Authentication flaw

Eduserv OpenAthens SP 2.0 for Java allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack."...

Authentication flaw

Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418...

CVE-2012-5352

Java Open Single Sign-On Project Home JOSSO allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack."...

CVE-2012-5353

CVE-2012-5353 affects Eduserv OpenAthens SP 2.0 for Java. The vulnerability arises when a SAML assertion lacks a Signature element, enabling remote attackers to forge messages and bypass authentication (a “Signature exclusion attack”). The issue is documented across multiple sources (NVD entry an...

CVE-2012-5351

Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418...

CVE-2012-5351

CVE-2012-5351 affects Apache Axis2 and allows remote attackers to bypass authentication by forging a SAML assertion that lacks a Signature element (Signature exclusion attack). This is the same family as CVE-2012-4418 and enables message forgery without proper XML-signature verification. IBM-rela...

CVE-2012-5353

Eduserv OpenAthens SP 2.0 for Java allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack."...

CVE-2012-3989

Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly perform a cast of an unspecified variable during use of the instanceof operator on a JavaScript object, which allows remote attackers to execute arbitrary code or cause a denial of service assertion...

CVE-2012-5238

epan/dissectors/packet-ppp.c in the PPP dissector in Wireshark 1.8.x before 1.8.3 uses incorrect OUI data structures during the decoding of 1 PPP and 2 LCP data, which allows remote attackers to cause a denial of service assertion failure and application exit via a malformed packet...

CVE-2012-5238

epan/dissectors/packet-ppp.c in the PPP dissector in Wireshark 1.8.x before 1.8.3 uses incorrect OUI data structures during the decoding of 1 PPP and 2 LCP data, which allows remote attackers to cause a denial of service assertion failure and application exit via a malformed packet...

GLSA-201209-04 : BIND: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201209-04 BIND: Multiple vulnerabilities Multiple vulnerabilities have been discovered in BIND: Domain names are not properly revoked due to an error in the cache update policy CVE-2012-1033. BIND accepts records with zero-length...

Important: bind

Issue Overview: A flaw was found in the way BIND handled resource records with a large RDATA value. A malicious owner of a DNS domain could use this flaw to create specially-crafted DNS resource records, that would cause a recursive resolver or secondary server to exit unexpectedly with an...

SuSE 10 Security Update : bind (ZYPP Patch Number 8298)

The bind nameserver was updated to version 9.6-ESV-R7-P3 to fix a single security problem, where loading a zone file could have caused an assertion abort of the named service. CVE-2012-4244 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...

CentOS Update for quagga CESA-2012:1259 centos6

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

CentOS Update for quagga CESA-2012:1259 centos6

Check for the Version of quagga OpenVAS Vulnerability Test CentOS Update for quagga CESA-2012:1259 centos6 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under th...

ISC BIND Assertion Error Resource Record RDATA Query Parsing Remote DoS

According to its self-reported version number, the remote installation of BIND will exit with an assertion failure if a resource record with RDATA in excess of 65535 bytes is loaded and then subsequently queried. Note that Nessus has only relied on the version itself and has not attempted to...

CVE-2012-4922

The tortimegm function in common/util.c in Tor before 0.2.2.39, and 0.2.3.x before 0.2.3.22-rc, does not properly validate time values, which allows remote attackers to cause a denial of service assertion failure and daemon exit via a malformed directory object, a different vulnerability than...

DEBIAN-CVE-2012-4419

The comparetoraddrtoaddrpolicy function in or/policies.c in Tor before 0.2.2.39, and 0.2.3.x before 0.2.3.21-rc, allows remote attackers to cause a denial of service assertion failure and daemon exit via a zero-valued port field that is not properly handled during policy comparison...

CVE-2012-4419

The comparetoraddrtoaddrpolicy function in or/policies.c in Tor before 0.2.2.39, and 0.2.3.x before 0.2.3.21-rc, allows remote attackers to cause a denial of service assertion failure and daemon exit via a zero-valued port field that is not properly handled during policy comparison...

CVE-2012-4419

The comparetoraddrtoaddrpolicy function in or/policies.c in Tor before 0.2.2.39, and 0.2.3.x before 0.2.3.21-rc, allows remote attackers to cause a denial of service assertion failure and daemon exit via a zero-valued port field that is not properly handled during policy comparison...