59 matches found
Debian DSA-3245-1 : ruby1.8 - security update
It was discovered that the Ruby OpenSSL extension, part of the interpreter for the Ruby language, did not properly implement hostname matching, in violation of RFC 6125. This could allow remote attackers to perform a man-in-the-middle attack via crafted SSL certificates. %NASLMINLEVEL 70300 C...
Debian Security Advisory DSA 3245-1 (ruby1.8 - security update)
It was discovered that the Ruby OpenSSL extension, part of the interpreter for the Ruby language, did not properly implement hostname matching, in violation of RFC 6125. This could allow remote attackers to perform a man-in-the-middle attack via crafted SSL certificates. OpenVAS Vulnerability Tes...
DSA-3247-1 ruby2.1 - security update
Bulletin has no description...
DSA-3246-1 ruby1.9.1 - security update
Bulletin has no description...
DSA-3245-1 ruby1.8 - security update
Bulletin has no description...
CVE-2014-2734
The openssl extension in Ruby 2.x does not properly maintain the state of process memory after a file is reopened, which allows remote attackers to spoof signatures within the context of a Ruby script that attempts signature verification after performing a certain sequence of filesystem operation...
Design/Logic Flaw
The openssl extension in Ruby 2.x does not properly maintain the state of process memory after a file is reopened, which allows remote attackers to spoof signatures within the context of a Ruby script that attempts signature verification after performing a certain sequence of filesystem operation...
PHP OpenSSL Extension 'openssl_x509_parse()'内存破坏漏洞
BUGTRAQ ID: 64225 CVECAN ID: CVE-2013-6420 PHP 5.3.27之前版本、5.4.22之前版本、5.5.6之前版本解析x.509证书时,"asn1timetotimet"函数ext/openssl/openssl.c出错,攻击者通过特制的x.509证书利用此漏洞可破坏内存。 0 PHP PHP 5.5.x PHP PHP 5.4.x PHP PHP 5.3.x 厂商补丁: PHP --- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.php.net...
CentOS Update for php53 CESA-2011:1423 centos5 x86_64
Check for the Version of php53 OpenVAS Vulnerability Test CentOS Update for php53 CESA-2011:1423 centos5 x8664 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it unde...
RedHat Update for php53 and php RHSA-2011:1423-01
Check for the Version of php53 and php OpenVAS Vulnerability Test RedHat Update for php53 and php RHSA-2011:1423-01 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...
SuSE 10 Security Update : PHP5 (ZYPP Patch Number 7554)
This update for PHP5 fixes the following security issues : - Input Validation in the ZIP extension and NumberFormatter. CWE-20, CVE-2011-0421 / CVE-2011-1470 / CVE-2011-1467 - Numeric Errors in the SHM support and ZIP extension. CWE-189, CVE-2011-1092 / CVE-2011-1471 - Buffer overflows in the...
Mandriva Linux Security Advisory : php (MDVSA-2011:053)
Multiple vulnerabilities has been identified and fixed in php : The zipnamelocate function in zipnamelocate.c in the Zip extension in PHP before 5.3.6 does not properly handle a ZIPARCHIVE::FLUNCHANGED argument, which might allow context-dependent attackers to cause a denial of service applicatio...
CVE-2011-1468
CVE-2011-1468 : In the PHP OpenSSL extension, memory leaks in PHP versions before 5.3.6 can be exploited by sending plaintext to openssl_encrypt or ciphertext to openssl_decrypt, causing denial of service via memory exhaustion. Affected: PHP with the OpenSSL extension prior to 5.3.6. Remediation:...
CVE-2011-1468
Multiple memory leaks in the OpenSSL extension in PHP before 5.3.6 might allow remote attackers to cause a denial of service memory consumption via 1 plaintext data to the opensslencrypt function or 2 ciphertext data to the openssldecrypt function...
PHP 5.3 < 5.3.6 Multiple Vulnerabilities
According to its banner, the version of PHP 5.3.x installed on the remote host is older than 5.3.6. - A NULL pointer can be dereferenced in the function 'zipnamelocate' when processing empty archives and can lead to application crashes or code execution. Exploitation requires the...
PHP 5.3.6 OpenSSL Extension - openssl_decrypt Ciphertext Data Memory Leak Denial of Service
PHP 5.3.6 OpenSSL Extension - openssldecrypt Ciphertext Data Memory Leak Denial of Service source: https://www.securityfocus.com/bid/46977/info PHP is prone to multiple remote denial-of-service vulnerabilities that affect the 'OpenSSL' extension. Successful attacks will cause the application to...
PHP < 5.3.6 'OpenSSL' Extension - 'openssl_encrypt' Plaintext Data Memory Leak Denial of Service
source: https://www.securityfocus.com/bid/46977/info PHP is prone to multiple remote denial-of-service vulnerabilities that affect the 'OpenSSL' extension. Successful attacks will cause the application to consume excessive memory, creating a denial-of-service condition. Versions prior to PHP 5.3....
php: openssl extension: Incorrect verification of SSL certificate with NUL in name
The phpopensslapplyverificationpolicy function in PHP before 5.2.11 does not properly perform certificate validation, which has unknown impact and attack vectors, probably related to an ability to spoof certificates...
GLSA-200812-20 : phpCollab: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200812-20 phpCollab: Multiple vulnerabilities Multiple vulnerabilities have been found in phpCollab: rgod reported that data sent to general/sendpassword.php via the loginForm parameter is not properly sanitized before being used ...