cpe:/o:microsoft:windows_2000::sp2:professional cpe:/o:linux:linux_kernel:2.4.4 cpe:/o:microsoft:windows_2000_terminal_services::sp1 cpe:/o:microsoft:windows_2000::sp1:advanced_server cpe:/o:linux:linux_kernel:2.4.19 cpe:/o:microsoft:windows_2000::sp2:advanced_server cpe:/o:microsoft:windows_2000_terminal_services cpe:/o:microsoft:windows_2000:::advanced_server cpe:/o:linux:linux_kernel:2.4.20 cpe:/o:netbsd:netbsd:1.5.1 cpe:/o:microsoft:windows_2000_terminal_services::sp2 cpe:/o:netbsd:netbsd:1.5.3 cpe:/o:netbsd:netbsd:1.5.2 cpe:/o:linux:linux_kernel:2.4.6 cpe:/o:linux:linux_kernel:2.4.9 cpe:/o:microsoft:windows_2000:::datacenter_server cpe:/o:netbsd:netbsd:1.6 cpe:/o:netbsd:netbsd:1.5 cpe:/o:linux:linux_kernel:2.4.7 cpe:/o:linux:linux_kernel:2.4.8 cpe:/o:microsoft:windows_2000::sp1:datacenter_server cpe:/o:microsoft:windows_2000::sp2:datacenter_server cpe:/o:freebsd:freebsd:4.3 cpe:/o:linux:linux_kernel:2.4.10 cpe:/o:microsoft:windows_2000::sp1:server cpe:/o:freebsd:freebsd:4.5 cpe:/o:linux:linux_kernel:2.4.12 cpe:/o:freebsd:freebsd:4.2 cpe:/o:freebsd:freebsd:4.7 cpe:/o:freebsd:freebsd:4.4 cpe:/o:freebsd:freebsd:4.6 cpe:/o:microsoft:windows_2000::sp2:server cpe:/o:linux:linux_kernel:2.4.18 cpe:/o:linux:linux_kernel:2.4.1 cpe:/o:linux:linux_kernel:2.4.15 cpe:/o:microsoft:windows_2000:::server cpe:/o:linux:linux_kernel:2.4.17 cpe:/o:linux:linux_kernel:2.4.14 cpe:/o:linux:linux_kernel:2.4.2 cpe:/o:microsoft:windows_2000:::professional cpe:/o:linux:linux_kernel:2.4.11 cpe:/o:linux:linux_kernel:2.4.5 cpe:/o:linux:linux_kernel:2.4.16 cpe:/o:microsoft:windows_2000::sp1:professional cpe:/o:linux:linux_kernel:2.4.13 cpe:/o:linux:linux_kernel:2.4.3 CVE-2003-0001 2003-01-17T00:00:00.000-05:00 2015-11-24T13:05:47.073-05:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2015-11-24T12:23:33.593-05:00 CERT-VN VU#412115 BUGTRAQ 20150402 NEW : VMSA-2015-0003 VMware product updates address critical information disclosure issue in JRE BUGTRAQ 20030117 Re: More information regarding Etherleak BUGTRAQ 20030106 Etherleak: Ethernet frame padding information leakage (A010603-1) REDHAT RHSA-2003:088 REDHAT RHSA-2003:025 OSVDB 9962 CONFIRM http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html MISC http://www.atstake.com/research/advisories/2003/atstake_etherleak_report.pdf ATSTAKE A010603-1 FULLDISC 20150402 NEW : VMSA-2015-0003 VMware product updates address critical information disclosure issue in JRE MISC http://packetstormsecurity.com/files/131271/VMware-Security-Advisory-2015-0003.html BUGTRAQ 20030110 More information regarding Etherleak VULNWATCH 20030110 More information regarding Etherleak Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets, as demonstrated by Etherleak. cpe:/a:tcp:tcp CVE-2004-0230 2004-08-18T00:00:00.000-04:00 2015-11-24T13:06:40.597-05:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2015-11-24T12:17:30.930-05:00 CERT TA04-111A CERT-VN VU#415294 CONFIRM https://kc.mcafee.com/corporate/index?page=content&id=SB10053 XF tcp-rst-dos(15886) VUPEN ADV-2006-3983 MISC http://www.uniras.gov.uk/vuls/2004/236929/index.htm BID 10183 BUGTRAQ 20150402 NEW : VMSA-2015-0003 VMware product updates address critical information disclosure issue in JRE HP SSRT061264 OSVDB 4030 CONFIRM http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html MS MS06-064 MS MS05-019 CISCO 20040420 TCP Vulnerabilities in Multiple IOS-Based Cisco Products FULLDISC 20150402 NEW : VMSA-2015-0003 VMware product updates address critical information disclosure issue in JRE MISC http://packetstormsecurity.com/files/131271/VMware-Security-Advisory-2015-0003.html HP SSRT4696 BUGTRAQ 20040425 Perl code exploting TCP not checking RST ACK. CONFIRM http://kb.juniper.net/JSA10638 SGI 20040403-01-A SCO SCOSA-2005.14 SCO SCOSA-2005.9 SCO SCOSA-2005.3 NETBSD NetBSD-SA2004-006 TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP. cpe:/a:vastal:phpvid:1.1 cpe:/a:vastal:phpvid:1.2 CVE-2008-2335 2008-05-19T09:20:00.000-04:00 2015-11-24T11:45:25.057-05:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2015-11-24T10:50:05.737-05:00 XF phpvid-query-xss(42450) VUPEN ADV-2008-2552 BID 29238 MILW0RM 6422 EXPLOIT-DB 27519 MISC http://tetraph.com/security/xss-vulnerability/vastal-i-tech-phpvid-1-2-3-multiple-xss-cross-site-scripting-security-vulnerabilities/ FULLDISC 20150310 Vastal I-tech phpVID 1.2.3 Multiple XSS (Cross-site Scripting) Security Vulnerabilities MISC http://packetstormsecurity.com/files/130755/Vastal-I-tech-phpVID-1.2.3-Cross-Site-Scripting.html MISC http://packetstormsecurity.com/files/122746/PHP-VID-XSS-SQL-Injection-CRLF-Injection.html OSVDB 45171 MISC http://holisticinfosec.org/content/view/65/45/ Cross-site scripting (XSS) vulnerability in search_results.php in Vastal I-Tech phpVID 1.1 and 1.2 allows remote attackers to inject arbitrary web script or HTML via the query parameter. NOTE: some of these details are obtained from third party information. NOTE: it was later reported that 1.2.3 is also affected. cpe:/a:redhat:enterprise_virtualization:3.5 cpe:/a:jasper_project:jasper:1.900.1 CVE-2008-3522 2008-10-02T14:18:05.790-04:00 2015-11-24T11:46:04.933-05:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2015-11-24T10:05:46.467-05:00 ALLOWS_ADMIN_ACCESS XF jasper-jasstreamprintf-bo(45623) UBUNTU USN-742-1 BID 31470 MANDRIVA MDVSA-2009:164 MANDRIVA MDVSA-2009:144 MANDRIVA MDVSA-2009:142 GENTOO GLSA-200812-18 REDHAT RHSA-2015:0698 MISC http://bugs.gentoo.org/show_bug.cgi?id=222819 MISC http://bugs.gentoo.org/attachment.cgi?id=163282&action=view Buffer overflow in the jas_stream_printf function in libjasper/base/jas_stream.c in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via vectors related to the mif_hdr_put function and use of vsprintf. cpe:/o:canonical:ubuntu_linux:10.04::~~lts~~~ cpe:/o:canonical:ubuntu_linux:8.04:-:lts cpe:/o:canonical:ubuntu_linux:10.10 cpe:/a:sun:openoffice.org:2.1.0 cpe:/a:sun:openoffice.org:2.3.0 cpe:/a:sun:openoffice.org:2.2.1 CVE-2009-3301 2010-02-16T14:30:00.533-05:00 2015-11-17T10:59:44.723-05:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2015-11-17T10:02:50.097-05:00 CERT TA10-287A CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=533038 XF openoffice-word-sprmtdeftable-bo(56240) VUPEN ADV-2010-2905 VUPEN ADV-2010-0635 VUPEN ADV-2010-0366 UBUNTU USN-903-1 BID 38218 REDHAT RHSA-2010:0101 CONFIRM http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html CONFIRM http://www.openoffice.org/security/cves/CVE-2009-3301-3302.html CONFIRM http://www.openoffice.org/security/bulletin.html MANDRIVA MDVSA-2010:221 GENTOO GLSA-201408-19 DEBIAN DSA-1995 SECTRACK 1023591 SUSE SUSE-SA:2010:017 Integer underflow in filter/ww8/ww8par2.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted sprmTDefTable table property modifier in a Word document. CVE-2015-8330 2015-11-24T15:59:25.897-05:00 2015-11-24T15:59:26.930-05:00 MISC https://www.onapsis.com/blog/analyzing-sap-security-notes-november-2015 MISC http://erpscan.com/advisories/erpscan-15-032-sap-pco-agent-dos-vulnerability/ The PCo agent in SAP Plant Connectivity (PCo) allows remote attackers to cause a denial of service (memory corruption and agent crash) via crafted xMII requests, aka SAP Security Note 2238619. cpe:/o:debian:debian_linux:8.0 cpe:/a:littlecms:little_cms_color_engine cpe:/o:novell:leap:42.1 CVE-2016-10165 2017-02-03T14:59:00.177-05:00 2017-02-09T10:05:10.670-05:00 5.8 NETWORK MEDIUM NONE PARTIAL NONE PARTIAL http://nvd.nist.gov 2017-02-08T12:23:39.653-05:00 SUSE openSUSE-SU-2017:0336 DEBIAN DSA-3774 MLIST [oss-security] 20170125 Re: CVE MLIST:[oss-security] 20170123 CVE request: lcms2 heap OOB read parsing crafted ICC profile MLIST [oss-security] 20170125 Re: CVE request: lcms2 heap OOB read parsing crafted ICC profile BID 95808 CONFIRM https://github.com/mm2/Little-CMS/commit/5ca71a7bc18b6897ab21d815d15e218e204581e2 The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read.