145080-13 X86: 145081-12 CVE-2012-3983 Denial of service (DoS) vulnerability 10.0 CVE-2012-3986 Permissions, Privileges, and Access Controls vulnerability 6.4 CVE-2012-3988 Resource Management Errors vulnerability 9.3 CVE-2012-3990 Resource Management Errors vulnerability 10.0 CVE-2012-3991 Permissions, Privileges, and Access Controls vulnerability 9.3 CVE-2012-3992 Permissions, Privileges, and Access Controls vulnerability 5.8 CVE-2012-3993 Design Error vulnerability 9.3 CVE-2012-3994 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability 4.3 CVE-2012-3995 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 10.0 CVE-2012-4179 Resource Management Errors vulnerability 10.0 CVE-2012-4180 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 10.0 CVE-2012-4181 Resource Management Errors vulnerability 10.0 CVE-2012-4182 Resource Management Errors vulnerability 10.0 CVE-2012-4183 Resource Management Errors vulnerability 10.0 CVE-2012-4184 Permissions, Privileges, and Access Controls vulnerability 9.3 CVE-2012-4185 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 10.0 CVE-2012-4186 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 10.0 CVE-2012-4187 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 10.0 CVE-2012-4188 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 10.0 CVE-2012-4192 Permissions, Privileges, and Access Controls vulnerability 4.3 CVE-2012-4193 Design Error vulnerability 9.3 CVE-2012-4194 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability 4.3 CVE-2012-4195 Permissions, Privileges, and Access Controls vulnerability 5.1 CVE-2012-4196 Permissions, Privileges, and Access Controls vulnerability 5.0 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page. Note: Solaris 10 patches SPARC: 145080-13 X86: 145081-12 contain the fix for all CVEs between Firefox version 10.0.7 and 10.0.12.

    Read the article

  • Multiple vulnerabilities in Mozilla Firefox

    - by chandan
    CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2011-2372 Permissions, Privileges, and Access Controls vulnerability 3.5 Firefox web browser Solaris 11 11/11 SRU 3 Solaris 10 Contact Support CVE-2011-2995 Denial of Service (DoS) vulnerability 10.0 CVE-2011-2997 Denial of Service (DoS) vulnerability 10.0 CVE-2011-3000 Improper Control of Generation of Code ('Code Injection') vulnerability 4.3 CVE-2011-3001 Permissions, Privileges, and Access Controls vulnerability 4.3 CVE-2011-3002 Denial of Service (DoS) vulnerability 9.3 CVE-2011-3003 Denial of Service (DoS) vulnerability 10.0 CVE-2011-3004 Improper Input Validation vulnerability 4.3 CVE-2011-3005 Denial of Service (DoS) vulnerability 9.3 CVE-2011-3232 Improper Control of Generation of Code ('Code Injection') vulnerability 9.3 CVE-2011-3648 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability 4.3 CVE-2011-3650 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 9.3 CVE-2011-3651 Denial of Service (DoS) vulnerability 10.0 CVE-2011-3652 Denial of Service (DoS) vulnerability 10.0 CVE-2011-3654 Denial of Service (DoS) vulnerability 10.0 CVE-2011-3655 Improper Control of Generation of Code ('Code Injection') vulnerability 9.3 This notification describes vulnerabilities fixed in third-party components that are included in Sun's product distribution.Information about vulnerabilities affecting Oracle Sun products can be found on Oracle Critical Patch Updates and Security Alerts page.

    Read the article

  • Multiple Denial of Service (DoS) vulnerabilities in FreeType

    - by chandan
    CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2012-1126 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 10.0 FreeType Font Engine Solaris 11 Contact Support Solaris 10 SPARC: 119812-16 X86: 119813-18 Solaris 9 Contact Support CVE-2012-1127 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 9.3 CVE-2012-1128 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 9.3 CVE-2012-1129 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 9.3 CVE-2012-1130 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 9.3 CVE-2012-1131 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 9.3 CVE-2012-1132 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 9.3 CVE-2012-1133 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 9.3 CVE-2012-1134 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 9.3 CVE-2012-1135 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 9.3 CVE-2012-1136 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 9.3 CVE-2012-1137 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 9.3 CVE-2012-1138 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 9.3 CVE-2012-1139 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 9.3 CVE-2012-1140 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 9.3 CVE-2012-1141 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 9.3 CVE-2012-1142 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 9.3 CVE-2012-1143 Numeric Errors vulnerability 4.3 CVE-2012-1144 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 9.3 This notification describes vulnerabilities fixed in third-party components that are included in Sun's product distribution.Information about vulnerabilities affecting Oracle Sun products can be found on Oracle Critical Patch Updates and Security Alerts page.

    Read the article

  • Security Alert for CVE-2012-4681 Released

    - by Eric P. Maurice
    Hi, this is Eric Maurice again! Oracle has just released Security Alert CVE-2012-4681 to address 3 distinct but related vulnerabilities and one security-in-depth issue affecting Java running in desktop browsers.  These vulnerabilities are: CVE-2012-4681, CVE-2012-1682, CVE-2012-3136, and CVE-2012-0547.  These vulnerabilities are not applicable to standalone Java desktop applications or Java running on servers, i.e. these vulnerabilities do not affect any Oracle server based software. Vulnerabilities CVE-2012-4681, CVE-2012-1682, and CVE-2012-3136 have each received a CVSS Base Score of 10.0.  This score assumes that the affected users have administrative privileges, as is typical in Windows XP.  Vulnerability CVE-20120-0547 has received a CVSS Base Score of 0.0 because this vulnerability is not directly exploitable in typical user deployments, but Oracle has issued a security-in-depth fix for this issue as it can be used in conjunction with other vulnerabilities to significantly increase the overall impact of a successful exploit. If successfully exploited, these vulnerabilities can provide a malicious attacker the ability to plant discretionary binaries onto the compromised system, e.g. the vulnerabilities can be exploited to install malware, including Trojans, onto the targeted system.  Note that this malware may in some instances be detected by current antivirus signatures upon its installation.  Due to the high severity of these vulnerabilities, Oracle recommends that customers apply this Security Alert as soon as possible.  Furthermore, note that the technical details of these vulnerabilities are widely available on the Internet and Oracle has received external reports that these vulnerabilities are being actively exploited in the wild.    Developers should download the latest release at http://www.oracle.com/technetwork/java/javase/downloads/index.html   Java users should download the latest release of JRE at http://java.com, and of course   Windows users can take advantage of the Java Automatic Update to get the latest release. For more information: The Advisory for Security Alert CVE-2012-4681 is located at http://www.oracle.com/technetwork/topics/security/alert-cve-2012-4681-1835715.html  Users can verify that they’re running the most recent version of Java by visiting: http://java.com/en/download/installed.jsp    Instructions on removing older (and less secure) versions of Java can be found at http://java.com/en/download/faq/remove_olderversions.xml   

    Read the article

  • Multiple vulnerabilities in Wireshark

    - by RitwikGhoshal
    CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2012-4285 Numeric Errors vulnerability 3.3 Wireshark Solaris 11 11/11 SRU 13.4 CVE-2012-4286 Numeric Errors vulnerability 4.3 CVE-2012-4287 Resource Management Errors vulnerability 5.0 CVE-2012-4288 Numeric Errors vulnerability 3.3 CVE-2012-4289 Resource Management Errors vulnerability 3.3 CVE-2012-4290 Resource Management Errors vulnerability 3.3 CVE-2012-4291 Resource Management Errors vulnerability 3.3 CVE-2012-4292 Improper Input Validation vulnerability 3.3 CVE-2012-4293 Numeric Errors vulnerability 3.3 CVE-2012-4294 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 5.8 CVE-2012-4295 Denial of Service (DoS) vulnerability 3.3 CVE-2012-4296 Resource Management Errors vulnerability 3.3 CVE-2012-4297 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 8.3 CVE-2012-4298 Numeric Errors vulnerability 5.4 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

    Read the article

  • Automate the process of looking for CVE (new vulnerabilities) related to our infrastructure

    - by skinp
    Is there any service available where you simply list the services, programs and versions you use, and when some CVE comes out about it, you automatically get alerted? Also, is there any other place to look for this kind of information. Do some people release security vulnerabilities to other places than CVE? So in general, how do you guys keep up to date with what might be vulnerable in your infrastructure? Edit: Since I've been asked, we are a Unix shop with mostly Red Hat and some HP-UX. I would still prefer a high level solution which are OS independent. What happens if we use software versions which are not in the official repositories of Red Hat/HP/... or simply not supported by them.

    Read the article

  • Display particular data into a file

    - by Avinash K G
    I'm new to Ubuntu and have been using it for a couple of weeks now. Recently I encountered a problem where in I had to display a particular data on to a file. Here is the output displayed on the terminal. Potential vulnerability found (CVE-2009-4028) CVSS Score is 6.8 Full vulnerability match (incl. edition/language) File "/usr/sbin/mysqld" (CPE = cpe:/a:mysql:mysql:5.1:::) on host glynis-desktop (key glynis-desktop) Potential vulnerability found (CVE-2009-4030) CVSS Score is 4.4 Full vulnerability match (incl. edition/language) File "/usr/sbin/mysqld" (CPE = cpe:/a:mysql:mysql:5.1:::) on host glynis-desktop (key glynis-desktop) Potential vulnerability found (CVE-2009-5026) CVSS Score is 6.8 Full vulnerability match (incl. edition/language) File "/usr/sbin/mysqld" (CPE = cpe:/a:mysql:mysql:5.1:::) on host glynis-desktop (key glynis-desktop) Potential vulnerability found (CVE-2012-0075) CVSS Score is 1.7 Full vulnerability match (incl. edition/language) File "/usr/sbin/mysqld" (CPE = cpe:/a:mysql:mysql:5.1:::) on host glynis-desktop (key glynis-desktop) Potential vulnerability found (CVE-2012-0087) CVSS Score is 4.0 Full vulnerability match (incl. edition/language) File "/usr/sbin/mysqld" (CPE = cpe:/a:mysql:mysql:5.1:::) on host glynis-desktop (key glynis-desktop) Potential vulnerability found (CVE-2012-0101) CVSS Score is 4.0 Full vulnerability match (incl. edition/language) File "/usr/sbin/mysqld" (CPE = cpe:/a:mysql:mysql:5.1:::) on host glynis-desktop (key glynis-desktop) Potential vulnerability found (CVE-2012-0102) CVSS Score is 4.0 Full vulnerability match (incl. edition/language) File "/usr/sbin/mysqld" (CPE = cpe:/a:mysql:mysql:5.1:::) on host glynis-desktop (key glynis-desktop) Potential vulnerability found (CVE-2012-0112) CVSS Score is 3.5 Full vulnerability match (incl. edition/language) File "/usr/sbin/mysqld" (CPE = cpe:/a:mysql:mysql:5.1:::) on host glynis-desktop (key glynis-desktop) Potential vulnerability found (CVE-2012-0113) CVSS Score is 5.5 Full vulnerability match (incl. edition/language) File "/usr/sbin/mysqld" (CPE = cpe:/a:mysql:mysql:5.1:::) on host glynis-desktop (key glynis-desktop) Potential vulnerability found (CVE-2012-0114) CVSS Score is 3.0 Full vulnerability match (incl. edition/language) File "/usr/sbin/mysqld" (CPE = cpe:/a:mysql:mysql:5.1:::) on host glynis-desktop (key glynis-desktop) Potential vulnerability found (CVE-2012-0115) CVSS Score is 4.0 Full vulnerability match (incl. edition/language) File "/usr/sbin/mysqld" (CPE = cpe:/a:mysql:mysql:5.1:::) on host glynis-desktop (key glynis-desktop) Potential vulnerability found (CVE-2012-0116) CVSS Score is 4.9 Full vulnerability match (incl. edition/language) File "/usr/sbin/mysqld" (CPE = cpe:/a:mysql:mysql:5.1:::) on host glynis-desktop (key glynis-desktop) Potential vulnerability found (CVE-2012-0118) CVSS Score is 4.9 Full vulnerability match (incl. edition/language) File "/usr/sbin/mysqld" (CPE = cpe:/a:mysql:mysql:5.1:::) on host glynis-desktop (key glynis-desktop) Potential vulnerability found (CVE-2012-0119) CVSS Score is 4.0 Full vulnerability match (incl. edition/language) File "/usr/sbin/mysqld" (CPE = cpe:/a:mysql:mysql:5.1:::) on host glynis-desktop (key glynis-desktop) Potential vulnerability found (CVE-2012-0120) CVSS Score is 4.0 Full vulnerability match (incl. edition/language) File "/usr/sbin/mysqld" (CPE = cpe:/a:mysql:mysql:5.1:::) on host glynis-desktop (key glynis-desktop) Potential vulnerability found (CVE-2012-0484) CVSS Score is 4.0 Full vulnerability match (incl. edition/language) File "/usr/sbin/mysqld" (CPE = cpe:/a:mysql:mysql:5.1:::) on host glynis-desktop (key glynis-desktop) Potential vulnerability found (CVE-2012-0485) CVSS Score is 4.0 Full vulnerability match (incl. edition/language) File "/usr/sbin/mysqld" (CPE = cpe:/a:mysql:mysql:5.1:::) on host glynis-desktop (key glynis-desktop) Potential vulnerability found (CVE-2012-0490) CVSS Score is 4.0 Full vulnerability match (incl. edition/language) File "/usr/sbin/mysqld" (CPE = cpe:/a:mysql:mysql:5.1:::) on host glynis-desktop (key glynis-desktop) Potential vulnerability found (CVE-2012-0492) CVSS Score is 2.1 Full vulnerability match (incl. edition/language) File "/usr/sbin/mysqld" (CPE = cpe:/a:mysql:mysql:5.1:::) on host glynis-desktop (key glynis-desktop) Potential vulnerability found (CVE-2012-0540) CVSS Score is 4.0 Full vulnerability match (incl. edition/language) File "/usr/sbin/mysqld" (CPE = cpe:/a:mysql:mysql:5.1:::) on host glynis-desktop (key glynis-desktop) Potential vulnerability found (CVE-2012-0553) CVSS Score is 7.5 Full vulnerability match (incl. edition/language) File "/usr/sbin/mysqld" (CPE = cpe:/a:mysql:mysql:5.1:::) on host glynis-desktop (key glynis-desktop) Potential vulnerability found (CVE-2012-0574) CVSS Score is 4.0 Full vulnerability match (incl. edition/language) File "/usr/sbin/mysqld" (CPE = cpe:/a:mysql:mysql:5.1:::) on host glynis-desktop (key glynis-desktop) Potential vulnerability found (CVE-2012-0583) CVSS Score is 4.0 Full vulnerability match (incl. edition/language) File "/usr/sbin/mysqld" (CPE = cpe:/a:mysql:mysql:5.1:::) on host glynis-desktop (key glynis-desktop) Potential vulnerability found (CVE-2013-1492) CVSS Score is 7.5 Full vulnerability match (incl. edition/language) File "/usr/sbin/mysqld" (CPE = cpe:/a:mysql:mysql:5.1:::) on host glynis-desktop (key glynis-desktop) Potential vulnerability found (CVE-2013-1506) CVSS Score is 2.8 Full vulnerability match (incl. edition/language) File "/usr/sbin/mysqld" (CPE = cpe:/a:mysql:mysql:5.1:::) on host glynis-desktop (key glynis-desktop) Potential vulnerability found (CVE-2013-1521) CVSS Score is 6.5 Full vulnerability match (incl. edition/language) File "/usr/sbin/mysqld" (CPE = cpe:/a:mysql:mysql:5.1:::) on host glynis-desktop (key glynis-desktop) I intend to display the Potential vulnerability found field and the corresponding score alone. There seems to be about 9995 entries and I would like to display all of them. I have been using this command as of now awk '/CVSS Score is/ < /Potential vulnerability found/' output.txt but this seems to display only the name of the vulnerability or the score. How do I display this in file(text,excel) such that all the vulnerability and the corresponding score willbe displayed. Any help would be appreciated Thank you.

    Read the article

  • Multiple vulnerabilities in Oracle Java Web Console

    - by RitwikGhoshal
    CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2011-0534 Resource Management Errors vulnerability 5.0 Apache Tomcat Solaris 10 SPARC: 147673-04 X86: 147674-04 CVE-2011-1184 Permissions, Privileges, and Access Controls vulnerability 5.0 CVE-2011-2204 Information Exposure vulnerability 1.9 CVE-2011-2526 Improper Input Validation vulnerability 4.4 CVE-2011-2729 Permissions, Privileges, and Access Controls vulnerability 5.0 CVE-2011-3190 Permissions, Privileges, and Access Controls vulnerability 7.5 CVE-2011-3375 Information Exposure vulnerability 5.0 CVE-2011-4858 Resource Management Errors vulnerability 5.0 CVE-2011-5062 Permissions, Privileges, and Access Controls vulnerability 5.0 CVE-2011-5063 Improper Authentication vulnerability 4.3 CVE-2011-5064 Cryptographic Issues vulnerability 4.3 CVE-2012-0022 Numeric Errors vulnerability 5.0 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

    Read the article

  • Multiple vulnerabilities in ImageMagick

    - by chandan
    CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2004-0981 Buffer overflow vulnerability 10.0 ImageMagick Solaris 10 SPARC: 136882-03 X86: 136883-03 CVE-2005-0397 Format string vulnerability 7.5 CVE-2005-0759 Denial of service (DoS) vulnerability 5.0 CVE-2005-0760 Denial of service (DoS) vulnerability 5.0 CVE-2005-0761 Denial of service (DoS) vulnerability 5.0 CVE-2005-0762 Buffer overflow vulnerability 7.5 CVE-2005-1739 Denial of service (DoS) vulnerability 5.0 CVE-2007-4985 Denial of service (DoS) vulnerability 4.3 CVE-2007-4986 Numeric Errors vulnerability 6.8 CVE-2007-4987 Numeric Errors vulnerability 9.3 CVE-2007-4988 Numeric Errors vulnerability 6.8 This notification describes vulnerabilities fixed in third-party components that are included in Sun's product distribution.Information about vulnerabilities affecting Oracle Sun products can be found on Oracle Critical Patch Updates and Security Alerts page.

    Read the article

  • Multiple vulnerabilities in Firefox web browser

    - by chandan
    CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2011-3062 Numeric Errors vulnerability 6.8 Firefox web browser Solaris 11 11/11 SRU 9.5 Solaris 10 SPARC: 145080-11 X86: 145081-10 CVE-2012-0467 Denial of service (DoS) vulnerability 10.0 CVE-2012-0468 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 10.0 CVE-2012-0469 Resource Management Errors vulnerability 10.0 CVE-2012-0470 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 10.0 CVE-2012-0471 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability 4.3 CVE-2012-0473 Numeric Errors vulnerability 5.0 CVE-2012-0474 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability 4.3 CVE-2012-0477 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability 4.3 CVE-2012-0478 Permissions, Privileges, and Access Controls vulnerability 9.3 CVE-2012-0479 Identity spoofing vulnerability 4.3 This notification describes vulnerabilities fixed in third-party components that are included in Sun's product distribution.Information about vulnerabilities affecting Oracle Sun products can be found on Oracle Critical Patch Updates and Security Alerts page.

    Read the article

  • Multiple vulnerabilities in Pidgin

    - by RitwikGhoshal
    CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2010-4528 Improper Input Validation vulnerability 4.0 Pidgin Solaris 10 SPARC: 147992-02 X86: 147993-02 CVE-2011-1091 Denial of service(DOS) vulnerability 4.0 CVE-2011-2943 Denial of service(DOS) vulnerability 4.3 CVE-2011-3184 Resource Management Errors vulnerability 4.3 CVE-2011-3185 Improper Input Validation vulnerability 9.3 CVE-2011-4601 Improper Input Validation vulnerability 5.0 CVE-2011-4602 Improper Input Validation vulnerability 5.0 CVE-2011-4603 Improper Input Validation vulnerability 5.0 CVE-2011-4922 Information Exposure vulnerability 2.1 CVE-2011-4939 Permissions, Privileges, and Access Controls vulnerability 6.4 CVE-2012-1178 Resource Management Errors vulnerability 5.0 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

    Read the article

  • CVE-2014-0591 Buffer Errors vulnerability in Bind

    - by Ritwik Ghoshal
    CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2014-0591 Buffer Errors vulnerability 2.6 Bind Solaris 10 Patches planned but not yet available Solaris 11.1 11.1.19.6.0 Solaris 8 Patches planned but not yet available Solaris 9 Patches planned but not yet available Please Note: The patches mentioned above will upgrade Bind to 9.6-ESV-R11. The fix for CVE-2014-0591 was initially distributed via 9.6-ESV-R10-P2 as described at our previous blog post. This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

    Read the article

  • CVE-2006-3744 Multiple Integer overflow vulnerabilities in ImageMagick

    - by chandan
    CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2006-3744 Numeric Errors vulnerability 5.1 ImageMagick Solaris 10 SPARC: 136882-03 X86: 136883-03 This notification describes vulnerabilities fixed in third-party components that are included in Sun's product distribution.Information about vulnerabilities affecting Oracle Sun products can be found on Oracle Critical Patch Updates and Security Alerts page.

    Read the article

  • CVE-2014-3520 Privilege Escalation vulnerability in OpenStack Keystone

    - by Ritwik Ghoshal
    CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2014-3520 Privilege Escalation vulnerability 3.5 OpenStack Identity (Keystone) Solaris 11.2 11.2.1.5.0 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

    Read the article

  • CVE-2011-2896 Buffer overflow vulnerability in GIMP

    - by chandan
    CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2011-2896 Buffer Overflow vulnerability 5.1 GIMP Image Editor Solaris 10 SPARC: 147988-01 X86: 147989-01 Solaris 11 Express snv_151a + 7079990 This notification describes vulnerabilities fixed in third-party components that are included in Sun's product distribution.Information about vulnerabilities affecting Oracle Sun products can be found on Oracle Critical Patch Updates and Security Alerts page.

    Read the article

  • CVE-2010-1634 Integer Overflow vulnerability in Python

    - by chandan
    CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2010-1634 Integer Overflow vulnerability 5.0 Python Solaris 10 SPARC: 143506-03 X86: 143507-03 Solaris 11 Contact Support This notification describes vulnerabilities fixed in third-party components that are included in Sun's product distribution.Information about vulnerabilities affecting Oracle Sun products can be found on Oracle Critical Patch Updates and Security Alerts page.

    Read the article

  • CVE-2004-1010 Buffer Overflow vulnerability in Zip utility

    - by chandan
    CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2004-1010 Buffer Overflow vulnerability 10.0 Zip Solaris 10 SPARC: 147378-01 X86: 147379-01 Solaris 9 Contact Support This notification describes vulnerabilities fixed in third-party components that are included in Sun's product distribution.Information about vulnerabilities affecting Oracle Sun products can be found on Oracle Critical Patch Updates and Security Alerts page.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

1 2 3 4 5 6 7  | Next Page >