Spring Security Security Constraint Bypass

CVE-2010-3700 - Spring Security - Bypassing of security constraints Severity: Important Vendor: SpringSource, a division of VMware Versions affected: Spring Security 3.0.0 to 3.0.3 Spring Security 2.0.0 t0 2.0.5 Acegi Security 1.0.0 to 1.0.7 Description: Spring Security does not consider URL path...

Mandriva Update for cyrus-imapd MDVA-2010:208 (cyrus-imapd)

Check for the Version of cyrus-imapd OpenVAS Vulnerability Test Mandriva Update for cyrus-imapd MDVA-2010:208 cyrus-imapd Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or...

MDVA-2009:087 : mandriva-kde4-config

This update introduces the kde4 artwork for the upcoming Mandriva 2009 Spring Flash version. %NASLMINLEVEL 70300 @DEPRECATED@ This script has been deprecated as the associated patch is not currently a security fix. Disabled on 2012/09/06. C Tenable Network Security, Inc. This script was...

MDVA-2009:119-1 : yelp

The Yelp help browser shipped with Mandriva 2009 Spring was built without support for LZMA compression. As this is needed to view the compressed manual and GNU Info pages, LZMA support was enabled in this update. Update: On the previous yelp update we added a require on liblzmadec0 for i586 and...

CVE-2010-1622

SpringSource Spring Framework 2.5.x before 2.5.6.SEC02, 2.5.7 before 2.5.7.SR01, and 3.0.x before 3.0.3 allows remote attackers to execute arbitrary code via an HTTP request containing class.classLoader.URLs0=jar: followed by a URL of a crafted .jar file...

CVE-2010-1622

CVE-2010-1622 affects Spring Framework 2.5.x up to 2.5.6.SEC02 and 2.5.7 up to 2.5.7.SR01, and 3.0.x up to 3.0.3. The issue arises from binding request data to Java beans, which allows an attacker to overwrite nested properties of the ClassLoader (notably via class.classLoader.URLs[0]), enabling ...

PT-2010-1181 · Spring · Spring Framework

Name of the Vulnerable Software and Affected Versions: Spring Framework versions 2.5.x through 2.5.5, 2.5.7 before 2.5.7.SR01, and 3.0.x through 3.0.2 Description: The issue is related to incorrect code generation management in the Spring Framework, allowing remote attackers to execute arbitrary...

CVE-2010-1622: Spring Framework execution of arbitrary code

CVE-2010-1622: Spring Framework execution of arbitrary code Severity: Critical Vendor: SpringSource, a division of VMware Versions Affected: 3.0.0 to 3.0.2 2.5.0 to 2.5.6.SEC01 community releases 2.5.0 to 2.5.7 subscription customers Earlier versions may also be affected Description: The Spring...

Spring Framework - Arbitrary code Execution

Spring Framework - Arbitrary code Execution CVE-2010-1622: Spring Framework execution of arbitrary code Severity: Critical Vendor: SpringSource, a division of VMware Versions Affected: 3.0.0 to 3.0.2 2.5.0 to 2.5.6.SEC01 community releases 2.5.0 to 2.5.7 subscription customers Earlier versions ma...

Spring Framework - Arbitrary code Execution

CVE-2010-1622: Spring Framework execution of arbitrary code Severity: Critical Vendor: SpringSource, a division of VMware Versions Affected: 3.0.0 to 3.0.2 2.5.0 to 2.5.6.SEC01 community releases 2.5.0 to 2.5.7 subscription customers Earlier versions may also be affected Description: The Spring...

Mandriva Update for kdelibs4 MDVA-2010:024 (kdelibs4)

Check for the Version of kdelibs4 OpenVAS Vulnerability Test Mandriva Update for kdelibs4 MDVA-2010:024 kdelibs4 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

Design/Logic Flaw

Algorithmic complexity vulnerability in the java.util.regex.Pattern.compile method in Sun Java Development Kit JDK before 1.6, when used with spring.jar in SpringSource Spring Framework 1.1.0 through 2.5.6 and 3.0.0.M1 through 3.0.0.M2 and dm Server 1.0.0 through 1.0.2, allows remote attackers to...

CVE-2009-1190

Algorithmic complexity vulnerability in the java.util.regex.Pattern.compile method in Sun Java Development Kit JDK before 1.6, when used with spring.jar in SpringSource Spring Framework 1.1.0 through 2.5.6 and 3.0.0.M1 through 3.0.0.M2 and dm Server 1.0.0 through 1.0.2, allows remote attackers to...

CVE-2009-1190

Algorithmic complexity vulnerability in the java.util.regex.Pattern.compile method in Sun Java Development Kit JDK before 1.6, when used with spring.jar in SpringSource Spring Framework 1.1.0 through 2.5.6 and 3.0.0.M1 through 3.0.0.M2 and dm Server 1.0.0 through 1.0.2, allows remote attackers to...

MDVA-2008:099 : swi-prolog

The package included with Mandriva Linux 2008 Spring for swi-prolog could not be installed due to an incorrect dependency. This updated package removes the incorrect dependency and can be installed as normal. %NASLMINLEVEL 70300 @DEPRECATED@ This script has been deprecated as the associated patch...

MDVA-2008:070 : dkms

The dkms-minimal package in Mandriva Linux 2008 Spring did not require lsb-release. If lsb-release was not installed, the dkms modules were installed in the standard location, instead of the intended /dkms or /dkms-binary. This update fixes that issue. Due to another bug, dkms would consider olde...

MDVA-2009:019 : glibc

The glibc packages released with Mandriva Linux 2008 and Mandriva Linux 2008 Spring had the /etc/ld.so.conf file using relative paths to include other config files at /etc/ld.so.conf.d, breaking usage of ldconfig -r, for example when you have chroot environments. This update fixes ld.so.conf to u...

MDVA-2008:110 : pulseaudio

The pulseaudio package shipped with Mandriva 2008 Spring does not remember a default device setting across sessions. If a user were to use pavucontrol to select an alternate default device, it will only work for that session. Logging out then back in again will revert back to the system default. ...

MDVA-2008:013 : skencil

The package for the drawing application Skencil contained a bug which causes it not to be able to access the system fonts correctly. Consequently, it was impossible to enter text properly in Skencil, and Skencil would consume a high level of system resources if you attempt to use the text tools...

Mandriva Update for bash-completion MDVA-2008:125 (bash-completion)

Check for the Version of bash-completion OpenVAS Vulnerability Test Mandriva Update for bash-completion MDVA-2008:125 bash-completion Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute i...