Lucene search
K

59 matches found

Tenable Nessus
Tenable Nessus
added 2015/05/05 12:0 a.m.38 views

Debian DSA-3245-1 : ruby1.8 - security update

It was discovered that the Ruby OpenSSL extension, part of the interpreter for the Ruby language, did not properly implement hostname matching, in violation of RFC 6125. This could allow remote attackers to perform a man-in-the-middle attack via crafted SSL certificates. %NASLMINLEVEL 70300 C...

5.9CVSS7AI score0.02815EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2015/05/02 12:0 a.m.28 views

Debian Security Advisory DSA 3245-1 (ruby1.8 - security update)

It was discovered that the Ruby OpenSSL extension, part of the interpreter for the Ruby language, did not properly implement hostname matching, in violation of RFC 6125. This could allow remote attackers to perform a man-in-the-middle attack via crafted SSL certificates. OpenVAS Vulnerability Tes...

4.7CVSS0.2AI score0.02815EPSS
Exploits0References1
OSV
OSV
added 2015/05/02 12:0 a.m.31 views

DSA-3247-1 ruby2.1 - security update

Bulletin has no description...

5.9CVSS6AI score0.02815EPSS
Exploits0
OSV
OSV
added 2015/05/02 12:0 a.m.36 views

DSA-3246-1 ruby1.9.1 - security update

Bulletin has no description...

5.9CVSS6AI score0.02815EPSS
Exploits0
OSV
OSV
added 2015/05/02 12:0 a.m.52 views

DSA-3245-1 ruby1.8 - security update

Bulletin has no description...

5.9CVSS6AI score0.02815EPSS
Exploits0
NVD
NVD
added 2014/04/24 11:55 p.m.19 views

CVE-2014-2734

The openssl extension in Ruby 2.x does not properly maintain the state of process memory after a file is reopened, which allows remote attackers to spoof signatures within the context of a Ruby script that attempts signature verification after performing a certain sequence of filesystem operation...

5.8CVSS6.7AI score0.05349EPSS
Exploits2References10
Prion
Prion
added 2014/04/24 11:55 p.m.18 views

Design/Logic Flaw

The openssl extension in Ruby 2.x does not properly maintain the state of process memory after a file is reopened, which allows remote attackers to spoof signatures within the context of a Ruby script that attempts signature verification after performing a certain sequence of filesystem operation...

5.8CVSS7.2AI score0.05349EPSS
Exploits2References10Affected Software1
seebug.org
seebug.org
added 2013/12/18 12:0 a.m.113 views

PHP OpenSSL Extension 'openssl_x509_parse()'内存破坏漏洞

BUGTRAQ ID: 64225 CVECAN ID: CVE-2013-6420 PHP 5.3.27之前版本、5.4.22之前版本、5.5.6之前版本解析x.509证书时,"asn1timetotimet"函数ext/openssl/openssl.c出错,攻击者通过特制的x.509证书利用此漏洞可破坏内存。 0 PHP PHP 5.5.x PHP PHP 5.4.x PHP PHP 5.3.x 厂商补丁: PHP --- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.php.net...

7.5CVSS7.5AI score0.35635EPSS
Exploits8
OpenVAS
OpenVAS
added 2012/07/30 12:0 a.m.53 views

CentOS Update for php53 CESA-2011:1423 centos5 x86_64

Check for the Version of php53 OpenVAS Vulnerability Test CentOS Update for php53 CESA-2011:1423 centos5 x8664 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it unde...

7.5CVSS8.2AI score0.22724EPSS
Exploits24References2
OpenVAS
OpenVAS
added 2011/11/03 12:0 a.m.54 views

RedHat Update for php53 and php RHSA-2011:1423-01

Check for the Version of php53 and php OpenVAS Vulnerability Test RedHat Update for php53 and php RHSA-2011:1423-01 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

7.5CVSS0.22724EPSS
Exploits24References2
Tenable Nessus
Tenable Nessus
added 2011/06/17 12:0 a.m.37 views

SuSE 10 Security Update : PHP5 (ZYPP Patch Number 7554)

This update for PHP5 fixes the following security issues : - Input Validation in the ZIP extension and NumberFormatter. CWE-20, CVE-2011-0421 / CVE-2011-1470 / CVE-2011-1467 - Numeric Errors in the SHM support and ZIP extension. CWE-189, CVE-2011-1092 / CVE-2011-1471 - Buffer overflows in the...

7.5CVSS8.5AI score0.22724EPSS
Exploits36References20
Tenable Nessus
Tenable Nessus
added 2011/03/24 12:0 a.m.47 views

Mandriva Linux Security Advisory : php (MDVSA-2011:053)

Multiple vulnerabilities has been identified and fixed in php : The zipnamelocate function in zipnamelocate.c in the Zip extension in PHP before 5.3.6 does not properly handle a ZIPARCHIVE::FLUNCHANGED argument, which might allow context-dependent attackers to cause a denial of service applicatio...

7.5CVSS8.7AI score0.18878EPSS
Exploits30References11
CVE
CVE
added 2011/03/20 1:0 a.m.144 views

CVE-2011-1468

CVE-2011-1468 : In the PHP OpenSSL extension, memory leaks in PHP versions before 5.3.6 can be exploited by sending plaintext to openssl_encrypt or ciphertext to openssl_decrypt, causing denial of service via memory exhaustion. Affected: PHP with the OpenSSL extension prior to 5.3.6. Remediation:...

4.3CVSS8.5AI score0.13205EPSS
Exploits2References9Affected Software1
UbuntuCve
UbuntuCve
added 2011/03/19 12:0 a.m.30 views

CVE-2011-1468

Multiple memory leaks in the OpenSSL extension in PHP before 5.3.6 might allow remote attackers to cause a denial of service memory consumption via 1 plaintext data to the opensslencrypt function or 2 ciphertext data to the openssldecrypt function...

4.3CVSS5.9AI score0.13205EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2011/03/18 12:0 a.m.88 views

PHP 5.3 < 5.3.6 Multiple Vulnerabilities

According to its banner, the version of PHP 5.3.x installed on the remote host is older than 5.3.6. - A NULL pointer can be dereferenced in the function 'zipnamelocate' when processing empty archives and can lead to application crashes or code execution. Exploitation requires the...

7.5CVSS8.9AI score0.17881EPSS
Exploits25References23
exploitpack
exploitpack
added 2011/03/08 12:0 a.m.15 views

PHP 5.3.6 OpenSSL Extension - openssl_decrypt Ciphertext Data Memory Leak Denial of Service

PHP 5.3.6 OpenSSL Extension - openssldecrypt Ciphertext Data Memory Leak Denial of Service source: https://www.securityfocus.com/bid/46977/info PHP is prone to multiple remote denial-of-service vulnerabilities that affect the 'OpenSSL' extension. Successful attacks will cause the application to...

0.4AI score
Exploits0
Exploit DB
Exploit DB
added 2011/03/08 12:0 a.m.52 views

PHP &lt; 5.3.6 &#039;OpenSSL&#039; Extension - &#039;openssl_encrypt&#039; Plaintext Data Memory Leak Denial of Service

source: https://www.securityfocus.com/bid/46977/info PHP is prone to multiple remote denial-of-service vulnerabilities that affect the 'OpenSSL' extension. Successful attacks will cause the application to consume excessive memory, creating a denial-of-service condition. Versions prior to PHP 5.3....

7.4AI score
Exploits0
RedHat Linux
RedHat Linux
added 2010/01/13 6:5 p.m.5 views

php: openssl extension: Incorrect verification of SSL certificate with NUL in name

The phpopensslapplyverificationpolicy function in PHP before 5.2.11 does not properly perform certificate validation, which has unknown impact and attack vectors, probably related to an ability to spoof certificates...

7.5CVSS5.8AI score0.0291EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2008/12/22 12:0 a.m.18 views

GLSA-200812-20 : phpCollab: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200812-20 phpCollab: Multiple vulnerabilities Multiple vulnerabilities have been found in phpCollab: rgod reported that data sent to general/sendpassword.php via the loginForm parameter is not properly sanitized before being used ...

10CVSS6.4AI score0.06164EPSS
Exploits1References5
Rows per page
Query Builder